update

2024-09-20 08:15:28 +00:00 · 2021-08-25 17:58:27 +08:00 · 2021-08-25 17:58:27 +08:00 · cc0b624944
commit cc0b624944
parent ad00df1edb
17 changed files with 32 additions and 2878 deletions
--- a/.travis.yml
+++ b/.travis.yml
@ -1,15 +0,0 @@
 sudo: required
 language: bash
 services:
  - docker
 env:
  global:
    - LANG=en_US.UTF-8
    - LC_ALL=en_US.UTF-8
 before_install:
  - docker run xiez/seafile-pro:v1.2 /bin/bash -c "export TERM=xterm && echo 2 | bash seafile-server-ubuntu-14-04-amd64-http 5.1.10"
 script: make test
--- a/18
+++ b/18
@ -1,18 +0,0 @@
 FROM ubuntu:14.04
 MAINTAINER Zheng Xie <xie.zheng@seafile.com>
 RUN apt-get update
 RUN apt-get install -y sudo wget python-pip python-setuptools python-imaging python-mysqldb python-ldap python-urllib3 \
 openjdk-7-jre memcached python-memcache pwgen curl openssl poppler-utils libpython2.7 libreoffice \
 libreoffice-script-provider-python ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy nginx
 # Avoid ERROR: invoke-rc.d: policy-rc.d denied execution of start.
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d
 WORKDIR /root
 ADD . /root/
 ADD https://download.seafile.com/d/6e5297246c/files/?p=/pro/seafile-pro-server_5.1.10_x86-64.tar.gz&dl=1 /opt/seafile-pro-server_5.1.10_x86-64.tar.gz
 # Clean up for smaller image
 RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
--- a/4
+++ b/4
@ -1,4 +0,0 @@
 .PHONY: all test clean
 test:
 	tests/post-deploy_test.sh
--- a/README.md
+++ b/README.md
@ -1,60 +1,37 @@
 [![Build Status](https://travis-ci.org/haiwen/seafile-server-installer-cn.svg?branch=master)](https://travis-ci.org/haiwen/seafile-server-installer-cn)
 # Seafile 安装脚本
-这里的安装脚本可以帮助您快速的安装好 Seafile 服务器，并配置好 MariaDB, Memcached, WebDAV, Ngnix 和开机自动启动脚本。
+一键安装脚本可以帮助您在 Ubuntu 18.04/20.04 系统上快速的安装好 Seafile 服务器，并配置好 MariaDB, Memcached, WebDAV, Ngnix 和开机自动启动脚本。
 ## 使用步骤
-安装干净的 Ubuntu 16.04/18.04 或 CentOS 7/8 系统，并**做好镜像** (如果安装失败需要还原到镜像)。
+安装干净的 Ubuntu 18.04/20.04，并**做好镜像** (如果安装失败需要还原到镜像)。
 切换成 root 账号 (`sudo -i`)
 切换成 root 账号 (sudo -i)
 ### 获取安装脚本
- 适用于 Seafile 7.1.x 及以上版本
+适用于 Seafile 8.0.x 及以上版本
    Ubuntu 18.04 (64bit):
 ```sh
-    wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-7.1-ubuntu-amd64-http
+wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-8.0_ubuntu
 ```
-    CentOS 8 (64bit):
+### 运行安装脚本并指定要安装的版本 (例如 8.0.0)
    ```sh
    wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-7.1-centos-amd64-http
    ```
 - 适用于 Seafile 6.x.x 及以上版本
    Ubuntu 16.04/18.04 (64bit):
    ```sh
    wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-ubuntu-amd64-http
 ```
-
+bash seafile-8.0_ubuntu 8.0.0
    CentOS 7 (64bit):
    ```sh
    wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-centos-7-amd64-http
    ```
 ### 运行安装脚本并指定要安装的版本 (例如 6.0.13)
 Ubuntu 16.04/18.04 (64bit):
 ```
 bash seafile-server-ubuntu-amd64-http 6.0.13
 ```
 CentOS 7 (64bit):
 ```
 bash seafile-server-centos-7-amd64-http 6.0.13
 ```
 脚本会让您选择要安装的版本, 按照提示进行选择即可:
-* 如果要安装专业版, 需要先将下载好的专业版的包 `seafile-pro-server_6.0.13_x86-64.tar.gz` 放到 `/opt/` 目录下
+* 如果要安装专业版, 需要先将下载好的专业版的包 `seafile-pro-server_8.0.0_x86-64.tar.gz` 放到 `/opt/` 目录下
 * 如果是安装开源版，安装脚本在执行过程中会检查 `/opt`目录下是否有指定版本号的安装包，如果存在则会安装此包，否则会从 Seafile 网站下载。所以，为了避免因下载失败而导致安装中断，您可以提前下载好安装包放到`/opt/`目录下。
 该脚本运行完后会在命令行中打印配置信息和管理员账号密码，请仔细阅读。(您也可以查看安装日志`/opt/seafile/aio_seafile-server.log`)，MySQL 的 root 用户密码存储在 `/root/.my.cnf` 中；MySQL 的 seafile 用户密码存储在 `/opt/seafile.my.cnf` 中。
 ### 通过 Web UI 对服务器进行配置
 安装完成后，您需要通过 Web UI 服务器进行基本的配置，以便能正常的从网页端进行文件的上传和下载：
@ -62,67 +39,27 @@ bash seafile-server-centos-7-amd64-http 6.0.13
 1. 首先在浏览器中输入服务器的地址，并用管理员账号和初始密码登录
 2. 点击界面的右上角的头像按钮进入管理员界面
-
+  ![管理员入口](./images/system-admin-entrance.png)
  ![管理员入口](http://manual-cn.seafile.com/images/system-admin-entrance.png)
 3. 进入设置页面填写正确的服务器对外的 SERVICE_URL 和 FILE_SERVER_ROOT，比如
    ```
-    SERVICE_URL: http://www.myseafile.com
+    SERVICE_URL: http://www.your-domain.com
-    FILE_SERVER_ROOT: 'http://www.myseafile.com/seafhttp'
+    FILE_SERVER_ROOT: http://www.your-domain.com/seafhttp
    ```
 现在您可以退出管理员界面，并进行基本的测试。关于服务器的配置选项介绍和日常运维可以参考 https://cloud.seafile.com/published/seafile-manual-cn/config/README.md
 ### 如果安装脚本出错
 如果安装脚本出错，您需要重置虚拟机到干净的镜像。
 ### 启动关闭服务
 自动安装脚本会在系统中安装开机自动启动脚本。您也可以使用该脚本来关闭/启动 Seafile 服务，命令如下：
 Ubuntu 16.04/18.04:
 ```
 service seafile-server stop
 service seafile-server start
 ```
 CentOS 7/8:
 ```
 systemctl stop seafile
 systemctl stop seahub
 systemctl start seafile
 systemctl start seahub
 ```
 ## 其他高级配置
 ### 备份 mysql
 * 拷贝 `db-backup` 目录到 `/opt/seafile`
 * 修改 `db-backup/db_backup.sh` 中的 `USER` `PASSWD`
 * 执行 `crontab -e` 并添加内容 `0 1 * * * /opt/seafile/db-backup/db_backup.sh` (每天凌晨1：00进行备份)
 ### 配置邮件发送
 参考 https://cloud.seafile.com/published/seafile-manual-cn/config/sending_email.md
 ## 升级和其他问题
 ### 版本升级
 * 关闭 seafile-server 相关服务
 * 切换为 seafile 用户
 * 下载高版本的安装包到 /opt/seafile 目录，并解压
 * 进入安装包下的 upgrade 目录，执行相关的升级脚本，具体可参考 https://download.seafile.com/published/seafile-manual/upgrade/upgrade.md
 * 启动 seafile-server 相关服务
 ### 迁移社区版到专业版
 * 关闭 seafile-server 相关服务
 * 切换为 seafile 用户
 * 下载专业版安装包到 /opt/seafile 目录，并解压
 * 进入解压好的安装包目录，执行 ./pro/pro.py setup --migrate，具体可参考 https://cloud.seafile.com/published/seafile-manual-cn/deploy_pro/migrate_from_seafile_community_server.md
 * 启动 seafile-server 相关服务
--- a/db-backup/db-list.txt
+++ b/db-backup/db-list.txt
@ -1,3 +0,0 @@
 ccnet_db
 seafile_db
 seahub_db
--- a/db-backup/db_backup.sh
+++ b/db-backup/db_backup.sh
@ -1,20 +0,0 @@
 #!/bin/bash
 USER=root
 PASSWD=aeneinoi
 DATE=`date +%Y%m%d%H%M`
 IGN_TAB=""
 for ign_tab in `cat table-ignore.txt`;
 do
   IGN_TAB=${IGN_TAB}" --ignore-table=${ign_tab}"
 done
 for DATABASE in `cat db-list.txt`;
 do
    mysqldump -u${USER} -p${PASSWD} --opt $DATABASE ${IGN_TAB} > $DATABASE-$DATE.sql
 done
 # Compress and clean
 tar czvf mysql-back-$DATE.tar.gz *.sql
 rm -rf *.sql
--- a/db-backup/table-ignore.txt
+++ b/db-backup/table-ignore.txt
@ -1,11 +0,0 @@
 seahub_db.avatar_uploaded
 seahub_db.avatar_avatar
 seahub_db.avatar_groupavatar
 seahub_db.Event
 seahub_db.FileAudit
 seahub_db.FileUpdate
 seahub_db.PermAudit
 seahub_db.UserEvent
 seahub_db.UserTrafficStat
 seahub_db.VirusFile
 seahub_db.VirusScanRecord
--- a/images/system-admin-entrance.png
+++ b/images/system-admin-entrance.png
--- a/seafile-server-7.1-ubuntu-amd64-http
+++ b/seafile-server-7.1-ubuntu-amd64-http
--- a/seafile-server-8.0-ubuntu-amd64-http
+++ b/seafile-server-8.0-ubuntu-amd64-http
@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# seafile-server-installer/seafile-server-ubuntu-18-04-amd64
+# seafile-server-installer-cn/seafile-8.0_ubuntu
 #
 # Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
 # Copyright 2016, Zheng Xie <xie.zheng@seafile.com>
@ -38,13 +38,13 @@ fi
 clear
 cat <<EOF
-  This script installs the community edition of the Seafile Server on a Ubuntu 16.04 (Xenial) 64bit
+  This script installs the community/professional edition of the Seafile Server on a Ubuntu 18.04/20.04 64bit
  - Newest Seafile server version, MariaDB, Memcached, NGINX -
  -----------------------------------------------------------------
  This installer is meant to run on a freshly installed machine
  only. If you run it on a production server things can and
-  probably will go terrible wrong and you will loose valuable
+  probably will go terribly wrong and you will lose valuable
  data!
  For questions or suggestions please contact us at
@ -161,6 +161,10 @@ pip3 install --timeout=3600 django==2.2.* future mysqlclient pymysql Pillow pyli
 service memcached start
 # -------------------------------------------
 # Setup Nginx
 # -------------------------------------------
 rm /etc/nginx/sites-enabled/*
 cat > /etc/nginx/sites-available/seafile.conf << EOF
@ -361,7 +365,6 @@ mkdir -p ${DEFAULT_CONF_DIR}
 # Configure Seafile WebDAV Server(SeafDAV)
 # -------------------------------------------
 sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
 sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
 sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
 # -------------------------------------------
@ -499,10 +502,8 @@ cat > ${TOPDIR}/aio_seafile-server.log<<EOF
  2) If this server is behind a firewall, you need to ensure that
     tcp port 80 is open.
