[英]docker: seafile behind jwilder/nginx-proxy
I just successfully dockerized my seafile installation and now want to put that behind a reverse proxy because I would like to host multiple services.我刚刚成功地对我的 seafile 安装进行了 dockerized,现在想把它放在反向代理后面,因为我想托管多个服务。 However, I'm getting "Bad Gateway" from nginx and can't figure out what the problem might be.
但是,我从 nginx 收到“Bad Gateway”,无法弄清楚可能是什么问题。
This is the working seafile docker-compose.yml (without reverse proxy):这是工作 seafile docker-compose.yml(没有反向代理):
version: '2.0'
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=password
- MYSQL_LOG_CONSOLE=true
volumes:
- /home/docker-seafile/seafile-mysql/db:/var/lib/mysql
networks:
- seafile-net
memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
ports:
- "80:80"
- "443:443"
volumes:
- /home/docker-seafile/seafile-data:/shared
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=password
- TIME_ZONE=Europe/Zurich
- SEAFILE_ADMIN_EMAIL=info@domain.com
- SEAFILE_ADMIN_PASSWORD=password
- SEAFILE_SERVER_LETSENCRYPT=true
- SEAFILE_SERVER_HOSTNAME=seafile.domain.com
depends_on:
- db
- memcached
networks:
- seafile-net
networks:
seafile-net:
This ist the docker-compose.yml for jwilder/proxy with letsencrypt companion:这是 docker-compose.yml for jwilder/proxy with letsencrypt companion:
version: '2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /home/docker-nginx-proxy/conf:/etc/nginx/conf.d
- /home/docker-nginx-proxy/vhost:/etc/nginx/vhost.d
- /home/docker-nginx-proxy/html:/usr/share/nginx/html
- /home/docker-nginx-proxy/dhparam:/etc/nginx/dhparam
- /home/docker-nginx-proxy/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
restart: always
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-proxy-le
depends_on:
- nginx-proxy
volumes_from:
- nginx-proxy
volumes:
- /home/docker-nginx-proxy/certs:/etc/nginx/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: always
networks:
default:
external:
name: nginx-proxy
This is the modified docker-compose.yml for seafile behind the reverse proxy:这是反向代理后面的 seafile 修改后的 docker-compose.yml:
version: '2.0'
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=password
- MYSQL_LOG_CONSOLE=true
volumes:
- /home/docker-seafile/seafile-mysql/db:/var/lib/mysql
networks:
- seafile-net
memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
ports:
- "3000:80"
volumes:
- /home/docker-seafile/seafile-data:/shared # Requested, specifies the path to Seafile data persistent store.
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=password
- TIME_ZONE=Europe/Zurich
- SEAFILE_ADMIN_EMAIL=info@domain.com
- SEAFILE_ADMIN_PASSWORD=password
- VIRTUAL_HOST=seafile.domain.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=3000
- LETSENCRYPT_HOST=seafile.domain.com
- LETSENCRYPT_EMAIL=info@domain.com
depends_on:
- db
- memcached
networks:
- seafile-net
- nginx-proxy
networks:
seafile-net:
nginx-proxy:
external: true
Any ideas what might be wrong?任何想法可能是错误的?
edit:编辑:
nginx config of jwilder/proxy looks like this: nginx jwilder/proxy 的配置如下所示:
root@7a10734e8ba2:/etc/nginx/conf.d# cat default.conf
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
resolver 127.0.0.11;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 443 ssl http2;
access_log /var/log/nginx/access.log vhost;
return 503;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
}
# seafile.domain.com
upstream seafile.domain.com {
# Cannot connect to network of this container
server 127.0.0.1 down;
## Can be connected with "nginx-proxy" network
# seafile
server 172.19.0.4:80;
}
server {
server_name seafile.domain.com;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name seafile.domain.com;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/seafile.domain.com.crt;
ssl_certificate_key /etc/nginx/certs/seafile.domain.com.key;
ssl_dhparam /etc/nginx/certs/seafile.domain.com.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/seafile.domain.com.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://seafile.domain.com;
}
}
That proxy_pass to http://seafile.domain.com looks wrong or am I mistaken?到http://seafile.domain.com的 proxy_pass 看起来不对,还是我弄错了?
