-
Notifications
You must be signed in to change notification settings - Fork 186
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nginx looks for certification at wrong path #321
Comments
Normally there is no need for a hacky solution:
docker exec -it seafile /bin/bash (To log out from the (To avoid having to run Docker as root, run
# check version
/scripts/acme.sh/acme.sh --version
/scripts/acme.sh/acme.sh --upgrade
ln -s /root/.acme.sh/acme.sh /scripts/acme.sh/acme.sh
# check version again
/scripts/acme.sh/acme.sh --version
curl https://raw.githubusercontent.com/kirisakow/seafile-docker/patch-1/scripts_9.0/ssl.sh | tee /scripts/ssl.sh
/scripts/ssl.sh "/shared/ssl/" "your.seafile.domain.com"
sudo nginx -t && sudo systemctl restart nginx.service |
Also, you may need to use this oneliner to monitor all Seafile logs (run from outside the container): sudo tail -f $(find /opt/seafile-data/ -type f -name *.log 2>/dev/null) |
Thank you Kirisakow, What I did is use your ssl.sh I ran the docker-compose up -d I then added the following to my seafile.nginx.conf file ( Just place your real domain in my.domain.tld )
Saved everything down and up the docker-compose and I had SSL installed and working. What a 3 week mission this was. |
Here is mine: server {
listen 80;
listen [::]:80 http2 ipv6only=on;
server_name seafile.mydomain.com;
client_max_body_size 0;
location / {
proxy_pass http://localhost:81;
}
}
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name seafile.mydomain.com;
client_max_body_size 0;
location / {
proxy_pass https://localhost:442;
}
ssl_certificate /opt/seafile-data/ssl/seafile.mydomain.com.crt;
ssl_certificate_key /opt/seafile-data/ssl/seafile.mydomain.com.key;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
} |
In case the aforementioned technique fails, you can instead generate a certificate outside of the Seafile container, by the host (ie without the Seafile built-in mechanics):
sudo certbot \
--nginx \
--agree-tos \
--email "[email protected]" \
-d seafile.your-domain.com
# symlink the certificate:
sudo ln -sf /etc/letsencrypt/archive/seafile.your-domain.com/fullchain1.pem /opt/seafile-data/ssl/seafile.your-domain.com.crt
# symlink the private key:
sudo ln -sf /etc/letsencrypt/archive/seafile.your-domain.com/privkey1.pem /opt/seafile-data/ssl/seafile.your-domain.com.key Then proceed with the regular aforementioned steps:
Finally,
Hope this helps! |
Summary
Certification location at nginx configuration does not match certification location received.
This could be fixed by pointing to right location in nginx file.
/shared/ssl/example.com/fullchain.cer
/shared/ssl/example.com.crt
/shared/ssl/example.com/example.com.key
/shared/ssl/example.com.key
Detailed explanation of problem
On fresh installation, certification is created at
/shared/ssl/domain.com/
folder. See logs:It then starts failing when it loads nginx, the web UI becomes inaccessible. The logs look as following:
My temporary workaround
I share this for others that are looking for a solution before a patch is released.
sudo docker exec -it seafile /bin/bash
The text was updated successfully, but these errors were encountered: