search

haiwen / seafile-docker

A Docker image for Seafile server
Other
544 stars 184 forks source link

All of my domains are redirected to seafile's subdomain. #190

Closed Oschly closed 4 years ago

Oschly commented 4 years ago

Hello!

I have a problem with seafile-docker installed on my Ubuntu VPS. I have some domain (I'll use domain.name in that case) and my subdomain for seafile is seafile.domain.name. The problem is that every other subdomain and main domain (domain.name) after trying to connect it redirects me to seafile.domain.name. I don't have any additional nginx-proxy installed by myself. My docker-compose:

version: '2.0'
services:
  db:
    image: mariadb:10.1
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=psswd  # Requested, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /DB:/var/lib/mysql  # Requested, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net

  memcached:
    image: memcached:1.5.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net

  elasticsearch:
    image: seafileltd/elasticsearch-with-ik:5.6.16
    container_name: seafile-elasticsearch
    environment:
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 2g
    volumes:
      - /Data:/usr/share/elasticsearch/data  # Requested, specifies the path to Elasticsearch data persistent store.
    networks:
      - seafile-net

  seafile:
    image: docker.seadrive.org/seafileltd/seafile-pro-mc:latest
    container_name: seafile
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /seafile-data:/shared
    environment:
      - DB_HOST=upd
      - DB_ROOT_PASSWD=psswd  # Requested, the value shuold be root's password of MySQL service.
      - SEAFILE_ADMIN_EMAIL=mail # Specifies Seafile admin user, default is 'me@example.com'
      - SEAFILE_ADMIN_PASSWORD=psswd     # Specifies Seafile admin password, default is 'asecret'
      - SEAFILE_SERVER_LETSENCRYPT=true   # Whether to use https or not
      - SEAFILE_SERVER_HOSTNAME=seafile.domain.name # Specifies your host name if https is enabled
    depends_on:
      - db
      - memcached
      - elasticsearch
    networks:
      - seafile-net

networks:
  seafile-net:

And seafile's container's nginx.conf is:

daemon off;
user www-data;
worker_processes auto;

events {
    worker_connections 768;
}

http {
    include /etc/nginx/mime.types;
    server_names_hash_bucket_size 256;
    server_names_hash_max_size 1024;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';

    access_log /var/log/nginx/access.log seafileformat;
    error_log /var/log/nginx/error.log info;

    gzip on;
    gzip_types  text/plain text/css application/javascript application/json text/javascript;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

    server {
        listen 80;
        location / {
            return 444;
        }
    }
}

Thanks for any help!

Oschly commented 4 years ago

Okay, so I've found that I need additional nginx-proxy to stop that behavior, but there is a problem. After setup, I am getting that error in nginx's default.conf: Cannot connect to network of this container.

And here is that default.conf:

# If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the
# scheme used to connect to this server
map $http_x_forwarded_proto $proxy_x_forwarded_proto {
  default $http_x_forwarded_proto;
  ''      $scheme;
}
# If we receive X-Forwarded-Port, pass it through; otherwise, pass along the
# server port the client connected to
map $http_x_forwarded_port $proxy_x_forwarded_port {
  default $http_x_forwarded_port;
  ''      $server_port;
}
# If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any
# Connection header that may have been passed to this server
map $http_upgrade $proxy_connection {
  default upgrade;
  '' close;
}
# Apply fix for very long server names
server_names_hash_bucket_size 128;
# Default dhparam
ssl_dhparam /etc/nginx/dhparam/dhparam.pem;
# Set appropriate X-Forwarded-Ssl header
map $scheme $proxy_x_forwarded_ssl {
  default off;
  https on;
}
gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
log_format vhost '$host $remote_addr - $remote_user [$time_local] '
                 '"$request" $status $body_bytes_sent '
                 '"$http_referer" "$http_user_agent"';
access_log off;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers '[I shouldn't show that]';
        ssl_prefer_server_ciphers off;
resolver 127.0.0.11;
# HTTP 1.1 support
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto;
proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port;
# Mitigate httpoxy attack (see README for details)
proxy_set_header Proxy "";
server {
    server_name _; # This is just an invalid value which will never trigger on a real hostname.
    listen 80;
    access_log /var/log/nginx/access.log vhost;
    return 503;
}
server {
    server_name _; # This is just an invalid value which will never trigger on a real hostname.
    listen 443 ssl http2;
    access_log /var/log/nginx/access.log vhost;
    return 503;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/default.crt;
    ssl_certificate_key /etc/nginx/certs/default.key;
}
# seafile.domain.example
upstream seafile.domain.example {
                # Cannot connect to network of this container
                server 127.0.0.1 down;
                # Cannot connect to network of this container
                server 127.0.0.1 down;
}
server {
    server_name seafile.domain.example;
    listen 80 ;
    access_log /var/log/nginx/access.log vhost;
    return 301 https://$host$request_uri;
}
server {
    server_name seafile.domain.example;
    listen 443 ssl http2 ;
    access_log /var/log/nginx/access.log vhost;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_certificate /etc/nginx/certs/seafile.domain.example.crt;
    ssl_certificate_key /etc/nginx/certs/seafile.domain.example.key;
    ssl_dhparam /etc/nginx/certs/seafile.domain.example.dhparam.pem;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/nginx/certs/seafile.domain.example.chain.pem;
    add_header Strict-Transport-Security "max-age=31536000" always;
    include /etc/nginx/vhost.d/default;
    location / {
        proxy_pass http://seafile.domain.example;
    }
}

