Seafile — это личное облачное хранилище для хранения данных в стиле Dropbox.
Сегодня мы установим Seafile 9.0.2 на Debian 11.
- Имеется сервер с операционной системой Debian 11. Где-то в облаке.
- Seafile для безопасности запустим под отдельным пользователем как службы.
- В качестве БД используем MySQL 8 на том же сервере.
- Дополнительно поднимем и настроим Nginx.
Доступна версия 9.0.2 64bit.
https://www.seafile.com/en/download/
Ссылки
Ранее я уже публиковал статью про установку Seafile на Ubuntu:
Seafile 7.1.1 — установка на Ubuntu 18.04 LTS
В новой статье будет несколько отличий.
- Ранее я устанавливал Seafile 7.1.1, теперь установим более новую версию Seafile 9.0.2.
- Ранее была операционная система Ubuntu 18.04, сейчас Debian 11.
Мануал:
База данных MySQL 8 для Seafile
Установка MySQL 8 на Debian 11 у меня уже есть в отдельной статье:
Точно так же устанавливаем и перемещаем базу в директорию /opt.
Создаём три базы:
- seafile-ccnet
- seafile-db
- seafile-seahub
и пользователя MySQL: seafile:
mysql -u root -p
CREATE SCHEMA `seafile-ccnet` DEFAULT CHARACTER SET utf8 ;
CREATE SCHEMA `seafile-db` DEFAULT CHARACTER SET utf8 ;
CREATE SCHEMA `seafile-seahub` DEFAULT CHARACTER SET utf8 ;
CREATE USER 'seafile'@'localhost' identified by 'ПАРОЛЬ';
GRANT ALL PRIVILEGES ON `seafile-ccnet`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seafile-db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seafile-seahub`.* to `seafile`@localhost;
Меняем настройки безопасности пользователю:
ALTER USER 'seafile'@'localhost' IDENTIFIED WITH mysql_native_password BY 'ПАРОЛЬ';
Установка пакетов
Устанавливаем пакеты, хочу обратить внимание на пакет python3-dev, который в официальном мануале не указан (работаем под ROOT):
apt-get update
apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev
apt-get install -y memcached libmemcached-dev
pip3 install --timeout=3600 django==3.2.* Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \
django-pylibmc django-simple-captcha python3-ldap mysqlclient pycryptodome==3.12.0 cffi==1.14.0
Создание директории и пользователя
Для Seafile создадим директорию /opt/seafile:
mkdir /opt/seafile
cd /opt/seafile
Создаём пользователя, под которым будет работать seafile (я назвал его sf) и назначаем права:
useradd -m -s /bin/bash sf
cd /
chown -R sf\: ./opt/seafile/
cd /opt
ls -fla | grep seafile
Установка Seafile Server
Работаем под пользователем sf:
su - sf
Скачиваем и распаковываем дистрибутив:
cd /opt/seafile
wget https://download.seadrive.org/seafile-server_9.0.2_x86-64.tar.gz
tar -xf seafile-server_9.0.2_x86-64.tar.gz
ls -Fla
Устанавливаем Seafile:
cd /opt/seafile/seafile-server-9.0.2/
./setup-seafile-mysql.sh
Запускается мастер установки. В процессе установки нам зададут вопросы, отвечаем на них, у вас будут собственные ответы:
- What is the name of the server? It will be displayed on the client. Пишу — seafile.
- What is the ip or domain of the server? Домена пока нет, пишу прямой IP — 46.39.246.23.
- Which port do you want to use for the seafile fileserver? Порт по умолчанию 8082 — устраивает.
- Please choose a way to initialize seafile databases:
[1] Create new ccnet/seafile/seahub databases
[2] Use existing ccnet/seafile/seahub databases
Я уже создал все БД, указываю 2. - What is the host of mysql server? По умолчанию сервер БД localhost — localhost.
- What is the port of mysql server? Порт по умолчанию 3306, меня устраивает.
- Which mysql user to use for seafile? Указываем имя пользователя MySQL. Я пишу — seafile.
- What is the password for mysql user "seafile"? Указываем пароль от пользователя MySQL.
