docker：jwilder/nginx-proxy 后面的 seafile

Question

我剛剛成功地對我的 seafile 安裝進行了 dockerized，現在想把它放在反向代理后面，因為我想托管多個服務。 但是，我從 nginx 收到“Bad Gateway”，無法弄清楚可能是什么問題。

這是工作 seafile docker-compose.yml（沒有反向代理）：

version: '2.0'
services:
  db:
    image: mariadb:10.1
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=password
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /home/docker-seafile/seafile-mysql/db:/var/lib/mysql
    networks:
      - seafile-net
  memcached:
    image: memcached:1.5.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
  seafile:
    image: seafileltd/seafile-mc:latest
    container_name: seafile
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /home/docker-seafile/seafile-data:/shared
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=password
      - TIME_ZONE=Europe/Zurich
      - SEAFILE_ADMIN_EMAIL=info@domain.com
      - SEAFILE_ADMIN_PASSWORD=password
      - SEAFILE_SERVER_LETSENCRYPT=true
      - SEAFILE_SERVER_HOSTNAME=seafile.domain.com
    depends_on:
      - db
      - memcached
    networks:
      - seafile-net
networks:
  seafile-net:

這是 docker-compose.yml for jwilder/proxy with letsencrypt companion：

version: '2'
services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /home/docker-nginx-proxy/conf:/etc/nginx/conf.d
      - /home/docker-nginx-proxy/vhost:/etc/nginx/vhost.d
      - /home/docker-nginx-proxy/html:/usr/share/nginx/html
      - /home/docker-nginx-proxy/dhparam:/etc/nginx/dhparam
      - /home/docker-nginx-proxy/certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
    restart: always
  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-proxy-le
    depends_on:
      - nginx-proxy
    volumes_from:
      - nginx-proxy
    volumes:
      - /home/docker-nginx-proxy/certs:/etc/nginx/certs
      - /var/run/docker.sock:/var/run/docker.sock:ro
    restart: always
networks:
  default:
    external:
      name: nginx-proxy

這是反向代理后面的 seafile 修改后的 docker-compose.yml：

version: '2.0'
services:
  db:
    image: mariadb:10.1
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=password
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /home/docker-seafile/seafile-mysql/db:/var/lib/mysql
    networks:
      - seafile-net
  memcached:
    image: memcached:1.5.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
  seafile:
    image: seafileltd/seafile-mc:latest
    container_name: seafile
    ports:
      - "3000:80"
    volumes:
      - /home/docker-seafile/seafile-data:/shared # Requested, specifies the path to Seafile data persistent store.
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=password
      - TIME_ZONE=Europe/Zurich
      - SEAFILE_ADMIN_EMAIL=info@domain.com
      - SEAFILE_ADMIN_PASSWORD=password
      - VIRTUAL_HOST=seafile.domain.com
      - VIRTUAL_NETWORK=nginx-proxy
      - VIRTUAL_PORT=3000
      - LETSENCRYPT_HOST=seafile.domain.com
      - LETSENCRYPT_EMAIL=info@domain.com
    depends_on:
      - db
      - memcached
    networks:
      - seafile-net
      - nginx-proxy
networks:
  seafile-net:
  nginx-proxy:
    external: true

