Seafile 是一款开源的企业云盘,经过半年的社区版试用,相当稳定。具有跨平台支持的优点, Windows, Mac, Linux, iOS, Android等 ,并且比NextCloud简洁,强烈推荐。
分享下安装过程:
一、安装Seafile
1、基础环境
操作系统:Debian10
Seafile版本:社区版 v8.0.5
2、准备依赖环境
Mysql官方网站下载Mysql APT存储库,并安装:
root@Seafile:/opt# wget https://repo.mysql.com//mysql-apt-config_0.8.17-1_all.deb
root@Seafile:/opt# apt install ./mysql-apt-config_0.8.17-1_all.deb
安装mysql:
root@Seafile:/opt# apt install mysql-server
输入密码*****
安装依赖包:
root@Seafile:/opt# apt-get install python3 python3-setuptools python3-pip python3-ldap libmariadb-dev-compat libmariadb-dev -y
root@Seafile:/opt# pip3 install --timeout=3600 django==2.2.* future mysqlclient pymysql Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 psd-tools django-pylibmc django-simple-captcha
3、安装Seafile
从Seafile官网下载服务器端安装包:
root@Seafile:/opt# wget https://seafile-downloads.oss-cn-shanghai.aliyuncs.com/seafile-server_8.0.5_x86-64.tar.gz
root@Seafile:/opt# tar zxvf seafile-server_8.0.5_x86-64.tar.gz
root@Seafile:~# cd seafile-server-8.0.5/
安装数据库:
root@Seafile:/opt/seafile-server-8.0.5# ./setup-seafile-mysql.sh
Checking python on this machine ...
-----------------------------------------------------------------
This script will guide you to setup your seafile server using MySQL.
Make sure you have read seafile server manual at
https://download.seafile.com/published/seafile-manual/home.md
Press ENTER to continue
-----------------------------------------------------------------
What is the name of the server? It will be displayed on the client.
3 - 15 letters or digits
[ server name ] seafile
What is the ip or domain of the server?
For example: www.mycompany.com, 192.168.1.101
[ This server's ip or domain ] <enter your domain or ip>
Which port do you want to use for the seafile fileserver?
[ default "8082" ]
-------------------------------------------------------
Please choose a way to initialize seafile databases:
-------------------------------------------------------
[1] Create new ccnet/seafile/seahub databases
[2] Use existing ccnet/seafile/seahub databases
[ 1 or 2 ] 1
What is the host of mysql server?
[ default "localhost" ]
What is the port of mysql server?
[ default "3306" ]
What is the password of the mysql root user?
[ root password ] #此处输入安装mysql时设置的root密码
verifying password of user root ... done
Enter the name for mysql user of seafile. It would be created if not exists.
[ default "seafile" ]
Enter the password for mysql user "seafile":
[ password for seafile ]
Enter the password for mysql user "seafile":
[ password for seafile ]
Enter the database name for ccnet-server:
[ default "ccnet-db" ]
Enter the database name for seafile-server:
[ default "seafile-db" ]
Enter the database name for seahub:
[ default "seahub-db" ]
---------------------------------
This is your configuration
---------------------------------
server name: seafile
server ip/domain: <your domain>
seafile data dir: /opt/seafile-data
fileserver port: 8082
database: create new
ccnet database: ccnet-db
seafile database: seafile-db
seahub database: seahub-db
database user: seafile
---------------------------------
Press ENTER to continue, or Ctrl-C to abort
---------------------------------
Generating ccnet configuration ...
Generating seafile configuration ...
done
Generating seahub configuration ...
----------------------------------------
Now creating ccnet database tables ...
----------------------------------------
----------------------------------------
Now creating seafile database tables ...
----------------------------------------
----------------------------------------
Now creating seahub database tables ...
----------------------------------------
creating seafile-server-latest symbolic link ... done
-----------------------------------------------------------------
Your seafile server configuration has been finished successfully.
