mirror of
https://github.com/haiwen/seafile-server-installer-cn
synced 2024-09-20 08:15:28 +00:00
update
This commit is contained in:
parent
ad00df1edb
commit
cc0b624944
15
.travis.yml
15
.travis.yml
|
@ -1,15 +0,0 @@
|
||||||
sudo: required
|
|
||||||
language: bash
|
|
||||||
|
|
||||||
services:
|
|
||||||
- docker
|
|
||||||
|
|
||||||
env:
|
|
||||||
global:
|
|
||||||
- LANG=en_US.UTF-8
|
|
||||||
- LC_ALL=en_US.UTF-8
|
|
||||||
|
|
||||||
before_install:
|
|
||||||
- docker run xiez/seafile-pro:v1.2 /bin/bash -c "export TERM=xterm && echo 2 | bash seafile-server-ubuntu-14-04-amd64-http 5.1.10"
|
|
||||||
|
|
||||||
script: make test
|
|
18
Dockerfile
18
Dockerfile
|
@ -1,18 +0,0 @@
|
||||||
FROM ubuntu:14.04
|
|
||||||
MAINTAINER Zheng Xie <xie.zheng@seafile.com>
|
|
||||||
|
|
||||||
RUN apt-get update
|
|
||||||
RUN apt-get install -y sudo wget python-pip python-setuptools python-imaging python-mysqldb python-ldap python-urllib3 \
|
|
||||||
openjdk-7-jre memcached python-memcache pwgen curl openssl poppler-utils libpython2.7 libreoffice \
|
|
||||||
libreoffice-script-provider-python ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy nginx
|
|
||||||
|
|
||||||
# Avoid ERROR: invoke-rc.d: policy-rc.d denied execution of start.
|
|
||||||
RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d
|
|
||||||
|
|
||||||
WORKDIR /root
|
|
||||||
ADD . /root/
|
|
||||||
|
|
||||||
ADD https://download.seafile.com/d/6e5297246c/files/?p=/pro/seafile-pro-server_5.1.10_x86-64.tar.gz&dl=1 /opt/seafile-pro-server_5.1.10_x86-64.tar.gz
|
|
||||||
|
|
||||||
# Clean up for smaller image
|
|
||||||
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
|
95
README.md
95
README.md
|
@ -1,60 +1,37 @@
|
||||||
[![Build Status](https://travis-ci.org/haiwen/seafile-server-installer-cn.svg?branch=master)](https://travis-ci.org/haiwen/seafile-server-installer-cn)
|
|
||||||
|
|
||||||
# Seafile 安装脚本
|
# Seafile 安装脚本
|
||||||
|
|
||||||
这里的安装脚本可以帮助您快速的安装好 Seafile 服务器,并配置好 MariaDB, Memcached, WebDAV, Ngnix 和开机自动启动脚本。
|
一键安装脚本可以帮助您在 Ubuntu 18.04/20.04 系统上快速的安装好 Seafile 服务器,并配置好 MariaDB, Memcached, WebDAV, Ngnix 和开机自动启动脚本。
|
||||||
|
|
||||||
|
|
||||||
## 使用步骤
|
## 使用步骤
|
||||||
|
|
||||||
安装干净的 Ubuntu 16.04/18.04 或 CentOS 7/8 系统,并**做好镜像** (如果安装失败需要还原到镜像)。
|
安装干净的 Ubuntu 18.04/20.04,并**做好镜像** (如果安装失败需要还原到镜像)。
|
||||||
|
|
||||||
|
切换成 root 账号 (`sudo -i`)
|
||||||
|
|
||||||
切换成 root 账号 (sudo -i)
|
|
||||||
|
|
||||||
### 获取安装脚本
|
### 获取安装脚本
|
||||||
|
|
||||||
- 适用于 Seafile 7.1.x 及以上版本
|
适用于 Seafile 8.0.x 及以上版本
|
||||||
|
|
||||||
Ubuntu 18.04 (64bit):
|
|
||||||
```sh
|
```sh
|
||||||
wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-7.1-ubuntu-amd64-http
|
wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-8.0_ubuntu
|
||||||
```
|
```
|
||||||
|
|
||||||
CentOS 8 (64bit):
|
### 运行安装脚本并指定要安装的版本 (例如 8.0.0)
|
||||||
```sh
|
|
||||||
wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-7.1-centos-amd64-http
|
|
||||||
```
|
|
||||||
|
|
||||||
- 适用于 Seafile 6.x.x 及以上版本
|
|
||||||
|
|
||||||
Ubuntu 16.04/18.04 (64bit):
|
|
||||||
```sh
|
|
||||||
wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-ubuntu-amd64-http
|
|
||||||
```
|
```
|
||||||
|
bash seafile-8.0_ubuntu 8.0.0
|
||||||
CentOS 7 (64bit):
|
|
||||||
```sh
|
|
||||||
wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-centos-7-amd64-http
|
|
||||||
```
|
|
||||||
|
|
||||||
### 运行安装脚本并指定要安装的版本 (例如 6.0.13)
|
|
||||||
|
|
||||||
Ubuntu 16.04/18.04 (64bit):
|
|
||||||
```
|
|
||||||
bash seafile-server-ubuntu-amd64-http 6.0.13
|
|
||||||
```
|
|
||||||
|
|
||||||
CentOS 7 (64bit):
|
|
||||||
```
|
|
||||||
bash seafile-server-centos-7-amd64-http 6.0.13
|
|
||||||
```
|
```
|
||||||
|
|
||||||
脚本会让您选择要安装的版本, 按照提示进行选择即可:
|
脚本会让您选择要安装的版本, 按照提示进行选择即可:
|
||||||
|
|
||||||
* 如果要安装专业版, 需要先将下载好的专业版的包 `seafile-pro-server_6.0.13_x86-64.tar.gz` 放到 `/opt/` 目录下
|
* 如果要安装专业版, 需要先将下载好的专业版的包 `seafile-pro-server_8.0.0_x86-64.tar.gz` 放到 `/opt/` 目录下
|
||||||
* 如果是安装开源版,安装脚本在执行过程中会检查 `/opt`目录下是否有指定版本号的安装包,如果存在则会安装此包,否则会从 Seafile 网站下载。所以,为了避免因下载失败而导致安装中断,您可以提前下载好安装包放到`/opt/`目录下。
|
* 如果是安装开源版,安装脚本在执行过程中会检查 `/opt`目录下是否有指定版本号的安装包,如果存在则会安装此包,否则会从 Seafile 网站下载。所以,为了避免因下载失败而导致安装中断,您可以提前下载好安装包放到`/opt/`目录下。
|
||||||
|
|
||||||
该脚本运行完后会在命令行中打印配置信息和管理员账号密码,请仔细阅读。(您也可以查看安装日志`/opt/seafile/aio_seafile-server.log`),MySQL 的 root 用户密码存储在 `/root/.my.cnf` 中;MySQL 的 seafile 用户密码存储在 `/opt/seafile.my.cnf` 中。
|
该脚本运行完后会在命令行中打印配置信息和管理员账号密码,请仔细阅读。(您也可以查看安装日志`/opt/seafile/aio_seafile-server.log`),MySQL 的 root 用户密码存储在 `/root/.my.cnf` 中;MySQL 的 seafile 用户密码存储在 `/opt/seafile.my.cnf` 中。
|
||||||
|
|
||||||
|
|
||||||
### 通过 Web UI 对服务器进行配置
|
### 通过 Web UI 对服务器进行配置
|
||||||
|
|
||||||
安装完成后,您需要通过 Web UI 服务器进行基本的配置,以便能正常的从网页端进行文件的上传和下载:
|
安装完成后,您需要通过 Web UI 服务器进行基本的配置,以便能正常的从网页端进行文件的上传和下载:
|
||||||
|
@ -62,67 +39,27 @@ bash seafile-server-centos-7-amd64-http 6.0.13
|
||||||
1. 首先在浏览器中输入服务器的地址,并用管理员账号和初始密码登录
|
1. 首先在浏览器中输入服务器的地址,并用管理员账号和初始密码登录
|
||||||
|
|
||||||
2. 点击界面的右上角的头像按钮进入管理员界面
|
2. 点击界面的右上角的头像按钮进入管理员界面
|
||||||
|
![管理员入口](./images/system-admin-entrance.png)
|
||||||
![管理员入口](http://manual-cn.seafile.com/images/system-admin-entrance.png)
|
|
||||||
|
|
||||||
3. 进入设置页面填写正确的服务器对外的 SERVICE_URL 和 FILE_SERVER_ROOT,比如
|
3. 进入设置页面填写正确的服务器对外的 SERVICE_URL 和 FILE_SERVER_ROOT,比如
|
||||||
|
|
||||||
```
|
```
|
||||||
SERVICE_URL: http://www.myseafile.com
|
SERVICE_URL: http://www.your-domain.com
|
||||||
FILE_SERVER_ROOT: 'http://www.myseafile.com/seafhttp'
|
FILE_SERVER_ROOT: http://www.your-domain.com/seafhttp
|
||||||
```
|
```
|
||||||
|
|
||||||
现在您可以退出管理员界面,并进行基本的测试。关于服务器的配置选项介绍和日常运维可以参考 https://cloud.seafile.com/published/seafile-manual-cn/config/README.md
|
现在您可以退出管理员界面,并进行基本的测试。关于服务器的配置选项介绍和日常运维可以参考 https://cloud.seafile.com/published/seafile-manual-cn/config/README.md
|
||||||
|
|
||||||
|
|
||||||
### 如果安装脚本出错
|
### 如果安装脚本出错
|
||||||
|
|
||||||
如果安装脚本出错,您需要重置虚拟机到干净的镜像。
|
如果安装脚本出错,您需要重置虚拟机到干净的镜像。
|
||||||
|
|
||||||
|
|
||||||
### 启动关闭服务
|
### 启动关闭服务
|
||||||
|
|
||||||
自动安装脚本会在系统中安装开机自动启动脚本。您也可以使用该脚本来关闭/启动 Seafile 服务,命令如下:
|
自动安装脚本会在系统中安装开机自动启动脚本。您也可以使用该脚本来关闭/启动 Seafile 服务,命令如下:
|
||||||
|
|
||||||
Ubuntu 16.04/18.04:
|
|
||||||
```
|
```
|
||||||
service seafile-server stop
|
service seafile-server stop
|
||||||
service seafile-server start
|
service seafile-server start
|
||||||
```
|
```
|
||||||
|
|
||||||
CentOS 7/8:
|
|
||||||
```
|
|
||||||
systemctl stop seafile
|
|
||||||
systemctl stop seahub
|
|
||||||
|
|
||||||
systemctl start seafile
|
|
||||||
systemctl start seahub
|
|
||||||
```
|
|
||||||
|
|
||||||
## 其他高级配置
|
|
||||||
|
|
||||||
### 备份 mysql
|
|
||||||
|
|
||||||
* 拷贝 `db-backup` 目录到 `/opt/seafile`
|
|
||||||
* 修改 `db-backup/db_backup.sh` 中的 `USER` `PASSWD`
|
|
||||||
* 执行 `crontab -e` 并添加内容 `0 1 * * * /opt/seafile/db-backup/db_backup.sh` (每天凌晨1:00进行备份)
|
|
||||||
|
|
||||||
### 配置邮件发送
|
|
||||||
|
|
||||||
参考 https://cloud.seafile.com/published/seafile-manual-cn/config/sending_email.md
|
|
||||||
|
|
||||||
## 升级和其他问题
|
|
||||||
|
|
||||||
### 版本升级
|
|
||||||
|
|
||||||
* 关闭 seafile-server 相关服务
|
|
||||||
* 切换为 seafile 用户
|
|
||||||
* 下载高版本的安装包到 /opt/seafile 目录,并解压
|
|
||||||
* 进入安装包下的 upgrade 目录,执行相关的升级脚本,具体可参考 https://download.seafile.com/published/seafile-manual/upgrade/upgrade.md
|
|
||||||
* 启动 seafile-server 相关服务
|
|
||||||
|
|
||||||
### 迁移社区版到专业版
|
|
||||||
|
|
||||||
* 关闭 seafile-server 相关服务
|
|
||||||
* 切换为 seafile 用户
|
|
||||||
* 下载专业版安装包到 /opt/seafile 目录,并解压
|
|
||||||
* 进入解压好的安装包目录,执行 ./pro/pro.py setup --migrate,具体可参考 https://cloud.seafile.com/published/seafile-manual-cn/deploy_pro/migrate_from_seafile_community_server.md
|
|
||||||
* 启动 seafile-server 相关服务
|
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
ccnet_db
|
|
||||||
seafile_db
|
|
||||||
seahub_db
|
|
|
@ -1,20 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
USER=root
|
|
||||||
PASSWD=aeneinoi
|
|
||||||
DATE=`date +%Y%m%d%H%M`
|
|
||||||
IGN_TAB=""
|
|
||||||
|
|
||||||
for ign_tab in `cat table-ignore.txt`;
|
|
||||||
do
|
|
||||||
IGN_TAB=${IGN_TAB}" --ignore-table=${ign_tab}"
|
|
||||||
done
|
|
||||||
|
|
||||||
for DATABASE in `cat db-list.txt`;
|
|
||||||
do
|
|
||||||
mysqldump -u${USER} -p${PASSWD} --opt $DATABASE ${IGN_TAB} > $DATABASE-$DATE.sql
|
|
||||||
done
|
|
||||||
|
|
||||||
# Compress and clean
|
|
||||||
tar czvf mysql-back-$DATE.tar.gz *.sql
|
|
||||||
rm -rf *.sql
|
|
|
@ -1,11 +0,0 @@
|
||||||
seahub_db.avatar_uploaded
|
|
||||||
seahub_db.avatar_avatar
|
|
||||||
seahub_db.avatar_groupavatar
|
|
||||||
seahub_db.Event
|
|
||||||
seahub_db.FileAudit
|
|
||||||
seahub_db.FileUpdate
|
|
||||||
seahub_db.PermAudit
|
|
||||||
seahub_db.UserEvent
|
|
||||||
seahub_db.UserTrafficStat
|
|
||||||
seahub_db.VirusFile
|
|
||||||
seahub_db.VirusScanRecord
|
|
BIN
images/system-admin-entrance.png
Normal file
BIN
images/system-admin-entrance.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 26 KiB |
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
#
|
#
|
||||||
# seafile-server-installer/seafile-server-ubuntu-18-04-amd64
|
# seafile-server-installer-cn/seafile-8.0_ubuntu
|
||||||
#
|
#
|
||||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||||
# Copyright 2016, Zheng Xie <xie.zheng@seafile.com>
|
# Copyright 2016, Zheng Xie <xie.zheng@seafile.com>
|
||||||
|
@ -38,13 +38,13 @@ fi
|
||||||
clear
|
clear
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
|
|
||||||
This script installs the community edition of the Seafile Server on a Ubuntu 16.04 (Xenial) 64bit
|
This script installs the community/professional edition of the Seafile Server on a Ubuntu 18.04/20.04 64bit
|
||||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
||||||
-----------------------------------------------------------------
|
-----------------------------------------------------------------
|
||||||
|
|
||||||
This installer is meant to run on a freshly installed machine
|
This installer is meant to run on a freshly installed machine
|
||||||
only. If you run it on a production server things can and
|
only. If you run it on a production server things can and
|
||||||
probably will go terrible wrong and you will loose valuable
|
probably will go terribly wrong and you will lose valuable
|
||||||
data!