任何想法可能是錯誤的？

編輯：

nginx jwilder/proxy 的配置如下所示：

root@7a10734e8ba2:/etc/nginx/conf.d# cat default.conf
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
  default $http_x_forwarded_port;
  ''      $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
  default off;
  https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent"';
access_log off;
                ssl_protocols TLSv1.2 TLSv1.3;
                ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
                ssl_prefer_server_ciphers off;
resolver 127.0.0.11;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
        server_name _; # This is just an invalid value which will never trigger on a real hostname.
        listen 80;
        access_log /var/log/nginx/access.log vhost;
        return 503;
}
server {
        server_name _; # This is just an invalid value which will never trigger on a real hostname.
        listen 443 ssl http2;
        access_log /var/log/nginx/access.log vhost;
        return 503;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/default.crt;
        ssl_certificate_key /etc/nginx/certs/default.key;
}
# seafile.domain.com
upstream seafile.domain.com {
                                # Cannot connect to network of this container
                                server 127.0.0.1 down;
                                ## Can be connected with "nginx-proxy" network
                        # seafile
                        server 172.19.0.4:80;
}
server {
        server_name seafile.domain.com;
        listen 80 ;
        access_log /var/log/nginx/access.log vhost;
        # Do not HTTPS redirect Let'sEncrypt ACME challenge
        location /.well-known/acme-challenge/ {
                auth_basic off;
                allow all;
                root /usr/share/nginx/html;
                try_files $uri =404;
                break;
        }
        location / {
                return 301 https://$host$request_uri;
        }
}
server {
        server_name seafile.domain.com;
        listen 443 ssl http2 ;
        access_log /var/log/nginx/access.log vhost;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_certificate /etc/nginx/certs/seafile.domain.com.crt;
        ssl_certificate_key /etc/nginx/certs/seafile.domain.com.key;
        ssl_dhparam /etc/nginx/certs/seafile.domain.com.dhparam.pem;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_trusted_certificate /etc/nginx/certs/seafile.domain.com.chain.pem;
        add_header Strict-Transport-Security "max-age=31536000" always;
        include /etc/nginx/vhost.d/default;
        location / {
                proxy_pass http://seafile.domain.com;
        }
}

到http://seafile.domain.com的 proxy_pass 看起來不對，還是我弄錯了？

Answer 1

我在https://github.com/haiwen/seafile-docker/issues/91的幫助下找到了部分解決方案

seafile 的 docker-compose.yml 現在看起來像這樣：

version: '2.0'
services:
  db:
    image: mariadb:10.1
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD= 
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - ./seafile-mysql/db:/var/lib/mysql

  memcached:
    image: memcached:1.5.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256

  seafile:
    image: seafileltd/seafile-mc:latest
    container_name: seafile
    expose:
      - "80"
    volumes:
      - ./seafile-data:/shared
      - ./seafile.nginx.conf.template:/templates/seafile.nginx.conf.template:ro
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=
      - TIME_ZONE=Europe/Zurich
      - SEAFILE_ADMIN_EMAIL=
      - SEAFILE_ADMIN_PASSWORD=
      - VIRTUAL_HOST=seafile.domain.com
      - VIRTUAL_NETWORK=nginx-proxy
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=seafile.domain.com
      - LETSENCRYPT_EMAIL=
    depends_on:
      - db
      - memcached
networks:
  default:
    external:
      name: nginx-proxy

和對應的 seafile.nginx.conf.template

# -*- mode: nginx -*-
# Auto generated at {{ current_timestr }}
{% if https -%}
server {
    listen 80;
    server_name _ default_server;

    # allow certbot to connect to challenge location via HTTP Port 80
    # otherwise renewal request will fail
    location /.well-known/acme-challenge/ {
        alias /var/www/challenges/;
        try_files $uri =404;
    }

    location / {
        rewrite ^ https://{{ domain }}$request_uri? permanent;
    }
}
{% endif -%}

server {
{% if https -%}
    listen 443;
    ssl on;
    ssl_certificate      /shared/ssl/{{ domain }}.crt;
    ssl_certificate_key  /shared/ssl/{{ domain }}.key;

