mirror of
https://github.com/haiwen/seafile-server-installer-cn
synced 2024-09-20 16:25:28 +00:00
Add seafile server install script for ubuntu 14.04
This commit is contained in:
parent
4f9167c391
commit
ed5889ba17
|
@ -1,603 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-ce_debian-jessie-amd64
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# Vars
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN=admin@seafile.local
|
||||
SEAFILE_USER=seafile
|
||||
SERVER_NAME=$(hostname -s | cut -c -16)
|
||||
IP_OR_DOMAIN=$(hostname -i)
|
||||
HOSTNAME=$(hostname -i)
|
||||
FILESERVER_PORT=8082
|
||||
SERVER_PORT=10001
|
||||
SEAFILE_SERVER_PORT=12001
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile Server Community Edition on Debian Jessie (64bit)
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
|
||||
This script installs the community edition of the Seafile Server on a Debian Jessie (64bit)
|
||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
||||
-----------------------------------------------------------------
|
||||
|
||||
This installer is meant to run on a freshly installed machine
|
||||
only. If you run it on a production server things can and
|
||||
probably will go terrible wrong and you will loose valuable
|
||||
data!
|
||||
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.com.de
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure we are running the installer as root
|
||||
# -------------------------------------------
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo " Aborting because you are not root" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if user seafile exists
|
||||
# -------------------------------------------
|
||||
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
|
||||
then
|
||||
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if directory /opt/seafile/ exists
|
||||
# -------------------------------------------
|
||||
if [[ -d "/opt/seafile/" ]] ;
|
||||
then
|
||||
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Update System
|
||||
# -------------------------------------------
|
||||
apt-get update && apt-get dist-upgrade -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure aptitude is installed
|
||||
# -------------------------------------------
|
||||
apt-get install aptitude -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Additional requirements
|
||||
# -------------------------------------------
|
||||
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
|
||||
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# NGINX
|
||||
# -------------------------------------------
|
||||
cat > /etc/apt/sources.list.d/nginx.list <<EOF
|
||||
deb http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
EOF
|
||||
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
|
||||
|
||||
aptitude update && aptitude upgrade -y
|
||||
aptitude install nginx -y
|
||||
|
||||
rm /etc/nginx/conf.d/*
|
||||
|
||||
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
|
||||
server {
|
||||
listen 80;
|
||||
server_name "";
|
||||
|
||||
location / {
|
||||
fastcgi_pass 127.0.0.1:8000;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
access_log /var/log/nginx/seahub.access.log;
|
||||
error_log /var/log/nginx/seahub.error.log;
|
||||
}
|
||||
location /seafhttp {
|
||||
rewrite ^/seafhttp(.*)$ $1 break;
|
||||
proxy_pass http://127.0.0.1:8082;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 36000s;
|
||||
proxy_read_timeout 36000s;
|
||||
}
|
||||
location /media {
|
||||
root /opt/seafile/seafile-server-latest/seahub;
|
||||
}
|
||||
location /seafdav {
|
||||
fastcgi_pass 127.0.0.1:8080;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
access_log /var/log/nginx/seafdav.access.log;
|
||||
error_log /var/log/nginx/seafdav.error.log;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
service nginx restart
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# MariaDB
|
||||
# -------------------------------------------
|
||||
DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
|
||||
|
||||
SQLROOTPW=$(pwgen)
|
||||
|
||||
mysqladmin -u root password $SQLROOTPW
|
||||
|
||||
cat > /root/.my.cnf <<EOF
|
||||
[client]
|
||||
user=root
|
||||
password=$SQLROOTPW
|
||||
EOF
|
||||
|
||||
chmod 600 /root/.my.cnf
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile init script
|
||||
# -------------------------------------------
|
||||
cat > /etc/init.d/seafile-server <<'EOF'
|
||||
#!/bin/bash
|
||||
### BEGIN INIT INFO
|
||||
# Provides: seafile-server
|
||||
# Required-Start: $remote_fs $syslog mysql
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Seafile server
|
||||
# Description: Start Seafile server
|
||||
### END INIT INFO
|
||||
|
||||
# Author: Alexander Jackson <alexander.jackson@seafile.com.de>
|
||||
#
|
||||
|
||||
# Change the value of "user" to your linux user name
|
||||
user=seafile
|
||||
|
||||
# Change the value of "seafile_dir" to your path of seafile installation
|
||||
seafile_dir=/opt/seafile
|
||||
script_path=${seafile_dir}/seafile-server-latest
|
||||
seafile_init_log=${seafile_dir}/logs/seafile.init.log
|
||||
seahub_init_log=${seafile_dir}/logs/seahub.init.log
|
||||
|
||||
# Change the value of fastcgi to true if fastcgi is to be used
|
||||
fastcgi=true
|
||||
# Set the port of fastcgi, default is 8000. Change it if you need different.
|
||||
fastcgi_port=8000
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
restart)
|
||||
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
|
||||
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
|
||||
chmod +x /etc/init.d/seafile-server
|
||||
update-rc.d seafile-server defaults
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile
|
||||
# -------------------------------------------
|
||||
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
|
||||
mkdir -p /opt/seafile/installed
|
||||
cd /opt/seafile/
|
||||
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
|
||||
tar xzf seafile-server_latest_x86-64.tar.gz
|
||||
|
||||
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
|
||||
|
||||
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile DB
|
||||
# -------------------------------------------
|
||||
SQLSEAFILEPW=$(pwgen)
|
||||
|
||||
cat > /opt/seafile/.my.cnf <<EOF
|
||||
[client]
|
||||
user=seafile
|
||||
password=$SQLSEAFILEPW
|
||||
EOF
|
||||
|
||||
chmod 600 /opt/seafile/.my.cnf
|
||||
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
|
||||
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
|
||||
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
|
||||
mysql seahub-db < /opt/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Go to /opt/seafile/seafile-server-${SEAFILE_VERSION}
|
||||
# -------------------------------------------
|
||||
cd /opt/seafile/seafile-server-${SEAFILE_VERSION}/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Vars - Don't touch these unless you really know what you are doing!
|
||||
# -------------------------------------------
|
||||
SCRIPT=$(readlink -f "$0")
|
||||
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
|
||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
||||
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
|
||||
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
|
||||
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
|
||||
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
|
||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
|
||||
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
|
||||
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
|
||||
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
|
||||
MEDIA_DIR=${INSTALLPATH}/seahub/media
|
||||
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
|
||||
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
|
||||
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create ccnet conf
|
||||
# -------------------------------------------
|
||||
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
|
||||
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
|
||||
|
||||
# Fix service url
|
||||
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = http:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create seafile conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
|
||||
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Write seafile.ini
|
||||
# -------------------------------------------
|
||||
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configure Seafile WebDAV Server(SeafDAV)
|
||||
# -------------------------------------------
|
||||
mkdir -p ${DEFAULT_CONF_DIR}
|
||||
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
|
||||
[WEBDAV]
|
||||
enabled = true
|
||||
port = 8080
|
||||
fastcgi = true
|
||||
share_name = /seafdav
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# generate seahub_settings.py
|
||||
# -------------------------------------------
|
||||
key=$(python "${SEAHUB_SECRET_KEYGEN}")
|
||||
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# prepare avatar directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/seahub-data"
|
||||
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
|
||||
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# create logs directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/logs"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create symlink for current server version
|
||||
# -------------------------------------------
|
||||
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
|
||||
|
||||
|
||||
# Fix permissions
|
||||
chmod 0600 "$DEST_SETTINGS_PY"
|
||||
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
|
||||
chmod 0700 "$SEAFILE_DATA_DIR"
|
||||
chmod 0700 "$DEFAULT_CONF_DIR"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# copy user manuals to library template
|
||||
# -------------------------------------------
|
||||
mkdir -p ${LIBRARY_TEMPLATE_DIR}
|
||||
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring ccnet.conf
|
||||
# -------------------------------------------
|
||||
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
|
||||
|
||||
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
|
||||
|
||||
[Database]
|
||||
ENGINE = mysql
|
||||
HOST = 127.0.0.1
|
||||
PORT = 3306
|
||||
USER = seafile
|
||||
PASSWD = $SEAFILESQLPW
|
||||
DB = ccnet-db
|
||||
CONNECTION_CHARSET = utf8
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring seahub_settings.py
|
||||
# -------------------------------------------
|
||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': 'seahub-db',
|
||||
'USER': 'seafile',
|
||||
'PASSWORD': '$SEAFILESQLPW',
|
||||
'HOST': '127.0.0.1',
|
||||
'PORT': '3306',
|
||||
'OPTIONS': {
|
||||
'init_command': 'SET storage_engine=INNODB',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CACHES = {
|
||||
'default': {
|
||||
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
|
||||
'LOCATION': '127.0.0.1:11211',
|
||||
}
|
||||
}
|
||||
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_HOST = 'localhost'
|
||||
EMAIL_HOST_USER = ''
|
||||
EMAIL_HOST_PASSWORD = ''
|
||||
EMAIL_PORT = '25'
|
||||
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
|
||||
SERVER_EMAIL = 'EMAIL_HOST_USER'
|
||||
TIME_ZONE = 'Asia/Beijing'
|
||||
SITE_BASE = 'http://${IP_OR_DOMAIN}'
|
||||
SITE_NAME = 'Seafile Server'
|
||||
SITE_TITLE = 'Seafile Server'
|
||||
SITE_ROOT = '/'
|
||||
USE_PDFJS = True
|
||||
ENABLE_SIGNUP = False
|
||||
ACTIVATE_AFTER_REGISTRATION = False
|
||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
||||
CLOUD_MODE = False
|
||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
||||
SESSION_SAVE_EVERY_REQUEST = False
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Backup check_init_admin.py befor applying changes
|
||||
# -------------------------------------------
|
||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Set admin credentials in check_init_admin.py
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN_PW=$(pwgen)
|
||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
||||
# -------------------------------------------
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Restore original check_init_admin.py
|
||||
# -------------------------------------------
|
||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Fix permissions
|
||||
# -------------------------------------------
|
||||
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start seafile server
|
||||
# -------------------------------------------
|
||||
echo "Starting productive Seafile server"
|
||||
service seafile-server start
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Final report
|
||||
# -------------------------------------------
|
||||
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
|
||||
|
||||
Your Seafile server is installed
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Server Name: ${SERVER_NAME}
|
||||
Server Address: http://${IP_OR_DOMAIN}
|
||||
|
||||
Seafile Admin: ${SEAFILE_ADMIN}
|
||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
||||
|
||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
||||
|
||||
Seafile DB Credentials: Check /opt/seafile/.my.cnf
|
||||
Root DB Credentials: Check /root/.my.cnf
|
||||
|
||||
This report is also saved to ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
|
||||
Next you should manually complete the following steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Run seafile-server-change-address to add your Seafile servers DNS name
|
||||
|
||||
2) If this server is behind a firewall, you need to ensure that
|
||||
tcp port 80 is open.
|
||||
|
||||
3) Seahub tries to send emails via the local server. Install and
|
||||
configure Postfix for this to work.
|
||||
|
||||
|
||||
|
||||
|
||||
Optional steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
||||
|
||||
2) Setup NGINX with official SSL certificate.
|
||||
|
||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
||||
|
||||
4) Harden system with port knocking, fail2ban, etc.
|
||||
|
||||
5) Enable unattended installation of security updates. Check
|
||||
https://wiki.debian.org/UnattendedUpgrades for details.
|
||||
|
||||
6) Implement a backup routine for your Seafile server.
|
||||
|
||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
||||
|
||||
|
||||
|
||||
|
||||
Seafile support options
|
||||
-----------------------------------------------------------------
|
||||
|
||||
For free community support visit: https://forum.seafile-server.org
|
||||
For paid commercial support visit: https://seafile.com.de
|
||||
|
||||
|
||||
|
||||
|
||||
Contribute
|
||||
-----------------------------------------------------------------
|
||||
Please contact alexander.jackson@seafile.com.de
|
||||
for bugs or suggestions about this installer. Thank you!
|
||||
|
||||
EOF
|
||||
|
||||
chmod 600 ${seafile_dir}/aio_seafile-server.log
|
||||
chown -R ${SEAFILE_USER}.nogroup ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Install seafile-server-change-address script
|
||||
# -------------------------------------------
|
||||
wget https://gist.githubusercontent.com/alexanderjackson/7e6fd01187327ffd8518/raw/2a87ea94ec8906f8e1847236711eef27ba1d2bb8/seafile-server-change-address -O /usr/local/sbin/seafile-server-change-address
|
||||
chmod 500 /usr/local/sbin/seafile-server-change-address
|
||||
|
||||
clear
|
||||
|
||||
cat ${seafile_dir}/aio_seafile-server.log
|
|
@ -1,603 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-ce_debian-jessie-i386
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# Vars
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN=admin@seafile.local
|
||||
SEAFILE_USER=seafile
|
||||
SERVER_NAME=$(hostname -s | cut -c -16)
|
||||
IP_OR_DOMAIN=$(hostname -i)
|
||||
HOSTNAME=$(hostname -i)
|
||||
FILESERVER_PORT=8082
|
||||
SERVER_PORT=10001
|
||||
SEAFILE_SERVER_PORT=12001
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile Server Community Edition on Debian Jessie (32bit)
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
|
||||
This script installs the community edition of the Seafile Server on a Debian Jessie (32bit)
|
||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
||||
-----------------------------------------------------------------
|
||||
|
||||
This installer is meant to run on a freshly installed machine
|
||||
only. If you run it on a production server things can and
|
||||
probably will go terrible wrong and you will loose valuable
|
||||
data!
|
||||
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.com.de
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure we are running the installer as root
|
||||
# -------------------------------------------
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo " Aborting because you are not root" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if user seafile exists
|
||||
# -------------------------------------------
|
||||
#if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
|
||||
#then
|
||||
# echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
|
||||
#fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if directory /opt/seafile/ exists
|
||||
# -------------------------------------------
|
||||
#if [[ -d "/opt/seafile/" ]] ;
|
||||
#then
|
||||
# echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
|
||||
#fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Update System
|
||||
# -------------------------------------------
|
||||
apt-get update && apt-get dist-upgrade -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure aptitude is installed
|
||||
# -------------------------------------------
|
||||
apt-get install aptitude -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Additional requirements
|
||||
# -------------------------------------------
|
||||
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
|
||||
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# NGINX
|
||||
# -------------------------------------------
|
||||
cat > /etc/apt/sources.list.d/nginx.list <<EOF
|
||||
deb http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
EOF
|
||||
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
|
||||
|
||||
aptitude update && aptitude upgrade -y
|
||||
aptitude install nginx -y
|
||||
|
||||
rm /etc/nginx/conf.d/*
|
||||
|
||||
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
|
||||
server {
|
||||
listen 80;
|
||||
server_name "";
|
||||
|
||||
location / {
|
||||
fastcgi_pass 127.0.0.1:8000;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
access_log /var/log/nginx/seahub.access.log;
|
||||
error_log /var/log/nginx/seahub.error.log;
|
||||
}
|
||||
location /seafhttp {
|
||||
rewrite ^/seafhttp(.*)$ $1 break;
|
||||
proxy_pass http://127.0.0.1:8082;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 36000s;
|
||||
proxy_read_timeout 36000s;
|
||||
}
|
||||
location /media {
|
||||
root /opt/seafile/seafile-server-latest/seahub;
|
||||
}
|
||||
location /seafdav {
|
||||
fastcgi_pass 127.0.0.1:8080;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
access_log /var/log/nginx/seafdav.access.log;
|
||||
error_log /var/log/nginx/seafdav.error.log;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
service nginx restart
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# MariaDB
|
||||
# -------------------------------------------
|
||||
#DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
|
||||
|
||||
#SQLROOTPW=$(pwgen)
|
||||
|
||||
#mysqladmin -u root password $SQLROOTPW
|
||||
|
||||
#cat > /root/.my.cnf <<EOF
|
||||
#[client]
|
||||
#user=root
|
||||
#password=$SQLROOTPW
|
||||
#EOF
|
||||
|
||||
#chmod 600 /root/.my.cnf
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile init script
|
||||
# -------------------------------------------
|
||||
cat > /etc/init.d/seafile-server <<'EOF'
|
||||
#!/bin/bash
|
||||
### BEGIN INIT INFO
|
||||
# Provides: seafile-server
|
||||
# Required-Start: $remote_fs $syslog mysql
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Seafile server
|
||||
# Description: Start Seafile server
|
||||
### END INIT INFO
|
||||
|
||||
# Author: Alexander Jackson <alexander.jackson@seafile.com.de>
|
||||
#
|
||||
|
||||
# Change the value of "user" to your linux user name
|
||||
user=seafile
|
||||
|
||||
# Change the value of "seafile_dir" to your path of seafile installation
|
||||
seafile_dir=/opt/seafile
|
||||
script_path=${seafile_dir}/seafile-server-latest
|
||||
seafile_init_log=${seafile_dir}/logs/seafile.init.log
|
||||
seahub_init_log=${seafile_dir}/logs/seahub.init.log
|
||||
|
||||
# Change the value of fastcgi to true if fastcgi is to be used
|
||||
fastcgi=true
|
||||
# Set the port of fastcgi, default is 8000. Change it if you need different.
|
||||
fastcgi_port=8000
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
restart)
|
||||
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
|
||||
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
|
||||
chmod +x /etc/init.d/seafile-server
|
||||
update-rc.d seafile-server defaults
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile
|
||||
# -------------------------------------------
|
||||
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
|
||||
mkdir -p /opt/seafile/installed
|
||||
cd /opt/seafile/
|
||||
curl -OL https://download.seafile.com.de/seafile-server_latest_i386.tar.gz
|
||||
tar xzf seafile-server_latest_i386.tar.gz
|
||||
|
||||
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
|
||||
|
||||
mv seafile-server_4.1.2_i386.tar.gz installed/seafile-server_${SEAFILE_VERSION}_i386.tar.gz
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile DB
|
||||
# -------------------------------------------
|
||||
SQLSEAFILEPW=$(pwgen)
|
||||
|
||||
cat > /opt/seafile/.my.cnf <<EOF
|
||||
[client]
|
||||
user=seafile
|
||||
password=$SQLSEAFILEPW
|
||||
EOF
|
||||
|
||||
chmod 600 /opt/seafile/.my.cnf
|
||||
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
|
||||
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
|
||||
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
|
||||
mysql seahub-db < /opt/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Go to /opt/seafile/seafile-server-${SEAFILE_VERSION}
|
||||
# -------------------------------------------
|
||||
cd /opt/seafile/seafile-server-${SEAFILE_VERSION}/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Vars - Don't touch these unless you really know what you are doing!