-  3) Seahub tries to send emails via the local server. Install and
+  3) Check https://manual.seafile.com/config/sending_email/
-     configure Postfix for this to work or
+     for instructions on how to use an existing email account to send email via SMTP.
     check https://manual.seafile.com/config/sending_email.html
     for instructions on how to use an existing email account via SMTP.
@ -511,20 +512,14 @@ cat > ${TOPDIR}/aio_seafile-server.log<<EOF
  -----------------------------------------------------------------
  1) Check seahub_settings.py and customize it to fit your needs. Consult
-     http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
+     https://manual.seafile.com/config/seahub_settings_py/ for possible switches.
-  2) Setup NGINX with official SSL certificate.
+  2) Setup NGINX with official SSL certificate, we suggest you use Let’s Encrypt. Check
     https://manual.seafile.com/deploy/https_with_nginx/
  3) Secure server with iptables based firewall. For instance: UFW or shorewall
-  4) Harden system with port knocking, fail2ban, etc.
+  4) Implement a backup routine for your Seafile server.
  5) Enable unattended installation of security updates. Check
     https://wiki.Ubuntu.org/UnattendedUpgrades for details.
  6) Implement a backup routine for your Seafile server.
  7) Update NGINX worker processes to reflect the number of CPU cores.
--- a/seafile-server-7.1-centos-amd64-http
+++ b/seafile-server-7.1-centos-amd64-http
@ -1,616 +0,0 @@
 #!/bin/bash
 #
 # seafile-server-installer-cn/seafile-server-centos-8-amd64
 #
 # Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 #
 if [[ $HOME == "" ]]; then
    export HOME=/root
 fi
 if [[ $SEAFILE_DEBUG != "" ]]; then
    set -x
 fi
 set -e
 if [[ "$#" -ne 1 ]]; then
    echo "You must specif Seafile version to install"
    echo "Like: $0 7.1.0"
    exit 1
 fi
 clear
 cat <<EOF
  This script installs the community edition of the Seafile Server on a Centos 7 64bit
  - Newest Seafile server version, MariaDB, Memcached, NGINX -
  -----------------------------------------------------------------
  This installer is meant to run on a freshly installed machine
  only. If you run it on a production server things can and
  probably will go terrible wrong and you will loose valuable
  data!
  For questions or suggestions please contact us at
  support@seafile.com
  -----------------------------------------------------------------
  Possible options:
  1 = Seafile Community (Free) Edition (CE)
  2 = Seafile Professional Edition (PRO)
 EOF
 if [[ ${SEAFILE_PRO} == "" ]]; then
    PS3="Which Seafile version would you like to install? "
    select SEAFILE_SERVER_VERSION in CE PRO ABORT; do
        case "${SEAFILE_SERVER_VERSION}" in
            ABORT)
                echo "Aborting"
                break
                ;;
            "")
                echo "$REPLY: Wrong value. Select 1 or 2."
                ;;
            *)
                if [[ ${SEAFILE_SERVER_VERSION} = "PRO" ]]; then
                    SEAFILE_PRO=1
                else
                    SEAFILE_PRO=0
                fi
                break
        esac
    done
 fi
 is_pro() {
    if [[ "$SEAFILE_PRO" == "1" ]]; then
        return 0
    else
        return 1
    fi
 }
 echo
 if is_pro; then
    echo "This script will install Seafile Professional Edition for you."
 else
    echo "This script will install Seafile Community Edition for you."
 fi
 echo
 # -------------------------------------------
 # Vars
 # -------------------------------------------
 SEAFILE_ADMIN=admin@seafile.local
 SEAFILE_SERVER_USER=seafile
 SEAFILE_SERVER_HOME=/opt/seafile
 IP_OR_DOMAIN=127.0.0.1
 SEAFILE_VERSION=$1
 TIME_ZONE=Asia/Shanghai
 if is_pro; then
    SEAFILE_SERVER_PACKAGE=seafile-pro-server_${SEAFILE_VERSION}_x86-64.tar.gz
    if [[ ! -e /opt/$SEAFILE_SERVER_PACKAGE ]]; then
        echo
        echo "You must download \"$SEAFILE_SERVER_PACKAGE\" to the /opt/ folder before running this script!"
        echo
        exit 1
    fi
    INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-pro-server-${SEAFILE_VERSION}/
 else
    SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
    SEAFILE_SERVER_PACKAGE_URL=http://seafile-downloads.oss-cn-shanghai.aliyuncs.com/${SEAFILE_SERVER_PACKAGE}
    INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-server-${SEAFILE_VERSION}/
 fi
 # -------------------------------------------
 # Ensure we are running the installer as root
 # -------------------------------------------
 if [[ $EUID -ne 0 ]]; then
  echo "  Aborting because you are not root" ; exit 1
 fi
 # -------------------------------------------
 # Abort if directory /opt/seafile/ exists
 # -------------------------------------------
 if [[ -d "${SEAFILE_SERVER_HOME}" ]] ;
 then
  echo "  Aborting because directory ${SEAFILE_SERVER_HOME} already exist" ; exit 1
 fi
 # -------------------------------------------
 # Abort if directory /opt/seafile/ exists
 # -------------------------------------------
 if getent passwd ${SEAFILE_SERVER_USER} > /dev/null 2>&1 ;
 then
  echo "Aborting because user ${SEAFILE_SERVER_USER} already exist" ; exit 1
 fi
 # -------------------------------------------
 # Setup permissive selinux
 # -------------------------------------------
 # runtime
 enforce=`getenforce`
 if [[ "${enforce}" != "Disabled" ]]; then
    setenforce 0
 fi
 # permanently
 sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
 # -------------------------------------------
 # Setup firewall
 # -------------------------------------------
 yum install firewalld -y
 # https://www.optimox.de/tutorials/linux-allgemein/centos-firewall-konfigurieren-mit-firewalld
 systemctl status firewalld &> /dev/null \
 && for i in ssh http https ; do firewall-cmd --zone=public --add-service=${i} --permanent ; done \
 && firewall-cmd --reload
 # -------------------------------------------
 # Additional requirements
 # -------------------------------------------
 # extra packages for enterprise linux
 yum install epel-release -y
 yum install python3 python3-setuptools python3-pip python3-ldap memcached java-1.8.0-openjdk \
    libmemcached libreoffice-headless libreoffice-pyuno libffi-devel pwgen curl python3-devel gcc gcc-c++ -y
 pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.3.8 psd-tools \
    django-pylibmc django-simple-captcha
 # start memcached on system boot
 systemctl enable --now memcached
 # -------------------------------------------
 # Install nginx
 # -------------------------------------------
 yum install nginx -y
 systemctl enable nginx
 rm -rf /etc/nginx/conf.d/*
 cat > /etc/nginx/conf.d/seafile.conf << EOF
 log_format seafileformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time';
 server {
    listen 80;
    server_name seafile.example.com;
    proxy_set_header X-Forwarded-For \$remote_addr;
    location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host \$host;
         proxy_set_header   X-Real-IP \$remote_addr;
         proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host \$server_name;
         proxy_set_header   X-Forwarded-Proto \$scheme;
         proxy_read_timeout  1200s;
         # used for view/edit office file via Office Online Server
         client_max_body_size 0;
         access_log      /var/log/nginx/seahub.access.log seafileformat;
         error_log       /var/log/nginx/seahub.error.log;
    }
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ \$1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }
    location /media {
        root ${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub;
    }
    location /seafdav {
        proxy_pass         http://127.0.0.1:8080/seafdav;
        proxy_set_header   Host \$host;
        proxy_set_header   X-Real-IP \$remote_addr;
        proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host \$server_name;
        proxy_set_header   X-Forwarded-Proto \$scheme;
        proxy_read_timeout  1200s;
        client_max_body_size 0;
        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }
 }
 EOF
 # Create optimized nginx.conf
 cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
 cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
 user nginx nginx;
 worker_processes 4;
 events {
  worker_connections 8096;
  multi_accept on;
  use epoll;
 }
 pid /var/run/nginx.pid;
 worker_rlimit_nofile 40000;
 http {
  server_tokens off;
  server_names_hash_bucket_size 128;
  client_max_body_size 50M;
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for"';
  access_log /var/log/nginx/access.log main;
  error_log /var/log/nginx/error.log warn;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  client_body_timeout 12;
  client_header_timeout 12;
  keepalive_timeout 15;
  send_timeout 10;
  # Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
  gzip off;
  #gzip_vary on;
  #gzip_proxied expired no-cache no-store private auth any;
  #gzip_comp_level 9;
  #gzip_min_length 10240;
  #gzip_buffers 16 8k;
  #gzip_http_version 1.1;
  #gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
  #gzip_disable "MSIE [1-6].";
  include /etc/nginx/conf.d/*.conf;
 }
 ENDOFFILE
 # Fix NGINX worker_processes to number of CPU cores
 CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }')
 eval "sed -i 's/worker_processes.*/worker_processes  $CPUS;/g' /etc/nginx/nginx.conf"
 systemctl restart nginx
 # -------------------------------------------
 # MariaDB
 # -------------------------------------------
 if [[ -f "/root/.my.cnf" ]] ;
 then
    echo "MariaDB installed before, skip this part"
    SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf`
 else
    yum install mariadb-server -y
    systemctl start mariadb
    systemctl enable mariadb
    SQLROOTPW=$(pwgen)
    mysqladmin -u root password $SQLROOTPW
    cat > /root/.my.cnf <<EOF
 [client]
 user=root
 password=$SQLROOTPW
 EOF
  chmod 600 /root/.my.cnf
 fi
 # -------------------------------------------
 # Seafile init script
 # -------------------------------------------
 cat > /etc/systemd/system/seafile.service << EOF
 [Unit]
 Description=Seafile Server
 After=network.target remote-fs.target mariadb.service
 [Service]
 ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh start
 ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh stop
 User=${SEAFILE_SERVER_USER}
 Group=${SEAFILE_SERVER_USER}
 LimitNOFILE=infinity
 Type=oneshot
 RemainAfterExit=yes
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable seafile
 cat > /etc/systemd/system/seahub.service << EOF
 [Unit]
 Description=Seafile Seahub
 After=network.target seafile.service
 [Service]
 ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh start
 ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh stop
 User=${SEAFILE_SERVER_USER}
 Group=${SEAFILE_SERVER_USER}
 Type=oneshot
 RemainAfterExit=yes
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable seahub
 # Seafile restart script
 cat > /usr/local/sbin/seafile-server-restart << 'EOF'
 #!/bin/bash
 for ACTION in stop start ; do
    for SERVICE in seafile seahub ; do
      systemctl ${ACTION} ${SERVICE}
    done
 done
 EOF
 chmod 700 /usr/local/sbin/seafile-server-restart
 # -------------------------------------------
 # Seafile
 # -------------------------------------------
 mkdir -p ${SEAFILE_SERVER_HOME}/installed
 cd ${SEAFILE_SERVER_HOME}
 if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then
    curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
 else
    cp /opt/${SEAFILE_SERVER_PACKAGE} .
