Linux - Seafile

0. 摘要

  Seafile 是一款开源的企业云盘,注重可靠性和性能。支持 Windows, Mac, Linux, iOS, Android 平台。支持文件同步或者直接挂载到本地访问。

  AWS(亚马逊云)对新注册的用户提供一年的免费套餐(套餐包括EC2、RDS、S3等云产品)

  本文介绍使用 AWS 的 EC2 和 RDS 搭建企业云盘Seafile,在AWS的1年的试用期内,不需要任何费用。

1. 架构图

  AWS产品的使用参照官方教程,对于从未使用过AWS产品的可以学习慕课网 AWS的入门与使用 

  搭建之前可以先体验一下官方已经搭建好的案例:https://demo.seafile.top/

  

 

2.  Seafile的搭建(MySQL)

  本文的搭建步骤完全参照官方文档 部署 Seafile 服务器(使用 MySQL/MariaDB)进行

2.1 MySQL的部署

  提前部署好MySQL,使EC2能够连接到MySQL,并在MySQL中创建数据库seafile,用于存储Seafile数据,并授权数据库用户sfuser对数据库seafile拥有所有权限。

MariaDB [(none)]> create database seafile default charset utf8;
MariaDB [(none)]> grant all on seafile.* to 'sfuser'@'%' identified by '123';

2.2 配置EPEL源,用于安装Seafile依赖的软件

  • 在 RHEL 7 和 Amazon Linux 2 上安装并启用 EPEL rpm 软件包
$ sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
  • 在 RHEL 6 上安装并启用 EPEL rpm 软件包
$ sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
  • 在 CentOS 7 64 位、CentOS 6 64 位和 CentOS 6 32 位上安装并启用 EPEL rpm 软件包
$ sudo yum install -y epel-release
  • 在 Amazon Linux 上安装并启用 EPEL rpm 软件包
$ sudo yum-config-manager --enable epel

2.3 EC2(CentOS7系统)上安装Seafile依赖的软件和库

  Seafile依赖以下软件和库

MariaDB 或者 MySQL 服务器 (MariaDB 是 MySQL 的分支)
python 2.7 (从 Seafile 5.1 开始,python 版本最低要求为2.7)
python-setuptools
python-imaging
python-mysqldb
python-ldap
python-urllib3
python-memcache (或者 python-memcached)

  EC2(CentOS7)上安装依赖的软件和库

$ sudo yum -y install python-pip
$ sudo yum -y install python-imaging MySQL-python python-memcached python-ldap python-urllib3 ffmpeg ffmpeg-devel
$ sudo pip install pillow moviepy

 2.4 下载Seafile源码包,解压安装

  1. 从Seafile官网 https://www.seafile.com/download/ 下载相应版本的源码包

  2. 由于Seafile直接使用源码包里的Shell脚本进行安装、启动、停止服务,所以我们得提前计划好一个路径用于存储这些文件。

# 将源码包解压到/zhubiao/seafile目录小
$ sudo tar -C /zhubiao/seafile -xvf seafile-server_6.3.2_x86-64.tar.gz

# 解压后的目录如下
$ sudo tree -L 2 /zhubiao/seafile
/zhubiao/seafile
└── seafile-server-6.3.2
├── check_init_admin.py
├── reset-admin.sh
├── runtime
├── seaf-fsck.sh
├── seaf-fuse.sh
├── seaf-gc.sh
├── seafile
├── seafile.sh
├── seahub
├── seahub.sh
├── setup-seafile-mysql.py
├── setup-seafile-mysql.sh
├── setup-seafile.sh
└── upgrade

  3. 安装,并回答预设的问题

# 进入源码包目录
$ cd /zhubiao/seafile/seafile-server-6.3.2/

# 执行Shell脚本安装,并根据脚本提示回答预设的问题
$ sudo ./setup-seafile-mysql.sh 

...
Press ENTER to continue
-----------------------------------------------------------------
# 此处按ENTER继续
What is the name of the server? It will be displayed on the client.
3 - 15 letters or digits
[ server name ] zhubiao # 输入自己喜欢的名字