|
||||
# -------------------------------------------
|
||||
SCRIPT=$(readlink -f "$0")
|
||||
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
|
||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
||||
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
|
||||
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
|
||||
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
|
||||
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
|
||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
|
||||
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
|
||||
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
|
||||
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
|
||||
MEDIA_DIR=${INSTALLPATH}/seahub/media
|
||||
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
|
||||
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
|
||||
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create ccnet conf
|
||||
# -------------------------------------------
|
||||
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
|
||||
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
|
||||
|
||||
# Fix service url
|
||||
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = http:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create seafile conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
|
||||
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Write seafile.ini
|
||||
# -------------------------------------------
|
||||
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configure Seafile WebDAV Server(SeafDAV)
|
||||
# -------------------------------------------
|
||||
mkdir -p ${DEFAULT_CONF_DIR}
|
||||
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
|
||||
[WEBDAV]
|
||||
enabled = true
|
||||
port = 8080
|
||||
fastcgi = true
|
||||
share_name = /seafdav
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# generate seahub_settings.py
|
||||
# -------------------------------------------
|
||||
key=$(python "${SEAHUB_SECRET_KEYGEN}")
|
||||
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# prepare avatar directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/seahub-data"
|
||||
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
|
||||
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# create logs directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/logs"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create symlink for current server version
|
||||
# -------------------------------------------
|
||||
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
|
||||
|
||||
|
||||
# Fix permissions
|
||||
chmod 0600 "$DEST_SETTINGS_PY"
|
||||
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
|
||||
chmod 0700 "$SEAFILE_DATA_DIR"
|
||||
chmod 0700 "$DEFAULT_CONF_DIR"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# copy user manuals to library template
|
||||
# -------------------------------------------
|
||||
mkdir -p ${LIBRARY_TEMPLATE_DIR}
|
||||
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring ccnet.conf
|
||||
# -------------------------------------------
|
||||
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
|
||||
|
||||
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
|
||||
|
||||
[Database]
|
||||
ENGINE = mysql
|
||||
HOST = 127.0.0.1
|
||||
PORT = 3306
|
||||
USER = seafile
|
||||
PASSWD = $SEAFILESQLPW
|
||||
DB = ccnet-db
|
||||
CONNECTION_CHARSET = utf8
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring seahub_settings.py
|
||||
# -------------------------------------------
|
||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': 'seahub-db',
|
||||
'USER': 'seafile',
|
||||
'PASSWORD': '$SEAFILESQLPW',
|
||||
'HOST': '127.0.0.1',
|
||||
'PORT': '3306',
|
||||
'OPTIONS': {
|
||||
'init_command': 'SET storage_engine=INNODB',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CACHES = {
|
||||
'default': {
|
||||
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
|
||||
'LOCATION': '127.0.0.1:11211',
|
||||
}
|
||||
}
|
||||
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_HOST = 'localhost'
|
||||
EMAIL_HOST_USER = ''
|
||||
EMAIL_HOST_PASSWORD = ''
|
||||
EMAIL_PORT = '25'
|
||||
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
|
||||
SERVER_EMAIL = 'EMAIL_HOST_USER'
|
||||
TIME_ZONE = 'Asia/Beijing'
|
||||
SITE_BASE = 'http://${IP_OR_DOMAIN}'
|
||||
SITE_NAME = 'Seafile Server'
|
||||
SITE_TITLE = 'Seafile Server'
|
||||
SITE_ROOT = '/'
|
||||
USE_PDFJS = True
|
||||
ENABLE_SIGNUP = False
|
||||
ACTIVATE_AFTER_REGISTRATION = False
|
||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
||||
CLOUD_MODE = False
|
||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
||||
SESSION_SAVE_EVERY_REQUEST = False
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Backup check_init_admin.py befor applying changes
|
||||
# -------------------------------------------
|
||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Set admin credentials in check_init_admin.py
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN_PW=$(pwgen)
|
||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
||||
# -------------------------------------------
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Restore original check_init_admin.py
|
||||
# -------------------------------------------
|
||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Fix permissions
|
||||
# -------------------------------------------
|
||||
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start seafile server
|
||||
# -------------------------------------------
|
||||
echo "Starting productive Seafile server"
|
||||
service seafile-server start
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Final report
|
||||
# -------------------------------------------
|
||||
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
|
||||
|
||||
Your Seafile server is installed
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Server Name: ${SERVER_NAME}
|
||||
Server Address: http://${IP_OR_DOMAIN}
|
||||
|
||||
Seafile Admin: ${SEAFILE_ADMIN}
|
||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
||||
|
||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
||||
|
||||
Seafile DB Credentials: Check /opt/seafile/.my.cnf
|
||||
Root DB Credentials: Check /root/.my.cnf
|
||||
|
||||
This report is also saved to ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
|
||||
Next you should manually complete the following steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Run seafile-server-change-address to add your Seafile servers DNS name
|
||||
|
||||
2) If this server is behind a firewall, you need to ensure that
|
||||
tcp port 80 is open.
|
||||
|
||||
3) Seahub tries to send emails via the local server. Install and
|
||||
configure Postfix for this to work.
|
||||
|
||||
|
||||
|
||||
|
||||
Optional steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
||||
|
||||
2) Setup NGINX with official SSL certificate.
|
||||
|
||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
||||
|
||||
4) Harden system with port knocking, fail2ban, etc.
|
||||
|
||||
5) Enable unattended installation of security updates. Check
|
||||
https://wiki.debian.org/UnattendedUpgrades for details.
|
||||
|
||||
6) Implement a backup routine for your Seafile server.
|
||||
|
||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
||||
|
||||
|
||||
|
||||
|
||||
Seafile support options
|
||||
-----------------------------------------------------------------
|
||||
|
||||
For free community support visit: https://forum.seafile-server.org
|
||||
For paid commercial support visit: https://seafile.com.de
|
||||
|
||||
|
||||
|
||||
|
||||
Contribute
|
||||
-----------------------------------------------------------------
|
||||
Please contact alexander.jackson@seafile.com.de
|
||||
for bugs or suggestions about this installer. Thank you!
|
||||
|
||||
EOF
|
||||
|
||||
chmod 600 ${seafile_dir}/aio_seafile-server.log
|
||||
chown -R ${SEAFILE_USER}.nogroup ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Install seafile-server-change-address script
|
||||
# -------------------------------------------
|
||||
wget https://gist.githubusercontent.com/alexanderjackson/7e6fd01187327ffd8518/raw/2a87ea94ec8906f8e1847236711eef27ba1d2bb8/seafile-server-change-address -O /usr/local/sbin/seafile-server-change-address
|
||||
chmod 500 /usr/local/sbin/seafile-server-change-address
|
||||
|
||||
clear
|
||||
|
||||
cat ${seafile_dir}/aio_seafile-server.log
|
|
@ -1,580 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-ce_debian-wheezy-amd64
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# All-In-One Seafile Server installer for Debian Wheezy (64bit)
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
|
||||
All-In-One Seafile Server installer for Debian Wheezy (64bit)
|
||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
||||
-----------------------------------------------------------------
|
||||
|
||||
This installer is meant to run on a freshly installed machine
|
||||
only. If you run it on a production server things can and
|
||||
probably will go terrible wrong and you will loose valuable
|
||||
data!
|
||||
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.com.de
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Update System
|
||||
# -------------------------------------------
|
||||
aptitude update && aptitude upgrade -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# NGINX
|
||||
# -------------------------------------------
|
||||
cat > /etc/apt/sources.list.d/nginx.list <<EOF
|
||||
deb http://nginx.org/packages/mainline/debian/ wheezy nginx
|
||||
deb-src http://nginx.org/packages/mainline/debian/ wheezy nginx
|
||||
EOF
|
||||
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
|
||||
|
||||
aptitude update && aptitude upgrade -y
|
||||
aptitude install nginx -y
|
||||
|
||||
rm /etc/nginx/conf.d/*
|
||||
|
||||
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
|
||||
server {
|
||||
listen 80;
|
||||
server_name "";
|
||||
|
||||
location / {
|
||||
fastcgi_pass 127.0.0.1:8000;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
access_log /var/log/nginx/seahub.access.log;
|
||||
error_log /var/log/nginx/seahub.error.log;
|
||||
}
|
||||
location /seafhttp {
|
||||
rewrite ^/seafhttp(.*)$ $1 break;
|
||||
proxy_pass http://127.0.0.1:8082;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 36000s;
|
||||
proxy_read_timeout 36000s;
|
||||
}
|
||||
location /media {
|
||||
root /opt/seafile/haiwen/seafile-server-latest/seahub;
|
||||
}
|
||||
location /seafdav {
|
||||
fastcgi_pass 127.0.0.1:8080;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
access_log /var/log/nginx/seafdav.access.log;
|
||||
error_log /var/log/nginx/seafdav.error.log;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
service nginx restart
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Additional requirements
|
||||
# -------------------------------------------
|
||||
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
|
||||
openjdk-7-jre memcached python-memcache pwgen curl -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# MariaDB
|
||||
# -------------------------------------------
|
||||
cat > /etc/apt/sources.list.d/mariadb.list <<EOF
|
||||
# MariaDB Repository
|
||||
deb http://mirror.netcologne.de/mariadb/repo/10.0/debian wheezy main
|
||||
deb-src http://mirror.netcologne.de/mariadb/repo/10.0/debian wheezy main
|
||||
EOF
|
||||
|
||||
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
|
||||
|
||||
aptitude update && aptitude upgrade -y
|
||||
|
||||
sync && sleep 5
|
||||
|
||||
DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
|
||||
|
||||
SQLROOTPW=$(pwgen)
|
||||
|
||||
mysqladmin -u root password $SQLROOTPW
|
||||
|
||||
cat > /root/.my.cnf <<EOF
|
||||
[client]
|
||||
user=root
|
||||
password=$SQLROOTPW
|
||||
EOF
|
||||
|
||||
chmod 600 /root/.my.cnf
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile init script
|
||||
# -------------------------------------------
|
||||
cat > /etc/init.d/seafile-server <<'EOF'
|
||||
#!/bin/bash
|
||||
### BEGIN INIT INFO
|
||||
# Provides: seafile-server
|
||||
# Required-Start: $remote_fs $syslog mysql
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Seafile server
|
||||
# Description: Start Seafile server
|
||||
### END INIT INFO
|
||||
|
||||
# Author: Alexander Jackson <alexander.jackson@seafile.com.de>
|
||||
#
|
||||
|
||||
# Change the value of "user" to your linux user name
|
||||
user=seafile
|
||||
|
||||
# Change the value of "seafile_dir" to your path of seafile installation
|
||||
seafile_dir=/opt/seafile
|
||||
script_path=${seafile_dir}/seafile-server-latest
|
||||
seafile_init_log=${seafile_dir}/logs/seafile.init.log
|
||||
seahub_init_log=${seafile_dir}/logs/seahub.init.log
|
||||
|
||||
# Change the value of fastcgi to true if fastcgi is to be used
|
||||
fastcgi=true
|
||||
# Set the port of fastcgi, default is 8000. Change it if you need different.
|
||||
fastcgi_port=8000
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
restart)
|
||||
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
|
||||
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
|
||||
chmod +x /etc/init.d/seafile-server
|
||||
update-rc.d seafile-server defaults
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile
|
||||
# -------------------------------------------
|
||||
adduser --system --gecos "seafile" seafile --home /opt/seafile
|
||||
mkdir -p /opt/seafile/haiwen/installed
|
||||
cd /opt/seafile/haiwen/
|
||||
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
|
||||
tar xzf seafile-server_latest_x86-64.tar.gz
|
||||
|
||||
SEAFILE_VERSION=$(basename /opt/seafile/haiwen/seafile-server-* | awk -F'-' ' { print $3 }')
|
||||
|
||||
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile DB
|
||||
# -------------------------------------------
|
||||
SQLSEAFILEPW=$(pwgen)
|
||||
|
||||
cat > /opt/seafile/.my.cnf <<EOF
|
||||
[client]
|
||||
user=seafile
|
||||
password=$SQLSEAFILEPW
|
||||
EOF
|
||||
|
||||
chmod 600 /opt/seafile/.my.cnf
|
||||
chown -R seafile.nogroup /opt/seafile/
|
||||
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
|
||||
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
|
||||
mysql seahub-db < /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Go to /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}
|
||||
# -------------------------------------------
|
||||
cd /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Define Seafile admin credentials.
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN=admin@seafile.local
|
||||
SEAFILE_ADMIN_PW=$(pwgen)
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Vars - Don't touch these unless you really know what you are doing!
|
||||
# -------------------------------------------
|
||||
SCRIPT=$(readlink -f "$0")
|
||||
#INSTALLPATH=$(dirname "${SCRIPT}")
|
||||
INSTALLPATH=/opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/
|
||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
||||
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
|
||||
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
|
||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
||||
SERVER_NAME=$(hostname -s)
|
||||
IP_OR_DOMAIN=$(hostname -i)
|
||||
HOSTNAME=$(hostname -i)
|
||||
SERVER_PORT=10001
|
||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
|
||||
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
|
||||
SEAFILE_SERVER_PORT=12001
|
||||
FILESERVER_PORT=8082
|
||||
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
|
||||
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
|
||||
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
|
||||
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
|
||||
key=$(python "${SEAHUB_SECRET_KEYGEN}")
|
||||
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
|
||||
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
|
||||
MEDIA_DIR=${INSTALLPATH}/seahub/media
|
||||
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
|
||||
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
|
||||
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create ccnet conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
|
||||
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
|
||||
|
||||
# Fix service url
|
||||
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = http:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create seafile conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
|
||||
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Write seafile.ini
|
||||
# -------------------------------------------
|
||||
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configure Seafile WebDAV Server(SeafDAV)
|
||||
# -------------------------------------------
|
||||
mkdir -p ${DEFAULT_CONF_DIR}
|
||||
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
|
||||
[WEBDAV]
|
||||
enabled = true
|
||||
port = 8080
|
||||
fastcgi = true
|
||||
share_name = /seafdav
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# generate seahub_settings.py
|
||||
# -------------------------------------------
|
||||
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# prepare avatar directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/seahub-data"
|
||||
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
|
||||
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# create logs directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/logs"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create symlink for current server version
|
||||
# -------------------------------------------
|
||||
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
|
||||
|
||||
|
||||
# Fix permissions
|
||||
chmod 0600 "$DEST_SETTINGS_PY"
|
||||
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
|
||||
chmod 0700 "$SEAFILE_DATA_DIR"
|
||||
chmod 0700 "$DEFAULT_CONF_DIR"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# copy user manuals to library template
|
||||
# -------------------------------------------
|
||||
mkdir -p ${LIBRARY_TEMPLATE_DIR}
|
||||
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring ccnet.conf
|
||||
# -------------------------------------------
|
||||
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
|
||||
|
||||
[Database]
|
||||
ENGINE = mysql
|
||||
HOST = 127.0.0.1
|
||||
PORT = 3306
|
||||
USER = seafile
|
||||
PASSWD = $SEAFILESQLPW
|
||||
DB = ccnet-db
|
||||
CONNECTION_CHARSET = utf8
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring seahub_settings.py
|
||||
# -------------------------------------------
|
||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': 'seahub-db',
|
||||
'USER': 'seafile',
|
||||
'PASSWORD': '$SEAFILESQLPW',
|
||||
'HOST': '127.0.0.1',
|
||||
'PORT': '3306',
|
||||
'OPTIONS': {
|
||||
'init_command': 'SET storage_engine=INNODB',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CACHES = {
|
||||
'default': {
|
||||
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
|
||||
'LOCATION': '127.0.0.1:11211',
|
||||
}
|
||||
}
|
||||
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_HOST = 'localhost'
|
||||
EMAIL_HOST_USER = ''
|
||||
EMAIL_HOST_PASSWORD = ''
|
||||
EMAIL_PORT = '25'
|
||||
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
|
||||
SERVER_EMAIL = 'EMAIL_HOST_USER'
|
||||
TIME_ZONE = 'Asia/Beijing'
|
||||
SITE_BASE = 'http://${IP_OR_DOMAIN}'
|
||||
SITE_NAME = 'Seafile Server'
|
||||
SITE_TITLE = 'Seafile Server'
|
||||
SITE_ROOT = '/'
|
||||
USE_PDFJS = True
|
||||
ENABLE_SIGNUP = False
|
||||
ACTIVATE_AFTER_REGISTRATION = False
|
||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
||||
CLOUD_MODE = False
|
||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
||||
SESSION_SAVE_EVERY_REQUEST = False
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Backup check_init_admin.py befor applying changes
|
||||
# -------------------------------------------
|
||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Set admin credentials in check_init_admin.py
|
||||
# -------------------------------------------
|
||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
||||
# -------------------------------------------
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Restore original check_init_admin.py
|
||||
# -------------------------------------------
|
||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Fix permissions
|
||||
# -------------------------------------------
|
||||
chown seafile.nogroup -R /opt/seafile/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start seafile server
|
||||
# -------------------------------------------
|
||||
echo "Starting productive Seafile server"
|
||||
service seafile-server start
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Final report
|
||||
# -------------------------------------------
|
||||
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
|
||||
|
||||
Your Seafile server is installed
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Server Name: ${SERVER_NAME}
|
||||
Server Address: http://${IP_OR_DOMAIN}
|
||||
|
||||
Seafile Admin: ${SEAFILE_ADMIN}
|
||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
||||
|
||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
||||
|
||||
Seafile DB Credentials: Check /opt/seafile/.my.cnf
|
||||
Root DB Credentials: Check /root/.my.cnf
|
||||
|
||||
This report is also saved to ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
|
||||
Next you should manually complete the following steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) seahub_settings.py: Change IP within FILE_SERVER_ROOT variable to DNS
|
||||
|
||||
2) ccnet.conf: Change IP within SERVICE_URL variable to DNS
|
||||
|
||||
3) Restart server with: service seafile-server restart
|
||||
|
||||
4) If this server is behind a firewall, you need to ensure that
|
||||
tcp port 80 is open.
