VPS-Centos手动安装Seafile私有云(专业版)

Seafile 搭建可以参照官方服务手册

官方提供两个版本

  • 开源版
  • 专业版

部署方式主要有两种

相关文章

下载专业版安装包

专业版获取方法请咨询官方

登录 用户中心 - Downloads

1

安装MariaDB、Python、Nginx、java

安装Seafile服务器之前,请确认已安装以下软件,对比社区版,多了些内容

MariaDB 或者 MySQL 服务器 (MariaDB 是 MySQL 的分支)
python 2.7 (从 Seafile 5.1 开始,python 版本最低要求为2.7)
python-setuptools
python-imaging
python-mysqldb
python-ldap
python-urllib3
python-memcache (或者 python-memcached)
#实际上比社区版就多了如下两个
 java 1.7 以上
poppler-utils

执行如下进行安装

yum -y install epel-release
yum update
yum -y install java-1.7.0-openjdk mariadb-server nginx poppler-utils python-setuptools
yum -y install python-imaging MySQL-python python-memcached python-ldap python-urllib3 ffmpeg ffmpeg-devel

若提示没有可用没有可用软件包ffmpeg ffmpeg-devel执行以下操作

rpm -Uvh http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-1.el7.nux.noarch.rpm
yum install -y ffmpeg ffmpeg-devel

继续

pip install pillow moviepy

若提示-bash: pip: 未找到命令,执行以下操作

yum install -y python-pip
pip install --upgrade pip
pip install pillow moviepy

至此依赖安装结束,建议再次执行命令确认没有漏掉

yum -y install java-1.7.0-openjdk mariadb-server nginx poppler-utils python-setuptools python-imaging MySQL-python python-memcached python-ldap python-urllib3 ffmpeg ffmpeg-devel

配置MariaDB

systemctl start mariadb.service
systemctl enable mariadb.service
mysql_secure_installation

按照提示配置

Enter current password for root (enter for none):回车  #初次运行直接回车
Set root password? [Y/n] 回车  #是否设置root用户密码
New password: ******  #设置root用户密码
Re-enter new password: ******  #再输入一次
Remove anonymous users? [Y/n] 回车  #是否删除匿名用户,生产环境建议删除,所以直接回车
Disallow root login remotely? [Y/n] 回车  #是否禁止root远程登录
Remove test database and access to it? [Y/n] 回车  #是否删除test数据库,直接回车
Reload privilege tables now? [Y/n] 回车  #是否重新加载权限表,直接回车

目录设计

mkdir -p /var/www/haiwen
cd /var/www/haiwen
#将之前下载的安装包上传至haiwen目录(scp,winscp随你)
tar -xzf seafile-pro-server_6.2.8_x86-64.tar.gz
mkdir installed
mv seafile-pro-server_* installed

现在,你的目录看起来应该像这样:

yum -y install tree
tree /var/www/haiwen -L 2

输出目录结构

/var/www/haiwen
├── installed
│   └── seafile-pro-server_6.2.8_x86-64.tar.gz
└── seafile-pro-server-6.2.8
    ├── check-db-type.py
    ├── check_init_admin.py
    ├── create-db
    ├── migrate.py
    ├── migrate.sh
    ├── migrate-to-ceph.sh
    ├── pro
    ├── reset-admin.sh
    ├── runtime
    ├── seaf-backup-cmd.py
    ├── seaf-backup-cmd.sh
    ├── seaf-encrypt.sh
    ├── seaf-fsck.sh
    ├── seaf-fuse.sh
    ├── seaf-gc.sh
    ├── seaf-gen-key.sh
    ├── seafile
    ├── seafile-background-tasks.sh
    ├── seafile.sh
    ├── seaf-import.sh
    ├── seafobj_migrate.py
    ├── seahub
    ├── seahub-extra
    ├── seahub.sh
    ├── setup-seafile-mysql.py
    ├── setup-seafile-mysql.sh
    ├── setup-seafile.sh
    └── upgrade

9 directories, 22 files

这样设计目录的好处在于

  • seafile相关的配置文件都可以放在haiwen目录下,便于集中管理.
  • 后续升级时,你只需要解压最新的安装包到haiwen目录下.