    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

    # TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
    # ssl_session_tickets on;
    # ssl_session_ticket_key /etc/nginx/sessionticket.key;
    # ssl_session_cache shared:SSL:10m;
    # ssl_session_timeout 10m;
{% else -%}
    listen 80;
{% endif -%}

    server_name {{ domain }};

    client_max_body_size 10m;

    location / {
        proxy_pass http://127.0.0.1:8000/;
        proxy_read_timeout 310s;
        proxy_set_header Host $host;
#       proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for;proto=$http_x_forwarded_proto";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#       proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
#       proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-IP $proxy_add_x_forwarded_for;
        proxy_set_header Connection "";
        proxy_http_version 1.1;

        client_max_body_size 0;
        access_log      /var/log/nginx/seahub.access.log seafileformat;
        error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_request_buffering off;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }

    location /seafdav {
        client_max_body_size 0;
        fastcgi_pass    127.0.0.1:8080;
        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
        fastcgi_param   PATH_INFO           $fastcgi_script_name;

        fastcgi_param   SERVER_PROTOCOL     $server_protocol;
        fastcgi_param   QUERY_STRING        $query_string;
        fastcgi_param   REQUEST_METHOD      $request_method;
        fastcgi_param   CONTENT_TYPE        $content_type;
        fastcgi_param   CONTENT_LENGTH      $content_length;
        fastcgi_param   SERVER_ADDR         $server_addr;
        fastcgi_param   SERVER_PORT         $server_port;
        fastcgi_param   SERVER_NAME         $server_name;

        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }

    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }

    # For letsencrypt
    location /.well-known/acme-challenge/ {
        alias /var/www/challenges/;
        try_files $uri =404;
    }
}

這樣，seafile.domain.com 就可以通過代理訪問了。 但是，客戶端仍然無法同步，可能是因為 fastcgi。 https://github.com/haiwen/seafile-docker/issues/91#issuecomment-549025051提到了一個開放的拉取請求來解決這個問題。

Answer 2

我得到了 .network 問題的解決方案，jwilder 的問題是 client_max_body_size。 沒有設置，所以最大上傳 ist 1M。

我在代理容器的 docker-compose.yml 中通過一個新文件和一個新行解決了這個問題。 在這里查看完整的解釋：

[https://github.com/strahli30/HowTo-use-Docker-Seafile-Plex-NGINX][1]

簡而言之：

• 新建文件夾mkdir nginx.template

• 創建一個新文件sudo nano nginx.template/client_max_body_size.conf

• 該文件中的一行： client_max_body_size 0;

• 在 jwilder/nginx-proxy:alpine 的 docker-compose.yml 中，這一行：./nginx.template/client_max_body_size.conf: ./nginx.template/client_max_body_size.conf:/etc/nginx/conf.d/client_max_body_size.conf:ro :ro

重啟 Seafile 和 Nginx 后一切正常：:-)

Answer 3

我努力使用 jwilder nginx-proxy 和 letencrypt 伴侶來設置一個新的空 seafile-mc 7.0.5。 我收到了bad gateway錯誤。

我在這里實現了答案： https : //stackoverflow.com/a/60474891/2744870 。 （這是這個問題的答案）

它允許 Web 界面工作，但不能同步。

我添加了我之前與 docker seafile server 6.2.5 一起使用的配置，現在它同步了。

配置位於： https : //github.com/dgleba/proxy457/blob/master/vol/nginx/vhost.d/s.dg.gleba.com

這也是這里。

#
# for seafile.  ./vol/nginx/vhost.d/s.dg.gleba.com
#
  location /seafhttp {
      rewrite ^/seafhttp(.*)$ $1 break;
      proxy_pass http://seafile3:8082;
      client_max_body_size 0;
      proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_connect_timeout  36000s;
      proxy_read_timeout  36000s;
      proxy_send_timeout  36000s;
      send_timeout  36000s;
  }

下面鏈接的存儲庫是我用來運行 seafile-mc 7.0.5 的。 查看https://github.com/dgleba/proxy457/blob/master/docker-compose.yml 中的 seafile3 服務

我不確定我在 . /vol/nginx/vhost.d/s.dg.gleba.com是很好的做法。

可能需要進一步調查，但 webui、同步客戶端和上傳顯然現在正在工作。

更新：

我在 SERVICE_URL 和 webui 系統管理中的 FILE_SERVER_ROOT 中有一個錯字，這阻止了 webui 中的文件上傳和相機上傳，但現在正在工作。 我認為這一切都在起作用。