|
||||
|
||||
5) Seahub tries to send emails via the local server. Install and
|
||||
configure Postfix for this to work.
|
||||
|
||||
|
||||
|
||||
|
||||
Optional steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
||||
|
||||
2) Setup NGINX with official SSL certificate.
|
||||
|
||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
||||
|
||||
4) Harden system with port knocking, fail2ban, etc.
|
||||
|
||||
5) Enable unattended installation of security updates. Check
|
||||
https://wiki.debian.org/UnattendedUpgrades for details.
|
||||
|
||||
6) Implement a backup routine for your Seafile server.
|
||||
|
||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
||||
|
||||
|
||||
|
||||
|
||||
Seafile support options
|
||||
-----------------------------------------------------------------
|
||||
|
||||
For free community support visit: https://forum.seafile-server.org
|
||||
For paid commercial support visit: https://seafile.com.de
|
||||
|
||||
|
||||
|
||||
|
||||
About
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Please contact alexander.jackson@seafile.com.de
|
||||
for bugs or suggestions about this installer. Thank you!
|
||||
|
||||
EOF
|
||||
|
||||
chmod 600 ${seafile_dir}/aio_seafile-server.log
|
||||
chown -R seafile.nogroup ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
clear
|
||||
|
||||
cat ${seafile_dir}/aio_seafile-server.log
|
|
@ -1,798 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-pro_debian-jessie-amd64
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# Vars
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN=admin@seafile.lan
|
||||
SEAFILE_USER=seafile
|
||||
SEAFILE_SERVER_NAME=$(hostname -s | cut -c -16)
|
||||
SEAFILE_DNS=$(hostname -i)
|
||||
HOSTNAME=$(hostname -i)
|
||||
FILESERVER_PORT=8082
|
||||
SERVER_PORT=10001
|
||||
SEAFILE_SERVER_PORT=12001
|
||||
# Don't touch the following variable, unless you know what you are doing
|
||||
SEAFILE_VERSION=4.1.2
|
||||
SEAFILE_EDITION=pro-server
|
||||
SEAFILE_SOURCE=/usr/src/seafile/seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile Server Professional Edition on Debian Jessie (64bit)
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
|
||||
Install Seafile Professional Server on a Debian Jessie (64bit)
|
||||
- Newest Seafile Professional server, MariaDB, Memcached, NGINX -
|
||||
-----------------------------------------------------------------
|
||||
|
||||
This installer is meant to run on a freshly installed machine
|
||||
only. If you run it on a production server things can and
|
||||
probably will go terrible wrong and you will loose valuable
|
||||
data!
|
||||
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.com.de
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure we are running the installer as root
|
||||
# -------------------------------------------
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo " Aborting because you are not root" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if user seafile exists
|
||||
# -------------------------------------------
|
||||
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
|
||||
then
|
||||
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if directory /opt/seafile/ exists
|
||||
# -------------------------------------------
|
||||
if [[ -d "/opt/seafile/" ]] ;
|
||||
then
|
||||
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Update System
|
||||
# -------------------------------------------
|
||||
apt-get update
|
||||
apt-get dist-upgrade -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Additional requirements
|
||||
# -------------------------------------------
|
||||
apt-get install sudo ntp htop pwgen curl openssl unattended-upgrades -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# ensure correct time is set
|
||||
# -------------------------------------------
|
||||
ntpd -gq
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Security programs
|
||||
# -------------------------------------------
|
||||
apt-get install ufw fail2ban -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Activate firewall
|
||||
# -------------------------------------------
|
||||
for i in ssh http https ; do ufw allow $i; done
|
||||
yes | ufw enable
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile requirements
|
||||
# -------------------------------------------
|
||||
apt-get install python-setuptools python-simplejson python-imaging python-mysqldb \
|
||||
openjdk-7-jre memcached python-memcache libreoffice python-uno poppler-utils -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# NGINX
|
||||
# -------------------------------------------
|
||||
cat > /etc/apt/sources.list.d/nginx.list <<EOF
|
||||
deb http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
EOF
|
||||
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
|
||||
|
||||
apt-get update
|
||||
apt-get upgrade -y
|
||||
apt-get install nginx -y
|
||||
|
||||
rm /etc/nginx/conf.d/*
|
||||
|
||||
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
|
||||
server {
|
||||
listen 80;
|
||||
server_name "";
|
||||
|
||||
location / {
|
||||
fastcgi_pass 127.0.0.1:8000;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
access_log /var/log/nginx/seahub.access.log;
|
||||
error_log /var/log/nginx/seahub.error.log;
|
||||
}
|
||||
location /seafhttp {
|
||||
rewrite ^/seafhttp(.*)$ $1 break;
|
||||
proxy_pass http://127.0.0.1:8082;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 36000s;
|
||||
proxy_read_timeout 36000s;
|
||||
}
|
||||
location /media {
|
||||
root /opt/seafile/seafile-server-latest/seahub;
|
||||
}
|
||||
location /seafdav {
|
||||
fastcgi_pass 127.0.0.1:8080;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
access_log /var/log/nginx/seafdav.access.log;
|
||||
error_log /var/log/nginx/seafdav.error.log;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
mkdir /etc/nginx/ssl
|
||||
|
||||
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
|
||||
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create optimized nginx.conf
|
||||
# -------------------------------------------
|
||||
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
|
||||
|
||||
cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
|
||||
user nginx nginx;
|
||||
worker_processes 4;
|
||||
events {
|
||||
worker_connections 8096;
|
||||
multi_accept on;
|
||||
use epoll;
|
||||
}
|
||||
pid /var/run/nginx.pid;
|
||||
worker_rlimit_nofile 40000;
|
||||
http {
|
||||
server_tokens off;
|
||||
server_names_hash_bucket_size 128;
|
||||
client_max_body_size 50M;
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
client_body_timeout 12;
|
||||
client_header_timeout 12;
|
||||
keepalive_timeout 15;
|
||||
send_timeout 10;
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_proxied expired no-cache no-store private auth any;
|
||||
gzip_comp_level 9;
|
||||
gzip_min_length 10240;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
|
||||
gzip_disable "MSIE [1-6].";
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
map $scheme $php_https { default off; https on; }
|
||||
include perfect-forward-secrecy.conf;
|
||||
}
|
||||
ENDOFFILE
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Setup perfect forward secrecy
|
||||
# -------------------------------------------
|
||||
openssl dhparam -dsaparam -out /etc/nginx/dh4096.pem 4096
|
||||
|
||||
cat > /etc/nginx/perfect-forward-secrecy.conf <<'EOF'
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA";
|
||||
ssl_dhparam dh4096.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 10m;
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Fix NGINX worker_processes to number of CPU cores
|
||||
# -------------------------------------------
|
||||
CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }')
|
||||
eval "sed -i 's/worker_processes.*/worker_processes $CPUS;/g' /etc/nginx/nginx.conf"
|
||||
|
||||
|
||||
systemctl restart nginx
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# MariaDB
|
||||
# -------------------------------------------
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install mariadb-server -y
|
||||
|
||||
SQLROOTPW=$(pwgen)
|
||||
|
||||
mysqladmin -u root password $SQLROOTPW
|
||||
|
||||
cat > /root/.my.cnf <<EOF
|
||||
[client]
|
||||
user=root
|
||||
password=$SQLROOTPW
|
||||
EOF
|
||||
|
||||
chmod 600 /root/.my.cnf
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile init script
|
||||
# -------------------------------------------
|
||||
cat > /etc/init.d/seafile-server <<'EOF'
|
||||
#!/bin/bash
|
||||
### BEGIN INIT INFO
|
||||
# Provides: seafile-server
|
||||
# Required-Start: $remote_fs $syslog mysql
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Seafile server
|
||||
# Description: Start Seafile server
|
||||
### END INIT INFO
|
||||
|
||||
# Author: Alexander Jackson <alexander.jackson@seafile.com.de>
|
||||
#
|
||||
|
||||
# Change the value of "user" to your linux user name
|
||||
USER=seafile
|
||||
|
||||
# Change the value of "SEAFILE_DIR" to your path of seafile installation
|
||||
SEAFILE_DIR=/opt/seafile
|
||||
SCRIPT_PATH=${SEAFILE_DIR}/seafile-server-latest
|
||||
SEAFILE_INIT_LOG=${SEAFILE_DIR}/logs/seafile.init.log
|
||||
SEAHUB_INIT_LOG=${SEAFILE_DIR}/logs/seahub.init.log
|
||||
|
||||
# Change the value of fastcgi to true if fastcgi is to be used
|
||||
fastcgi=true
|
||||
# Set the port of fastcgi, default is 8000. Change it if you need different.
|
||||
fastcgi_port=8000
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh start >> ${SEAFILE_INIT_LOG}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh start-fastcgi ${fastcgi_port} >> ${SEAHUB_INIT_LOG}
|
||||
else
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh start >> ${SEAHUB_INIT_LOG}
|
||||
fi
|
||||
;;
|
||||
restart)
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh restart >> ${SEAFILE_INIT_LOG}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${SEAHUB_INIT_LOG}
|
||||
else
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh restart >> ${SEAHUB_INIT_LOG}
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh $1 >> ${SEAFILE_INIT_LOG}
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh $1 >> ${SEAHUB_INIT_LOG}
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
|
||||
chmod +x /etc/init.d/seafile-server
|
||||
systemctl enable seafile-server
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Install seafile-server-change-address script
|
||||
# -------------------------------------------
|
||||
cat > /usr/local/sbin/seafile-server-change-address <<'ENDOFFILE'
|
||||
#/bin/bash
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# Vars
|
||||
# -------------------------------------------
|
||||
HOSTNAME=$(hostname -f)
|
||||
SEAFILE_DIR=/opt/seafile
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Intro
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
|
||||
Mit diesem Skript können Sie die Adresse Ihres
|
||||
Seafile Servers Ändern. Das ist zum Beispiel nötig wenn
|
||||
sich Ihre Domain- oder IP-Adresse geändert hat.
|
||||
|
||||
Wird Seafile mit der falschen Adresse betrieben,
|
||||
funktioniert der Up- und Download von Dateien nicht.
|
||||
|
||||
Soll der Server mittes Portweiterleitung erreichbar
|
||||
sein, verwenden Sie bitte die öffentliche oder externe
|
||||
IP Ihres Routers bzw. einen öffentlich Domainnamen.
|
||||
|
||||
Bei Falscheingaben rufen Sie das Skript bitte erneut auf.
|
||||
|
||||
Der aktuelle Hostname wird vorausgefüllt. Ggf. einfach
|
||||
ändern.
|
||||
|
||||
EOF
|
||||
|
||||
echo "Geben Sie jetzt die neue IP oder Domainadresse"
|
||||
read -e -p "Neue Domainadresse:" -i " ${HOSTNAME}" URL
|
||||
|
||||
|
||||
cat <<EOF
|
||||
|
||||
Die eingebenen Adresse lautet: ${URL}
|
||||
|
||||
-------------------------------------------
|
||||
Fortfahren mit ENTER. Abruch mit STRG-C...
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Aendere Adressen in seahub_settings.py und ccnet.conf
|
||||
# -------------------------------------------
|
||||
sed -i "s/^SITE_BASE.*/SITE_BASE = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
|
||||
sed -i "s/^SITE_NAME.*/SITE_NAME = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
|
||||
sed -i "s/^SITE_TITLE.*/SITE_TITLE = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
|
||||
sed -i "s/^FILE_SERVER_ROOT.*/FILE_SERVER_ROOT = '\http:\/\/${URL}\/seafhttp\'/g" ${SEAFILE_DIR}/seahub_settings.py
|
||||
sed -i "s/^SERVICE_URL.*/SERVICE_URL = http:\/\/${URL}/g" ${SEAFILE_DIR}/ccnet/ccnet.conf
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Starte Seafile neu
|
||||
# -------------------------------------------
|
||||
systemctl restart seafile-server
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Outro
|
||||
# -------------------------------------------
|
||||
cat <<EOF
|
||||
|
||||
Fertig! Der Seafile Server wurde neu gestartet.
|
||||
|
||||
Seahub sollte nun über http://${HOSTNAME} erreichbar sein.
|
||||
|
||||
EOF
|
||||
ENDOFFILE
|
||||
|
||||
chmod 500 /usr/local/sbin/seafile-server-change-address
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile
|
||||
# -------------------------------------------
|
||||
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
|
||||
mkdir -p /opt/seafile/installed
|
||||
cd /opt/seafile/
|
||||
cp ${SEAFILE_SOURCE} ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
tar xzf ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
|
||||
mv ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz installed/./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile DB
|
||||
# -------------------------------------------
|
||||
SQLSEAFILEPW=$(pwgen)
|
||||
|
||||
cat > /opt/seafile/.my.cnf <<EOF
|
||||
[client]
|
||||
user=seafile
|
||||
password=$SQLSEAFILEPW
|
||||
EOF
|
||||
|
||||
chmod 600 /opt/seafile/.my.cnf
|
||||
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
|
||||
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
|
||||
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
|
||||
mysql seahub-db < /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub/sql/mysql.sql
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Go to /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}
|
||||
# -------------------------------------------
|
||||
cd /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Vars - Don't touch these unless you really know what you are doing!
|
||||
# -------------------------------------------
|
||||
SCRIPT=$(readlink -f "$0")
|
||||
INSTALLPATH=/opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/
|
||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
||||
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
|
||||
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
|
||||
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
|
||||
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
|
||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
|
||||
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
|
||||
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
|
||||
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
|
||||
MEDIA_DIR=${INSTALLPATH}/seahub/media
|
||||
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
|
||||
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
|
||||
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create ccnet conf
|
||||
# -------------------------------------------
|
||||
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
|
||||
--name "${SEAFILE_SERVER_NAME}" --port "${SERVER_PORT}" --host "${SEAFILE_DNS}"
|
||||
|
||||
# Fix service url
|
||||
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = http:\/\/${SEAFILE_DNS}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create seafile conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
|
||||
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Write seafile.ini
|
||||
# -------------------------------------------
|
||||
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configure Seafile WebDAV Server(SeafDAV)
|
||||
# -------------------------------------------
|
||||
mkdir -p ${DEFAULT_CONF_DIR}
|
||||
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
|
||||
[WEBDAV]
|
||||
enabled = true
|
||||
port = 8080
|
||||
fastcgi = true
|
||||
share_name = /seafdav
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# generate seahub_settings.py
|
||||
# -------------------------------------------
|
||||
key=$(python "${SEAHUB_SECRET_KEYGEN}")
|
||||
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# prepare avatar directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/seahub-data"
|
||||
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
|
||||
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# create logs directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/logs"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create symlink for current server version
|
||||
# -------------------------------------------
|
||||
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
|
||||
|
||||
|
||||
# Fix permissions
|
||||
chmod 0600 "$DEST_SETTINGS_PY"
|
||||
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
|
||||
chmod 0700 "$SEAFILE_DATA_DIR"
|
||||
chmod 0700 "$DEFAULT_CONF_DIR"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# copy user manuals to library template
|
||||
# -------------------------------------------
|
||||
mkdir -p ${LIBRARY_TEMPLATE_DIR}
|
||||
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Setup professional features
|
||||
# -------------------------------------------
|
||||
PRO_PY=${INSTALLPATH}/pro/pro.py
|
||||
$PYTHON ${PRO_PY} setup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring ccnet.conf
|
||||
# -------------------------------------------
|
||||
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
|
||||
|
||||
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
|
||||
|
||||
[Database]
|
||||
ENGINE = mysql
|
||||
HOST = 127.0.0.1
|
||||
PORT = 3306
|
||||
USER = seafile
|
||||
PASSWD = ${SEAFILESQLPW}
|
||||
DB = ccnet-db
|
||||
CONNECTION_CHARSET = utf8
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring seahub_settings.py
|
||||
# -------------------------------------------
|
||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': 'seahub-db',
|
||||
'USER': 'seafile',
|
||||
'PASSWORD': '${SEAFILESQLPW}',
|
||||
'HOST': '127.0.0.1',
|
||||
'PORT': '3306',
|
||||
'OPTIONS': {
|
||||
'init_command': 'SET storage_engine=INNODB',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CACHES = {
|
||||
'default': {
|
||||
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
|
||||
'LOCATION': '127.0.0.1:11211',
|
||||
}
|
||||
}
|
||||
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_HOST = 'localhost'
|
||||
EMAIL_HOST_USER = ''
|
||||
EMAIL_HOST_PASSWORD = ''
|
||||
EMAIL_PORT = '25'
|
||||
DEFAULT_FROM_EMAIL = 'seafile@${SEAFILE_DNS}'
|
||||
SERVER_EMAIL = 'EMAIL_HOST_USER'
|
||||
TIME_ZONE = 'Asia/Beijing'
|
||||
SITE_BASE = 'http://${SEAFILE_DNS}'
|
||||
SITE_NAME = 'Seafile Professional Server'
|
||||
SITE_TITLE = 'Seafile Professional Server'
|
||||
SITE_ROOT = '/'
|
||||
USE_PDFJS = True
|
||||
ENABLE_SIGNUP = False
|
||||
ACTIVATE_AFTER_REGISTRATION = False
|
||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
||||
CLOUD_MODE = False
|
||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
||||
SESSION_SAVE_EVERY_REQUEST = False
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
FILE_SERVER_ROOT = 'http://${SEAFILE_DNS}/seafhttp'
|
||||
REPO_PASSWORD_MIN_LENGTH = 8
|
||||
USER_PASSWORD_MIN_LENGTH = 6
|
||||
USER_PASSWORD_STRENGTH_LEVEL = 3
|
||||
USER_STRONG_PASSWORD_REQUIRED = True
|
||||
ENABLE_MAKE_GROUP_PUBLIC = False
|
||||
ENABLE_THUMBNAIL = True
|
||||
THUMBNAIL_ROOT = '${TOPDIR}/seahub-data/thumbnail/thumb/'
|
||||
THUMBNAIL_EXTENSION = 'png'
|
||||
THUMBNAIL_DEFAULT_SIZE = '24'
|
||||
PREVIEW_DEFAULT_SIZE = '100'
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Backup check_init_admin.py befor applying changes
|
||||
# -------------------------------------------
|
||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Set admin credentials in check_init_admin.py
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN_PW=$(pwgen)
|
||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
||||
# -------------------------------------------
|
||||
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seafile.sh start
|
||||
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub.sh start
|
||||
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub.sh stop
|
||||
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seafile.sh stop
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Restore original check_init_admin.py
|
||||
# -------------------------------------------
|
||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Fix permissions
|
||||
# -------------------------------------------
|
||||
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start seafile server
|
||||
# -------------------------------------------
|
||||
echo "Starting productive Seafile server"
|
||||
systemctl restart seafile-server
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Final report
|
||||
# -------------------------------------------
|
||||
cat > ${SEAFILE_DIR}/seafile-pro-installer.log<<EOF
|
||||
|
||||
Your Seafile server is installed
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Server Name: ${SEAFILE_SERVER_NAME}
|
||||
Server Address: http://${SEAFILE_DNS}
|
||||
|
||||
Seafile Admin: ${SEAFILE_ADMIN}
|
||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
||||
|
||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
||||
|
||||
Seafile DB Credentials: Check /opt/seafile/.my.cnf
|
||||
Root DB Credentials: Check /root/.my.cnf
|
||||
|
||||
This report is also saved to ${SEAFILE_DIR}/seafile-pro-installer.log
|
||||
|
||||
|
||||
|
||||
Next you should manually complete the following steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Run seafile-server-change-address to add your Seafile servers DNS name
|
||||
|
||||
2) If this server is behind a firewall, you need to ensure that
|
||||
tcp port 80 is open.
