Thank you for reading this post, don't forget to subscribe!
Оригинал статьи:
Seafile — это кроссплатформенная система программного обеспечения для размещения файлов с открытым исходным кодом. Файлы хранятся на центральном сервере и могут быть синхронизированы с персональными компьютерами и мобильными устройствами через приложения.
Подготовка
Обновляем операционную систему, добавляем репозиторий EPEL, устанавливаем софт
|
1 2 3 |
$ sudo yum -y update $ sudo yum -y install epel-release $ sudo yum -y install nano wget net-tools |
Устанавливаем необходимые для Seafile пакеты
|
1 2 |
$ sudo yum -y install python3 python3-setuptools python3-pip python-ldap memcached java-1.8.0-openjdk libmemcached libreoffice-headless libreoffice-pyuno libffi-devel pwgen curl $ sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy psd-tools django-pylibmc django-simple-captcha |
Переводим Selinux в режим permissive
|
1 2 3 |
$ sudo setenforce 0 $ sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config $ sudo getenforce |
Запускаем службу memcached
|
1 |
$ sudo systemctl enable --now memcached |
Установка и настройка NGINX
Добавим репозиторий NGINX.
|
1 2 3 4 5 6 |
$ sudo nano /etc/yum.repos.d/nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=0 enabled=1 |
Установка web-сервера NGINX
|
1 |
$ sudo yum -y install nginx |
Создадим директории для виртуальных хостов
|
1 |
$ sudo mkdir /etc/nginx/{sites-available,sites-enabled} |
Отредактируем основной конфиг nginx.conf
cat /etc/nginx/nginx.conf
[codesyntax lang="php"]
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; #worker_rlimit_nofile 40000; events { # worker_connections 8096; worker_connections 1024; multi_accept on; use epoll; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; server_tokens off; server_names_hash_bucket_size 128; client_max_body_size 50M; sendfile on; tcp_nopush on; tcp_nodelay on; client_body_timeout 12; client_header_timeout 12; keepalive_timeout 15; send_timeout 10; # Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/ gzip off; #gzip_vary on; #gzip_proxied expired no-cache no-store private auth any; #gzip_comp_level 9; #gzip_min_length 10240; #gzip_buffers 16 8k; #gzip_http_version 1.1; #gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2; #gzip_disable "MSIE [1-6]."; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf; } |
[/codesyntax]
Отредактируем конфиг seafile.conf
cat /etc/nginx/sites-available/seafile.conf
[codesyntax lang="php"]
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time'; server { listen 80; server_name seafile.example.com; proxy_set_header X-Forwarded-For $remote_addr; location / { proxy_pass http://127.0.0.1:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 1200s; # used for view/edit office file via Office Online Server client_max_body_size 0; access_log /var/log/nginx/seahub.access.log seafileformat; error_log /var/log/nginx/seahub.error.log; } location /seafhttp { rewrite ^/seafhttp(.*)$ $1 break; proxy_pass http://127.0.0.1:8082; client_max_body_size 0; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 36000s; proxy_read_timeout 36000s; access_log /var/log/nginx/seafhttp.access.log seafileformat; error_log /var/log/nginx/seafhttp.error.log; } location /media { root /opt/seafile/seafile-server-latest/seahub; } location /seafdav { proxy_pass http://127.0.0.1:8080/seafdav; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 1200s; client_max_body_size 0; access_log /var/log/nginx/seafdav.access.log seafileformat; error_log /var/log/nginx/seafdav.error.log; } } |
[/codesyntax]
Создаем симлинк, чтобы активировать конфиг seafile
|
1 |
$ sudo ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf |
Проверяем конфиги nginx на ошибки
|
1 |
$ sudo nginx -t |
Добаляем nginx в автозагрузку и запускаем web-сервер
|
1 |
$ sudo systemctl enable --now nginx |
Firewall
Настройка firewall, открываем порты
|
1 2 |
$ sudo firewall-cmd --zone=public --add-service={http,https} --permanent $ sudo firewall-cmd --reload |
