seafile install - downgoon/hello-world GitHub Wiki
Seafile 通过“资料库”来分类管理文件,每个资料库可单独同步,用户可加密资料库, 且密码不会保存在服务器端,所以即使是服务器管理员也无权访问你的文件。
Seafile 允许用户创建“群组”,在群组内共享和同步文件,方便了团队协同工作。
按块存储: 视频网站的长视频都是按块存储的。
Seafile 把文件文件分块保存在服务器,以便支持版本之间的去重,大文件断点续传等等。文件块可以用 seaf-fsck 工具重新拼接成原文件。也可以用 seaf-fuse 工具挂载到服务器上,以普通文件系统的方式访问。
seafile 提供服务端和客户端
服务端支持:
-
Linux 平台
-
Centos 7
-
Ubuntu 16.04
-
Debian 8
-
Windows 平台:
客户端支持:
- PC:各个平台 + 命令行 (Ubuntu/Debian/Fedora)
- 移动端:iphone + 安卓
下载 centos 7 下,64bit 安装包:
$ wget http://seafile-downloads.oss-cn-shanghai.aliyuncs.com/seafile-server_6.0.7_x86-64.tar.gz下载页面: https://www.seafile.com/download/
$ yum install python-setuptools python-imaging python-ldap MySQL-python python-memcached python-urllib3如果是基于 SQLite 存储,则执行:
$ ./setup-seafile.sh如果是基于 MySQL 存储,则执行:
$ ./setup-seafile-mysql.sh初始化 setup 脚本会进行一些 依赖环境的确认 和 配置设置。
- 依赖确认:
Checking packages needed by seafile ...
Checking python on this machine ...
Find python: python2.7
Checking python module: setuptools ... Done.
Checking python module: python-imaging ... Done.
Checking python module: python-sqlite3 ... Done.
Checking for sqlite3 ...Done.
Checking Done.
- 初始化配置
What would you like to use as the name of this seafile server?
Your seafile users will be able to see the name in their seafile client.
You can use a-z, A-Z, 0-9, _ and -, and the length should be 3 ~ 15
[server name]: bopan
What is the ip or domain of this server?
For example, www.mycompany.com, or, 192.168.1.101
[This server's ip or domain]: downgoon.xyz
Where would you like to store your seafile data?
Note: Please use a volume with enough free space.
[default: /root/downgoon/seafile-data ]
What tcp port do you want to use for seafile fileserver?
8082 is the recommended port.
[default: 8082 ]
This is your config information:
server name: bopan
server ip/domain: downgoon.xyz
seafile data dir: /root/downgoon/seafile-data
fileserver port: 8082
If you are OK with the configuration, press [ENTER] to continue.
Generating ccnet configuration in /root/downgoon/ccnet...
done
Successly create configuration dir /root/downgoon/ccnet.
Generating seafile configuration in /root/downgoon/seafile-data ...
Done.
继续设置 seahub: web interface for seafile server
--------------------------------------------
Seahub is the web interface for seafile server.
Now let's setup seahub configuration. Press [ENTER] to continue
---------------------------------------------
Creating seahub database now, it may take one minute, please wait...
Done.
creating seafile-server-latest symbolic link ... done
-----------------------------------------------------------------
Your seafile server configuration has been completed successfully.
-----------------------------------------------------------------
run seafile server: ./seafile.sh { start | stop | restart }
run seahub server: ./seahub.sh { start <port> | stop | restart <port> }
-----------------------------------------------------------------
If the server is behind a firewall, remember to open these tcp ports:
-----------------------------------------------------------------
port of seafile fileserver: 8082
port of seahub: 8000
When problems occur, refer to
https://github.com/haiwen/seafile/wiki
for more information.
