Traefik Reverse Proxy


#1

Does anyone have Seafile working with the Traefik reverse proxy? A bit of searching doesn’t turn anything up. If so, I’d really appreciate seeing a sample of how to get the /seafhttp directory proxied properly.


#2

I figured it out. The PathPrefixStrip rule is pretty nifty. For anyone else interested in using Traefik, this is how I configured the Traefik labels on the Seafile docker container:

labels:
      - traefik.docker.network=traefik
      - traefik.enable=true
      - traefik.seafgui.frontend.rule=Host:example.com
      - traefik.seafgui.port=8000
      - traefik.seafdav.frontend.rule=Host:example.com;PathPrefixStrip:/seafdav
      - traefik.seafdav.port=8080
      - traefik.seafhttp.frontend.rule=Host:example.com;PathPrefixStrip:/seafhttp
      - traefik.seafhttp.port=8082

#3

If you’re using the official container, nginx is included an so you only have to proxy nginx, not all directories.


#4

Please submit your findings to the manual.


#5

Submitted in https://github.com/haiwen/seafile-docs/pull/480

The meat of it is:

Here we deploy Seahub and FileServer with the Traefik reverse proxy. We assume you are running Seahub using domain seafile.example.com.

Configuring Traefik with a Configuration File

Traefik can be configured in the main traefik.toml file, and / or in files specified therein. Here is an example of configuring Traefik’s configuration file for a locally installed instance of Seafile:

[backends]
  [backends.seafapp]
    [backends.seafapp.servers.primary]
      url = "http://127.0.0.1:8000"
      weight = 1
  [backends.seafdav]
    [backends.seafdav.servers.primary]
      url = "http://127.0.0.1:8080"
      weight = 1
  [backends.seafile]
    [backends.seafhttp.servers.primary]
      url = "http://127.0.0.1:8082"
      weight = 1

[frontends]
   [frontends.seafapp]
     backend = "seafapp"
     [frontends.seafapp.routes]
       [frontends.seafapp.routes.primary]
         rule = "Host:seafile.example.com"
   [frontends.seafdav]
     backend = "seafdav"
     [frontends.seafdav.routes]
       [frontends.seafdav.routes.primary]
         rule = "Host:seafile.example.com;PathPrefixStrip:/seafdav"
   [frontends.seafhttp]
     backend = "seafhttp"
     [frontends.seafhttp.routes]
       [frontends.seafhttp.routes.primary]
         rule = "Host:seafile.example.com;PathPrefixStrip:/seafhttp"

Note that this is valid for a locally installed instance of Traefik, or a Traefik container running with NET=HOST. If Traefik is running in a container without these privelages, host.docker.internal or an address bound to the host’s loopback interface should be substituted for 127.0.0.1.

Proxying the Official Docker Image

The official Docker image for Seafile has a built-in Nginx server that proxies the /seafhttp and /seafdav paths to their respective ports. Thus the official Docker image can be proxied simply by making Traefik aware through labels:

services:
  seafile:
    labels:
      - traefik.docker.network=traefik
      - traefik.enable=true
      - traefik.frontend.rule=Host:seafile.example.com
      - traefik.port=80
    networks:
      - traefik

Proxying Unofficial Docker Images

In Docker images that do not include their own proxy, Traefik can handle proxying the /seafhttp and /seafdav paths to the right ports through segment labels:

services:
  seafile:
    labels:
      - traefik.docker.network=traefik
      - traefik.enable=true
      - traefik.seafapp.backend=Seafile Web App
      - traefik.seafapp.frontend.rule=Host:seafile.example.com
      - traefik.seafdav.port=8000
      - traefik.seafdav.backend=Seafile WebDAV Server
      - traefik.seafdav.frontend.rule=Host:seafile.example.com;PathPrefixStrip:/seafdav
      - traefik.seafdav.port=8080
      - traefik.seafhttp.backend=Seafile File Server
      - traefik.seafhttp.frontend.rule=Host:seafile.example.com;PathPrefixStrip:/seafhttp
      - traefik.seafhttp.port=8082
    networks:
      - traefik

#6

Hi,

thanks for the docs. Unfortunately I am just starting out with Docker. Could you please provide a more complete example including a docker-compse.yml as well?

My reason to look for running seafile with docker and traefik is that I want to run two instances of seafile on one host, next to other microservices. All should be accessible on Port 443, have a let’s encrypt SSL cert and routing should take place based on host-names

That would be great! I cannot (yet) get my head around all this…


#7

got it!

For anyone interested, I outlined a full config at


#8

Have you tested the proxying settings you mentioned for the official docker image?
I am facing the problem that uploads fail when using traefik as a reverse proxy in front of seafiles nginx. Unfortunately I can’t seem to find any useful logs for this problem. If I strap away the reverse proxy and use seafile directly it works flawlessly. Any ideas?


#9

OK, I figured it out. Was missing the s in https in the FILE_SERVER_ROOT option.


#10

Isn’t so that for Container you just have to proxy port 443 (optionally 8080) and make a redirection from port 80?