|
||||
|
||||
3) Seahub tries to send emails via the local server. Install and
|
||||
configure Postfix for this to work.
|
||||
|
||||
|
||||
|
||||
|
||||
Optional steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
||||
|
||||
2) Setup NGINX with official SSL certificate.
|
||||
|
||||
3) Harden system with port knocking, fail2ban, etc.
|
||||
|
||||
5) Enable unattended installation of security updates. Check
|
||||
https://wiki.debian.org/UnattendedUpgrades for details.
|
||||
|
||||
6) Implement a backup routine for your Seafile server.
|
||||
|
||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
||||
|
||||
|
||||
|
||||
|
||||
Seafile support options
|
||||
-----------------------------------------------------------------
|
||||
|
||||
For free community support visit: https://forum.seafile-server.org
|
||||
For paid commercial support visit: https://seafile.com.de
|
||||
|
||||
|
||||
|
||||
|
||||
Contribute
|
||||
-----------------------------------------------------------------
|
||||
Please contact alexander.jackson@seafile.com.de
|
||||
for bugs or suggestions about this installer. Thank you!
|
||||
|
||||
EOF
|
||||
|
||||
chmod 600 ${SEAFILE_DIR}/seafile-pro-installer.log
|
||||
chown -R ${SEAFILE_USER}.nogroup ${SEAFILE_DIR}/seafile-pro-installer.log
|
||||
|
||||
clear
|
||||
|
||||
less ${SEAFILE_DIR}/seafile-pro-installer.log
|
||||
|
||||
echo I am finished, enjoy! \;-\)
|
|
@ -1,22 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-ce_archlinux-amd64
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
|
||||
Anyone is welcome to make this one happen! ;-)
|
|
@ -1,22 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-ce_centos-7-amd64
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
|
||||
Anyone is welcome to make this one happen! ;-)
|
|
@ -1,623 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-ce_debian-jessie-amd64
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# Vars
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN=admin@seafile.local
|
||||
SEAFILE_USER=seafile
|
||||
SERVER_NAME=$(hostname -s | cut -c -16)
|
||||
IP_OR_DOMAIN=$(hostname -i)
|
||||
HOSTNAME=$(hostname -i)
|
||||
FILESERVER_PORT=8082
|
||||
SERVER_PORT=10001
|
||||
SEAFILE_SERVER_PORT=12001
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile Server Community Edition on Debian Jessie (64bit)
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
|
||||
This script installs the community edition of the Seafile Server on a Debian Jessie (64bit)
|
||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
||||
-----------------------------------------------------------------
|
||||
|
||||
This installer is meant to run on a freshly installed machine
|
||||
only. If you run it on a production server things can and
|
||||
probably will go terrible wrong and you will loose valuable
|
||||
data!
|
||||
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.de
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure we are running the installer as root
|
||||
# -------------------------------------------
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo " Aborting because you are not root" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if user seafile exists
|
||||
# -------------------------------------------
|
||||
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
|
||||
then
|
||||
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if directory /opt/seafile/ exists
|
||||
# -------------------------------------------
|
||||
if [[ -d "/opt/seafile/" ]] ;
|
||||
then
|
||||
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Update System
|
||||
# -------------------------------------------
|
||||
apt-get update && apt-get dist-upgrade -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure aptitude is installed
|
||||
# -------------------------------------------
|
||||
apt-get install aptitude -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Additional requirements
|
||||
# -------------------------------------------
|
||||
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
|
||||
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# NGINX
|
||||
# -------------------------------------------
|
||||
cat > /etc/apt/sources.list.d/nginx.list <<EOF
|
||||
deb http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
EOF
|
||||
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
|
||||
|
||||
aptitude update && aptitude upgrade -y
|
||||
aptitude install nginx -y
|
||||
|
||||
rm /etc/nginx/conf.d/*
|
||||
|
||||
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
|
||||
server {
|
||||
listen 80;
|
||||
server_name "";
|
||||
return 301 https://$http_host$request_uri?;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 spdy;
|
||||
server_name "";
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/ssl/seafile.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/seafile.key;
|
||||
|
||||
location / {
|
||||
fastcgi_pass 127.0.0.1:8000;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param HTTP_SCHEME https;
|
||||
|
||||
access_log /var/log/nginx/seahub.access.log;
|
||||
error_log /var/log/nginx/seahub.error.log;
|
||||
}
|
||||
location /seafhttp {
|
||||
rewrite ^/seafhttp(.*)$ $1 break;
|
||||
proxy_pass http://127.0.0.1:8082;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 36000s;
|
||||
proxy_read_timeout 36000s;
|
||||
}
|
||||
location /media {
|
||||
root /opt/seafile/seafile-server-latest/seahub;
|
||||
}
|
||||
location /seafdav {
|
||||
fastcgi_pass 127.0.0.1:8080;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
access_log /var/log/nginx/seafdav.access.log;
|
||||
error_log /var/log/nginx/seafdav.error.log;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
mkdir /etc/nginx/ssl
|
||||
|
||||
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
|
||||
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
|
||||
|
||||
service nginx restart
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# MariaDB
|
||||
# -------------------------------------------
|
||||
DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
|
||||
|
||||
SQLROOTPW=$(pwgen)
|
||||
|
||||
mysqladmin -u root password $SQLROOTPW
|
||||
|
||||
cat > /root/.my.cnf <<EOF
|
||||
[client]
|
||||
user=root
|
||||
password=$SQLROOTPW
|
||||
EOF
|
||||
|
||||
chmod 600 /root/.my.cnf
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile init script
|
||||
# -------------------------------------------
|
||||
cat > /etc/init.d/seafile-server <<'EOF'
|
||||
#!/bin/bash
|
||||
### BEGIN INIT INFO
|
||||
# Provides: seafile-server
|
||||
# Required-Start: $remote_fs $syslog mysql
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Seafile server
|
||||
# Description: Start Seafile server
|
||||
### END INIT INFO
|
||||
|
||||
# Author: Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
|
||||
# Change the value of "user" to your linux user name
|
||||
user=seafile
|
||||
|
||||
# Change the value of "seafile_dir" to your path of seafile installation
|
||||
seafile_dir=/opt/seafile
|
||||
script_path=${seafile_dir}/seafile-server-latest
|
||||
seafile_init_log=${seafile_dir}/logs/seafile.init.log
|
||||
seahub_init_log=${seafile_dir}/logs/seahub.init.log
|
||||
|
||||
# Change the value of fastcgi to true if fastcgi is to be used
|
||||
fastcgi=true
|
||||
# Set the port of fastcgi, default is 8000. Change it if you need different.
|
||||
fastcgi_port=8000
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
restart)
|
||||
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
|
||||
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
|
||||
chmod +x /etc/init.d/seafile-server
|
||||
update-rc.d seafile-server defaults
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile
|
||||
# -------------------------------------------
|
||||
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
|
||||
mkdir -p /opt/seafile/installed
|
||||
cd /opt/seafile/
|
||||
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
|
||||
tar xzf seafile-server_latest_x86-64.tar.gz
|
||||
|
||||
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
|
||||
|
||||
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile DB
|
||||
# -------------------------------------------
|
||||
SQLSEAFILEPW=$(pwgen)
|
||||
|
||||
cat > /opt/seafile/.my.cnf <<EOF
|
||||
[client]
|
||||
user=seafile
|
||||
password=$SQLSEAFILEPW
|
||||
EOF
|
||||
|
||||
chmod 600 /opt/seafile/.my.cnf
|
||||
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
|
||||
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
|
||||
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
|
||||
mysql seahub-db < /opt/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Go to /opt/seafile/seafile-server-${SEAFILE_VERSION}
|
||||
# -------------------------------------------
|
||||
cd /opt/seafile/seafile-server-${SEAFILE_VERSION}/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Vars - Don't touch these unless you really know what you are doing!
|
||||
# -------------------------------------------
|
||||
SCRIPT=$(readlink -f "$0")
|
||||
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
|
||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
||||
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
|
||||
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
|
||||
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
|
||||
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
|
||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
|
||||
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
|
||||
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
|
||||
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
|
||||
MEDIA_DIR=${INSTALLPATH}/seahub/media
|
||||
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
|
||||
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
|
||||
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create ccnet conf
|
||||
# -------------------------------------------
|
||||
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
|
||||
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
|
||||
|
||||
# Fix service url
|
||||
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create seafile conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
|
||||
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Write seafile.ini
|
||||
# -------------------------------------------
|
||||
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configure Seafile WebDAV Server(SeafDAV)
|
||||
# -------------------------------------------
|
||||
mkdir -p ${DEFAULT_CONF_DIR}
|
||||
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
|
||||
[WEBDAV]
|
||||
enabled = true
|
||||
port = 8080
|
||||
fastcgi = true
|
||||
share_name = /seafdav
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# generate seahub_settings.py
|
||||
# -------------------------------------------
|
||||
key=$(python "${SEAHUB_SECRET_KEYGEN}")
|
||||
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# prepare avatar directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/seahub-data"
|
||||
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
|
||||
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# create logs directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/logs"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create symlink for current server version
|
||||
# -------------------------------------------
|
||||
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
|
||||
|
||||
|
||||
# Fix permissions
|
||||
chmod 0600 "$DEST_SETTINGS_PY"
|
||||
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
|
||||
chmod 0700 "$SEAFILE_DATA_DIR"
|
||||
chmod 0700 "$DEFAULT_CONF_DIR"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# copy user manuals to library template
|
||||
# -------------------------------------------
|
||||
mkdir -p ${LIBRARY_TEMPLATE_DIR}
|
||||
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring ccnet.conf
|
||||
# -------------------------------------------
|
||||
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
|
||||
|
||||
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
|
||||
|
||||
[Database]
|
||||
ENGINE = mysql
|
||||
HOST = 127.0.0.1
|
||||
PORT = 3306
|
||||
USER = seafile
|
||||
PASSWD = $SEAFILESQLPW
|
||||
DB = ccnet-db
|
||||
CONNECTION_CHARSET = utf8
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring seahub_settings.py
|
||||
# -------------------------------------------
|
||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': 'seahub-db',
|
||||
'USER': 'seafile',
|
||||
'PASSWORD': '$SEAFILESQLPW',
|
||||
'HOST': '127.0.0.1',
|
||||
'PORT': '3306',
|
||||
'OPTIONS': {
|
||||
'init_command': 'SET storage_engine=INNODB',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CACHES = {
|
||||
'default': {
|
||||
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
|
||||
'LOCATION': '127.0.0.1:11211',
|
||||
}
|
||||
}
|
||||
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_HOST = 'localhost'
|
||||
EMAIL_HOST_USER = ''
|
||||
EMAIL_HOST_PASSWORD = ''
|
||||
EMAIL_PORT = '25'
|
||||
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
|
||||
SERVER_EMAIL = 'EMAIL_HOST_USER'
|
||||
TIME_ZONE = 'Europe/Berlin'
|
||||
SITE_BASE = 'https://${IP_OR_DOMAIN}'
|
||||
SITE_NAME = 'Seafile Server'
|
||||
SITE_TITLE = 'Seafile Server'
|
||||
SITE_ROOT = '/'
|
||||
USE_PDFJS = True
|
||||
ENABLE_SIGNUP = False
|
||||
ACTIVATE_AFTER_REGISTRATION = False
|
||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
||||
CLOUD_MODE = False
|
||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
||||
SESSION_SAVE_EVERY_REQUEST = False
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
FILE_SERVER_ROOT = 'https://${IP_OR_DOMAIN}/seafhttp'
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Backup check_init_admin.py befor applying changes
|
||||
# -------------------------------------------
|
||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Set admin credentials in check_init_admin.py
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN_PW=$(pwgen)
|
||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
||||
# -------------------------------------------
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Restore original check_init_admin.py
|
||||
# -------------------------------------------
|
||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Fix permissions
|
||||
# -------------------------------------------
|
||||
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start seafile server
|
||||
# -------------------------------------------
|
||||
echo "Starting productive Seafile server"
|
||||
service seafile-server start
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Final report
|
||||
# -------------------------------------------
|
||||
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
|
||||
|
||||
Your Seafile server is installed
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Server Name: ${SERVER_NAME}
|
||||
Server Address: https://${IP_OR_DOMAIN}
|
||||
|
||||
Seafile Admin: ${SEAFILE_ADMIN}
|
||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
||||
|
||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
||||
|
||||
Seafile DB Credentials: Check /opt/seafile/.my.cnf
|
||||
Root DB Credentials: Check /root/.my.cnf
|
||||
|
||||
This report is also saved to ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
|
||||
Next you should manually complete the following steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Run seafile-server-change-address to add your Seafile servers DNS name
|
||||
|
||||
2) If this server is behind a firewall, you need to ensure that
|
||||
tcp port 443 for the NGINX reverse proxy is open. Optionally
|
||||
you may also open tcp port 80 which redirects all unencrypted
|
||||
http traffic to the encrypted https port.
|
||||
|
||||
3) Seahub tries to send emails via the local server. Install and
|
||||
configure Postfix for this to work.
|
||||
|
||||
|
||||
|
||||
|
||||
Optional steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
||||
|
||||
2) Setup NGINX with official SSL certificate.
|
||||
|
||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
||||
|
||||
4) Harden system with port knocking, fail2ban, etc.
|
||||
|
||||
5) Enable unattended installation of security updates. Check
|
||||
https://wiki.debian.org/UnattendedUpgrades for details.
|
||||
|
||||
6) Implement a backup routine for your Seafile server.
|
||||
|
||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
||||
|
||||
|
||||
|
||||
|
||||
Seafile support options
|
||||
-----------------------------------------------------------------
|
||||
|
||||
For free community support visit: https://forum.seafile-server.org
|
||||
For paid commercial support visit: https://seafile.com.de
|
||||
|
||||
|
||||
|
||||
|
||||
Contribute
|
||||
-----------------------------------------------------------------
|
||||
Please contact alexander.jackson@seafile.de
|
||||
for bugs or suggestions about this installer. Thank you!
|
||||
|
||||
EOF
|
||||
|
||||
chmod 600 ${seafile_dir}/aio_seafile-server.log
|
||||
chown -R ${SEAFILE_USER}.nogroup ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Install seafile-server-change-address script
|
||||
# -------------------------------------------
|
||||
wget https://gist.githubusercontent.com/alexanderjackson/7e6fd01187327ffd8518/raw/2a87ea94ec8906f8e1847236711eef27ba1d2bb8/seafile-server-change-address -O /usr/local/sbin/seafile-server-change-address
|
||||
chmod 500 /usr/local/sbin/seafile-server-change-address
|
||||
|
||||
clear
|
||||
|
||||
cat ${seafile_dir}/aio_seafile-server.log
|
|
@ -1,623 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-ce_debian-jessie-i386
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# Vars
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN=admin@seafile.local
|
||||
SEAFILE_USER=seafile
|
||||
SERVER_NAME=$(hostname -s | cut -c -16)
|
||||
IP_OR_DOMAIN=$(hostname -i)
|
||||
HOSTNAME=$(hostname -i)
|
||||
FILESERVER_PORT=8082
|
||||
SERVER_PORT=10001
|
||||
SEAFILE_SERVER_PORT=12001
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile Server Community Edition on Debian Jessie (32bit)
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
|
||||
This script installs the community edition of the Seafile Server on a Debian Jessie (32bit)
|
||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
||||
-----------------------------------------------------------------
|
||||
|
||||
This installer is meant to run on a freshly installed machine
|
||||
only. If you run it on a production server things can and
|
||||
probably will go terrible wrong and you will loose valuable
|
||||
data!