更新 2：

我現在收到錯誤： please check the network seahub webui 中please check the network 。 它是隨機的。 我可能在這里配置錯誤。

Answer 4

我想出了如何在自動生成的 nginx 配置的底部添加一個塊。

關鍵部分如下。 如果有興趣，我可以發布一個完整的示例。

最后兩卷掛載了我編輯過的 nginx2.tmpl，然后包含覆蓋節。

# This is part of docker-compose.yml
  jproxy:
  # docker-compose pull nproxy to update...
    image: jwilder/nginx-proxy:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - ./vol/nginx/certs:/etc/nginx/certs:ro
      - ./vol/nginx/html:/usr/share/nginx/html
      - ./vol/nginx/vhost.d:/etc/nginx/vhost.d:ro
      # - ./vol/nginx/conf.d:/etc/nginx/conf.d/
      - ./vol/nginx/conf.d/my_proxy.conf:/etc/nginx/conf.d/my_proxy.conf:ro
      - ./nginx2.tmpl:/app/nginx.tmpl
      - ./vol/nginx/jwilder-nginx-override:/etc/nginx/jwilder-nginx-override
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
    restart: always

我在標准jwilder/nginx-proxy nginx.tmpl的底部添加了一行並將其命名為nginx2.tmpl

# added to bottom of `nginx.tmpl`
include /etc/nginx/jwilder-nginx-override/*.conf;

因此， /etc/nginx/jwilder-nginx-override/ 中的任何 .conf 文件都會逐字添加到生成的配置文件中。

這樣就可以完全控制一些主機。 您為該主機提供整個配置。

為這個 seafile 主機添加了以下配置。

# 82 for seafile4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  # sf4.example.com
  # commented out..  upstream sf4.example.com {..}

  upstream sf4.example.com {
            # proxy457d_seafile4_1
           server 172.27.0.30:14191;
            # server 172.27.0.30:8000;
            # server 172.27.0.30:8082;
            # server 172.21.0.20:80;
  }

  server {
    server_name sf4.example.com;
    listen 80 ;

    access_log /var/log/nginx/access.log vhost;
    # Do not HTTPS redirect LetsEncrypt ACME challenge
    location /.well-known/acme-challenge/ {
      auth_basic off;
      allow all;
      root /usr/share/nginx/html;
      try_files $uri =404;
      break;
    }

    #rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https

    location / {
      return 301 https://$host$request_uri;
    }

    server_tokens off; 
  }
  server {
    server_name sf4.example.com;
    listen 443 ssl;
    # depricated.. ssl on;
    access_log /var/log/nginx/access.log vhost;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/sf4.example.com.crt;
    ssl_certificate_key /etc/nginx/certs/sf4.example.com.key;
    ssl_dhparam /etc/nginx/certs/sf4.example.com.dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/certs/sf4.example.com.chain.pem;

    # secure settings (A+ at SSL Labs ssltest at time of writing)
    # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-
AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-
SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-
SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
    ssl_prefer_server_ciphers on;
    proxy_set_header X-Forwarded-For $remote_addr;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;    

    location / {
    proxy_pass http://sf4.example.com;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host $server_name;
    proxy_set_header   X-Forwarded-Proto https;
    proxy_read_timeout 36001s;
    client_max_body_size 0;
    }
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        # proxy_pass http://172.27.0.30:8082;
        # proxy_pass http://sf4.example.com:8082;
        proxy_pass http://seafile4:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 36001s;
        proxy_connect_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }
    #location /media {
    #    root /home/user/haiwen/seafile-server-latest/seahub;
    #}       
  }
# 82 for seafile4 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Answer 5

感謝您的輸入 - 使用您的解決方案，我的 seafile-mc 工作得非常好。 我在更新 2 error: please check the network有一個問題的答案error: please check the network （查看 4.1 和 4.4）。 我希望它對你有所幫助，並對我糟糕的英語感到抱歉——這是我的第一篇文章。

