Add example with https reverse proxy

[IllyaMoskvin]

Not sure if this is something that you'd like to include in your repo, but... Docker is new to me, so it took me about a day to figure out how to setup a reverse proxy with HTTPS on top of seafile-caddy. I figured I'd send this PR to serve as an example to other users who are in a similar situation.

If it's helpful for context, in my use-case, Seafile gets deployed all by itself to a single droplet in DigitalOcean. So it's essentially... single-tenant at the VM layer? I figure that's a common use-case for self-hosting hobbyists.

I know I'm just scratching the surface in terms of what Docker can do, but I'm glad to have your deployment configuration to simplify deployment and upgrades. Thank you for putting this together!

[ggogel]

Hey, thank you for your contribution. I have two suggestions for improvements. First, the reverse proxy should be in a separate stack, meaning in its own YAML file. Second, the proxy should not connect to seafile-net. It is a private network intended only for inter-communication between seafile services. You only want to connect seafile-caddy to the default bridge network. Then nginx-proxy will communicate with seafile-caddy via this network, while all other sealife services remain hidden.

[ggogel]

To clarify, the docker-compose.yml for nginx-proxy should look something like this:

version: '3.8'
services:
  nginx-proxy:
    container_name: nginx-proxy
    image: nginxproxy/nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - certs:/etc/nginx/certs
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/tmp/docker.sock:ro

  nginx-proxy-acme:
    image: nginxproxy/acme-companion
    volumes:
      - certs:/etc/nginx/certs
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - acme:/etc/acme.sh
    environment:
      - DEFAULT_EMAIL=me@example.com
      - NGINX_PROXY_CONTAINER=nginx-proxy
    depends_on:
      - nginx-proxy

volumes:
  certs:
  vhost:
  html:
  acme:

Then you deploy this with:

docker-compose -p nginx-proxy up -d

This will automatically create a bridge network with the name nginx-proxy_default ( or in general projectname_default).

In the docker-compose.yml you hook up this network with the external parameter and attach only seafile-caddy to it. You can actually omit expose for seafile-caddy, since port 80 is exposed by default through the Dockerfile.

[...]
seafile-caddy:
    image: ggogel/seafile-caddy:1.0.6
    networks:
      - seafile-net
      - nginx-proxy_default
[...]
networks:
    seafile-net:
        internal: true
    nginx-proxy_default:
        external: true
[...]

When you start containers just with docker run and do not specify any network parameter they will always connect to the default network called bridge. If you use docker-compose, each stack will get its own network by default, named projectname_default. I think this is something very important many docker beginners miss and admittedly is not explained very well in the Docker documentation.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.