upstream/seafile-server-installer-cn
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-server-installer-cn synced 2024-09-20 16:25:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add seafile server install script for ubuntu 14.04

Browse Source
This commit is contained in:
Daniel Pan 2015-05-28 13:58:59 +08:00
parent 4f9167c391
commit ed5889ba17
14 changed files with 16 additions and 6580 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

603
no_certificate/seafile-ce_debian-jessie-amd64-no_certificate
View File

@ -1,603 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-ce_debian-jessie-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# -------------------------------------------
# Vars
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.local
SEAFILE_USER=seafile
SERVER_NAME=$(hostname -s | cut -c -16)
IP_OR_DOMAIN=$(hostname -i)
HOSTNAME=$(hostname -i)
FILESERVER_PORT=8082
SERVER_PORT=10001
SEAFILE_SERVER_PORT=12001
# -------------------------------------------
# Seafile Server Community Edition on Debian Jessie (64bit)
# -------------------------------------------
clear
cat <<EOF
This script installs the community edition of the Seafile Server on a Debian Jessie (64bit)
- Newest Seafile server version, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.com.de
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
clear
# -------------------------------------------
# Ensure we are running the installer as root
# -------------------------------------------
if [[ $EUID -ne 0 ]]; then
echo " Aborting because you are not root" ; exit 1
fi
# -------------------------------------------
# Abort if user seafile exists
# -------------------------------------------
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
then
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
fi
# -------------------------------------------
# Abort if directory /opt/seafile/ exists
# -------------------------------------------
if [[ -d "/opt/seafile/" ]] ;
then
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
fi
# -------------------------------------------
# Update System
# -------------------------------------------
apt-get update && apt-get dist-upgrade -y
# -------------------------------------------
# Ensure aptitude is installed
# -------------------------------------------
apt-get install aptitude -y
# -------------------------------------------
# Additional requirements
# -------------------------------------------
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
# -------------------------------------------
# NGINX
# -------------------------------------------
cat > /etc/apt/sources.list.d/nginx.list <<EOF
deb http://nginx.org/packages/mainline/debian/ jessie nginx
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
EOF
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
aptitude update && aptitude upgrade -y
aptitude install nginx -y
rm /etc/nginx/conf.d/*
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name "";
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
service nginx restart
# -------------------------------------------
# MariaDB
# -------------------------------------------
DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
SQLROOTPW=$(pwgen)
mysqladmin -u root password $SQLROOTPW
cat > /root/.my.cnf <<EOF
[client]
user=root
password=$SQLROOTPW
EOF
chmod 600 /root/.my.cnf
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/init.d/seafile-server <<'EOF'
#!/bin/bash
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $remote_fs $syslog mysql
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Author: Alexander Jackson <alexander.jackson@seafile.com.de>
#
# Change the value of "user" to your linux user name
user=seafile
# Change the value of "seafile_dir" to your path of seafile installation
seafile_dir=/opt/seafile
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/seafile-server
update-rc.d seafile-server defaults
# -------------------------------------------
# Seafile
# -------------------------------------------
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
mkdir -p /opt/seafile/installed
cd /opt/seafile/
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
tar xzf seafile-server_latest_x86-64.tar.gz
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
# -------------------------------------------
# Seafile DB
# -------------------------------------------
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile/.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile/.my.cnf
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
mysql seahub-db < /opt/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
# -------------------------------------------
# Go to /opt/seafile/seafile-server-${SEAFILE_VERSION}
# -------------------------------------------
cd /opt/seafile/seafile-server-${SEAFILE_VERSION}/
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
SCRIPT=$(readlink -f "$0")
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
TOPDIR=$(dirname "${INSTALLPATH}")
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
DEFAULT_CONF_DIR=${TOPDIR}/conf
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
MEDIA_DIR=${INSTALLPATH}/seahub/media
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
# -------------------------------------------
# Create ccnet conf
# -------------------------------------------
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
# Fix service url
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = http:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
# -------------------------------------------
# Create seafile conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
# -------------------------------------------
# Write seafile.ini
# -------------------------------------------
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
mkdir -p ${DEFAULT_CONF_DIR}
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
[WEBDAV]
enabled = true
port = 8080
fastcgi = true
share_name = /seafdav
EOF
# -------------------------------------------
# generate seahub_settings.py
# -------------------------------------------
key=$(python "${SEAHUB_SECRET_KEYGEN}")
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
# -------------------------------------------
# prepare avatar directory
# -------------------------------------------
mkdir -p "${TOPDIR}/seahub-data"
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
# -------------------------------------------
# create logs directory
# -------------------------------------------
mkdir -p "${TOPDIR}/logs"
# -------------------------------------------
# Create symlink for current server version
# -------------------------------------------
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
# Fix permissions
chmod 0600 "$DEST_SETTINGS_PY"
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
chmod 0700 "$SEAFILE_DATA_DIR"
chmod 0700 "$DEFAULT_CONF_DIR"
# -------------------------------------------
# copy user manuals to library template
# -------------------------------------------
mkdir -p ${LIBRARY_TEMPLATE_DIR}
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
# -------------------------------------------
# Configuring ccnet.conf
# -------------------------------------------
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = $SEAFILESQLPW
DB = ccnet-db
CONNECTION_CHARSET = utf8
EOF
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '$SEAFILESQLPW',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Asia/Beijing'
SITE_BASE = 'http://${IP_OR_DOMAIN}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
SITE_ROOT = '/'
USE_PDFJS = True
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
SEAFILE_ADMIN_PW=$(pwgen)
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
# -------------------------------------------
# Fix permissions
# -------------------------------------------
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
# -------------------------------------------
# Start seafile server
# -------------------------------------------
echo "Starting productive Seafile server"
service seafile-server start
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Name: ${SERVER_NAME}
Server Address: http://${IP_OR_DOMAIN}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile/.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${seafile_dir}/aio_seafile-server.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) Run seafile-server-change-address to add your Seafile servers DNS name
2) If this server is behind a firewall, you need to ensure that
tcp port 80 is open.
3) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Setup NGINX with official SSL certificate.
3) Secure server with iptables based firewall. For instance: UFW or shorewall
4) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.debian.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://forum.seafile-server.org
For paid commercial support visit: https://seafile.com.de
Contribute
-----------------------------------------------------------------
Please contact alexander.jackson@seafile.com.de
for bugs or suggestions about this installer. Thank you!
EOF
chmod 600 ${seafile_dir}/aio_seafile-server.log
chown -R ${SEAFILE_USER}.nogroup ${seafile_dir}/aio_seafile-server.log
# -------------------------------------------
# Install seafile-server-change-address script
# -------------------------------------------
wget https://gist.githubusercontent.com/alexanderjackson/7e6fd01187327ffd8518/raw/2a87ea94ec8906f8e1847236711eef27ba1d2bb8/seafile-server-change-address -O /usr/local/sbin/seafile-server-change-address
chmod 500 /usr/local/sbin/seafile-server-change-address
clear
cat ${seafile_dir}/aio_seafile-server.log

603
no_certificate/seafile-ce_debian-jessie-i386-no_certificate
View File

@ -1,603 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-ce_debian-jessie-i386
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# -------------------------------------------
# Vars
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.local
SEAFILE_USER=seafile
SERVER_NAME=$(hostname -s | cut -c -16)
IP_OR_DOMAIN=$(hostname -i)
HOSTNAME=$(hostname -i)
FILESERVER_PORT=8082
SERVER_PORT=10001
SEAFILE_SERVER_PORT=12001
# -------------------------------------------
# Seafile Server Community Edition on Debian Jessie (32bit)
# -------------------------------------------
clear
cat <<EOF
This script installs the community edition of the Seafile Server on a Debian Jessie (32bit)
- Newest Seafile server version, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.com.de
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
clear
# -------------------------------------------
# Ensure we are running the installer as root
# -------------------------------------------
if [[ $EUID -ne 0 ]]; then
echo " Aborting because you are not root" ; exit 1
fi
# -------------------------------------------
# Abort if user seafile exists
# -------------------------------------------
#if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
#then
# echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
#fi
# -------------------------------------------
# Abort if directory /opt/seafile/ exists
# -------------------------------------------
#if [[ -d "/opt/seafile/" ]] ;
#then
# echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
#fi
# -------------------------------------------
# Update System
# -------------------------------------------
apt-get update && apt-get dist-upgrade -y
# -------------------------------------------
# Ensure aptitude is installed
# -------------------------------------------
apt-get install aptitude -y
# -------------------------------------------
# Additional requirements
# -------------------------------------------
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
# -------------------------------------------
# NGINX
# -------------------------------------------
cat > /etc/apt/sources.list.d/nginx.list <<EOF
deb http://nginx.org/packages/mainline/debian/ jessie nginx
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
EOF
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
aptitude update && aptitude upgrade -y
aptitude install nginx -y
rm /etc/nginx/conf.d/*
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name "";
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
service nginx restart
# -------------------------------------------
# MariaDB
# -------------------------------------------
#DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
#SQLROOTPW=$(pwgen)
#mysqladmin -u root password $SQLROOTPW
#cat > /root/.my.cnf <<EOF
#[client]
#user=root
#password=$SQLROOTPW
#EOF
#chmod 600 /root/.my.cnf
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/init.d/seafile-server <<'EOF'
#!/bin/bash
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $remote_fs $syslog mysql
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Author: Alexander Jackson <alexander.jackson@seafile.com.de>
#
# Change the value of "user" to your linux user name
user=seafile
# Change the value of "seafile_dir" to your path of seafile installation
seafile_dir=/opt/seafile
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/seafile-server
update-rc.d seafile-server defaults
# -------------------------------------------
# Seafile
# -------------------------------------------
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
mkdir -p /opt/seafile/installed
cd /opt/seafile/
curl -OL https://download.seafile.com.de/seafile-server_latest_i386.tar.gz
tar xzf seafile-server_latest_i386.tar.gz
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
mv seafile-server_4.1.2_i386.tar.gz installed/seafile-server_${SEAFILE_VERSION}_i386.tar.gz
# -------------------------------------------
# Seafile DB
# -------------------------------------------
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile/.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile/.my.cnf
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
mysql seahub-db < /opt/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
# -------------------------------------------
# Go to /opt/seafile/seafile-server-${SEAFILE_VERSION}
# -------------------------------------------
cd /opt/seafile/seafile-server-${SEAFILE_VERSION}/
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
SCRIPT=$(readlink -f "$0")
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
TOPDIR=$(dirname "${INSTALLPATH}")
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
DEFAULT_CONF_DIR=${TOPDIR}/conf
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
MEDIA_DIR=${INSTALLPATH}/seahub/media
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
# -------------------------------------------
# Create ccnet conf
# -------------------------------------------
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
# Fix service url
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = http:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
# -------------------------------------------
# Create seafile conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
# -------------------------------------------
# Write seafile.ini
# -------------------------------------------
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
mkdir -p ${DEFAULT_CONF_DIR}
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
[WEBDAV]
enabled = true
port = 8080
fastcgi = true
share_name = /seafdav
EOF
# -------------------------------------------
# generate seahub_settings.py
# -------------------------------------------
key=$(python "${SEAHUB_SECRET_KEYGEN}")
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
# -------------------------------------------
# prepare avatar directory
# -------------------------------------------
mkdir -p "${TOPDIR}/seahub-data"
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
# -------------------------------------------
# create logs directory
# -------------------------------------------
mkdir -p "${TOPDIR}/logs"
# -------------------------------------------
# Create symlink for current server version
# -------------------------------------------
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
# Fix permissions
chmod 0600 "$DEST_SETTINGS_PY"
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
chmod 0700 "$SEAFILE_DATA_DIR"
chmod 0700 "$DEFAULT_CONF_DIR"
# -------------------------------------------
# copy user manuals to library template
# -------------------------------------------
mkdir -p ${LIBRARY_TEMPLATE_DIR}
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
# -------------------------------------------
# Configuring ccnet.conf
# -------------------------------------------
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = $SEAFILESQLPW
DB = ccnet-db
CONNECTION_CHARSET = utf8
EOF
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '$SEAFILESQLPW',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Asia/Beijing'
SITE_BASE = 'http://${IP_OR_DOMAIN}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
SITE_ROOT = '/'
USE_PDFJS = True
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
SEAFILE_ADMIN_PW=$(pwgen)
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
# -------------------------------------------
# Fix permissions
# -------------------------------------------
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
# -------------------------------------------
# Start seafile server
# -------------------------------------------
echo "Starting productive Seafile server"
service seafile-server start
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Name: ${SERVER_NAME}
Server Address: http://${IP_OR_DOMAIN}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile/.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${seafile_dir}/aio_seafile-server.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) Run seafile-server-change-address to add your Seafile servers DNS name
2) If this server is behind a firewall, you need to ensure that
tcp port 80 is open.
3) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Setup NGINX with official SSL certificate.
3) Secure server with iptables based firewall. For instance: UFW or shorewall
4) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.debian.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://forum.seafile-server.org
For paid commercial support visit: https://seafile.com.de
Contribute
-----------------------------------------------------------------
Please contact alexander.jackson@seafile.com.de
for bugs or suggestions about this installer. Thank you!
EOF
chmod 600 ${seafile_dir}/aio_seafile-server.log
chown -R ${SEAFILE_USER}.nogroup ${seafile_dir}/aio_seafile-server.log
# -------------------------------------------
# Install seafile-server-change-address script
# -------------------------------------------
wget https://gist.githubusercontent.com/alexanderjackson/7e6fd01187327ffd8518/raw/2a87ea94ec8906f8e1847236711eef27ba1d2bb8/seafile-server-change-address -O /usr/local/sbin/seafile-server-change-address
chmod 500 /usr/local/sbin/seafile-server-change-address
clear
cat ${seafile_dir}/aio_seafile-server.log