I found a partial solution with the help of https://github.com/haiwen/seafile-docker/issues/91我在https://github.com/haiwen/seafile-docker/issues/91的帮助下找到了部分解决方案
docker-compose.yml for seafile now looks like this: seafile 的 docker-compose.yml 现在看起来像这样:
version: '2.0'
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=
- MYSQL_LOG_CONSOLE=true
volumes:
- ./seafile-mysql/db:/var/lib/mysql
memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
expose:
- "80"
volumes:
- ./seafile-data:/shared
- ./seafile.nginx.conf.template:/templates/seafile.nginx.conf.template:ro
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=
- TIME_ZONE=Europe/Zurich
- SEAFILE_ADMIN_EMAIL=
- SEAFILE_ADMIN_PASSWORD=
- VIRTUAL_HOST=seafile.domain.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=seafile.domain.com
- LETSENCRYPT_EMAIL=
depends_on:
- db
- memcached
networks:
default:
external:
name: nginx-proxy
and the corresponding seafile.nginx.conf.template和对应的 seafile.nginx.conf.template
# -*- mode: nginx -*-
# Auto generated at {{ current_timestr }}
{% if https -%}
server {
listen 80;
server_name _ default_server;
# allow certbot to connect to challenge location via HTTP Port 80
# otherwise renewal request will fail
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
location / {
rewrite ^ https://{{ domain }}$request_uri? permanent;
}
}
{% endif -%}
server {
{% if https -%}
listen 443;
ssl on;
ssl_certificate /shared/ssl/{{ domain }}.crt;
ssl_certificate_key /shared/ssl/{{ domain }}.key;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
# TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
# ssl_session_tickets on;
# ssl_session_ticket_key /etc/nginx/sessionticket.key;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 10m;
{% else -%}
listen 80;
{% endif -%}
server_name {{ domain }};
client_max_body_size 10m;
location / {
proxy_pass http://127.0.0.1:8000/;
proxy_read_timeout 310s;
proxy_set_header Host $host;
# proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for;proto=$http_x_forwarded_proto";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
# proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
proxy_http_version 1.1;
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_request_buffering off;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /seafdav {
client_max_body_size 0;
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
# For letsencrypt
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
}
With that, seafile.domain.com is reachable through the proxy.这样,seafile.domain.com 就可以通过代理访问了。 However, clients are still unable to sync, probably because of fastcgi.
但是,客户端仍然无法同步,可能是因为 fastcgi。 https://github.com/haiwen/seafile-docker/issues/91#issuecomment-549025051 mentions an open pull request to fix this issue hopefully.
https://github.com/haiwen/seafile-docker/issues/91#issuecomment-549025051提到了一个开放的拉取请求来解决这个问题。
I got a solution for the.network problems the problem by jwilder is the client_max_body_size.我得到了 .network 问题的解决方案,jwilder 的问题是 client_max_body_size。 There's no setting so the max upload ist 1M.
