I’m trying to deploy HAProxy in our environment to manage certs. I’ve tested against a couple of different servers that are working, but Mayan is not. I’m getting a 404 error. We’re thinking it has something to do with Traefik, but not sure how to proceed with troubleshooting. Any help is appreciated.
sudo apt install nginx
sudo nano /yourpathtomayan/mayan-edms/docker/.env
MAYAN_FRONTEND_HTTP_PORT=8080
docker compose down && docker compose up --detach
sudo nano /etc/nginx/conf.d/mayan.conf
server {
listen 80 ;
server_name mayanedms.yourdomain.com;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2 ;
server_name mayanedms.yourdomain.com;
access_log /var/log/nginx/mayanedms_access.log;
error_log /var/log/nginx/mayanedms_error.log;
# Increase to upload bigger documents
client_max_body_size 50M;
ssl_certificate /etc/ssl/yourdomain.com/star_yourdomain.com.pem;
ssl_certificate_key /etc/ssl/yourdomain.com/private.pem;
ssl_trusted_certificate /etc/ssl/yourdomain.com/fullchain.pem;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
# Increase if your doc uploads take more than 60 sec
proxy_read_timeout 60s;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass_header Set-Cookie;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto https;
}
}
su root
mkdir /etc/ssl/yourdomain.com
mv /yoursslpath/star_yourdomain.com.pem /etc/ssl/yourdomain.com/
mv /yoursslpath/private.pem /etc/ssl/yourdomain.com/
mv /yoursslpath/fullchain.pem /etc/ssl/yourdomain.com/
systemctl reload nginx
test https://mayanedms.yourdomain.com
2 Likes
Thank you for the response ajamali,
Dumb question, butI am not sure where to find these files:
star_yourdomain.com.pem
private.pem
fullchain.pem
I can’t remember a time when setting up Mayan that I set a directory path for said files. If there is a default location I could start looking at please let me know.
Thanks,
You’re welcome!
Regarding the SSL certificate files (star_yourdomain.com.pem, private.pem, and fullchain.pem), these are not part of Mayan EDMS itself but are SSL certificates you need to generate or acquire separately from a Certificate Authority like Let’s Encrypt, which is free.
What about Traefik? Do I need to purge it from the .env and .yml files?
I haven’t tried using Traefik in the .env file configuration. However, the steps outlined above are all you need to set up Nginx as a reverse proxy for a Mayan EDMS installation, while also enabling SSL/TLS encryption using your own SSL certificates.
For HA usage is best not to use Traefik but to forward the traffic directly to the Mayan EDMS containers. Make sure all your containers are using the same database, data storage, and services.
For certificate, do so in the HA or in a reverse proxy in front of the HA.
Lastly, unless you have a very big installation HA is not really needed. Traefiks built in HTTP distributor is quite capable when used in Docker. We have a staff of 45 users of Mayan EDMS and Traefik handles that very well.
If there are spikes (such as upcoming litigation or creating Amicus Briefs composed of large amount of documents) we scale our installation by just increasing the replica count of the frontend in Docker Compose. It is beautifully simple and effective.