Seafile开源网盘部署
系统版本 CentOS7.9
使用docker方式部署
一,官网下载docker-compose.yml文件
https://docs.seafile.com/d/cb1d3f97106847abbf31/files/?p=/docker/docker-compose.yml
将docker-compose.yml放在某一个目录下
[root@vm7 docker-compose]# pwd /mnt/seafile/docker-compose [root@vm7 docker-compose]# ls docker-compose.yml
编辑docker-compose.yml文件,修改相应值
version: '2.0' services: db: image: mariadb:10.5 container_name: seafile-mysql environment: - MYSQL_ROOT_PASSWORD=654321 #设置mysql数据库登录密码 - MYSQL_LOG_CONSOLE=true volumes: - /opt/seafile-mysql/:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store. networks: - seafile-net memcached: image: memcached:1.6 container_name: seafile-memcached entrypoint: memcached -m 256 networks: - seafile-net seafile: image: seafileltd/seafile-mc:latest container_name: seafile ports: # - "80:80"- "443:443" # 使用https方式,需打开此端口 volumes: - /opt/seafile-data:/shared # Requested, specifies the path to Seafile data persistent store. environment: - DB_HOST=db - DB_ROOT_PASSWD=654321 # 配置设置的mysql密码 - TIME_ZONE=Asia/Shanghai # 配置时区- SEAFILE_ADMIN_EMAIL=admin@qq.com # 配置登录账号,最好是有效的邮箱,密码忘记的时候可通过电子邮件找回- SEAFILE_ADMIN_PASSWORD=654321 # 配置seafile登录密码- SEAFILE_SERVER_LETSENCRYPT=false # Whether use letsencrypt to generate cert. - SEAFILE_SERVER_HOSTNAME=seafile.example.com # 配置你的域名 depends_on: - db - memcached networks: - seafile-net networks: seafile-net:
[root@vm7 docker-compose]# docker-compose up -d #启动容器 [root@vm7 docker-compose]# docker ps #查看容器已经启动 CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 13ab475e065b seafileltd/seafile-mc:latest "/sbin/my_init -- /s…" 8 seconds ago Up 6 seconds 80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp seafile b1e486191c97 mariadb:10.5 "docker-entrypoint.s…" 28 seconds ago Up 6 seconds 3306/tcp seafile-mysql 4ffdf1b4ab92 memcached:1.6 "memcached -m 256" 28 seconds ago Up 6 seconds 11211/tcp seafile-memcached
2,防火墙放行https
[root@vm7 docker-compose]# firewall-cmd --add-service=https success [root@vm7 docker-compose]# netstat -antp|grep 443 #查看端口已经被监听上了 tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 5337/docker-proxy tcp6 0 0 :::443
3,将ssl证书放在指定的位置
[root@vm7 ssl]# pwd /mnt/seafile/seafile-data/nginx/ssl [root@vm7 ssl]# ll 总用量 8 -rw-r--r-- 1 root root 1675 7月 21 11:05 cert.key -rw-r--r-- 1 root root 3805 7月 21 11:05 cert.pem
4,编辑nginx配置文件
[root@vm7 mnt]# vi seafile/seafile-data/nginx/conf/seafile.nginx.conf # -*- mode: nginx -*- # Auto generated at 07/21/2022 10:34:36 server {
#加入如下代码,证书文件必须存在,否则nginx会报错 listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate "/shared/nginx/ssl/cert.pem"; #注意这个证书路径是容器内部的路径 ssl_certificate_key "/shared/nginx/ssl/cert.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; server_name 域名;
5,重新启动seafile
[root@vm7 mnt]# docker restart seafile
seafile
6,登录系统 https://ip
登录报错
编辑nginx配置文件
[root@vm7 mnt]# vi seafile/seafile-data/nginx/conf/seafile.nginx.conf location / { proxy_pass http://127.0.0.1:8000/; proxy_read_timeout 310s; # proxy_set_header Host host; #更改host为$http_host proxy_set_header Host $http_host #更改后是这样 proxy_set_header Forwarded "for=$remote_addr;proto=$scheme"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Connection ""; proxy_http_version 1.1; client_max_body_size 0; access_log /var/log/nginx/seahub.access.log seafileformat; error_log /var/log/nginx/seahub.error.log; }
重新登录系统
配置上传和分享文件的url地址,否则不能正常上传文件
如需公网访问,需要将IP改为公网域名+端口
二,配置onlyoffice协同编辑,与邮件服务
[root@vm7 mnt]# vi seafile/seafile-data/seafile/conf/seahub_settings.py # -*- coding: utf-8 -*- SECRET_KEY = "b'201@!k_a0-#t#l!gtzx!n+#f$s7x-@f^$50e$y&)v5)!9#j=ee'" SERVICE_URL = "https://域名:端口" DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'seahub_db', 'USER': 'seafile', 'PASSWORD': 'abf2351e-b957-4edf-a196-062fc0825d8a', 'HOST': 'db', 'PORT': '3306', 'OPTIONS': {'charset': 'utf8mb4'}, } } CACHES = { 'default': { 'BACKEND': 'django_pylibmc.memcached.PyLibMCCache', 'LOCATION': 'memcached:11211', }, 'locmem': { 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', }, } COMPRESS_CACHE_BACKEND = 'locmem' TIME_ZONE = 'Asia/Shanghai'