|
data!
|
||||||
|
|
||||||
For questions or suggestions please contact us at
|
For questions or suggestions please contact us at
|
||||||
|
@ -161,6 +161,10 @@ pip3 install --timeout=3600 django==2.2.* future mysqlclient pymysql Pillow pyli
|
||||||
service memcached start
|
service memcached start
|
||||||
|
|
||||||
|
|
||||||
|
# -------------------------------------------
|
||||||
|
# Setup Nginx
|
||||||
|
# -------------------------------------------
|
||||||
|
|
||||||
rm /etc/nginx/sites-enabled/*
|
rm /etc/nginx/sites-enabled/*
|
||||||
|
|
||||||
cat > /etc/nginx/sites-available/seafile.conf << EOF
|
cat > /etc/nginx/sites-available/seafile.conf << EOF
|
||||||
|
@ -361,7 +365,6 @@ mkdir -p ${DEFAULT_CONF_DIR}
|
||||||
# Configure Seafile WebDAV Server(SeafDAV)
|
# Configure Seafile WebDAV Server(SeafDAV)
|
||||||
# -------------------------------------------
|
# -------------------------------------------
|
||||||
sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
||||||
sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
||||||
|
|
||||||
# -------------------------------------------
|
# -------------------------------------------
|
||||||
|
@ -499,10 +502,8 @@ cat > ${TOPDIR}/aio_seafile-server.log<<EOF
|
||||||
2) If this server is behind a firewall, you need to ensure that
|
2) If this server is behind a firewall, you need to ensure that
|
||||||
tcp port 80 is open.
|
tcp port 80 is open.
|
||||||
|
|
||||||
3) Seahub tries to send emails via the local server. Install and
|
3) Check https://manual.seafile.com/config/sending_email/
|
||||||
configure Postfix for this to work or
|
for instructions on how to use an existing email account to send email via SMTP.
|
||||||
check https://manual.seafile.com/config/sending_email.html
|
|
||||||
for instructions on how to use an existing email account via SMTP.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -511,20 +512,14 @@ cat > ${TOPDIR}/aio_seafile-server.log<<EOF
|
||||||
-----------------------------------------------------------------
|
-----------------------------------------------------------------
|
||||||
|
|
||||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
||||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
https://manual.seafile.com/config/seahub_settings_py/ for possible switches.
|
||||||
|
|
||||||
2) Setup NGINX with official SSL certificate.
|
2) Setup NGINX with official SSL certificate, we suggest you use Let’s Encrypt. Check
|
||||||
|
https://manual.seafile.com/deploy/https_with_nginx/
|
||||||
|
|
||||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
||||||
|
|
||||||
4) Harden system with port knocking, fail2ban, etc.
|
4) Implement a backup routine for your Seafile server.
|
||||||
|
|
||||||
5) Enable unattended installation of security updates. Check
|
|
||||||
https://wiki.Ubuntu.org/UnattendedUpgrades for details.
|
|
||||||
|
|
||||||
6) Implement a backup routine for your Seafile server.
|
|
||||||
|
|
||||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,616 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# seafile-server-installer-cn/seafile-server-centos-8-amd64
|
|
||||||
#
|
|
||||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU Affero General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU Affero General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU Affero General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
if [[ $HOME == "" ]]; then
|
|
||||||
export HOME=/root
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ $SEAFILE_DEBUG != "" ]]; then
|
|
||||||
set -x
|
|
||||||
fi
|
|
||||||
set -e
|
|
||||||
|
|
||||||
if [[ "$#" -ne 1 ]]; then
|
|
||||||
echo "You must specif Seafile version to install"
|
|
||||||
echo "Like: $0 7.1.0"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
clear
|
|
||||||
cat <<EOF
|
|
||||||
|
|
||||||
This script installs the community edition of the Seafile Server on a Centos 7 64bit
|
|
||||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
This installer is meant to run on a freshly installed machine
|
|
||||||
only. If you run it on a production server things can and
|
|
||||||
probably will go terrible wrong and you will loose valuable
|
|
||||||
data!
|
|
||||||
|
|
||||||
For questions or suggestions please contact us at
|
|
||||||
support@seafile.com
|
|
||||||
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
Possible options:
|
|
||||||
1 = Seafile Community (Free) Edition (CE)
|
|
||||||
2 = Seafile Professional Edition (PRO)
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
if [[ ${SEAFILE_PRO} == "" ]]; then
|
|
||||||
PS3="Which Seafile version would you like to install? "
|
|
||||||
select SEAFILE_SERVER_VERSION in CE PRO ABORT; do
|
|
||||||
case "${SEAFILE_SERVER_VERSION}" in
|
|
||||||
ABORT)
|
|
||||||
echo "Aborting"
|
|
||||||
break
|
|
||||||
;;
|
|
||||||
"")
|
|
||||||
echo "$REPLY: Wrong value. Select 1 or 2."
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
if [[ ${SEAFILE_SERVER_VERSION} = "PRO" ]]; then
|
|
||||||
SEAFILE_PRO=1
|
|
||||||
else
|
|
||||||
SEAFILE_PRO=0
|
|
||||||
fi
|
|
||||||
break
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
is_pro() {
|
|
||||||
if [[ "$SEAFILE_PRO" == "1" ]]; then
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
echo
|
|
||||||
if is_pro; then
|
|
||||||
echo "This script will install Seafile Professional Edition for you."
|
|
||||||
else
|
|
||||||
echo "This script will install Seafile Community Edition for you."
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Vars
|
|
||||||
# -------------------------------------------
|
|
||||||
SEAFILE_ADMIN=admin@seafile.local
|
|
||||||
SEAFILE_SERVER_USER=seafile
|
|
||||||
SEAFILE_SERVER_HOME=/opt/seafile
|
|
||||||
IP_OR_DOMAIN=127.0.0.1
|
|
||||||
SEAFILE_VERSION=$1
|
|
||||||
TIME_ZONE=Asia/Shanghai
|
|
||||||
|
|
||||||
if is_pro; then
|
|
||||||
SEAFILE_SERVER_PACKAGE=seafile-pro-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
|
||||||
if [[ ! -e /opt/$SEAFILE_SERVER_PACKAGE ]]; then
|
|
||||||
echo
|
|
||||||
echo "You must download \"$SEAFILE_SERVER_PACKAGE\" to the /opt/ folder before running this script!"
|
|
||||||
echo
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-pro-server-${SEAFILE_VERSION}/
|
|
||||||
else
|
|
||||||
SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
|
||||||
SEAFILE_SERVER_PACKAGE_URL=http://seafile-downloads.oss-cn-shanghai.aliyuncs.com/${SEAFILE_SERVER_PACKAGE}
|
|
||||||
INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-server-${SEAFILE_VERSION}/
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Ensure we are running the installer as root
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ $EUID -ne 0 ]]; then
|
|
||||||
echo " Aborting because you are not root" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Abort if directory /opt/seafile/ exists
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -d "${SEAFILE_SERVER_HOME}" ]] ;
|
|
||||||
then
|
|
||||||
echo " Aborting because directory ${SEAFILE_SERVER_HOME} already exist" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Abort if directory /opt/seafile/ exists
|
|
||||||
# -------------------------------------------
|
|
||||||
if getent passwd ${SEAFILE_SERVER_USER} > /dev/null 2>&1 ;
|
|
||||||
then
|
|
||||||
echo "Aborting because user ${SEAFILE_SERVER_USER} already exist" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Setup permissive selinux
|
|
||||||
# -------------------------------------------
|
|
||||||
# runtime
|
|
||||||
enforce=`getenforce`
|
|
||||||
if [[ "${enforce}" != "Disabled" ]]; then
|
|
||||||
setenforce 0
|
|
||||||
fi
|
|
||||||
# permanently
|
|
||||||
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Setup firewall
|
|
||||||
# -------------------------------------------
|
|
||||||
yum install firewalld -y
|
|
||||||
# https://www.optimox.de/tutorials/linux-allgemein/centos-firewall-konfigurieren-mit-firewalld
|
|
||||||
systemctl status firewalld &> /dev/null \
|
|
||||||
&& for i in ssh http https ; do firewall-cmd --zone=public --add-service=${i} --permanent ; done \
|
|
||||||
&& firewall-cmd --reload
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Additional requirements
|
|
||||||
# -------------------------------------------
|
|
||||||
# extra packages for enterprise linux
|
|
||||||
|
|
||||||
yum install epel-release -y
|
|
||||||
|
|
||||||
yum install python3 python3-setuptools python3-pip python3-ldap memcached java-1.8.0-openjdk \
|
|
||||||
libmemcached libreoffice-headless libreoffice-pyuno libffi-devel pwgen curl python3-devel gcc gcc-c++ -y
|
|
||||||
|
|
||||||
pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.3.8 psd-tools \
|
|
||||||
django-pylibmc django-simple-captcha
|
|
||||||
|
|
||||||
# start memcached on system boot
|
|
||||||
systemctl enable --now memcached
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Install nginx
|
|
||||||
# -------------------------------------------
|
|
||||||
yum install nginx -y
|
|
||||||
systemctl enable nginx
|
|
||||||
rm -rf /etc/nginx/conf.d/*
|
|
||||||
|
|
||||||
cat > /etc/nginx/conf.d/seafile.conf << EOF
|
|
||||||
log_format seafileformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time';
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name seafile.example.com;
|
|
||||||
|
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://127.0.0.1:8000;
|
|
||||||
proxy_set_header Host \$host;
|
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Host \$server_name;
|
|
||||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
||||||
proxy_read_timeout 1200s;
|
|
||||||
|
|
||||||
# used for view/edit office file via Office Online Server
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seahub.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seahub.error.log;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /seafhttp {
|
|
||||||
rewrite ^/seafhttp(.*)$ \$1 break;
|
|
||||||
proxy_pass http://127.0.0.1:8082;
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
proxy_connect_timeout 36000s;
|
|
||||||
proxy_read_timeout 36000s;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seafhttp.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seafhttp.error.log;
|
|
||||||
}
|
|
||||||
location /media {
|
|
||||||
root ${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub;
|
|
||||||
}
|
|
||||||
location /seafdav {
|
|
||||||
proxy_pass http://127.0.0.1:8080/seafdav;
|
|
||||||
proxy_set_header Host \$host;
|
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Host \$server_name;
|
|
||||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
||||||
proxy_read_timeout 1200s;
|
|
||||||
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seafdav.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seafdav.error.log;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Create optimized nginx.conf
|
|
||||||
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
|
|
||||||
cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
|
|
||||||
user nginx nginx;
|
|
||||||
worker_processes 4;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 8096;
|
|
||||||
multi_accept on;
|
|
||||||
use epoll;
|
|
||||||
}
|
|
||||||
|
|
||||||
pid /var/run/nginx.pid;
|
|
||||||
worker_rlimit_nofile 40000;
|
|
||||||
|
|
||||||
http {
|
|
||||||
server_tokens off;
|
|
||||||
server_names_hash_bucket_size 128;
|
|
||||||
client_max_body_size 50M;
|
|
||||||
include /etc/nginx/mime.types;
|
|
||||||
default_type application/octet-stream;
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
||||||
access_log /var/log/nginx/access.log main;
|
|
||||||
error_log /var/log/nginx/error.log warn;
|
|
||||||
sendfile on;
|
|
||||||
tcp_nopush on;
|
|
||||||
tcp_nodelay on;
|
|
||||||
client_body_timeout 12;
|
|
||||||
client_header_timeout 12;
|
|
||||||
keepalive_timeout 15;
|
|
||||||
send_timeout 10;
|
|
||||||
# Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
|
|
||||||
gzip off;
|
|
||||||
#gzip_vary on;
|
|
||||||
#gzip_proxied expired no-cache no-store private auth any;
|
|
||||||
#gzip_comp_level 9;
|
|
||||||
#gzip_min_length 10240;
|
|
||||||
#gzip_buffers 16 8k;
|
|
||||||
#gzip_http_version 1.1;
|
|
||||||
#gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
|
|
||||||
#gzip_disable "MSIE [1-6].";
|
|
||||||
include /etc/nginx/conf.d/*.conf;
|
|
||||||
}
|
|
||||||
ENDOFFILE
|
|
||||||
|
|
||||||
# Fix NGINX worker_processes to number of CPU cores
|
|
||||||
CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }')
|
|
||||||
eval "sed -i 's/worker_processes.*/worker_processes $CPUS;/g' /etc/nginx/nginx.conf"
|
|
||||||
|
|
||||||
systemctl restart nginx
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# MariaDB
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -f "/root/.my.cnf" ]] ;
|
|
||||||
then
|
|
||||||
echo "MariaDB installed before, skip this part"
|
|
||||||
SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf`
|
|
||||||
else
|
|
||||||
yum install mariadb-server -y
|
|
||||||
systemctl start mariadb
|
|
||||||
systemctl enable mariadb
|
|
||||||
|
|
||||||
SQLROOTPW=$(pwgen)
|
|
||||||
|
|
||||||
mysqladmin -u root password $SQLROOTPW
|
|
||||||
|
|
||||||
cat > /root/.my.cnf <<EOF
|
|
||||||
[client]
|
|
||||||
user=root
|
|
||||||
password=$SQLROOTPW
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 /root/.my.cnf
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile init script
|
|
||||||
# -------------------------------------------
|
|
||||||
cat > /etc/systemd/system/seafile.service << EOF
|
|
||||||
[Unit]
|
|
||||||
Description=Seafile Server
|
|
||||||
After=network.target remote-fs.target mariadb.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh start
|
|
||||||
ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh stop
|
|
||||||
User=${SEAFILE_SERVER_USER}
|
|
||||||
Group=${SEAFILE_SERVER_USER}
|
|
||||||
LimitNOFILE=infinity
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=yes
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
EOF
|
|
||||||
systemctl enable seafile
|
|
||||||
|
|
||||||
cat > /etc/systemd/system/seahub.service << EOF
|
|
||||||
[Unit]
|
|
||||||
Description=Seafile Seahub
|
|
||||||
After=network.target seafile.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh start
|
|
||||||
ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh stop
|
|
||||||
User=${SEAFILE_SERVER_USER}
|
|
||||||
Group=${SEAFILE_SERVER_USER}
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=yes
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
EOF
|
|
||||||
systemctl enable seahub
|
|
||||||
|
|
||||||
# Seafile restart script
|
|
||||||
cat > /usr/local/sbin/seafile-server-restart << 'EOF'
|
|
||||||
#!/bin/bash
|
|
||||||
for ACTION in stop start ; do
|
|
||||||
for SERVICE in seafile seahub ; do
|
|
||||||
systemctl ${ACTION} ${SERVICE}
|
|
||||||
done
|
|
||||||
done
|
|
||||||
EOF
|
|
||||||
chmod 700 /usr/local/sbin/seafile-server-restart
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile
|
|
||||||
# -------------------------------------------
|
|
||||||
mkdir -p ${SEAFILE_SERVER_HOME}/installed
|
|
||||||
cd ${SEAFILE_SERVER_HOME}
|
|
||||||
if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then
|
|
||||||
curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
|
|
||||||
else
|
|
||||||
cp /opt/${SEAFILE_SERVER_PACKAGE} .