没有设置,所以最大上传 ist 1M。
I solved it by a new file and a new line in docker-compose.yml at the proxy-container.我在代理容器的 docker-compose.yml 中通过一个新文件和一个新行解决了这个问题。 Look here for a complete explaination:
在这里查看完整的解释:
[https://github.com/strahli30/HowTo-use-Docker-Seafile-Plex-NGINX][1] [https://github.com/strahli30/HowTo-use-Docker-Seafile-Plex-NGINX][1]
In short:简而言之:
Create a new folder mkdir nginx.template
新建文件夹
mkdir nginx.template
Create a new file sudo nano nginx.template/client_max_body_size.conf
创建一个新文件
sudo nano nginx.template/client_max_body_size.conf
One line in this file: client_max_body_size 0;
该文件中的一行:
client_max_body_size 0;
in the docker-compose.yml of jwilder/nginx-proxy:alpine at volumes this line: ./nginx.template/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro
在 jwilder/nginx-proxy:alpine 的 docker-compose.yml 中,这一行:./nginx.template/client_max_body_size.conf:
./nginx.template/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro
:ro
After restart of Seafile and Nginx all works fine: :-)重启 Seafile 和 Nginx 后一切正常::-)
I struggled to setup a fresh empty seafile-mc 7.0.5 using jwilder nginx-proxy with letsencrypt companion.我努力使用 jwilder nginx-proxy 和 letencrypt 伴侣来设置一个新的空 seafile-mc 7.0.5。 I was getting
bad gateway
errors.我收到了
bad gateway
错误。
I implemented the answer here: https://stackoverflow.com/a/60474891/2744870 .我在这里实现了答案: https : //stackoverflow.com/a/60474891/2744870 。 (It's an answer in this question)
(这是这个问题的答案)
It allowed the web interface to work, but not sync.它允许 Web 界面工作,但不能同步。
I added the config I previously used with docker seafile server 6.2.5 and now it syncs.我添加了我之前与 docker seafile server 6.2.5 一起使用的配置,现在它同步了。
The config is at: https://github.com/dgleba/proxy457/blob/master/vol/nginx/vhost.d/s.dg.gleba.com配置位于: https : //github.com/dgleba/proxy457/blob/master/vol/nginx/vhost.d/s.dg.gleba.com
This is it here as well.这也是这里。
#
# for seafile. ./vol/nginx/vhost.d/s.dg.gleba.com
#
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://seafile3:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
The repo linked below is what I am using to run seafile-mc 7.0.5.下面链接的存储库是我用来运行 seafile-mc 7.0.5 的。 See the seafile3 service in https://github.com/dgleba/proxy457/blob/master/docker-compose.yml
查看https://github.com/dgleba/proxy457/blob/master/docker-compose.yml 中的 seafile3 服务
I am not sure what I did in .我不确定我在 .
/vol/nginx/vhost.d/s.dg.gleba.com
is good practice. /vol/nginx/vhost.d/s.dg.gleba.com
是很好的做法。
Further investigation may be needed, but webui, sync client, and uploads apparently are working right now.可能需要进一步调查,但 webui、同步客户端和上传显然现在正在工作。
I had a typo in the SERVICE_URL, and FILE_SERVER_ROOT in webui System Admin which prevented file upload in webui and camera upload, but that is working now.我在 SERVICE_URL 和 webui 系统管理中的 FILE_SERVER_ROOT 中有一个错字,这阻止了 webui 中的文件上传和相机上传,但现在正在工作。 I think this is all working.
我认为这一切都在起作用。
I am now getting error: please check the network
in seahub webui.我现在收到错误:
please check the network
seahub webui 中please check the network
。 It is random.它是随机的。 I may have something mis-configured here.
我可能在这里配置错误。
I figured out how to add a block to the bottom of the autogenerated nginx config.我想出了如何在自动生成的 nginx 配置的底部添加一个块。
The key pieces are below.关键部分如下。 I can post a complete example if there is interest.
如果有兴趣,我可以发布一个完整的示例。
The last two volumes mount my edited nginx2.tmpl which then includes the override stanzas.最后两卷挂载了我编辑过的 nginx2.tmpl,然后包含覆盖节。
# This is part of docker-compose.yml
jproxy:
# docker-compose pull nproxy to update...
image: jwilder/nginx-proxy:alpine
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./vol/nginx/certs:/etc/nginx/certs:ro
- ./vol/nginx/html:/usr/share/nginx/html
- ./vol/nginx/vhost.d:/etc/nginx/vhost.d:ro
# - ./vol/nginx/conf.d:/etc/nginx/conf.d/
- ./vol/nginx/conf.d/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro
- ./nginx2.tmpl:/app/nginx.tmpl
- ./vol/nginx/jwilder-nginx-override:/etc/nginx/jwilder-nginx-override
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
restart: always
I added a line to the bottom of the standard jwilder/nginx-proxy
nginx.tmpl
and called it nginx2.tmpl
我在标准
jwilder/nginx-proxy
nginx.tmpl
的底部添加了一行并将其命名为nginx2.tmpl
# added to bottom of `nginx.tmpl`
include /etc/nginx/jwilder-nginx-override/*.conf;
So any .conf file in /etc/nginx/jwilder-nginx-override/ will get added verbatim to the generated config file.因此, /etc/nginx/jwilder-nginx-override/ 中的任何 .conf 文件都会逐字添加到生成的配置文件中。
This way there is complete control of some hosts.这样就可以完全控制一些主机。 You supply the entire config for that host.
