seafile-docker
seafile-docker copied to clipboard
haiwen
Strip Nginx from seafileltd/seafile-mc
IMHO the image should not contain the Nginx service. It should be eventually defined with an extra service on docker-compose.yml or removed entirely.
For example, similar result could be obtained without Nginx, adopting Traefik 1.7 and adding the following labels to seafile service:
seafile:
[...]
labels:
- "traefik.seahub.frontend.rule=Host:box.seafile.tld"
- "traefik.seahub.frontend.redirect.entryPoint=https"
- "traefik.seahub.port=8000"
- "traefik.seafdav.frontend.rule=Host:box.seafile.tld;PathPrefixStrip:/seafdav"
- "traefik.seafdav.frontend.redirect.entryPoint=https"
- "traefik.seafdav.port=8080"
- "traefik.seafhttp.frontend.rule=Host:box.seafile.tld;PathPrefixStrip:/seafhttp"
- "traefik.seafhttp.frontend.redirect.entryPoint=https"
- "traefik.seafhttp.port=8082"
This way the image would be cleaner and more flexible.
Agreed. I would like to proxy seafile through my own, already configured caddy instance. No need for nginx in the image whatsoever for me
Agree as well - many will be running a webserver / reverse proxy already. This adds unnecessary complexity and significant uneeded latency to initial connection...
I would also vote for removing LetsEncrypt from the container image and handle this with another service/container. I deploy Seafile on Kubernetes, using Ingress NGINX and Cert-Manager.
...also it is against docker principles to have mutiple services inside one container ;-) I would keep it as part of the docker-compose file but not inside the actual seafile container...
Agree as well, would make for a cleaner and better maintainable docker, please have it added to the docker compose file and removed from the seafile container.
for now, how to run Seafile using nginx proxy manager + pihole ? since sertificate handled by npm, not seafile's nginx
I agree. My Seafile instance is deployed on a personal dedicated Web server, and I too connect the seafile-mc container to external (host-level) instances of nginx and certbot (LetsEncrypt) software.
To tell the truth, I tried but was never able to make Seafile work using the in-container certificate-generating logic (acme.sh and stuff). Yet I thoroughly followed the provided tutorials.
So what I did is:
- Create host-level Nginx configuration file for myseafileinstance.mydomain.com.
- Generate LetsEncrypt certificates by running a host-level Certbot instance.
- Symlink the certificates to Seafile container's shared volume with the filenames expected by the Seafile container logic.
- Repeat steps 2 and 3 once in a quarter.
Nginx cannot be stripped from the seafile docker yet, the difficulty lies in how to proxy static files. If you want to use a reverse proxy on the host, you can think of the seafile docker as a service.
Modify the docker-compose.yml file:
ports:
- "8800:80"
# - "80:80"
# - "443:443"
environment:
- SEAFILE_SERVER_LETSENCRYPT=false
- Set the
SEAFILE_SERVER_LETSENCRYPTas false - Map port 80 in the container to port 8800 of the host (Port 8800 can be modified at will)
Modify the https in the conf/seahub_settings.py file:
SERVICE_URL = "https://example.seafile.com/"
FILE_SERVER_ROOT = "https://example.seafile.com/seafhttp"
Modify your reverse proxy config on the host:
server_name example.seafile.com;
location / {
proxy_pass http://127.0.0.1:8800/;
}
Finally restart the seafile docker and reload your reverse proxy.