|
|
||||||
fi
|
|
||||||
tar xzf ${SEAFILE_SERVER_PACKAGE}
|
|
||||||
|
|
||||||
mv ${SEAFILE_SERVER_PACKAGE} installed
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile DB
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -f "/opt/seafile.my.cnf" ]] ;
|
|
||||||
then
|
|
||||||
echo "MariaDB installed before, skip this part"
|
|
||||||
SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf`
|
|
||||||
else
|
|
||||||
SQLSEAFILEPW=$(pwgen)
|
|
||||||
|
|
||||||
cat > /opt/seafile.my.cnf <<EOF
|
|
||||||
[client]
|
|
||||||
user=seafile
|
|
||||||
password=$SQLSEAFILEPW
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 /opt/seafile.my.cnf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Add seafile user
|
|
||||||
# -------------------------------------------
|
|
||||||
useradd --system --comment "${SEAFILE_SERVER_USER}" ${SEAFILE_SERVER_USER} --home-dir ${SEAFILE_SERVER_HOME}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Go to /opt/seafile/seafile-pro-server-${SEAFILE_VERSION}
|
|
||||||
# -------------------------------------------
|
|
||||||
cd $INSTALLPATH
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Vars - Don't touch these unless you really know what you are doing!
|
|
||||||
# -------------------------------------------
|
|
||||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
|
||||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
|
||||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
|
||||||
DEST_SETTINGS_PY=${TOPDIR}/conf/seahub_settings.py
|
|
||||||
|
|
||||||
mkdir -p ${DEFAULT_CONF_DIR}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Create ccnet, seafile, seahub conf using setup script
|
|
||||||
# -------------------------------------------
|
|
||||||
|
|
||||||
./setup-seafile-mysql.sh auto -u seafile -w ${SQLSEAFILEPW} -r ${SQLROOTPW}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Configure Seafile WebDAV Server(SeafDAV)
|
|
||||||
# -------------------------------------------
|
|
||||||
sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Configuring seahub_settings.py
|
|
||||||
# -------------------------------------------
|
|
||||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
|
||||||
|
|
||||||
CACHES = {
|
|
||||||
'default': {
|
|
||||||
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
|
|
||||||
'LOCATION': '127.0.0.1:11211',
|
|
||||||
},
|
|
||||||
'locmem': {
|
|
||||||
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
|
|
||||||
},
|
|
||||||
}
|
|
||||||
COMPRESS_CACHE_BACKEND = 'locmem'
|
|
||||||
|
|
||||||
# EMAIL_USE_TLS = False
|
|
||||||
# EMAIL_HOST = 'localhost'
|
|
||||||
# EMAIL_HOST_USER = ''
|
|
||||||
# EMAIL_HOST_PASSWORD = ''
|
|
||||||
# EMAIL_PORT = '25'
|
|
||||||
# DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
|
|
||||||
# SERVER_EMAIL = EMAIL_HOST_USER
|
|
||||||
|
|
||||||
TIME_ZONE = '${TIME_ZONE}'
|
|
||||||
SITE_BASE = 'http://${IP_OR_DOMAIN}'
|
|
||||||
SITE_NAME = 'Seafile Server'
|
|
||||||
SITE_TITLE = 'Seafile Server'
|
|
||||||
SITE_ROOT = '/'
|
|
||||||
ENABLE_SIGNUP = False
|
|
||||||
ACTIVATE_AFTER_REGISTRATION = False
|
|
||||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
|
||||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
|
||||||
CLOUD_MODE = False
|
|
||||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
|
||||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
|
||||||
SESSION_SAVE_EVERY_REQUEST = False
|
|
||||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
|
||||||
|
|
||||||
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
|
|
||||||
EOF
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Backup check_init_admin.py befor applying changes
|
|
||||||
# -------------------------------------------
|
|
||||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Set admin credentials in check_init_admin.py
|
|
||||||
# -------------------------------------------
|
|
||||||
SEAFILE_ADMIN_PW=$(pwgen)
|
|
||||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
|
||||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
|
||||||
# -------------------------------------------
|
|
||||||
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
|
|
||||||
su - seafile -c "${INSTALLPATH}/seafile.sh start"
|
|
||||||
su - seafile -c "${INSTALLPATH}/seahub.sh start"
|
|
||||||
wait # wait for a while, otherwise seahub will not be stopped
|
|
||||||
su - seafile -c "${INSTALLPATH}/seahub.sh stop"
|
|
||||||
sleep 1
|
|
||||||
su - seafile -c "${INSTALLPATH}/seafile.sh stop"
|
|
||||||
sleep 1
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Restore original check_init_admin.py
|
|
||||||
# -------------------------------------------
|
|
||||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
|
||||||
|
|
||||||
if is_pro; then
|
|
||||||
PRO_PY=${INSTALLPATH}/pro/pro.py
|
|
||||||
$PYTHON ${PRO_PY} setup --mysql --mysql_host=127.0.0.1 --mysql_port=3306 --mysql_user=seafile --mysql_password=${SQLSEAFILEPW} --mysql_db=seahub_db
|
|
||||||
fi
|
|
||||||
|
|
||||||
# kill all process
|
|
||||||
sleep 1
|
|
||||||
pkill -9 -u seafile
|
|
||||||
sleep 1
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Fix permissions
|
|
||||||
# -------------------------------------------
|
|
||||||
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
|
|
||||||
if [[ -d /tmp/seafile-office-output/ ]]; then
|
|
||||||
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R /tmp/seafile-office-output/
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Restart seafile server
|
|
||||||
# -------------------------------------------
|
|
||||||
echo "Starting productive Seafile server"
|
|
||||||
/usr/local/sbin/seafile-server-restart
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Final report
|
|
||||||
# -------------------------------------------
|
|
||||||
cat > ${TOPDIR}/aio_seafile-server.log<<EOF
|
|
||||||
|
|
||||||
Your Seafile server is installed
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
Server Address: http://${IP_OR_DOMAIN}
|
|
||||||
|
|
||||||
Seafile Admin: ${SEAFILE_ADMIN}
|
|
||||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
|
||||||
|
|
||||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
|
||||||
|
|
||||||
Seafile DB Credentials: Check /opt/seafile.my.cnf
|
|
||||||
Root DB Credentials: Check /root/.my.cnf
|
|
||||||
|
|
||||||
This report is also saved to ${TOPDIR}/aio_seafile-server.log
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Next you should manually complete the following steps
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
1) Log in to Seafile and configure your server domain via the system
|
|
||||||
admin area if applicable.
|
|
||||||
|
|
||||||
2) If this server is behind a firewall, you need to ensure that
|
|
||||||
tcp port 80 is open.
|
|
||||||
|
|
||||||
3) Seahub tries to send emails via the local server. Install and
|
|
||||||
configure Postfix for this to work or
|
|
||||||
check https://cloud.seafile.com/published/seafile-manual-cn/config/sending_email.md
|
|
||||||
for instructions on how to use an existing email account via SMTP.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Optional steps
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
|
||||||
https://cloud.seafile.com/published/seafile-manual-cn/config/seahub_settings_py.md
|
|
||||||
for possible switches.
|
|
||||||
|
|
||||||
2) Setup NGINX with official SSL certificate.
|
|
||||||
|
|
||||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
|
||||||
|
|
||||||
4) Harden system with port knocking, fail2ban, etc.
|
|
||||||
|
|
||||||
5) Enable unattended installation of security updates. Check
|
|
||||||
https://wiki.Ubuntu.org/UnattendedUpgrades for details.
|
|
||||||
|
|
||||||
6) Implement a backup routine for your Seafile server.
|
|
||||||
|
|
||||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Seafile support options
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
For free community support visit: https://bbs.seafile.com
|
|
||||||
For paid commercial support visit: https://seafile.com
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 ${TOPDIR}/aio_seafile-server.log
|
|
||||||
|
|
||||||
clear
|
|
||||||
|
|
||||||
cat ${TOPDIR}/aio_seafile-server.log
|
|
|
@ -1,623 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# seafile-server-installer-cn/seafile-server-centos-8-amd64
|
|
||||||
#
|
|
||||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU Affero General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU Affero General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU Affero General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
if [[ $HOME == "" ]]; then
|
|
||||||
export HOME=/root
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ $SEAFILE_DEBUG != "" ]]; then
|
|
||||||
set -x
|
|
||||||
fi
|
|
||||||
set -e
|
|
||||||
|
|
||||||
if [[ "$#" -ne 1 ]]; then
|
|
||||||
echo "You must specif Seafile version to install"
|
|
||||||
echo "Like: $0 8.0.0"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
clear
|
|
||||||
cat <<EOF
|
|
||||||
|
|
||||||
This script installs the community edition of the Seafile Server on a Centos 7 64bit
|
|
||||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
This installer is meant to run on a freshly installed machine
|
|
||||||
only. If you run it on a production server things can and
|
|
||||||
probably will go terrible wrong and you will loose valuable
|
|
||||||
data!
|
|
||||||
|
|
||||||
For questions or suggestions please contact us at
|
|
||||||
support@seafile.com
|
|
||||||
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
Possible options:
|
|
||||||
1 = Seafile Community (Free) Edition (CE)
|
|
||||||
2 = Seafile Professional Edition (PRO)
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
if [[ ${SEAFILE_PRO} == "" ]]; then
|
|
||||||
PS3="Which Seafile version would you like to install? "
|
|
||||||
select SEAFILE_SERVER_VERSION in CE PRO ABORT; do
|
|
||||||
case "${SEAFILE_SERVER_VERSION}" in
|
|
||||||
ABORT)
|
|
||||||
echo "Aborting"
|
|
||||||
break
|
|
||||||
;;
|
|
||||||
"")
|
|
||||||
echo "$REPLY: Wrong value. Select 1 or 2."
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
if [[ ${SEAFILE_SERVER_VERSION} = "PRO" ]]; then
|
|
||||||
SEAFILE_PRO=1
|
|
||||||
else
|
|
||||||
SEAFILE_PRO=0
|
|
||||||
fi
|
|
||||||
break
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
is_pro() {
|
|
||||||
if [[ "$SEAFILE_PRO" == "1" ]]; then
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
echo
|
|
||||||
if is_pro; then
|
|
||||||
echo "This script will install Seafile Professional Edition for you."
|
|
||||||
else
|
|
||||||
echo "This script will install Seafile Community Edition for you."