580
no_certificate/seafile-ce_debian-wheezy-amd64-no_certificate
View File

@ -1,580 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-ce_debian-wheezy-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# -------------------------------------------
# All-In-One Seafile Server installer for Debian Wheezy (64bit)
# -------------------------------------------
clear
cat <<EOF
All-In-One Seafile Server installer for Debian Wheezy (64bit)
- Newest Seafile server version, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.com.de
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
clear
# -------------------------------------------
# Update System
# -------------------------------------------
aptitude update && aptitude upgrade -y
# -------------------------------------------
# NGINX
# -------------------------------------------
cat > /etc/apt/sources.list.d/nginx.list <<EOF
deb http://nginx.org/packages/mainline/debian/ wheezy nginx
deb-src http://nginx.org/packages/mainline/debian/ wheezy nginx
EOF
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
aptitude update && aptitude upgrade -y
aptitude install nginx -y
rm /etc/nginx/conf.d/*
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name "";
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/haiwen/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
service nginx restart
# -------------------------------------------
# Additional requirements
# -------------------------------------------
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
openjdk-7-jre memcached python-memcache pwgen curl -y
# -------------------------------------------
# MariaDB
# -------------------------------------------
cat > /etc/apt/sources.list.d/mariadb.list <<EOF
# MariaDB Repository
deb http://mirror.netcologne.de/mariadb/repo/10.0/debian wheezy main
deb-src http://mirror.netcologne.de/mariadb/repo/10.0/debian wheezy main
EOF
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
aptitude update && aptitude upgrade -y
sync && sleep 5
DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
SQLROOTPW=$(pwgen)
mysqladmin -u root password $SQLROOTPW
cat > /root/.my.cnf <<EOF
[client]
user=root
password=$SQLROOTPW
EOF
chmod 600 /root/.my.cnf
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/init.d/seafile-server <<'EOF'
#!/bin/bash
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $remote_fs $syslog mysql
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Author: Alexander Jackson <alexander.jackson@seafile.com.de>
#
# Change the value of "user" to your linux user name
user=seafile
# Change the value of "seafile_dir" to your path of seafile installation
seafile_dir=/opt/seafile
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/seafile-server
update-rc.d seafile-server defaults
# -------------------------------------------
# Seafile
# -------------------------------------------
adduser --system --gecos "seafile" seafile --home /opt/seafile
mkdir -p /opt/seafile/haiwen/installed
cd /opt/seafile/haiwen/
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
tar xzf seafile-server_latest_x86-64.tar.gz
SEAFILE_VERSION=$(basename /opt/seafile/haiwen/seafile-server-* | awk -F'-' ' { print $3 }')
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
# -------------------------------------------
# Seafile DB
# -------------------------------------------
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile/.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile/.my.cnf
chown -R seafile.nogroup /opt/seafile/
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
mysql seahub-db < /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
# -------------------------------------------
# Go to /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}
# -------------------------------------------
cd /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/
# -------------------------------------------
# Define Seafile admin credentials.
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.local
SEAFILE_ADMIN_PW=$(pwgen)
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
SCRIPT=$(readlink -f "$0")
#INSTALLPATH=$(dirname "${SCRIPT}")
INSTALLPATH=/opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/
TOPDIR=$(dirname "${INSTALLPATH}")
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
DEFAULT_CONF_DIR=${TOPDIR}/conf
SERVER_NAME=$(hostname -s)
IP_OR_DOMAIN=$(hostname -i)
HOSTNAME=$(hostname -i)
SERVER_PORT=10001
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
SEAFILE_SERVER_PORT=12001
FILESERVER_PORT=8082
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
key=$(python "${SEAHUB_SECRET_KEYGEN}")
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
MEDIA_DIR=${INSTALLPATH}/seahub/media
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
# -------------------------------------------
# Create ccnet conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
# Fix service url
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = http:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
# -------------------------------------------
# Create seafile conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
# -------------------------------------------
# Write seafile.ini
# -------------------------------------------
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
mkdir -p ${DEFAULT_CONF_DIR}
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
[WEBDAV]
enabled = true
port = 8080
fastcgi = true
share_name = /seafdav
EOF
# -------------------------------------------
# generate seahub_settings.py
# -------------------------------------------
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
# -------------------------------------------
# prepare avatar directory
# -------------------------------------------
mkdir -p "${TOPDIR}/seahub-data"
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
# -------------------------------------------
# create logs directory
# -------------------------------------------
mkdir -p "${TOPDIR}/logs"
# -------------------------------------------
# Create symlink for current server version
# -------------------------------------------
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
# Fix permissions
chmod 0600 "$DEST_SETTINGS_PY"
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
chmod 0700 "$SEAFILE_DATA_DIR"
chmod 0700 "$DEFAULT_CONF_DIR"
# -------------------------------------------
# copy user manuals to library template
# -------------------------------------------
mkdir -p ${LIBRARY_TEMPLATE_DIR}
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
# -------------------------------------------
# Configuring ccnet.conf
# -------------------------------------------
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = $SEAFILESQLPW
DB = ccnet-db
CONNECTION_CHARSET = utf8
EOF
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '$SEAFILESQLPW',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Asia/Beijing'
SITE_BASE = 'http://${IP_OR_DOMAIN}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
SITE_ROOT = '/'
USE_PDFJS = True
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
# -------------------------------------------
# Fix permissions
# -------------------------------------------
chown seafile.nogroup -R /opt/seafile/
# -------------------------------------------
# Start seafile server
# -------------------------------------------
echo "Starting productive Seafile server"
service seafile-server start
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Name: ${SERVER_NAME}
Server Address: http://${IP_OR_DOMAIN}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile/.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${seafile_dir}/aio_seafile-server.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) seahub_settings.py: Change IP within FILE_SERVER_ROOT variable to DNS
2) ccnet.conf: Change IP within SERVICE_URL variable to DNS
3) Restart server with: service seafile-server restart
4) If this server is behind a firewall, you need to ensure that
tcp port 80 is open.
5) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Setup NGINX with official SSL certificate.
3) Secure server with iptables based firewall. For instance: UFW or shorewall
4) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.debian.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://forum.seafile-server.org
For paid commercial support visit: https://seafile.com.de
About
-----------------------------------------------------------------
Please contact alexander.jackson@seafile.com.de
for bugs or suggestions about this installer. Thank you!
EOF
chmod 600 ${seafile_dir}/aio_seafile-server.log
chown -R seafile.nogroup ${seafile_dir}/aio_seafile-server.log
clear
cat ${seafile_dir}/aio_seafile-server.log

