[英]docker: seafile behind jwilder/nginx-proxy
我剛剛成功地對我的 seafile 安裝進行了 dockerized,現在想把它放在反向代理后面,因為我想托管多個服務。 但是,我從 nginx 收到“Bad Gateway”,無法弄清楚可能是什么問題。
這是工作 seafile docker-compose.yml(沒有反向代理):
version: '2.0'
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=password
- MYSQL_LOG_CONSOLE=true
volumes:
- /home/docker-seafile/seafile-mysql/db:/var/lib/mysql
networks:
- seafile-net
memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
ports:
- "80:80"
- "443:443"
volumes:
- /home/docker-seafile/seafile-data:/shared
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=password
- TIME_ZONE=Europe/Zurich
- SEAFILE_ADMIN_EMAIL=info@domain.com
- SEAFILE_ADMIN_PASSWORD=password
- SEAFILE_SERVER_LETSENCRYPT=true
- SEAFILE_SERVER_HOSTNAME=seafile.domain.com
depends_on:
- db
- memcached
networks:
- seafile-net
networks:
seafile-net:
這是 docker-compose.yml for jwilder/proxy with letsencrypt companion:
version: '2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /home/docker-nginx-proxy/conf:/etc/nginx/conf.d
- /home/docker-nginx-proxy/vhost:/etc/nginx/vhost.d
- /home/docker-nginx-proxy/html:/usr/share/nginx/html
- /home/docker-nginx-proxy/dhparam:/etc/nginx/dhparam
- /home/docker-nginx-proxy/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
restart: always
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-proxy-le
depends_on:
- nginx-proxy
volumes_from:
- nginx-proxy
volumes:
- /home/docker-nginx-proxy/certs:/etc/nginx/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
restart: always
networks:
default:
external:
name: nginx-proxy
這是反向代理后面的 seafile 修改后的 docker-compose.yml:
version: '2.0'
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=password
- MYSQL_LOG_CONSOLE=true
volumes:
- /home/docker-seafile/seafile-mysql/db:/var/lib/mysql
networks:
- seafile-net
memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
ports:
- "3000:80"
volumes:
- /home/docker-seafile/seafile-data:/shared # Requested, specifies the path to Seafile data persistent store.
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=password
- TIME_ZONE=Europe/Zurich
- SEAFILE_ADMIN_EMAIL=info@domain.com
- SEAFILE_ADMIN_PASSWORD=password
- VIRTUAL_HOST=seafile.domain.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=3000
- LETSENCRYPT_HOST=seafile.domain.com
- LETSENCRYPT_EMAIL=info@domain.com
depends_on:
- db
- memcached
networks:
- seafile-net
- nginx-proxy
networks:
seafile-net:
nginx-proxy:
external: true
任何想法可能是錯誤的?
編輯:
nginx jwilder/proxy 的配置如下所示:
root@7a10734e8ba2:/etc/nginx/conf.d# cat default.conf
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
resolver 127.0.0.11;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 443 ssl http2;
access_log /var/log/nginx/access.log vhost;
return 503;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
}
# seafile.domain.com
upstream seafile.domain.com {
# Cannot connect to network of this container
server 127.0.0.1 down;
## Can be connected with "nginx-proxy" network
# seafile
server 172.19.0.4:80;
}
server {
server_name seafile.domain.com;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect Let'sEncrypt ACME challenge
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
server_name seafile.domain.com;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/seafile.domain.com.crt;
ssl_certificate_key /etc/nginx/certs/seafile.domain.com.key;
ssl_dhparam /etc/nginx/certs/seafile.domain.com.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/seafile.domain.com.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://seafile.domain.com;
}
}
到http://seafile.domain.com的 proxy_pass 看起來不對,還是我弄錯了?