- Enter the existing database name for ccnet: Пишу — seafile-ccnet.
- Enter the existing database name for seafile: Пишу — seafile-db.
- Enter the existing database name for seahub: Пишу — seafile-seahub.
Проверяем настройки. Нажимаем Enter. Устанавливается Seafile Server.
Пробуем запустить seafile:
cd /opt/seafile/seafile-server-latest/
./seafile.sh start
Пробуем запустить seahub:
./seahub.sh start
При первом запуске нас попросят создать админа для seafile, укажите email и пароль.
Проверим, что сервисы seafile и seahub работают и используют порты 8000 и 8082:
netstat -plntu
Останавливаем службы для дальнейшей настройки:
./seahub.sh stop
./seafile.sh stop
Настройка автозапуска Seafile в качестве сервисов
Работаем под рутом. Создаём сервис seafile:
cd /etc/systemd/system/
vim seafile.service
Содержимое:
[Unit] Description=Seafile After=network.target [Service] Type=forking ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop LimitNOFILE=infinity User=sf Group=sf [Install] WantedBy=multi-user.target
Создаём сервис seahub:
vim seahub.service
Содержимое:
[Unit] Description=Seafile hub After=network.target seafile.service [Service] Type=forking ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop User=sf Group=sf [Install] WantedBy=multi-user.target
Запускаем сервисы и настраиваем автозагрузку:
systemctl daemon-reload
systemctl start seafile
systemctl start seahub
systemctl enable seafile
systemctl enable seahub
Проверяем:
systemctl status seafile
systemctl status seahub
Службы настроены.
Установка и настройка Nginx
Выполним установку Nginx и первоначальную настройку Seafile.
Установим nginx:
apt-get install nginx -y
Проверим что настроен автозапуск:
systemctl is-enabled nginx
Если автозапуск не настроен, то можно включить:
systemctl enable nginx
Проверим:
systemctl status nginx
Создаём конфигурационный файл для Seafile:
cd /etc/nginx/
vim sites-available/seafile
Содержимое:
server {
listen 80;
server_name _;
server_tokens off;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
}
Применяем конфигурацию:
rm -f /etc/nginx/sites-enabled/default
ln -s /etc/nginx/sites-available/seafile /etc/nginx/sites-enabled/
nginx -t
systemctl restart nginx
Начальная настройка Seafile Server
Работаем под пользователем sf:
su - sf
Переходим в директорию с файлами конфигурации:
cd /opt/seafile/conf/
ccnet.conf
Настраиваем ccnet.conf, указываем SERVICE_URL:
vim scnet.conf
Содержимое:
[General] SERVICE_URL = http://46.39.246.23 [Database] ENGINE = mysql HOST = 127.0.0.1 PORT = 3306 USER = seafile PASSWD = ПАРОЛЬ DB = seafile-ccnet CONNECTION_CHARSET = utf8
seafile.conf
Настраиваем seafile.conf, указываем host и keep_days:
vim seafile.conf
Содержимое:
[fileserver] host = 0.0.0.0 port = 8082 [database] type = mysql host = 127.0.0.1 port = 3306 user = seafile password = ПАРОЛЬ db_name = seafile-db connection_charset = utf8 [history] keep_days = 30
seahub_settings.py
Настраиваем seahub_settings.py:
mkdir /opt/seafile/seahub-data/thumbnail/
mkdir /opt/seafile/seahub-data/thumbnail/thumb/
vim seahub_settings.py
Содержимое:
# -*- coding: utf-8 -*-
SECRET_KEY = "СОЛЬ"
FILE_SERVER_ROOT = 'http://46.39.246.23/seafhttp'
# For security consideration, please set to match the host/domain of your site, e.g.,
ALLOWED_HOSTS = ['.example.com'].
# Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.