What is the ip or domain of the server?
For example: www.mycompany.com, 192.168.1.101
[ This server's ip or domain ] file.happyhome.fun #输入域名或主机IP

Where do you want to put your seafile data?
Please use a volume with enough free space
[ default "/zhubiao/seafile/seafile-data" ] #输入存放数据的目录

Which port do you want to use for the seafile fileserver?
[ default "8082" ] #输入seafile 服务启动端口

-------------------------------------------------------
Please choose a way to initialize seafile databases:
-------------------------------------------------------

[1] Create new ccnet/seafile/seahub databases
[2] Use existing ccnet/seafile/seahub databases

[ 1 or 2 ] 2 #由脚本自动创建数据库,还是使用自己安装的MySQL数据库,选择2,则下面需要填数据库的连接信息

What is the host of mysql server?
[ default "localhost" ] xxxx.rds.amazonaws.com #数据库连接地址

From which hosts could the mysql account be used?
[ default "%" ] #数据库允许连接的地址

What is the port of mysql server?
[ default "3306" ] #数据库端口

Which mysql user to use for seafile?
[ mysql user for seafile ] sfuser #数据库连接用户
 
What is the password for mysql user "sfuser"?
[ password for sfuser ] #数据库密码

verifying password of user sfuser ... done

Enter the existing database name for ccnet:
[ ccnet database ] seafile

verifying user "sfuser" access to database seafile ... done

Enter the existing database name for seafile:
[ seafile database ] seafile

verifying user "sfuser" access to database seafile ... done

Enter the existing database name for seahub:
[ seahub database ] seafile

verifying user "sfuser" access to database seafile ... done

---------------------------------
This is your configuration
---------------------------------

server name: zhubiao
server ip/domain: file.happyhome.fun

seafile data dir: /zhubiao/seafile/seafile-data
fileserver port: 8082

database: use existing
ccnet database: seafile
seafile database: seafile
seahub database: seafile
database user: sfuser

---------------------------------
Press ENTER to continue, or Ctrl-C to abort
---------------------------------
# 核对上面的信息,正确按ENTER继续
...

 2.5 启动Seafile服务

  在源码包根目录下有Seafile和Seahub服务的启动脚本,执行启动

# 启动seafile服务,默认监听8082端口
$ sudo ./seafile.sh start

# 启动seahub服务,默认监听8000端口,客户端连接该端口进行云盘的管理,并根据脚本提示设置管理员账号和密码
$ sudo ./seahub.sh start

LC_ALL is not set in ENV, set to en_US.UTF-8
Starting seahub at port 8000 ...
----------------------------------------
It's the first time you start the seafile server. Now let's create the admin account
----------------------------------------
What is the email for the admin account?
[ admin email ] xxxx@xx.com  #输入管理员邮箱,此邮箱也是管理员账号

What is the password for the admin account? #输入管理员密码
[ admin password ] 

Enter the password again: #再次输入管理员密码
[ admin password again ] 

----------------------------------------
Successfully created seafile admin
----------------------------------------
Seahub is started
Done.

  查看监听的端口是否启动

$ sudo netstat -tunlp | egrep '8000|8082'
tcp        0      0 0.0.0.0:8000            0.0.0.0:*               LISTEN      14890/python2.7     
tcp        0      0 0.0.0.0:8082            0.0.0.0:*               LISTEN      14851/seaf-server

2.6 开机自启动

  创建systemd服务文件

# 创建seafile.service
$ sudo vim /etc/systemd/system/seafile.service
[Unit]
Description=Seafile
# add mysql.service or postgresql.service depending on your database to the line below
After=network.target

[Service]
Type=oneshot
ExecStart=${seafile_dir}/seafile-server-latest/seafile.sh start
ExecStop=${seafile_dir}/seafile-server-latest/seafile.sh stop
RemainAfterExit=yes
User=seafile
Group=seafile

[Install]
WantedBy=multi-user.target

# 创建seahub.service
$ sudo vim /etc/systemd/system/seahub.service
[Unit]
Description=Seafile hub
After=network.target seafile.service

[Service]
# change start to start-fastcgi if you want to run fastcgi
ExecStart=${seafile_dir}/seafile-server-latest/seahub.sh start
ExecStop=${seafile_dir}/seafile-server-latest/seahub.sh stop
User=seafile
Group=seafile
Type=oneshot
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