Установка сервера базы данных Percona
Добавим репозиторий Percona
|
1 |
$ sudo yum -y install https://repo.percona.com/yum/percona-release-latest.noarch.rpm |
Устанавливаем Percona-Server
|
1 |
$ sudo yum -y install Percona-Server-server-57 |
Запускаем сервис и добавляем его в автозагрузку
|
1 |
$ sudo systemctl enable --now mysqld |
Ищем пароль, который сгенерировался при установке и меняем его
|
1 2 3 4 5 6 7 8 9 |
$ sudo grep -i password /var/log/mysqld.log $ sudo mysql_secure_installation New password: Re-enter new password: Change the password for root ? ((Press y|Y for Yes, any other key for No) : Remove anonymous users? (Press y|Y for Yes, any other key for No) : y Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y |
Что б в дальнейшем не было проблем с паролем для пользователя seafile, изменим политику паролей в PerconaDB
|
1 2 3 4 5 |
$ mysql -u root -p > SHOW GLOBAL VARIABLES LIKE 'validate_password%'; > SET GLOBAL validate_password_special_char_count = 0; > flush privileges; > quit; |
Установка Seafile
Создаем пользователя seafile
|
1 2 |
$ sudo useradd -m -U -r -d /opt/seafile seafile $ sudo chmod 750 /opt/seafile |
Добавляем пользователя nginx в группу seafile
|
1 |
$ sudo usermod -aG seafile nginx |
Переключаемся на пользователя seafile
|
1 |
$ sudo su - seafile |
Создаем директорию, куда потом перенесем архив с дистрибутивом
|
1 |
$ mkdir -p /opt/seafile/installed |
Переходим в директорию, где будет установлен Sefile
|
1 |
$ cd |
Скачиваем архив, распаковываем его
|
1 2 |
$ curl -OL https://download.seadrive.org/seafile-server_7.1.0_x86-64.tar.gz $ tar xzf seafile-server_7.1.0_x86-64.tar.gz |
Перемещаем архив в каталог installed
|
1 |
$ mv seafile-server_7.1.0_x86-64.tar.gz installed |
[codesyntax lang="php"]
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
$ ./seafile-server-7.1.0/setup-seafile-mysql.sh Press ENTER to continue [ server name ] seafile [ This server's ip or domain ] seafile.example.com [ default "8082" ] Please choose a way to initialize seafile databases: [1] Create new ccnet/seafile/seahub databases [2] Use existing ccnet/seafile/seahub databases [ 1 or 2 ] 1 What is the host of mysql server? [ default "localhost" ] What is the port of mysql server? [ default "3306" ] What is the password of the mysql root user? [ root password ] verifying password of user root ... done Enter the name for mysql user of seafile. It would be created if not exists. [ default "seafile" ] Enter the password for mysql user "seafile": (тут лучше использовать пароль без спец.символов @#$%^) [ password for seafile ] Enter the database name for ccnet-server: [ default "ccnet-db" ] Enter the database name for seafile-server: [ default "seafile-db" ] Enter the database name for seahub: [ default "seahub-db" ] This is your configuration server name: seafile server ip/domain: seafile.example.com seafile data dir: /opt/seafile/seafile-data fileserver port: 8082 database: create new ccnet database: ccnet-db seafile database: seafile-db seahub database: seahub-db database user: seafile |
[/codesyntax]
Если что-то пошло не так, команды для управления базами/пользователями perconadb
|
1 2 3 4 5 6 7 8 9 10 |
$ mysql -u root -p > SHOW databases; > SELECT User,mysql_native_passwor,Host FROM mysql.user; > SELECT User,Host FROM mysql.user; > SHOW GRANTS FOR 'seafile'@'localhost'; > REVOKE ALL PRIVILEGES, GRANT OPTION FROM 'seafile'@'localhost'; > DROP USER 'seafile'@'localhost'; > DROP DATABASE `ccnet-db`; > DROP DATABASE `seafile-db`; > DROP DATABASE `seahub-db`; |
Переключаемся на предыдущего пользователя (правами sudo)
|
1 |
$ exit |
Создаем файл seafile.service
cat /etc/systemd/system/seafile.service
[codesyntax lang="php"]
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
[Unit] Description=Seafile Server After=network.target remote-fs.target mysqld.service [Service] ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop User=seafile Group=seafile LimitNOFILE=infinity Type=oneshot RemainAfterExit=yes [Install] WantedBy=multi-user.target |