-----------------------------------------------------------------
run seafile server: ./seafile.sh { start | stop | restart }
run seahub server: ./seahub.sh { start <port> | stop | restart <port> }
-----------------------------------------------------------------
If you are behind a firewall, remember to allow input/output of these tcp ports:
-----------------------------------------------------------------
port of seafile fileserver: 8082
port of seahub: 8000
When problems occur, Refer to
https://download.seafile.com/published/seafile-manual/home.md
for information.
安装目录/opt 文件结构:
root@Seafile:/opt# tree . -L 2
.
├── ccnet
├── conf
│ ├── ccnet.conf
│ ├── gunicorn.conf.py
│ ├── seafdav.conf
│ ├── seafile.conf
│ └── seahub_settings.py
├── seafile-data
│ └── library-template
├── seafile-server-8.0.5
│ ├── check_init_admin.py
│ ├── reset-admin.sh
│ ├── runtime
│ ├── seaf-fsck.sh
│ ├── seaf-fuse.sh
│ ├── seaf-gc.sh
│ ├── seafile
│ ├── seafile.sh
│ ├── seahub
│ ├── seahub.sh
│ ├── setup-seafile-mysql.py
│ ├── setup-seafile-mysql.sh
│ ├── setup-seafile.sh
│ ├── sql
│ └── upgrade
├── seafile-server-latest -> seafile-server-8.0.5
└── seahub-data
└── avatars
4、启动服务
启动Seafile服务:
root@Seafile:/opt# cd seafile-server-latest
root@Seafile:/opt/seafile-server-latest# ./seafile.sh
启动 Seahub 网站:
root@Seafile:/opt/seafile-server-latest# ./seahub.sh start
LC_ALL is not set in ENV, set to en_US.UTF-8
Starting seahub at port 8000 ...
----------------------------------------
It's the first time you start the seafile server. Now let's create the admin account
----------------------------------------
What is the email for the admin account?
[ admin email ] <set your email for user admin>
What is the password for the admin account?
[ admin password ]
Enter the password again:
[ admin password again ]
Error happened during creating seafile admin.
Seahub is started
Done.
root@Seafile:/opt/seafile-server-latest#
查看监听端口:
root@Seafile:/opt/seafile-server-latest# ss -lantp
发现8000只监听在127.0.0.1上,外部无法直接通过8000端口访问seafile,需要配置Nginx反向代理
5、配置Nginx
安装Nginx
root@Seafile:/opt# apt install nginx
创建seafile配置文件
root@Seafile:/opt/seafile-server-latest# cat /etc/nginx/sites-available/seafile.conf
server {
listen 80;