 

  设置开机自启动

sudo systemctl enable seafile.service
sudo systemctl enable seahub.service

 

2.7 测试登录

  浏览器中输入网址http://file.happyhome.fun:8000测试

  

  

 

3. 使用Nginx反向代理,并配置HTTPS

3.1 申请Let's Encrypt免费SSL证书

  通过网站https://freessl.org 申请SSL免费证书,Let's Encrypt品牌证书可以申请通配符域名证书,但有效期只有3个月,3个月后需要重新申请。

  

  根据向导,就可以完成证书的申请、将证书下载后妥善保存(特别是私钥,一定不能泄露)

3.2 Nginx下配置Seahub,并启用HTTPS

  安装Nginx

$ sudo yum -y install nginx

  将证书和私钥上传到EC2服务器 /etc/nginx/conf.d/ssl 目录下,同时通过openssl命令生成密钥交换协议文件dhparam.pem,也保存在该目录下。

# 创建目录
$ sudo mkdir /etc/nginx/conf.d/ssl

# 使用openssl命令生成dhparam.pem,将该文件和申请到的的私钥private.key和cacert.pem同时存放于ssl目录下,以便nginx配置文件中引用。
$ sudo openssl dhparam -out dhparam.pem -text 2048
$ tree /etc/nginx/conf.d/ssl/
/etc/nginx/conf.d/ssl/
├── cacert.pem
├── dhparam.pem
└── private.key

  配置Nginx反向代理seahub、seafile服务,并配置SSL证书,启用HTTPS协议,Nginx配置文件如下

$ vim /etc/nginx/conf.d/seafile.conf 
server {
    listen 80;
    server_name file.happyhome.fun;
    # 通过重写,永久定向到HTTPS协议
    rewrite ^ https://$http_host$request_uri? permanent;
    server_tokens off;
}

server {
    listen 443;
    ssl on;
    ssl_certificate /etc/nginx/conf.d/ssl/cacert.pem;        # 证书文件路径
    ssl_certificate_key /etc/nginx/conf.d/ssl/private.key;    # 私钥文件路径
    server_name file.happyhome.fun;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem;     #交换密钥协议文件路径

    # secure settings (A+ at SSL Labs ssltest at time of writing)
    # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    proxy_set_header X-Forwarded-For $remote_addr;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;

  # 反向代理seahub服务
    location / {
        proxy_pass         http://127.0.0.1:8000;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto https;

        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;

        proxy_read_timeout  1200s;

        client_max_body_size 0;
    }

  #反向代理seafile服务
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
        proxy_request_buffering off;  #取消上传文件大小的限制
    }

    location /media {
        root /zhubiao/seafile/seafile-server-latest/seahub;
    }
}

  重启Nginx

$ sudo systemctl restart nginx

  修改 SERVICE_URL 和 FILE_SERVER_ROOT

    由于我们使用Nginx做了反向代理,原来seafile配置文件中的 SERVICE_URL 和 FILE_SERVER_ROOT路径也需要修改,对于5.0版本的Seafile直接通过WEB客户端进行修改。

    登录WEB客户端,点击右上角头像处的倒三角符 --> 系统管理 --> 设置,修改Nginx中所配置的URL

  

  重启seahub和seafile服务

$ cd /zhubiao/seafile/seafile-server-6.3.2/
$ sudo ./seahub.sh stop
$ sudo ./seafile.sh stop
$ sudo ./seafile.sh start
$ sudo ./seahub.sh start

3.3 验证通过HTTPS访问Seafile云盘

  

 

4. Seafile的使用

  官网对Seafile的使用有详细的帮助文档 https://help.seafile.com/zh

 

5. 参考文档及视频教程

  [慕课网视频] AWS的入门与使用

  [极客学院] AWS 云中网络服务 

  [Seafile官网] 服务器手册

  [Seafile官网] 使用帮助

  [AWS官网] AWS官方文档

  

 

posted @ 2018-09-03 00:48  朱标  阅读(1043)  评论(0编辑  收藏  举报