安装Seafile

cd /var/www/haiwen/seafile-pro-server-6.2.8
./setup-seafile-mysql.sh

如果提示

Can't find a python executable of version 2.7 or above in PATH
Install python 2.7+ before continue.
Or if you installed it in a non-standard PATH, set the PYTHON enviroment varirable to it

执行以下代码

yum install -y which
./setup-seafile-mysql.sh

安装过程会引导配置Seafile的各项参数

[ server name ]  vps1
#服务器名称,随意设置

[ This server's ip or domain ]  107.172.*.*
#域名或ip 填写你vps的ip

[ default "/var/www/haiwen/seafile-data" ]  回车
#设置数据存放目录,默认就好

[ default "8082" ]  回车
#tcp端口,默认8082不能改

Please choose a way to initialize seafile databases:
[1] Create new ccnet/seafile/seahub databases
[2] Use existing ccnet/seafile/seahub databases
[ 1 or 2 ]  1
#选择创建数据库方式,1现在创建,2使用之前创建过的

What is the host of mysql server?
[ default "localhost" ]  回车
#数据库主机,默认就好

What is the port of mysql server?
[ default "3306" ]  回车
#数据库端口,默认就好

what is the password of the mysql root user?
[ root password ]  ××××××
#数据库root用户的密码

Enter the name for mysql user of seafile. It would be created if not exists.
[ default "seafile" ]  回车
#为数据库seafile创建用户,填写用户名,默认为seafile

Enter the password for mysql user "seafile":
[ password for seafile ]  ××××××
#为数据库用户seafile设置密码,随意设置,记住就好

Enter the database name for ccnet-server:
[ default "ccnet-db" ]  回车
#设置ccnet-server数据库名称,默认默认就好

Enter the database name for seafile-server:
[ default "seafile-db" ]  回车
#设置seafile-server数据库名称,默认就好

Enter the database name for seahub:
[ default "seahub-db" ]  回车
#设置seahub数据库名称,默认就好

---------------------------------
This is your configuration
---------------------------------

server name:            vps1
server ip/domain:       107.172.*.*

seafile data dir:       /var/www/haiwen/seafile-data
fileserver port:        8082

database:               create new
ccnet database:         ccnet-db
seafile database:       seafile-db
seahub database:        seahub-db
database user:          seafile

#输出设置详情,回车继续安装,直至结束

启动Seafile、Seahub服务

./seafile.sh start
./seahub.sh start

在执行./seafile.sh start时会输出

** Message: seafile-controller.c(1124): loading seafdav config from /var/www/haiwen/conf/seafdav.conf

[02/06/18 15:30:08] ../common/session.c(139): using config file /var/www/haiwen/conf/ccnet.conf
[02/06/18 15:30:08] ../common/license.c(440): Loading license file /var/www/haiwen/seafile-license.txt ..
[02/06/18 15:30:08] ../common/license.c(443): License file /var/www/haiwen/seafile-license.txt does not exist, allow at most 3 trial users
License file /var/www/haiwen/seafile-license.txt does not exist, allow at most 3 trial users
Starting seafile server, please wait ...
** Message: seafile-controller.c(1124): loading seafdav config from /var/www/haiwen/conf/seafdav.conf

Seafile server started

Done.

这段话的意思是指

seafile专业版的授权文件不存在,最多允许3用户。

在执行seahub.sh过程中,会被要求设置seafile管理员帐号(邮箱注册)、密码。

What is the email for the admin account?
[ admin email ] [email protected]
#输入管理员邮箱

What is the password for the admin account?
[ admin password ] ××××××
#管理员密码
Enter the password again:
[ admin password again ] ××××××
#再次输入密码

完成后,可以在浏览器打开服务器地址107.172.*.*:8000,进行测试。

如果测试不成功那是因为防火墙没打开相应端口,没有关系,由于下面还要配置SSL,所以防火墙我是在最后配置的。
如果你非要现在打开

firewall-cmd --zone=public --add-port=8000/tcp --permanent
firewall-cmd --zone=public --add-port=8082/tcp --permanent
firewall-cmd --reload

pan.augustdoit.info

配置Seafile和Seahub服务

需要先停止seafileseahub

./seafile.sh stop
./seahub.sh stop

seafile作为nginx用户及组

cd /var/www/
chown -R nginx:nginx *
chown -R nginx:nginx /tmp/seahub_cache

创建seafile服务

vi /etc/systemd/system/seafile.service

内容如下

[Unit]
Description=Seafile
# add mysql.service or postgresql.service depending on your database to the line below
Before=seahub.service
After=network.target mariadb.service

[Service]
Type=oneshot
# 注意目录地址
ExecStart=/var/www/haiwen/seafile-server-latest/seafile.sh start
ExecStop=/var/www/haiwen/seafile-server-latest/seafile.sh stop
RemainAfterExit=yes
# 注意用户和组
User=nginx
Group=nginx

