Traefik Reverse Proxy


#1

Does anyone have Seafile working with the Traefik reverse proxy? A bit of searching doesn’t turn anything up. If so, I’d really appreciate seeing a sample of how to get the /seafhttp directory proxied properly.


#2

I figured it out. The PathPrefixStrip rule is pretty nifty. For anyone else interested in using Traefik, this is how I configured the Traefik labels on the Seafile docker container:

labels:
      - traefik.docker.network=traefik
      - traefik.enable=true
      - traefik.seafgui.frontend.rule=Host:example.com
      - traefik.seafgui.port=8000
      - traefik.seafdav.frontend.rule=Host:example.com;PathPrefixStrip:/seafdav
      - traefik.seafdav.port=8080
      - traefik.seafhttp.frontend.rule=Host:example.com;PathPrefixStrip:/seafhttp
      - traefik.seafhttp.port=8082

#3

If you’re using the official container, nginx is included an so you only have to proxy nginx, not all directories.


#4

Please submit your findings to the manual.


#5

Submitted in https://github.com/haiwen/seafile-docs/pull/480

The meat of it is:

Here we deploy Seahub and FileServer with the Traefik reverse proxy. We assume you are running Seahub using domain seafile.example.com.

Configuring Traefik with a Configuration File

Traefik can be configured in the main traefik.toml file, and / or in files specified therein. Here is an example of configuring Traefik’s configuration file for a locally installed instance of Seafile:

[backends]
  [backends.seafapp]
    [backends.seafapp.servers.primary]
      url = "http://127.0.0.1:8000"
      weight = 1
  [backends.seafdav]
    [backends.seafdav.servers.primary]
      url = "http://127.0.0.1:8080"
      weight = 1
  [backends.seafile]
    [backends.seafhttp.servers.primary]
      url = "http://127.0.0.1:8082"
      weight = 1

[frontends]
   [frontends.seafapp]
     backend = "seafapp"
     [frontends.seafapp.routes]
       [frontends.seafapp.routes.primary]
         rule = "Host:seafile.example.com"
   [frontends.seafdav]
     backend = "seafdav"
     [frontends.seafdav.routes]
       [frontends.seafdav.routes.primary]
         rule = "Host:seafile.example.com;PathPrefixStrip:/seafdav"
   [frontends.seafhttp]
     backend = "seafhttp"
     [frontends.seafhttp.routes]
       [frontends.seafhttp.routes.primary]
         rule = "Host:seafile.example.com;PathPrefixStrip:/seafhttp"

Note that this is valid for a locally installed instance of Traefik, or a Traefik container running with NET=HOST. If Traefik is running in a container without these privelages, host.docker.internal or an address bound to the host’s loopback interface should be substituted for 127.0.0.1.

Proxying the Official Docker Image

The official Docker image for Seafile has a built-in Nginx server that proxies the /seafhttp and /seafdav paths to their respective ports. Thus the official Docker image can be proxied simply by making Traefik aware through labels:

services:
  seafile:
    labels:
      - traefik.docker.network=traefik
      - traefik.enable=true
      - traefik.frontend.rule=Host:seafile.example.com
      - traefik.port=80
    networks:
      - traefik

Proxying Unofficial Docker Images

In Docker images that do not include their own proxy, Traefik can handle proxying the /seafhttp and /seafdav paths to the right ports through segment labels:

services:
  seafile:
    labels:
      - traefik.docker.network=traefik
      - traefik.enable=true
      - traefik.seafapp.backend=Seafile Web App
      - traefik.seafapp.frontend.rule=Host:seafile.example.com
      - traefik.seafdav.port=8000
      - traefik.seafdav.backend=Seafile WebDAV Server
      - traefik.seafdav.frontend.rule=Host:seafile.example.com;PathPrefixStrip:/seafdav
      - traefik.seafdav.port=8080
      - traefik.seafhttp.backend=Seafile File Server
      - traefik.seafhttp.frontend.rule=Host:seafile.example.com;PathPrefixStrip:/seafhttp
      - traefik.seafhttp.port=8082
    networks:
      - traefik