我在https://github.com/haiwen/seafile-docker/issues/91的幫助下找到了部分解決方案
seafile 的 docker-compose.yml 現在看起來像這樣:
version: '2.0'
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=
- MYSQL_LOG_CONSOLE=true
volumes:
- ./seafile-mysql/db:/var/lib/mysql
memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
expose:
- "80"
volumes:
- ./seafile-data:/shared
- ./seafile.nginx.conf.template:/templates/seafile.nginx.conf.template:ro
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=
- TIME_ZONE=Europe/Zurich
- SEAFILE_ADMIN_EMAIL=
- SEAFILE_ADMIN_PASSWORD=
- VIRTUAL_HOST=seafile.domain.com
- VIRTUAL_NETWORK=nginx-proxy
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=seafile.domain.com
- LETSENCRYPT_EMAIL=
depends_on:
- db
- memcached
networks:
default:
external:
name: nginx-proxy
和對應的 seafile.nginx.conf.template
# -*- mode: nginx -*-
# Auto generated at {{ current_timestr }}
{% if https -%}
server {
listen 80;
server_name _ default_server;
# allow certbot to connect to challenge location via HTTP Port 80
# otherwise renewal request will fail
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
location / {
rewrite ^ https://{{ domain }}$request_uri? permanent;
}
}
{% endif -%}
server {
{% if https -%}
listen 443;
ssl on;
ssl_certificate /shared/ssl/{{ domain }}.crt;
ssl_certificate_key /shared/ssl/{{ domain }}.key;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
# TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
# ssl_session_tickets on;
# ssl_session_ticket_key /etc/nginx/sessionticket.key;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 10m;
{% else -%}
listen 80;
{% endif -%}
server_name {{ domain }};
client_max_body_size 10m;
location / {
proxy_pass http://127.0.0.1:8000/;
proxy_read_timeout 310s;
proxy_set_header Host $host;
# proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for;proto=$http_x_forwarded_proto";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
# proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
proxy_http_version 1.1;
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_request_buffering off;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /seafdav {
client_max_body_size 0;
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
# For letsencrypt
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
}
這樣,seafile.domain.com 就可以通過代理訪問了。 但是,客戶端仍然無法同步,可能是因為 fastcgi。 https://github.com/haiwen/seafile-docker/issues/91#issuecomment-549025051提到了一個開放的拉取請求來解決這個問題。
我得到了 .network 問題的解決方案,jwilder 的問題是 client_max_body_size。 沒有設置,所以最大上傳 ist 1M。
我在代理容器的 docker-compose.yml 中通過一個新文件和一個新行解決了這個問題。 在這里查看完整的解釋:
[https://github.com/strahli30/HowTo-use-Docker-Seafile-Plex-NGINX][1]
簡而言之:
新建文件夾mkdir nginx.template
創建一個新文件sudo nano nginx.template/client_max_body_size.conf
該文件中的一行: client_max_body_size 0;
在 jwilder/nginx-proxy:alpine 的 docker-compose.yml 中,這一行:./nginx.template/client_max_body_size.conf: ./nginx.template/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro
:ro
重啟 Seafile 和 Nginx 后一切正常::-)
我努力使用 jwilder nginx-proxy 和 letencrypt 伴侶來設置一個新的空 seafile-mc 7.0.5。 我收到了bad gateway
錯誤。
我在這里實現了答案: https : //stackoverflow.com/a/60474891/2744870 。 (這是這個問題的答案)
它允許 Web 界面工作,但不能同步。
我添加了我之前與 docker seafile server 6.2.5 一起使用的配置,現在它同步了。
配置位於: https : //github.com/dgleba/proxy457/blob/master/vol/nginx/vhost.d/s.dg.gleba.com
這也是這里。
#
# for seafile. ./vol/nginx/vhost.d/s.dg.gleba.com
#
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://seafile3:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
下面鏈接的存儲庫是我用來運行 seafile-mc 7.0.5 的。 查看https://github.com/dgleba/proxy457/blob/master/docker-compose.yml 中的 seafile3 服務
我不確定我在 . /vol/nginx/vhost.d/s.dg.gleba.com
是很好的做法。
可能需要進一步調查,但 webui、同步客戶端和上傳顯然現在正在工作。
我在 SERVICE_URL 和 webui 系統管理中的 FILE_SERVER_ROOT 中有一個錯字,這阻止了 webui 中的文件上傳和相機上傳,但現在正在工作。 我認為這一切都在起作用。
我現在收到錯誤: please check the network
seahub webui 中please check the network
。 它是隨機的。 我可能在這里配置錯誤。
我想出了如何在自動生成的 nginx 配置的底部添加一個塊。
關鍵部分如下。 如果有興趣,我可以發布一個完整的示例。
最后兩卷掛載了我編輯過的 nginx2.tmpl,然后包含覆蓋節。
# This is part of docker-compose.yml
jproxy:
# docker-compose pull nproxy to update...
image: jwilder/nginx-proxy:alpine
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- ./vol/nginx/certs:/etc/nginx/certs:ro
- ./vol/nginx/html:/usr/share/nginx/html
- ./vol/nginx/vhost.d:/etc/nginx/vhost.d:ro
# - ./vol/nginx/conf.d:/etc/nginx/conf.d/
- ./vol/nginx/conf.d/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro
- ./nginx2.tmpl:/app/nginx.tmpl
- ./vol/nginx/jwilder-nginx-override:/etc/nginx/jwilder-nginx-override
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
restart: always
我在標准jwilder/nginx-proxy
nginx.tmpl
的底部添加了一行並將其命名為nginx2.tmpl
# added to bottom of `nginx.tmpl`
include /etc/nginx/jwilder-nginx-override/*.conf;
因此, /etc/nginx/jwilder-nginx-override/ 中的任何 .conf 文件都會逐字添加到生成的配置文件中。
這樣就可以完全控制一些主機。 您為該主機提供整個配置。
為這個 seafile 主機添加了以下配置。
# 82 for seafile4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# sf4.example.com
# commented out.. upstream sf4.example.com {..}
upstream sf4.example.com {
# proxy457d_seafile4_1
server 172.27.0.30:14191;
# server 172.27.0.30:8000;
# server 172.27.0.30:8082;
# server 172.21.0.20:80;
}
server {
server_name sf4.example.com;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
# Do not HTTPS redirect LetsEncrypt ACME challenge
location /.well-known/acme-challenge/ {
auth_basic off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
#rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
location / {
return 301 https://$host$request_uri;
}
server_tokens off;
}
server {
server_name sf4.example.com;
listen 443 ssl;
# depricated.. ssl on;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/sf4.example.com.crt;
ssl_certificate_key /etc/nginx/certs/sf4.example.com.key;
ssl_dhparam /etc/nginx/certs/sf4.example.com.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/sf4.example.com.chain.pem;
# secure settings (A+ at SSL Labs ssltest at time of writing)
# see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-
AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-
SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-
SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
location / {
proxy_pass http://sf4.example.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 36001s;
client_max_body_size 0;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
# proxy_pass http://172.27.0.30:8082;
# proxy_pass http://sf4.example.com:8082;
proxy_pass http://seafile4:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 36001s;
proxy_connect_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
#location /media {
# root /home/user/haiwen/seafile-server-latest/seahub;
#}
}
# 82 for seafile4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
感謝您的輸入 - 使用您的解決方案,我的 seafile-mc 工作得非常好。 我在更新 2 error: please check the network
有一個問題的答案error: please check the network
(查看 4.1 和 4.4)。 我希望它對你有所幫助,並對我糟糕的英語感到抱歉——這是我的第一篇文章。
.../docker/compose/seafile70
version: '3'
networks:
seafile-net:
extern:
external:
name: extern
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=secretPW # Requested, set the root's password of MySQL service.
- MYSQL_LOG_CONSOLE=true
volumes:
- ./seaf/db:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store.