|
||||
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.de
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure we are running the installer as root
|
||||
# -------------------------------------------
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo " Aborting because you are not root" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if user seafile exists
|
||||
# -------------------------------------------
|
||||
#if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
|
||||
#then
|
||||
# echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
|
||||
#fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if directory /opt/seafile/ exists
|
||||
# -------------------------------------------
|
||||
#if [[ -d "/opt/seafile/" ]] ;
|
||||
#then
|
||||
# echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
|
||||
#fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Update System
|
||||
# -------------------------------------------
|
||||
apt-get update && apt-get dist-upgrade -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure aptitude is installed
|
||||
# -------------------------------------------
|
||||
apt-get install aptitude -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Additional requirements
|
||||
# -------------------------------------------
|
||||
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
|
||||
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# NGINX
|
||||
# -------------------------------------------
|
||||
cat > /etc/apt/sources.list.d/nginx.list <<EOF
|
||||
deb http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
EOF
|
||||
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
|
||||
|
||||
aptitude update && aptitude upgrade -y
|
||||
aptitude install nginx -y
|
||||
|
||||
rm /etc/nginx/conf.d/*
|
||||
|
||||
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
|
||||
server {
|
||||
listen 80;
|
||||
server_name "";
|
||||
return 301 https://$http_host$request_uri?;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 spdy;
|
||||
server_name "";
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/ssl/seafile.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/seafile.key;
|
||||
|
||||
location / {
|
||||
fastcgi_pass 127.0.0.1:8000;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param HTTP_SCHEME https;
|
||||
|
||||
access_log /var/log/nginx/seahub.access.log;
|
||||
error_log /var/log/nginx/seahub.error.log;
|
||||
}
|
||||
location /seafhttp {
|
||||
rewrite ^/seafhttp(.*)$ $1 break;
|
||||
proxy_pass http://127.0.0.1:8082;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 36000s;
|
||||
proxy_read_timeout 36000s;
|
||||
}
|
||||
location /media {
|
||||
root /opt/seafile/seafile-server-latest/seahub;
|
||||
}
|
||||
location /seafdav {
|
||||
fastcgi_pass 127.0.0.1:8080;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
access_log /var/log/nginx/seafdav.access.log;
|
||||
error_log /var/log/nginx/seafdav.error.log;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
mkdir /etc/nginx/ssl
|
||||
|
||||
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
|
||||
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
|
||||
|
||||
service nginx restart
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# MariaDB
|
||||
# -------------------------------------------
|
||||
#DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
|
||||
|
||||
#SQLROOTPW=$(pwgen)
|
||||
|
||||
#mysqladmin -u root password $SQLROOTPW
|
||||
|
||||
#cat > /root/.my.cnf <<EOF
|
||||
#[client]
|
||||
#user=root
|
||||
#password=$SQLROOTPW
|
||||
#EOF
|
||||
|
||||
#chmod 600 /root/.my.cnf
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile init script
|
||||
# -------------------------------------------
|
||||
cat > /etc/init.d/seafile-server <<'EOF'
|
||||
#!/bin/bash
|
||||
### BEGIN INIT INFO
|
||||
# Provides: seafile-server
|
||||
# Required-Start: $remote_fs $syslog mysql
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Seafile server
|
||||
# Description: Start Seafile server
|
||||
### END INIT INFO
|
||||
|
||||
# Author: Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
|
||||
# Change the value of "user" to your linux user name
|
||||
user=seafile
|
||||
|
||||
# Change the value of "seafile_dir" to your path of seafile installation
|
||||
seafile_dir=/opt/seafile
|
||||
script_path=${seafile_dir}/seafile-server-latest
|
||||
seafile_init_log=${seafile_dir}/logs/seafile.init.log
|
||||
seahub_init_log=${seafile_dir}/logs/seahub.init.log
|
||||
|
||||
# Change the value of fastcgi to true if fastcgi is to be used
|
||||
fastcgi=true
|
||||
# Set the port of fastcgi, default is 8000. Change it if you need different.
|
||||
fastcgi_port=8000
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
restart)
|
||||
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
|
||||
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
|
||||
chmod +x /etc/init.d/seafile-server
|
||||
update-rc.d seafile-server defaults
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile
|
||||
# -------------------------------------------
|
||||
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
|
||||
mkdir -p /opt/seafile/installed
|
||||
cd /opt/seafile/
|
||||
curl -OL https://download.seafile.com.de/seafile-server_latest_i386.tar.gz
|
||||
tar xzf seafile-server_latest_i386.tar.gz
|
||||
|
||||
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
|
||||
|
||||
mv seafile-server_4.1.2_i386.tar.gz installed/seafile-server_${SEAFILE_VERSION}_i386.tar.gz
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile DB
|
||||
# -------------------------------------------
|
||||
SQLSEAFILEPW=$(pwgen)
|
||||
|
||||
cat > /opt/seafile/.my.cnf <<EOF
|
||||
[client]
|
||||
user=seafile
|
||||
password=$SQLSEAFILEPW
|
||||
EOF
|
||||
|
||||
chmod 600 /opt/seafile/.my.cnf
|
||||
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
|
||||
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
|
||||
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
|
||||
mysql seahub-db < /opt/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Go to /opt/seafile/seafile-server-${SEAFILE_VERSION}
|
||||
# -------------------------------------------
|
||||
cd /opt/seafile/seafile-server-${SEAFILE_VERSION}/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Vars - Don't touch these unless you really know what you are doing!
|
||||
# -------------------------------------------
|
||||
SCRIPT=$(readlink -f "$0")
|
||||
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
|
||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
||||
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
|
||||
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
|
||||
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
|
||||
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
|
||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
|
||||
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
|
||||
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
|
||||
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
|
||||
MEDIA_DIR=${INSTALLPATH}/seahub/media
|
||||
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
|
||||
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
|
||||
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create ccnet conf
|
||||
# -------------------------------------------
|
||||
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
|
||||
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
|
||||
|
||||
# Fix service url
|
||||
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create seafile conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
|
||||
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Write seafile.ini
|
||||
# -------------------------------------------
|
||||
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configure Seafile WebDAV Server(SeafDAV)
|
||||
# -------------------------------------------
|
||||
mkdir -p ${DEFAULT_CONF_DIR}
|
||||
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
|
||||
[WEBDAV]
|
||||
enabled = true
|
||||
port = 8080
|
||||
fastcgi = true
|
||||
share_name = /seafdav
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# generate seahub_settings.py
|
||||
# -------------------------------------------
|
||||
key=$(python "${SEAHUB_SECRET_KEYGEN}")
|
||||
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# prepare avatar directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/seahub-data"
|
||||
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
|
||||
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# create logs directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/logs"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create symlink for current server version
|
||||
# -------------------------------------------
|
||||
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
|
||||
|
||||
|
||||
# Fix permissions
|
||||
chmod 0600 "$DEST_SETTINGS_PY"
|
||||
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
|
||||
chmod 0700 "$SEAFILE_DATA_DIR"
|
||||
chmod 0700 "$DEFAULT_CONF_DIR"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# copy user manuals to library template
|
||||
# -------------------------------------------
|
||||
mkdir -p ${LIBRARY_TEMPLATE_DIR}
|
||||
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring ccnet.conf
|
||||
# -------------------------------------------
|
||||
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
|
||||
|
||||
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
|
||||
|
||||
[Database]
|
||||
ENGINE = mysql
|
||||
HOST = 127.0.0.1
|
||||
PORT = 3306
|
||||
USER = seafile
|
||||
PASSWD = $SEAFILESQLPW
|
||||
DB = ccnet-db
|
||||
CONNECTION_CHARSET = utf8
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring seahub_settings.py
|
||||
# -------------------------------------------
|
||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': 'seahub-db',
|
||||
'USER': 'seafile',
|
||||
'PASSWORD': '$SEAFILESQLPW',
|
||||
'HOST': '127.0.0.1',
|
||||
'PORT': '3306',
|
||||
'OPTIONS': {
|
||||
'init_command': 'SET storage_engine=INNODB',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CACHES = {
|
||||
'default': {
|
||||
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
|
||||
'LOCATION': '127.0.0.1:11211',
|
||||
}
|
||||
}
|
||||
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_HOST = 'localhost'
|
||||
EMAIL_HOST_USER = ''
|
||||
EMAIL_HOST_PASSWORD = ''
|
||||
EMAIL_PORT = '25'
|
||||
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
|
||||
SERVER_EMAIL = 'EMAIL_HOST_USER'
|
||||
TIME_ZONE = 'Europe/Berlin'
|
||||
SITE_BASE = 'https://${IP_OR_DOMAIN}'
|
||||
SITE_NAME = 'Seafile Server'
|
||||
SITE_TITLE = 'Seafile Server'
|
||||
SITE_ROOT = '/'
|
||||
USE_PDFJS = True
|
||||
ENABLE_SIGNUP = False
|
||||
ACTIVATE_AFTER_REGISTRATION = False
|
||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
||||
CLOUD_MODE = False
|
||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
||||
SESSION_SAVE_EVERY_REQUEST = False
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
FILE_SERVER_ROOT = 'https://${IP_OR_DOMAIN}/seafhttp'
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Backup check_init_admin.py befor applying changes
|
||||
# -------------------------------------------
|
||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Set admin credentials in check_init_admin.py
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN_PW=$(pwgen)
|
||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
||||
# -------------------------------------------
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Restore original check_init_admin.py
|
||||
# -------------------------------------------
|
||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Fix permissions
|
||||
# -------------------------------------------
|
||||
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start seafile server
|
||||
# -------------------------------------------
|
||||
echo "Starting productive Seafile server"
|
||||
service seafile-server start
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Final report
|
||||
# -------------------------------------------
|
||||
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
|
||||
|
||||
Your Seafile server is installed
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Server Name: ${SERVER_NAME}
|
||||
Server Address: https://${IP_OR_DOMAIN}
|
||||
|
||||
Seafile Admin: ${SEAFILE_ADMIN}
|
||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
||||
|
||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
||||
|
||||
Seafile DB Credentials: Check /opt/seafile/.my.cnf
|
||||
Root DB Credentials: Check /root/.my.cnf
|
||||
|
||||
This report is also saved to ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
|
||||
Next you should manually complete the following steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Run seafile-server-change-address to add your Seafile servers DNS name
|
||||
|
||||
2) If this server is behind a firewall, you need to ensure that
|
||||
tcp port 443 for the NGINX reverse proxy is open. Optionally
|
||||
you may also open tcp port 80 which redirects all unencrypted
|
||||
http traffic to the encrypted https port.
|
||||
|
||||
3) Seahub tries to send emails via the local server. Install and
|
||||
configure Postfix for this to work.
|
||||
|
||||
|
||||
|
||||
|
||||
Optional steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
||||
|
||||
2) Setup NGINX with official SSL certificate.
|
||||
|
||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
||||
|
||||
4) Harden system with port knocking, fail2ban, etc.
|
||||
|
||||
5) Enable unattended installation of security updates. Check
|
||||
https://wiki.debian.org/UnattendedUpgrades for details.
|
||||
|
||||
6) Implement a backup routine for your Seafile server.
|
||||
|
||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
||||
|
||||
|
||||
|
||||
|
||||
Seafile support options
|
||||
-----------------------------------------------------------------
|
||||
|
||||
For free community support visit: https://forum.seafile-server.org
|
||||
For paid commercial support visit: https://seafile.com.de
|
||||
|
||||
|
||||
|
||||
|
||||
Contribute
|
||||
-----------------------------------------------------------------
|
||||
Please contact alexander.jackson@seafile.de
|
||||
for bugs or suggestions about this installer. Thank you!
|
||||
|
||||
EOF
|
||||
|
||||
chmod 600 ${seafile_dir}/aio_seafile-server.log
|
||||
chown -R ${SEAFILE_USER}.nogroup ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Install seafile-server-change-address script
|
||||
# -------------------------------------------
|
||||
wget https://gist.githubusercontent.com/alexanderjackson/7e6fd01187327ffd8518/raw/2a87ea94ec8906f8e1847236711eef27ba1d2bb8/seafile-server-change-address -O /usr/local/sbin/seafile-server-change-address
|
||||
chmod 500 /usr/local/sbin/seafile-server-change-address
|
||||
|
||||
clear
|
||||
|
||||
cat ${seafile_dir}/aio_seafile-server.log
|
|
@ -1,600 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-ce_debian-wheezy-amd64
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# All-In-One Seafile Server installer for Debian Wheezy (64bit)
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
|
||||
All-In-One Seafile Server installer for Debian Wheezy (64bit)
|
||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
||||
-----------------------------------------------------------------
|
||||
|
||||
This installer is meant to run on a freshly installed machine
|
||||
only. If you run it on a production server things can and
|
||||
probably will go terrible wrong and you will loose valuable
|
||||
data!
|
||||
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.de
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Update System
|
||||
# -------------------------------------------
|
||||
aptitude update && aptitude upgrade -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# NGINX
|
||||
# -------------------------------------------
|
||||
cat > /etc/apt/sources.list.d/nginx.list <<EOF
|
||||
deb http://nginx.org/packages/mainline/debian/ wheezy nginx
|
||||
deb-src http://nginx.org/packages/mainline/debian/ wheezy nginx
|
||||
EOF
|
||||
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
|
||||
|
||||
aptitude update && aptitude upgrade -y
|
||||
aptitude install nginx -y
|
||||
|
||||
rm /etc/nginx/conf.d/*
|
||||
|
||||
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
|
||||
server {
|
||||
listen 80;
|
||||
server_name "";
|
||||
return 301 https://$http_host$request_uri?;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 spdy;
|
||||
server_name "";
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/ssl/seafile.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/seafile.key;
|
||||
|
||||
location / {
|
||||
fastcgi_pass 127.0.0.1:8000;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param HTTP_SCHEME https;
|
||||
|
||||
access_log /var/log/nginx/seahub.access.log;
|
||||
error_log /var/log/nginx/seahub.error.log;
|
||||
}
|
||||
location /seafhttp {
|
||||
rewrite ^/seafhttp(.*)$ $1 break;
|
||||
proxy_pass http://127.0.0.1:8082;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 36000s;
|
||||
proxy_read_timeout 36000s;
|
||||
}
|
||||
location /media {
|
||||
root /opt/seafile/haiwen/seafile-server-latest/seahub;
|
||||
}
|
||||
location /seafdav {
|
||||
fastcgi_pass 127.0.0.1:8080;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
access_log /var/log/nginx/seafdav.access.log;
|
||||
error_log /var/log/nginx/seafdav.error.log;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
mkdir /etc/nginx/ssl
|
||||
|
||||
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
|
||||
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
|
||||
|
||||
service nginx restart
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Additional requirements
|
||||
# -------------------------------------------
|
||||
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
|
||||
openjdk-7-jre memcached python-memcache pwgen curl -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# MariaDB
|
||||
# -------------------------------------------
|
||||
cat > /etc/apt/sources.list.d/mariadb.list <<EOF
|
||||
# MariaDB Repository
|
||||
deb http://mirror.netcologne.de/mariadb/repo/10.0/debian wheezy main
|
||||
deb-src http://mirror.netcologne.de/mariadb/repo/10.0/debian wheezy main
|
||||
EOF
|
||||
|
||||
apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
|
||||
|
||||
aptitude update && aptitude upgrade -y
|
||||
|
||||
sync && sleep 5
|
||||
|
||||
DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
|
||||
|
||||
SQLROOTPW=$(pwgen)
|
||||
|
||||
mysqladmin -u root password $SQLROOTPW
|
||||
|
||||
cat > /root/.my.cnf <<EOF
|
||||
[client]
|
||||
user=root
|
||||
password=$SQLROOTPW
|
||||
EOF
|
||||
|
||||
chmod 600 /root/.my.cnf
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile init script
|
||||
# -------------------------------------------
|
||||
cat > /etc/init.d/seafile-server <<'EOF'
|
||||
#!/bin/bash
|
||||
### BEGIN INIT INFO
|
||||
# Provides: seafile-server
|
||||
# Required-Start: $remote_fs $syslog mysql
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Seafile server
|
||||
# Description: Start Seafile server
|
||||
### END INIT INFO
|
||||
|
||||
# Author: Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
|
||||
# Change the value of "user" to your linux user name
|
||||
user=seafile
|
||||
|
||||
# Change the value of "seafile_dir" to your path of seafile installation
|
||||
seafile_dir=/opt/seafile/haiwen
|
||||
script_path=${seafile_dir}/seafile-server-latest
|
||||
seafile_init_log=${seafile_dir}/logs/seafile.init.log
|
||||
seahub_init_log=${seafile_dir}/logs/seahub.init.log
|
||||
|
||||
# Change the value of fastcgi to true if fastcgi is to be used
|
||||
fastcgi=true
|
||||
# Set the port of fastcgi, default is 8000. Change it if you need different.
|
||||
fastcgi_port=8000
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
restart)
|
||||
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
|
||||
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
|
||||
chmod +x /etc/init.d/seafile-server
|
||||
update-rc.d seafile-server defaults
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile
|
||||
# -------------------------------------------
|
||||
adduser --system --gecos "seafile" seafile --home /opt/seafile
|
||||
mkdir -p /opt/seafile/haiwen/installed
|
||||
cd /opt/seafile/haiwen/
|
||||
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
|
||||
tar xzf seafile-server_latest_x86-64.tar.gz
|
||||
|
||||
SEAFILE_VERSION=$(basename /opt/seafile/haiwen/seafile-server-* | awk -F'-' ' { print $3 }')
|
||||
|
||||
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile DB
|
||||
# -------------------------------------------
|
||||
SQLSEAFILEPW=$(pwgen)
|
||||
|
||||
cat > /opt/seafile/.my.cnf <<EOF
|
||||
[client]
|
||||
user=seafile
|
||||
password=$SQLSEAFILEPW
|
||||
EOF
|
||||
|
||||
chmod 600 /opt/seafile/.my.cnf
|
||||
chown -R seafile.nogroup /opt/seafile/
|
||||
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
|
||||
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
|
||||
mysql seahub-db < /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Go to /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}
|
||||
# -------------------------------------------
|
||||
cd /opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Define Seafile admin credentials.