服务器包括:
- seafile server: TCP专有协议。端口 8082
- seahub server: HTTP Adaptor (用python写的web程序)。端口 8000
run seafile server: ./seafile.sh { start | stop | restart } run seahub server: ./seahub.sh { start | stop | restart }
port of seafile fileserver: 8082 port of seahub: 8000
另外启动 seahub 的时候,初次会要求设置管理员账号和密码。
- 账号: 我的邮箱
- 密码:qazXSW
$ ps aux | grep seafile
root 1174 0.0 0.1 56976 1344 ? Ss 15:27 0:00 /root/downgoon/seafile-server-6.0.7/seafile/bin/seafile-controller -c /root/downgoon/ccnet -d /root/downgoon/seafile-data -F /root/downgoon/conf
root 1178 0.0 0.8 1181024 8464 ? Ssl 15:27 0:00 seaf-server -F /root/downgoon/conf -c /root/downgoon/ccnet -d /root/downgoon/seafile-data -l /root/downgoon/logs/seafile.log -P /root/downgoon/pids/seaf-server.pid
root 1277 1.0 3.2 264912 32556 ? S 15:29 0:00 python2.7 /root/downgoon/seafile-server-6.0.7/seahub/thirdpart/gunicorn seahub.wsgi:application -c /root/downgoon/seafile-server-6.0.7/runtime/seahub.conf -b 0.0.0.0:8000 --preload
root 1286 0.0 3.0 264912 30728 ? S 15:29 0:00 python2.7 /root/downgoon/seafile-server-6.0.7/seahub/thirdpart/gunicorn seahub.wsgi:application -c /root/downgoon/seafile-server-6.0.7/runtime/seahub.conf -b 0.0.0.0:8000 --preload
root 1287 0.0 3.0 264912 30720 ? S 15:29 0:00 python2.7 /root/downgoon/seafile-server-6.0.7/seahub/thirdpart/gunicorn seahub.wsgi:application -c /root/downgoon/seafile-server-6.0.7/runtime/seahub.conf -b 0.0.0.0:8000 --preload
root 1288 0.0 3.0 264912 30732 ? S 15:29 0:00 python2.7 /root/downgoon/seafile-server-6.0.7/seahub/thirdpart/gunicorn seahub.wsgi:application -c /root/downgoon/seafile-server-6.0.7/runtime/seahub.conf -b 0.0.0.0:8000 --preload
root 1294 0.0 0.0 112660 960 pts/0 S+ 15:30 0:00 grep --color=auto seafiletree /root/downgoon/ -L 1
/root/downgoon/
├── ccnet
├── conf
├── installed
├── seafile-data
├── seafile-server-6.0.7
├── seafile-server-latest -> seafile-server-6.0.7
├── seahub-data
└── seahub.dbseahub 地址:http://downgoon.xyz:8000
seafile 以 “资料库” 为单位来组织管理文件:多个文件可以隶属一个资料库,每个资料库可以设置“同步”和“共享”。系统创建时,默认有一个“资料库”,用户可以依据需要自己创建新的“资料库”。
下载链接: http://downgoon.xyz:8000/f/3febac4cdf/
直接下载链接: http://downgoon.xyz:8000/f/3febac4cdf/?raw=1
提取密码:123swlQB 有效日期: 7天
安装完服务器后,直接访问服务器的web界面(也就是seahub),在seahub页面会有“安装客户端”的连接。
$ wget http://101.200.190.148/seafhttp/files/82f309f4-5913-4188-b58a-fe3417ce86ae/seafile-client-6.0.1.dmg
用刚才的管理员账号登陆网盘:
登陆后的界面:
跟服务器同步:
seafile 的移动端有 安卓和 iso,安卓可以在官网直接下载安装包,但是iso需要到Apple Store下载。另外由于现在Apple Store 要求所有API必须走HTTPS,所以我们需要先把服务器配置成HTTPS,同时走80端口。
在 centos 7 (阿里云ECS)安装nginx
$ yum install nginx自动化安装完毕后,查看版本:
[root@iZt4n6gnori0u65qx8ue5qZ ~]# which nginx
/usr/sbin/nginx
[root@iZt4n6gnori0u65qx8ue5qZ ~]# nginx -v
nginx version: nginx/1.10.2
配置文件是: /etc/nginx/nginx.conf ;
日志文件是: /var/log/nginx/access.log 和 /var/log/nginx/error.log
直接运行 nginx 指令,就会在后台启动HTTP服务,并监听在80端口。
$ nginx修改80端口的Nginx配置
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /root/downgoon/seafile-server-latest/seahub;
}
}
注意
- Nginx上传大小限制
Nginx 默认设置
client_max_body_size为 1M。如果上传文件大于这个值的话,会报错,相关 HTTP 状态码为423 ("Request Entity Too Large")。 你可以将值设为 0 以禁用此功能.