#配置onlyoffice协同编辑预览功能 # Enable Only Office ENABLE_ONLYOFFICE = True VERIFY_ONLYOFFICE_CERTIFICATE = True ONLYOFFICE_APIJS_URL = 'https://域名:端口/web-apps/apps/api/documents/api.js' #ONLYOFFICE_APIJS_URL = 'https://onlyoffice.seafile.top/web-apps/apps/api/documents/api.js' ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods') ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx')
#配置邮件服务 #Email Server EMAIL_USE_SSL = False EMAIL_HOST = 'smtp.163.com' EMAIL_HOST_USER = 'xxx@163.com' EMAIL_HOST_PASSWORD = 'password' EMAIL_PORT = '25' "seafile/seafile-data/seafile/conf/seahub_settings.py" 47L, 1442C
三,docker部署onlyoffice
docker run -i -t -d -p 8088:80 -p 8443:443 --name onlyoffice --restart=always / -v /opt/seafile-onlyoffice/log:/var/log/onlyoffice / -v /opt/seafile-onlyoffice/data:/var/www/onlyoffice/Data / -v /opt/seafile-onlyoffice/lib:/var/lib/onlyoffice / -v /opt/seafile-onlyoffice/db:/var/lib/postgresql onlyoffice/documentserver
onlyoffice ssl配置
进入容器内部,编辑nginx配置文件
root@75def01f3929:/etc/nginx/conf.d/ds.conf #做如下配置,同样的证书文件必须存在否则nginx启动会报错 server { listen 0.0.0.0:443 ssl http2; listen [::]:443 ssl http2 default_server; server_tokens off; root /usr/share/nginx/html; ssl_certificate /mnt/ssl/cert.pem; ssl_certificate_key /mnt/ssl/cert.key; ssl_verify_client off; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_protocols TLSv1.2; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_prefer_server_ciphers on; add_header Strict-Transport-Security max-age=31536000; add_header X-Content-Type-Options nosniff; include /etc/nginx/includes/ds-*.conf; }
默认情况下onlyoffice自带的字体比较少,我们可以导入额外的字体文件进去
1,上传字体文件到某个文件夹下,字体可以从windows系统中拷贝
[root@onlyoffice font]# ll -rw-r--r-- 1 manage manage 980756 12月 7 2019 arialbd.ttf -rw-r--r-- 1 manage manage 721144 12月 7 2019 arialbi.ttf -rw-r--r-- 1 manage manage 717428 12月 7 2019 ariali.ttf -rw-r--r-- 1 manage manage 180084 2月 5 2021 ARIALNBI.TTF -rw-r--r-- 1 manage manage 180740 2月 5 2021 ARIALNB.TTF -rw-r--r-- 1 manage manage 181124 2月 5 2021 ARIALNI.TTF -rw-r--r-- 1 manage manage 175956 2月 5 2021 ARIALN.TTF -rw-r--r-- 1 manage manage 1036584 12月 7 2019 arial.ttf -rw-r--r-- 1 manage manage 167592 12月 7 2019 ariblk.ttf -rw-r--r-- 1 manage manage 805244 12月 7 2019 courbd.ttf -rw-r--r-- 1 manage manage 577488 12月 7 2019 courbi.ttf -rw-r--r-- 1 manage manage 667440 12月 7 2019 couri.ttf -rw-r--r-- 1 manage manage 806504 12月 7 2019 cour.ttf -rw-r--r-- 1 manage manage 16218920 10月 15 2019 Dengb.ttf -rw-r--r-- 1 manage manage 15150940 10月 15 2019 Dengl.ttf
2,将字体文件拷入容器内部
[root@onlyoffice font]# docker cp ./ onlyoffice:/usr/share/fonts/ #拷贝文件到容器内部的/usr/share/fonts/目录 [root@onlyoffice font]# docker exec -it onlyoffice bash #进入容器内部 root@75def01f3929:/# cd /usr/share/fonts/ #可以进入目录先看一眼字体文件是否正常拷贝进来 root@75def01f3929:/usr/share/fonts# ll total 316120 drwxr-xr-x 1 root root 4096 Sep 5 13:23 ./ drwxr-xr-x 1 root root 231 May 30 00:33 ../ -rw-r--r-- 1 1000 1000 980756 Dec 7 2019 arialbd.ttf -rw-r--r-- 1 1000 1000 721144 Dec 7 2019 arialbi.ttf -rw-r--r-- 1 1000 1000 717428 Dec 7 2019 ariali.ttf -rw-r--r-- 1 1000 1000 180084 Feb 5 2021 ARIALNBI.TTF -rw-r--r-- 1 1000 1000 180740 Feb 5 2021 ARIALNB.TTF -rw-r--r-- 1 1000 1000 181124 Feb 5 2021 ARIALNI.TTF -rw-r--r-- 1 1000 1000 175956 Feb 5 2021 ARIALN.TTF
3,运行脚本加载字体文件
root@75def01f3929:/usr/share/fonts# /usr/bin/documentserver-generate-allfonts.sh #运行此脚本
Generating AllFonts.js, please wait...Done
Generating presentation themes, please wait...Done
ds:docservice: stopped
ds:docservice: started
ds:converter: stopped
ds:converter: started
字体导入完成
四,使用域名访问让ssl生效
