Merge pull request #420 from haiwen/12.0_can_deploy_without_caddy

12.0 can deploy without caddy
haiwen · Dec 7, 2024 · d95ed19 · d95ed19
2 parents b384ef7 + ab3e5da
commit d95ed19
Show file tree

Hide file tree

Showing 2 changed files with 153 additions and 0 deletions.
diff --git a/manual/setup/use_other_reverse_proxy.md b/manual/setup/use_other_reverse_proxy.md
@@ -0,0 +1,152 @@
+# Use other reverse proxy
+
+Since Seafile 12.0, all reverse proxy, HTTPS, etc. processing for **single-node deployment based on Docker** is handled by [caddy](./caddy.md). If you need to use other reverse proxy services, you can refer to this document to modify the relevant configuration files.
+
+## Services that require reverse proxy
+
+Before making changes to the configuration files, you **have to** know the services used by Seafile and related components (***Table 1*** therafter).
+
+!!! tip
+    The services shown in the table below are **all based on the single-node integrated deployment** in accordance with the Seafile official documentation. 
+
+    If these services are **deployed in standalone mode** (such as *seadoc* and *notification-server*), or **deployed in the official documentation** of third-party plugins (such as *onlyoffice* and *collabora*), **you can skip modifying the configuration files of these services** (because Caddy is not used as a reverse proxy for such deployment approaches).
+
+    If you have not integrated some services, please choose ***Standalone*** or ***Refer to the official documentation of third-party plugins*** to install them when you need these services
+
+| YML | Service | Suggest exposed port | Service listen port | Require WebSocket |
+| --- | --- | --- | --- | --- |
+| `seafile-server.yml` | *seafile* | 80 | 80 | No |
+| `seadoc.yml` | *seadoc* | 8888 | 80 | Yes |
+| `notification-server.yml` | *notification-server* | 8083 | 8083 | Yes |
+| `collabora.yml` | *collabora* | 6232 | 9980 | No |
+| `onlyoffice.yml` | *onlyoffice* | 6233 | 80 | No |
+
+## Modify YML files
+
+1. Refer to ***Table 1*** for the related service exposed ports. Add section `ports` for corresponding services
+
+    ```yml
+    services:
+        <the service need to be modified>:
+            ...
+            ports:
+                - "<Suggest exposed port>:<Service listen port>"
+    ```
+
+2. Delete all fields related to Caddy reverse proxy (in `label` section)
+
+    !!! tip
+        Some `.yml` files (e.g., `onlyoffice.yml`) also have port-exposing information with Caddy in the top of the file, which also needs to be removed.
+
+We take `seafile-server.yml` for example (Pro edition):
+
+```yml
+services:
+    # ... other services
+
+    seafile:
+    image: ${SEAFILE_IMAGE:-seafileltd/seafile-pro-mc:12.0-latest}
+    container_name: seafile
+    ports:
+       - "80:80"
+    volumes:
+      - ${SEAFILE_VOLUME:-/opt/seafile-data}:/shared
+    environment:
+      - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
+      - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
+      - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
+      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
+      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
+      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
+      - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db}
+      - TIME_ZONE=${TIME_ZONE:-Etc/UTC}
+      - INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:[email protected]}
+      - INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret}
+      - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
+      - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http}
+      - SITE_ROOT=${SITE_ROOT:-/}
+      - NON_ROOT=${NON_ROOT:-false}
+      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
+      - ENABLE_SEADOC=${ENABLE_SEADOC:-false}
+      - SEADOC_SERVER_URL=${SEADOC_SERVER_URL:-http://example.example.com/sdoc-server}
+      - INIT_S3_STORAGE_BACKEND_CONFIG=${INIT_S3_STORAGE_BACKEND_CONFIG:-false}
+      - INIT_S3_COMMIT_BUCKET=${INIT_S3_COMMIT_BUCKET:-}
+      - INIT_S3_FS_BUCKET=${INIT_S3_FS_BUCKET:-}
+      - INIT_S3_BLOCK_BUCKET=${INIT_S3_BLOCK_BUCKET:-}
+      - INIT_S3_KEY_ID=${INIT_S3_KEY_ID:-}
+      - INIT_S3_SECRET_KEY=${INIT_S3_SECRET_KEY:-}
+      - INIT_S3_USE_V4_SIGNATURE=${INIT_S3_USE_V4_SIGNATURE:-true}
+      - INIT_S3_AWS_REGION=${INIT_S3_AWS_REGION:-us-east-1}
+      - INIT_S3_HOST=${INIT_S3_HOST:-us-east-1}
+      - INIT_S3_USE_HTTPS=${INIT_S3_USE_HTTPS:-true}
+    # please remove the label section
+    depends_on:
+      - db
+      - memcached
+      - elasticsearch
+    networks:
+      - seafile-net
+
+# ... other options
+```
+
+## Add reverse proxy for related services
+
+Modify `nginx.conf` and add reverse proxy for services ***seafile*** and ***seadoc***:
+
+!!! note
+    If your proxy server's host is not the same as the host the Seafile deployed to, please **replase `127.0.0.1` to your Seafile server's host**
+
+=== "seafile"
+    ```conf
+    location / {
+        proxy_pass http://127.0.0.1:80;
+        proxy_read_timeout 310s;
+        proxy_set_header Host $host;
+        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Connection "";
+        proxy_http_version 1.1;
+
+        client_max_body_size 0;
+    }
+    ```
+
+=== "seadoc"
+    ```conf
+    location /sdoc-server/ {
+        proxy_pass         http://127.0.0.1:8888/;
+        proxy_redirect     off;
+        proxy_set_header   Host              $host;
+        proxy_set_header   X-Real-IP         $remote_addr;
+        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Host  $server_name;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+
+        client_max_body_size 100m;
+    }
+
+    location /socket.io {
+        proxy_pass http://127.0.0.1:8888/;
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection 'upgrade';
+        proxy_redirect off;
+
+        proxy_buffers 8 32k;
+        proxy_buffer_size 64k;
+
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-NginX-Proxy true;
+    }
+    ```
+
+## Restart nginx
+
+```sh
+nginx restart
+```
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -96,6 +96,7 @@ nav:
         - Data migration: setup/migrate_backends_data.md
       - Seafile Docker autostart: setup/seafile_docker_autostart.md
       - Deploy with an existing MySQL server: setup/setup_with_an_existing_mysql_server.md
+      - Use other reverse proxy: setup/use_other_reverse_proxy.md
       - Run Seafile as non root user inside docker: setup/run_seafile_as_non_root_user_inside_docker.md
     - Cluster installation (Pro):
       - Seafile Docker Cluster Deployment: setup/cluster_deploy_with_docker.md