[Install]
WantedBy=multi-user.target

创建seahub服务

vi /etc/systemd/system/seahub.service

内容如下

[Unit]
Description=Seafile hub
After=network.target seafile.service mariadb.service

[Service]
# 注意目录及start-fastcgi
ExecStart=/var/www/haiwen/seafile-server-latest/seahub.sh start-fastcgi
ExecStop=/var/www/haiwen/seafile-server-latest/seahub.sh stop
User=nginx
Group=nginx
Type=oneshot
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

保存退出

使配置生效

systemctl daemon-reload
systemctl start seafile
systemctl enable seafile
systemctl start seahub
systemctl enable seahub

Nginx SSL 域名设置

如果有直接拿来用就好,如果没有可用以下方法申请

申请Let’s Encrypt证书


设置web-root目录,创建seafile-nginx配置文件

vi /etc/nginx/conf.d/seafile.conf

粘贴如下字段,注意域名及目录地址

server {
    listen      80;
    server_name pan.augustdoit.info;

    location '/.well-known/acme-challenge' {
        default_type "text/plain";
        root /var/www/haiwen;
    }
}

安装cerbot获取证书

yum install epel-release
yum install certbot
nginx -s reload
certbot certonly --webroot -w /var/www/haiwen/ -d pan.augustdoit.info

输出

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/pan.augustdoit.info/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/pan.augustdoit.info/privkey.pem
   Your cert will expire on 2018-05-02. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

会生成证书文件

ls /etc/letsencrypt/live/pan.augustdoit.info/
cert.pem  chain.pem  fullchain.pem  privkey.pem  README

配置Nginx

vi /etc/nginx/conf.d/seafile.conf

粘贴配置文件如下:
注意域名SSL证书目录,/media的替换

server {
    listen       80;
    server_name  pan.augustdoit.info;
    rewrite ^ https://$http_host$request_uri? permanent;    #强制将http重定向到https
    server_tokens off;
}
server {
    listen 443;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/pan.augustdoit.info/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/pan.augustdoit.info/privkey.pem;
    server_name pan.augustdoit.info;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
    ssl_prefer_server_ciphers on;

    proxy_set_header X-Forwarded-For $remote_addr;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;

    location / {
        fastcgi_pass    127.0.0.1:8000;
        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
        fastcgi_param   PATH_INFO           $fastcgi_script_name;

        fastcgi_param   SERVER_PROTOCOL     $server_protocol;
        fastcgi_param   QUERY_STRING        $query_string;
        fastcgi_param   REQUEST_METHOD      $request_method;
        fastcgi_param   CONTENT_TYPE        $content_type;
        fastcgi_param   CONTENT_LENGTH      $content_length;
        fastcgi_param   SERVER_ADDR         $server_addr;
        fastcgi_param   SERVER_PORT         $server_port;
        fastcgi_param   SERVER_NAME         $server_name;
        fastcgi_param   REMOTE_ADDR         $remote_addr;
        fastcgi_read_timeout 36000;

        client_max_body_size 0;

        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
        proxy_request_buffering off;
    }
    location /media {
        root /var/www/haiwen/seafile-server-latest/seahub;
    }
    location '/.well-known/acme-challenge' {
    default_type "text/plain";
    root /var/www/haiwen;
    }
}

测试Nginx配置

nginx -t

启动Nginx

systemctl start nginx

配置域名

vi /var/www/haiwen/conf/ccnet.conf
#修改如下字段
SERVICE_URL = https://pan.augustdoit.info

vi /var/www/haiwen/conf/seahub_settings.py
#增加如下字段
FILE_SERVER_ROOT = 'https://pan.augustdoit.info/seafhttp'

保存并退出

重启服务并添加开机启动

systemctl restart seafile
systemctl restart seahub

systemctl enable nginx
systemctl enable mariadb
systemctl enable seafile
systemctl enable seahub

设置Let’s Encrypt证书自动续期

添加计划任务

crontab -e

添加字段

30 3 1 * * /bin/certbot renew --quiet --post-hook "nginx -s reload"
#每月1日3时30分续期

配置防火墙firewalld

我用的vps默认不装firewalld,所以上文也没有提到打开端口的事。

yum -y install firewalld
systemctl start firewalld
systemctl enable firewalld

添加http https端口

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent

多说一句,如果你改了ssh的默认端口,别忘了添加

firewall-cmd --reload
#检查一下
firewall-cmd --permanent --list-port
输出
80/tcp 443/tcp

测试

pan.augustdoit.info