ALLOWED_HOSTS = ['46.39.246.23']
# Enalbe or disalbe registration on web. Default is `False`.
ENABLE_SIGNUP = False
DATABASES = {
'default': { 'ENGINE': 'django.db.backends.mysql',
'NAME': 'seafile-seahub',
'USER': 'seafile',
'PASSWORD': 'ПАРОЛЬ',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {'charset': 'utf8mb4'},
}
}
ENABLE_SETTINGS_VIA_WEB = False
TIME_ZONE = 'Europe/Moscow'
LANGUAGE_CODE = 'ru'
LANGUAGES = (
('en', 'English'),
('ru', 'Русский'),
)
SITE_NAME = 'Seafile'
# Absolute filesystem path to the directory that will hold thumbnail files.
THUMBNAIL_ROOT = '/opt/seafile/seahub-data/thumbnail/thumb/'
SERVICE_URL = 'http://46.39.246.23'
Первый запуск
Проверяем что сайт заработал на HTTP протоколе.
http://46.39.246.23
Проверяем, что выполняется вход под созданным e-mail и паролем админа.
Настройка HTTPS и сертификата SSL
Правим конфигурационный файл для Seafile:
vim sites-available/seafile
В "server_name _;" указываем домен:
server_name internet-lab.ru;
Перезапускаем Nginx:
service nginx restart
Переходим в директорию с файлами конфигурации:
cd /opt/seafile/conf/
Правим ccnet.conf:
vim scnet.conf
В "SERVICE_URL" указываем домен и HTTPS:
SERVICE_URL = https://internet-lab.ru
Правим seahub_settings.py:
vim seahub_settings.py
В "SERVICE_URL" указываем домен и HTTPS. В "FILE_SERVER_ROOT" указываем домен и HTTPS. В "ALLOWED_HOSTS" добавляем домен.
SERVICE_URL = https://internet-lab.ru FILE_SERVER_ROOT = 'https://internet-lab.ru/seafhttp ALLOWED_HOSTS = ['46.39.246.23','internet-lab.ru']
Перезапускаем Seafile:
service seafile restart
service seahub restart
Устанавливаем certbot:
Let's Encrypt — настройка certbot в Debian
Проверяем работу сайта по HTTPS:
Сайт работает.
Конфигурация Seafile
Переходим в директорию с файлами конфигурации:
cd /opt/seafile/conf/
Настраиваем seahub_settings.py согласно своим потребностям:
-
seahub_settings.py
# -*- coding: utf-8 -*- SECRET_KEY = "b'xxxxdr^83)(xxx(yxxxwr)1t#k#7mi-!q^mzh_xxxxp4=xxx)n'" SERVICE_URL = 'https://internet-lab.ru' FILE_SERVER_ROOT = 'https://internet-lab.ru/seafhttp' # For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com']. # Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details. ALLOWED_HOSTS = ['46.39.246.23','internet-lab.ru'] # Enable or disable registration on web. Default is `False`. ENABLE_SIGNUP = False # Activate or deactivate user when registration complete. Default is `True`. # If set to `False`, new users need to be activated by admin in admin panel. ACTIVATE_AFTER_REGISTRATION = False # Whether to send email when a system admin adding a new member. Default is `True`. SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True # Whether to send email when a system admin resetting a user's password. Default is `True`. SEND_EMAIL_ON_RESETTING_USER_PASSWD = True # Send system admin notify email when user registration is complete. Default is `False`. NOTIFY_ADMIN_AFTER_REGISTRATION = True # Remember days for login. Default is 7 LOGIN_REMEMBER_DAYS = 14 # Attempt limit before showing a captcha when login. LOGIN_ATTEMPT_LIMIT = 3 # deactivate user account when login attempts exceed limit # Since version 5.1.2 or pro 5.1.3 FREEZE_USER_ON_LOGIN_FAILED = False # mininum length for user's password USER_PASSWORD_MIN_LENGTH = 6 # LEVEL based on four types of input: # num, upper letter, lower letter, other symbols # '3' means password must have at least 3 types of the above. USER_PASSWORD_STRENGTH_LEVEL = 3 # default False, only check USER_PASSWORD_MIN_LENGTH # when True, check password strength level, STRONG(or above) is allowed USER_STRONG_PASSWORD_REQUIRED = False # Force user to change password when admin add/reset a user. # Added in 5.1.1, deafults to True. FORCE_PASSWORD_CHANGE = True # Age of cookie, in seconds (default: 