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN=admin@seafile.local
|
||||
SEAFILE_ADMIN_PW=$(pwgen)
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Vars - Don't touch these unless you really know what you are doing!
|
||||
# -------------------------------------------
|
||||
SCRIPT=$(readlink -f "$0")
|
||||
#INSTALLPATH=$(dirname "${SCRIPT}")
|
||||
INSTALLPATH=/opt/seafile/haiwen/seafile-server-${SEAFILE_VERSION}/
|
||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
||||
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
|
||||
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
|
||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
||||
SERVER_NAME=$(hostname -s)
|
||||
IP_OR_DOMAIN=$(hostname -i)
|
||||
HOSTNAME=$(hostname -i)
|
||||
SERVER_PORT=10001
|
||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
|
||||
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
|
||||
SEAFILE_SERVER_PORT=12001
|
||||
FILESERVER_PORT=8082
|
||||
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
|
||||
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
|
||||
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
|
||||
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
|
||||
key=$(python "${SEAHUB_SECRET_KEYGEN}")
|
||||
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
|
||||
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
|
||||
MEDIA_DIR=${INSTALLPATH}/seahub/media
|
||||
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
|
||||
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
|
||||
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create ccnet conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
|
||||
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
|
||||
|
||||
# Fix service url
|
||||
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create seafile conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
|
||||
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Write seafile.ini
|
||||
# -------------------------------------------
|
||||
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configure Seafile WebDAV Server(SeafDAV)
|
||||
# -------------------------------------------
|
||||
mkdir -p ${DEFAULT_CONF_DIR}
|
||||
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
|
||||
[WEBDAV]
|
||||
enabled = true
|
||||
port = 8080
|
||||
fastcgi = true
|
||||
share_name = /seafdav
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# generate seahub_settings.py
|
||||
# -------------------------------------------
|
||||
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# prepare avatar directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/seahub-data"
|
||||
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
|
||||
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# create logs directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/logs"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create symlink for current server version
|
||||
# -------------------------------------------
|
||||
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
|
||||
|
||||
|
||||
# Fix permissions
|
||||
chmod 0600 "$DEST_SETTINGS_PY"
|
||||
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
|
||||
chmod 0700 "$SEAFILE_DATA_DIR"
|
||||
chmod 0700 "$DEFAULT_CONF_DIR"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# copy user manuals to library template
|
||||
# -------------------------------------------
|
||||
mkdir -p ${LIBRARY_TEMPLATE_DIR}
|
||||
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring ccnet.conf
|
||||
# -------------------------------------------
|
||||
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
|
||||
|
||||
[Database]
|
||||
ENGINE = mysql
|
||||
HOST = 127.0.0.1
|
||||
PORT = 3306
|
||||
USER = seafile
|
||||
PASSWD = $SEAFILESQLPW
|
||||
DB = ccnet-db
|
||||
CONNECTION_CHARSET = utf8
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring seahub_settings.py
|
||||
# -------------------------------------------
|
||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': 'seahub-db',
|
||||
'USER': 'seafile',
|
||||
'PASSWORD': '$SEAFILESQLPW',
|
||||
'HOST': '127.0.0.1',
|
||||
'PORT': '3306',
|
||||
'OPTIONS': {
|
||||
'init_command': 'SET storage_engine=INNODB',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CACHES = {
|
||||
'default': {
|
||||
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
|
||||
'LOCATION': '127.0.0.1:11211',
|
||||
}
|
||||
}
|
||||
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_HOST = 'localhost'
|
||||
EMAIL_HOST_USER = ''
|
||||
EMAIL_HOST_PASSWORD = ''
|
||||
EMAIL_PORT = '25'
|
||||
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
|
||||
SERVER_EMAIL = 'EMAIL_HOST_USER'
|
||||
TIME_ZONE = 'Europe/Berlin'
|
||||
SITE_BASE = 'https://${IP_OR_DOMAIN}'
|
||||
SITE_NAME = 'Seafile Server'
|
||||
SITE_TITLE = 'Seafile Server'
|
||||
SITE_ROOT = '/'
|
||||
USE_PDFJS = True
|
||||
ENABLE_SIGNUP = False
|
||||
ACTIVATE_AFTER_REGISTRATION = False
|
||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
||||
CLOUD_MODE = False
|
||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
||||
SESSION_SAVE_EVERY_REQUEST = False
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
FILE_SERVER_ROOT = 'https://${IP_OR_DOMAIN}/seafhttp'
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Backup check_init_admin.py befor applying changes
|
||||
# -------------------------------------------
|
||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Set admin credentials in check_init_admin.py
|
||||
# -------------------------------------------
|
||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
||||
# -------------------------------------------
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Restore original check_init_admin.py
|
||||
# -------------------------------------------
|
||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Fix permissions
|
||||
# -------------------------------------------
|
||||
chown seafile.nogroup -R /opt/seafile/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start seafile server
|
||||
# -------------------------------------------
|
||||
echo "Starting productive Seafile server"
|
||||
service seafile-server start
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Final report
|
||||
# -------------------------------------------
|
||||
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
|
||||
|
||||
Your Seafile server is installed
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Server Name: ${SERVER_NAME}
|
||||
Server Address: https://${IP_OR_DOMAIN}
|
||||
|
||||
Seafile Admin: ${SEAFILE_ADMIN}
|
||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
||||
|
||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
||||
|
||||
Seafile DB Credentials: Check /opt/seafile/.my.cnf
|
||||
Root DB Credentials: Check /root/.my.cnf
|
||||
|
||||
This report is also saved to ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
|
||||
Next you should manually complete the following steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) seahub_settings.py: Change IP within FILE_SERVER_ROOT variable to DNS
|
||||
|
||||
2) ccnet.conf: Change IP within SERVICE_URL variable to DNS
|
||||
|
||||
3) Restart server with: service seafile-server restart
|
||||
|
||||
4) If this server is behind a firewall, you need to ensure that
|
||||
tcp port 443 for the NGINX reverse proxy is open. Optionally
|
||||
you may also open tcp port 80 which redirects all unencrypted
|
||||
http traffic to the encrypted https port.
|
||||
|
||||
5) Seahub tries to send emails via the local server. Install and
|
||||
configure Postfix for this to work.
|
||||
|
||||
|
||||
|
||||
|
||||
Optional steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
||||
|
||||
2) Setup NGINX with official SSL certificate.
|
||||
|
||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
||||
|
||||
4) Harden system with port knocking, fail2ban, etc.
|
||||
|
||||
5) Enable unattended installation of security updates. Check
|
||||
https://wiki.debian.org/UnattendedUpgrades for details.
|
||||
|
||||
6) Implement a backup routine for your Seafile server.
|
||||
|
||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
||||
|
||||
|
||||
|
||||
|
||||
Seafile support options
|
||||
-----------------------------------------------------------------
|
||||
|
||||
For free community support visit: https://forum.seafile-server.org
|
||||
For paid commercial support visit: https://seafile.com.de
|
||||
|
||||
|
||||
|
||||
|
||||
About
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Please contact alexander.jackson@seafile.de
|
||||
for bugs or suggestions about this installer. Thank you!
|
||||
|
||||
EOF
|
||||
|
||||
chmod 600 ${seafile_dir}/aio_seafile-server.log
|
||||
chown -R seafile.nogroup ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
clear
|
||||
|
||||
cat ${seafile_dir}/aio_seafile-server.log
|
|
@ -1,475 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-ce_uberspace
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# Vars
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN=admin@seafile.local
|
||||
SEAFILE_USER=seafile
|
||||
WHOAMI=$(whoami)
|
||||
HOSTNAME=$(hostname -f)
|
||||
SERVER_NAME=$(echo ${WHOAMI}$(hostname -s) | cut -c -16)
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile Server Community Edition on Uberspace
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
This script installs the community edition of the Seafile Server on Uberspace
|
||||
-----------------------------------------------------------------
|
||||
This installer is meant to run on a fresh Uberspace.
|
||||
If you run it on a production server things can and
|
||||
probably will go terrible wrong and you will loose valuable
|
||||
data!
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.de
|
||||
-----------------------------------------------------------------
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if directory ${HOME}/seafile/ exists
|
||||
# -------------------------------------------
|
||||
if [[ -d "${HOME}/seafile/" ]] ;
|
||||
then
|
||||
echo " Aborting because directory ${HOME}/seafile/ already exist" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Python requirements
|
||||
# -------------------------------------------
|
||||
cd
|
||||
mkdir -p ~/bin ~/lib/python2.7
|
||||
easy_install-2.7 simplejson
|
||||
curl --silent http://effbot.org/media/downloads/Imaging-1.1.7.tar.gz | tar -xzf -
|
||||
cd Imaging-1.1.7
|
||||
perl -pi -e 's|/usr/lib|/usr/lib64|g' setup.py
|
||||
python2.7 setup.py install
|
||||
rm -rf Imaging-1.1.7
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Setup Seafile
|
||||
# -------------------------------------------
|
||||
mkdir -p ~/seafile/installed/
|
||||
cd ~/seafile/
|
||||
wget https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
|
||||
tar xzf seafile-server_latest_x86-64.tar.gz
|
||||
SEAFILE_VERSION=$(basename ~/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
|
||||
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile DB
|
||||
# -------------------------------------------
|
||||
MYSQL=$(which mysql)
|
||||
DB_CCNET=${WHOAMI}_ccnet
|
||||
DB_SEAFILE=${WHOAMI}_seafile
|
||||
DB_SEAHUB=${WHOAMI}_seahub
|
||||
DB_CHARSET=utf8
|
||||
|
||||
# Datenbanken erstellen
|
||||
for i in ${DB_CCNET} ${DB_SEAFILE} ${DB_SEAHUB} ; do
|
||||
${MYSQL} -e "CREATE DATABASE IF NOT EXISTS \`${i}\` character set = '${DB_CHARSET}';" ;
|
||||
done
|
||||
|
||||
mysql ${DB_SEAHUB} < ~/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
|
||||
|
||||
# -------------------------------------------
|
||||
# Get free ports
|
||||
# -------------------------------------------
|
||||
START_PORT=61100
|
||||
END_PORT=65535
|
||||
INCREMENT=1
|
||||
PORT=${START_PORT}
|
||||
PORT_LIST=free_ports.txt
|
||||
|
||||
# Empty port list
|
||||
echo -n > ${PORT_LIST}
|
||||
|
||||
COUNT=1
|
||||
while [ ${COUNT} -le 5 ]; do
|
||||
ISFREE=$(netstat -tapln | grep ${PORT})
|
||||
while [[ -n "${ISFREE}" ]]; do
|
||||
PORT=$[PORT+INCREMENT]
|
||||
ISFREE=$(netstat -tapln | grep ${PORT});
|
||||
if [ ${COUNT} > ${END_PORT} ]; then
|
||||
echo "Not enough free ports available. Aborting installation!" ; exit 1
|
||||
fi
|
||||
done
|
||||
|
||||
# Write free port to file
|
||||
echo -n "${PORT} " >> ${PORT_LIST}
|
||||
|
||||
# Increment search port
|
||||
PORT=$(( PORT+1 ))
|
||||
|
||||
# Increment loop counter
|
||||
(( COUNT++ ))
|
||||
done
|
||||
|
||||
# Import free ports to vars
|
||||
read SEAHUB_PORT FILESERVER_PORT SERVER_PORT SEAFILE_SERVER_PORT SEAFDAV_PORT< ${PORT_LIST}
|
||||
|
||||
# Delete port list
|
||||
rm ${PORT_LIST}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Apache htaccess
|
||||
# -------------------------------------------
|
||||
cat > ~/html/.htaccess <<"EOF"
|
||||
RewriteEngine on
|
||||
|
||||
# Redirect to https
|
||||
RewriteCond %{HTTPS} !=on
|
||||
RewriteCond %{ENV:HTTPS} !=on
|
||||
RewriteRule ^(.*)$ https://WHOAMI.HOSTNAME/$1 [L,R=301]
|
||||
|
||||
# Port of seafile httpserver (compare ~/haiwen/seafile-data/seafile.conf)
|
||||
RewriteRule ^seafhttp/(.*)$ http://localhost:FILESERVER_PORT/$1 [QSA,P,L]
|
||||
|
||||
RewriteRule ^/(seafmedia.*)$ /$1 [QSA,L,PT]
|
||||
RewriteCond %{REQUEST_FILENAME} !-f
|
||||
RewriteRule ^(.*)$ /fcgi-bin/seahub/$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
|
||||
EOF
|
||||
|
||||
# Set seahub port
|
||||
eval sed -i 's/WHOAMI/${WHOAMI}/' ~/html/.htaccess
|
||||
eval sed -i 's/HOSTNAME/${HOSTNAME}/' ~/html/.htaccess
|
||||
eval sed -i 's/FILESERVER_PORT/${FILESERVER_PORT}/' ~/html/.htaccess
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create Seahub FastCGI script
|
||||
# -------------------------------------------
|
||||
cat > ~/fcgi-bin/seahub <<EOF
|
||||
#!/usr/bin/env python2.7
|
||||
import sys, os, site
|
||||
|
||||
# directory of seafile installation
|
||||
seafile_directory = '${HOME}/seafile'
|
||||
|
||||
# Add a custom Python path.
|
||||
sys.path.insert(0, seafile_directory + '/seafile-server-latest/seahub')
|
||||
|
||||
# Set environment variables (compare ~/haiwen/seafile-server-latest/seahub.sh)
|
||||
os.environ['CCNET_CONF_DIR'] = seafile_directory + '/ccnet'
|
||||
os.environ['SEAHUB_LOG_DIR'] = seafile_directory + '/logs'
|
||||
os.environ['SEAFILE_CONF_DIR'] = seafile_directory + '/seafile-data'
|
||||
|
||||
# Load required python modules (compare ~/seafile-server-latest/seahub.sh)
|
||||
site.addsitedir(seafile_directory + '/seafile-server-latest/seafile/lib/python2.6/site-packages')
|
||||
site.addsitedir(seafile_directory + '/seafile-server-latest/seafile/lib64/python2.6/site-packages')
|
||||
site.addsitedir(seafile_directory + '/seafile-server-latest/seahub/thirdpart')
|
||||
site.addsitedir(seafile_directory + '/seafile-server-latest/seafile/lib/python2.7/site-packages')
|
||||
site.addsitedir(seafile_directory + '/seafile-server-latest/seafile/lib64/python2.7/site-packages')
|
||||
|
||||
# Switch to the directory of your project.
|
||||
os.chdir(seafile_directory + '/seafile-server-latest/seahub')
|
||||
|
||||
# Set the DJANGO_SETTINGS_MODULE environment variable.
|
||||
os.environ['DJANGO_SETTINGS_MODULE'] = 'seahub.settings'
|
||||
|
||||
from django.core.servers.fastcgi import runfastcgi
|
||||
runfastcgi(method='threaded', daemonize='false')
|
||||
EOF
|
||||
|
||||
chmod 755 ~/fcgi-bin/seahub
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile start script
|
||||
# -------------------------------------------
|
||||
cat > ~/bin/seafile <<'ENDOFILE'
|
||||
#!/bin/bash
|
||||
# Short-Description: Seafile server
|
||||
# Description: Start Seafile server
|
||||
### END INIT INFO
|
||||
# Author: Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# Change the value of "seafile_dir" to your path of seafile installation
|
||||
seafile_dir=~/seafile
|
||||
script_path=${seafile_dir}/seafile-server-latest
|
||||
seafile_init_log=${seafile_dir}/logs/seafile.init.log
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
${script_path}/seafile.sh start >> ${seafile_init_log}
|
||||
;;
|
||||
restart)
|
||||
${script_path}/seafile.sh restart >> ${seafile_init_log}
|
||||
;;
|
||||
stop)
|
||||
${script_path}/seafile.sh $1 >> ${seafile_init_log} && \
|
||||
ps aux | grep seahub | grep -v grep | awk '{ print $2 }' | while read line; do kill $line ; done
|
||||
;;
|
||||
*)
|
||||
echo "Usage: seafile {start|stop|restart}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
ENDOFILE
|
||||
|
||||
chmod +x ~/bin/seafile
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Go to ${HOME}/seafile/seafile-server-${SEAFILE_VERSION}
|
||||
# -------------------------------------------
|
||||
cd ${HOME}/seafile/seafile-server-${SEAFILE_VERSION}/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Vars - Don't touch these unless you really know what you are doing!