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Vars
|
|
||||||
# -------------------------------------------
|
|
||||||
SEAFILE_ADMIN=admin@seafile.local
|
|
||||||
SEAFILE_SERVER_USER=seafile
|
|
||||||
SEAFILE_SERVER_HOME=/opt/seafile
|
|
||||||
IP_OR_DOMAIN=127.0.0.1
|
|
||||||
SEAFILE_VERSION=$1
|
|
||||||
TIME_ZONE=Asia/Shanghai
|
|
||||||
|
|
||||||
if is_pro; then
|
|
||||||
SEAFILE_SERVER_PACKAGE=seafile-pro-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
|
||||||
if [[ ! -e /opt/$SEAFILE_SERVER_PACKAGE ]]; then
|
|
||||||
echo
|
|
||||||
echo "You must download \"$SEAFILE_SERVER_PACKAGE\" to the /opt/ folder before running this script!"
|
|
||||||
echo
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-pro-server-${SEAFILE_VERSION}/
|
|
||||||
else
|
|
||||||
SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
|
||||||
SEAFILE_SERVER_PACKAGE_URL=http://seafile-downloads.oss-cn-shanghai.aliyuncs.com/${SEAFILE_SERVER_PACKAGE}
|
|
||||||
INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-server-${SEAFILE_VERSION}/
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Ensure we are running the installer as root
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ $EUID -ne 0 ]]; then
|
|
||||||
echo " Aborting because you are not root" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Abort if directory /opt/seafile/ exists
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -d "${SEAFILE_SERVER_HOME}" ]] ;
|
|
||||||
then
|
|
||||||
echo " Aborting because directory ${SEAFILE_SERVER_HOME} already exist" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Abort if seafile user exists
|
|
||||||
# -------------------------------------------
|
|
||||||
if getent passwd ${SEAFILE_SERVER_USER} > /dev/null 2>&1 ;
|
|
||||||
then
|
|
||||||
echo "Aborting because user ${SEAFILE_SERVER_USER} already exist" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Setup permissive selinux
|
|
||||||
# -------------------------------------------
|
|
||||||
# runtime
|
|
||||||
enforce=`getenforce`
|
|
||||||
if [[ "${enforce}" != "Disabled" ]]; then
|
|
||||||
setenforce 0
|
|
||||||
fi
|
|
||||||
# permanently
|
|
||||||
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Setup firewall
|
|
||||||
# -------------------------------------------
|
|
||||||
yum install firewalld -y
|
|
||||||
# https://www.optimox.de/tutorials/linux-allgemein/centos-firewall-konfigurieren-mit-firewalld
|
|
||||||
systemctl status firewalld &> /dev/null \
|
|
||||||
&& for i in ssh http https ; do firewall-cmd --zone=public --add-service=${i} --permanent ; done \
|
|
||||||
&& firewall-cmd --reload
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Additional requirements
|
|
||||||
# -------------------------------------------
|
|
||||||
# extra packages for enterprise linux
|
|
||||||
|
|
||||||
yum install epel-release -y
|
|
||||||
|
|
||||||
yum install python3 python3-setuptools python3-pip python3-ldap memcached java-1.8.0-openjdk \
|
|
||||||
libmemcached libreoffice-headless libreoffice-pyuno libffi-devel pwgen curl python3-devel mysql-devel gcc gcc-c++ -y
|
|
||||||
|
|
||||||
pip3 install --timeout=3600 django==2.2.* future mysqlclient pymysql Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \
|
|
||||||
psd-tools django-pylibmc django-simple-captcha
|
|
||||||
|
|
||||||
# start memcached on system boot
|
|
||||||
systemctl enable --now memcached
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Install nginx
|
|
||||||
# -------------------------------------------
|
|
||||||
yum install nginx -y
|
|
||||||
systemctl enable nginx
|
|
||||||
rm -rf /etc/nginx/conf.d/*
|
|
||||||
|
|
||||||
cat > /etc/nginx/conf.d/seafile.conf << EOF
|
|
||||||
log_format seafileformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time';
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name seafile.example.com;
|
|
||||||
|
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://127.0.0.1:8000;
|
|
||||||
proxy_set_header Host \$host;
|
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Host \$server_name;
|
|
||||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
||||||
proxy_read_timeout 1200s;
|
|
||||||
|
|
||||||
# used for view/edit office file via Office Online Server
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seahub.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seahub.error.log;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /seafhttp {
|
|
||||||
rewrite ^/seafhttp(.*)$ \$1 break;
|
|
||||||
proxy_pass http://127.0.0.1:8082;
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
proxy_connect_timeout 36000s;
|
|
||||||
proxy_read_timeout 36000s;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seafhttp.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seafhttp.error.log;
|
|
||||||
}
|
|
||||||
location /media {
|
|
||||||
root ${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub;
|
|
||||||
}
|
|
||||||
location /seafdav {
|
|
||||||
proxy_pass http://127.0.0.1:8080/seafdav;
|
|
||||||
proxy_set_header Host \$host;
|
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Host \$server_name;
|
|
||||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
||||||
proxy_read_timeout 1200s;
|
|
||||||
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seafdav.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seafdav.error.log;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Create optimized nginx.conf
|
|
||||||
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
|
|
||||||
cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
|
|
||||||
user nginx nginx;
|
|
||||||
worker_processes 4;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 8096;
|
|
||||||
multi_accept on;
|
|
||||||
use epoll;
|
|
||||||
}
|
|
||||||
|
|
||||||
pid /var/run/nginx.pid;
|
|
||||||
worker_rlimit_nofile 40000;
|
|
||||||
|
|
||||||
http {
|
|
||||||
server_tokens off;
|
|
||||||
server_names_hash_bucket_size 128;
|
|
||||||
client_max_body_size 50M;
|
|
||||||
include /etc/nginx/mime.types;
|
|
||||||
default_type application/octet-stream;
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
||||||
access_log /var/log/nginx/access.log main;
|
|
||||||
error_log /var/log/nginx/error.log warn;
|
|
||||||
sendfile on;
|
|
||||||
tcp_nopush on;
|
|
||||||
tcp_nodelay on;
|
|
||||||
client_body_timeout 12;
|
|
||||||
client_header_timeout 12;
|
|
||||||
keepalive_timeout 15;
|
|
||||||
send_timeout 10;
|
|
||||||
# Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
|
|
||||||
gzip off;
|
|
||||||
#gzip_vary on;
|
|
||||||
#gzip_proxied expired no-cache no-store private auth any;
|
|
||||||
#gzip_comp_level 9;
|
|
||||||
#gzip_min_length 10240;
|
|
||||||
#gzip_buffers 16 8k;
|
|
||||||
#gzip_http_version 1.1;
|
|
||||||
#gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
|
|
||||||
#gzip_disable "MSIE [1-6].";
|
|
||||||
include /etc/nginx/conf.d/*.conf;
|
|
||||||
}
|
|
||||||
ENDOFFILE
|
|
||||||
|
|
||||||
# Fix NGINX worker_processes to number of CPU cores
|
|
||||||
CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }')
|
|
||||||
eval "sed -i 's/worker_processes.*/worker_processes $CPUS;/g' /etc/nginx/nginx.conf"
|
|
||||||
|
|
||||||
systemctl restart nginx
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# MariaDB
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -f "/root/.my.cnf" ]] ;
|
|
||||||
then
|
|
||||||
echo "MariaDB installed before, skip this part"
|
|
||||||
SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf`
|
|
||||||
else
|
|
||||||
yum install mariadb-server -y
|
|
||||||
systemctl start mariadb
|
|
||||||
systemctl enable mariadb
|
|
||||||
|
|
||||||
SQLROOTPW=$(pwgen)
|
|
||||||
|
|
||||||
mysqladmin -u root password $SQLROOTPW
|
|
||||||
|
|
||||||
cat > /root/.my.cnf <<EOF
|
|
||||||
[client]
|
|
||||||
user=root
|
|
||||||
password=$SQLROOTPW
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 /root/.my.cnf
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile init script
|
|
||||||
# -------------------------------------------
|
|
||||||
cat > /etc/systemd/system/seafile.service << EOF
|
|
||||||
[Unit]
|
|
||||||
Description=Seafile Server
|
|
||||||
After=network.target remote-fs.target mariadb.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh start
|
|
||||||
ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh stop
|
|
||||||
User=${SEAFILE_SERVER_USER}
|
|
||||||
Group=${SEAFILE_SERVER_USER}
|
|
||||||
LimitNOFILE=infinity
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=yes
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
EOF
|
|
||||||
systemctl enable seafile
|
|
||||||
|
|
||||||
cat > /etc/systemd/system/seahub.service << EOF
|
|
||||||
[Unit]
|
|
||||||
Description=Seafile Seahub
|
|
||||||
After=network.target seafile.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh start
|
|
||||||
ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh stop
|
|
||||||
User=${SEAFILE_SERVER_USER}
|
|
||||||
Group=${SEAFILE_SERVER_USER}
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=yes
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
EOF
|
|
||||||
systemctl enable seahub
|
|
||||||
|
|
||||||
# Seafile restart script
|
|
||||||
cat > /usr/local/sbin/seafile-server-restart << 'EOF'
|
|
||||||
#!/bin/bash
|
|
||||||
for ACTION in stop start ; do
|
|
||||||
for SERVICE in seafile seahub ; do
|
|
||||||
systemctl ${ACTION} ${SERVICE}
|
|
||||||
done
|
|
||||||
done
|
|
||||||
EOF
|
|
||||||
chmod 700 /usr/local/sbin/seafile-server-restart
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile
|
|
||||||
# -------------------------------------------
|
|
||||||
mkdir -p ${SEAFILE_SERVER_HOME}/installed
|
|
||||||
cd ${SEAFILE_SERVER_HOME}
|
|
||||||
if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then
|
|
||||||
curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
|
|
||||||
else
|
|
||||||
cp /opt/${SEAFILE_SERVER_PACKAGE} .
|
|
||||||
fi
|
|
||||||
tar xzf ${SEAFILE_SERVER_PACKAGE}
|
|
||||||
|
|
||||||
mv ${SEAFILE_SERVER_PACKAGE} installed
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile DB
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -f "/opt/seafile.my.cnf" ]] ;
|
|
||||||
then
|
|
||||||
echo "MariaDB installed before, skip this part"
|
|
||||||
SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf`
|
|
||||||
else
|
|
||||||
SQLSEAFILEPW=$(pwgen)
|
|
||||||
|
|
||||||
cat > /opt/seafile.my.cnf <<EOF
|
|
||||||
[client]
|
|
||||||
user=seafile
|
|
||||||
password=$SQLSEAFILEPW
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 /opt/seafile.my.cnf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Add seafile user
|
|
||||||
# -------------------------------------------
|
|
||||||
useradd --system --comment "${SEAFILE_SERVER_USER}" ${SEAFILE_SERVER_USER} --home-dir ${SEAFILE_SERVER_HOME}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Go to /opt/seafile/seafile-pro-server-${SEAFILE_VERSION}
|
|
||||||
# -------------------------------------------
|
|
||||||
cd $INSTALLPATH
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Vars - Don't touch these unless you really know what you are doing!
|
|
||||||
# -------------------------------------------
|
|
||||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
|
||||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
|
||||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
|
||||||
DEST_SETTINGS_PY=${TOPDIR}/conf/seahub_settings.py
|
|
||||||
|
|
||||||
mkdir -p ${DEFAULT_CONF_DIR}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Create ccnet, seafile, seahub conf using setup script
|
|
||||||
# -------------------------------------------
|
|
||||||
|
|
||||||
./setup-seafile-mysql.sh auto -u seafile -w ${SQLSEAFILEPW} -r ${SQLROOTPW}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Configure Seafile WebDAV Server(SeafDAV)
|
|
||||||
# -------------------------------------------
|
|
||||||
sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Configuring seahub_settings.py
|
|
||||||
# -------------------------------------------
|
|
||||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
|
||||||
|
|
||||||
CACHES = {
|
|
||||||
'default': {
|
|
||||||
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
|
|
||||||
'LOCATION': '127.0.0.1:11211',
|
|
||||||
},
|
|
||||||
'locmem': {
|
|
||||||
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
|
|
||||||
},
|
|
||||||
}
|
|
||||||
COMPRESS_CACHE_BACKEND = 'locmem'
|
|
||||||
|
|
||||||
# EMAIL_USE_TLS = False
|
|
||||||
# EMAIL_HOST = 'localhost'
|
|
||||||
# EMAIL_HOST_USER = ''
|
|
||||||
# EMAIL_HOST_PASSWORD = ''
|
|
||||||
# EMAIL_PORT = '25'
|
|
||||||
# DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
|
|
||||||
# SERVER_EMAIL = EMAIL_HOST_USER
|
|
||||||
|
|
||||||
TIME_ZONE = '${TIME_ZONE}'
|
|
||||||
SITE_BASE = 'http://${IP_OR_DOMAIN}'
|
|
||||||
SITE_NAME = 'Seafile Server'
|
|
||||||
SITE_TITLE = 'Seafile Server'
|
|
||||||
SITE_ROOT = '/'
|
|
||||||
ENABLE_SIGNUP = False
|
|
||||||
ACTIVATE_AFTER_REGISTRATION = False
|
|
||||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
|
||||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
|
||||||
CLOUD_MODE = False
|
|
||||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
|
||||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
|
||||||
SESSION_SAVE_EVERY_REQUEST = False
|
|
||||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
|
||||||
|
|
||||||
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
|
|
||||||
EOF
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Backup check_init_admin.py befor applying changes
|
|
||||||
# -------------------------------------------
|
|
||||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Set admin credentials in check_init_admin.py
|
|
||||||
# -------------------------------------------
|
|
||||||
SEAFILE_ADMIN_PW=$(pwgen)
|
|
||||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
|
||||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
|
||||||
# -------------------------------------------
|
|
||||||
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
|
|
||||||
|
|
||||||
su - seafile -c "${INSTALLPATH}/seafile.sh start"
|
|
||||||
wait
|
|
||||||
su - seafile -c "${INSTALLPATH}/seahub.sh start"
|
|
||||||
wait # wait for a while, otherwise seahub will not be stopped
|
|
||||||
su - seafile -c "${INSTALLPATH}/seahub.sh stop"
|
|
||||||
wait
|
|
||||||
su - seafile -c "${INSTALLPATH}/seafile.sh stop"
|
|
||||||
wait
|
|
||||||
sleep 1
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Restore original check_init_admin.py
|
|
||||||
# -------------------------------------------
|
|
||||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
|
||||||
|
|
||||||
if is_pro; then
|
|
||||||
PRO_PY=${INSTALLPATH}/pro/pro.py
|
|
||||||
$PYTHON ${PRO_PY} setup --mysql --mysql_host=127.0.0.1 --mysql_port=3306 --mysql_user=seafile --mysql_password=${SQLSEAFILEPW} --mysql_db=seahub_db
|
|
||||||
fi
|
|
||||||
|
|
||||||
# kill all process
|
|
||||||
sleep 1
|
|
||||||
systemctl stop seafile
|
|
||||||
wait
|
|
||||||
systemctl stop seahub
|
|
||||||
wait
|
|
||||||
sleep 1
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Fix permissions
|
|
||||||
# -------------------------------------------
|
|
||||||
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
|
|
||||||
if [[ -d /tmp/seafile-office-output/ ]]; then
|
|
||||||
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R /tmp/seafile-office-output/
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Restart seafile server
|
|
||||||
# -------------------------------------------
|
|
||||||
echo "Starting productive Seafile server"
|
|
||||||
/usr/local/sbin/seafile-server-restart
|
|
||||||
wait
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Final report
|
|
||||||
# -------------------------------------------
|
|
||||||
cat > ${TOPDIR}/aio_seafile-server.log<<EOF
|
|
||||||
|
|
||||||
Your Seafile server is installed
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
Server Address: http://${IP_OR_DOMAIN}
|
|
||||||
|
|
||||||
Seafile Admin: ${SEAFILE_ADMIN}
|
|
||||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
|
||||||
|
|
||||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
|
||||||
|
|
||||||
Seafile DB Credentials: Check /opt/seafile.my.cnf
|
|
||||||
Root DB Credentials: Check /root/.my.cnf
|
|
||||||
|
|
||||||
This report is also saved to ${TOPDIR}/aio_seafile-server.log
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Next you should manually complete the following steps
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
1) Log in to Seafile and configure your server domain via the system
|
|
||||||
admin area if applicable.
