Original link: https://hellodk.cn/post/1048
This article uses docker-compose to build seafile server (Server Version: 9.0.5 I am using at this time). The compose file is as follows, refer to the official https://docs.seafile.com/d/cb1d3f97106847abbf31/files/?p=/ docker/docker-compose.yml
version: '2.0' services: db: image: mariadb:10.5 container_name: seafile-mysql environment: - MYSQL_ROOT_PASSWORD=123456 # Requested, set the root's password of MySQL service. - MYSQL_LOG_CONSOLE=true volumes: - ./seafile-mysql/db:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store. networks: - seafile-net memcached: image: memcached:1.6 container_name: seafile-memcached entrypoint: memcached -m 256 networks: - seafile-net seafile: image: seafileltd/seafile-mc:latest container_name: seafile ports: - "8088:80" # - "443:443" # If https is enabled, cancel the comment. volumes: - ./seafile-data:/shared # Requested, specifies the path to Seafile data persistent store. environment: - DB_HOST=db - DB_ROOT_PASSWD=123456 # Requested, the value shuold be root's password of MySQL service. - TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone. - [email protected] # Specifies Seafile admin user, default is '[email protected]'. - SEAFILE_ADMIN_PASSWORD=123456 # Specifies Seafile admin password, default is 'asecret'. - SEAFILE_SERVER_LETSENCRYPT=false # Whether use letsencrypt to generate cert. - SEAFILE_SERVER_HOSTNAME=seafile.example.com # Specifies your host name. depends_on: - db - memcached networks: - seafile-net networks: seafile-net:
Pack a nginx on the VPS host to solve the TLS problem. The nginx configuration is as follows, and the certificate and domain name related configurations are modified by themselves
log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time'; server { listen 80; server_name seafile.example.com; rewrite ^ https://$http_host$request_uri? permanent; # Forced redirect from HTTP to HTTPS server_tokens off; } server { listen 443; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; server_name seafile.example.com; server_tokens off; # HSTS for protection against man-in-the-middle-attacks add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; # DH parameters for Diffie-Hellman key exchange #ssl_dhparam /etc/nginx/dhparam.pem; # Supported protocols and ciphers for general purpose server with good security and compatability with most clients ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers off; # Supported protocols and ciphers for server when clients > 5years (ie, Windows Explorer) must be supported #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; #ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA; #ssl_prefer_server_ciphers on; ssl_session_timeout 5m; #ssl_session_cache shared:SSL:5m; location / { proxy_pass http://127.0.0.1:8088; proxy_set_header Host $host:$server_port; #proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto https; access_log /var/log/nginx/seahub.access.log seafileformat; error_log /var/log/nginx/seahub.error.log; proxy_read_timeout 1200s; client_max_body_size 0; } }
I have been running like this for more than a month, and it has been working without errors, but there is a problem: the created folder cannot be renamed, and the created file cannot be renamed either. I looked at the background log today (log file: /opt/seafile/logs/seafdav.log in the /opt/seafile/logs/seafdav.log container) and found that it was
MOVE /webdav/test.md” dest=” https://xxx/seafdav/webdav/testabc.md “, length=0, depth=0, overwrite=F, elap=0.014sec -> 502 Bad Gateway
This is not a problem of unequal write permissions. In this way, it should be caused by improper configuration of nginx, and 502 bad gateway caused by incorrect configuration of http requests under nginx reverse proxy.
Finally found that the solution proposed by @eruditewriter under this answer solved my problem, thanks a lot! Please read this post for details: https://forum.seafile.com/t/seafdav-move-command-causing-502/11582/25
In the end, my solution was to find the nginx configuration file /shared/nginx/conf/seafile.nginx.conf in the container and add the following code to the outermost periphery of the server block
map $http_destination $nossl_destination { "~^https:(.+)$" $1; "~^http:(.+)$" $1; }
Add a line of configuration to the location /seafdav code block
proxy_set_header Destination "http:$nossl_destination";
Test renaming the file again after executing nginx -t , nginx -s reload in the container, it works!!!
look at the log
MOVE /webdav/test.md” dest=” http://xxx/seafdav/webdav/test-tt.md “, length=0, depth=0, overwrite=F, elap=0.035sec -> 204 No Content
204 No Content. problem solved.
This article is reprinted from: https://hellodk.cn/post/1048
This site is for inclusion only, and the copyright belongs to the original author.