Seafile

in Technique with 0 comment and 126 read

1 依赖

### 基本
apt update
apt install -y python3 python3-setuptools python3-pip python3-ldap libmysqlclient-dev python3-dev default-libmysqlclient-dev build-essential libmemcached-dev

###  python
pip3 install --timeout=3600 django==3.2.* future mysqlclient pymysql Pillow pylibmc \ 
captcha jinja2 sqlalchemy==1.4.3 psd-tools django-pylibmc django-simple-captcha pycryptodome==3.12.0 cffi==1.14.0

2 目录

mkdir /opt/seafile
cd /opt/seafile

3 用户

adduser seafile
chown -R seafile: /opt/seafile
su seafile

4 package

### 在 https://customer.seafile.com/ 下载
tar xf seafile-pro-server_9.0.5_x86-64_Ubuntu.tar.gz
### 此时的目录文件结构
tree -L 2 /opt/seafile
.
├── seafile-license.txt
└── seafile-pro-server-9.0.5
│   ├── check-db-type.py
│   ├── check_init_admin.py
│   ├── create-db
│   ├── index_op.py
│   ├── migrate.py
│   ├── migrate-repo.py
│   ├── migrate-repo.sh
│   ├── migrate.sh
│   ├── pro
│   ├── remove-objs.py
│   ├── remove-objs.sh
│   ├── reset-admin.sh
│   ├── run_index_master.sh
│   ├── run_index_worker.sh
│   ├── runtime
│   ├── seaf-backup-cmd.py
│   ├── seaf-backup-cmd.sh
│   ├── seaf-encrypt.sh
│   ├── seaf-fsck.sh
│   ├── seaf-fuse.sh
│   ├── seaf-gc.sh
│   ├── seaf-gen-key.sh
│   ├── seafile
│   ├── seafile-background-tasks.sh
│   ├── seafile.sh
│   ├── seaf-import.sh
│   ├── seahub
│   ├── seahub-extra
│   ├── seahub.sh
│   ├── setup-seafile-mysql.py
│   ├── setup-seafile-mysql.sh
│   ├── setup-seafile.sh
│   ├── sql
│   └── upgrade
└── seafile-pro-server_9.0.5_x86-64.tar.gz

5 数据库 (docker)

### docker-compose.yml

version: '2.0'
services:
  db:
    image: mariadb:10.5
    container_name: seafile-mysql
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=***
      - MYSQL_LOG_CONSOLE=true
      - MYSQL_PASSWORD=***
      - MYSQL_USER=seafile
    volumes:
      - ./db:/var/lib/mysql
    ports:
      - "3306:3306"
    networks:
      - seafile-net
networks:
  seafile-net:
### docker MySQL数据库权限问题
docker exec -it seafile-mysql bash

mysql -uroot -p***

grant all privileges on *.* to root@'%' identified by '***' with grant option;
flush privileges;
exit;

exit

6 setup

cd seafile-server-9.0.5
./setup-seafile-mysql.sh

### 选择 [1] Create new ccnet/seafile/seahub databases
### 目前的目录文件结构
tree -L 2 /opt/seafile

.
├── seafile-license.txt             # license file
├── ccnet               
├── conf
│   └── ccnet.conf
│   └── gunicorn.conf.py
│   └── __pycache__
│   └── seafdav.conf
│   └── seafevents.conf
│   └── seafile.conf
│   └── seahub_settings.py
├── logs
│   ├── controller.log
│   ├── elasticsearch_deprecation.log
│   ├── elasticsearch_index_indexing_slowlog.log
│   ├── elasticsearch_index_search_slowlog.log
│   ├── elasticsearch.log
│   ├── file_updates_sender.log
│   ├── index.log
│   ├── seafevents.log
│   ├── seafile.log
│   ├── seahub.log
│   └── slow_logs
├── pids
│   ├── elasticsearch.pid
│   ├── seafevents.pid
│   ├── seaf-server.pid
│   └── seahub.pid
├── pro-data
│   └── search
├── seafile-data
│   ├── httptemp
│   ├── library-template
│   ├── storage
│   └── tmpfiles
├── seafile-pro-server-9.0.5
│   ├── check-db-type.py
│   ├── check_init_admin.py
│   ├── create-db
│   ├── index_op.py
│   ├── migrate.py
│   ├── migrate-repo.py
│   ├── migrate-repo.sh
│   ├── migrate.sh
│   ├── pro
│   ├── reset-admin.sh
│   ├── run_index_master.sh
│   ├── run_index_worker.sh
│   ├── runtime
│   ├── seaf-backup-cmd.py
│   ├── seaf-backup-cmd.sh
│   ├── seaf-encrypt.sh
│   ├── seaf-fsck.sh
│   ├── seaf-fuse.sh
│   ├── seaf-gc.sh
│   ├── seaf-gen-key.sh
│   ├── seafile
│   ├── seafile-background-tasks.sh
│   ├── seafile.sh
│   ├── seaf-import.sh
│   ├── seahub
│   ├── seahub-extra
│   ├── seahub.sh
│   ├── setup-seafile-mysql.py
│   ├── setup-seafile-mysql.sh
│   ├── setup-seafile.sh
│   ├── sql
│   └── upgrade
├── seafile-server-latest -> seafile-pro-server-9.0.5
├── seahub-data
│   └── avatars