1. docker-compose.yml 路徑： .../docker/compose/seafile70

version: '3'

networks:
  seafile-net:
  extern:
    external:
      name: extern
      
services:
  db:
    image: mariadb:10.1
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=secretPW # Requested, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - ./seaf/db:/var/lib/mysql  # Requested, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net
    restart: unless-stopped

  memcached:
    image: memcached:1.5.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net
    restart: unless-stopped
          
  seafile:
    image: seafileltd/seafile-mc:latest
    container_name: seafile-app
    networks:
      seafile-net:
      extern:
        aliases:
          - seaf7
    depends_on:
      - db
      - memcached
    expose:
      - "80"
      - "8000" #webUI
      - "8082" #Sync with app
      - "8080" #webdav
    volumes:
      #IMPORTANT: activate the top line at first start
      #then I separated the data folder from the seafile data
      #Folder separation can then be used after the second start
      - ./seaf/app:/shared
#      - ./seaf/app/logs:/shared/logs
#      - ./seaf/app/seafile/ccnet:/shared/seafile/ccnet
#      - ./seaf/app/seafile/conf:/shared/seafile/conf
#      - ./seaf/app/seafile/seahub-data:/shared/seafile/seahub-data
#      - ./seaf/data:/shared/seafile/seafile-data #separated data-folder e.g. at an other HDD
      - ./seafile.nginx.conf.template:/templates/seafile.nginx.conf.template:ro
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=secretPW
      - TIME_ZONE=Europe/Berlin
      - SEAFILE_ADMIN_EMAIL=example@yourmail.com
      - SEAFILE_ADMIN_PASSWORD=passwort
      - SEAFILE_SERVER_HOSTNAME=yourdomain.com
      - VIRTUAL_HOST=yourdomain.com
      - VIRTUAL_NETWORK=extern
      - VIRTUAL_PORT=80
      - LETSENCRYPT_HOST=yourdomain.com
      - LETSENCRYPT_EMAIL=example@yourmail.com
    restart: unless-stopped

2. 文件 seafile.nginx.conf.template 路徑： .../docker/compose/seafile70

# -*- mode: nginx -*-
# Auto generated at {{ current_timestr }}
{% if https -%}
server {
    listen 80;
    server_name _ default_server;

    # allow certbot to connect to challenge location via HTTP Port 80
    # otherwise renewal request will fail
    location /.well-known/acme-challenge/ {
        alias /var/www/challenges/;
        try_files $uri =404;
    }

    location / {
        rewrite ^ https://{{ domain }}$request_uri? permanent;
    }
}
{% endif -%}

server {
{% if https -%}
    listen 443;
    ssl on;
    ssl_certificate      /shared/ssl/{{ domain }}.crt;
    ssl_certificate_key  /shared/ssl/{{ domain }}.key;

    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

    # TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
    # ssl_session_tickets on;
    # ssl_session_ticket_key /etc/nginx/sessionticket.key;
    # ssl_session_cache shared:SSL:10m;
    # ssl_session_timeout 10m;
{% else -%}
    listen 80;
{% endif -%}

    server_name {{ domain }};

    client_max_body_size 10m;

    location / {
        proxy_pass http://127.0.0.1:8000/;
        proxy_read_timeout 310s;
        proxy_set_header Host $host;
#       proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header Forwarded "for=$proxy_add_x_forwarded_for;proto=$http_x_forwarded_proto";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#       proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
#       proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Real-IP $proxy_add_x_forwarded_for;
        proxy_set_header Connection "";
        proxy_http_version 1.1;

        client_max_body_size 0;
        access_log      /var/log/nginx/seahub.access.log seafileformat;
        error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_request_buffering off;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }

    location /seafdav {
        client_max_body_size 0;
        fastcgi_pass    127.0.0.1:8080;
        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
        fastcgi_param   PATH_INFO           $fastcgi_script_name;