 fi
 tar xzf ${SEAFILE_SERVER_PACKAGE}
 mv ${SEAFILE_SERVER_PACKAGE} installed
 # -------------------------------------------
 # Seafile DB
 # -------------------------------------------
 if [[ -f "/opt/seafile.my.cnf" ]] ;
 then
  echo "MariaDB installed before, skip this part"
  SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf`
 else
  SQLSEAFILEPW=$(pwgen)
  cat > /opt/seafile.my.cnf <<EOF
 [client]
 user=seafile
 password=$SQLSEAFILEPW
 EOF
  chmod 600 /opt/seafile.my.cnf
 fi
 # -------------------------------------------
 # Add seafile user
 # -------------------------------------------
 useradd --system --comment "${SEAFILE_SERVER_USER}" ${SEAFILE_SERVER_USER} --home-dir  ${SEAFILE_SERVER_HOME}
 # -------------------------------------------
 # Go to /opt/seafile/seafile-pro-server-${SEAFILE_VERSION}
 # -------------------------------------------
 cd $INSTALLPATH
 # -------------------------------------------
 # Vars - Don't touch these unless you really know what you are doing!
 # -------------------------------------------
 TOPDIR=$(dirname "${INSTALLPATH}")
 DEFAULT_CONF_DIR=${TOPDIR}/conf
 SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
 DEST_SETTINGS_PY=${TOPDIR}/conf/seahub_settings.py
 mkdir -p ${DEFAULT_CONF_DIR}
 # -------------------------------------------
 # Create ccnet, seafile, seahub conf using setup script
 # -------------------------------------------
 ./setup-seafile-mysql.sh auto -u seafile -w ${SQLSEAFILEPW} -r ${SQLROOTPW}
 # -------------------------------------------
 # Configure Seafile WebDAV Server(SeafDAV)
 # -------------------------------------------
 sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
 sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
 sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
 # -------------------------------------------
 # Configuring seahub_settings.py
 # -------------------------------------------
 cat >> ${DEST_SETTINGS_PY} <<EOF
 CACHES = {
    'default': {
        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
        'LOCATION': '127.0.0.1:11211',
    },
    'locmem': {
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
    },
 }
 COMPRESS_CACHE_BACKEND = 'locmem'
 # EMAIL_USE_TLS                       = False
 # EMAIL_HOST                          = 'localhost'
 # EMAIL_HOST_USER                     = ''
 # EMAIL_HOST_PASSWORD                 = ''
 # EMAIL_PORT                          = '25'
 # DEFAULT_FROM_EMAIL                  = EMAIL_HOST_USER
 # SERVER_EMAIL                        = EMAIL_HOST_USER
 TIME_ZONE                           = '${TIME_ZONE}'
 SITE_BASE                           = 'http://${IP_OR_DOMAIN}'
 SITE_NAME                           = 'Seafile Server'
 SITE_TITLE                          = 'Seafile Server'
 SITE_ROOT                           = '/'
 ENABLE_SIGNUP                       = False
 ACTIVATE_AFTER_REGISTRATION         = False
 SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER  = True
 SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
 CLOUD_MODE                          = False
 FILE_PREVIEW_MAX_SIZE               = 30 * 1024 * 1024
 SESSION_COOKIE_AGE                  = 60 * 60 * 24 * 7 * 2
 SESSION_SAVE_EVERY_REQUEST          = False
 SESSION_EXPIRE_AT_BROWSER_CLOSE     = False
 FILE_SERVER_ROOT                    = 'http://${IP_OR_DOMAIN}/seafhttp'
 EOF
 # -------------------------------------------
 # Backup check_init_admin.py befor applying changes
 # -------------------------------------------
 cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
 # -------------------------------------------
 # Set admin credentials in check_init_admin.py
 # -------------------------------------------
 SEAFILE_ADMIN_PW=$(pwgen)
 eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
 eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
 # -------------------------------------------
 # Start and stop Seafile eco system. This generates the initial admin user.
 # -------------------------------------------
 chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
 su - seafile -c "${INSTALLPATH}/seafile.sh start"
 su - seafile -c "${INSTALLPATH}/seahub.sh start"
 wait                         # wait for a while, otherwise seahub will not be stopped
 su - seafile -c "${INSTALLPATH}/seahub.sh stop"
 sleep 1
 su - seafile -c "${INSTALLPATH}/seafile.sh stop"
 sleep 1
 # -------------------------------------------
 # Restore original check_init_admin.py
 # -------------------------------------------
 mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
 if is_pro; then
    PRO_PY=${INSTALLPATH}/pro/pro.py
    $PYTHON ${PRO_PY} setup --mysql --mysql_host=127.0.0.1 --mysql_port=3306 --mysql_user=seafile --mysql_password=${SQLSEAFILEPW} --mysql_db=seahub_db
 fi
 # kill all process
 sleep 1
 pkill -9 -u seafile
 sleep 1
 # -------------------------------------------
 # Fix permissions
 # -------------------------------------------
 chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
 if [[ -d /tmp/seafile-office-output/ ]]; then
    chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R /tmp/seafile-office-output/
 fi
 # -------------------------------------------
 # Restart seafile server
 # -------------------------------------------
 echo "Starting productive Seafile server"
 /usr/local/sbin/seafile-server-restart
 # -------------------------------------------
 # Final report
 # -------------------------------------------
 cat > ${TOPDIR}/aio_seafile-server.log<<EOF
  Your Seafile server is installed
  -----------------------------------------------------------------
  Server Address:      http://${IP_OR_DOMAIN}
  Seafile Admin:       ${SEAFILE_ADMIN}
  Admin Password:      ${SEAFILE_ADMIN_PW}
  Seafile Data Dir:    ${SEAFILE_DATA_DIR}
  Seafile DB Credentials:  Check /opt/seafile.my.cnf
  Root DB Credentials:     Check /root/.my.cnf
  This report is also saved to ${TOPDIR}/aio_seafile-server.log
  Next you should manually complete the following steps
  -----------------------------------------------------------------
  1) Log in to Seafile and configure your server domain via the system
     admin area if applicable.
  2) If this server is behind a firewall, you need to ensure that
     tcp port 80 is open.
  3) Seahub tries to send emails via the local server. Install and
     configure Postfix for this to work or
     check https://cloud.seafile.com/published/seafile-manual-cn/config/sending_email.md
     for instructions on how to use an existing email account via SMTP.
  Optional steps
  -----------------------------------------------------------------
  1) Check seahub_settings.py and customize it to fit your needs. Consult
     https://cloud.seafile.com/published/seafile-manual-cn/config/seahub_settings_py.md 
     for possible switches.
  2) Setup NGINX with official SSL certificate.
  3) Secure server with iptables based firewall. For instance: UFW or shorewall
  4) Harden system with port knocking, fail2ban, etc.
  5) Enable unattended installation of security updates. Check
     https://wiki.Ubuntu.org/UnattendedUpgrades for details.
  6) Implement a backup routine for your Seafile server.
  7) Update NGINX worker processes to reflect the number of CPU cores.
  Seafile support options
  -----------------------------------------------------------------
  For free community support visit:   https://bbs.seafile.com
  For paid commercial support visit:  https://seafile.com
 EOF
 chmod 600 ${TOPDIR}/aio_seafile-server.log
 clear
 cat ${TOPDIR}/aio_seafile-server.log
--- a/seafile-server-8.0-centos-amd64-http
+++ b/seafile-server-8.0-centos-amd64-http
@ -1,623 +0,0 @@
 #!/bin/bash
 #
 # seafile-server-installer-cn/seafile-server-centos-8-amd64
 #
 # Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 #
 if [[ $HOME == "" ]]; then
    export HOME=/root
 fi
 if [[ $SEAFILE_DEBUG != "" ]]; then
    set -x
 fi
 set -e
 if [[ "$#" -ne 1 ]]; then
    echo "You must specif Seafile version to install"
    echo "Like: $0 8.0.0"
    exit 1
 fi
 clear
 cat <<EOF
  This script installs the community edition of the Seafile Server on a Centos 7 64bit
  - Newest Seafile server version, MariaDB, Memcached, NGINX -
  -----------------------------------------------------------------
  This installer is meant to run on a freshly installed machine
  only. If you run it on a production server things can and
  probably will go terrible wrong and you will loose valuable
  data!
  For questions or suggestions please contact us at
  support@seafile.com
  -----------------------------------------------------------------
  Possible options:
  1 = Seafile Community (Free) Edition (CE)
  2 = Seafile Professional Edition (PRO)
 EOF
 if [[ ${SEAFILE_PRO} == "" ]]; then
    PS3="Which Seafile version would you like to install? "
    select SEAFILE_SERVER_VERSION in CE PRO ABORT; do
        case "${SEAFILE_SERVER_VERSION}" in
            ABORT)
                echo "Aborting"
                break
                ;;
            "")
                echo "$REPLY: Wrong value. Select 1 or 2."
                ;;
            *)
                if [[ ${SEAFILE_SERVER_VERSION} = "PRO" ]]; then
                    SEAFILE_PRO=1
                else
                    SEAFILE_PRO=0
                fi
                break
        esac
    done
 fi
 is_pro() {
    if [[ "$SEAFILE_PRO" == "1" ]]; then
        return 0
    else
        return 1
    fi
 }
 echo
 if is_pro; then
    echo "This script will install Seafile Professional Edition for you."
 else
    echo "This script will install Seafile Community Edition for you."
 fi
 echo
 # -------------------------------------------
 # Vars
 # -------------------------------------------
 SEAFILE_ADMIN=admin@seafile.local
 SEAFILE_SERVER_USER=seafile
 SEAFILE_SERVER_HOME=/opt/seafile
 IP_OR_DOMAIN=127.0.0.1
 SEAFILE_VERSION=$1
 TIME_ZONE=Asia/Shanghai
 if is_pro; then
    SEAFILE_SERVER_PACKAGE=seafile-pro-server_${SEAFILE_VERSION}_x86-64.tar.gz
    if [[ ! -e /opt/$SEAFILE_SERVER_PACKAGE ]]; then
        echo
        echo "You must download \"$SEAFILE_SERVER_PACKAGE\" to the /opt/ folder before running this script!"