7 启动

cd /opt/seafile-server-latest
./seafile.sh start
./seahub.sh start
### 作为系统服务开机启动
### seafile.service

[Unit]
Description=seafile
After=network-online.target

[Service]
Type=forking
ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start
ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop
LimitNOFILE=infinity
User=1000
Group=1000

[Install]
WantedBy=multi-user.target
### seahub.service

[Unit]
Description=seahub
After=network-online.target

[Service]
Type=forking
ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start
ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop
LimitNOFILE=infinity
User=1000
Group=1000

[Install]
WantedBy=multi-user.target

8 其他

ElasticSearch 文件搜索 (docker)

### docker-compose.yml

version: '2.0'
services:
  elasticsearch:
    image: elasticsearch:7.16.2
    container_name: seafile-elasticsearch
    user: "1000:1000"
    restart: unless-stopped
    environment:
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms1g -Xmx1g"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 2g
    ports:
      - "127.0.0.1:9200:9200"
    volumes:
      - ./esdata:/usr/share/elasticsearch/data

networks:
  seafile-net:
### 编辑 /opt/seafile/conf/seafevents.conf

[INDEX FILES]
external_es_server = true
es_host = 127.0.0.1
es_port = 9200
enabled = true
interval = 10m

highlight = fvh

index_office_pdf = true

memcached (docker)

### docker-compose.yml

version: '2.0'
services:
  memcached:
    image: memcached:1.5.6
    container_name: seafile-memcached
    restart: unless-stopped
    entrypoint: memcached -m 256
    ports:
      - "11211:11211"
    networks:
      - seafile-net

networks:
  seafile-net:
### 编辑 /opt/seafile/conf/seahub_settings.py

CACHES = {
    'default': {
        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
        'LOCATION': '127.0.0.1:11211',
    },
    'locmem': {
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
    },
}
COMPRESS_CACHE_BACKEND = 'locmem'

文档预览 (docker)

### docker-compose.yml

version: '2.0'
services: 
  office-preview:
    image: seafileltd/office-preview:latest
    container_name: seafile-office-preview
    restart: unless-stopped
    ports:
      - "8089:8089"
    command: bash start.sh
    volumes:
      - ./office-preview/shared:/shared
      - ./fonts:/usr/share/fonts #可将需要的字体上传至该目录
    networks:
      - seafile-net

networks:
  seafile-net:
### 启动后,停止容器, 新建 /opt/seafile/office-preview/shared/office_convertor_settings.py, SECRET_KEY 位于 /opt/seafile/conf/seahub_settings.py, 重启容器

SECRET_KEY = "******"

WORKERS = 10
OUTPUT_DIR = '/shared/output'
PORT = 8089
### 编辑 /opt/seafile/conf/seahub_settings.py

OFFICE_CONVERTOR_ROOT = 'http://127.0.0.1:8089'

webdav

### 编辑 /opt/seafile/conf/seafdav.conf

[WEBDAV]
enabled = true
port = 8080
share_name = /webdav

AWS S3 储存后端

### 编辑 /opt/seafile/conf/seafevents.conf

[commit_object_backend]
name = s3
bucket = seafile-commits
key_id = ***
key = ***
host = s3.com

[fs_object_backend]
name = s3
bucket = seafile-fs
key_id = ***
key = ***
host = s3.com

[block_backend]
name = s3
bucket = seafile-blocks
key_id = ***
key = ***
host = s3.com

9 NGINX 反向代理

server
{
    listen 80;
      listen 443 ssl http2;
    server_name seafile.com;

    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }

    ssl_certificate    /path/certificate.pem;
    ssl_certificate_key    /path/certificate_key.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;
    client_max_body_size 10g;

    location / {
        proxy_pass http://127.0.0.1:8000/;
        proxy_read_timeout 310s;
        proxy_set_header Host $host;
        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_http_version 1.1;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_request_buffering off;
    }

    location /webdav {
        proxy_pass         http://127.0.0.1:8080;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_read_timeout  1200s;
    }

    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }

    access_log  /path/seafile.com.log;
    error_log  /path/seafile.com.error.log;
}

10 其他配置

### 编辑 /opt/seafile/conf/seahub_settings.py

# 时区
TIME_ZONE = 'Asia/Shanghai'

# 两步验证
ENABLE_TWO_FACTOR_AUTH = True

# webdav独立密码
ENABLE_WEBDAV_SECRET = True

# 自定义前端样式, 自定义custom.css 储存到 /opt/seafile/seahub-data/custom/
BRANDING_CSS = 'custom/custom.css'