[/codesyntax]
Создаем файл seahub.service
cat /etc/systemd/system/seahub.service
[codesyntax lang="php"]
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
[Unit] Description=Seafile Seahub After=network.target seafile.service [Service] ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop User=seafile Group=seafile Type=oneshot RemainAfterExit=yes [Install] WantedBy=multi-user.target |
[/codesyntax]
Скрипт для перезапуска Seafile
[codesyntax lang="php"]
|
1 2 3 4 5 6 7 |
$ cat /usr/local/sbin/seafile-server-restart #!/bin/bash for ACTION in stop start ; do for SERVICE in seafile seahub ; do systemctl ${ACTION} ${SERVICE} done done |
[/codesyntax]
Назначим права
|
1 |
$ sudo chmod 700 /usr/local/sbin/seafile-server-restart |
Настройка Seafile
Отредактируем seafdav.conf, для активации webdav
[codesyntax lang="php"]
|
1 2 3 4 5 6 |
sudo nano /opt/seafile/conf/seafdav.conf [WEBDAV] enabled = true port = 8080 fastcgi = true share_name = /seafdav |
[/codesyntax]
Проверяем настройки ccnet.conf
|
1 2 3 4 |
$ sudo nano /opt/seafile/conf/ccnet.conf [General] SERVICE_URL = http://seafile.example.com ... |
Включим кеширование Memcached, капчу, время хранение сессии и языки. (добавляем после строчек, которые были в файле)
[codesyntax lang="php"]
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
vim /opt/seafile/conf/seahub_settings.py ... CACHES = { 'default': { 'BACKEND': 'django_pylibmc.memcached.PyLibMCCache', 'LOCATION': '127.0.0.1:11211', }, 'locmem': { 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', }, } COMPRESS_CACHE_BACKEND = 'locmem' # Email settings EMAIL_USE_TLS = False EMAIL_HOST = 'mail.example.com' EMAIL_HOST_USER = 'noreply@example.com' EMAIL_HOST_PASSWORD = '' EMAIL_PORT = '25' DEFAULT_FROM_EMAIL = EMAIL_HOST_USER SERVER_EMAIL = EMAIL_HOST_USER # https://download.seafile.com/published/seafile-manual/config/sending_email.md TIME_ZONE = 'Europe/Moscow' SITE_BASE = 'http://seafile.example.com' SITE_NAME = 'Seafile Server' SITE_TITLE = 'Seafile Server' SITE_ROOT = '/' ENABLE_SIGNUP = False ACTIVATE_AFTER_REGISTRATION = False SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True SEND_EMAIL_ON_RESETTING_USER_PASSWD = True CLOUD_MODE = False FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024 SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 SESSION_SAVE_EVERY_REQUEST = False SESSION_EXPIRE_AT_BROWSER_CLOSE = False # User management options LOGIN_REMEMBER_DAYS = 1 LOGIN_ATTEMPT_LIMIT = 3 # Other options MAX_NUMBER_OF_FILES_FOR_FILEUPLOAD = 10 LANGUAGE_CODE = 'ru' LANGUAGES = ( ('en', 'English'), ('ru', 'Russian'), ) FILE_SERVER_ROOT = 'http://seafile.example.com/seafhttp' |
[/codesyntax]
Дополнительные параметры можно посмотреть на официальном сайте
Отредактируем файл seafile.conf
[codesyntax lang="php"]
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
cat /opt/seafile/conf/seafile.conf [fileserver] port = 8082 max_upload_size=64 max_download_dir_size=64 [quota] default = 2 [history] keep_days = 7 # Очищать корзину, кол-во дней [library_trash] expire_days = 30 # Configure Syslog [general] enable_syslog = true |
[/codesyntax]
В процессе первого запуска задаем имя и пароль администратора.
|
1 2 3 4 5 |
$ sudo su - seafile /opt/seafile/seafile-server-latest/seafile.sh start $ sudo su - seafile /opt/seafile/seafile-server-latest/seahub.sh start [ admin email ] admin@example.com [ admin password ] [ admin password again ] |
Останавливаем
|
1 2 |
$ sudo su - seafile /opt/seafile/seafile-server-latest/seahub.sh stop $ sudo su - seafile /opt/seafile/seafile-server-latest/seafile.sh stop |
Добавляем службы в автозапуск и запскаем их
|
1 2 3 |
$ sudo systemctl daemon-reload $ sudo systemctl enable --now seafile $ sudo systemctl enable --now seahub |
Если надо скинуть пароль админа, выполняем команду
|
1 |
$ sudo su - seafile /opt/seafile/seafile-server-latest/reset-admin.sh |