server_name <your domain>; # set your domain
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
# If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI),
# which is not recommended, you should use the following config for location `/`.
# location / {
# fastcgi_pass 127.0.0.1:8000;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_script_name;
# fastcgi_param SERVER_PROTOCOL $server_protocol;
# fastcgi_param QUERY_STRING $query_string;
# fastcgi_param REQUEST_METHOD $request_method;
# fastcgi_param CONTENT_TYPE $content_type;
# fastcgi_param CONTENT_LENGTH $content_length;
# fastcgi_param SERVER_ADDR $server_addr;
# fastcgi_param SERVER_PORT $server_port;
# fastcgi_param SERVER_NAME $server_name;
# fastcgi_param REMOTE_ADDR $remote_addr;
# fastcgi_read_timeout 36000;
# client_max_body_size 0;
#
# access_log /var/log/nginx/seahub.access.log;
# error_log /var/log/nginx/seahub.error.log;
# }
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
proxy_request_buffering off;
send_timeout 36000s;
}
location /media {
root /opt/seafile-server-latest/seahub;
}
}
删除默认配置,创建新的软连接:
root@Seafile:/opt# rm /etc/nginx/sites-enabled/default
root@Seafile:/opt# ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf
6、配置开机启动
创建seafile.service
root@Seafile:/opt# vim /etc/systemd/system/seafile.service
[Unit]
Description=Seafile
# add mysql.service or postgresql.service depending on your database to the line below
After=network.target mysql.service
[Service]
Type=oneshot
ExecStart=/opt/seafile-server-latest/seafile.sh start
ExecStop=/opt/seafile-server-latest/seafile.sh stop
ExecReload=/opt/seafile-server-latest/seafile.sh restart
RemainAfterExit=yes
User=root
Group=root
[Install]
WantedBy=multi-user.target
创建seahub.service
root@Seafile:/opt# vim /etc/systemd/system/seahub.service
[Unit]
Description=Seafile hub
After=network.target seafile.service
[Service]
# change start to start-fastcgi if you want to run fastcgi
ExecStart=/opt/seafile-server-latest/seahub.sh start
ExecStop=/opt/seafile-server-latest/seahub.sh stop
ExecReload=/opt/seafile-server-latest/seahub.sh restart
User=root
Group=root
Type=oneshot
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
设置开机启动
root@Seafile:/opt# systemctl enable mysql
root@Seafile:/opt# systemctl enable seafile
root@Seafile:/opt# systemctl enable seahub
二、安装OnlyOffice
Seafile配合OnlyOffice,可以在线预览,编辑office文档,还支持多人协同编辑,非常方便
1、安装docker
使用docker安装,首先在debian10上安装好docker-ce
参考文档:https://manual.seafile.com/deploy/only_office/#complete-apache-config-example
root@Seafile:~# docker -v
Docker version 20.10.6, build 370c289
2、安装onlyoffice
首先直接启动docker,将配置文件拷贝到本地
root@Seafile:~# docker container cp 2d6ad1263cc8:/etc/onlyoffice/documentserver/ /app/onlyoffice/DocumentServer/etc/
将目录映射到本地,监听8080端口
root@Seafile:~# docker run --restart=always -i -t -d -p 8080:80 \
-v /app/onlyoffice/DocumentServer/etc/documentserver:/etc/onlyoffice/documentserver \
-v /app/onlyoffice/DocumentServer/logs:/var/log/onlyoffice \
-v /app/onlyoffice/DocumentServer/data:/var/www/onlyoffice/Data \
-v /app/onlyoffice/DocumentServer/lib:/var/lib/onlyoffice \
-v /app/onlyoffice/DocumentServer/rabbitmq:/var/lib/rabbitmq \
-v /app/onlyoffice/DocumentServer/redis:/var/lib/redis \
-v /app/onlyoffice/DocumentServer/db:/var/lib/postgresql onlyoffice/documentserver
root@Seafile:~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0c2dd93e6681 onlyoffice/documentserver "/app/ds/run-documen…" 7 seconds ago Up 6 seconds 443/tcp, 0.0.0.0:8080->80/tcp, :::8080->80/tcp inspiring_joliot
3、配置onlyoffice自动保存
root@Seafile:~# docker exec -it 0c2dd93e6681 bin/bash
root@0c2dd93e6681:/#
root@0c2dd93e6681:/# nano /etc/onlyoffice/documentserver/local.json
{
"services": {
"CoAuthoring": {
"autoAssembly": { #增加内容
"enable": true,
"interval": "2m"
}
}
}
}
root@0c2dd93e6681:/# supervisorctl restart all
ds:docservice: stopped
ds:converter: stopped
ds:spellchecker: stopped
ds:metrics: stopped
ds:docservice: started
ds:converter: started
ds:spellchecker: started
ds:metrics: started
ds:example: started
三、Seafile与OnlyOffice集成
1、修改Nginx配置
# 在server外增加以下内容:
# Required for only office document server
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $host;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
#在server内增加子路径:
