seafile-containerized/templates/seafile.nginx.conf.template

# -*- mode: nginx -*-
# Auto generated at {{ current_timestr }}
{% if https -%}
server {
    listen 80;
    server_name _ default_server;
    rewrite ^ https://{{ domain }}$request_uri? permanent;
}
{% endif -%}

server {
{% if https -%}
    listen 443;
    ssl on;
    ssl_certificate      /shared/ssl/{{ domain }}.crt;
    ssl_certificate_key  /shared/ssl/{{ domain }}.key;

    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

    # TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
    # ssl_session_tickets on;
    # ssl_session_ticket_key /etc/nginx/sessionticket.key;
    # ssl_session_cache shared:SSL:10m;
    # ssl_session_timeout 10m;
{% else -%}
    listen 80;
{% endif -%}

    server_name {{ domain }};

    client_max_body_size 10m;

    location / {
        proxy_pass http://127.0.0.1:8000/;
        proxy_read_timeout 310s;
        proxy_set_header Host $host;
        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_http_version 1.1;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
    }

    location /seafdav {
        client_max_body_size 0;
        fastcgi_pass    127.0.0.1:8080;
        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
        fastcgi_param   PATH_INFO           $fastcgi_script_name;

        fastcgi_param   SERVER_PROTOCOL     $server_protocol;
        fastcgi_param   QUERY_STRING        $query_string;
        fastcgi_param   REQUEST_METHOD      $request_method;
        fastcgi_param   CONTENT_TYPE        $content_type;
        fastcgi_param   CONTENT_LENGTH      $content_length;
        fastcgi_param   SERVER_ADDR         $server_addr;
        fastcgi_param   SERVER_PORT         $server_port;
        fastcgi_param   SERVER_NAME         $server_name;

        access_log      /var/log/nginx/seafdav.access.log;
        error_log       /var/log/nginx/seafdav.error.log;
    }

    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }

    # For letsencrypt
    location /.well-known/acme-challenge/ {
        alias /var/www/challenges/;
        try_files $uri =404;
    }
}
Re-organize the build/start phases. - ./launcher bootstrap => init seafile server data & letsencrypt, then build a local image based on seafileorg/server:<version> - ./launcher start => start a container using the local image 2016-11-15 08:59:02 +00:00			`# -- mode: nginx --`
			`# Auto generated at {{ current_timestr }}`
Support https with letsencrypt. TODO: add a cron job to renew the certs 2016-11-15 04:11:58 +00:00			`{% if https -%}`
Added nginx for serving http. 2016-11-12 07:15:26 +00:00			`server {`
			`listen 80;`
			`server_name _ default_server;`
Support https with letsencrypt. TODO: add a cron job to renew the certs 2016-11-15 04:11:58 +00:00			`rewrite ^ https://{{ domain }}$request_uri? permanent;`
			`}`
			`{% endif -%}`

			`server {`
			`{% if https -%}`
			`listen 443;`
			`ssl on;`
			`ssl_certificate /shared/ssl/{{ domain }}.crt;`
			`ssl_certificate_key /shared/ssl/{{ domain }}.key;`

			`ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;`

			`# TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam`
			`# ssl_session_tickets on;`
			`# ssl_session_ticket_key /etc/nginx/sessionticket.key;`
			`# ssl_session_cache shared:SSL:10m;`
			`# ssl_session_timeout 10m;`
			`{% else -%}`
			`listen 80;`
			`{% endif -%}`

			`server_name {{ domain }};`
Added nginx for serving http. 2016-11-12 07:15:26 +00:00
			`client_max_body_size 10m;`

			`location / {`
			`proxy_pass http://127.0.0.1:8000/;`
			`proxy_read_timeout 310s;`
			`proxy_set_header Host $host;`
			`proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";`
			`proxy_set_header X-Forwarded-For $remote_addr;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header Connection "";`
			`proxy_http_version 1.1;`
			`}`

			`location /seafhttp {`
			`rewrite ^/seafhttp(.*)$ $1 break;`
			`proxy_pass http://127.0.0.1:8082;`
			`client_max_body_size 0;`
			`proxy_connect_timeout 36000s;`
			`proxy_read_timeout 36000s;`
			`}`

			`location /seafdav {`
			`client_max_body_size 0;`
			`fastcgi_pass 127.0.0.1:8080;`
			`fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;`
			`fastcgi_param PATH_INFO $fastcgi_script_name;`

			`fastcgi_param SERVER_PROTOCOL $server_protocol;`
			`fastcgi_param QUERY_STRING $query_string;`
			`fastcgi_param REQUEST_METHOD $request_method;`
			`fastcgi_param CONTENT_TYPE $content_type;`
			`fastcgi_param CONTENT_LENGTH $content_length;`
			`fastcgi_param SERVER_ADDR $server_addr;`
			`fastcgi_param SERVER_PORT $server_port;`
			`fastcgi_param SERVER_NAME $server_name;`

			`access_log /var/log/nginx/seafdav.access.log;`
			`error_log /var/log/nginx/seafdav.error.log;`
			`}`

			`location /media {`
			`root /opt/seafile/seafile-server-latest/seahub;`
			`}`
Support https with letsencrypt. TODO: add a cron job to renew the certs 2016-11-15 04:11:58 +00:00
			`# For letsencrypt`
			`location /.well-known/acme-challenge/ {`
			`alias /var/www/challenges/;`
			`try_files $uri =404;`
			`}`
Added nginx for serving http. 2016-11-12 07:15:26 +00:00			`}`