|
|
||||||
|
|
||||||
2) If this server is behind a firewall, you need to ensure that
|
|
||||||
tcp port 80 is open.
|
|
||||||
|
|
||||||
3) Seahub tries to send emails via the local server. Install and
|
|
||||||
configure Postfix for this to work or
|
|
||||||
check https://cloud.seafile.com/published/seafile-manual-cn/config/sending_email.md
|
|
||||||
for instructions on how to use an existing email account via SMTP.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Optional steps
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
|
||||||
https://cloud.seafile.com/published/seafile-manual-cn/config/seahub_settings_py.md
|
|
||||||
for possible switches.
|
|
||||||
|
|
||||||
2) Setup NGINX with official SSL certificate.
|
|
||||||
|
|
||||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
|
||||||
|
|
||||||
4) Harden system with port knocking, fail2ban, etc.
|
|
||||||
|
|
||||||
5) Enable unattended installation of security updates. Check
|
|
||||||
https://wiki.Ubuntu.org/UnattendedUpgrades for details.
|
|
||||||
|
|
||||||
6) Implement a backup routine for your Seafile server.
|
|
||||||
|
|
||||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Seafile support options
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
For free community support visit: https://bbs.seafile.com
|
|
||||||
For paid commercial support visit: https://seafile.com
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 ${TOPDIR}/aio_seafile-server.log
|
|
||||||
|
|
||||||
clear
|
|
||||||
|
|
||||||
cat ${TOPDIR}/aio_seafile-server.log
|
|
|
@ -1,623 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# seafile-server-installer/seafile-server-centos-7-amd64
|
|
||||||
#
|
|
||||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU Affero General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU Affero General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU Affero General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
if [[ $HOME == "" ]]; then
|
|
||||||
export HOME=/root
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ $SEAFILE_DEBUG != "" ]]; then
|
|
||||||
set -x
|
|
||||||
fi
|
|
||||||
set -e
|
|
||||||
|
|
||||||
if [[ "$#" -ne 1 ]]; then
|
|
||||||
echo "You must specif Seafile version to install"
|
|
||||||
echo "Like: $0 7.0.0"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
clear
|
|
||||||
cat <<EOF
|
|
||||||
|
|
||||||
This script installs the community edition of the Seafile Server on a Centos 7 64bit
|
|
||||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
This installer is meant to run on a freshly installed machine
|
|
||||||
only. If you run it on a production server things can and
|
|
||||||
probably will go terrible wrong and you will loose valuable
|
|
||||||
data!
|
|
||||||
|
|
||||||
For questions or suggestions please contact us at
|
|
||||||
support@seafile.com
|
|
||||||
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
Possible options:
|
|
||||||
1 = Seafile Community (Free) Edition (CE)
|
|
||||||
2 = Seafile Professional Edition (PRO)
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
if [[ ${SEAFILE_PRO} == "" ]]; then
|
|
||||||
PS3="Which Seafile version would you like to install? "
|
|
||||||
select SEAFILE_SERVER_VERSION in CE PRO ABORT; do
|
|
||||||
case "${SEAFILE_SERVER_VERSION}" in
|
|
||||||
ABORT)
|
|
||||||
echo "Aborting"
|
|
||||||
break
|
|
||||||
;;
|
|
||||||
"")
|
|
||||||
echo "$REPLY: Wrong value. Select 1 or 2."
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
if [[ ${SEAFILE_SERVER_VERSION} = "PRO" ]]; then
|
|
||||||
SEAFILE_PRO=1
|
|
||||||
else
|
|
||||||
SEAFILE_PRO=0
|
|
||||||
fi
|
|
||||||
break
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
is_pro() {
|
|
||||||
if [[ "$SEAFILE_PRO" == "1" ]]; then
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
echo
|
|
||||||
if is_pro; then
|
|
||||||
echo "This script will install Seafile Professional Edition for you."
|
|
||||||
else
|
|
||||||
echo "This script will install Seafile Community Edition for you."
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Vars
|
|
||||||
# -------------------------------------------
|
|
||||||
SEAFILE_ADMIN=admin@seafile.local
|
|
||||||
SEAFILE_SERVER_USER=seafile
|
|
||||||
SEAFILE_SERVER_HOME=/opt/seafile
|
|
||||||
IP_OR_DOMAIN=127.0.0.1
|
|
||||||
SEAFILE_VERSION=$1
|
|
||||||
TIME_ZONE=Asia/Shanghai
|
|
||||||
|
|
||||||
if is_pro; then
|
|
||||||
SEAFILE_SERVER_PACKAGE=seafile-pro-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
|
||||||
if [[ ! -e /opt/$SEAFILE_SERVER_PACKAGE ]]; then
|
|
||||||
echo
|
|
||||||
echo "You must download \"$SEAFILE_SERVER_PACKAGE\" to the /opt/ folder before running this script!"
|
|
||||||
echo
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-pro-server-${SEAFILE_VERSION}/
|
|
||||||
else
|
|
||||||
SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
|
||||||
SEAFILE_SERVER_PACKAGE_URL=http://seafile-downloads.oss-cn-shanghai.aliyuncs.com/${SEAFILE_SERVER_PACKAGE}
|
|
||||||
INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-server-${SEAFILE_VERSION}/
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Ensure we are running the installer as root
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ $EUID -ne 0 ]]; then
|
|
||||||
echo " Aborting because you are not root" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Abort if directory /opt/seafile/ exists
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -d "${SEAFILE_SERVER_HOME}" ]] ;
|
|
||||||
then
|
|
||||||
echo " Aborting because directory ${SEAFILE_SERVER_HOME} already exist" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Abort if directory /opt/seafile/ exists
|
|
||||||
# -------------------------------------------
|
|
||||||
if getent passwd ${SEAFILE_SERVER_USER} > /dev/null 2>&1 ;
|
|
||||||
then
|
|
||||||
echo "Aborting because user ${SEAFILE_SERVER_USER} already exist" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Setup permissive selinux
|
|
||||||
# -------------------------------------------
|
|
||||||
# runtime
|
|
||||||
enforce=`getenforce`
|
|
||||||
if [[ "${enforce}" != "Disabled" ]]; then
|
|
||||||
setenforce 0
|
|
||||||
fi
|
|
||||||
# permanently
|
|
||||||
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Setup firewall
|
|
||||||
# -------------------------------------------
|
|
||||||
yum install firewalld fail2ban -y
|
|
||||||
# https://www.optimox.de/tutorials/linux-allgemein/centos-firewall-konfigurieren-mit-firewalld
|
|
||||||
systemctl status firewalld &> /dev/null \
|
|
||||||
&& for i in ssh http https ; do firewall-cmd --zone=public --add-service=${i} --permanent ; done \
|
|
||||||
&& firewall-cmd --reload
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Additional requirements
|
|
||||||
# -------------------------------------------
|
|
||||||
# extra packages for enterprise linux
|
|
||||||
|
|
||||||
yum install epel-release -y
|
|
||||||
yum upgrade -y
|
|
||||||
|
|
||||||
if [[ ${SEAFILE_VERSION} =~ 6\.[0-9]*\.[0-9]* ]]; then
|
|
||||||
yum install python-setuptools MySQL-python memcached python-urllib3 \
|
|
||||||
pwgen curl openssl python-ldap java-1.8.0-openjdk poppler-utils libreoffice python-requests \
|
|
||||||
libreoffice-headless libreoffice-pyuno wqy-microhei-fonts wqy-zenhei-fonts wqy-unibit-fonts \
|
|
||||||
gcc libffi-devel python-devel openssl-devel libmemcached libmemcached-devel python2-pip -y
|
|
||||||
|
|
||||||
pip install pylibmc==1.6.0 django-pylibmc==0.6.1
|
|
||||||
pip install --timeout=3600 Pillow==4.3.0
|
|
||||||
pip install psd-tools==1.4
|
|
||||||
else
|
|
||||||
yum install python-setuptools MySQL-python memcached python-urllib3 \
|
|
||||||
pwgen curl openssl python-ldap java-1.8.0-openjdk poppler-utils libreoffice \
|
|
||||||
libreoffice-headless libreoffice-pyuno wqy-microhei-fonts wqy-zenhei-fonts wqy-unibit-fonts \
|
|
||||||
libffi-devel openssl-devel libmemcached -y
|
|
||||||
fi
|
|
||||||
|
|
||||||
# start memcached on system boot
|
|
||||||
systemctl enable --now memcached
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Install nginx
|
|
||||||
# -------------------------------------------
|
|
||||||
yum install nginx -y
|
|
||||||
systemctl enable nginx
|
|
||||||
rm -rf /etc/nginx/conf.d/*
|
|
||||||
|
|
||||||
cat > /etc/nginx/conf.d/seafile.conf << EOF
|
|
||||||
log_format seafileformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time';
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name seafile.example.com;
|
|
||||||
|
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://127.0.0.1:8000;
|
|
||||||
proxy_set_header Host \$host;
|
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Host \$server_name;
|
|
||||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
||||||
proxy_read_timeout 1200s;
|
|
||||||
|
|
||||||
# used for view/edit office file via Office Online Server
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seahub.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seahub.error.log;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /seafhttp {
|
|
||||||
rewrite ^/seafhttp(.*)$ \$1 break;
|
|
||||||
proxy_pass http://127.0.0.1:8082;
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
proxy_connect_timeout 36000s;
|
|
||||||
proxy_read_timeout 36000s;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seafhttp.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seafhttp.error.log;
|
|
||||||
}
|
|
||||||
location /media {
|
|
||||||
root ${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub;
|
|
||||||
}
|
|
||||||
location /seafdav {
|
|
||||||
fastcgi_pass 127.0.0.1:8080;
|
|
||||||
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
|
|
||||||
fastcgi_param PATH_INFO \$fastcgi_script_name;
|
|
||||||
fastcgi_param SERVER_PROTOCOL \$server_protocol;
|
|
||||||
fastcgi_param QUERY_STRING \$query_string;
|
|
||||||
fastcgi_param REQUEST_METHOD \$request_method;
|
|
||||||
fastcgi_param CONTENT_TYPE \$content_type;
|
|
||||||
fastcgi_param CONTENT_LENGTH \$content_length;
|
|
||||||
fastcgi_param SERVER_ADDR \$server_addr;
|
|
||||||
fastcgi_param SERVER_PORT \$server_port;
|
|
||||||
fastcgi_param SERVER_NAME \$server_name;
|
|
||||||
fastcgi_param REMOTE_ADDR \$remote_addr;
|
|
||||||
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seafdav.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seafdav.error.log;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Create optimized nginx.conf
|
|
||||||
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
|
|
||||||
cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
|
|
||||||
user nginx nginx;
|
|
||||||
worker_processes 4;
|
|
||||||
|
|
||||||
events {
|
|
||||||
worker_connections 8096;
|
|
||||||
multi_accept on;
|
|
||||||
use epoll;
|
|
||||||
}
|
|
||||||
|
|
||||||
pid /var/run/nginx.pid;
|
|
||||||
worker_rlimit_nofile 40000;
|
|
||||||
|
|
||||||
http {
|
|
||||||
server_tokens off;
|
|
||||||
server_names_hash_bucket_size 128;
|
|
||||||
client_max_body_size 50M;
|
|
||||||
include /etc/nginx/mime.types;
|
|
||||||
default_type application/octet-stream;
|
|
||||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
||||||
'$status $body_bytes_sent "$http_referer" '
|
|
||||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
||||||
access_log /var/log/nginx/access.log main;
|
|
||||||
error_log /var/log/nginx/error.log warn;
|
|
||||||
sendfile on;
|
|
||||||
tcp_nopush on;
|
|
||||||
tcp_nodelay on;
|
|
||||||
client_body_timeout 12;
|
|
||||||
client_header_timeout 12;
|
|
||||||
keepalive_timeout 15;
|
|
||||||
send_timeout 10;
|
|
||||||
# Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
|
|
||||||
gzip off;
|
|
||||||
#gzip_vary on;
|
|
||||||
#gzip_proxied expired no-cache no-store private auth any;
|
|
||||||
#gzip_comp_level 9;
|
|
||||||
#gzip_min_length 10240;
|
|
||||||
#gzip_buffers 16 8k;
|
|
||||||
#gzip_http_version 1.1;
|
|
||||||
#gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
|
|
||||||
#gzip_disable "MSIE [1-6].";
|
|
||||||
include /etc/nginx/conf.d/*.conf;
|
|
||||||
}
|
|
||||||
ENDOFFILE
|
|
||||||
|
|
||||||
# Fix NGINX worker_processes to number of CPU cores
|
|
||||||
CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }')
|
|
||||||
eval "sed -i 's/worker_processes.*/worker_processes $CPUS;/g' /etc/nginx/nginx.conf"
|
|
||||||
|
|
||||||
systemctl restart nginx
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# MariaDB
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -f "/root/.my.cnf" ]] ;
|
|
||||||
then
|
|
||||||
echo "MariaDB installed before, skip this part"
|
|
||||||
SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf`
|
|
||||||
else
|
|
||||||
yum install mariadb-server -y
|
|
||||||
systemctl start mariadb
|
|
||||||
systemctl enable mariadb
|
|
||||||
|
|
||||||
SQLROOTPW=$(pwgen)
|
|
||||||
|
|
||||||
mysqladmin -u root password $SQLROOTPW
|
|
||||||
|
|
||||||
cat > /root/.my.cnf <<EOF
|
|
||||||
[client]
|
|
||||||
user=root
|
|
||||||
password=$SQLROOTPW
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 /root/.my.cnf
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile init script
|
|
||||||
# -------------------------------------------
|
|
||||||
cat > /etc/systemd/system/seafile.service << EOF
|
|
||||||
[Unit]
|
|
||||||
Description=Seafile Server
|
|
||||||
After=network.target remote-fs.target mariadb.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh start
|
|
||||||
ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh stop
|
|
||||||
User=${SEAFILE_SERVER_USER}
|
|
||||||
Group=${SEAFILE_SERVER_USER}
|
|
||||||
LimitNOFILE=infinity
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=yes
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
EOF
|
|
||||||
systemctl enable seafile
|
|
||||||
|
|
||||||
cat > /etc/systemd/system/seahub.service << EOF
|
|
||||||
[Unit]
|
|
||||||
Description=Seafile Seahub
|
|
||||||
After=network.target seafile.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh start
|
|
||||||
ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh stop
|
|
||||||
User=${SEAFILE_SERVER_USER}
|
|
||||||
Group=${SEAFILE_SERVER_USER}
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=yes
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
EOF
|
|
||||||
systemctl enable seahub
|
|
||||||
|
|
||||||
# Seafile restart script
|
|
||||||
cat > /usr/local/sbin/seafile-server-restart << 'EOF'
|
|
||||||
#!/bin/bash
|
|
||||||
for ACTION in stop start ; do
|
|
||||||
for SERVICE in seafile seahub ; do
|
|
||||||
systemctl ${ACTION} ${SERVICE}
|
|
||||||
done
|
|
||||||
done
|
|
||||||
EOF
|
|
||||||
chmod 700 /usr/local/sbin/seafile-server-restart
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile
|
|
||||||
# -------------------------------------------
|
|
||||||
mkdir -p ${SEAFILE_SERVER_HOME}/installed
|
|
||||||
cd ${SEAFILE_SERVER_HOME}
|
|
||||||
if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then
|
|
||||||
curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
|
|
||||||
else
|
|
||||||
cp /opt/${SEAFILE_SERVER_PACKAGE} .
