search

haiwen / seafile-docker

A Docker image for Seafile server
Other
544 stars 183 forks source link

Strip Nginx from seafileltd/seafile-mc #200

Closed kenayagi closed 3 months ago

kenayagi commented 4 years ago

IMHO the image should not contain the Nginx service. It should be eventually defined with an extra service on docker-compose.yml or removed entirely.

For example, similar result could be obtained without Nginx, adopting Traefik 1.7 and adding the following labels to seafile service:

seafile:
  [...]
  labels:
      - "traefik.seahub.frontend.rule=Host:box.seafile.tld"
      - "traefik.seahub.frontend.redirect.entryPoint=https"
      - "traefik.seahub.port=8000"
      - "traefik.seafdav.frontend.rule=Host:box.seafile.tld;PathPrefixStrip:/seafdav"
      - "traefik.seafdav.frontend.redirect.entryPoint=https"
      - "traefik.seafdav.port=8080"
      - "traefik.seafhttp.frontend.rule=Host:box.seafile.tld;PathPrefixStrip:/seafhttp"
      - "traefik.seafhttp.frontend.redirect.entryPoint=https"
      - "traefik.seafhttp.port=8082"

This way the image would be cleaner and more flexible.

anLizard commented 4 years ago

Agreed. I would like to proxy seafile through my own, already configured caddy instance. No need for nginx in the image whatsoever for me

somebody-somewhere-over-the-rainbow commented 3 years ago

Agree as well - many will be running a webserver / reverse proxy already. This adds unnecessary complexity and significant uneeded latency to initial connection...

300481 commented 3 years ago

I would also vote for removing LetsEncrypt from the container image and handle this with another service/container. I deploy Seafile on Kubernetes, using Ingress NGINX and Cert-Manager.

somebody-somewhere-over-the-rainbow commented 3 years ago

...also it is against docker principles to have mutiple services inside one container ;-) I would keep it as part of the docker-compose file but not inside the actual seafile container...

bhendrik commented 2 years ago

Agree as well, would make for a cleaner and better maintainable docker, please have it added to the docker compose file and removed from the seafile container.

dimitriverhelst commented 1 year ago

+1

muava12 commented 11 months ago

for now, how to run Seafile using nginx proxy manager + pihole ? since sertificate handled by npm, not seafile's nginx

TshineZheng commented 7 months ago

+1

kirisakow commented 7 months ago

I agree. My Seafile instance is deployed on a personal dedicated Web server, and I too connect the seafile-mc container to external (host-level) instances of nginx and certbot (LetsEncrypt) software.

To tell the truth, I tried but was never able to make Seafile work using the in-container certificate-generating logic (acme.sh and stuff). Yet I thoroughly followed the provided tutorials.

So what I did is:

  1. Create host-level Nginx configuration file for myseafileinstance.mydomain.com.
  2. Generate LetsEncrypt certificates by running a host-level Certbot instance.
  3. Symlink the certificates to Seafile container's shared volume with the filenames expected by the Seafile container logic.
  4. Repeat steps 2 and 3 once in a quarter.
SkywalkerSpace commented 7 months ago

Nginx cannot be stripped from the seafile docker yet, the difficulty lies in how to proxy static files. If you want to use a reverse proxy on the host, you can think of the seafile docker as a service.

Modify the docker-compose.yml file:

    ports:
      - "8800:80"
      # - "80:80"
      # - "443:443"
    environment:
      - SEAFILE_SERVER_LETSENCRYPT=false

Modify the https in the conf/seahub_settings.py file:

SERVICE_URL = "https://example.seafile.com/"
FILE_SERVER_ROOT = "https://example.seafile.com/seafhttp"

Modify your reverse proxy config on the host:

    server_name example.seafile.com;
    location / {
        proxy_pass http://127.0.0.1:8800/;
    }

Finally restart the seafile docker and reload your reverse proxy.