        echo
        exit 1
    fi
    INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-pro-server-${SEAFILE_VERSION}/
 else
    SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
    SEAFILE_SERVER_PACKAGE_URL=http://seafile-downloads.oss-cn-shanghai.aliyuncs.com/${SEAFILE_SERVER_PACKAGE}
    INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-server-${SEAFILE_VERSION}/
 fi
 # -------------------------------------------
 # Ensure we are running the installer as root
 # -------------------------------------------
 if [[ $EUID -ne 0 ]]; then
  echo "  Aborting because you are not root" ; exit 1
 fi
 # -------------------------------------------
 # Abort if directory /opt/seafile/ exists
 # -------------------------------------------
 if [[ -d "${SEAFILE_SERVER_HOME}" ]] ;
 then
  echo "  Aborting because directory ${SEAFILE_SERVER_HOME} already exist" ; exit 1
 fi
 # -------------------------------------------
 # Abort if seafile user exists
 # -------------------------------------------
 if getent passwd ${SEAFILE_SERVER_USER} > /dev/null 2>&1 ;
 then
  echo "Aborting because user ${SEAFILE_SERVER_USER} already exist" ; exit 1
 fi
 # -------------------------------------------
 # Setup permissive selinux
 # -------------------------------------------
 # runtime
 enforce=`getenforce`
 if [[ "${enforce}" != "Disabled" ]]; then
    setenforce 0
 fi
 # permanently
 sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
 # -------------------------------------------
 # Setup firewall
 # -------------------------------------------
 yum install firewalld -y
 # https://www.optimox.de/tutorials/linux-allgemein/centos-firewall-konfigurieren-mit-firewalld
 systemctl status firewalld &> /dev/null \
 && for i in ssh http https ; do firewall-cmd --zone=public --add-service=${i} --permanent ; done \
 && firewall-cmd --reload
 # -------------------------------------------
 # Additional requirements
 # -------------------------------------------
 # extra packages for enterprise linux
 yum install epel-release -y
 yum install python3 python3-setuptools python3-pip python3-ldap memcached java-1.8.0-openjdk \
    libmemcached libreoffice-headless libreoffice-pyuno libffi-devel pwgen curl python3-devel mysql-devel gcc gcc-c++ -y
 pip3 install --timeout=3600 django==2.2.* future mysqlclient pymysql Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \
    psd-tools django-pylibmc django-simple-captcha
 # start memcached on system boot
 systemctl enable --now memcached
 # -------------------------------------------
 # Install nginx
 # -------------------------------------------
 yum install nginx -y
 systemctl enable nginx
 rm -rf /etc/nginx/conf.d/*
 cat > /etc/nginx/conf.d/seafile.conf << EOF
 log_format seafileformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time';
 server {
    listen 80;
    server_name seafile.example.com;
    proxy_set_header X-Forwarded-For \$remote_addr;
    location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host \$host;
         proxy_set_header   X-Real-IP \$remote_addr;
         proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host \$server_name;
         proxy_set_header   X-Forwarded-Proto \$scheme;
         proxy_read_timeout  1200s;
         # used for view/edit office file via Office Online Server
         client_max_body_size 0;
         access_log      /var/log/nginx/seahub.access.log seafileformat;
         error_log       /var/log/nginx/seahub.error.log;
    }
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ \$1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }
    location /media {
        root ${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub;
    }
    location /seafdav {
        proxy_pass         http://127.0.0.1:8080/seafdav;
        proxy_set_header   Host \$host;
        proxy_set_header   X-Real-IP \$remote_addr;
        proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host \$server_name;
        proxy_set_header   X-Forwarded-Proto \$scheme;
        proxy_read_timeout  1200s;
        client_max_body_size 0;
        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }
 }
 EOF
 # Create optimized nginx.conf
 cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
 cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
 user nginx nginx;
 worker_processes 4;
 events {
  worker_connections 8096;
  multi_accept on;
  use epoll;
 }
 pid /var/run/nginx.pid;
 worker_rlimit_nofile 40000;
 http {
  server_tokens off;
  server_names_hash_bucket_size 128;
  client_max_body_size 50M;
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for"';
  access_log /var/log/nginx/access.log main;
  error_log /var/log/nginx/error.log warn;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  client_body_timeout 12;
  client_header_timeout 12;
  keepalive_timeout 15;
  send_timeout 10;
  # Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
  gzip off;
  #gzip_vary on;
  #gzip_proxied expired no-cache no-store private auth any;
  #gzip_comp_level 9;
  #gzip_min_length 10240;
  #gzip_buffers 16 8k;
  #gzip_http_version 1.1;
  #gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
  #gzip_disable "MSIE [1-6].";
  include /etc/nginx/conf.d/*.conf;
 }
 ENDOFFILE
 # Fix NGINX worker_processes to number of CPU cores
 CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }')
 eval "sed -i 's/worker_processes.*/worker_processes  $CPUS;/g' /etc/nginx/nginx.conf"
 systemctl restart nginx
 # -------------------------------------------
 # MariaDB
 # -------------------------------------------
 if [[ -f "/root/.my.cnf" ]] ;
 then
    echo "MariaDB installed before, skip this part"
    SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf`
 else
    yum install mariadb-server -y
    systemctl start mariadb
    systemctl enable mariadb
    SQLROOTPW=$(pwgen)
    mysqladmin -u root password $SQLROOTPW
    cat > /root/.my.cnf <<EOF
 [client]
 user=root
 password=$SQLROOTPW
 EOF
  chmod 600 /root/.my.cnf
 fi
 # -------------------------------------------
 # Seafile init script
 # -------------------------------------------
 cat > /etc/systemd/system/seafile.service << EOF
 [Unit]
 Description=Seafile Server
 After=network.target remote-fs.target mariadb.service
 [Service]
 ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh start
 ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh stop
 User=${SEAFILE_SERVER_USER}
 Group=${SEAFILE_SERVER_USER}
 LimitNOFILE=infinity
 Type=oneshot
 RemainAfterExit=yes
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable seafile
 cat > /etc/systemd/system/seahub.service << EOF
 [Unit]
 Description=Seafile Seahub
 After=network.target seafile.service
 [Service]
 ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh start
 ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh stop
 User=${SEAFILE_SERVER_USER}
 Group=${SEAFILE_SERVER_USER}
 Type=oneshot
 RemainAfterExit=yes
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable seahub
 # Seafile restart script
 cat > /usr/local/sbin/seafile-server-restart << 'EOF'
 #!/bin/bash
 for ACTION in stop start ; do
    for SERVICE in seafile seahub ; do
      systemctl ${ACTION} ${SERVICE}
    done
 done
 EOF
 chmod 700 /usr/local/sbin/seafile-server-restart
 # -------------------------------------------
 # Seafile
 # -------------------------------------------
 mkdir -p ${SEAFILE_SERVER_HOME}/installed
 cd ${SEAFILE_SERVER_HOME}
 if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then
    curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
 else
    cp /opt/${SEAFILE_SERVER_PACKAGE} .
 fi
 tar xzf ${SEAFILE_SERVER_PACKAGE}
 mv ${SEAFILE_SERVER_PACKAGE} installed
 # -------------------------------------------
 # Seafile DB
 # -------------------------------------------
 if [[ -f "/opt/seafile.my.cnf" ]] ;
 then
  echo "MariaDB installed before, skip this part"
  SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf`
 else
  SQLSEAFILEPW=$(pwgen)
  cat > /opt/seafile.my.cnf <<EOF
 [client]
 user=seafile
 password=$SQLSEAFILEPW
 EOF
  chmod 600 /opt/seafile.my.cnf
 fi
 # -------------------------------------------
 # Add seafile user
 # -------------------------------------------
 useradd --system --comment "${SEAFILE_SERVER_USER}" ${SEAFILE_SERVER_USER} --home-dir  ${SEAFILE_SERVER_HOME}
 # -------------------------------------------
 # Go to /opt/seafile/seafile-pro-server-${SEAFILE_VERSION}
 # -------------------------------------------
 cd $INSTALLPATH
 # -------------------------------------------
 # Vars - Don't touch these unless you really know what you are doing!
 # -------------------------------------------
 TOPDIR=$(dirname "${INSTALLPATH}")
 DEFAULT_CONF_DIR=${TOPDIR}/conf
 SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
 DEST_SETTINGS_PY=${TOPDIR}/conf/seahub_settings.py
 mkdir -p ${DEFAULT_CONF_DIR}
 # -------------------------------------------
 # Create ccnet, seafile, seahub conf using setup script
 # -------------------------------------------
 ./setup-seafile-mysql.sh auto -u seafile -w ${SQLSEAFILEPW} -r ${SQLROOTPW}
 # -------------------------------------------
 # Configure Seafile WebDAV Server(SeafDAV)
 # -------------------------------------------
 sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
 sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
 sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
 # -------------------------------------------
 # Configuring seahub_settings.py
 # -------------------------------------------
 cat >> ${DEST_SETTINGS_PY} <<EOF
 CACHES = {
    'default': {
        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
        'LOCATION': '127.0.0.1:11211',
    },
    'locmem': {
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
    },
 }
 COMPRESS_CACHE_BACKEND = 'locmem'
 # EMAIL_USE_TLS                       = False
 # EMAIL_HOST                          = 'localhost'
 # EMAIL_HOST_USER                     = ''
 # EMAIL_HOST_PASSWORD                 = ''
 # EMAIL_PORT                          = '25'
 # DEFAULT_FROM_EMAIL                  = EMAIL_HOST_USER
 # SERVER_EMAIL                        = EMAIL_HOST_USER
 TIME_ZONE                           = '${TIME_ZONE}'
 SITE_BASE                           = 'http://${IP_OR_DOMAIN}'
 SITE_NAME                           = 'Seafile Server'
 SITE_TITLE                          = 'Seafile Server'
 SITE_ROOT                           = '/'
 ENABLE_SIGNUP                       = False
 ACTIVATE_AFTER_REGISTRATION         = False
 SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER  = True
 SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
 CLOUD_MODE                          = False
 FILE_PREVIEW_MAX_SIZE               = 30 * 1024 * 1024
 SESSION_COOKIE_AGE                  = 60 * 60 * 24 * 7 * 2
 SESSION_SAVE_EVERY_REQUEST          = False
 SESSION_EXPIRE_AT_BROWSER_CLOSE     = False
 FILE_SERVER_ROOT                    = 'http://${IP_OR_DOMAIN}/seafhttp'
 EOF
 # -------------------------------------------
 # Backup check_init_admin.py befor applying changes
 # -------------------------------------------
 cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
 # -------------------------------------------
 # Set admin credentials in check_init_admin.py
 # -------------------------------------------
 SEAFILE_ADMIN_PW=$(pwgen)
 eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
 eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
 # -------------------------------------------
 # Start and stop Seafile eco system. This generates the initial admin user.
 # -------------------------------------------
 chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
 su - seafile -c "${INSTALLPATH}/seafile.sh start"
 wait
 su - seafile -c "${INSTALLPATH}/seahub.sh start"
 wait                         # wait for a while, otherwise seahub will not be stopped
 su - seafile -c "${INSTALLPATH}/seahub.sh stop"
 wait
 su - seafile -c "${INSTALLPATH}/seafile.sh stop"
 wait
 sleep 1
 # -------------------------------------------
 # Restore original check_init_admin.py
 # -------------------------------------------
 mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
 if is_pro; then
    PRO_PY=${INSTALLPATH}/pro/pro.py
    $PYTHON ${PRO_PY} setup --mysql --mysql_host=127.0.0.1 --mysql_port=3306 --mysql_user=seafile --mysql_password=${SQLSEAFILEPW} --mysql_db=seahub_db
 fi
 # kill all process
 sleep 1
 systemctl stop seafile
 wait
 systemctl stop seahub
 wait
 sleep 1
 # -------------------------------------------
 # Fix permissions
 # -------------------------------------------
 chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
 if [[ -d /tmp/seafile-office-output/ ]]; then
    chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R /tmp/seafile-office-output/
 fi
 # -------------------------------------------
 # Restart seafile server
 # -------------------------------------------
 echo "Starting productive Seafile server"
 /usr/local/sbin/seafile-server-restart
 wait
 # -------------------------------------------
 # Final report
 # -------------------------------------------
 cat > ${TOPDIR}/aio_seafile-server.log<<EOF
  Your Seafile server is installed
  -----------------------------------------------------------------
  Server Address:      http://${IP_OR_DOMAIN}
  Seafile Admin:       ${SEAFILE_ADMIN}
  Admin Password:      ${SEAFILE_ADMIN_PW}
  Seafile Data Dir:    ${SEAFILE_DATA_DIR}
  Seafile DB Credentials:  Check /opt/seafile.my.cnf
  Root DB Credentials:     Check /root/.my.cnf
  This report is also saved to ${TOPDIR}/aio_seafile-server.log
  Next you should manually complete the following steps
  -----------------------------------------------------------------
  1) Log in to Seafile and configure your server domain via the system
     admin area if applicable.
  2) If this server is behind a firewall, you need to ensure that
     tcp port 80 is open.
  3) Seahub tries to send emails via the local server. Install and
     configure Postfix for this to work or
     check https://cloud.seafile.com/published/seafile-manual-cn/config/sending_email.md
     for instructions on how to use an existing email account via SMTP.
  Optional steps
  -----------------------------------------------------------------
  1) Check seahub_settings.py and customize it to fit your needs. Consult
     https://cloud.seafile.com/published/seafile-manual-cn/config/seahub_settings_py.md 
     for possible switches.
  2) Setup NGINX with official SSL certificate.
  3) Secure server with iptables based firewall. For instance: UFW or shorewall
  4) Harden system with port knocking, fail2ban, etc.
  5) Enable unattended installation of security updates. Check
     https://wiki.Ubuntu.org/UnattendedUpgrades for details.
  6) Implement a backup routine for your Seafile server.
  7) Update NGINX worker processes to reflect the number of CPU cores.
  Seafile support options
  -----------------------------------------------------------------
  For free community support visit:   https://bbs.seafile.com
  For paid commercial support visit:  https://seafile.com
 EOF
 chmod 600 ${TOPDIR}/aio_seafile-server.log
 clear
 cat ${TOPDIR}/aio_seafile-server.log
--- a/623
+++ b/623
@ -1,623 +0,0 @@
 #!/bin/bash
 #
 # seafile-server-installer/seafile-server-centos-7-amd64
 #
 # Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 #
 if [[ $HOME == "" ]]; then
    export HOME=/root
 fi
 if [[ $SEAFILE_DEBUG != "" ]]; then
    set -x
 fi
 set -e
 if [[ "$#" -ne 1 ]]; then
    echo "You must specif Seafile version to install"
    echo "Like: $0 7.0.0"
    exit 1
 fi
 clear
 cat <<EOF
  This script installs the community edition of the Seafile Server on a Centos 7 64bit
  - Newest Seafile server version, MariaDB, Memcached, NGINX -
  -----------------------------------------------------------------
  This installer is meant to run on a freshly installed machine
  only. If you run it on a production server things can and
  probably will go terrible wrong and you will loose valuable
  data!
  For questions or suggestions please contact us at
  support@seafile.com
  -----------------------------------------------------------------
  Possible options:
  1 = Seafile Community (Free) Edition (CE)
  2 = Seafile Professional Edition (PRO)
 EOF
 if [[ ${SEAFILE_PRO} == "" ]]; then
    PS3="Which Seafile version would you like to install? "
    select SEAFILE_SERVER_VERSION in CE PRO ABORT; do
        case "${SEAFILE_SERVER_VERSION}" in
            ABORT)
                echo "Aborting"
                break
                ;;
            "")
                echo "$REPLY: Wrong value. Select 1 or 2."
                ;;
            *)
                if [[ ${SEAFILE_SERVER_VERSION} = "PRO" ]]; then
                    SEAFILE_PRO=1
                else
                    SEAFILE_PRO=0
                fi
                break
        esac
    done
 fi
 is_pro() {
    if [[ "$SEAFILE_PRO" == "1" ]]; then
        return 0
    else
        return 1
    fi
 }
 echo
 if is_pro; then
    echo "This script will install Seafile Professional Edition for you."
 else
    echo "This script will install Seafile Community Edition for you."
 fi
 echo
 # -------------------------------------------
 # Vars
 # -------------------------------------------
 SEAFILE_ADMIN=admin@seafile.local
 SEAFILE_SERVER_USER=seafile
 SEAFILE_SERVER_HOME=/opt/seafile
 IP_OR_DOMAIN=127.0.0.1
 SEAFILE_VERSION=$1
 TIME_ZONE=Asia/Shanghai
 if is_pro; then
    SEAFILE_SERVER_PACKAGE=seafile-pro-server_${SEAFILE_VERSION}_x86-64.tar.gz
    if [[ ! -e /opt/$SEAFILE_SERVER_PACKAGE ]]; then
        echo
        echo "You must download \"$SEAFILE_SERVER_PACKAGE\" to the /opt/ folder before running this script!"
        echo
        exit 1
    fi
    INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-pro-server-${SEAFILE_VERSION}/
 else
    SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
    SEAFILE_SERVER_PACKAGE_URL=http://seafile-downloads.oss-cn-shanghai.aliyuncs.com/${SEAFILE_SERVER_PACKAGE}
    INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-server-${SEAFILE_VERSION}/
 fi
 # -------------------------------------------
 # Ensure we are running the installer as root
 # -------------------------------------------
 if [[ $EUID -ne 0 ]]; then
  echo "  Aborting because you are not root" ; exit 1
 fi
 # -------------------------------------------
 # Abort if directory /opt/seafile/ exists
 # -------------------------------------------
 if [[ -d "${SEAFILE_SERVER_HOME}" ]] ;
 then
  echo "  Aborting because directory ${SEAFILE_SERVER_HOME} already exist" ; exit 1
 fi
 # -------------------------------------------
 # Abort if directory /opt/seafile/ exists
 # -------------------------------------------
 if getent passwd ${SEAFILE_SERVER_USER} > /dev/null 2>&1 ;
 then
  echo "Aborting because user ${SEAFILE_SERVER_USER} already exist" ; exit 1
 fi
 # -------------------------------------------
 # Setup permissive selinux
 # -------------------------------------------
 # runtime
 enforce=`getenforce`
 if [[ "${enforce}" != "Disabled" ]]; then
    setenforce 0
 fi
 # permanently
 sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
 # -------------------------------------------
 # Setup firewall
 # -------------------------------------------
 yum install firewalld fail2ban -y
 # https://www.optimox.de/tutorials/linux-allgemein/centos-firewall-konfigurieren-mit-firewalld
 systemctl status firewalld &> /dev/null \
 && for i in ssh http https ; do firewall-cmd --zone=public --add-service=${i} --permanent ; done \
 && firewall-cmd --reload
 # -------------------------------------------
 # Additional requirements
 # -------------------------------------------
 # extra packages for enterprise linux
 yum install epel-release -y
 yum upgrade -y
 if [[ ${SEAFILE_VERSION} =~ 6\.[0-9]*\.[0-9]* ]]; then
    yum install python-setuptools MySQL-python memcached python-urllib3 \
        pwgen curl openssl python-ldap java-1.8.0-openjdk poppler-utils libreoffice python-requests \
        libreoffice-headless libreoffice-pyuno wqy-microhei-fonts wqy-zenhei-fonts wqy-unibit-fonts \
        gcc libffi-devel python-devel openssl-devel libmemcached libmemcached-devel python2-pip -y
    pip install pylibmc==1.6.0 django-pylibmc==0.6.1
    pip install --timeout=3600 Pillow==4.3.0
    pip install psd-tools==1.4
 else
    yum install python-setuptools MySQL-python memcached python-urllib3 \
        pwgen curl openssl python-ldap java-1.8.0-openjdk poppler-utils libreoffice \
        libreoffice-headless libreoffice-pyuno wqy-microhei-fonts wqy-zenhei-fonts wqy-unibit-fonts \
        libffi-devel openssl-devel libmemcached -y
 fi
 # start memcached on system boot
 systemctl enable --now memcached
 # -------------------------------------------
 # Install nginx
 # -------------------------------------------
 yum install nginx -y
 systemctl enable nginx
 rm -rf /etc/nginx/conf.d/*
 cat > /etc/nginx/conf.d/seafile.conf << EOF
 log_format seafileformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time';
 server {
    listen 80;
    server_name seafile.example.com;
    proxy_set_header X-Forwarded-For \$remote_addr;
    location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host \$host;
         proxy_set_header   X-Real-IP \$remote_addr;
         proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host \$server_name;
         proxy_set_header   X-Forwarded-Proto \$scheme;
         proxy_read_timeout  1200s;
         # used for view/edit office file via Office Online Server
         client_max_body_size 0;
         access_log      /var/log/nginx/seahub.access.log seafileformat;
         error_log       /var/log/nginx/seahub.error.log;
    }
    location /seafhttp {
        rewrite ^/seafhttp(.*)$ \$1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }
    location /media {
        root ${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub;
    }
    location /seafdav {
        fastcgi_pass    127.0.0.1:8080;
        fastcgi_param   SCRIPT_FILENAME     \$document_root\$fastcgi_script_name;
        fastcgi_param   PATH_INFO           \$fastcgi_script_name;
        fastcgi_param   SERVER_PROTOCOL     \$server_protocol;
        fastcgi_param   QUERY_STRING        \$query_string;
        fastcgi_param   REQUEST_METHOD      \$request_method;
        fastcgi_param   CONTENT_TYPE        \$content_type;
        fastcgi_param   CONTENT_LENGTH      \$content_length;
        fastcgi_param   SERVER_ADDR         \$server_addr;
        fastcgi_param   SERVER_PORT         \$server_port;
        fastcgi_param   SERVER_NAME         \$server_name;
        fastcgi_param   REMOTE_ADDR         \$remote_addr;
        client_max_body_size 0;
        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }
 }
 EOF
 # Create optimized nginx.conf
 cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
 cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
 user nginx nginx;
 worker_processes 4;
 events {
  worker_connections 8096;
  multi_accept on;
  use epoll;
 }
 pid /var/run/nginx.pid;
 worker_rlimit_nofile 40000;
 http {
  server_tokens off;
  server_names_hash_bucket_size 128;
  client_max_body_size 50M;
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for"';
  access_log /var/log/nginx/access.log main;
  error_log /var/log/nginx/error.log warn;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  client_body_timeout 12;
  client_header_timeout 12;
  keepalive_timeout 15;
  send_timeout 10;
  # Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
  gzip off;
  #gzip_vary on;
  #gzip_proxied expired no-cache no-store private auth any;
  #gzip_comp_level 9;
  #gzip_min_length 10240;
  #gzip_buffers 16 8k;
  #gzip_http_version 1.1;
  #gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
  #gzip_disable "MSIE [1-6].";
  include /etc/nginx/conf.d/*.conf;
 }
 ENDOFFILE
 # Fix NGINX worker_processes to number of CPU cores
 CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }')
 eval "sed -i 's/worker_processes.*/worker_processes  $CPUS;/g' /etc/nginx/nginx.conf"
 systemctl restart nginx
 # -------------------------------------------
 # MariaDB
 # -------------------------------------------
 if [[ -f "/root/.my.cnf" ]] ;
 then
    echo "MariaDB installed before, skip this part"
    SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf`
 else
    yum install mariadb-server -y
    systemctl start mariadb
    systemctl enable mariadb
    SQLROOTPW=$(pwgen)
    mysqladmin -u root password $SQLROOTPW
    cat > /root/.my.cnf <<EOF
 [client]
 user=root
 password=$SQLROOTPW
 EOF
  chmod 600 /root/.my.cnf
 fi
 # -------------------------------------------
 # Seafile init script
 # -------------------------------------------
 cat > /etc/systemd/system/seafile.service << EOF
 [Unit]
 Description=Seafile Server
 After=network.target remote-fs.target mariadb.service
 [Service]
 ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh start
 ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh stop
 User=${SEAFILE_SERVER_USER}
 Group=${SEAFILE_SERVER_USER}
 LimitNOFILE=infinity
 Type=oneshot
 RemainAfterExit=yes
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable seafile
 cat > /etc/systemd/system/seahub.service << EOF
 [Unit]
 Description=Seafile Seahub
 After=network.target seafile.service
 [Service]
 ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh start
 ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh stop
 User=${SEAFILE_SERVER_USER}
 Group=${SEAFILE_SERVER_USER}
 Type=oneshot
 RemainAfterExit=yes
 [Install]
 WantedBy=multi-user.target
 EOF
 systemctl enable seahub
 # Seafile restart script
 cat > /usr/local/sbin/seafile-server-restart << 'EOF'
 #!/bin/bash
 for ACTION in stop start ; do
    for SERVICE in seafile seahub ; do
      systemctl ${ACTION} ${SERVICE}
    done
 done
 EOF
 chmod 700 /usr/local/sbin/seafile-server-restart
 # -------------------------------------------
 # Seafile
 # -------------------------------------------
 mkdir -p ${SEAFILE_SERVER_HOME}/installed
 cd ${SEAFILE_SERVER_HOME}
 if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then
    curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
 else
    cp /opt/${SEAFILE_SERVER_PACKAGE} .
 fi
 tar xzf ${SEAFILE_SERVER_PACKAGE}
 mv ${SEAFILE_SERVER_PACKAGE} installed
 # -------------------------------------------
 # Seafile DB
 # -------------------------------------------
 if [[ -f "/opt/seafile.my.cnf" ]] ;
 then
  echo "MariaDB installed before, skip this part"
  SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf`
 else
  SQLSEAFILEPW=$(pwgen)
  cat > /opt/seafile.my.cnf <<EOF
 [client]
 user=seafile
 password=$SQLSEAFILEPW
 EOF
  chmod 600 /opt/seafile.my.cnf
 fi
 # -------------------------------------------
 # Add seafile user
 # -------------------------------------------
 useradd --system --comment "${SEAFILE_SERVER_USER}" ${SEAFILE_SERVER_USER} --home-dir  ${SEAFILE_SERVER_HOME}
 # -------------------------------------------
 # Go to /opt/seafile/seafile-pro-server-${SEAFILE_VERSION}
 # -------------------------------------------
 cd $INSTALLPATH
 # -------------------------------------------
 # Vars - Don't touch these unless you really know what you are doing!
 # -------------------------------------------
 TOPDIR=$(dirname "${INSTALLPATH}")
 DEFAULT_CONF_DIR=${TOPDIR}/conf
 SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
 DEST_SETTINGS_PY=${TOPDIR}/conf/seahub_settings.py
 mkdir -p ${DEFAULT_CONF_DIR}
 # -------------------------------------------
 # Create ccnet, seafile, seahub conf using setup script
 # -------------------------------------------
 ./setup-seafile-mysql.sh auto -u seafile -w ${SQLSEAFILEPW} -r ${SQLROOTPW}
 # -------------------------------------------
 # Configure Seafile WebDAV Server(SeafDAV)
 # -------------------------------------------
 sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
 sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
 sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
 # -------------------------------------------
 # Configuring seahub_settings.py
 # -------------------------------------------
 cat >> ${DEST_SETTINGS_PY} <<EOF
 CACHES = {
    'default': {
        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
        'LOCATION': '127.0.0.1:11211',
    },
    'locmem': {
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
    },
 }
 COMPRESS_CACHE_BACKEND = 'locmem'
 # EMAIL_USE_TLS                       = False
 # EMAIL_HOST                          = 'localhost'
 # EMAIL_HOST_USER                     = ''
 # EMAIL_HOST_PASSWORD                 = ''
 # EMAIL_PORT                          = '25'
 # DEFAULT_FROM_EMAIL                  = EMAIL_HOST_USER
 # SERVER_EMAIL                        = EMAIL_HOST_USER
 TIME_ZONE                           = '${TIME_ZONE}'
 SITE_BASE                           = 'http://${IP_OR_DOMAIN}'
 SITE_NAME                           = 'Seafile Server'
 SITE_TITLE                          = 'Seafile Server'
 SITE_ROOT                           = '/'
 ENABLE_SIGNUP                       = False
 ACTIVATE_AFTER_REGISTRATION         = False
 SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER  = True
 SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
 CLOUD_MODE                          = False
 FILE_PREVIEW_MAX_SIZE               = 30 * 1024 * 1024
 SESSION_COOKIE_AGE                  = 60 * 60 * 24 * 7 * 2
 SESSION_SAVE_EVERY_REQUEST          = False
 SESSION_EXPIRE_AT_BROWSER_CLOSE     = False
 FILE_SERVER_ROOT                    = 'http://${IP_OR_DOMAIN}/seafhttp'
 EOF
 # -------------------------------------------
 # Backup check_init_admin.py befor applying changes
 # -------------------------------------------
 cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
 # -------------------------------------------
 # Set admin credentials in check_init_admin.py
 # -------------------------------------------
 SEAFILE_ADMIN_PW=$(pwgen)
 eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
 eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
 # -------------------------------------------
 # Start and stop Seafile eco system. This generates the initial admin user.
 # -------------------------------------------
 ${INSTALLPATH}/seafile.sh start
 ${INSTALLPATH}/seahub.sh start
 sleep 2                         # sleep for a while, otherwise seahub will not be stopped
 ${INSTALLPATH}/seahub.sh stop
 sleep 1
 ${INSTALLPATH}/seafile.sh stop
 # -------------------------------------------
 # Restore original check_init_admin.py
 # -------------------------------------------
 mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
 if is_pro; then
    PRO_PY=${INSTALLPATH}/pro/pro.py
    $PYTHON ${PRO_PY} setup --mysql --mysql_host=127.0.0.1 --mysql_port=3306 --mysql_user=seafile --mysql_password=${SQLSEAFILEPW} --mysql_db=seahub_db
 fi
 # -------------------------------------------
 # Fix permissions
 # -------------------------------------------
 chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
 if [[ -d /tmp/seafile-office-output/ ]]; then
    chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R /tmp/seafile-office-output/
 fi
 # -------------------------------------------
 # Restart seafile server
 # -------------------------------------------
 /usr/local/sbin/seafile-server-restart
 # -------------------------------------------
 # Final report
 # -------------------------------------------
 cat > ${TOPDIR}/aio_seafile-server.log<<EOF
  Your Seafile server is installed
  -----------------------------------------------------------------
  Server Address:      http://${IP_OR_DOMAIN}
  Seafile Admin:       ${SEAFILE_ADMIN}
  Admin Password:      ${SEAFILE_ADMIN_PW}
  Seafile Data Dir:    ${SEAFILE_DATA_DIR}
  Seafile DB Credentials:  Check /opt/seafile.my.cnf
  Root DB Credentials:     Check /root/.my.cnf
  This report is also saved to ${TOPDIR}/aio_seafile-server.log
  Next you should manually complete the following steps
  -----------------------------------------------------------------
  1) Log in to Seafile and configure your server domain via the system
     admin area if applicable.
  2) If this server is behind a firewall, you need to ensure that
     tcp port 80 is open.
  3) Seahub tries to send emails via the local server. Install and
     configure Postfix for this to work or
     check https://manual.seafile.com/config/sending_email.html
     for instructions on how to use an existing email account via SMTP.
  Optional steps
  -----------------------------------------------------------------
  1) Check seahub_settings.py and customize it to fit your needs. Consult
     http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
  2) Setup NGINX with official SSL certificate.
  3) Secure server with iptables based firewall. For instance: UFW or shorewall
  4) Harden system with port knocking, fail2ban, etc.
  5) Enable unattended installation of security updates. Check
     https://wiki.Ubuntu.org/UnattendedUpgrades for details.
  6) Implement a backup routine for your Seafile server.
  7) Update NGINX worker processes to reflect the number of CPU cores.
  Seafile support options
  -----------------------------------------------------------------
  For free community support visit:   https://bbs.seafile.com
  For paid commercial support visit:  https://seafile.com
 EOF
 chmod 600 ${TOPDIR}/aio_seafile-server.log
 clear
 cat ${TOPDIR}/aio_seafile-server.log
--- a/532
+++ b/532
@ -1,532 +0,0 @@
 #!/bin/bash
 #
 # seafile-server-installer/seafile-server-ubuntu-16-04-amd64
 #
 # Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
 # Copyright 2016, Zheng Xie <xie.zheng@seafile.com>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 #
 if [[ $HOME == "" ]]; then
    export HOME=/root
 fi
 if [[ $SEAFILE_DEBUG != "" ]]; then
    set -x
 fi
 set -e
 if [[ "$#" -ne 1 ]]; then
    echo "You must specif Seafile version to install"
    echo "Like: $0 7.0.0"
    exit 1
 fi
 clear
 cat <<EOF
  This script installs the community edition of the Seafile Server on a Ubuntu 16.04 (Xenial) 64bit
  - Newest Seafile server version, MariaDB, Memcached, NGINX -
  -----------------------------------------------------------------
  This installer is meant to run on a freshly installed machine
  only. If you run it on a production server things can and
  probably will go terrible wrong and you will loose valuable
  data!
  For questions or suggestions please contact us at
  support@seafile.com
  -----------------------------------------------------------------
  Possible options:
  1 = Seafile Community (Free) Edition (CE)
  2 = Seafile Professional Edition (PRO)
 EOF
 if [[ ${SEAFILE_PRO} == "" ]]; then
    PS3="Which Seafile version would you like to install? "
    select SEAFILE_SERVER_VERSION in CE PRO ABORT; do
        case "${SEAFILE_SERVER_VERSION}" in
            ABORT)
                echo "Aborting"
                break
                ;;
            "")
                echo "$REPLY: Wrong value. Select 1 or 2."
                ;;
            *)
                if [[ ${SEAFILE_SERVER_VERSION} = "PRO" ]]; then
                    SEAFILE_PRO=1
                else
                    SEAFILE_PRO=0
                fi
                break
        esac
    done
 fi
 is_pro() {
    if [[ "$SEAFILE_PRO" == "1" ]]; then
        return 0
    else
        return 1
    fi
 }
 echo
 if is_pro; then
    echo "This script will install Seafile Professional Edition for you."
 else
    echo "This script will install Seafile Community Edition for you."
 fi
 echo
 # -------------------------------------------
 # Vars
 # -------------------------------------------
 SEAFILE_ADMIN=admin@seafile.local
 SEAFILE_SERVER_USER=seafile
 SEAFILE_SERVER_HOME=/opt/seafile
 IP_OR_DOMAIN=127.0.0.1
 SEAFILE_VERSION=$1
 TIME_ZONE=Asia/Shanghai
 if is_pro; then
    SEAFILE_SERVER_PACKAGE=seafile-pro-server_${SEAFILE_VERSION}_x86-64.tar.gz
    if [[ ! -e /opt/$SEAFILE_SERVER_PACKAGE ]]; then
        echo
        echo "You must download \"$SEAFILE_SERVER_PACKAGE\" to the /opt/ folder before running this script!"
        echo
        exit 1
    fi
    INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-pro-server-${SEAFILE_VERSION}/
 else
    SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
    SEAFILE_SERVER_PACKAGE_URL=http://seafile-downloads.oss-cn-shanghai.aliyuncs.com/${SEAFILE_SERVER_PACKAGE}
    INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-server-${SEAFILE_VERSION}/
 fi
 # -------------------------------------------
 # Ensure we are running the installer as root
 # -------------------------------------------
 if [[ $EUID -ne 0 ]]; then
  echo "  Aborting because you are not root" ; exit 1
 fi
 # -------------------------------------------
 # Abort if directory SEAFILE_SERVER_HOME exists
 # -------------------------------------------
 if [[ -d "${SEAFILE_SERVER_HOME}" ]] ;
 then
  echo "  Aborting because directory ${SEAFILE_SERVER_HOME} already exist" ; exit 1
 fi
 # -------------------------------------------
 # Additional requirements
 # -------------------------------------------
 apt-get update
 if [[ ${SEAFILE_VERSION} =~ 6\.[0-9]*\.[0-9]* ]]; then
    apt-get install -y python2.7 sudo python-pip python-setuptools python-mysqldb python-ldap python-urllib3 \
    openjdk-8-jre memcached libmemcached-dev zlib1g-dev pwgen curl openssl poppler-utils libpython2.7 libreoffice \
    libreoffice-script-provider-python ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy nginx python-requests
    pip install pylibmc==1.6.0 django-pylibmc==0.6.1
    pip install --timeout=3600 Pillow==4.3.0
    pip install psd-tools==1.4
 else
    apt-get install -y python2.7 sudo python-setuptools python-mysqldb python-ldap python-urllib3 \
    openjdk-8-jre memcached libmemcached-dev zlib1g-dev pwgen curl openssl poppler-utils libpython2.7 libreoffice \
    libreoffice-script-provider-python ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy nginx
 fi
 rm /etc/nginx/sites-enabled/*
 cat > /etc/nginx/sites-available/seafile.conf << EOF
 log_format seafileformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time';
 server {
    listen 80;
    server_name seafile.example.com;
    proxy_set_header X-Forwarded-For \$remote_addr;
    location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host \$host;
         proxy_set_header   X-Real-IP \$remote_addr;
         proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host \$server_name;
         proxy_set_header   X-Forwarded-Proto \$scheme;
         proxy_read_timeout  1200s;
         # used for view/edit office file via Office Online Server
         client_max_body_size 0;
         access_log      /var/log/nginx/seahub.access.log seafileformat;
         error_log       /var/log/nginx/seahub.error.log;
    }
    location /seafhttp {
         rewrite ^/seafhttp(.*)$ \$1 break;
         proxy_pass http://127.0.0.1:8082;
         client_max_body_size 0;
         proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
         proxy_connect_timeout  36000s;
         proxy_read_timeout  36000s;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }
    location /media {
        root ${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub;
    }
    location /seafdav {
        fastcgi_pass    127.0.0.1:8080;
        fastcgi_param   SCRIPT_FILENAME     \$document_root\$fastcgi_script_name;
        fastcgi_param   PATH_INFO           \$fastcgi_script_name;
        fastcgi_param   SERVER_PROTOCOL     \$server_protocol;
        fastcgi_param   QUERY_STRING        \$query_string;
        fastcgi_param   REQUEST_METHOD      \$request_method;
        fastcgi_param   CONTENT_TYPE        \$content_type;
        fastcgi_param   CONTENT_LENGTH      \$content_length;
        fastcgi_param   SERVER_ADDR         \$server_addr;
        fastcgi_param   SERVER_PORT         \$server_port;
        fastcgi_param   SERVER_NAME         \$server_name;
        fastcgi_param   REMOTE_ADDR         \$remote_addr;
        client_max_body_size 0;
        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }
 }
 EOF
 ln -sf /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf
 service nginx restart
 # -------------------------------------------
 # MariaDB
 # -------------------------------------------
 if [[ -f "/root/.my.cnf" ]] ;
 then
  echo "MariaDB installed before, skip this part"
  SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf`
 else
  DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server
  SQLROOTPW=$(pwgen)
  mysqladmin -u root password $SQLROOTPW
  cat > /root/.my.cnf <<EOF
 [client]
 user=root
 password=$SQLROOTPW
 EOF
  chmod 600 /root/.my.cnf
 fi
 # -------------------------------------------
 # Seafile init script
 # -------------------------------------------
 cat > /etc/init.d/seafile-server << EOF
 #!/bin/bash
 ### BEGIN INIT INFO
 # Provides:          seafile-server
 # Required-Start:    \$remote_fs \$syslog mysql
 # Required-Stop:     \$remote_fs \$syslog
 # Default-Start:     2 3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: Seafile server
 # Description:       Start Seafile server
 ### END INIT INFO
 # Author: Alexander Jackson <alexander.jackson@seafile.com.de>
 # Change the value of "seafile_dir" to your path of seafile installation
 user=${SEAFILE_SERVER_USER}
 seafile_dir=${SEAFILE_SERVER_HOME}
 script_path=\${seafile_dir}/seafile-server-latest
 seafile_init_log=\${seafile_dir}/logs/seafile.init.log
 seahub_init_log=\${seafile_dir}/logs/seahub.init.log
 case "\$1" in
        start)
                sudo -u \${user} \${script_path}/seafile.sh start >> \${seafile_init_log}
                sudo -u \${user} \${script_path}/seahub.sh start >> \${seahub_init_log}
        ;;
        restart)
                sudo -u \${user} \${script_path}/seafile.sh restart >> \${seafile_init_log}
                sudo -u \${user} \${script_path}/seahub.sh restart >> \${seahub_init_log}
        ;;
        stop)
                sudo -u \${user} \${script_path}/seafile.sh \$1 >> \${seafile_init_log}
                sudo -u \${user} \${script_path}/seahub.sh \$1 >> \${seahub_init_log}
        ;;
        *)
                echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
                exit 1
        ;;
 esac
 EOF
 chmod +x /etc/init.d/seafile-server
 update-rc.d seafile-server defaults
 # -------------------------------------------
 # Seafile
 # -------------------------------------------
 mkdir -p ${SEAFILE_SERVER_HOME}/installed
 cd ${SEAFILE_SERVER_HOME}
 if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then
    curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
 else
    cp /opt/${SEAFILE_SERVER_PACKAGE} .
 fi
 tar xzf ${SEAFILE_SERVER_PACKAGE}
 mv ${SEAFILE_SERVER_PACKAGE} installed
 # -------------------------------------------
 # Seafile DB
 # -------------------------------------------
 if [[ -f "/opt/seafile.my.cnf" ]] ;
 then
  echo "MariaDB installed before, skip this part"
  SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf`
 else
  SQLSEAFILEPW=$(pwgen)
  cat > /opt/seafile.my.cnf <<EOF
 [client]
 user=seafile
 password=$SQLSEAFILEPW
 EOF
  chmod 600 /opt/seafile.my.cnf
 fi
 # -------------------------------------------
 # Add seafile user
 # -------------------------------------------
 useradd --system --comment "${SEAFILE_SERVER_USER}" ${SEAFILE_SERVER_USER} --home-dir  ${SEAFILE_SERVER_HOME}
 # -------------------------------------------
 # Go to /opt/seafile/seafile-pro-server-${SEAFILE_VERSION}
 # -------------------------------------------
 cd $INSTALLPATH
 # -------------------------------------------
 # Vars - Don't touch these unless you really know what you are doing!
 # -------------------------------------------
 TOPDIR=$(dirname "${INSTALLPATH}")
 DEFAULT_CONF_DIR=${TOPDIR}/conf
 SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
 DEST_SETTINGS_PY=${TOPDIR}/conf/seahub_settings.py
 mkdir -p ${DEFAULT_CONF_DIR}
 # -------------------------------------------
 # Create ccnet, seafile, seahub conf using setup script
 # -------------------------------------------
 ./setup-seafile-mysql.sh auto -u seafile -w ${SQLSEAFILEPW} -r ${SQLROOTPW}
 # -------------------------------------------
 # Configure Seafile WebDAV Server(SeafDAV)
 # -------------------------------------------
 sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
 sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
 sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
 # -------------------------------------------
 # Configuring seahub_settings.py
 # -------------------------------------------
 cat >> ${DEST_SETTINGS_PY} <<EOF
 CACHES = {
    'default': {
        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
        'LOCATION': '127.0.0.1:11211',
    },
    'locmem': {
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
    },
 }
 COMPRESS_CACHE_BACKEND = 'locmem'
 # EMAIL_USE_TLS                       = False
 # EMAIL_HOST                          = 'localhost'
 # EMAIL_HOST_USER                     = ''
 # EMAIL_HOST_PASSWORD                 = ''
 # EMAIL_PORT                          = '25'
 # DEFAULT_FROM_EMAIL                  = EMAIL_HOST_USER
 # SERVER_EMAIL                        = EMAIL_HOST_USER
 TIME_ZONE                           = '${TIME_ZONE}'
 SITE_BASE                           = 'http://${IP_OR_DOMAIN}'
 SITE_NAME                           = 'Seafile Server'
 SITE_TITLE                          = 'Seafile Server'
 SITE_ROOT                           = '/'
 ENABLE_SIGNUP                       = False
 ACTIVATE_AFTER_REGISTRATION         = False
 SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER  = True
 SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
 CLOUD_MODE                          = False
 FILE_PREVIEW_MAX_SIZE               = 30 * 1024 * 1024
 SESSION_COOKIE_AGE                  = 60 * 60 * 24 * 7 * 2
 SESSION_SAVE_EVERY_REQUEST          = False
 SESSION_EXPIRE_AT_BROWSER_CLOSE     = False
 FILE_SERVER_ROOT                    = 'http://${IP_OR_DOMAIN}/seafhttp'
 EOF
 # -------------------------------------------
 # Backup check_init_admin.py befor applying changes
 # -------------------------------------------
 cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
 # -------------------------------------------
 # Set admin credentials in check_init_admin.py
 # -------------------------------------------
 SEAFILE_ADMIN_PW=$(pwgen)
 eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
 eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
 # -------------------------------------------
 # Start and stop Seafile eco system. This generates the initial admin user.
 # -------------------------------------------
 ${INSTALLPATH}/seafile.sh start
 ${INSTALLPATH}/seahub.sh start
 sleep 2                         # sleep for a while, otherwise seahub will not be stopped
 ${INSTALLPATH}/seahub.sh stop
 sleep 1
 ${INSTALLPATH}/seafile.sh stop
 # -------------------------------------------
 # Restore original check_init_admin.py
 # -------------------------------------------
 mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
 if is_pro; then
    PRO_PY=${INSTALLPATH}/pro/pro.py
    $PYTHON ${PRO_PY} setup --mysql --mysql_host=127.0.0.1 --mysql_port=3306 --mysql_user=seafile --mysql_password=${SQLSEAFILEPW} --mysql_db=seahub_db
 fi
 # -------------------------------------------
 # Fix permissions
 # -------------------------------------------
 chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
 if [[ -d /tmp/seafile-office-output/ ]]; then
    chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R /tmp/seafile-office-output/
 fi
 # -------------------------------------------
 # Start seafile server
 # -------------------------------------------
 echo "Starting productive Seafile server"
 service seafile-server start
 # -------------------------------------------
 # Final report
 # -------------------------------------------
 cat > ${TOPDIR}/aio_seafile-server.log<<EOF
  Your Seafile server is installed
  -----------------------------------------------------------------
  Server Address:      http://${IP_OR_DOMAIN}
  Seafile Admin:       ${SEAFILE_ADMIN}
  Admin Password:      ${SEAFILE_ADMIN_PW}
  Seafile Data Dir:    ${SEAFILE_DATA_DIR}
  Seafile DB Credentials:  Check /opt/seafile.my.cnf
  Root DB Credentials:     Check /root/.my.cnf
  This report is also saved to ${TOPDIR}/aio_seafile-server.log
  Next you should manually complete the following steps
  -----------------------------------------------------------------
  1) Log in to Seafile and configure your server domain via the system
     admin area if applicable.