|
|
||||||
fi
|
|
||||||
tar xzf ${SEAFILE_SERVER_PACKAGE}
|
|
||||||
|
|
||||||
mv ${SEAFILE_SERVER_PACKAGE} installed
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile DB
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -f "/opt/seafile.my.cnf" ]] ;
|
|
||||||
then
|
|
||||||
echo "MariaDB installed before, skip this part"
|
|
||||||
SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf`
|
|
||||||
else
|
|
||||||
SQLSEAFILEPW=$(pwgen)
|
|
||||||
|
|
||||||
cat > /opt/seafile.my.cnf <<EOF
|
|
||||||
[client]
|
|
||||||
user=seafile
|
|
||||||
password=$SQLSEAFILEPW
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 /opt/seafile.my.cnf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Add seafile user
|
|
||||||
# -------------------------------------------
|
|
||||||
useradd --system --comment "${SEAFILE_SERVER_USER}" ${SEAFILE_SERVER_USER} --home-dir ${SEAFILE_SERVER_HOME}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Go to /opt/seafile/seafile-pro-server-${SEAFILE_VERSION}
|
|
||||||
# -------------------------------------------
|
|
||||||
cd $INSTALLPATH
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Vars - Don't touch these unless you really know what you are doing!
|
|
||||||
# -------------------------------------------
|
|
||||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
|
||||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
|
||||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
|
||||||
DEST_SETTINGS_PY=${TOPDIR}/conf/seahub_settings.py
|
|
||||||
|
|
||||||
mkdir -p ${DEFAULT_CONF_DIR}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Create ccnet, seafile, seahub conf using setup script
|
|
||||||
# -------------------------------------------
|
|
||||||
|
|
||||||
./setup-seafile-mysql.sh auto -u seafile -w ${SQLSEAFILEPW} -r ${SQLROOTPW}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Configure Seafile WebDAV Server(SeafDAV)
|
|
||||||
# -------------------------------------------
|
|
||||||
sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Configuring seahub_settings.py
|
|
||||||
# -------------------------------------------
|
|
||||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
|
||||||
|
|
||||||
CACHES = {
|
|
||||||
'default': {
|
|
||||||
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
|
|
||||||
'LOCATION': '127.0.0.1:11211',
|
|
||||||
},
|
|
||||||
'locmem': {
|
|
||||||
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
|
|
||||||
},
|
|
||||||
}
|
|
||||||
COMPRESS_CACHE_BACKEND = 'locmem'
|
|
||||||
|
|
||||||
# EMAIL_USE_TLS = False
|
|
||||||
# EMAIL_HOST = 'localhost'
|
|
||||||
# EMAIL_HOST_USER = ''
|
|
||||||
# EMAIL_HOST_PASSWORD = ''
|
|
||||||
# EMAIL_PORT = '25'
|
|
||||||
# DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
|
|
||||||
# SERVER_EMAIL = EMAIL_HOST_USER
|
|
||||||
|
|
||||||
TIME_ZONE = '${TIME_ZONE}'
|
|
||||||
SITE_BASE = 'http://${IP_OR_DOMAIN}'
|
|
||||||
SITE_NAME = 'Seafile Server'
|
|
||||||
SITE_TITLE = 'Seafile Server'
|
|
||||||
SITE_ROOT = '/'
|
|
||||||
ENABLE_SIGNUP = False
|
|
||||||
ACTIVATE_AFTER_REGISTRATION = False
|
|
||||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
|
||||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
|
||||||
CLOUD_MODE = False
|
|
||||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
|
||||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
|
||||||
SESSION_SAVE_EVERY_REQUEST = False
|
|
||||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
|
||||||
|
|
||||||
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
|
|
||||||
EOF
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Backup check_init_admin.py befor applying changes
|
|
||||||
# -------------------------------------------
|
|
||||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Set admin credentials in check_init_admin.py
|
|
||||||
# -------------------------------------------
|
|
||||||
SEAFILE_ADMIN_PW=$(pwgen)
|
|
||||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
|
||||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
|
||||||
# -------------------------------------------
|
|
||||||
${INSTALLPATH}/seafile.sh start
|
|
||||||
${INSTALLPATH}/seahub.sh start
|
|
||||||
sleep 2 # sleep for a while, otherwise seahub will not be stopped
|
|
||||||
${INSTALLPATH}/seahub.sh stop
|
|
||||||
sleep 1
|
|
||||||
${INSTALLPATH}/seafile.sh stop
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Restore original check_init_admin.py
|
|
||||||
# -------------------------------------------
|
|
||||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
|
||||||
|
|
||||||
if is_pro; then
|
|
||||||
PRO_PY=${INSTALLPATH}/pro/pro.py
|
|
||||||
$PYTHON ${PRO_PY} setup --mysql --mysql_host=127.0.0.1 --mysql_port=3306 --mysql_user=seafile --mysql_password=${SQLSEAFILEPW} --mysql_db=seahub_db
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Fix permissions
|
|
||||||
# -------------------------------------------
|
|
||||||
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
|
|
||||||
if [[ -d /tmp/seafile-office-output/ ]]; then
|
|
||||||
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R /tmp/seafile-office-output/
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Restart seafile server
|
|
||||||
# -------------------------------------------
|
|
||||||
/usr/local/sbin/seafile-server-restart
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Final report
|
|
||||||
# -------------------------------------------
|
|
||||||
cat > ${TOPDIR}/aio_seafile-server.log<<EOF
|
|
||||||
|
|
||||||
Your Seafile server is installed
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
Server Address: http://${IP_OR_DOMAIN}
|
|
||||||
|
|
||||||
Seafile Admin: ${SEAFILE_ADMIN}
|
|
||||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
|
||||||
|
|
||||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
|
||||||
|
|
||||||
Seafile DB Credentials: Check /opt/seafile.my.cnf
|
|
||||||
Root DB Credentials: Check /root/.my.cnf
|
|
||||||
|
|
||||||
This report is also saved to ${TOPDIR}/aio_seafile-server.log
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Next you should manually complete the following steps
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
1) Log in to Seafile and configure your server domain via the system
|
|
||||||
admin area if applicable.
|
|
||||||
|
|
||||||
2) If this server is behind a firewall, you need to ensure that
|
|
||||||
tcp port 80 is open.
|
|
||||||
|
|
||||||
3) Seahub tries to send emails via the local server. Install and
|
|
||||||
configure Postfix for this to work or
|
|
||||||
check https://manual.seafile.com/config/sending_email.html
|
|
||||||
for instructions on how to use an existing email account via SMTP.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Optional steps
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
|
||||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
|
||||||
|
|
||||||
2) Setup NGINX with official SSL certificate.
|
|
||||||
|
|
||||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
|
||||||
|
|
||||||
4) Harden system with port knocking, fail2ban, etc.
|
|
||||||
|
|
||||||
5) Enable unattended installation of security updates. Check
|
|
||||||
https://wiki.Ubuntu.org/UnattendedUpgrades for details.
|
|
||||||
|
|
||||||
6) Implement a backup routine for your Seafile server.
|
|
||||||
|
|
||||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Seafile support options
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
For free community support visit: https://bbs.seafile.com
|
|
||||||
For paid commercial support visit: https://seafile.com
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 ${TOPDIR}/aio_seafile-server.log
|
|
||||||
|
|
||||||
clear
|
|
||||||
|
|
||||||
cat ${TOPDIR}/aio_seafile-server.log
|
|
|
@ -1,532 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# seafile-server-installer/seafile-server-ubuntu-16-04-amd64
|
|
||||||
#
|
|
||||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
|
||||||
# Copyright 2016, Zheng Xie <xie.zheng@seafile.com>
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU Affero General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU Affero General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU Affero General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
|
|
||||||
if [[ $HOME == "" ]]; then
|
|
||||||
export HOME=/root
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ $SEAFILE_DEBUG != "" ]]; then
|
|
||||||
set -x
|
|
||||||
fi
|
|
||||||
set -e
|
|
||||||
|
|
||||||
if [[ "$#" -ne 1 ]]; then
|
|
||||||
echo "You must specif Seafile version to install"
|
|
||||||
echo "Like: $0 7.0.0"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
clear
|
|
||||||
cat <<EOF
|
|
||||||
|
|
||||||
This script installs the community edition of the Seafile Server on a Ubuntu 16.04 (Xenial) 64bit
|
|
||||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
This installer is meant to run on a freshly installed machine
|
|
||||||
only. If you run it on a production server things can and
|
|
||||||
probably will go terrible wrong and you will loose valuable
|
|
||||||
data!
|
|
||||||
|
|
||||||
For questions or suggestions please contact us at
|
|
||||||
support@seafile.com
|
|
||||||
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
Possible options:
|
|
||||||
1 = Seafile Community (Free) Edition (CE)
|
|
||||||
2 = Seafile Professional Edition (PRO)
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
if [[ ${SEAFILE_PRO} == "" ]]; then
|
|
||||||
PS3="Which Seafile version would you like to install? "
|
|
||||||
select SEAFILE_SERVER_VERSION in CE PRO ABORT; do
|
|
||||||
case "${SEAFILE_SERVER_VERSION}" in
|
|
||||||
ABORT)
|
|
||||||
echo "Aborting"
|
|
||||||
break
|
|
||||||
;;
|
|
||||||
"")
|
|
||||||
echo "$REPLY: Wrong value. Select 1 or 2."
