![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2024-07-15
目錄
- Install on Ubunut 22
- Install on Centos 7
- Firewall Settings
- memcached
- nginx with ssl
- More Settings
- Run as Service
- Log
Install on Ubunut 22
apt
apt install libmemcached-dev libmysqlclient-dev
apt install python3 python3-{pip,pil,urllib3,setuptools,mysqldb,memcache,requests}
pip3
pip3 install --upgrade pip
pip3 install Pillow pylibmc captcha jinja2 sqlalchemy future mysqlclient pymysql
pip3 install django==3.2.* django-pylibmc django-simple-captcha
# Seafile 9 on U22
pip3 install pycryptodome==3.12.0
pip3 install lxml
# 安裝 cffi==1.14.X, 9.0.X 必須要此版本 !!
# 否則 seahub 會載入 _cffi_backend.cpython-310-x86_64-linux-gnu.so 失敗
apt-get install libffi-dev
cd /home/seafile/seafile-server-9.0.10/seahub/thirdpart
pip3 install --force-reinstall --upgrade --target ./ cffi==1.14.6
修改 ~/.bashrc
su seafile -s /bin/bash
echo "export LC_ALL=en_US.UTF-8" >>~/.bashrc
echo "export LANG=en_US.UTF-8" >>~/.bashrc
echo "export LANGUAGE=en_US.UTF-8" >>~/.bashrc
source ~/.bashrc
Install on Centos 7
Folder Layout
mkdir -p /home/seafile/installed
cd /home/seafile
wget http://x.x.x.x/seafile-server_6.0.8_x86-64.tar.gz
tar -zxf seafile-server_*.tar.gz
mv seafile-server_*.tar.gz installed
tree /home/seafile -L 2
/home/seafile
├── installed
│ └── seafile-server_6.0.8_x86-64.tar.gz
└── seafile-server-6.0.8
├── check_init_admin.py
├── reset-admin.sh
├── runtime
├── seaf-fsck.sh
├── seaf-fuse.sh
├── seaf-gc.sh
├── seafile
├── seafile.sh
├── seahub
├── seahub.sh
├── setup-seafile-mysql.py
├── setup-seafile-mysql.sh
├── setup-seafile.sh
└── upgrade
CentOS 7 上的 Package
yum install -y python-imaging MySQL-python python-memcached python-urllib3 python-distribute
yum install python-requests
yum install libjpeg-turbo
yum install python2-pip
pip install --upgrade Pillow
DB
yum install mariadb mariadb-server
systemctl enable mariadb
systemctl start mariadb
mysql_secure_installation
Three components of Seafile Server need their own databases:
ccnet server
seafile server
seahub
# 用 mysql root A/C 建立它們
cd seafile-server-*
./setup-seafile-mysql.sh # 此 script 支援 Setup in non-interactive way
# 答了堆問題 --------------------------------- This is your configuration --------------------------------- server name: MyFile server ip/domain: files.datahunter.org seafile data dir: /home/seafile/seafile-data fileserver port: 8082 database: create new ccnet database: ccnet-db seafile database: seafile-db seahub database: seahub-db database user: seafile
Running Seafile Server
cd /home/seafile/seafile-server-latest
start
./seafile.sh start # Start Seafile service (必須 start 了它之後再 start seahub)
./seahub.sh start <port> # Start seahub website, port defaults to 8000 (第一次 start 會問 admin pw)
stop
./seahub.sh stop
./seafile.sh stop
Checking
# pid
pgrep -f seafile-controller # check seafile processes
pgrep -f seahub # check seahub process
# port
netstat -ntlp | grep 80
tcp 0 0 0.0.0.0:8082 0.0.0.0:* LISTEN 23501/seaf-server tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN 23607/python2.7
# link
http://files.datahunter.org:8000
Configuration
/home/seafile/conf
ccnet.conf: contains the LDAP settings
seafile.conf: contains settings for seafile daemon and fileserver.
seahub_settings.py: contains settings for Seahub
Run User
useradd seafile -d /home/seafile -s /sbin/nologin
chown -R seafile. /home/seafile
Firewall Settings
fileserver 8082/tcp # daemon
seahub 8000/tcp # web server
* You don't need to open port 8000 and 8082 if you deploy Seafile behind Apache/Nginx. (443)
Centos 7
# raw fontend
firewall-cmd --add-port=8000/tcp --permanent
firewall-cmd --add-port=8082/tcp --permanent
# nginx fontend
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
firewall-cmd --reload
"SERVICE_URL"
In ccnet.conf.
It is used in generating share links and download/upload file via web
"FILE_SERVER_ROOT"
In seahub_settings.py
http://xxx/seafhttp. For file data transfer.
memcached
Seahub caches items (avatars, profiles, etc) on the file system in /tmp/seahub_cache/ by default.
# Install
yum install memcached
systemctl enable memcached
systemctl start memcached
yum install python-pip
pip install --upgrade pip
yum groupinstall "Development Tools"
yum install python-devel memcached-devel libmemcached-devel zlib zlib-devel
pip install pylibmc django-pylibmc
# Setup
seahub_settings.py
# V 6.2
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '127.0.0.1:11211',
}
}# V 6.3
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '/tmp/memcached.sock',
},
'locmem': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
},
}
COMPRESS_CACHE_BACKEND = 'locmem'nginx with ssl
# Install nginx
yum install -y nginx
# Create self-signed ssl
mkdir /etc/nginx/ssl
cd /etc/nginx/ssl
openssl genrsa -out privkey.pem 2048
chmod 600 privkey.pem
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095
/etc/nginx/conf.d/seafile.conf
server {
listen 80;
server_name files.datahunter.org;
# force redirect http to https
rewrite ^ https://$http_host$request_uri? permanent;
server_tokens off;
}
server {
listen 443; # listen 443 http2; # 如果要用 https, 就改用它
ssl on;
ssl_certificate /etc/nginx/ssl/cacert.pem;
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
server_name files.datahunter.org;
# security settings
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
server_tokens off;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
fastcgi_read_timeout 3600;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_request_buffering off;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
send_timeout 3600s;
}
location /media {
root /home/seafile/seafile-server-latest/seahub;
}
}systemctl enable nginx
systemctl start nginx
ccnet.conf
# SERVICE_URL = http://files.datahunter.org:8000 SERVICE_URL = https://files.datahunter.org
seahub_settings.py
# 加入 FILE_SERVER_ROOT = 'https://files.datahunter.org/seafhttp'
./seafile.sh start
./seahub.sh start-fastcgi
checking
├─memcached───5*[{memcached}]
├─mysqld_safe───mysqld───20*[{mysqld}]
├─nginx───2*[nginx]
├─python2.7───5*[python2.7]
├─seaf-server───51*[{seaf-server}]
├─seafile-control
一些設定的解釋
# By default Nginx will buffer large request body in temp file.
# After the body is completely received, Nginx will send the body to the upstream server
location /seafhttp {
... ...
proxy_request_buffering off;
}
Support http2
nginx -V |& grep --colour http_v2
compiled with HTTP/2 support:
--with-http_v2_module
More Settings
Files
- ccnet.conf
- seafile.conf
- seahub_settings.py
ccnet.conf
seafile.conf
[Database] # Default: 100 # 5.5.56-MariaDB: 151 # sql: show variables like 'max_connections'; MAX_CONNECTIONS = 100 [fileserver] # Set maximum upload file size to 200M. max_upload_size = 200 # Set maximum download directory size to 200M. max_download_dir_size = 200 # storage backend for storing multiple blocks in parallel max_indexing_threads = 2 # Set block size, Init MB, Default 1 fixed_block_size = 2 # an token to authorize the upload operation ( web interafece ) web_token_expire_time = 3600 # number of worker threads to server http requests. Default value is 10 worker_threads = 15 [quota] # default user quota in GB, integer only default = 2 [history] # revision history (days) keep_days = 7 [library_trash] # Seafile uses a system trash, where deleted libraries will be moved to. # How often trashed libraries are scanned for removal, default 1 day. scan_days = xx # How many days to keep trashed libraries, default 30 days. expire_days = xx
seahub_settings.py
# The config items are saved in database table (seahub-db/constance_config). # They have a higher priority over the items in config files. # Disable settings via Web interface in system admin->settings ENABLE_SETTINGS_VIA_WEB = True # Enalbe or disalbe registration on web. Default is `False`. ENABLE_SIGNUP = False # Whether to send email when a system admin adding a new member. Default is `True`. SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True # Whether to send email when a system admin resetting a user's password. Default is `True`. SEND_EMAIL_ON_RESETTING_USER_PASSWD = True # mininum length for user's password USER_PASSWORD_MIN_LENGTH = 6 # LEVEL based on four types of input: # num, upper letter, lower letter, other symbols # '3' means password must have at least 3 types of the above. USER_PASSWORD_STRENGTH_LEVEL = 3 # mininum length for password of encrypted library REPO_PASSWORD_MIN_LENGTH = 8 # mininum length for password for share link SHARE_LINK_PASSWORD_MIN_LENGTH = 8 # Enable or disable library history setting ENABLE_REPO_HISTORY_SETTING = True # Enable or disable normal user to create organization libraries ENABLE_USER_CREATE_ORG_REPO = True # Whether to use pdf.js to view pdf files online. USE_PDFJS = False TIME_ZONE = 'Asia/Hong_Kong' LANGUAGE_CODE = 'en' # Browser tab's title SITE_TITLE = 'Private Seafile' # Attempt limit before showing a captcha when login. LOGIN_ATTEMPT_LIMIT = 3 # Max number of files when user upload file/folder. MAX_NUMBER_OF_FILES_FOR_FILEUPLOAD = 1000 # Logo Setting #LOGO_PATH = 'custom/mylogo.png' #LOGO_WIDTH = 149 #LOGO_HEIGHT = 32
Run as Service (Start Seafile at System Bootup)
vim /etc/systemd/system/seafile.service
[Unit]
Description=Seafile
After=network.target mariadb.service
[Service]
Type=forking
ExecStart=/home/seafile/seafile-server-latest/seafile.sh start
ExecStop=/home/seafile/seafile-server-latest/seafile.sh stop
RemainAfterExit=yes
LimitNOFILE=infinity
User=seafile
Group=seafile
[Install]
WantedBy=multi-user.targetvim /etc/systemd/system/seahub.service
[Unit] Description=Seafile hub After=network.target seafile.service [Service] Type=forking # change start to start-fastcgi if you want to run fastcgi ExecStart=/home/seafile/seafile-server-latest/seahub.sh start ExecStop=/home/seafile/seafile-server-latest/seahub.sh stop User=seafile Group=seafile Type=oneshot RemainAfterExit=yes [Install] WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable seafile --now
systemctl enable seahub --now
Log
file
- seafile.log: logs of Seafile server
- controller.log: logs of Controller
- seahub_django_request.log: logs of Seahub
- seahub.log: logs from Django framework and emails sending
- Ccnet Log: logs/ccnet.log (logs for internal RPC, not useful)
logrotate
seafile-controller(since version 6.0.8) support reopenning logfile by receiving SIGUR1 signal.
/etc/logrotate.d/seafile
/home/seafile/logs/seafile.log
{
daily
missingok
rotate 7
compress
delaycompress
notifempty
sharedscripts
postrotate
[ ! -f /home/seafile/pids/seaf-server.pid ] || kill -USR1 `cat /home/seafile/pids/seaf-server.pid`
endscript
}
/home/seafile/logs/ccnet.log
{
daily
missingok
rotate 7
compress
delaycompress
notifempty
sharedscripts
postrotate
[ ! -f /home/seafile/pids/ccnet.pid ] || kill -USR1 `cat /home/seafile/pids/ccnet.pid`
endscript
}
/home/seafile/logs/controller.log
{
daily
missingok
rotate 7
compress
delaycompress
notifempty
sharedscripts
postrotate
[ ! -f /home/seafile/pids/controller.pid ] || kill -USR1 `cat /home/seafile/pids/controller.pid`
endscript
}
/home/seafile/logs/seahub.log
/home/seafile/logs/seahub_django_request.log
{
daily
missingok
rotate 7
compress
delaycompress
notifempty
sharedscripts
postrotate
[ ! -f /home/seafile/pids/controller.pid ] || kill -USR1 `cat /home/seafile/pids/controller.pid`
endscript
}