networks:
- seafile-net
restart: unless-stopped
memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net
restart: unless-stopped
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile-app
networks:
seafile-net:
extern:
aliases:
- seaf7
depends_on:
- db
- memcached
expose:
- "80"
- "8000" #webUI
- "8082" #Sync with app
- "8080" #webdav
volumes:
#IMPORTANT: activate the top line at first start
#then I separated the data folder from the seafile data
#Folder separation can then be used after the second start
- ./seaf/app:/shared
# - ./seaf/app/logs:/shared/logs
# - ./seaf/app/seafile/ccnet:/shared/seafile/ccnet
# - ./seaf/app/seafile/conf:/shared/seafile/conf
# - ./seaf/app/seafile/seahub-data:/shared/seafile/seahub-data
# - ./seaf/data:/shared/seafile/seafile-data #separated data-folder e.g. at an other HDD
- ./seafile.nginx.conf.template:/templates/seafile.nginx.conf.template:ro
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=secretPW
- TIME_ZONE=Europe/Berlin
- SEAFILE_ADMIN_EMAIL=example@yourmail.com
- SEAFILE_ADMIN_PASSWORD=passwort
- SEAFILE_SERVER_HOSTNAME=yourdomain.com
- VIRTUAL_HOST=yourdomain.com
- VIRTUAL_NETWORK=extern
- VIRTUAL_PORT=80
- LETSENCRYPT_HOST=yourdomain.com
- LETSENCRYPT_EMAIL=example@yourmail.com
restart: unless-stopped
.../docker/compose/seafile70
# -*- mode: nginx -*-
# Auto generated at {{ current_timestr }}
{% if https -%}
server {
listen 80;
server_name _ default_server;
# allow certbot to connect to challenge location via HTTP Port 80
# otherwise renewal request will fail
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
location / {
rewrite ^ https://{{ domain }}$request_uri? permanent;
}
}
{% endif -%}
server {
{% if https -%}
listen 443;
ssl on;
ssl_certificate /shared/ssl/{{ domain }}.crt;
ssl_certificate_key /shared/ssl/{{ domain }}.key;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
# TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
# ssl_session_tickets on;
# ssl_session_ticket_key /etc/nginx/sessionticket.key;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 10m;
{% else -%}
listen 80;
{% endif -%}
server_name {{ domain }};
client_max_body_size 10m;
location / {
proxy_pass http://127.0.0.1:8000/;
proxy_read_timeout 310s;
proxy_set_header Host $host;
# proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for;proto=$http_x_forwarded_proto";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
# proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-IP $proxy_add_x_forwarded_for;
proxy_set_header Connection "";
proxy_http_version 1.1;
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_request_buffering off;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /seafdav {
client_max_body_size 0;
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
# For letsencrypt
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
}
.../docker/nginx/vhosts
重要提示:我的 jwilder nginx 在單獨的 docker-compose 中運行## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
auth_basic off;
auth_request off;
allow all;
root /usr/share/nginx/html;
try_files $uri =404;
break;
}
## End of configuration add by letsencrypt container
# siehe https://github.com/dbendelman/nginx-proxy
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://seaf7:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
access_log /etc/nginx/conf.d/logs/seafhttp.access.log;
error_log /etc/nginx/conf.d/logs/seafhttp.error.log;
}
location /seafdav {
proxy_pass http://seaf7:8080/seafdav;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
access_log /etc/nginx/conf.d/logs/seafdav.access.log;
error_log /etc/nginx/conf.d/logs/seafdav.error.log;
}
.../docker/compose/seafile70/seaf/app/seafile/conf
4.1 ccnet.conf
變化
[General]
SERVICE_URL = https://yourdomain.com
# Notice: - change to https and delet the PortNummer
# - no changes in other segments of this file
4.2 seafdav.conf
變化
[WEBDAV]
enabled = true
port = 8080
# true => nur Seafilecontainer läuft, false => extern Proxy läuft
fastcgi = false
# seafdav => nur Seafilecontainer läuft, seafdav => extern Proxy läuft
share_name = /seafdav
4.3 seafile.conf
變化
[fileserver]
# bind address for fileserver
# default to 0.0.0.0, if deployed without proxy: no access restriction
# set to 127.0.0.1, if used with local proxy: only access by local
# host = 127.0.0.1 #DONT SET THIS IF YOU HAVE REDIRECT OUTSIDE DOCKER
# tcp port for fileserver
port = 8082
# Set maximum upload file size to 4000M.
max_upload_size=4000
# Set maximum download directory size to 4000M.
max_download_dir_size=4000
#Set uploading time limit to 10800s
web_token_expire_time=10800
[history]
# set a default history length limit for all libraries. Default no limit
# keep_days = days of history to keep
[library_trash]
# How often trashed libraries are scanned for removal, default 1 day.
# scan_days = xx
# How many days to keep trashed libraries, default 30 days.
# expire_days = xx
[database]
# Notice: - no changes in other segments of this file
4.4 seahub_settings.py
變化
#NUR URL von http auf https ändern
FILE_SERVER_ROOT = "https://yourdomain.com/seafhttp"
# Notice: - no changes in other segments of this file
# - change from http to https
修改后我可以使用 webdav (yourdomain.com/seafdav)、上傳按鈕和桌面應用程序來同步我的電腦。
我要感謝所有這些好人 - 你給了我這么多信息來創建一個穩定的 seafile-mc 容器。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.