        fastcgi_param   SERVER_PROTOCOL     $server_protocol;
        fastcgi_param   QUERY_STRING        $query_string;
        fastcgi_param   REQUEST_METHOD      $request_method;
        fastcgi_param   CONTENT_TYPE        $content_type;
        fastcgi_param   CONTENT_LENGTH      $content_length;
        fastcgi_param   SERVER_ADDR         $server_addr;
        fastcgi_param   SERVER_PORT         $server_port;
        fastcgi_param   SERVER_NAME         $server_name;

        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }

    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }

    # For letsencrypt
    location /.well-known/acme-challenge/ {
        alias /var/www/challenges/;
        try_files $uri =404;
    }
}

3. 文件 yourdomain.com 路徑： .../docker/nginx/vhosts重要提示：我的 jwilder nginx 在單獨的 docker-compose 中運行

## Start of configuration add by letsencrypt container
location ^~ /.well-known/acme-challenge/ {
    auth_basic off;
    auth_request off;
    allow all;
    root /usr/share/nginx/html;
    try_files $uri =404;
    break;
}
## End of configuration add by letsencrypt container
# siehe https://github.com/dbendelman/nginx-proxy   
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://seaf7:8082;
        
      client_max_body_size 0;
      proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_connect_timeout  36000s;
      proxy_read_timeout  36000s;
      proxy_send_timeout  36000s;
      send_timeout  36000s;
        
        access_log      /etc/nginx/conf.d/logs/seafhttp.access.log; 
        error_log       /etc/nginx/conf.d/logs/seafhttp.error.log; 

    }

    location /seafdav {
        proxy_pass http://seaf7:8080/seafdav;
        client_max_body_size 0;

        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;

        access_log      /etc/nginx/conf.d/logs/seafdav.access.log; 
        error_log   /etc/nginx/conf.d/logs/seafdav.error.log;

    }

4. 第一次啟動后 Seafile 的配置文件路徑： .../docker/compose/seafile70/seaf/app/seafile/conf

4.1 ccnet.conf變化

[General]
SERVICE_URL = https://yourdomain.com
# Notice: - change to https and delet the PortNummer
#         - no changes in other segments of this file

4.2 seafdav.conf變化

[WEBDAV] 
enabled = true
port = 8080

# true => nur Seafilecontainer läuft, false => extern Proxy läuft
fastcgi = false

# seafdav => nur Seafilecontainer läuft, seafdav => extern Proxy läuft
share_name = /seafdav

4.3 seafile.conf變化

[fileserver]
# bind address for fileserver
# default to 0.0.0.0, if deployed without proxy: no access restriction
# set to 127.0.0.1, if used with local proxy: only access by local
# host = 127.0.0.1 #DONT SET THIS IF YOU HAVE REDIRECT OUTSIDE DOCKER

# tcp port for fileserver
port = 8082

# Set maximum upload file size to 4000M.
max_upload_size=4000

# Set maximum download directory size to 4000M.
max_download_dir_size=4000

#Set uploading time limit to 10800s 
web_token_expire_time=10800

[history]
# set a default history length limit for all libraries. Default no limit 
# keep_days = days of history to keep

[library_trash]
# How often trashed libraries are scanned for removal, default 1 day.
# scan_days = xx

# How many days to keep trashed libraries, default 30 days.
# expire_days = xx

[database]
# Notice: - no changes in other segments of this file

4.4 seahub_settings.py變化

#NUR URL von http auf https ändern
FILE_SERVER_ROOT = "https://yourdomain.com/seafhttp"
# Notice: - no changes in other segments of this file
#         - change from http to https

修改后我可以使用 webdav (yourdomain.com/seafdav)、上傳按鈕和桌面應用程序來同步我的電腦。

我要感謝所有這些好人 - 你給了我這么多信息來創建一個穩定的 seafile-mc 容器。