798
no_certificate/seafile-pro_debian-jessie-amd64-no_certificate
View File

@ -1,798 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-pro_debian-jessie-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# -------------------------------------------
# Vars
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.lan
SEAFILE_USER=seafile
SEAFILE_SERVER_NAME=$(hostname -s | cut -c -16)
SEAFILE_DNS=$(hostname -i)
HOSTNAME=$(hostname -i)
FILESERVER_PORT=8082
SERVER_PORT=10001
SEAFILE_SERVER_PORT=12001
# Don't touch the following variable, unless you know what you are doing
SEAFILE_VERSION=4.1.2
SEAFILE_EDITION=pro-server
SEAFILE_SOURCE=/usr/src/seafile/seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
# -------------------------------------------
# Seafile Server Professional Edition on Debian Jessie (64bit)
# -------------------------------------------
clear
cat <<EOF
Install Seafile Professional Server on a Debian Jessie (64bit)
- Newest Seafile Professional server, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.com.de
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
clear
# -------------------------------------------
# Ensure we are running the installer as root
# -------------------------------------------
if [[ $EUID -ne 0 ]]; then
echo " Aborting because you are not root" ; exit 1
fi
# -------------------------------------------
# Abort if user seafile exists
# -------------------------------------------
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
then
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
fi
# -------------------------------------------
# Abort if directory /opt/seafile/ exists
# -------------------------------------------
if [[ -d "/opt/seafile/" ]] ;
then
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
fi
# -------------------------------------------
# Update System
# -------------------------------------------
apt-get update
apt-get dist-upgrade -y
# -------------------------------------------
# Additional requirements
# -------------------------------------------
apt-get install sudo ntp htop pwgen curl openssl unattended-upgrades -y
# -------------------------------------------
# ensure correct time is set
# -------------------------------------------
ntpd -gq
# -------------------------------------------
# Security programs
# -------------------------------------------
apt-get install ufw fail2ban -y
# -------------------------------------------
# Activate firewall
# -------------------------------------------
for i in ssh http https ; do ufw allow $i; done
yes | ufw enable
# -------------------------------------------
# Seafile requirements
# -------------------------------------------
apt-get install python-setuptools python-simplejson python-imaging python-mysqldb \
openjdk-7-jre memcached python-memcache libreoffice python-uno poppler-utils -y
# -------------------------------------------
# NGINX
# -------------------------------------------
cat > /etc/apt/sources.list.d/nginx.list <<EOF
deb http://nginx.org/packages/mainline/debian/ jessie nginx
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
EOF
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
apt-get update
apt-get upgrade -y
apt-get install nginx -y
rm /etc/nginx/conf.d/*
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name "";
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
mkdir /etc/nginx/ssl
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
# -------------------------------------------
# Create optimized nginx.conf
# -------------------------------------------
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
user nginx nginx;
worker_processes 4;
events {
worker_connections 8096;
multi_accept on;
use epoll;
}
pid /var/run/nginx.pid;
worker_rlimit_nofile 40000;
http {
server_tokens off;
server_names_hash_bucket_size 128;
client_max_body_size 50M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
gzip on;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth any;
gzip_comp_level 9;
gzip_min_length 10240;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
gzip_disable "MSIE [1-6].";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
map $scheme $php_https { default off; https on; }
include perfect-forward-secrecy.conf;
}
ENDOFFILE
# -------------------------------------------
# Setup perfect forward secrecy
# -------------------------------------------
openssl dhparam -dsaparam -out /etc/nginx/dh4096.pem 4096
cat > /etc/nginx/perfect-forward-secrecy.conf <<'EOF'
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA";
ssl_dhparam dh4096.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
EOF
# -------------------------------------------
# Fix NGINX worker_processes to number of CPU cores
# -------------------------------------------
CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }')
eval "sed -i 's/worker_processes.*/worker_processes $CPUS;/g' /etc/nginx/nginx.conf"
systemctl restart nginx
# -------------------------------------------
# MariaDB
# -------------------------------------------
DEBIAN_FRONTEND=noninteractive apt-get install mariadb-server -y
SQLROOTPW=$(pwgen)
mysqladmin -u root password $SQLROOTPW
cat > /root/.my.cnf <<EOF
[client]
user=root
password=$SQLROOTPW
EOF
chmod 600 /root/.my.cnf
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/init.d/seafile-server <<'EOF'
#!/bin/bash
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $remote_fs $syslog mysql
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Author: Alexander Jackson <alexander.jackson@seafile.com.de>
#
# Change the value of "user" to your linux user name
USER=seafile
# Change the value of "SEAFILE_DIR" to your path of seafile installation
SEAFILE_DIR=/opt/seafile
SCRIPT_PATH=${SEAFILE_DIR}/seafile-server-latest
SEAFILE_INIT_LOG=${SEAFILE_DIR}/logs/seafile.init.log
SEAHUB_INIT_LOG=${SEAFILE_DIR}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
case "$1" in
start)
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh start >> ${SEAFILE_INIT_LOG}
if [ $fastcgi = true ];
then
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh start-fastcgi ${fastcgi_port} >> ${SEAHUB_INIT_LOG}
else
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh start >> ${SEAHUB_INIT_LOG}
fi
;;
restart)
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh restart >> ${SEAFILE_INIT_LOG}
if [ $fastcgi = true ];
then
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${SEAHUB_INIT_LOG}
else
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh restart >> ${SEAHUB_INIT_LOG}
fi
;;
stop)
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh $1 >> ${SEAFILE_INIT_LOG}
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh $1 >> ${SEAHUB_INIT_LOG}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/seafile-server
systemctl enable seafile-server
# -------------------------------------------
# Install seafile-server-change-address script
# -------------------------------------------
cat > /usr/local/sbin/seafile-server-change-address <<'ENDOFFILE'
#/bin/bash
#set -x
# -------------------------------------------
# Vars
# -------------------------------------------
HOSTNAME=$(hostname -f)
SEAFILE_DIR=/opt/seafile
# -------------------------------------------
# Intro
# -------------------------------------------
clear
cat <<EOF
Mit diesem Skript können Sie die Adresse Ihres
Seafile Servers Ändern. Das ist zum Beispiel nötig wenn
sich Ihre Domain- oder IP-Adresse geändert hat.
Wird Seafile mit der falschen Adresse betrieben,
funktioniert der Up- und Download von Dateien nicht.
Soll der Server mittes Portweiterleitung erreichbar
sein, verwenden Sie bitte die öffentliche oder externe
IP Ihres Routers bzw. einen öffentlich Domainnamen.
Bei Falscheingaben rufen Sie das Skript bitte erneut auf.
Der aktuelle Hostname wird vorausgefüllt. Ggf. einfach
ändern.
EOF
echo "Geben Sie jetzt die neue IP oder Domainadresse"
read -e -p "Neue Domainadresse:" -i " ${HOSTNAME}" URL
cat <<EOF
Die eingebenen Adresse lautet: ${URL}
-------------------------------------------
Fortfahren mit ENTER. Abruch mit STRG-C...
EOF
read dummy
clear
# -------------------------------------------
# Aendere Adressen in seahub_settings.py und ccnet.conf
# -------------------------------------------
sed -i "s/^SITE_BASE.*/SITE_BASE = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
sed -i "s/^SITE_NAME.*/SITE_NAME = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
sed -i "s/^SITE_TITLE.*/SITE_TITLE = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
sed -i "s/^FILE_SERVER_ROOT.*/FILE_SERVER_ROOT = '\http:\/\/${URL}\/seafhttp\'/g" ${SEAFILE_DIR}/seahub_settings.py
sed -i "s/^SERVICE_URL.*/SERVICE_URL = http:\/\/${URL}/g" ${SEAFILE_DIR}/ccnet/ccnet.conf
# -------------------------------------------
# Starte Seafile neu
# -------------------------------------------
systemctl restart seafile-server
# -------------------------------------------
# Outro
# -------------------------------------------
cat <<EOF
Fertig! Der Seafile Server wurde neu gestartet.
Seahub sollte nun über http://${HOSTNAME} erreichbar sein.
EOF
ENDOFFILE
chmod 500 /usr/local/sbin/seafile-server-change-address
# -------------------------------------------
# Seafile
# -------------------------------------------
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
mkdir -p /opt/seafile/installed
cd /opt/seafile/
cp ${SEAFILE_SOURCE} ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
tar xzf ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
mv ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz installed/./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
# -------------------------------------------
# Seafile DB
# -------------------------------------------
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile/.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile/.my.cnf
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
mysql seahub-db < /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub/sql/mysql.sql
# -------------------------------------------
# Go to /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}
# -------------------------------------------
cd /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
SCRIPT=$(readlink -f "$0")
INSTALLPATH=/opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/
TOPDIR=$(dirname "${INSTALLPATH}")
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
DEFAULT_CONF_DIR=${TOPDIR}/conf
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
MEDIA_DIR=${INSTALLPATH}/seahub/media
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
# -------------------------------------------
# Create ccnet conf
# -------------------------------------------
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
--name "${SEAFILE_SERVER_NAME}" --port "${SERVER_PORT}" --host "${SEAFILE_DNS}"
# Fix service url
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = http:\/\/${SEAFILE_DNS}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
# -------------------------------------------
# Create seafile conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
# -------------------------------------------
# Write seafile.ini
# -------------------------------------------
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
mkdir -p ${DEFAULT_CONF_DIR}
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
[WEBDAV]
enabled = true
port = 8080
fastcgi = true
share_name = /seafdav
EOF
# -------------------------------------------
# generate seahub_settings.py
# -------------------------------------------
key=$(python "${SEAHUB_SECRET_KEYGEN}")
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
# -------------------------------------------
# prepare avatar directory
# -------------------------------------------
mkdir -p "${TOPDIR}/seahub-data"
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
# -------------------------------------------
# create logs directory
# -------------------------------------------
mkdir -p "${TOPDIR}/logs"
# -------------------------------------------
# Create symlink for current server version
# -------------------------------------------
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
# Fix permissions
chmod 0600 "$DEST_SETTINGS_PY"
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
chmod 0700 "$SEAFILE_DATA_DIR"
chmod 0700 "$DEFAULT_CONF_DIR"
# -------------------------------------------
# copy user manuals to library template
# -------------------------------------------
mkdir -p ${LIBRARY_TEMPLATE_DIR}
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
# -------------------------------------------
# Setup professional features
# -------------------------------------------
PRO_PY=${INSTALLPATH}/pro/pro.py
$PYTHON ${PRO_PY} setup
# -------------------------------------------
# Configuring ccnet.conf
# -------------------------------------------
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = ${SEAFILESQLPW}
DB = ccnet-db
CONNECTION_CHARSET = utf8
EOF
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '${SEAFILESQLPW}',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${SEAFILE_DNS}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Asia/Beijing'
SITE_BASE = 'http://${SEAFILE_DNS}'
SITE_NAME = 'Seafile Professional Server'
SITE_TITLE = 'Seafile Professional Server'
SITE_ROOT = '/'
USE_PDFJS = True
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'http://${SEAFILE_DNS}/seafhttp'
REPO_PASSWORD_MIN_LENGTH = 8
USER_PASSWORD_MIN_LENGTH = 6
USER_PASSWORD_STRENGTH_LEVEL = 3
USER_STRONG_PASSWORD_REQUIRED = True
ENABLE_MAKE_GROUP_PUBLIC = False
ENABLE_THUMBNAIL = True
THUMBNAIL_ROOT = '${TOPDIR}/seahub-data/thumbnail/thumb/'
THUMBNAIL_EXTENSION = 'png'
THUMBNAIL_DEFAULT_SIZE = '24'
PREVIEW_DEFAULT_SIZE = '100'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
SEAFILE_ADMIN_PW=$(pwgen)
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seafile.sh start
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub.sh start
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub.sh stop
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
# -------------------------------------------
# Fix permissions
# -------------------------------------------
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
# -------------------------------------------
# Start seafile server
# -------------------------------------------
echo "Starting productive Seafile server"
systemctl restart seafile-server
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${SEAFILE_DIR}/seafile-pro-installer.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Name: ${SEAFILE_SERVER_NAME}
Server Address: http://${SEAFILE_DNS}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile/.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${SEAFILE_DIR}/seafile-pro-installer.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) Run seafile-server-change-address to add your Seafile servers DNS name
2) If this server is behind a firewall, you need to ensure that
tcp port 80 is open.
3) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Setup NGINX with official SSL certificate.
3) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.debian.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://forum.seafile-server.org
For paid commercial support visit: https://seafile.com.de
Contribute
-----------------------------------------------------------------
Please contact alexander.jackson@seafile.com.de
for bugs or suggestions about this installer. Thank you!
EOF
chmod 600 ${SEAFILE_DIR}/seafile-pro-installer.log
chown -R ${SEAFILE_USER}.nogroup ${SEAFILE_DIR}/seafile-pro-installer.log
clear
less ${SEAFILE_DIR}/seafile-pro-installer.log
echo I am finished, enjoy! \;-\)

22
seafile-ce_archlinux-amd64
View File

@ -1,22 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-ce_archlinux-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
Anyone is welcome to make this one happen! ;-)

22
seafile-ce_centos-7-amd64
View File

@ -1,22 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-ce_centos-7-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
Anyone is welcome to make this one happen! ;-)