2 weeks). SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 # Whether a user's session cookie expires when the Web browser is closed. SESSION_EXPIRE_AT_BROWSER_CLOSE = False # Whether to save the session data on every request. Default is `False` SESSION_SAVE_EVERY_REQUEST = False # Whether enable personal wiki and group wiki. Default is `False` # Since 6.1.0 CE ENABLE_WIKI = True # In old version, if you use Single Sign On, the password is not saved in Seafile. # Users can't use WebDAV because Seafile can't check whether the password is correct. # Since version 6.3.8, you can enable this option to let user's to specific a password for WebDAV login. # Users login via SSO can use this password to login in WebDAV. # Enable the feature. pycryptodome should be installed first. # sudo pip install pycryptodome==3.7.2 ENABLE_WEBDAV_SECRET = True # Turn on this option to let users to add a label to a library snapshot. Default is `False` ENABLE_REPO_SNAPSHOT_LABEL = False # mininum length for password of encrypted library REPO_PASSWORD_MIN_LENGTH = 8 # mininum length for password for share link (since version 4.4) SHARE_LINK_PASSWORD_MIN_LENGTH = 8 # minimum expire days for share link (since version 6.3.6) SHARE_LINK_EXPIRE_DAYS_MIN = 0 # default is 0, no limit. # maximum expire days for share link (since version 6.3.6) SHARE_LINK_EXPIRE_DAYS_MAX = 0 # default is 0, no limit. # default expire days for share link (since version 6.3.8) # only valid when SHARE_LINK_EXPIRE_DAYS_MIN and SHARE_LINK_EXPIRE_DAYS_MAX is configured # should be greater than or equal to MIN and less than or equal to MAX SHARE_LINK_EXPIRE_DAYS_DEFAULT = 0 # force user login when view file/folder share link (since version 6.3.6) SHARE_LINK_LOGIN_REQUIRED = False # enable water mark when view(not edit) file in web browser (since version 6.3.6) ENABLE_WATERMARK = False # Disable sync with any folder. Default is `False` # NOTE: since version 4.2.4 DISABLE_SYNC_WITH_ANY_FOLDER = True # Enable or disable library history setting ENABLE_REPO_HISTORY_SETTING = True # Enable or disable normal user to create organization libraries # Since version 5.0.5 ENABLE_USER_CREATE_ORG_REPO = True # Enable or disable user share library to any group # Since version 6.2.0 ENABLE_SHARE_TO_ALL_GROUPS = True # Enable or disable user to clean trash (default is True) # Since version 6.3.6 ENABLE_USER_CLEAN_TRASH = True # Whether to use pdf.js to view pdf files online. Default is `True`, you can turn it off. # NOTE: since version 1.4. USE_PDFJS = True # Online preview maximum file size, defaults to 30M. FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024 # Extensions of previewed text files. # NOTE: since version 6.1.1 TEXT_PREVIEW_EXT = """ac, am, bat, c, cc, cmake, cpp, cs, css, diff, el, h, html, htm, java, js, json, less, make, org, php, pl, properties, py, rb, scala, script, sh, sql, txt, text, tex, vi, vim, xhtml, xml, log, csv, groovy, rst, patch, go""" # Enable or disable thumbnails # NOTE: since version 4.0.2 ENABLE_THUMBNAIL = True # Seafile only generates thumbnails for images smaller than the following size. # Since version 6.3.8 pro, suport the psd online preview. THUMBNAIL_IMAGE_SIZE_LIMIT = 30 # MB # Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first. # For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html # NOTE: since version 6.1 ENABLE_VIDEO_THUMBNAIL = True # Use the frame at 5 second as thumbnail THUMBNAIL_VIDEO_FRAME_TIME = 1 # Absolute filesystem path to the directory that will hold thumbnail files. THUMBNAIL_ROOT = '/opt/seafile/seahub-data/thumbnail/thumb/' # Default size for picture preview. Enlarge this size can improve the preview quality. # NOTE: since version 6.1.1 THUMBNAIL_SIZE_FOR_ORIGINAL = 1024 # Enable