My nginx-proxy compose:

version: "3"
services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy=true"

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: nginx-proxy-le
    depends_on:
            - nginx-proxy
    environment:
      NGINX_PROXY_CONTAINER: nginx-proxy
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - certs:/etc/nginx/certs
      - /var/run/docker.sock:/var/run/docker.sock:ro

volumes:
  conf:
  vhost:
  html:
  certs:

networks:
  default:
    external:
      name: nginx-proxy

My seafile compose:

version: '2.0'
services:
  db:
    image: mariadb:10.1
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=psswd  # Requested, set the root's password of MySQL service.
      - MYSQL_LOG_CONSOLE=true
    volumes:
      - /mnt/Data/Seafile/DB:/var/lib/mysql  # Requested, specifies the path to MySQL data persistent store.
    networks:
      - seafile-net

  memcached:
    image: memcached:1.5.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - seafile-net

  elasticsearch:
    image: seafileltd/elasticsearch-with-ik:5.6.16
    container_name: seafile-elasticsearch
    environment:
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 2g
    volumes:
      - /path  # Requested, specifies the path to Elasticsearch data persistent store.
    networks:
      - seafile-net

  seafile:
    image: docker.seadrive.org/seafileltd/seafile-pro-mc:latest
    container_name: seafile
    volumes:
      - /path:/shared
    expose:
      - 1000
      - 1001
    ports:
      - "1000:80"
      - "1001:1001"
    environment:
      - VIRTUAL_HOST=seafile.domain.example
      - VIRTUAL_PORT=1000
      - LETSENCRYPT_HOST=seafile.domain.example
      - LETSENCRYPT_EMAIL=mymail
      - DB_HOST=db
      - DB_ROOT_PASSWD=psswd  # Requested, the value shuold be root's password of MySQL service.
#      - TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone.
      - SEAFILE_ADMIN_EMAIL=mymail # Specifies Seafile admin user, default is 'me@example.com'
      - SEAFILE_ADMIN_PASSWORD=psswd     # Specifies Seafile admin password, default is 'asecret'
      - SEAFILE_SERVER_HOSTNAME=seafile.domain.example
    depends_on:
      - db
      - memcached
      - elasticsearch
    networks:
      - seafile-net

networks:
  seafile-net:

Of course before I added new network "nginx-proxy" and after using that composes, I connected all three (seafile, nginx-proxy, nginx-proxy-le) to that network.

Oschly commented 4 years ago

Resolved it. I don't know how, but here is my changed docker-compose of seafile. I didn't enabled built-in webdav, instead I created new container with separated webdav (less work). Here is my docker-compose.yml of seafile:

version: '2.0'
services:
  db:
    image: mariadb:10.1
    container_name: seafile-mysql
    environment:
      - MYSQL_ROOT_PASSWORD=psswd
      - MYSQL_LOG_CONSOLE=true
    labels:
            - traefik.enable=true # I don't know if it's required
    volumes:
      - /mnt/Data/Seafile/DB:/var/lib/mysql
    networks:
      - seafile-net
      - web

  memcached:
    image: memcached:1.5.6
    container_name: seafile-memcached
    entrypoint: memcached -m 256
    labels:
            - traefik.enable=true # I don't know if it's required
    networks:
      - seafile-net
      - web

  elasticsearch:
    image: seafileltd/elasticsearch-with-ik:5.6.16
    container_name: seafile-elasticsearch
    environment:
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
    labels:
            - traefik.enable=true # I don't know if it's required
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 2g
    volumes:
      - /mnt/Data/Seafile/Data:/usr/share/elasticsearch/data
    networks:
      - seafile-net
      - web

  seafile:
    image: docker.seadrive.org/seafileltd/seafile-pro-mc:latest
    container_name: seafile
    restart: unless-stopped
    volumes:
      - /mnt/Data/Seafile/seafile-data:/shared
    environment:
      - DB_HOST=db
      - DB_ROOT_PASSWD=psswd
      - SEAFILE_ADMIN_EMAIL=mail
      - SEAFILE_ADMIN_PASSWORD=psswd
      - SEAFILE_SERVER_HOSTNAME=seafile.domain.my
    labels:
            - traefik.enable=true
            - traefik.docker.network=web
            - traefik.frontend.rule=Host:seafile.domain.my
            - traefik.port=80
            - traefik.backend=seafile

    depends_on:
      - db
      - memcached
      - elasticsearch
    networks:
      - seafile-net
      - web

networks:
  seafile-net:
          external: false
  web:
          external:
                  name: web

Regards!