623
seafile-ce_debian-jessie-amd64
View File

@ -1,623 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-ce_debian-jessie-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# -------------------------------------------
# Vars
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.local
SEAFILE_USER=seafile
SERVER_NAME=$(hostname -s | cut -c -16)
IP_OR_DOMAIN=$(hostname -i)
HOSTNAME=$(hostname -i)
FILESERVER_PORT=8082
SERVER_PORT=10001
SEAFILE_SERVER_PORT=12001
# -------------------------------------------
# Seafile Server Community Edition on Debian Jessie (64bit)
# -------------------------------------------
clear
cat <<EOF
This script installs the community edition of the Seafile Server on a Debian Jessie (64bit)
- Newest Seafile server version, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.de
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
clear
# -------------------------------------------
# Ensure we are running the installer as root
# -------------------------------------------
if [[ $EUID -ne 0 ]]; then
echo " Aborting because you are not root" ; exit 1
fi
# -------------------------------------------
# Abort if user seafile exists
# -------------------------------------------
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
then
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
fi
# -------------------------------------------
# Abort if directory /opt/seafile/ exists
# -------------------------------------------
if [[ -d "/opt/seafile/" ]] ;
then
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
fi
# -------------------------------------------
# Update System
# -------------------------------------------
apt-get update && apt-get dist-upgrade -y
# -------------------------------------------
# Ensure aptitude is installed
# -------------------------------------------
apt-get install aptitude -y
# -------------------------------------------
# Additional requirements
# -------------------------------------------
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
# -------------------------------------------
# NGINX
# -------------------------------------------
cat > /etc/apt/sources.list.d/nginx.list <<EOF
deb http://nginx.org/packages/mainline/debian/ jessie nginx
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
EOF
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
aptitude update && aptitude upgrade -y
aptitude install nginx -y
rm /etc/nginx/conf.d/*
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name "";
return 301 https://$http_host$request_uri?;
}
server {
listen 443 spdy;
server_name "";
ssl on;
ssl_certificate /etc/nginx/ssl/seafile.crt;
ssl_certificate_key /etc/nginx/ssl/seafile.key;
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
mkdir /etc/nginx/ssl
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
service nginx restart
# -------------------------------------------
# MariaDB
# -------------------------------------------
DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
SQLROOTPW=$(pwgen)
mysqladmin -u root password $SQLROOTPW
cat > /root/.my.cnf <<EOF
[client]
user=root
password=$SQLROOTPW
EOF
chmod 600 /root/.my.cnf
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/init.d/seafile-server <<'EOF'
#!/bin/bash
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $remote_fs $syslog mysql
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Author: Alexander Jackson <alexander.jackson@seafile.de>
#
# Change the value of "user" to your linux user name
user=seafile
# Change the value of "seafile_dir" to your path of seafile installation
seafile_dir=/opt/seafile
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/seafile-server
update-rc.d seafile-server defaults
# -------------------------------------------
# Seafile
# -------------------------------------------
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
mkdir -p /opt/seafile/installed
cd /opt/seafile/
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
tar xzf seafile-server_latest_x86-64.tar.gz
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
# -------------------------------------------
# Seafile DB
# -------------------------------------------
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile/.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile/.my.cnf
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
mysql seahub-db < /opt/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
# -------------------------------------------
# Go to /opt/seafile/seafile-server-${SEAFILE_VERSION}
# -------------------------------------------
cd /opt/seafile/seafile-server-${SEAFILE_VERSION}/
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
SCRIPT=$(readlink -f "$0")
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
TOPDIR=$(dirname "${INSTALLPATH}")
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
DEFAULT_CONF_DIR=${TOPDIR}/conf
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
MEDIA_DIR=${INSTALLPATH}/seahub/media
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
# -------------------------------------------
# Create ccnet conf
# -------------------------------------------
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
# Fix service url
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
# -------------------------------------------
# Create seafile conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
# -------------------------------------------
# Write seafile.ini
# -------------------------------------------
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
mkdir -p ${DEFAULT_CONF_DIR}
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
[WEBDAV]
enabled = true
port = 8080
fastcgi = true
share_name = /seafdav
EOF
# -------------------------------------------
# generate seahub_settings.py
# -------------------------------------------
key=$(python "${SEAHUB_SECRET_KEYGEN}")
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
# -------------------------------------------
# prepare avatar directory
# -------------------------------------------
mkdir -p "${TOPDIR}/seahub-data"
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
# -------------------------------------------
# create logs directory
# -------------------------------------------
mkdir -p "${TOPDIR}/logs"
# -------------------------------------------
# Create symlink for current server version
# -------------------------------------------
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
# Fix permissions
chmod 0600 "$DEST_SETTINGS_PY"
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
chmod 0700 "$SEAFILE_DATA_DIR"
chmod 0700 "$DEFAULT_CONF_DIR"
# -------------------------------------------
# copy user manuals to library template
# -------------------------------------------
mkdir -p ${LIBRARY_TEMPLATE_DIR}
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
# -------------------------------------------
# Configuring ccnet.conf
# -------------------------------------------
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = $SEAFILESQLPW
DB = ccnet-db
CONNECTION_CHARSET = utf8
EOF
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '$SEAFILESQLPW',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Europe/Berlin'
SITE_BASE = 'https://${IP_OR_DOMAIN}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
SITE_ROOT = '/'
USE_PDFJS = True
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'https://${IP_OR_DOMAIN}/seafhttp'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
SEAFILE_ADMIN_PW=$(pwgen)
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
# -------------------------------------------
# Fix permissions
# -------------------------------------------
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
# -------------------------------------------
# Start seafile server
# -------------------------------------------
echo "Starting productive Seafile server"
service seafile-server start
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Name: ${SERVER_NAME}
Server Address: https://${IP_OR_DOMAIN}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile/.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${seafile_dir}/aio_seafile-server.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) Run seafile-server-change-address to add your Seafile servers DNS name
2) If this server is behind a firewall, you need to ensure that
tcp port 443 for the NGINX reverse proxy is open. Optionally
you may also open tcp port 80 which redirects all unencrypted
http traffic to the encrypted https port.
3) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Setup NGINX with official SSL certificate.
3) Secure server with iptables based firewall. For instance: UFW or shorewall
4) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.debian.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://forum.seafile-server.org
For paid commercial support visit: https://seafile.com.de
Contribute
-----------------------------------------------------------------
Please contact alexander.jackson@seafile.de
for bugs or suggestions about this installer. Thank you!
EOF
chmod 600 ${seafile_dir}/aio_seafile-server.log
chown -R ${SEAFILE_USER}.nogroup ${seafile_dir}/aio_seafile-server.log
# -------------------------------------------
# Install seafile-server-change-address script
# -------------------------------------------
wget https://gist.githubusercontent.com/alexanderjackson/7e6fd01187327ffd8518/raw/2a87ea94ec8906f8e1847236711eef27ba1d2bb8/seafile-server-change-address -O /usr/local/sbin/seafile-server-change-address
chmod 500 /usr/local/sbin/seafile-server-change-address
clear
cat ${seafile_dir}/aio_seafile-server.log

623
seafile-ce_debian-jessie-i386
View File

@ -1,623 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-ce_debian-jessie-i386
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# -------------------------------------------
# Vars
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.local
SEAFILE_USER=seafile
SERVER_NAME=$(hostname -s | cut -c -16)
IP_OR_DOMAIN=$(hostname -i)
HOSTNAME=$(hostname -i)
FILESERVER_PORT=8082
SERVER_PORT=10001
SEAFILE_SERVER_PORT=12001
# -------------------------------------------
# Seafile Server Community Edition on Debian Jessie (32bit)
# -------------------------------------------
clear
cat <<EOF
This script installs the community edition of the Seafile Server on a Debian Jessie (32bit)
- Newest Seafile server version, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.de
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
clear
# -------------------------------------------
# Ensure we are running the installer as root
# -------------------------------------------
if [[ $EUID -ne 0 ]]; then
echo " Aborting because you are not root" ; exit 1
fi
# -------------------------------------------
# Abort if user seafile exists
# -------------------------------------------
#if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
#then
# echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
#fi
# -------------------------------------------
# Abort if directory /opt/seafile/ exists
# -------------------------------------------
#if [[ -d "/opt/seafile/" ]] ;
#then
# echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
#fi
# -------------------------------------------
# Update System
# -------------------------------------------
apt-get update && apt-get dist-upgrade -y
# -------------------------------------------
# Ensure aptitude is installed
# -------------------------------------------
apt-get install aptitude -y
# -------------------------------------------
# Additional requirements
# -------------------------------------------
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
# -------------------------------------------
# NGINX
# -------------------------------------------
cat > /etc/apt/sources.list.d/nginx.list <<EOF
deb http://nginx.org/packages/mainline/debian/ jessie nginx
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
EOF
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
aptitude update && aptitude upgrade -y
aptitude install nginx -y
rm /etc/nginx/conf.d/*
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name "";
return 301 https://$http_host$request_uri?;
}
server {
listen 443 spdy;
server_name "";
ssl on;
ssl_certificate /etc/nginx/ssl/seafile.crt;
ssl_certificate_key /etc/nginx/ssl/seafile.key;
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
mkdir /etc/nginx/ssl
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
service nginx restart
# -------------------------------------------
# MariaDB
# -------------------------------------------
#DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
#SQLROOTPW=$(pwgen)
#mysqladmin -u root password $SQLROOTPW
#cat > /root/.my.cnf <<EOF
#[client]
#user=root
#password=$SQLROOTPW
#EOF
#chmod 600 /root/.my.cnf
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/init.d/seafile-server <<'EOF'
#!/bin/bash
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $remote_fs $syslog mysql
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Author: Alexander Jackson <alexander.jackson@seafile.de>
#
# Change the value of "user" to your linux user name
user=seafile
# Change the value of "seafile_dir" to your path of seafile installation
seafile_dir=/opt/seafile
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/seafile-server
update-rc.d seafile-server defaults
# -------------------------------------------
# Seafile
# -------------------------------------------
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
mkdir -p /opt/seafile/installed
cd /opt/seafile/
curl -OL https://download.seafile.com.de/seafile-server_latest_i386.tar.gz
tar xzf seafile-server_latest_i386.tar.gz
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
mv seafile-server_4.1.2_i386.tar.gz installed/seafile-server_${SEAFILE_VERSION}_i386.tar.gz
# -------------------------------------------
# Seafile DB
# -------------------------------------------
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile/.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile/.my.cnf
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
mysql seahub-db < /opt/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
# -------------------------------------------
# Go to /opt/seafile/seafile-server-${SEAFILE_VERSION}
# -------------------------------------------
cd /opt/seafile/seafile-server-${SEAFILE_VERSION}/
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
SCRIPT=$(readlink -f "$0")
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
TOPDIR=$(dirname "${INSTALLPATH}")
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
DEFAULT_CONF_DIR=${TOPDIR}/conf
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
MEDIA_DIR=${INSTALLPATH}/seahub/media
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
# -------------------------------------------
# Create ccnet conf
# -------------------------------------------
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
# Fix service url
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
# -------------------------------------------
# Create seafile conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
# -------------------------------------------
# Write seafile.ini
# -------------------------------------------
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
mkdir -p ${DEFAULT_CONF_DIR}
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
[WEBDAV]
enabled = true
port = 8080
fastcgi = true
share_name = /seafdav
EOF
# -------------------------------------------
# generate seahub_settings.py
# -------------------------------------------
key=$(python "${SEAHUB_SECRET_KEYGEN}")
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
# -------------------------------------------
# prepare avatar directory
# -------------------------------------------
mkdir -p "${TOPDIR}/seahub-data"
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
# -------------------------------------------
# create logs directory
# -------------------------------------------
mkdir -p "${TOPDIR}/logs"
# -------------------------------------------
# Create symlink for current server version
# -------------------------------------------
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
# Fix permissions
chmod 0600 "$DEST_SETTINGS_PY"
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
chmod 0700 "$SEAFILE_DATA_DIR"
chmod 0700 "$DEFAULT_CONF_DIR"
# -------------------------------------------
# copy user manuals to library template
# -------------------------------------------
mkdir -p ${LIBRARY_TEMPLATE_DIR}
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
# -------------------------------------------
# Configuring ccnet.conf
# -------------------------------------------
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = $SEAFILESQLPW
DB = ccnet-db
CONNECTION_CHARSET = utf8
EOF
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '$SEAFILESQLPW',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Europe/Berlin'
SITE_BASE = 'https://${IP_OR_DOMAIN}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
SITE_ROOT = '/'
USE_PDFJS = True
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'https://${IP_OR_DOMAIN}/seafhttp'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
SEAFILE_ADMIN_PW=$(pwgen)
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
# -------------------------------------------
# Fix permissions
# -------------------------------------------
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
# -------------------------------------------
# Start seafile server
# -------------------------------------------
echo "Starting productive Seafile server"
service seafile-server start
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Name: ${SERVER_NAME}
Server Address: https://${IP_OR_DOMAIN}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile/.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${seafile_dir}/aio_seafile-server.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) Run seafile-server-change-address to add your Seafile servers DNS name
2) If this server is behind a firewall, you need to ensure that
tcp port 443 for the NGINX reverse proxy is open. Optionally
you may also open tcp port 80 which redirects all unencrypted
http traffic to the encrypted https port.
3) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Setup NGINX with official SSL certificate.
3) Secure server with iptables based firewall. For instance: UFW or shorewall
4) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.debian.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://forum.seafile-server.org
For paid commercial support visit: https://seafile.com.de
Contribute
-----------------------------------------------------------------
Please contact alexander.jackson@seafile.de
for bugs or suggestions about this installer. Thank you!
EOF
chmod 600 ${seafile_dir}/aio_seafile-server.log
chown -R ${SEAFILE_USER}.nogroup ${seafile_dir}/aio_seafile-server.log
# -------------------------------------------
# Install seafile-server-change-address script
# -------------------------------------------
wget https://gist.githubusercontent.com/alexanderjackson/7e6fd01187327ffd8518/raw/2a87ea94ec8906f8e1847236711eef27ba1d2bb8/seafile-server-change-address -O /usr/local/sbin/seafile-server-change-address
chmod 500 /usr/local/sbin/seafile-server-change-address
clear
cat ${seafile_dir}/aio_seafile-server.log

