Closed Oschly closed 4 years ago
Okay, so I've found that I need additional nginx-proxy to stop that behavior, but there is a problem. After setup, I am getting that error in nginx's default.conf:
Cannot connect to network of this container
.
And here is that default.conf:
# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
default $http_x_forwarded_proto;
'' $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
default $http_x_forwarded_port;
'' $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
default upgrade;
'' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
default off;
https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers '[I shouldn't show that]';
ssl_prefer_server_ciphers off;
resolver 127.0.0.11;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 80;
access_log /var/log/nginx/access.log vhost;
return 503;
}
server {
server_name _; # This is just an invalid value which will never trigger on a real hostname.
listen 443 ssl http2;
access_log /var/log/nginx/access.log vhost;
return 503;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/default.crt;
ssl_certificate_key /etc/nginx/certs/default.key;
}
# seafile.domain.example
upstream seafile.domain.example {
# Cannot connect to network of this container
server 127.0.0.1 down;
# Cannot connect to network of this container
server 127.0.0.1 down;
}
server {
server_name seafile.domain.example;
listen 80 ;
access_log /var/log/nginx/access.log vhost;
return 301 https://$host$request_uri;
}
server {
server_name seafile.domain.example;
listen 443 ssl http2 ;
access_log /var/log/nginx/access.log vhost;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_certificate /etc/nginx/certs/seafile.domain.example.crt;
ssl_certificate_key /etc/nginx/certs/seafile.domain.example.key;
ssl_dhparam /etc/nginx/certs/seafile.domain.example.dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/certs/seafile.domain.example.chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
include /etc/nginx/vhost.d/default;
location / {
proxy_pass http://seafile.domain.example;
}
}
My nginx-proxy compose:
version: "3"
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: nginx-proxy-le
depends_on:
- nginx-proxy
environment:
NGINX_PROXY_CONTAINER: nginx-proxy
volumes:
- conf:/etc/nginx/conf.d
- vhost:/etc/nginx/vhost.d
- html:/usr/share/nginx/html
- certs:/etc/nginx/certs
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes:
conf:
vhost:
html:
certs:
networks:
default:
external:
name: nginx-proxy
My seafile compose:
version: '2.0'
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=psswd # Requested, set the root's password of MySQL service.
- MYSQL_LOG_CONSOLE=true
volumes:
- /mnt/Data/Seafile/DB:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store.
networks:
- seafile-net
memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net
elasticsearch:
image: seafileltd/elasticsearch-with-ik:5.6.16
container_name: seafile-elasticsearch
environment:
- discovery.type=single-node
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1g -Xmx1g"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 2g
volumes:
- /path # Requested, specifies the path to Elasticsearch data persistent store.
networks:
- seafile-net
seafile:
image: docker.seadrive.org/seafileltd/seafile-pro-mc:latest
container_name: seafile
volumes:
- /path:/shared
expose:
- 1000
- 1001
ports:
- "1000:80"
- "1001:1001"
environment:
- VIRTUAL_HOST=seafile.domain.example
- VIRTUAL_PORT=1000
- LETSENCRYPT_HOST=seafile.domain.example
- LETSENCRYPT_EMAIL=mymail
- DB_HOST=db
- DB_ROOT_PASSWD=psswd # Requested, the value shuold be root's password of MySQL service.
# - TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone.
- SEAFILE_ADMIN_EMAIL=mymail # Specifies Seafile admin user, default is 'me@example.com'
- SEAFILE_ADMIN_PASSWORD=psswd # Specifies Seafile admin password, default is 'asecret'
- SEAFILE_SERVER_HOSTNAME=seafile.domain.example
depends_on:
- db
- memcached
- elasticsearch
networks:
- seafile-net
networks:
seafile-net:
Of course before I added new network "nginx-proxy" and after using that composes, I connected all three (seafile, nginx-proxy, nginx-proxy-le) to that network.
Resolved it. I don't know how, but here is my changed docker-compose of seafile. I didn't enabled built-in webdav, instead I created new container with separated webdav (less work). Here is my docker-compose.yml of seafile:
version: '2.0'
services:
db:
image: mariadb:10.1
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=psswd
- MYSQL_LOG_CONSOLE=true
labels:
- traefik.enable=true # I don't know if it's required
volumes:
- /mnt/Data/Seafile/DB:/var/lib/mysql
networks:
- seafile-net
- web
memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
labels:
- traefik.enable=true # I don't know if it's required
networks:
- seafile-net
- web
elasticsearch:
image: seafileltd/elasticsearch-with-ik:5.6.16
container_name: seafile-elasticsearch
environment:
- discovery.type=single-node
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms1g -Xmx1g"
labels:
- traefik.enable=true # I don't know if it's required
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 2g
volumes:
- /mnt/Data/Seafile/Data:/usr/share/elasticsearch/data
networks:
- seafile-net
- web
seafile:
image: docker.seadrive.org/seafileltd/seafile-pro-mc:latest
container_name: seafile
restart: unless-stopped
volumes:
- /mnt/Data/Seafile/seafile-data:/shared
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=psswd
- SEAFILE_ADMIN_EMAIL=mail
- SEAFILE_ADMIN_PASSWORD=psswd
- SEAFILE_SERVER_HOSTNAME=seafile.domain.my
labels:
- traefik.enable=true
- traefik.docker.network=web
- traefik.frontend.rule=Host:seafile.domain.my
- traefik.port=80
- traefik.backend=seafile
depends_on:
- db
- memcached
- elasticsearch
networks:
- seafile-net
- web
networks:
seafile-net:
external: false
web:
external:
name: web
Regards!
Hello!
I have a problem with seafile-docker installed on my Ubuntu VPS. I have some domain (I'll use domain.name in that case) and my subdomain for seafile is seafile.domain.name. The problem is that every other subdomain and main domain (domain.name) after trying to connect it redirects me to seafile.domain.name. I don't have any additional nginx-proxy installed by myself. My docker-compose:
And seafile's container's nginx.conf is:
Thanks for any help!