【Seafile 13社区版】记录非443端口的升级配置修改

经验分享
1

基础版本:Seafile 12

背景描述:

近期发现Seafile 13版本已经发布,很多组件的镜像都有大版本升级。趁着周末空闲,着手升级Seafile系统。根据官方手册,下载了全套的配置文件:

# Seafile CE 13.0
wget -O .env https://manual.seafile.com/13.0/repo/docker/ce/env
wget https://manual.seafile.com/13.0/repo/docker/ce/seafile-server.yml
wget https://manual.seafile.com/13.0/repo/docker/seadoc.yml
wget https://manual.seafile.com/13.0/repo/docker/caddy.yml
wget https://manual.seafile.com/13.0/repo/docker/notification-server.yml

并参考已有的Seafile 12的`.env`文件修改了对应的配置,服务启动后,发现按照原配置访问失败,问题:访问原系统域名 https://50v50.com:8888/ ,页面提示错误“ERR_SSL_PROTOCOL_ERROR”

经过一番排查和折腾,最终解决了这一问题,在此进行记录分享,希望能帮到其他朋友。

问题定位:

通过下面命令,可以发现实际问题出在caddy服务器的SSL证书获取上。

docker logs --tail=30 seafile-caddy

由于我是家庭宽带,无标准的80/443端口,从而导致Caddy无法成功通过ACME脚本,向Let’s Encrypt自动申请证书,从而一直卡在这一步。部分日志如下:

{"level":"info","ts":1766886509.2833476,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"50v50.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory "}


{"level":"error","ts":1766886520.1943152,"logger":"http.acme_client","msg":"challenge failed","identifier":"50v50.com","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"114.246.181.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]}}


{"level":"error","ts":1766886520.194369,"logger":"http.acme_client","msg":"validating authorization","identifier":"50v50.com","problem":{"type":"urn:ietf:params:acme:error:connection","title":"","detail":"114.246.181.132: Timeout during connect (likely firewall problem)","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/253670173/29953729733 ","attempt":1,"max_attempts":3}

修改方法:

定位到问题,我的修改思路是使用外部已申请的证书,代替ACME证书申请。需要改动的内容如下:

  1. 申请外部证书,并上传到宿主机目录`/opt/ssl`

    image

  2. 修改.env环境变量:

# 域名根据自己情况调整
SEAFILE_SERVER_HOSTNAME=50v50.com:8888
SEAFILE_SERVER_PROTOCOL=https

# 末尾添加自定义的SSL证书环境
PHYSICAL_CERT_PATH=/opt/ssl
SSL_CERTIFICATE=fullchain.pem
SSL_CERTIFICATE_KEY=privkey.pem
  1. 修改`caddy.yml`
# 仅显示修改部分
   ports:
      - 8888:8888  # 原文 443:443 换成非标端口
    volumes:
      - ${PHYSICAL_CERT_PATH:-/ssl}:/ssl    # 增加SSL证书目录挂载
  1. 修改`seafile-server.yml`
# 在labels标签下,增加caddy.tls环境变量
labels:
      caddy.tls: "/ssl/fullchain.pem /ssl/privkey.pem"
  1. 重启容器
 docker compose up -d
  1. 检查日志:
docker logs -f seafile-caddy 2>&1 | grep -i -E "(ssl|tls|certificate)" | head -30

应可以看到这样的内容,且 没有任何 acme、letsencrypt、challenge 相关内容

"certificate":"/ssl/fullchain.pem","key":"/ssl/privkey.pem"

此时,可以访问URL验证是否成功。

以上是我的问题解决记录,目前Seafile 13社区版已恢复访问正常,升级成功。

1 个赞