  2) If this server is behind a firewall, you need to ensure that
     tcp port 80 is open.
  3) Seahub tries to send emails via the local server. Install and
     configure Postfix for this to work or
     check https://manual.seafile.com/config/sending_email.html
     for instructions on how to use an existing email account via SMTP.
  Optional steps
  -----------------------------------------------------------------
  1) Check seahub_settings.py and customize it to fit your needs. Consult
     http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
  2) Setup NGINX with official SSL certificate.
  3) Secure server with iptables based firewall. For instance: UFW or shorewall
  4) Harden system with port knocking, fail2ban, etc.
  5) Enable unattended installation of security updates. Check
     https://wiki.Ubuntu.org/UnattendedUpgrades for details.
  6) Implement a backup routine for your Seafile server.
  7) Update NGINX worker processes to reflect the number of CPU cores.
  Seafile support options
  -----------------------------------------------------------------
  For free community support visit:   https://bbs.seafile.com
  For paid commercial support visit:  https://seafile.com
 EOF
 chmod 600 ${TOPDIR}/aio_seafile-server.log
 clear
 cat ${TOPDIR}/aio_seafile-server.log
--- a/169
+++ b/169
@ -1,169 +0,0 @@
 #!/bin/bash
 #
 # seafile-server-installer/startssl-certificate-generator
 #
 # Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Affero General Public License for more details.
 #
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #
 #
 #set -x
 # -------------------------------------------
 # Vars
 # -------------------------------------------
 CLASS_DEFAULT=1
 RSA=4096
 # -------------------------------------------
 # About
 # -------------------------------------------
 cat << EOF
  StartSSL certificate creator for NGINX
  Go to https://www.startssl.com and sign up. Decide
  if the free class1 certs are good enough or if you
  need paid class2 or class3 certificates. Class1
  certificates are the default after signing up. You
  don't need to do anything else to issue class1 certs.
  For questions or suggestions please contact me at
  alexander.jackson@seafile.de
  -----------------------------------------------------------------
  Hit return to proceed or CTRL-C to abort.
 EOF
 read dummy
 # -------------------------------------------
 # Start working
 # -------------------------------------------
 read -p "New certs class? [$CLASS_DEFAULT]" CLASS
 CLASS="${CLASS:-$CLASS_DEFAULT}"
 if [[ $CLASS > 3 ]]; then
  echo Wrong class type. Select 1, 2 or 3. Aborting.. ; exit 1
 fi
 read -p "New certs domain name? " DOMAIN
 CERT_DIR=$(pwd)/certs/${DOMAIN}
 # -------------------------------------------
 # Abort if CERT_DIR exists
 # -------------------------------------------
 if [[ -d "${CERT_DIR}" ]] ;
 then
  echo " Aborting because directory ${CERT_DIR} already exist" ; exit 1
 fi
 mkdir -p ${CERT_DIR}
 # -------------------------------------------
 # Create certificate signing request and private key in batch mode
 # -------------------------------------------
 openssl req -new -nodes -keyout ${CERT_DIR}/${DOMAIN}.key -out ${CERT_DIR}/${DOMAIN}.csr -newkey rsa:${RSA} -batch
 # -------------------------------------------
 # Print instructions
 # -------------------------------------------
 cat << EOF
  Follow these steps next:
  1. Go to https://www.startssl.com >
  2. Certificates Wizard >
  3. Certificate Target: (Web Server SSL/TLS Certificate) > Continue >
  4. Generate Private Key > Skip >
  5. Submit Certificate Request (CSR) (Paste your csr shown below)
 EOF
 cat ${CERT_DIR}/${DOMAIN}.csr
 # -------------------------------------------
 # Print more instructions
 # -------------------------------------------
 cat << EOF
  6. Continue >>
  7. Certificate Request Received > Continue >>
  8. Add Domains: (select your domain)
  9. Optionally Add Domains > Add More < (repeat until happy) > Continue >>
 10. Ready Processing Certificate > Continue >>
 EOF
 echo "Hit return when the certificate is displayed."
 read dummy
 echo "Replace content with certificate, save and exit." > ${CERT_DIR}/${DOMAIN}.crt
 nano ${CERT_DIR}/${DOMAIN}.crt
 echo "Creating class ${CLASS} chained certificate for NGINX"
 # -------------------------------------------
 # Create certificate change for usage with NGINX
 # -------------------------------------------
 cat ${CERT_DIR}/${DOMAIN}.crt > ${CERT_DIR}/${DOMAIN}_chained.crt
 if [[ $CLASS -eq 1 ]]; then
  wget -O - https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem >> ${CERT_DIR}/${DOMAIN}_chained.crt
 fi
 if [[ $CLASS -eq 2 ]]; then
  wget -O - https://www.startssl.com/certs/class2/sha2/pem/sub.class2.server.sha2.ca.pem >> ${CERT_DIR}/${DOMAIN}_chained.crt
 fi
 if [[ $CLASS -eq 3 ]]; then
  wget -O - https://www.startssl.com/certs/class3/sha2/pem/sub.class3.server.sha2.ca.pem >> ${CERT_DIR}/${DOMAIN}_chained.crt
 fi
 wget -O - https://www.startssl.com/certs/ca-sha2.pem >> ${CERT_DIR}/${DOMAIN}_chained.crt
 # -------------------------------------------
 # List new csr and key for informational value
 # -------------------------------------------
 echo "Our newly Created files:"
 ls -ahl ${CERT_DIR}
 # -------------------------------------------
 # Print
 # -------------------------------------------
 cat << EOF
  Implementation example for NGINX:
  [...]
  ssl on;
  ssl_certificate ${CERT_DIR}/${DOMAIN}_chained.crt;
  ssl_certificate_key ${CERT_DIR}/${DOMAIN}.key;
  [...]
  Finished!
 EOF
--- a/tests/assert.sh
+++ b/tests/assert.sh
@ -1,139 +0,0 @@
 #!/bin/bash
 # assert.sh 1.0 - bash unit testing framework
 # Copyright (C) 2009, 2010, 2011, 2012 Robert Lehmann
 #
 # http://github.com/lehmannro/assert.sh
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Lesser General Public License as published
 # by the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU Lesser General Public License for more details.
 #
 # You should have received a copy of the GNU Lesser General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 export DISCOVERONLY=${DISCOVERONLY:-}
 export DEBUG=${DEBUG:-}
 export STOP=${STOP:-}
 export INVARIANT=${INVARIANT:-}
 args="$(getopt -n "$0" -l verbose,help,stop,discover,invariant vhxdi $*)" \
 || exit -1
 for arg in $args; do
    case "$arg" in
        -h)
            echo "$0 [-vxid] [--verbose] [--stop] [--invariant] [--discover]"
            echo "`sed 's/./ /g' <<< "$0"` [-h] [--help]"
            exit 0;;
        --help)
            cat <<EOF
 Usage: $0 [options]
 Language-agnostic unit tests for subprocesses.
 Options:
  -v, --verbose    generate output for every individual test case
  -x, --stop       stop running tests after the first failure
  -i, --invariant  do not measure timings to remain invariant between runs
  -d, --discover   collect test suites only, do not run any tests
  -h               show brief usage information and exit
  --help           show this help message and exit
 EOF
            exit 0;;
        -v|--verbose)
            DEBUG=1;;
        -x|--stop)
            STOP=1;;
        -i|--invariant)
            INVARIANT=1;;
        -d|--discover)
            DISCOVERONLY=1;;
    esac
 done
 printf -v _indent "\n\t" # local format helper
 _assert_reset() {
    tests_ran=0
    tests_failed=0
    tests_errors=()
    tests_starttime="$(date +%s.%N)" # seconds_since_epoch.nanoseconds
 }
 assert_end() {
    # assert_end [suite ..]
    tests_endtime="$(date +%s.%N)"
    tests="$tests_ran ${*:+$* }tests"
    [[ -n "$DISCOVERONLY" ]] && echo "collected $tests." && _assert_reset && return
    [[ -n "$DEBUG" ]] && echo
    [[ -z "$INVARIANT" ]] && report_time=" in $(bc \
        <<< "${tests_endtime%.N} - ${tests_starttime%.N}" \
        | sed -e 's/\.\([0-9]\{0,3\}\)[0-9]*/.\1/' -e 's/^\./0./')s" \
        || report_time=
    if [[ "$tests_failed" -eq 0 ]]; then
        echo "all $tests passed$report_time."
    else
        for error in "${tests_errors[@]}"; do echo "$error"; done
        echo "$tests_failed of $tests failed$report_time."
    fi
    tests_failed_previous=$tests_failed
    _assert_reset
    return $tests_failed_previous
 }
 assert() {
    # assert <command> <expected stdout> [stdin]
    (( tests_ran++ ))
    [[ -n "$DISCOVERONLY" ]] && return
    # printf required for formatting
    printf -v expected "x${2:-}" # x required to overwrite older results
    result="$(eval 2>/dev/null $1 <<< ${3:-})"
    # Note: $expected is already decorated
    if [[ "x$result" == "$expected" ]]; then
        [[ -n "$DEBUG" ]] && echo -n .
        return
    fi
    [[ -n "$DEBUG" ]] && echo -n X
    result="$(sed -e :a -e '$!N;s/\n/\\n/;ta' <<< "$result")"
    [[ -z "$result" ]] && result="nothing" || result="\"$result\""
    [[ -z "$2" ]] && expected="nothing" || expected="\"$2\""
    failure="expected $expected${_indent}got $result"
    report="test #$tests_ran \"$1${3:+ <<< $3}\" failed:${_indent}$failure"
    tests_errors[$tests_failed]="$report"
    (( tests_failed++ ))
    if [[ -n "$STOP" ]]; then
        [[ -n "$DEBUG" ]] && echo
        echo "$report"
        exit 1
    fi
 }
 assert_raises() {
    # assert_raises <command> <expected code> [stdin]
    (( tests_ran++ ))
    [[ -n "$DISCOVERONLY" ]] && return
    (eval $1 <<< ${3:-}) > /dev/null 2>&1
    status=$?
    expected=${2:-0}
    if [[ "$status" -eq "$expected" ]]; then
        [[ -n "$DEBUG" ]] && echo -n .
        return
    fi
    [[ -n "$DEBUG" ]] && echo -n X
    failure="program terminated with code $status instead of $expected"
    report="test #$tests_ran \"$1${3:+ <<< $3}\" failed:${_indent}$failure"
    tests_errors[$tests_failed]="$report"
    (( tests_failed++ ))
    if [[ -n "$STOP" ]]; then
        [[ -n "$DEBUG" ]] && echo
        echo "$report"
        exit 1
    fi
 }
 _assert_reset
--- a/tests/post-deploy_test.sh
+++ b/tests/post-deploy_test.sh
@ -1,5 +0,0 @@
 #!/bin/bash
 . tests/assert.sh
 echo "Tests for seafile server package..."