您为该主机提供整个配置。
The following config is added for this seafile host.为这个 seafile 主机添加了以下配置。
# 82 for seafile4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# sf4.example.com
# commented out.. upstream sf4.example.com {..}
upstream sf4.example.com {
# proxy457d_seafile4_1
server 172.27.0.30:14191;
# server 172.27.0.30:8000;
# server 172.27.0.30:8082;
# server 172.21.0.20:80;
}
server {
server_name sf4.example.com;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect LetsEncrypt ACME challenge
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
#rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
location / {
return 301 https://$host$request_uri;
}
server_tokens off;
}
server {
server_name sf4.example.com;
listen 443 ssl;
# depricated.. ssl on;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/sf4.example.com.crt;
ssl_certificate_key /etc/nginx/certs/sf4.example.com.key;
ssl_dhparam /etc/nginx/certs/sf4.example.com.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/sf4.example.com.chain.pem;
# secure settings (A+ at SSL Labs ssltest at time of writing)
# see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-
AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-
SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-
SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
location / {
proxy_pass http://sf4.example.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 36001s;
client_max_body_size 0;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
# proxy_pass http://172.27.0.30:8082;
# proxy_pass http://sf4.example.com:8082;
proxy_pass http://seafile4:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 36001s;
proxy_connect_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
#location /media {
# root /home/user/haiwen/seafile-server-latest/seahub;
#}
}
# 82 for seafile4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks for your input - with your solution my seafile-mc works very fine.感谢您的输入 - 使用您的解决方案,我的 seafile-mc 工作得非常好。 And I have an answer for the problem in Uptdate 2
error: please check the network
(Look at 4.1 and 4.4).我在更新 2
error: please check the network
有一个问题的答案error: please check the network
(查看 4.1 和 4.4)。 I hope its help you and sorry about my terrible english - its my fist post.我希望它对你有所帮助,并对我糟糕的英语感到抱歉——这是我的第一篇文章。
.../docker/compose/seafile70
.../docker/compose/seafile70
version: '3'
networks:
seafile-net:
extern:
external:
name: extern
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=secretPW # Requested, set the root's password of MySQL service.
- MYSQL_LOG_CONSOLE=true
volumes:
- ./seaf/db:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store.
networks:
- seafile-net
restart: unless-stopped
memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net
restart: unless-stopped
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile-app
networks:
seafile-net:
extern:
aliases:
- seaf7
depends_on:
- db
- memcached
expose:
- "80"
- "8000" #webUI
- "8082" #Sync with app
- "8080" #webdav
volumes:
#IMPORTANT: activate the top line at first start
#then I separated the data folder from the seafile data
#Folder separation can then be used after the second start
- ./seaf/app:/shared
# - ./seaf/app/logs:/shared/logs
# - ./seaf/app/seafile/ccnet:/shared/seafile/ccnet
# - ./seaf/app/seafile/conf:/shared/seafile/conf
# - ./seaf/app/seafile/seahub-data:/shared/seafile/seahub-data
# - ./seaf/data:/shared/seafile/seafile-data #separated data-folder e.g. at an other HDD
- ./seafile.nginx.conf.template:/templates/seafile.nginx.conf.template:ro
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=secretPW
- TIME_ZONE=Europe/Berlin
- SEAFILE_ADMIN_EMAIL=example@yourmail.com
- SEAFILE_ADMIN_PASSWORD=passwort
- SEAFILE_SERVER_HOSTNAME=yourdomain.com
- VIRTUAL_HOST=yourdomain.com
- VIRTUAL_NETWORK=extern
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=yourdomain.com
- LETSENCRYPT_EMAIL=example@yourmail.com
restart: unless-stopped
.../docker/compose/seafile70
.../docker/compose/seafile70
# -*- mode: nginx -*-
# Auto generated at {{ current_timestr }}
{% if https -%}
server {
listen 80;
server_name _ default_server;