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
if [[ ${SEAFILE_SERVER_VERSION} = "PRO" ]]; then
|
|
||||||
SEAFILE_PRO=1
|
|
||||||
else
|
|
||||||
SEAFILE_PRO=0
|
|
||||||
fi
|
|
||||||
break
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
is_pro() {
|
|
||||||
if [[ "$SEAFILE_PRO" == "1" ]]; then
|
|
||||||
return 0
|
|
||||||
else
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
echo
|
|
||||||
if is_pro; then
|
|
||||||
echo "This script will install Seafile Professional Edition for you."
|
|
||||||
else
|
|
||||||
echo "This script will install Seafile Community Edition for you."
|
|
||||||
fi
|
|
||||||
echo
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Vars
|
|
||||||
# -------------------------------------------
|
|
||||||
SEAFILE_ADMIN=admin@seafile.local
|
|
||||||
SEAFILE_SERVER_USER=seafile
|
|
||||||
SEAFILE_SERVER_HOME=/opt/seafile
|
|
||||||
IP_OR_DOMAIN=127.0.0.1
|
|
||||||
SEAFILE_VERSION=$1
|
|
||||||
TIME_ZONE=Asia/Shanghai
|
|
||||||
|
|
||||||
if is_pro; then
|
|
||||||
SEAFILE_SERVER_PACKAGE=seafile-pro-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
|
||||||
if [[ ! -e /opt/$SEAFILE_SERVER_PACKAGE ]]; then
|
|
||||||
echo
|
|
||||||
echo "You must download \"$SEAFILE_SERVER_PACKAGE\" to the /opt/ folder before running this script!"
|
|
||||||
echo
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-pro-server-${SEAFILE_VERSION}/
|
|
||||||
else
|
|
||||||
SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
|
||||||
SEAFILE_SERVER_PACKAGE_URL=http://seafile-downloads.oss-cn-shanghai.aliyuncs.com/${SEAFILE_SERVER_PACKAGE}
|
|
||||||
INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-server-${SEAFILE_VERSION}/
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Ensure we are running the installer as root
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ $EUID -ne 0 ]]; then
|
|
||||||
echo " Aborting because you are not root" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Abort if directory SEAFILE_SERVER_HOME exists
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -d "${SEAFILE_SERVER_HOME}" ]] ;
|
|
||||||
then
|
|
||||||
echo " Aborting because directory ${SEAFILE_SERVER_HOME} already exist" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Additional requirements
|
|
||||||
# -------------------------------------------
|
|
||||||
apt-get update
|
|
||||||
|
|
||||||
if [[ ${SEAFILE_VERSION} =~ 6\.[0-9]*\.[0-9]* ]]; then
|
|
||||||
apt-get install -y python2.7 sudo python-pip python-setuptools python-mysqldb python-ldap python-urllib3 \
|
|
||||||
openjdk-8-jre memcached libmemcached-dev zlib1g-dev pwgen curl openssl poppler-utils libpython2.7 libreoffice \
|
|
||||||
libreoffice-script-provider-python ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy nginx python-requests
|
|
||||||
|
|
||||||
pip install pylibmc==1.6.0 django-pylibmc==0.6.1
|
|
||||||
pip install --timeout=3600 Pillow==4.3.0
|
|
||||||
pip install psd-tools==1.4
|
|
||||||
else
|
|
||||||
apt-get install -y python2.7 sudo python-setuptools python-mysqldb python-ldap python-urllib3 \
|
|
||||||
openjdk-8-jre memcached libmemcached-dev zlib1g-dev pwgen curl openssl poppler-utils libpython2.7 libreoffice \
|
|
||||||
libreoffice-script-provider-python ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy nginx
|
|
||||||
fi
|
|
||||||
|
|
||||||
rm /etc/nginx/sites-enabled/*
|
|
||||||
|
|
||||||
cat > /etc/nginx/sites-available/seafile.conf << EOF
|
|
||||||
log_format seafileformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time';
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
server_name seafile.example.com;
|
|
||||||
|
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://127.0.0.1:8000;
|
|
||||||
proxy_set_header Host \$host;
|
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Host \$server_name;
|
|
||||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
|
||||||
proxy_read_timeout 1200s;
|
|
||||||
|
|
||||||
# used for view/edit office file via Office Online Server
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seahub.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seahub.error.log;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /seafhttp {
|
|
||||||
rewrite ^/seafhttp(.*)$ \$1 break;
|
|
||||||
proxy_pass http://127.0.0.1:8082;
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
|
|
||||||
proxy_connect_timeout 36000s;
|
|
||||||
proxy_read_timeout 36000s;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seafhttp.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seafhttp.error.log;
|
|
||||||
}
|
|
||||||
location /media {
|
|
||||||
root ${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub;
|
|
||||||
}
|
|
||||||
location /seafdav {
|
|
||||||
fastcgi_pass 127.0.0.1:8080;
|
|
||||||
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
|
|
||||||
fastcgi_param PATH_INFO \$fastcgi_script_name;
|
|
||||||
fastcgi_param SERVER_PROTOCOL \$server_protocol;
|
|
||||||
fastcgi_param QUERY_STRING \$query_string;
|
|
||||||
fastcgi_param REQUEST_METHOD \$request_method;
|
|
||||||
fastcgi_param CONTENT_TYPE \$content_type;
|
|
||||||
fastcgi_param CONTENT_LENGTH \$content_length;
|
|
||||||
fastcgi_param SERVER_ADDR \$server_addr;
|
|
||||||
fastcgi_param SERVER_PORT \$server_port;
|
|
||||||
fastcgi_param SERVER_NAME \$server_name;
|
|
||||||
fastcgi_param REMOTE_ADDR \$remote_addr;
|
|
||||||
|
|
||||||
client_max_body_size 0;
|
|
||||||
|
|
||||||
access_log /var/log/nginx/seafdav.access.log seafileformat;
|
|
||||||
error_log /var/log/nginx/seafdav.error.log;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
EOF
|
|
||||||
|
|
||||||
ln -sf /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf
|
|
||||||
|
|
||||||
service nginx restart
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# MariaDB
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -f "/root/.my.cnf" ]] ;
|
|
||||||
then
|
|
||||||
echo "MariaDB installed before, skip this part"
|
|
||||||
SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf`
|
|
||||||
else
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server
|
|
||||||
|
|
||||||
SQLROOTPW=$(pwgen)
|
|
||||||
|
|
||||||
mysqladmin -u root password $SQLROOTPW
|
|
||||||
|
|
||||||
cat > /root/.my.cnf <<EOF
|
|
||||||
[client]
|
|
||||||
user=root
|
|
||||||
password=$SQLROOTPW
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 /root/.my.cnf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile init script
|
|
||||||
# -------------------------------------------
|
|
||||||
cat > /etc/init.d/seafile-server << EOF
|
|
||||||
#!/bin/bash
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: seafile-server
|
|
||||||
# Required-Start: \$remote_fs \$syslog mysql
|
|
||||||
# Required-Stop: \$remote_fs \$syslog
|
|
||||||
# Default-Start: 2 3 4 5
|
|
||||||
# Default-Stop: 0 1 6
|
|
||||||
# Short-Description: Seafile server
|
|
||||||
# Description: Start Seafile server
|
|
||||||
### END INIT INFO
|
|
||||||
|
|
||||||
# Author: Alexander Jackson <alexander.jackson@seafile.com.de>
|
|
||||||
|
|
||||||
# Change the value of "seafile_dir" to your path of seafile installation
|
|
||||||
user=${SEAFILE_SERVER_USER}
|
|
||||||
seafile_dir=${SEAFILE_SERVER_HOME}
|
|
||||||
script_path=\${seafile_dir}/seafile-server-latest
|
|
||||||
seafile_init_log=\${seafile_dir}/logs/seafile.init.log
|
|
||||||
seahub_init_log=\${seafile_dir}/logs/seahub.init.log
|
|
||||||
|
|
||||||
|
|
||||||
case "\$1" in
|
|
||||||
start)
|
|
||||||
sudo -u \${user} \${script_path}/seafile.sh start >> \${seafile_init_log}
|
|
||||||
sudo -u \${user} \${script_path}/seahub.sh start >> \${seahub_init_log}
|
|
||||||
;;
|
|
||||||
restart)
|
|
||||||
sudo -u \${user} \${script_path}/seafile.sh restart >> \${seafile_init_log}
|
|
||||||
sudo -u \${user} \${script_path}/seahub.sh restart >> \${seahub_init_log}
|
|
||||||
;;
|
|
||||||
stop)
|
|
||||||
sudo -u \${user} \${script_path}/seafile.sh \$1 >> \${seafile_init_log}
|
|
||||||
sudo -u \${user} \${script_path}/seahub.sh \$1 >> \${seahub_init_log}
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
|
|
||||||
exit 1
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod +x /etc/init.d/seafile-server
|
|
||||||
update-rc.d seafile-server defaults
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile
|
|
||||||
# -------------------------------------------
|
|
||||||
mkdir -p ${SEAFILE_SERVER_HOME}/installed
|
|
||||||
cd ${SEAFILE_SERVER_HOME}
|
|
||||||
if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then
|
|
||||||
curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
|
|
||||||
else
|
|
||||||
cp /opt/${SEAFILE_SERVER_PACKAGE} .
|
|
||||||
fi
|
|
||||||
tar xzf ${SEAFILE_SERVER_PACKAGE}
|
|
||||||
|
|
||||||
mv ${SEAFILE_SERVER_PACKAGE} installed
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Seafile DB
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -f "/opt/seafile.my.cnf" ]] ;
|
|
||||||
then
|
|
||||||
echo "MariaDB installed before, skip this part"
|
|
||||||
SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf`
|
|
||||||
else
|
|
||||||
SQLSEAFILEPW=$(pwgen)
|
|
||||||
|
|
||||||
cat > /opt/seafile.my.cnf <<EOF
|
|
||||||
[client]
|
|
||||||
user=seafile
|
|
||||||
password=$SQLSEAFILEPW
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 /opt/seafile.my.cnf
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Add seafile user
|
|
||||||
# -------------------------------------------
|
|
||||||
useradd --system --comment "${SEAFILE_SERVER_USER}" ${SEAFILE_SERVER_USER} --home-dir ${SEAFILE_SERVER_HOME}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Go to /opt/seafile/seafile-pro-server-${SEAFILE_VERSION}
|
|
||||||
# -------------------------------------------
|
|
||||||
cd $INSTALLPATH
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Vars - Don't touch these unless you really know what you are doing!
|
|
||||||
# -------------------------------------------
|
|
||||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
|
||||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
|
||||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
|
||||||
DEST_SETTINGS_PY=${TOPDIR}/conf/seahub_settings.py
|
|
||||||
|
|
||||||
mkdir -p ${DEFAULT_CONF_DIR}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Create ccnet, seafile, seahub conf using setup script
|
|
||||||
# -------------------------------------------
|
|
||||||
|
|
||||||
./setup-seafile-mysql.sh auto -u seafile -w ${SQLSEAFILEPW} -r ${SQLROOTPW}
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Configure Seafile WebDAV Server(SeafDAV)
|
|
||||||
# -------------------------------------------
|
|
||||||
sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Configuring seahub_settings.py
|
|
||||||
# -------------------------------------------
|
|
||||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
|
||||||
|
|
||||||
CACHES = {
|
|
||||||
'default': {
|
|
||||||
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
|
|
||||||
'LOCATION': '127.0.0.1:11211',
|
|
||||||
},
|
|
||||||
'locmem': {
|
|
||||||
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
|
|
||||||
},
|
|
||||||
}
|
|
||||||
COMPRESS_CACHE_BACKEND = 'locmem'
|
|
||||||
|
|
||||||
# EMAIL_USE_TLS = False
|
|
||||||
# EMAIL_HOST = 'localhost'
|
|
||||||
# EMAIL_HOST_USER = ''
|
|
||||||
# EMAIL_HOST_PASSWORD = ''
|
|
||||||
# EMAIL_PORT = '25'
|
|
||||||
# DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
|
|
||||||
# SERVER_EMAIL = EMAIL_HOST_USER
|
|
||||||
|
|
||||||
TIME_ZONE = '${TIME_ZONE}'
|
|
||||||
SITE_BASE = 'http://${IP_OR_DOMAIN}'
|
|
||||||
SITE_NAME = 'Seafile Server'
|
|
||||||
SITE_TITLE = 'Seafile Server'
|
|
||||||
SITE_ROOT = '/'
|
|
||||||
ENABLE_SIGNUP = False
|
|
||||||
ACTIVATE_AFTER_REGISTRATION = False
|
|
||||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
|
||||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
|
||||||
CLOUD_MODE = False
|
|
||||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
|
||||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
|
||||||
SESSION_SAVE_EVERY_REQUEST = False
|
|
||||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
|
||||||
|
|
||||||
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
|
|
||||||
EOF
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Backup check_init_admin.py befor applying changes
|
|
||||||
# -------------------------------------------
|
|
||||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Set admin credentials in check_init_admin.py
|
|
||||||
# -------------------------------------------
|
|
||||||
SEAFILE_ADMIN_PW=$(pwgen)
|
|
||||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
|
||||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
|
||||||
# -------------------------------------------
|
|
||||||
${INSTALLPATH}/seafile.sh start
|
|
||||||
${INSTALLPATH}/seahub.sh start
|
|
||||||
sleep 2 # sleep for a while, otherwise seahub will not be stopped
|
|
||||||
${INSTALLPATH}/seahub.sh stop
|
|
||||||
sleep 1
|
|
||||||
${INSTALLPATH}/seafile.sh stop
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Restore original check_init_admin.py
|
|
||||||
# -------------------------------------------
|
|
||||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
|
||||||
|
|
||||||
if is_pro; then
|
|
||||||
PRO_PY=${INSTALLPATH}/pro/pro.py
|
|
||||||
$PYTHON ${PRO_PY} setup --mysql --mysql_host=127.0.0.1 --mysql_port=3306 --mysql_user=seafile --mysql_password=${SQLSEAFILEPW} --mysql_db=seahub_db
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Fix permissions
|
|
||||||
# -------------------------------------------
|
|
||||||
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
|
|
||||||
if [[ -d /tmp/seafile-office-output/ ]]; then
|
|
||||||
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R /tmp/seafile-office-output/
|
|
||||||
fi
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Start seafile server
|
|
||||||
# -------------------------------------------
|
|
||||||
echo "Starting productive Seafile server"
|
|
||||||
service seafile-server start
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Final report
|
|
||||||
# -------------------------------------------
|
|
||||||
cat > ${TOPDIR}/aio_seafile-server.log<<EOF
|
|
||||||
|
|
||||||
Your Seafile server is installed
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
Server Address: http://${IP_OR_DOMAIN}
|
|
||||||
|
|
||||||
Seafile Admin: ${SEAFILE_ADMIN}
|
|
||||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
|
||||||
|
|
||||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
|
||||||
|
|
||||||
Seafile DB Credentials: Check /opt/seafile.my.cnf
|
|
||||||
Root DB Credentials: Check /root/.my.cnf
|
|
||||||
|
|
||||||
This report is also saved to ${TOPDIR}/aio_seafile-server.log
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Next you should manually complete the following steps
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
1) Log in to Seafile and configure your server domain via the system
|
|
||||||
admin area if applicable.
|
|
||||||
|
|
||||||
2) If this server is behind a firewall, you need to ensure that
|
|
||||||
tcp port 80 is open.
|
|
||||||
|
|
||||||
3) Seahub tries to send emails via the local server. Install and
|
|
||||||
configure Postfix for this to work or
|
|
||||||
check https://manual.seafile.com/config/sending_email.html
|
|
||||||
for instructions on how to use an existing email account via SMTP.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Optional steps
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
|
||||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
|
||||||
|
|
||||||
2) Setup NGINX with official SSL certificate.