cloude mode and hide `Organization` tab. # CLOUD_MODE = True # Disable global address book # ENABLE_GLOBAL_ADDRESSBOOK = False # Enable authentication with ADFS # Default is False # Since 6.0.9 # ENABLE_ADFS_LOGIN = True # Enable authentication wit Kerberos # Default is False # ENABLE_KRB5_LOGIN = True # Enable authentication with Shibboleth # Default is False # ENABLE_SHIBBOLETH_LOGIN = True # Disable settings via Web interface in system admin->settings # Default is True # Since 5.1.3 ENABLE_SETTINGS_VIA_WEB = False # Choices can be found here: # http://en.wikipedia.org/wiki/List_of_tz_zones_by_name # although not all choices may be available on all operating systems. # If running in a Windows environment this must be set to the same as your # system time zone. TIME_ZONE = 'Europe/Moscow' # Language code for this installation. All choices can be found here: # http://www.i18nguy.com/unicode/language-identifiers.html # Default language for sending emails. LANGUAGE_CODE = 'ru' # Custom language code choice. LANGUAGES = ( ('en', 'English'), ('ru', 'Русский'), ) # Set this to your website/company's name. This is contained in email notifications and welcome message when user login for the first time. SITE_NAME = 'Seafile' # Browser tab's title SITE_TITLE = 'Seafile internet-lab.ru' # If you don't want to run seahub website on your site's root path, set this option to your preferred path. # e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/. # SITE_ROOT = '/' # Max number of files when user upload file/folder. # Since version 6.0.4 MAX_NUMBER_OF_FILES_FOR_FILEUPLOAD = 500 # Control the language that send email. Default to user's current language. # Since version 6.1.1 # SHARE_LINK_EMAIL_LANGUAGE = '' # Interval for browser requests unread notifications # Since PRO 6.1.4 or CE 6.1.2 UNREAD_NOTIFICATIONS_REQUEST_INTERVAL = 3 * 60 # seconds # Whether to allow user to delete account, change login password or update basic user # info on profile page. # Since PRO 6.3.10 ENABLE_DELETE_ACCOUNT = False ENABLE_UPDATE_USER_INFO = True ENABLE_CHANGE_PASSWORD = True DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'seafile-seahub', 'USER': 'seafile', 'PASSWORD': 'ПАРОЛЬ', 'HOST': '127.0.0.1', 'PORT': '3306', 'OPTIONS': {'charset': 'utf8mb4'}, } } #LOGGING = { # 'version': 1, # 'disable_existing_loggers': False, # 'formatters': { # 'verbose': { # 'format': '%(process)-5d %(thread)d %(name)-50s %(levelname)-8s %(message)s' # }, # 'standard': { # 'format': '%(asctime)s [%(levelname)s] %(name)s:%(lineno)s %(funcName)s %(message)s' # }, # 'simple': { # 'format': '[%(asctime)s] %(name)s %(levelname)s %(message)s', # 'datefmt': '%d/%b/%Y %H:%M:%S' # }, # }, # 'filters': { # 'require_debug_false': { # '()': 'django.utils.log.RequireDebugFalse', # }, # 'require_debug_true': { # '()': 'django.utils.log.RequireDebugTrue', # }, # }, # 'handlers': { # 'console': { # 'filters': ['require_debug_true'], # 'class': 'logging.StreamHandler', # 'formatter': 'simple' # }, # 'syslog': { # 'class': 'logging.handlers.SysLogHandler', # 'address': '/dev/log', # 'formatter': 'standard' # }, # }, # # 'loggers': { # # root logger # # All logs printed by Seahub and any third party libraries will be handled by this logger. # '': { # 'handlers': ['console', 'syslog'], # 'level': 'DEBUG', # Logs when log level is higher than info. Level can be any one of DEBUG, INFO, WARNING, ERROR, CRITICAL. # 'disabled': False # }, # # This logger recorded logs printed by Django Framework. For example, when you see 5xx page error, you should check the logs recorded by this logger. # 'django.request': { # 'handlers': ['console', 'syslog'], # 'level': 'DEBUG', # 'propagate': False, # # }, # # }, # #}
Это не все настройки, больше смотрите в документации.