|
||||
# -------------------------------------------
|
||||
INSTALLPATH=${HOME}/seafile/seafile-server-${SEAFILE_VERSION}
|
||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
||||
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
|
||||
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
|
||||
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
|
||||
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
|
||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
|
||||
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
|
||||
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
|
||||
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
|
||||
MEDIA_DIR=${INSTALLPATH}/seahub/media
|
||||
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
|
||||
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
|
||||
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create ccnet conf
|
||||
# -------------------------------------------
|
||||
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
|
||||
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${HOSTNAME}"
|
||||
|
||||
# Fix service url
|
||||
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${WHOAMI}.${HOSTNAME}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create seafile conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
|
||||
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Write seafile.ini
|
||||
# -------------------------------------------
|
||||
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configure Seafile WebDAV Server(SeafDAV)
|
||||
# -------------------------------------------
|
||||
mkdir -p ${DEFAULT_CONF_DIR}
|
||||
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
|
||||
[WEBDAV]
|
||||
enabled = true
|
||||
port = ${SEAFDAV_PORT}
|
||||
fastcgi = true
|
||||
share_name = /seafdav
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# generate seahub_settings.py
|
||||
# -------------------------------------------
|
||||
key=$(python "${SEAHUB_SECRET_KEYGEN}")
|
||||
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# prepare avatar directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/seahub-data"
|
||||
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
|
||||
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# create logs directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/logs"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create symlink for current server version
|
||||
# -------------------------------------------
|
||||
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
|
||||
|
||||
|
||||
# Fix permissions
|
||||
chmod 0600 "$DEST_SETTINGS_PY"
|
||||
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
|
||||
chmod 0700 "$SEAFILE_DATA_DIR"
|
||||
chmod 0700 "$DEFAULT_CONF_DIR"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# copy user manuals to library template
|
||||
# -------------------------------------------
|
||||
mkdir -p ${LIBRARY_TEMPLATE_DIR}
|
||||
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring ccnet.conf
|
||||
# -------------------------------------------
|
||||
SEAFILESQLPW=$(grep password $HOME/.my.cnf | awk -F'=' {'print $2'} | awk -F' ' {'print $1'})
|
||||
|
||||
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
|
||||
[Database]
|
||||
ENGINE = mysql
|
||||
HOST = 127.0.0.1
|
||||
PORT = 3306
|
||||
USER = ${WHOAMI}
|
||||
PASSWD = ${SEAFILESQLPW}
|
||||
DB = ${DB_CCNET}
|
||||
CONNECTION_CHARSET = utf8
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring seahub_settings.py
|
||||
# -------------------------------------------
|
||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': '${DB_SEAHUB}',
|
||||
'USER': '${WHOAMI}',
|
||||
'PASSWORD': '${SEAFILESQLPW}',
|
||||
'HOST': '127.0.0.1',
|
||||
'PORT': '3306',
|
||||
'OPTIONS': {
|
||||
'init_command': 'SET storage_engine=INNODB',
|
||||
}
|
||||
}
|
||||
}
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_HOST = 'localhost'
|
||||
EMAIL_HOST_USER = ''
|
||||
EMAIL_HOST_PASSWORD = ''
|
||||
EMAIL_PORT = '25'
|
||||
DEFAULT_FROM_EMAIL = 'seafile@${HOSTNAME}'
|
||||
SERVER_EMAIL = 'EMAIL_HOST_USER'
|
||||
TIME_ZONE = 'Europe/Berlin'
|
||||
SITE_BASE = 'https://${WHOAMI}.${HOSTNAME}'
|
||||
SITE_NAME = 'Seafile Server'
|
||||
SITE_TITLE = 'Seafile Server'
|
||||
SITE_ROOT = '/'
|
||||
USE_PDFJS = True
|
||||
ENABLE_SIGNUP = False
|
||||
ACTIVATE_AFTER_REGISTRATION = False
|
||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
||||
CLOUD_MODE = False
|
||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
||||
SESSION_SAVE_EVERY_REQUEST = False
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
FILE_SERVER_ROOT = 'https://${WHOAMI}.${HOSTNAME}/seafhttp'
|
||||
DEBUG = True
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Backup check_init_admin.py befor applying changes
|
||||
# -------------------------------------------
|
||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Set admin credentials in check_init_admin.py
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN_PW=$(dd if=/dev/urandom bs=1 count=14 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev)
|
||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
||||
# -------------------------------------------
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start ${SEAHUB_PORT}
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Restore original check_init_admin.py
|
||||
# -------------------------------------------
|
||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Final report
|
||||
# -------------------------------------------
|
||||
cat > ~/seafile/seafile-ce_uberspace.log <<EOF
|
||||
Your Seafile server is installed
|
||||
-----------------------------------------------------------------
|
||||
Server Name: ${SERVER_NAME}
|
||||
Server Address: https://${WHOAMI}.${HOSTNAME}
|
||||
Seafile Admin: ${SEAFILE_ADMIN}
|
||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
||||
|
||||
SEAHUB_PORT: $SEAHUB_PORT
|
||||
FILESERVER_PORT: $FILESERVER_PORT
|
||||
SERVER_PORT: $SERVER_PORT
|
||||
SEAFILE_SERVER_PORT: $SEAFILE_SERVER_PORT
|
||||
SEAFDAV_PORT: $SEAFDAV_PORT
|
||||
|
||||
This report is also saved to ~/seafile/seafile-ce_uberspace.log
|
||||
Next you should manually complete the following steps
|
||||
-----------------------------------------------------------------
|
||||
1) Setup mail in ~/seafile/seahub_settings.py
|
||||
|
||||
Optional steps
|
||||
-----------------------------------------------------------------
|
||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
||||
2) Implement a backup routine for your Seafile server.
|
||||
|
||||
-----------------------------------------------------------------
|
||||
For free community support visit: https://forum.seafile-server.org
|
||||
For paid commercial support visit: https://seafile.com.de
|
||||
|
||||
Contribute
|
||||
-----------------------------------------------------------------
|
||||
Contact alexander.jackson@seafile.de for bugs or suggestions about this installer.
|
||||
|
||||
EOF
|
||||
|
||||
chmod 600 ~/seafile/seafile-ce_uberspace.log
|
||||
|
||||
less ~/seafile/seafile-ce_uberspace.log
|
|
@ -1,55 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-ce_uberspace_uninstall
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
#set -x
|
||||
# Vars
|
||||
SILENCER='> /dev/null 2>&1'
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile Server Community Edition on Uberspace
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
This script deletes Seafile Server on Uberspace
|
||||
-----------------------------------------------------------------
|
||||
Make 100% sure you saved the content from your
|
||||
libraries before proceeding with the full removal.
|
||||
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.de
|
||||
-----------------------------------------------------------------
|
||||
Hit return to uninstall Seafile or CTRL-C to abort.
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
# Kill anything Seafile related
|
||||
ps aux | grep sea | grep -v grep | grep -v uninstall | awk '{ print $2 }' | while read line; do kill $line ; done
|
||||
|
||||
# remove Seafile, Apache and Python 2.7 related directories and files
|
||||
eval rm -r ~/seafile-ce_* ~/seafile/ ~/bin/seafile* ~/fcgi-bin/seahub* ~/html/.htaccess ~/bin ~/lib/python2.7 ${SILENCER}
|
||||
|
||||
# Drop databases
|
||||
for i in haiwen_ccnet haiwen_seafile haiwen_seahub; do
|
||||
mysql -e "DROP DATABASE IF EXISTS \`${i}\`;"
|
||||
done
|
||||
|
||||
# Confirm removal
|
||||
echo Seafile is uninstalled now...
|
|
@ -1,943 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-pro_debian-jessie-amd64
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# Vars
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN=admin@seafile.lan
|
||||
SEAFILE_USER=seafile
|
||||
SEAFILE_SERVER_NAME=$(hostname -s | cut -c -16)
|
||||
SEAFILE_DNS=$(hostname -i)
|
||||
HOSTNAME=$(hostname -i)
|
||||
FILESERVER_PORT=8082
|
||||
SERVER_PORT=10001
|
||||
SEAFILE_SERVER_PORT=12001
|
||||
# Don't touch the following variable, unless you know what you are doing
|
||||
SEAFILE_VERSION=4.1.2
|
||||
SEAFILE_EDITION=pro-server
|
||||
SEAFILE_SOURCE=/usr/src/seafile/seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
MODE=$1
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Mode switcher
|
||||
# -------------------------------------------
|
||||
if [[ $MODE = dev ]]; then
|
||||
HTTP=http
|
||||
cat << EOF
|
||||
|
||||
Running installer in development mode.
|
||||
|
||||
Don't proceed for production systems since web traffic is not encrypted.
|
||||
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
else
|
||||
HTTP=https
|
||||
cat << EOF
|
||||
|
||||
Running installer in production mode.
|
||||
|
||||
Self signed-certificate will get installed. Starting with Seafile
|
||||
client version 4.2 you will need to import the certificate locally for
|
||||
the client to work.
|
||||
|
||||
Alternatively you should replace the self signed-certificate certificate
|
||||
with an official certificate like for instance a free Class1
|
||||
StartSSL certificate from https://www.startssl.com.
|
||||
|
||||
You can find a StartSSL certificate creation helper script at
|
||||
https://github.com/SeafileDE/seafile-server-installer/blob/master/startssl-certificate-generator
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile Server Professional Edition on Debian Jessie (64bit)
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
|
||||
Install Seafile Professional Server on a Debian Jessie (64bit)
|
||||
- Newest Seafile Professional server, MariaDB, Memcached, NGINX -
|
||||
-----------------------------------------------------------------
|
||||
|
||||
This installer is meant to run on a freshly installed machine
|
||||
only. If you run it on a production server things can and
|
||||
probably will go terrible wrong and you will loose valuable
|
||||
data!
|
||||
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.de
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure we are running the installer as root
|
||||
# -------------------------------------------
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo " Aborting because you are not root" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if user seafile exists
|
||||
# -------------------------------------------
|
||||
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
|
||||
then
|
||||
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if directory /opt/seafile/ exists
|
||||
# -------------------------------------------
|
||||
if [[ -d "/opt/seafile/" ]] ;
|
||||
then
|
||||
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Update System
|
||||
# -------------------------------------------
|
||||
apt-get update
|
||||
apt-get dist-upgrade -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Additional requirements
|
||||
# -------------------------------------------
|
||||
apt-get install sudo ntp htop pwgen curl openssl unattended-upgrades -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# ensure correct time is set
|
||||
# -------------------------------------------
|
||||
ntpd -gq
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Security programs
|
||||
# -------------------------------------------
|
||||
apt-get install ufw fail2ban -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Activate firewall
|
||||
# -------------------------------------------
|
||||
for i in ssh http https ; do ufw allow $i; done
|
||||
yes | ufw enable
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile requirements
|
||||
# -------------------------------------------
|
||||
apt-get install python-setuptools python-simplejson python-imaging python-mysqldb \
|
||||
openjdk-7-jre memcached python-memcache libreoffice python-uno poppler-utils -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# NGINX
|
||||
# -------------------------------------------
|
||||
cat > /etc/apt/sources.list.d/nginx.list <<EOF
|
||||
deb http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx
|
||||
EOF
|
||||
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
|
||||
|
||||
apt-get update
|
||||
apt-get upgrade -y
|
||||
apt-get install nginx -y
|
||||
|
||||
rm /etc/nginx/conf.d/*
|
||||
|
||||
if [[ $MODE = dev ]]; then
|
||||
|
||||
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
|
||||
server {
|
||||
listen 80;
|
||||
server_name "";
|
||||
|
||||
location / {
|
||||
fastcgi_pass 127.0.0.1:8000;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS off;
|
||||
fastcgi_param HTTP_SCHEME http;
|
||||
|
||||
access_log /var/log/nginx/seahub.access.log;
|
||||
error_log /var/log/nginx/seahub.error.log;
|
||||
}
|
||||
location /seafhttp {
|
||||
rewrite ^/seafhttp(.*)$ $1 break;
|
||||
proxy_pass http://127.0.0.1:8082;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 36000s;
|
||||
proxy_read_timeout 36000s;
|
||||
}
|
||||
location /media {
|
||||
root /opt/seafile/seafile-server-latest/seahub;
|
||||
}
|
||||
location /seafdav {
|
||||
fastcgi_pass 127.0.0.1:8080;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS off;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
access_log /var/log/nginx/seafdav.access.log;
|
||||
error_log /var/log/nginx/seafdav.error.log;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
else
|
||||
|
||||
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
|
||||
server {
|
||||
listen 80;
|
||||
server_name "";
|
||||
return 301 https://$http_host$request_uri?;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 spdy;
|
||||
server_name "";
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/ssl/seafile.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/seafile.key;
|
||||
|
||||
location / {
|
||||
fastcgi_pass 127.0.0.1:8000;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param HTTP_SCHEME https;
|
||||
|
||||
access_log /var/log/nginx/seahub.access.log;
|
||||
error_log /var/log/nginx/seahub.error.log;
|
||||
}
|
||||
location /seafhttp {
|
||||
rewrite ^/seafhttp(.*)$ $1 break;
|
||||
proxy_pass http://127.0.0.1:8082;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 36000s;
|
||||
proxy_read_timeout 36000s;
|
||||
}
|
||||
location /media {
|
||||
root /opt/seafile/seafile-server-latest/seahub;
|
||||
}
|
||||
location /seafdav {
|
||||
fastcgi_pass 127.0.0.1:8080;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
access_log /var/log/nginx/seafdav.access.log;
|
||||
error_log /var/log/nginx/seafdav.error.log;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
mkdir /etc/nginx/ssl
|
||||
|
||||
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
|
||||
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create optimized nginx.conf
|
||||
# -------------------------------------------
|
||||
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
|
||||
|
||||
cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
|
||||
user nginx nginx;
|
||||
worker_processes 4;
|
||||
events {
|
||||
worker_connections 8096;
|
||||
multi_accept on;
|
||||
use epoll;
|
||||
}
|
||||
pid /var/run/nginx.pid;
|
||||
worker_rlimit_nofile 40000;
|
||||
http {
|
||||
server_tokens off;
|
||||
server_names_hash_bucket_size 128;
|
||||
client_max_body_size 50M;
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
access_log /var/log/nginx/access.log main;
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
client_body_timeout 12;
|
||||
client_header_timeout 12;
|
||||
keepalive_timeout 15;
|
||||
send_timeout 10;
|
||||
# Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
|
||||
gzip off;
|
||||
#gzip_vary on;
|
||||
#gzip_proxied expired no-cache no-store private auth any;
|
||||
#gzip_comp_level 9;
|
||||
#gzip_min_length 10240;
|
||||
#gzip_buffers 16 8k;
|
||||
#gzip_http_version 1.1;
|
||||
#gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
|
||||
#gzip_disable "MSIE [1-6].";
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
map $scheme $php_https { default off; https on; }
|
||||
include perfect-forward-secrecy.conf;
|
||||
}
|
||||
ENDOFFILE
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Setup perfect forward secrecy
|
||||
# -------------------------------------------
|
||||
openssl dhparam -dsaparam -out /etc/nginx/dh4096.pem 4096
|
||||
|
||||
cat > /etc/nginx/perfect-forward-secrecy.conf <<'EOF'
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA";
|
||||
ssl_dhparam dh4096.pem;
|
||||
ssl_session_cache shared:SSL:10m;
|
||||
ssl_session_timeout 10m;
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Fix NGINX worker_processes to number of CPU cores
|
||||
# -------------------------------------------
|
||||
CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }')
|
||||
eval "sed -i 's/worker_processes.*/worker_processes $CPUS;/g' /etc/nginx/nginx.conf"
|
||||
|
||||
|
||||
systemctl restart nginx
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# MariaDB
|
||||
# -------------------------------------------
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install mariadb-server -y
|
||||
|
||||
SQLROOTPW=$(pwgen)
|
||||
|
||||
mysqladmin -u root password $SQLROOTPW
|
||||
|
||||
cat > /root/.my.cnf <<EOF
|
||||
[client]
|
||||
user=root
|
||||
password=$SQLROOTPW
|
||||
EOF
|
||||
|
||||
chmod 600 /root/.my.cnf
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile init script
|
||||
# -------------------------------------------
|
||||
cat > /etc/init.d/seafile-server <<'EOF'
|
||||
#!/bin/bash
|
||||
### BEGIN INIT INFO
|
||||
# Provides: seafile-server
|
||||
# Required-Start: $remote_fs $syslog mysql
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Seafile server
|
||||
# Description: Start Seafile server
|
||||
### END INIT INFO
|
||||
|
||||
# Author: Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
|
||||
# Change the value of "user" to your linux user name
|
||||
USER=seafile
|
||||
|
||||
# Change the value of "SEAFILE_DIR" to your path of seafile installation
|
||||
SEAFILE_DIR=/opt/seafile
|
||||
SCRIPT_PATH=${SEAFILE_DIR}/seafile-server-latest
|
||||
SEAFILE_INIT_LOG=${SEAFILE_DIR}/logs/seafile.init.log
|
||||
SEAHUB_INIT_LOG=${SEAFILE_DIR}/logs/seahub.init.log
|
||||
|
||||
# Change the value of fastcgi to true if fastcgi is to be used
|
||||
fastcgi=true
|
||||
# Set the port of fastcgi, default is 8000. Change it if you need different.
|
||||
fastcgi_port=8000
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh start >> ${SEAFILE_INIT_LOG}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh start-fastcgi ${fastcgi_port} >> ${SEAHUB_INIT_LOG}
|
||||
else
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh start >> ${SEAHUB_INIT_LOG}
|
||||
fi
|
||||
;;
|
||||
restart)
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh restart >> ${SEAFILE_INIT_LOG}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${SEAHUB_INIT_LOG}
|
||||
else
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh restart >> ${SEAHUB_INIT_LOG}
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh $1 >> ${SEAFILE_INIT_LOG}
|
||||
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh $1 >> ${SEAHUB_INIT_LOG}
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
|
||||
chmod +x /etc/init.d/seafile-server
|
||||
systemctl enable seafile-server
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Install seafile-server-change-address script
|
||||
# -------------------------------------------
|
||||
cat > /usr/local/sbin/seafile-server-change-address <<'ENDOFFILE'
|
||||
#/bin/bash
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# Vars
|
||||
# -------------------------------------------
|
||||
HOSTNAME=$(hostname -f)
|
||||
SEAFILE_DIR=/opt/seafile
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Intro
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
|
||||
Mit diesem Skript können Sie die Adresse Ihres
|
||||
Seafile Servers Ändern. Das ist zum Beispiel nötig wenn
|
||||
sich Ihre Domain- oder IP-Adresse geändert hat.
|
||||
|
||||
Wird Seafile mit der falschen Adresse betrieben,
|
||||
funktioniert der Up- und Download von Dateien nicht.
|
||||
|
||||
Soll der Server mittes Portweiterleitung erreichbar
|
||||
sein, verwenden Sie bitte die öffentliche oder externe
|
||||
IP Ihres Routers bzw. einen öffentlich Domainnamen.
|
||||
|
||||
Bei Falscheingaben rufen Sie das Skript bitte erneut auf.
|
||||
|
||||
Der aktuelle Hostname wird vorausgefüllt. Ggf. einfach
|
||||
ändern.
|
||||
|
||||
EOF
|
||||
|
||||
echo "Geben Sie jetzt die neue IP oder Domainadresse"
|
||||
read -e -p "Neue Domainadresse:" -i " ${HOSTNAME}" URL
|
||||
|
||||
|
||||
cat <<EOF
|
||||
|
||||
Die eingebenen Adresse lautet: ${URL}
|
||||
|
||||
-------------------------------------------
|
||||
Fortfahren mit ENTER. Abruch mit STRG-C...