600
seafile-ce_debian-wheezy-amd64
View File

@ -1,600 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-ce_debian-wheezy-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# -------------------------------------------
# All-In-One Seafile Server installer for Debian Wheezy (64bit)
# -------------------------------------------
clear
cat <<EOF
All-In-One Seafile Server installer for Debian Wheezy (64bit)
- Newest Seafile server version, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.de
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
clear
# -------------------------------------------
# Update System
# -------------------------------------------
aptitude update && aptitude upgrade -y
# -------------------------------------------
# NGINX
# -------------------------------------------
cat > /etc/apt/sources.list.d/nginx.list <<EOF
deb http://nginx.org/packages/mainline/debian/ wheezy nginx
deb-src http://nginx.org/packages/mainline/debian/ wheezy nginx
EOF
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
aptitude update && aptitude upgrade -y
aptitude install nginx -y
rm /etc/nginx/conf.d/*
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name "";
return 301 https://$http_host$request_uri?;
}
server {
listen 443 spdy;
server_name "";
ssl on;
ssl_certificate /etc/nginx/ssl/seafile.crt;
ssl_certificate_key /etc/nginx/ssl/seafile.key;
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/haiwen/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
mkdir /etc/nginx/ssl
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
service nginx restart
# -------------------------------------------
# Additional requirements
# -------------------------------------------
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
openjdk-7-jre memcached python-memcache pwgen curl -y
# -------------------------------------------
# MariaDB
# -------------------------------------------
cat > /etc/apt/sources.list.d/mariadb.list <<EOF
# MariaDB Repository
deb http://mirror.netcologne.de/mariadb/repo/10.0/debian wheezy main
deb-src http://mirror.netcologne.de/mariadb/repo/10.0/debian wheezy main
EOF
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
aptitude update && aptitude upgrade -y
sync && sleep 5
DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
SQLROOTPW=$(pwgen)
mysqladmin -u root password $SQLROOTPW
cat > /root/.my.cnf <<EOF
[client]
user=root
password=$SQLROOTPW
EOF
chmod 600 /root/.my.cnf
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/init.d/seafile-server <<'EOF'
#!/bin/bash
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $remote_fs $syslog mysql
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Author: Alexander Jackson <alexander.jackson@seafile.de>
#
# Change the value of "user" to your linux user name
user=seafile
# Change the value of "seafile_dir" to your path of seafile installation
seafile_dir=/opt/seafile/haiwen
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/seafile-server
update-rc.d seafile-server defaults
# -------------------------------------------
# Seafile
# -------------------------------------------
adduser --system --gecos "seafile" seafile --home /opt/seafile
mkdir -p /opt/seafile/haiwen/installed
cd /opt/seafile/haiwen/
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
tar xzf seafile-server_latest_x86-64.tar.gz
SEAFILE_VERSION=$(basename /opt/seafile/haiwen/seafile-server-* | awk -F'-' ' { print $3 }')
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
# -------------------------------------------
# Seafile DB
# -------------------------------------------
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile/.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile/.my.cnf
chown -R seafile.nogroup /opt/seafile/
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
mysql seahub-db < /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
# -------------------------------------------
# Go to /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}
# -------------------------------------------
cd /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/
# -------------------------------------------
# Define Seafile admin credentials.
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.local
SEAFILE_ADMIN_PW=$(pwgen)
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
SCRIPT=$(readlink -f "$0")
#INSTALLPATH=$(dirname "${SCRIPT}")
INSTALLPATH=/opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/
TOPDIR=$(dirname "${INSTALLPATH}")
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
DEFAULT_CONF_DIR=${TOPDIR}/conf
SERVER_NAME=$(hostname -s)
IP_OR_DOMAIN=$(hostname -i)
HOSTNAME=$(hostname -i)
SERVER_PORT=10001
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
SEAFILE_SERVER_PORT=12001
FILESERVER_PORT=8082
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
key=$(python "${SEAHUB_SECRET_KEYGEN}")
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
MEDIA_DIR=${INSTALLPATH}/seahub/media
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
# -------------------------------------------
# Create ccnet conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
# Fix service url
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
# -------------------------------------------
# Create seafile conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
# -------------------------------------------
# Write seafile.ini
# -------------------------------------------
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
mkdir -p ${DEFAULT_CONF_DIR}
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
[WEBDAV]
enabled = true
port = 8080
fastcgi = true
share_name = /seafdav
EOF
# -------------------------------------------
# generate seahub_settings.py
# -------------------------------------------
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
# -------------------------------------------
# prepare avatar directory
# -------------------------------------------
mkdir -p "${TOPDIR}/seahub-data"
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
# -------------------------------------------
# create logs directory
# -------------------------------------------
mkdir -p "${TOPDIR}/logs"
# -------------------------------------------
# Create symlink for current server version
# -------------------------------------------
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
# Fix permissions
chmod 0600 "$DEST_SETTINGS_PY"
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
chmod 0700 "$SEAFILE_DATA_DIR"
chmod 0700 "$DEFAULT_CONF_DIR"
# -------------------------------------------
# copy user manuals to library template
# -------------------------------------------
mkdir -p ${LIBRARY_TEMPLATE_DIR}
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
# -------------------------------------------
# Configuring ccnet.conf
# -------------------------------------------
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = $SEAFILESQLPW
DB = ccnet-db
CONNECTION_CHARSET = utf8
EOF
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '$SEAFILESQLPW',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Europe/Berlin'
SITE_BASE = 'https://${IP_OR_DOMAIN}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
SITE_ROOT = '/'
USE_PDFJS = True
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'https://${IP_OR_DOMAIN}/seafhttp'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
# -------------------------------------------
# Fix permissions
# -------------------------------------------
chown seafile.nogroup -R /opt/seafile/
# -------------------------------------------
# Start seafile server
# -------------------------------------------
echo "Starting productive Seafile server"
service seafile-server start
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Name: ${SERVER_NAME}
Server Address: https://${IP_OR_DOMAIN}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile/.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${seafile_dir}/aio_seafile-server.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) seahub_settings.py: Change IP within FILE_SERVER_ROOT variable to DNS
2) ccnet.conf: Change IP within SERVICE_URL variable to DNS
3) Restart server with: service seafile-server restart
4) If this server is behind a firewall, you need to ensure that
tcp port 443 for the NGINX reverse proxy is open. Optionally
you may also open tcp port 80 which redirects all unencrypted
http traffic to the encrypted https port.
5) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Setup NGINX with official SSL certificate.
3) Secure server with iptables based firewall. For instance: UFW or shorewall
4) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.debian.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://forum.seafile-server.org
For paid commercial support visit: https://seafile.com.de
About
-----------------------------------------------------------------
Please contact alexander.jackson@seafile.de
for bugs or suggestions about this installer. Thank you!
EOF
chmod 600 ${seafile_dir}/aio_seafile-server.log
chown -R seafile.nogroup ${seafile_dir}/aio_seafile-server.log
clear
cat ${seafile_dir}/aio_seafile-server.log