|
|
||||||
|
|
||||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
|
||||||
|
|
||||||
4) Harden system with port knocking, fail2ban, etc.
|
|
||||||
|
|
||||||
5) Enable unattended installation of security updates. Check
|
|
||||||
https://wiki.Ubuntu.org/UnattendedUpgrades for details.
|
|
||||||
|
|
||||||
6) Implement a backup routine for your Seafile server.
|
|
||||||
|
|
||||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Seafile support options
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
|
|
||||||
For free community support visit: https://bbs.seafile.com
|
|
||||||
For paid commercial support visit: https://seafile.com
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
chmod 600 ${TOPDIR}/aio_seafile-server.log
|
|
||||||
|
|
||||||
clear
|
|
||||||
|
|
||||||
cat ${TOPDIR}/aio_seafile-server.log
|
|
|
@ -1,169 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# seafile-server-installer/startssl-certificate-generator
|
|
||||||
#
|
|
||||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU Affero General Public License as published by
|
|
||||||
# the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU Affero General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU Affero General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
#
|
|
||||||
#
|
|
||||||
#set -x
|
|
||||||
# -------------------------------------------
|
|
||||||
# Vars
|
|
||||||
# -------------------------------------------
|
|
||||||
CLASS_DEFAULT=1
|
|
||||||
RSA=4096
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# About
|
|
||||||
# -------------------------------------------
|
|
||||||
cat << EOF
|
|
||||||
|
|
||||||
StartSSL certificate creator for NGINX
|
|
||||||
|
|
||||||
Go to https://www.startssl.com and sign up. Decide
|
|
||||||
if the free class1 certs are good enough or if you
|
|
||||||
need paid class2 or class3 certificates. Class1
|
|
||||||
certificates are the default after signing up. You
|
|
||||||
don't need to do anything else to issue class1 certs.
|
|
||||||
|
|
||||||
For questions or suggestions please contact me at
|
|
||||||
alexander.jackson@seafile.de
|
|
||||||
|
|
||||||
-----------------------------------------------------------------
|
|
||||||
Hit return to proceed or CTRL-C to abort.
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
read dummy
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Start working
|
|
||||||
# -------------------------------------------
|
|
||||||
read -p "New certs class? [$CLASS_DEFAULT]" CLASS
|
|
||||||
CLASS="${CLASS:-$CLASS_DEFAULT}"
|
|
||||||
|
|
||||||
if [[ $CLASS > 3 ]]; then
|
|
||||||
echo Wrong class type. Select 1, 2 or 3. Aborting.. ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
read -p "New certs domain name? " DOMAIN
|
|
||||||
|
|
||||||
CERT_DIR=$(pwd)/certs/${DOMAIN}
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Abort if CERT_DIR exists
|
|
||||||
# -------------------------------------------
|
|
||||||
if [[ -d "${CERT_DIR}" ]] ;
|
|
||||||
then
|
|
||||||
echo " Aborting because directory ${CERT_DIR} already exist" ; exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
mkdir -p ${CERT_DIR}
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Create certificate signing request and private key in batch mode
|
|
||||||
# -------------------------------------------
|
|
||||||
openssl req -new -nodes -keyout ${CERT_DIR}/${DOMAIN}.key -out ${CERT_DIR}/${DOMAIN}.csr -newkey rsa:${RSA} -batch
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Print instructions
|
|
||||||
# -------------------------------------------
|
|
||||||
cat << EOF
|
|
||||||
|
|
||||||
Follow these steps next:
|
|
||||||
|
|
||||||
1. Go to https://www.startssl.com >
|
|
||||||
2. Certificates Wizard >
|
|
||||||
3. Certificate Target: (Web Server SSL/TLS Certificate) > Continue >
|
|
||||||
4. Generate Private Key > Skip >
|
|
||||||
5. Submit Certificate Request (CSR) (Paste your csr shown below)
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
cat ${CERT_DIR}/${DOMAIN}.csr
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Print more instructions
|
|
||||||
# -------------------------------------------
|
|
||||||
cat << EOF
|
|
||||||
|
|
||||||
6. Continue >>
|
|
||||||
7. Certificate Request Received > Continue >>
|
|
||||||
8. Add Domains: (select your domain)
|
|
||||||
9. Optionally Add Domains > Add More < (repeat until happy) > Continue >>
|
|
||||||
10. Ready Processing Certificate > Continue >>
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
echo "Hit return when the certificate is displayed."
|
|
||||||
read dummy
|
|
||||||
|
|
||||||
echo "Replace content with certificate, save and exit." > ${CERT_DIR}/${DOMAIN}.crt
|
|
||||||
|
|
||||||
nano ${CERT_DIR}/${DOMAIN}.crt
|
|
||||||
|
|
||||||
echo "Creating class ${CLASS} chained certificate for NGINX"
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Create certificate change for usage with NGINX
|
|
||||||
# -------------------------------------------
|
|
||||||
cat ${CERT_DIR}/${DOMAIN}.crt > ${CERT_DIR}/${DOMAIN}_chained.crt
|
|
||||||
|
|
||||||
if [[ $CLASS -eq 1 ]]; then
|
|
||||||
wget -O - https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem >> ${CERT_DIR}/${DOMAIN}_chained.crt
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ $CLASS -eq 2 ]]; then
|
|
||||||
wget -O - https://www.startssl.com/certs/class2/sha2/pem/sub.class2.server.sha2.ca.pem >> ${CERT_DIR}/${DOMAIN}_chained.crt
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ $CLASS -eq 3 ]]; then
|
|
||||||
wget -O - https://www.startssl.com/certs/class3/sha2/pem/sub.class3.server.sha2.ca.pem >> ${CERT_DIR}/${DOMAIN}_chained.crt
|
|
||||||
fi
|
|
||||||
|
|
||||||
wget -O - https://www.startssl.com/certs/ca-sha2.pem >> ${CERT_DIR}/${DOMAIN}_chained.crt
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# List new csr and key for informational value
|
|
||||||
# -------------------------------------------
|
|
||||||
echo "Our newly Created files:"
|
|
||||||
ls -ahl ${CERT_DIR}
|
|
||||||
|
|
||||||
|
|
||||||
# -------------------------------------------
|
|
||||||
# Print
|
|
||||||
# -------------------------------------------
|
|
||||||
cat << EOF
|
|
||||||
|
|
||||||
Implementation example for NGINX:
|
|
||||||
|
|
||||||
[...]
|
|
||||||
ssl on;
|
|
||||||
ssl_certificate ${CERT_DIR}/${DOMAIN}_chained.crt;
|
|
||||||
ssl_certificate_key ${CERT_DIR}/${DOMAIN}.key;
|
|
||||||
[...]
|
|
||||||
|
|
||||||
Finished!
|
|
||||||
|
|
||||||
EOF
|
|
139
tests/assert.sh
139
tests/assert.sh
|
@ -1,139 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
# assert.sh 1.0 - bash unit testing framework
|
|
||||||
# Copyright (C) 2009, 2010, 2011, 2012 Robert Lehmann
|
|
||||||
#
|
|
||||||
# http://github.com/lehmannro/assert.sh
|
|
||||||
#
|
|
||||||
# This program is free software: you can redistribute it and/or modify
|
|
||||||
# it under the terms of the GNU Lesser General Public License as published
|
|
||||||
# by the Free Software Foundation, either version 3 of the License, or
|
|
||||||
# (at your option) any later version.
|
|
||||||
#
|
|
||||||
# This program is distributed in the hope that it will be useful,
|
|
||||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
# GNU Lesser General Public License for more details.
|
|
||||||
#
|
|
||||||
# You should have received a copy of the GNU Lesser General Public License
|
|
||||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
||||||
|
|
||||||
export DISCOVERONLY=${DISCOVERONLY:-}
|
|
||||||
export DEBUG=${DEBUG:-}
|
|
||||||
export STOP=${STOP:-}
|
|
||||||
export INVARIANT=${INVARIANT:-}
|
|
||||||
|
|
||||||
args="$(getopt -n "$0" -l verbose,help,stop,discover,invariant vhxdi $*)" \
|
|
||||||
|| exit -1
|
|
||||||
for arg in $args; do
|
|
||||||
case "$arg" in
|
|
||||||
-h)
|
|
||||||
echo "$0 [-vxid] [--verbose] [--stop] [--invariant] [--discover]"
|
|
||||||
echo "`sed 's/./ /g' <<< "$0"` [-h] [--help]"
|
|
||||||
exit 0;;
|
|
||||||
--help)
|
|
||||||
cat <<EOF
|
|
||||||
Usage: $0 [options]
|
|
||||||
Language-agnostic unit tests for subprocesses.
|
|
||||||
|
|
||||||
Options:
|
|
||||||
-v, --verbose generate output for every individual test case
|
|
||||||
-x, --stop stop running tests after the first failure
|
|
||||||
-i, --invariant do not measure timings to remain invariant between runs
|
|
||||||
-d, --discover collect test suites only, do not run any tests
|
|
||||||
-h show brief usage information and exit
|
|
||||||
--help show this help message and exit
|
|
||||||
EOF
|
|
||||||
exit 0;;
|
|
||||||
-v|--verbose)
|
|
||||||
DEBUG=1;;
|
|
||||||
-x|--stop)
|
|
||||||
STOP=1;;
|
|
||||||
-i|--invariant)
|
|
||||||
INVARIANT=1;;
|
|
||||||
-d|--discover)
|
|
||||||
DISCOVERONLY=1;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
printf -v _indent "\n\t" # local format helper
|
|
||||||
|
|
||||||
_assert_reset() {
|
|
||||||
tests_ran=0
|
|
||||||
tests_failed=0
|
|
||||||
tests_errors=()
|
|
||||||
tests_starttime="$(date +%s.%N)" # seconds_since_epoch.nanoseconds
|
|
||||||
}
|
|
||||||
|
|
||||||
assert_end() {
|
|
||||||
# assert_end [suite ..]
|
|
||||||
tests_endtime="$(date +%s.%N)"
|
|
||||||
tests="$tests_ran ${*:+$* }tests"
|
|
||||||
[[ -n "$DISCOVERONLY" ]] && echo "collected $tests." && _assert_reset && return
|
|
||||||
[[ -n "$DEBUG" ]] && echo
|
|
||||||
[[ -z "$INVARIANT" ]] && report_time=" in $(bc \
|
|
||||||
<<< "${tests_endtime%.N} - ${tests_starttime%.N}" \
|
|
||||||
| sed -e 's/\.\([0-9]\{0,3\}\)[0-9]*/.\1/' -e 's/^\./0./')s" \
|
|
||||||
|| report_time=
|
|
||||||
|
|
||||||
if [[ "$tests_failed" -eq 0 ]]; then
|
|
||||||
echo "all $tests passed$report_time."
|
|
||||||
else
|
|
||||||
for error in "${tests_errors[@]}"; do echo "$error"; done
|
|
||||||
echo "$tests_failed of $tests failed$report_time."
|
|
||||||
fi
|
|
||||||
tests_failed_previous=$tests_failed
|
|
||||||
_assert_reset
|
|
||||||
return $tests_failed_previous
|
|
||||||
}
|
|
||||||
|
|
||||||
assert() {
|
|
||||||
# assert <command> <expected stdout> [stdin]
|
|
||||||
(( tests_ran++ ))
|
|
||||||
[[ -n "$DISCOVERONLY" ]] && return
|
|
||||||
# printf required for formatting
|
|
||||||
printf -v expected "x${2:-}" # x required to overwrite older results
|
|
||||||
result="$(eval 2>/dev/null $1 <<< ${3:-})"
|
|
||||||
# Note: $expected is already decorated
|
|
||||||
if [[ "x$result" == "$expected" ]]; then
|
|
||||||
[[ -n "$DEBUG" ]] && echo -n .
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
[[ -n "$DEBUG" ]] && echo -n X
|
|
||||||
result="$(sed -e :a -e '$!N;s/\n/\\n/;ta' <<< "$result")"
|
|
||||||
[[ -z "$result" ]] && result="nothing" || result="\"$result\""
|
|
||||||
[[ -z "$2" ]] && expected="nothing" || expected="\"$2\""
|
|
||||||
failure="expected $expected${_indent}got $result"
|
|
||||||
report="test #$tests_ran \"$1${3:+ <<< $3}\" failed:${_indent}$failure"
|
|
||||||
tests_errors[$tests_failed]="$report"
|
|
||||||
(( tests_failed++ ))
|
|
||||||
if [[ -n "$STOP" ]]; then
|
|
||||||
[[ -n "$DEBUG" ]] && echo
|
|
||||||
echo "$report"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
assert_raises() {
|
|
||||||
# assert_raises <command> <expected code> [stdin]
|
|
||||||
(( tests_ran++ ))
|
|
||||||
[[ -n "$DISCOVERONLY" ]] && return
|
|
||||||
(eval $1 <<< ${3:-}) > /dev/null 2>&1
|
|
||||||
status=$?
|
|
||||||
expected=${2:-0}
|
|
||||||
if [[ "$status" -eq "$expected" ]]; then
|
|
||||||
[[ -n "$DEBUG" ]] && echo -n .
|
|
||||||
return
|
|
||||||
fi
|
|
||||||
[[ -n "$DEBUG" ]] && echo -n X
|
|
||||||
failure="program terminated with code $status instead of $expected"
|
|
||||||
report="test #$tests_ran \"$1${3:+ <<< $3}\" failed:${_indent}$failure"
|
|
||||||
tests_errors[$tests_failed]="$report"
|
|
||||||
(( tests_failed++ ))
|
|
||||||
if [[ -n "$STOP" ]]; then
|
|
||||||
[[ -n "$DEBUG" ]] && echo
|
|
||||||
echo "$report"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
_assert_reset
|
|
|
@ -1,5 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
. tests/assert.sh
|
|
||||||
|
|
||||||
echo "Tests for seafile server package..."
|
|
Loading…
Reference in New Issue
Block a user