location /onlyofficeds/ {
# THIS ONE IS IMPORTANT ! - Trailing slash !
proxy_pass http://127.0.0.1:8080/;
proxy_http_version 1.1;
client_max_body_size 0; # Limit Document size to 100MB
proxy_read_timeout 3600s;
proxy_connect_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
# THIS ONE IS IMPORTANT ! - Subfolder and NO trailing slash !
proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
此时访问:<http://[your ip address or domain]/onlyofficeds/welcome/> 可看到欢迎页面
2、修改Seafile Server配置
在Seafile Server中配置onlyoffice路径,修改seahub_settings.py
root@Seafile:/opt# vim conf/seahub_settings.py
# Enable Only Office
ENABLE_ONLYOFFICE = True
VERIFY_ONLYOFFICE_CERTIFICATE = True
ONLYOFFICE_APIJS_URL = 'http://[your ip address or domain]/onlyofficeds/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods')
ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx')
重启seafile seahub
root@Seafile:/opt# systemctl restart seafile
root@Seafile:/opt# systemctl restart seahub
四、配置防火墙
使用ufw,或直接用iptables
1、安装ufw
root@Seafile:~# apt install ufw
2、添加OpenSSH和http应用
root@Seafile:~# ufw status
Status: inactive
root@Seafile:~# ufw allow OpenSSH
Rules updated
Rules updated (v6)
root@Seafile:~# ufw allow http
Rules updated
Rules updated (v6)
root@Seafile:~# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
root@Seafile:~#
root@Seafile:~# ufw status
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
80/tcp ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
3、防火墙开放443端口
root@Seafile:~# iptables -A INPUT -p tcp --dport 443 -j ACCEPT
root@Seafile:~# iptables-save > /etc/iptables/rules.v4
4、阻止外部访问8080
启动容器时使用-p 8080:80,docker默认修改iptables规则,向外部暴露8080端口,在INPUT链中禁用8080也不起作用,原因是docker在nat表中增加了规则
root@Seafile:~# iptables -t nat -L DOCKER -n --line-number
Chain DOCKER (2 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
2 DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080 to:172.17.0.2:80
root@Seafile:~# iptables -L DOCKER -n --line-number
Chain DOCKER (1 references)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:80
修改DOCKER中的规则,只允许本地访问onlyoffice容器的80端口
root@Seafile:~# iptables -R DOCKER 1 -p tcp -s 127.0.0.1 -d 172.17.0.2 --dport 80 -j ACCEPT
root@Seafile:~# iptables -L DOCKER -n --line-number
Chain DOCKER (1 references)
num target prot opt source destination
1 ACCEPT tcp -- 127.0.0.1 172.17.0.2 tcp dpt:80
五、Nginx HTTPS
ssl证书使用自签名的证书,或者使用您的已有证书
1、 生成自签名的 SSL 数字证书
root@Seafile:~# openssl genrsa -out privkey.pem 2048
Generating RSA private key, 2048 bit long modulus (2 primes)
..............................................+++++
.+++++
e is 65537 (0x010001)
root@Seafile:~#
root@Seafile:~# openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CN
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []: #域名
Email Address []:
root@Seafile:~#
root@Seafile:~# openssl dhparam -out dhparam.pem 2048
2、将证书文件复制到配置文件目录
root@Seafile:~# cp ./*.pem /etc/ssl/
3、修改Nginx配置文件
root@Seafile:~# vim /etc/nginx/sites-available/seafile.conf
server {
listen 80;
rewrite ^ https://$http_host$request_uri? permanent;
server_name <your domain>; #替换为你的域名
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/cacert.pem; #cacert.pem 文件路径
ssl_certificate_key /etc/ssl/privkey.pem; #privkey.pem 文件路径
server_name <your domain>; #替换为你的域名
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/dhparam.pem;
# secure settings (A+ at SSL Labs ssltest at time of writing)
# see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
..........
}
4、重新加载Nginx
root@Seafile:~# nginx -s reload
5、访问你的Seafile