475
seafile-ce_uberspace
View File

@ -1,475 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-ce_uberspace
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# -------------------------------------------
# Vars
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.local
SEAFILE_USER=seafile
WHOAMI=$(whoami)
HOSTNAME=$(hostname -f)
SERVER_NAME=$(echo ${WHOAMI}$(hostname -s) | cut -c -16)
# -------------------------------------------
# Seafile Server Community Edition on Uberspace
# -------------------------------------------
clear
cat <<EOF
This script installs the community edition of the Seafile Server on Uberspace
-----------------------------------------------------------------
This installer is meant to run on a fresh Uberspace.
If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.de
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
clear
# -------------------------------------------
# Abort if directory ${HOME}/seafile/ exists
# -------------------------------------------
if [[ -d "${HOME}/seafile/" ]] ;
then
echo " Aborting because directory ${HOME}/seafile/ already exist" ; exit 1
fi
# -------------------------------------------
# Python requirements
# -------------------------------------------
cd
mkdir -p ~/bin ~/lib/python2.7
easy_install-2.7 simplejson
curl --silent http://effbot.org/media/downloads/Imaging-1.1.7.tar.gz | tar -xzf -
cd Imaging-1.1.7
perl -pi -e 's|/usr/lib|/usr/lib64|g' setup.py
python2.7 setup.py install
rm -rf Imaging-1.1.7
# -------------------------------------------
# Setup Seafile
# -------------------------------------------
mkdir -p ~/seafile/installed/
cd ~/seafile/
wget https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
tar xzf seafile-server_latest_x86-64.tar.gz
SEAFILE_VERSION=$(basename ~/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
# -------------------------------------------
# Seafile DB
# -------------------------------------------
MYSQL=$(which mysql)
DB_CCNET=${WHOAMI}_ccnet
DB_SEAFILE=${WHOAMI}_seafile
DB_SEAHUB=${WHOAMI}_seahub
DB_CHARSET=utf8
# Datenbanken erstellen
for i in ${DB_CCNET} ${DB_SEAFILE} ${DB_SEAHUB} ; do
${MYSQL} -e "CREATE DATABASE IF NOT EXISTS \`${i}\` character set = '${DB_CHARSET}';" ;
done
mysql ${DB_SEAHUB} < ~/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
# -------------------------------------------
# Get free ports
# -------------------------------------------
START_PORT=61100
END_PORT=65535
INCREMENT=1
PORT=${START_PORT}
PORT_LIST=free_ports.txt
# Empty port list
echo -n > ${PORT_LIST}
COUNT=1
while [ ${COUNT} -le 5 ]; do
ISFREE=$(netstat -tapln | grep ${PORT})
while [[ -n "${ISFREE}" ]]; do
PORT=$[PORT+INCREMENT]
ISFREE=$(netstat -tapln | grep ${PORT});
if [ ${COUNT} > ${END_PORT} ]; then
echo "Not enough free ports available. Aborting installation!" ; exit 1
fi
done
# Write free port to file
echo -n "${PORT} " >> ${PORT_LIST}
# Increment search port
PORT=$(( PORT+1 ))
# Increment loop counter
(( COUNT++ ))
done
# Import free ports to vars
read SEAHUB_PORT FILESERVER_PORT SERVER_PORT SEAFILE_SERVER_PORT SEAFDAV_PORT< ${PORT_LIST}
# Delete port list
rm ${PORT_LIST}
# -------------------------------------------
# Apache htaccess
# -------------------------------------------
cat > ~/html/.htaccess <<"EOF"
RewriteEngine on
# Redirect to https
RewriteCond %{HTTPS} !=on
RewriteCond %{ENV:HTTPS} !=on
RewriteRule ^(.*)$ https://WHOAMI.HOSTNAME/$1 [L,R=301]
# Port of seafile httpserver (compare ~/haiwen/seafile-data/seafile.conf)
RewriteRule ^seafhttp/(.*)$ http://localhost:FILESERVER_PORT/$1 [QSA,P,L]
RewriteRule ^/(seafmedia.*)$ /$1 [QSA,L,PT]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /fcgi-bin/seahub/$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
EOF
# Set seahub port
eval sed -i 's/WHOAMI/${WHOAMI}/' ~/html/.htaccess
eval sed -i 's/HOSTNAME/${HOSTNAME}/' ~/html/.htaccess
eval sed -i 's/FILESERVER_PORT/${FILESERVER_PORT}/' ~/html/.htaccess
# -------------------------------------------
# Create Seahub FastCGI script
# -------------------------------------------
cat > ~/fcgi-bin/seahub <<EOF
#!/usr/bin/env python2.7
import sys, os, site
# directory of seafile installation
seafile_directory = '${HOME}/seafile'
# Add a custom Python path.
sys.path.insert(0, seafile_directory + '/seafile-server-latest/seahub')
# Set environment variables (compare ~/haiwen/seafile-server-latest/seahub.sh)
os.environ['CCNET_CONF_DIR'] = seafile_directory + '/ccnet'
os.environ['SEAHUB_LOG_DIR'] = seafile_directory + '/logs'
os.environ['SEAFILE_CONF_DIR'] = seafile_directory + '/seafile-data'
# Load required python modules (compare ~/seafile-server-latest/seahub.sh)
site.addsitedir(seafile_directory + '/seafile-server-latest/seafile/lib/python2.6/site-packages')
site.addsitedir(seafile_directory + '/seafile-server-latest/seafile/lib64/python2.6/site-packages')
site.addsitedir(seafile_directory + '/seafile-server-latest/seahub/thirdpart')
site.addsitedir(seafile_directory + '/seafile-server-latest/seafile/lib/python2.7/site-packages')
site.addsitedir(seafile_directory + '/seafile-server-latest/seafile/lib64/python2.7/site-packages')
# Switch to the directory of your project.
os.chdir(seafile_directory + '/seafile-server-latest/seahub')
# Set the DJANGO_SETTINGS_MODULE environment variable.
os.environ['DJANGO_SETTINGS_MODULE'] = 'seahub.settings'
from django.core.servers.fastcgi import runfastcgi
runfastcgi(method='threaded', daemonize='false')
EOF
chmod 755 ~/fcgi-bin/seahub
# -------------------------------------------
# Seafile start script
# -------------------------------------------
cat > ~/bin/seafile <<'ENDOFILE'
#!/bin/bash
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Author: Alexander Jackson <alexander.jackson@seafile.de>
#
# Change the value of "seafile_dir" to your path of seafile installation
seafile_dir=~/seafile
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
case "$1" in
start)
${script_path}/seafile.sh start >> ${seafile_init_log}
;;
restart)
${script_path}/seafile.sh restart >> ${seafile_init_log}
;;
stop)
${script_path}/seafile.sh $1 >> ${seafile_init_log} && \
ps aux | grep seahub | grep -v grep | awk '{ print $2 }' | while read line; do kill $line ; done
;;
*)
echo "Usage: seafile {start|stop|restart}"
exit 1
;;
esac
ENDOFILE
chmod +x ~/bin/seafile
# -------------------------------------------
# Go to ${HOME}/seafile/seafile-server-${SEAFILE_VERSION}
# -------------------------------------------
cd ${HOME}/seafile/seafile-server-${SEAFILE_VERSION}/
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
INSTALLPATH=${HOME}/seafile/seafile-server-${SEAFILE_VERSION}
TOPDIR=$(dirname "${INSTALLPATH}")
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
DEFAULT_CONF_DIR=${TOPDIR}/conf
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
MEDIA_DIR=${INSTALLPATH}/seahub/media
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
# -------------------------------------------
# Create ccnet conf
# -------------------------------------------
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${HOSTNAME}"
# Fix service url
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${WHOAMI}.${HOSTNAME}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
# -------------------------------------------
# Create seafile conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
# -------------------------------------------
# Write seafile.ini
# -------------------------------------------
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
mkdir -p ${DEFAULT_CONF_DIR}
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
[WEBDAV]
enabled = true
port = ${SEAFDAV_PORT}
fastcgi = true
share_name = /seafdav
EOF
# -------------------------------------------
# generate seahub_settings.py
# -------------------------------------------
key=$(python "${SEAHUB_SECRET_KEYGEN}")
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
# -------------------------------------------
# prepare avatar directory
# -------------------------------------------
mkdir -p "${TOPDIR}/seahub-data"
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
# -------------------------------------------
# create logs directory
# -------------------------------------------
mkdir -p "${TOPDIR}/logs"
# -------------------------------------------
# Create symlink for current server version
# -------------------------------------------
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
# Fix permissions
chmod 0600 "$DEST_SETTINGS_PY"
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
chmod 0700 "$SEAFILE_DATA_DIR"
chmod 0700 "$DEFAULT_CONF_DIR"
# -------------------------------------------
# copy user manuals to library template
# -------------------------------------------
mkdir -p ${LIBRARY_TEMPLATE_DIR}
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
# -------------------------------------------
# Configuring ccnet.conf
# -------------------------------------------
SEAFILESQLPW=$(grep password $HOME/.my.cnf | awk -F'=' {'print $2'} | awk -F' ' {'print $1'})
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = ${WHOAMI}
PASSWD = ${SEAFILESQLPW}
DB = ${DB_CCNET}
CONNECTION_CHARSET = utf8
EOF
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': '${DB_SEAHUB}',
'USER': '${WHOAMI}',
'PASSWORD': '${SEAFILESQLPW}',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${HOSTNAME}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Europe/Berlin'
SITE_BASE = 'https://${WHOAMI}.${HOSTNAME}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
SITE_ROOT = '/'
USE_PDFJS = True
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'https://${WHOAMI}.${HOSTNAME}/seafhttp'
DEBUG = True
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
SEAFILE_ADMIN_PW=$(dd if=/dev/urandom bs=1 count=14 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev)
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start ${SEAHUB_PORT}
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ~/seafile/seafile-ce_uberspace.log <<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Name: ${SERVER_NAME}
Server Address: https://${WHOAMI}.${HOSTNAME}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
SEAHUB_PORT: $SEAHUB_PORT
FILESERVER_PORT: $FILESERVER_PORT
SERVER_PORT: $SERVER_PORT
SEAFILE_SERVER_PORT: $SEAFILE_SERVER_PORT
SEAFDAV_PORT: $SEAFDAV_PORT
This report is also saved to ~/seafile/seafile-ce_uberspace.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) Setup mail in ~/seafile/seahub_settings.py
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Implement a backup routine for your Seafile server.
-----------------------------------------------------------------
For free community support visit: https://forum.seafile-server.org
For paid commercial support visit: https://seafile.com.de
Contribute
-----------------------------------------------------------------
Contact alexander.jackson@seafile.de for bugs or suggestions about this installer.
EOF
chmod 600 ~/seafile/seafile-ce_uberspace.log
less ~/seafile/seafile-ce_uberspace.log

55
seafile-ce_uberspace_uninstall
View File

@ -1,55 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-ce_uberspace_uninstall
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# Vars
SILENCER='> /dev/null 2>&1'
# -------------------------------------------
# Seafile Server Community Edition on Uberspace
# -------------------------------------------
clear
cat <<EOF
This script deletes Seafile Server on Uberspace
-----------------------------------------------------------------
Make 100% sure you saved the content from your
libraries before proceeding with the full removal.
For questions or suggestions please contact me at
alexander.jackson@seafile.de
-----------------------------------------------------------------
Hit return to uninstall Seafile or CTRL-C to abort.
EOF
read dummy
clear
# Kill anything Seafile related
ps aux | grep sea | grep -v grep | grep -v uninstall | awk '{ print $2 }' | while read line; do kill $line ; done
# remove Seafile, Apache and Python 2.7 related directories and files
eval rm -r ~/seafile-ce_* ~/seafile/ ~/bin/seafile* ~/fcgi-bin/seahub* ~/html/.htaccess ~/bin ~/lib/python2.7 ${SILENCER}
# Drop databases
for i in haiwen_ccnet haiwen_seafile haiwen_seahub; do
mysql -e "DROP DATABASE IF EXISTS \`${i}\`;"
done
# Confirm removal
echo Seafile is uninstalled now...