- 静态资源加载失败
location /media {
root /root/downgoon/seafile-server-latest/seahub;
}上述 /media 是seahub的静态资源,包括图片,JS 和 CSS等。如上我们把它放在 root 用户目录下,但是nginx默认启动是以nginx 用户启动的,因此访问诸如 http://downgoon.xyz/media/CACHE/css/1acfeda02a9a.css时会没有权限,浏览器看到的是 403 Forbidden。临时可以把nginx.conf的第一行user nginx;修改成user root;。长期还是建议把它放在nginx用户可读取的目录下。
-
SERVICE_URL: 位于conf/ccnet.conf里面。从SERVICE_URL = http://downgoon.xyz:8000修改成SERVICE_URL = http://downgoon.xyz, 以前直连 seaf_server,现在改由 通过 nginx 连接 seaf_server 。 -
FILE_SERVER_ROOT: 位于conf/seahub_settings.py,这个配置项不存在,需要添加一行FILE_SERVER_ROOT = 'http://downgoon.xyz/seafhttp'。
- 重启 seaf_server:
./seafile.sh restart - 重启 seahub server:
./seahub.sh stop && ./seahub.sh restart-fastcgi - 重新加载nginx配置:
nginx -s reload
特别提醒
./seahub.sh 有两种模式:普通HTTP 和 Fastcgi 模式。
- 普通HTTP: 如果seahub直接以8000端口(当然你可以修改成80端口)对外服务,那需要以HTTP模式启动,指令是
./seahub.sh start | restart | stop。- FastCGI模式:如果以Ngnix对外服务,由Nginx转发到seahub上,官方网站推荐使用FastCGI模式(python支持FastCGI模式),那么对应的指令是
./seahub.sh restart-fastcgi | stop | start-fastcgi。
走HTTPS,首先服务器得有RSA秘钥对,而且其中的公钥要让CA盖章。这里介绍自签名和Let's Encrypt 免费CA两种方式。
生成RSA私钥:
$ openssl genrsa -out privkey.pem 2048生成自签名证书:
$ openssl req -new -x509 -key privkey.pem -out cacert.pem -days 1095需要交互的回答一些问题,这些信息会写入“公钥证书”:
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:Beijing
Locality Name (eg, city) [Default City]:Beijing
Organization Name (eg, company) [Default Company Ltd]:downgoon
Organizational Unit Name (eg, section) []:downgoon
Common Name (eg, your name or your server's hostname) []:downgoon.xyz
Email Address []:[email protected]
把刚才两个文件,一个私钥和一个自签名的公钥证书拷贝到 /etc/ssl/ 目录:
$ cp privkey.pem /etc/ssl/
$ cp cacert.pem /etc/ssl/然后在 Nginx上配置,告诉nginx这两个文件,形如:
ssl_certificate /etc/ssl/cacert.pem; #cacert.pem 文件路径
ssl_certificate_key /etc/ssl/privkey.pem; #privkey.pem 文件路径完整配置如下:
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/cacert.pem;
ssl_certificate_key /etc/ssl/privkey.pem;
server_name downgoon.xyz;