# allow certbot to connect to challenge location via HTTP Port 80
# otherwise renewal request will fail
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
location / {
rewrite ^ https://{{ domain }}$request_uri? permanent;
}
}
{% endif -%}
server {
{% if https -%}
listen 443;
ssl on;
ssl_certificate /shared/ssl/{{ domain }}.crt;
ssl_certificate_key /shared/ssl/{{ domain }}.key;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
# TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
# ssl_session_tickets on;
# ssl_session_ticket_key /etc/nginx/sessionticket.key;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 10m;
{% else -%}
listen 80;
{% endif -%}
server_name {{ domain }};
client_max_body_size 10m;
location / {
proxy_pass http://127.0.0.1:8000/;
proxy_read_timeout 310s;
proxy_set_header Host $host;
# proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for;proto=$http_x_forwarded_proto";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
# proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
proxy_http_version 1.1;
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_request_buffering off;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /seafdav {
client_max_body_size 0;
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
# For letsencrypt
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
}
.../docker/nginx/vhosts
Important to know: my nginx of jwilder runs in a separte docker-compose.../docker/nginx/vhosts
重要提示:我的 jwilder nginx 在单独的 docker-compose 中运行## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
## End of configuration add by letsencrypt container
# siehe https://github.com/dbendelman/nginx-proxy
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://seaf7:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
access_log /etc/nginx/conf.d/logs/seafhttp.access.log;
error_log /etc/nginx/conf.d/logs/seafhttp.error.log;
}
location /seafdav {
proxy_pass http://seaf7:8080/seafdav;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
access_log /etc/nginx/conf.d/logs/seafdav.access.log;
error_log /etc/nginx/conf.d/logs/seafdav.error.log;
}
.../docker/compose/seafile70/seaf/app/seafile/conf
.../docker/compose/seafile70/seaf/app/seafile/conf
4.1 Change in ccnet.conf
4.1
ccnet.conf
变化
[General]
SERVICE_URL = https://yourdomain.com
# Notice: - change to https and delet the PortNummer
# - no changes in other segments of this file
4.2 Change in seafdav.conf
4.2
seafdav.conf
变化
[WEBDAV]
enabled = true
port = 8080
# true => nur Seafilecontainer läuft, false => extern Proxy läuft
fastcgi = false
# seafdav => nur Seafilecontainer läuft, seafdav => extern Proxy läuft
share_name = /seafdav
4.3 Change in seafile.conf
4.3
seafile.conf
变化
[fileserver]
# bind address for fileserver
# default to 0.0.0.0, if deployed without proxy: no access restriction
# set to 127.0.0.1, if used with local proxy: only access by local
# host = 127.0.0.1 #DONT SET THIS IF YOU HAVE REDIRECT OUTSIDE DOCKER
# tcp port for fileserver
port = 8082
# Set maximum upload file size to 4000M.
max_upload_size=4000
# Set maximum download directory size to 4000M.
max_download_dir_size=4000
#Set uploading time limit to 10800s
web_token_expire_time=10800
[history]
# set a default history length limit for all libraries. Default no limit
# keep_days = days of history to keep
[library_trash]
# How often trashed libraries are scanned for removal, default 1 day.
# scan_days = xx
# How many days to keep trashed libraries, default 30 days.
# expire_days = xx
[database]
# Notice: - no changes in other segments of this file
4.4 Change in seahub_settings.py
4.4
seahub_settings.py
变化
#NUR URL von http auf https ändern
FILE_SERVER_ROOT = "https://yourdomain.com/seafhttp"
# Notice: - no changes in other segments of this file
# - change from http to https
After the modification I can use webdav (yourdomain.com/seafdav), the upload-button and the desktop-app for sync my PC.修改后我可以使用 webdav (yourdomain.com/seafdav)、上传按钮和桌面应用程序来同步我的电脑。
I wanna thanks all those nice guy out there - you give me so much information to create a stable seafile-mc container.我要感谢所有这些好人 - 你给了我这么多信息来创建一个稳定的 seafile-mc 容器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.