943
seafile-pro_debian-jessie-amd64
View File

@ -1,943 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-pro_debian-jessie-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# -------------------------------------------
# Vars
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.lan
SEAFILE_USER=seafile
SEAFILE_SERVER_NAME=$(hostname -s | cut -c -16)
SEAFILE_DNS=$(hostname -i)
HOSTNAME=$(hostname -i)
FILESERVER_PORT=8082
SERVER_PORT=10001
SEAFILE_SERVER_PORT=12001
# Don't touch the following variable, unless you know what you are doing
SEAFILE_VERSION=4.1.2
SEAFILE_EDITION=pro-server
SEAFILE_SOURCE=/usr/src/seafile/seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
MODE=$1
# -------------------------------------------
# Mode switcher
# -------------------------------------------
if [[ $MODE = dev ]]; then
HTTP=http
cat << EOF
Running installer in development mode.
Don't proceed for production systems since web traffic is not encrypted.
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
else
HTTP=https
cat << EOF
Running installer in production mode.
Self signed-certificate will get installed. Starting with Seafile
client version 4.2 you will need to import the certificate locally for
the client to work.
Alternatively you should replace the self signed-certificate certificate
with an official certificate like for instance a free Class1
StartSSL certificate from https://www.startssl.com.
You can find a StartSSL certificate creation helper script at
https://github.com/SeafileDE/seafile-server-installer/blob/master/startssl-certificate-generator
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
fi
# -------------------------------------------
# Seafile Server Professional Edition on Debian Jessie (64bit)
# -------------------------------------------
clear
cat <<EOF
Install Seafile Professional Server on a Debian Jessie (64bit)
- Newest Seafile Professional server, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.de
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
clear
# -------------------------------------------
# Ensure we are running the installer as root
# -------------------------------------------
if [[ $EUID -ne 0 ]]; then
echo " Aborting because you are not root" ; exit 1
fi
# -------------------------------------------
# Abort if user seafile exists
# -------------------------------------------
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
then
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
fi
# -------------------------------------------
# Abort if directory /opt/seafile/ exists
# -------------------------------------------
if [[ -d "/opt/seafile/" ]] ;
then
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
fi
# -------------------------------------------
# Update System
# -------------------------------------------
apt-get update
apt-get dist-upgrade -y
# -------------------------------------------
# Additional requirements
# -------------------------------------------
apt-get install sudo ntp htop pwgen curl openssl unattended-upgrades -y
# -------------------------------------------
# ensure correct time is set
# -------------------------------------------
ntpd -gq
# -------------------------------------------
# Security programs
# -------------------------------------------
apt-get install ufw fail2ban -y
# -------------------------------------------
# Activate firewall
# -------------------------------------------
for i in ssh http https ; do ufw allow $i; done
yes | ufw enable
# -------------------------------------------
# Seafile requirements
# -------------------------------------------
apt-get install python-setuptools python-simplejson python-imaging python-mysqldb \
openjdk-7-jre memcached python-memcache libreoffice python-uno poppler-utils -y
# -------------------------------------------
# NGINX
# -------------------------------------------
cat > /etc/apt/sources.list.d/nginx.list <<EOF
deb http://nginx.org/packages/mainline/debian/ jessie nginx
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
EOF
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
apt-get update
apt-get upgrade -y
apt-get install nginx -y
rm /etc/nginx/conf.d/*
if [[ $MODE = dev ]]; then
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name "";
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS off;
fastcgi_param HTTP_SCHEME http;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS off;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
else
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name "";
return 301 https://$http_host$request_uri?;
}
server {
listen 443 spdy;
server_name "";
ssl on;
ssl_certificate /etc/nginx/ssl/seafile.crt;
ssl_certificate_key /etc/nginx/ssl/seafile.key;
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
mkdir /etc/nginx/ssl
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
fi
# -------------------------------------------
# Create optimized nginx.conf
# -------------------------------------------
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
user nginx nginx;
worker_processes 4;
events {
worker_connections 8096;
multi_accept on;
use epoll;
}
pid /var/run/nginx.pid;
worker_rlimit_nofile 40000;
http {
server_tokens off;
server_names_hash_bucket_size 128;
client_max_body_size 50M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
# Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
gzip off;
#gzip_vary on;
#gzip_proxied expired no-cache no-store private auth any;
#gzip_comp_level 9;
#gzip_min_length 10240;
#gzip_buffers 16 8k;
#gzip_http_version 1.1;
#gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
#gzip_disable "MSIE [1-6].";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
map $scheme $php_https { default off; https on; }
include perfect-forward-secrecy.conf;
}
ENDOFFILE
# -------------------------------------------
# Setup perfect forward secrecy
# -------------------------------------------
openssl dhparam -dsaparam -out /etc/nginx/dh4096.pem 4096
cat > /etc/nginx/perfect-forward-secrecy.conf <<'EOF'
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA";
ssl_dhparam dh4096.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
EOF
# -------------------------------------------
# Fix NGINX worker_processes to number of CPU cores
# -------------------------------------------
CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }')
eval "sed -i 's/worker_processes.*/worker_processes $CPUS;/g' /etc/nginx/nginx.conf"
systemctl restart nginx
# -------------------------------------------
# MariaDB
# -------------------------------------------
DEBIAN_FRONTEND=noninteractive apt-get install mariadb-server -y
SQLROOTPW=$(pwgen)
mysqladmin -u root password $SQLROOTPW
cat > /root/.my.cnf <<EOF
[client]
user=root
password=$SQLROOTPW
EOF
chmod 600 /root/.my.cnf
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/init.d/seafile-server <<'EOF'
#!/bin/bash
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $remote_fs $syslog mysql
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Author: Alexander Jackson <alexander.jackson@seafile.de>
#
# Change the value of "user" to your linux user name
USER=seafile
# Change the value of "SEAFILE_DIR" to your path of seafile installation
SEAFILE_DIR=/opt/seafile
SCRIPT_PATH=${SEAFILE_DIR}/seafile-server-latest
SEAFILE_INIT_LOG=${SEAFILE_DIR}/logs/seafile.init.log
SEAHUB_INIT_LOG=${SEAFILE_DIR}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
case "$1" in
start)
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh start >> ${SEAFILE_INIT_LOG}
if [ $fastcgi = true ];
then
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh start-fastcgi ${fastcgi_port} >> ${SEAHUB_INIT_LOG}
else
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh start >> ${SEAHUB_INIT_LOG}
fi
;;
restart)
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh restart >> ${SEAFILE_INIT_LOG}
if [ $fastcgi = true ];
then
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${SEAHUB_INIT_LOG}
else
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh restart >> ${SEAHUB_INIT_LOG}
fi
;;
stop)
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh $1 >> ${SEAFILE_INIT_LOG}
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh $1 >> ${SEAHUB_INIT_LOG}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/seafile-server
systemctl enable seafile-server
# -------------------------------------------
# Install seafile-server-change-address script
# -------------------------------------------
cat > /usr/local/sbin/seafile-server-change-address <<'ENDOFFILE'
#/bin/bash
#set -x
# -------------------------------------------
# Vars
# -------------------------------------------
HOSTNAME=$(hostname -f)
SEAFILE_DIR=/opt/seafile
# -------------------------------------------
# Intro
# -------------------------------------------
clear
cat <<EOF
Mit diesem Skript können Sie die Adresse Ihres
Seafile Servers Ändern. Das ist zum Beispiel nötig wenn
sich Ihre Domain- oder IP-Adresse geändert hat.
Wird Seafile mit der falschen Adresse betrieben,
funktioniert der Up- und Download von Dateien nicht.
Soll der Server mittes Portweiterleitung erreichbar
sein, verwenden Sie bitte die öffentliche oder externe
IP Ihres Routers bzw. einen öffentlich Domainnamen.
Bei Falscheingaben rufen Sie das Skript bitte erneut auf.
Der aktuelle Hostname wird vorausgefüllt. Ggf. einfach
ändern.
EOF
echo "Geben Sie jetzt die neue IP oder Domainadresse"
read -e -p "Neue Domainadresse:" -i " ${HOSTNAME}" URL
cat <<EOF
Die eingebenen Adresse lautet: ${URL}
-------------------------------------------
Fortfahren mit ENTER. Abruch mit STRG-C...
EOF
read dummy
clear
# -------------------------------------------
# Aendere Adressen in seahub_settings.py und ccnet.conf
# -------------------------------------------
sed -i "s/^SITE_BASE.*/SITE_BASE = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
sed -i "s/^SITE_NAME.*/SITE_NAME = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
sed -i "s/^SITE_TITLE.*/SITE_TITLE = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
sed -i "s/^FILE_SERVER_ROOT.*/FILE_SERVER_ROOT = '\${HTTP}:\/\/${URL}\/seafhttp\'/g" ${SEAFILE_DIR}/seahub_settings.py
sed -i "s/^SERVICE_URL.*/SERVICE_URL = ${HTTP}:\/\/${URL}/g" ${SEAFILE_DIR}/ccnet/ccnet.conf
# -------------------------------------------
# Starte Seafile neu
# -------------------------------------------
systemctl restart seafile-server
# -------------------------------------------
# Outro
# -------------------------------------------
cat <<EOF
Fertig! Der Seafile Server wurde neu gestartet.
Seahub sollte nun über ${HTTP}://${HOSTNAME} erreichbar sein.
EOF
ENDOFFILE
chmod 500 /usr/local/sbin/seafile-server-change-address
# -------------------------------------------
# Seafile
# -------------------------------------------
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
mkdir -p /opt/seafile/installed
cd /opt/seafile/
cp ${SEAFILE_SOURCE} ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
tar xzf ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
mv ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz installed/./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
# -------------------------------------------
# Seafile DB
# -------------------------------------------
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile/.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile/.my.cnf
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
mysql seahub-db < /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub/sql/mysql.sql
# -------------------------------------------
# Go to /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}
# -------------------------------------------
cd /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
SCRIPT=$(readlink -f "$0")
INSTALLPATH=/opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/
TOPDIR=$(dirname "${INSTALLPATH}")
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
DEFAULT_CONF_DIR=${TOPDIR}/conf
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
MEDIA_DIR=${INSTALLPATH}/seahub/media
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
# -------------------------------------------
# Create ccnet conf
# -------------------------------------------
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
--name "${SEAFILE_SERVER_NAME}" --port "${SERVER_PORT}" --host "${SEAFILE_DNS}"
# Fix service url
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = ${HTTP}:\/\/${SEAFILE_DNS}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
# -------------------------------------------
# Create seafile conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
# -------------------------------------------
# Write seafile.ini
# -------------------------------------------
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
mkdir -p ${DEFAULT_CONF_DIR}
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
[WEBDAV]
enabled = true
port = 8080
fastcgi = true
share_name = /seafdav
EOF
# -------------------------------------------
# generate seahub_settings.py
# -------------------------------------------
key=$(python "${SEAHUB_SECRET_KEYGEN}")
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
# -------------------------------------------
# prepare avatar directory
# -------------------------------------------
mkdir -p "${TOPDIR}/seahub-data"
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
# -------------------------------------------
# create logs directory
# -------------------------------------------
mkdir -p "${TOPDIR}/logs"
# -------------------------------------------
# Create symlink for current server version
# -------------------------------------------
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
# Fix permissions
chmod 0600 "$DEST_SETTINGS_PY"
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
chmod 0700 "$SEAFILE_DATA_DIR"
chmod 0700 "$DEFAULT_CONF_DIR"
# -------------------------------------------
# copy user manuals to library template
# -------------------------------------------
mkdir -p ${LIBRARY_TEMPLATE_DIR}
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
# -------------------------------------------
# Setup professional features
# -------------------------------------------
PRO_PY=${INSTALLPATH}/pro/pro.py
$PYTHON ${PRO_PY} setup
# -------------------------------------------
# Configuring ccnet.conf
# -------------------------------------------
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = ${SEAFILESQLPW}
DB = ccnet-db
CONNECTION_CHARSET = utf8
EOF
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '${SEAFILESQLPW}',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${SEAFILE_DNS}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Europe/Berlin'
SITE_BASE = '${HTTP}://${SEAFILE_DNS}'
SITE_NAME = 'Seafile Professional Server'
SITE_TITLE = 'Seafile Professional Server'
SITE_ROOT = '/'
USE_PDFJS = True
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = '${HTTP}://${SEAFILE_DNS}/seafhttp'
REPO_PASSWORD_MIN_LENGTH = 8
USER_PASSWORD_MIN_LENGTH = 6
USER_PASSWORD_STRENGTH_LEVEL = 3
USER_STRONG_PASSWORD_REQUIRED = True
ENABLE_MAKE_GROUP_PUBLIC = False
ENABLE_THUMBNAIL = True
THUMBNAIL_ROOT = '${TOPDIR}/seahub-data/thumbnail/thumb/'
THUMBNAIL_EXTENSION = 'png'
THUMBNAIL_DEFAULT_SIZE = '24'
PREVIEW_DEFAULT_SIZE = '100'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
SEAFILE_ADMIN_PW=$(pwgen)
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seafile.sh start
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub.sh start
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub.sh stop
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
# -------------------------------------------
# Fix permissions
# -------------------------------------------
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
# -------------------------------------------
# Start seafile server
# -------------------------------------------
echo "Starting productive Seafile server"
systemctl restart seafile-server
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${SEAFILE_DIR}/seafile-pro-installer.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Name: ${SEAFILE_SERVER_NAME}
Server Address: ${HTTP}://${SEAFILE_DNS}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile/.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${SEAFILE_DIR}/seafile-pro-installer.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) Run seafile-server-change-address to add your Seafile servers DNS name
2) If this server is behind a firewall, you need to ensure that
tcp port 443 for the NGINX reverse proxy is open. Optionally
you may also open tcp port 80 which redirects all unencrypted
http traffic to the encrypted https port.
3) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Setup NGINX with official SSL certificate.
3) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.debian.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://forum.seafile-server.org
For paid commercial support visit: https://seafile.com.de
Contribute
-----------------------------------------------------------------
Please contact alexander.jackson@seafile.de
for bugs or suggestions about this installer. Thank you!
EOF
chmod 600 ${SEAFILE_DIR}/seafile-pro-installer.log
chown -R ${SEAFILE_USER}.nogroup ${SEAFILE_DIR}/seafile-pro-installer.log
clear
less ${SEAFILE_DIR}/seafile-pro-installer.log
# -------------------------------------------
# Mode reminder
# -------------------------------------------
if [[ $MODE = dev ]]; then
HTTP=http
cat << EOF
Running installer in development mode.
Don't use this installation in production environments,
since web traffic is not encrypted.
I am finished, enjoy! \;-\)
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
else
echo I am finished, enjoy! \;-\)
fi