# ......
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
}同时我们需要把HTTP的转到HTTPS上来:
server {
listen 80;
server_name downgoon.xyz;
rewrite ^ https://$http_host$request_uri? permanent; #强制将http重定向到https
} 修改完nginx后,再把刚才的SERVICE_URL和FILE_SERVER_ROOT修改成HTTPS的地址:
SERVICE_URL = https://downgoon.xyz
FILE_SERVER_ROOT = 'https://downgoon.xyz/seafhttp'
修改配置后,重启nginx,seaf_server 和 sea hub。
然后访问: https://downgoon.xyz
免费CA用的是 Let's Encrypt 的,具体操作详见 基于letsencrypt配置HTTPS
- 下载申请脚本
向免费CA机构 Let's Encrypt 申请签章的证书有很多方式,其中最简单的是热心网友的自动化脚本:
wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.conf
wget https://raw.githubusercontent.com/xdtianyu/scripts/master/lets-encrypt/letsencrypt.sh
chmod +x letsencrypt.sh- 修改letsencrypt的配置
$ cat letsencrypt.conf
ACCOUNT_KEY="letsencrypt-account.key"
DOMAIN_KEY="downgoon.xyz.key"
DOMAIN_DIR="/var/www/letsencrypt"
DOMAINS="DNS:downgoon.xyz"- 修改nginx的配置
server {
listen 80;
server_name _;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}
location = /.well-known/acme-challenge/ {
return 404;
}
location / {
rewrite ^ https://$http_host$request_uri? permanent;
}
}在 80 端口上,增加 关于 /.well-known/acme-challenge/ 的配置,因为 Let's Encrypt 为了验证申请者拥有对应域名的(比如这里的 downgoon.xyz)所有权,它会访问 http://downgoon.xyz//.well-known/acme-challenge/ ,交互期间(指向CA提交盖章请求时,CA确认盖章前会让申请者在对应的域名的这个指定路径放一些东西,如果CA能访问到它要的东西,说明申请者的确拥有该域名的所有权)里面会被放入中间文件(证书申请完毕后,这些文件会被删除的)。
注意:
在 letsencrypt.conf 中的DOMAIN_DIR="/var/www/letsencrypt" 必须与 nginx.conf 中的 root /var/www/letsencrypt; 路径保持一致。想CA申请盖章期间,申请脚本会向这个目录写东西,然后CA会通过HTTP协议读这个东西,以验证申请者对域名的所有权。这就是acme协议。
- 申请证书
$ ./letsencrypt.sh letsencrypt.conf
Generate account key...
Generating RSA private key, 4096 bit long modulus
..........................................................................................................................................................................................................................................................................................++
.......................................................++
e is 65537 (0x10001)
Generate domain key...
Generating RSA private key, 2048 bit long modulus
....................+++
......................+++
e is 65537 (0x10001)
Generate CSR...downgoon.csr
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying downgoon.xyz...
downgoon.xyz verified!
Signing certificate...
Certificate signed!
New cert: downgoon.chained.crt has been generated产生的证书在当前目录:
tree . -L 1
.
├── downgoon.chained.crt # 网站证书
├── downgoon.crt
├── downgoon.csr
├── downgoon.xyz.key # 网站私钥
├── letsencrypt-account.key
├── letsencrypt.conf
├── letsencrypt.sh
└── lets-encrypt-x3-cross-signed.pemacme协议 目录:
tree /var/www/letsencrypt -a -L 3
/var/www/letsencrypt
└── .well-known
└── acme-challenge- 配置证书
把证书配到Nginx里面,修改如下:
server {
listen 443;
ssl on;
#ssl_certificate /etc/ssl/cacert.pem;
#ssl_certificate_key /etc/ssl/privkey.pem;
ssl_certificate /root/rsakey/freeca/downgoon.chained.crt;
ssl_certificate_key /root/rsakey/freeca/downgoon.xyz.key;
# other conf
}通知nginx重新加载配置 nginx -s reload,再次访问 https://downgoon.xyz/ 浏览器就不会提示警告了。
为什么我看自己的证书没有被浏览器保存呢? 是不是可能跟 nginx 配置有关系?
server {
listen 443 ssl;
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
# other conf
} 参考于:http://www.tuicool.com/articles/NVNvUf3
对于iphone,直接在apple store里面搜索 “seafile”, 下载"seafile pro" 这个App,然后在界面上输入自己的服务器地址,账号和密码。