27
no_certificate/seafile-server-community_ubuntu-trusty-amd64-no_certificate → seafile-server-ce-ubuntu-14-04-amd64-http
View File

@ -1,6 +1,6 @@
#!/bin/bash
#
# seafile-server-installer/seafile-server-community_ubuntu-trusty-amd64
# seafile-server-installer/seafile-server-ce-ubuntu-14-04-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
@ -30,7 +30,10 @@ HOSTNAME=$(hostname -i)
FILESERVER_PORT=8082
SERVER_PORT=10001
SEAFILE_SERVER_PORT=12001
SEAFILE_VERSION=4.1.2
SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
SEAFILE_SERVER_PACKAGE_URL=http://download-cn.seafile.com/${SEAFILE_SERVER_PACKAGE}
TIME_ZONE=Asia/Beijing
# -------------------------------------------
# Seafile Server Community Edition on Ubuntu Trusty (64bit)
@ -48,7 +51,7 @@ cat <<EOF
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.com.de
support@seafile.com
-----------------------------------------------------------------
@ -88,7 +91,7 @@ fi
# -------------------------------------------
# Update System
# -------------------------------------------
aptitude update && aptitude dist-upgrade -y
#aptitude update && aptitude dist-upgrade -y
# -------------------------------------------
@ -99,8 +102,10 @@ apt-get install aptitude -y
# -------------------------------------------
# Additional requirements
# -------------------------------------------
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
aptitude install sudo python-pip python-setuptools python-imaging python-mysqldb \
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
aptitude install sudo poppler-utils libpython2.7 libreoffice \
libreoffice-script-provider-python ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy -y
# -------------------------------------------
@ -261,12 +266,10 @@ update-rc.d seafile-server defaults
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
mkdir -p /opt/seafile/installed
cd /opt/seafile/
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
tar xzf seafile-server_latest_x86-64.tar.gz
curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
tar xzf ${SEAFILE_SERVER_PACKAGE}
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
mv ${SEAFILE_SERVER_PACKAGE} installed
# -------------------------------------------
@ -451,7 +454,8 @@ EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Asia/Beijing'
TIME_ZONE = '${TIME_ZONE}'
SITE_BASE = 'http://${IP_OR_DOMAIN}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
@ -466,6 +470,7 @@ FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
EOF

622
seafile-server-community_ubuntu-trusty-amd64
View File

@ -1,622 +0,0 @@
#!/bin/bash
#
# seafile-server-installer/seafile-server-community_ubuntu-trusty-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# -------------------------------------------
# Vars
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.local
SEAFILE_USER=seafile
SERVER_NAME=$(hostname -s)
IP_OR_DOMAIN=$(hostname -i)
HOSTNAME=$(hostname -i)
FILESERVER_PORT=8082
SERVER_PORT=10001
SEAFILE_SERVER_PORT=12001
# -------------------------------------------
# Seafile Server Community Edition on Ubuntu Trusty (64bit)
# -------------------------------------------
clear
cat <<EOF
This script installs the community edition of the Seafile Server on a Ubuntu Trusty (64bit)
- Newest Seafile server version, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.de
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
clear
# -------------------------------------------
# Ensure we are running the installer as root
# -------------------------------------------
if [[ $EUID -ne 0 ]]; then
echo " Aborting because you are not root" ; exit 1
fi
# -------------------------------------------
# Abort if user seafile exists
# -------------------------------------------
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
then
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
fi
# -------------------------------------------
# Abort if directory /opt/seafile/ exists
# -------------------------------------------
if [[ -d "/opt/seafile/" ]] ;
then
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
fi
# -------------------------------------------
# Update System
# -------------------------------------------
aptitude update && aptitude dist-upgrade -y
# -------------------------------------------
# Ensure aptitude is installed
# -------------------------------------------
apt-get install aptitude -y
# -------------------------------------------
# Additional requirements
# -------------------------------------------
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
# -------------------------------------------
# NGINX
# -------------------------------------------
cat > /etc/apt/sources.list.d/nginx.list <<EOF
deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx
deb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx
EOF
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
aptitude update && aptitude upgrade -y
aptitude install nginx -y
rm /etc/nginx/conf.d/*
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name "";
return 301 https://$http_host$request_uri?;
}
server {
listen 443 spdy;
server_name "";
ssl on;
ssl_certificate /etc/nginx/ssl/seafile.crt;
ssl_certificate_key /etc/nginx/ssl/seafile.key;
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
mkdir /etc/nginx/ssl
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
service nginx restart
# -------------------------------------------
# MariaDB
# -------------------------------------------
DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
SQLROOTPW=$(pwgen)
mysqladmin -u root password $SQLROOTPW
cat > /root/.my.cnf <<EOF
[client]
user=root
password=$SQLROOTPW
EOF
chmod 600 /root/.my.cnf
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/init.d/seafile-server <<'EOF'
#!/bin/bash
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $remote_fs $syslog mysql
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Author: Alexander Jackson <alexander.jackson@seafile.de>
#
# Change the value of "user" to your linux user name
user=seafile
# Change the value of "seafile_dir" to your path of seafile installation
seafile_dir=/opt/seafile
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/seafile-server
update-rc.d seafile-server defaults
# -------------------------------------------
# Seafile
# -------------------------------------------
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
mkdir -p /opt/seafile/installed
cd /opt/seafile/
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
tar xzf seafile-server_latest_x86-64.tar.gz
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
# -------------------------------------------
# Seafile DB
# -------------------------------------------
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile/.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile/.my.cnf
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
mysql seahub-db < /opt/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
# -------------------------------------------
# Go to /opt/seafile/seafile-server-${SEAFILE_VERSION}
# -------------------------------------------
cd /opt/seafile/seafile-server-${SEAFILE_VERSION}/
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
SCRIPT=$(readlink -f "$0")
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
TOPDIR=$(dirname "${INSTALLPATH}")
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
DEFAULT_CONF_DIR=${TOPDIR}/conf
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
MEDIA_DIR=${INSTALLPATH}/seahub/media
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
# -------------------------------------------
# Create ccnet conf
# -------------------------------------------
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
# Fix service url
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
# -------------------------------------------
# Create seafile conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
# -------------------------------------------
# Write seafile.ini
# -------------------------------------------
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
mkdir -p ${DEFAULT_CONF_DIR}
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
[WEBDAV]
enabled = true
port = 8080
fastcgi = true
share_name = /seafdav
EOF
# -------------------------------------------
# generate seahub_settings.py
# -------------------------------------------
key=$(python "${SEAHUB_SECRET_KEYGEN}")
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
# -------------------------------------------
# prepare avatar directory
# -------------------------------------------
mkdir -p "${TOPDIR}/seahub-data"
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
# -------------------------------------------
# create logs directory
# -------------------------------------------
mkdir -p "${TOPDIR}/logs"
# -------------------------------------------
# Create symlink for current server version
# -------------------------------------------
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
# Fix permissions
chmod 0600 "$DEST_SETTINGS_PY"
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
chmod 0700 "$SEAFILE_DATA_DIR"
chmod 0700 "$DEFAULT_CONF_DIR"
# -------------------------------------------
# copy user manuals to library template
# -------------------------------------------
mkdir -p ${LIBRARY_TEMPLATE_DIR}
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
# -------------------------------------------
# Configuring ccnet.conf
# -------------------------------------------
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = $SEAFILESQLPW
DB = ccnet-db
CONNECTION_CHARSET = utf8
EOF
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '$SEAFILESQLPW',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Europe/Berlin'
SITE_BASE = 'https://${IP_OR_DOMAIN}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
SITE_ROOT = '/'
USE_PDFJS = True
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'https://${IP_OR_DOMAIN}/seafhttp'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
SEAFILE_ADMIN_PW=$(pwgen)
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
# -------------------------------------------
# Fix permissions
# -------------------------------------------
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
# -------------------------------------------
# Start seafile server
# -------------------------------------------
echo "Starting productive Seafile server"
service seafile-server start
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Name: ${SERVER_NAME}
Server Address: https://${IP_OR_DOMAIN}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile/.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${seafile_dir}/aio_seafile-server.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) Run seafile-server-change-address to add your Seafile servers DNS name
2) If this server is behind a firewall, you need to ensure that
tcp port 443 for the NGINX reverse proxy is open. Optionally
you may also open tcp port 80 which redirects all unencrypted
http traffic to the encrypted https port.
3) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Setup NGINX with official SSL certificate.
3) Secure server with iptables based firewall. For instance: UFW or shorewall
4) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.Ubuntu.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://forum.seafile-server.org
For paid commercial support visit: https://seafile.com.de
Contribute
-----------------------------------------------------------------
Please contact alexander.jackson@seafile.de
for bugs or suggestions about this installer. Thank you!
EOF
chmod 600 ${seafile_dir}/aio_seafile-server.log
chown -R ${SEAFILE_USER}.nogroup ${seafile_dir}/aio_seafile-server.log
# -------------------------------------------
# Install seafile-server-change-address script
# -------------------------------------------
wget https://gist.githubusercontent.com/alexanderjackson/7e6fd01187327ffd8518/raw/2a87ea94ec8906f8e1847236711eef27ba1d2bb8/seafile-server-change-address -O /usr/local/sbin/seafile-server-change-address
chmod 500 /usr/local/sbin/seafile-server-change-address
clear
cat ${seafile_dir}/aio_seafile-server.log