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Aendere Adressen in seahub_settings.py und ccnet.conf
|
||||
# -------------------------------------------
|
||||
sed -i "s/^SITE_BASE.*/SITE_BASE = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
|
||||
sed -i "s/^SITE_NAME.*/SITE_NAME = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
|
||||
sed -i "s/^SITE_TITLE.*/SITE_TITLE = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py
|
||||
sed -i "s/^FILE_SERVER_ROOT.*/FILE_SERVER_ROOT = '\${HTTP}:\/\/${URL}\/seafhttp\'/g" ${SEAFILE_DIR}/seahub_settings.py
|
||||
sed -i "s/^SERVICE_URL.*/SERVICE_URL = ${HTTP}:\/\/${URL}/g" ${SEAFILE_DIR}/ccnet/ccnet.conf
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Starte Seafile neu
|
||||
# -------------------------------------------
|
||||
systemctl restart seafile-server
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Outro
|
||||
# -------------------------------------------
|
||||
cat <<EOF
|
||||
|
||||
Fertig! Der Seafile Server wurde neu gestartet.
|
||||
|
||||
Seahub sollte nun über ${HTTP}://${HOSTNAME} erreichbar sein.
|
||||
|
||||
EOF
|
||||
ENDOFFILE
|
||||
|
||||
chmod 500 /usr/local/sbin/seafile-server-change-address
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile
|
||||
# -------------------------------------------
|
||||
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
|
||||
mkdir -p /opt/seafile/installed
|
||||
cd /opt/seafile/
|
||||
cp ${SEAFILE_SOURCE} ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
tar xzf ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
|
||||
mv ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz installed/./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile DB
|
||||
# -------------------------------------------
|
||||
SQLSEAFILEPW=$(pwgen)
|
||||
|
||||
cat > /opt/seafile/.my.cnf <<EOF
|
||||
[client]
|
||||
user=seafile
|
||||
password=$SQLSEAFILEPW
|
||||
EOF
|
||||
|
||||
chmod 600 /opt/seafile/.my.cnf
|
||||
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
|
||||
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
|
||||
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
|
||||
mysql seahub-db < /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub/sql/mysql.sql
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Go to /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}
|
||||
# -------------------------------------------
|
||||
cd /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Vars - Don't touch these unless you really know what you are doing!
|
||||
# -------------------------------------------
|
||||
SCRIPT=$(readlink -f "$0")
|
||||
INSTALLPATH=/opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/
|
||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
||||
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
|
||||
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
|
||||
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
|
||||
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
|
||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
|
||||
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
|
||||
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
|
||||
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
|
||||
MEDIA_DIR=${INSTALLPATH}/seahub/media
|
||||
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
|
||||
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
|
||||
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create ccnet conf
|
||||
# -------------------------------------------
|
||||
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
|
||||
--name "${SEAFILE_SERVER_NAME}" --port "${SERVER_PORT}" --host "${SEAFILE_DNS}"
|
||||
|
||||
# Fix service url
|
||||
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = ${HTTP}:\/\/${SEAFILE_DNS}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
|
||||
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create seafile conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
|
||||
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Write seafile.ini
|
||||
# -------------------------------------------
|
||||
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configure Seafile WebDAV Server(SeafDAV)
|
||||
# -------------------------------------------
|
||||
mkdir -p ${DEFAULT_CONF_DIR}
|
||||
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
|
||||
[WEBDAV]
|
||||
enabled = true
|
||||
port = 8080
|
||||
fastcgi = true
|
||||
share_name = /seafdav
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# generate seahub_settings.py
|
||||
# -------------------------------------------
|
||||
key=$(python "${SEAHUB_SECRET_KEYGEN}")
|
||||
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# prepare avatar directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/seahub-data"
|
||||
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
|
||||
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# create logs directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/logs"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create symlink for current server version
|
||||
# -------------------------------------------
|
||||
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
|
||||
|
||||
|
||||
# Fix permissions
|
||||
chmod 0600 "$DEST_SETTINGS_PY"
|
||||
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
|
||||
chmod 0700 "$SEAFILE_DATA_DIR"
|
||||
chmod 0700 "$DEFAULT_CONF_DIR"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# copy user manuals to library template
|
||||
# -------------------------------------------
|
||||
mkdir -p ${LIBRARY_TEMPLATE_DIR}
|
||||
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Setup professional features
|
||||
# -------------------------------------------
|
||||
PRO_PY=${INSTALLPATH}/pro/pro.py
|
||||
$PYTHON ${PRO_PY} setup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring ccnet.conf
|
||||
# -------------------------------------------
|
||||
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
|
||||
|
||||
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
|
||||
|
||||
[Database]
|
||||
ENGINE = mysql
|
||||
HOST = 127.0.0.1
|
||||
PORT = 3306
|
||||
USER = seafile
|
||||
PASSWD = ${SEAFILESQLPW}
|
||||
DB = ccnet-db
|
||||
CONNECTION_CHARSET = utf8
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring seahub_settings.py
|
||||
# -------------------------------------------
|
||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': 'seahub-db',
|
||||
'USER': 'seafile',
|
||||
'PASSWORD': '${SEAFILESQLPW}',
|
||||
'HOST': '127.0.0.1',
|
||||
'PORT': '3306',
|
||||
'OPTIONS': {
|
||||
'init_command': 'SET storage_engine=INNODB',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CACHES = {
|
||||
'default': {
|
||||
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
|
||||
'LOCATION': '127.0.0.1:11211',
|
||||
}
|
||||
}
|
||||
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_HOST = 'localhost'
|
||||
EMAIL_HOST_USER = ''
|
||||
EMAIL_HOST_PASSWORD = ''
|
||||
EMAIL_PORT = '25'
|
||||
DEFAULT_FROM_EMAIL = 'seafile@${SEAFILE_DNS}'
|
||||
SERVER_EMAIL = 'EMAIL_HOST_USER'
|
||||
TIME_ZONE = 'Europe/Berlin'
|
||||
SITE_BASE = '${HTTP}://${SEAFILE_DNS}'
|
||||
SITE_NAME = 'Seafile Professional Server'
|
||||
SITE_TITLE = 'Seafile Professional Server'
|
||||
SITE_ROOT = '/'
|
||||
USE_PDFJS = True
|
||||
ENABLE_SIGNUP = False
|
||||
ACTIVATE_AFTER_REGISTRATION = False
|
||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
||||
CLOUD_MODE = False
|
||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
||||
SESSION_SAVE_EVERY_REQUEST = False
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
FILE_SERVER_ROOT = '${HTTP}://${SEAFILE_DNS}/seafhttp'
|
||||
REPO_PASSWORD_MIN_LENGTH = 8
|
||||
USER_PASSWORD_MIN_LENGTH = 6
|
||||
USER_PASSWORD_STRENGTH_LEVEL = 3
|
||||
USER_STRONG_PASSWORD_REQUIRED = True
|
||||
ENABLE_MAKE_GROUP_PUBLIC = False
|
||||
ENABLE_THUMBNAIL = True
|
||||
THUMBNAIL_ROOT = '${TOPDIR}/seahub-data/thumbnail/thumb/'
|
||||
THUMBNAIL_EXTENSION = 'png'
|
||||
THUMBNAIL_DEFAULT_SIZE = '24'
|
||||
PREVIEW_DEFAULT_SIZE = '100'
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Backup check_init_admin.py befor applying changes
|
||||
# -------------------------------------------
|
||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Set admin credentials in check_init_admin.py
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN_PW=$(pwgen)
|
||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
||||
# -------------------------------------------
|
||||
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seafile.sh start
|
||||
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub.sh start
|
||||
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub.sh stop
|
||||
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seafile.sh stop
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Restore original check_init_admin.py
|
||||
# -------------------------------------------
|
||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Fix permissions
|
||||
# -------------------------------------------
|
||||
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start seafile server
|
||||
# -------------------------------------------
|
||||
echo "Starting productive Seafile server"
|
||||
systemctl restart seafile-server
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Final report
|
||||
# -------------------------------------------
|
||||
cat > ${SEAFILE_DIR}/seafile-pro-installer.log<<EOF
|
||||
|
||||
Your Seafile server is installed
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Server Name: ${SEAFILE_SERVER_NAME}
|
||||
Server Address: ${HTTP}://${SEAFILE_DNS}
|
||||
|
||||
Seafile Admin: ${SEAFILE_ADMIN}
|
||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
||||
|
||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
||||
|
||||
Seafile DB Credentials: Check /opt/seafile/.my.cnf
|
||||
Root DB Credentials: Check /root/.my.cnf
|
||||
|
||||
This report is also saved to ${SEAFILE_DIR}/seafile-pro-installer.log
|
||||
|
||||
|
||||
|
||||
Next you should manually complete the following steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Run seafile-server-change-address to add your Seafile servers DNS name
|
||||
|
||||
2) If this server is behind a firewall, you need to ensure that
|
||||
tcp port 443 for the NGINX reverse proxy is open. Optionally
|
||||
you may also open tcp port 80 which redirects all unencrypted
|
||||
http traffic to the encrypted https port.
|
||||
|
||||
3) Seahub tries to send emails via the local server. Install and
|
||||
configure Postfix for this to work.
|
||||
|
||||
|
||||
|
||||
|
||||
Optional steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
||||
|
||||
2) Setup NGINX with official SSL certificate.
|
||||
|
||||
3) Harden system with port knocking, fail2ban, etc.
|
||||
|
||||
5) Enable unattended installation of security updates. Check
|
||||
https://wiki.debian.org/UnattendedUpgrades for details.
|
||||
|
||||
6) Implement a backup routine for your Seafile server.
|
||||
|
||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
||||
|
||||
|
||||
|
||||
|
||||
Seafile support options
|
||||
-----------------------------------------------------------------
|
||||
|
||||
For free community support visit: https://forum.seafile-server.org
|
||||
For paid commercial support visit: https://seafile.com.de
|
||||
|
||||
|
||||
|
||||
|
||||
Contribute
|
||||
-----------------------------------------------------------------
|
||||
Please contact alexander.jackson@seafile.de
|
||||
for bugs or suggestions about this installer. Thank you!
|
||||
|
||||
EOF
|
||||
|
||||
chmod 600 ${SEAFILE_DIR}/seafile-pro-installer.log
|
||||
chown -R ${SEAFILE_USER}.nogroup ${SEAFILE_DIR}/seafile-pro-installer.log
|
||||
|
||||
clear
|
||||
|
||||
less ${SEAFILE_DIR}/seafile-pro-installer.log
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Mode reminder
|
||||
# -------------------------------------------
|
||||
if [[ $MODE = dev ]]; then
|
||||
HTTP=http
|
||||
cat << EOF
|
||||
|
||||
Running installer in development mode.
|
||||
|
||||
Don't use this installation in production environments,
|
||||
since web traffic is not encrypted.
|
||||
|
||||
I am finished, enjoy! \;-\)
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
else
|
||||
echo I am finished, enjoy! \;-\)
|
||||
fi
|
|
@ -1,6 +1,6 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-server-community_ubuntu-trusty-amd64
|
||||
# seafile-server-installer/seafile-server-ce-ubuntu-14-04-amd64
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
|
@ -30,7 +30,10 @@ HOSTNAME=$(hostname -i)
|
|||
FILESERVER_PORT=8082
|
||||
SERVER_PORT=10001
|
||||
SEAFILE_SERVER_PORT=12001
|
||||
|
||||
SEAFILE_VERSION=4.1.2
|
||||
SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
SEAFILE_SERVER_PACKAGE_URL=http://download-cn.seafile.com/${SEAFILE_SERVER_PACKAGE}
|
||||
TIME_ZONE=Asia/Beijing
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile Server Community Edition on Ubuntu Trusty (64bit)
|
||||
|
@ -48,7 +51,7 @@ cat <<EOF
|
|||
data!
|
||||
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.com.de
|
||||
support@seafile.com
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
|
@ -88,7 +91,7 @@ fi
|
|||
# -------------------------------------------
|
||||
# Update System
|
||||
# -------------------------------------------
|
||||
aptitude update && aptitude dist-upgrade -y
|
||||
#aptitude update && aptitude dist-upgrade -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
|
@ -99,8 +102,10 @@ apt-get install aptitude -y
|
|||
# -------------------------------------------
|
||||
# Additional requirements
|
||||
# -------------------------------------------
|
||||
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
|
||||
aptitude install sudo python-pip python-setuptools python-imaging python-mysqldb \
|
||||
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
|
||||
aptitude install sudo poppler-utils libpython2.7 libreoffice \
|
||||
libreoffice-script-provider-python ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
|
@ -261,12 +266,10 @@ update-rc.d seafile-server defaults
|
|||
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
|
||||
mkdir -p /opt/seafile/installed
|
||||
cd /opt/seafile/
|
||||
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
|
||||
tar xzf seafile-server_latest_x86-64.tar.gz
|
||||
curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
|
||||
tar xzf ${SEAFILE_SERVER_PACKAGE}
|
||||
|
||||
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
|
||||
|
||||
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
mv ${SEAFILE_SERVER_PACKAGE} installed
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
|
@ -451,7 +454,8 @@ EMAIL_HOST_PASSWORD = ''
|
|||
EMAIL_PORT = '25'
|
||||
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
|
||||
SERVER_EMAIL = 'EMAIL_HOST_USER'
|
||||
TIME_ZONE = 'Asia/Beijing'
|
||||
|
||||
TIME_ZONE = '${TIME_ZONE}'
|
||||
SITE_BASE = 'http://${IP_OR_DOMAIN}'
|
||||
SITE_NAME = 'Seafile Server'
|
||||
SITE_TITLE = 'Seafile Server'
|
||||
|
@ -466,6 +470,7 @@ FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
|||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
||||
SESSION_SAVE_EVERY_REQUEST = False
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
|
||||
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
|
||||
EOF
|
||||
|
|
@ -1,622 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# seafile-server-installer/seafile-server-community_ubuntu-trusty-amd64
|
||||
#
|
||||
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
# This program is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU Affero General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU Affero General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU Affero General Public License
|
||||
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
#
|
||||
#
|
||||
#set -x
|
||||
# -------------------------------------------
|
||||
# Vars
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN=admin@seafile.local
|
||||
SEAFILE_USER=seafile
|
||||
SERVER_NAME=$(hostname -s)
|
||||
IP_OR_DOMAIN=$(hostname -i)
|
||||
HOSTNAME=$(hostname -i)
|
||||
FILESERVER_PORT=8082
|
||||
SERVER_PORT=10001
|
||||
SEAFILE_SERVER_PORT=12001
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile Server Community Edition on Ubuntu Trusty (64bit)
|
||||
# -------------------------------------------
|
||||
clear
|
||||
cat <<EOF
|
||||
|
||||
This script installs the community edition of the Seafile Server on a Ubuntu Trusty (64bit)
|
||||
- Newest Seafile server version, MariaDB, Memcached, NGINX -
|
||||
-----------------------------------------------------------------
|
||||
|
||||
This installer is meant to run on a freshly installed machine
|
||||
only. If you run it on a production server things can and
|
||||
probably will go terrible wrong and you will loose valuable
|
||||
data!
|
||||
|
||||
For questions or suggestions please contact me at
|
||||
alexander.jackson@seafile.de
|
||||
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Hit return to proceed or CTRL-C to abort.
|
||||
|
||||
EOF
|
||||
read dummy
|
||||
clear
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure we are running the installer as root
|
||||
# -------------------------------------------
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo " Aborting because you are not root" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if user seafile exists
|
||||
# -------------------------------------------
|
||||
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
|
||||
then
|
||||
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Abort if directory /opt/seafile/ exists
|
||||
# -------------------------------------------
|
||||
if [[ -d "/opt/seafile/" ]] ;
|
||||
then
|
||||
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
|
||||
fi
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Update System
|
||||
# -------------------------------------------
|
||||
aptitude update && aptitude dist-upgrade -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Ensure aptitude is installed
|
||||
# -------------------------------------------
|
||||
apt-get install aptitude -y
|
||||
|
||||
# -------------------------------------------
|
||||
# Additional requirements
|
||||
# -------------------------------------------
|
||||
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
|
||||
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# NGINX
|
||||
# -------------------------------------------
|
||||
cat > /etc/apt/sources.list.d/nginx.list <<EOF
|
||||
deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx
|
||||
deb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx
|
||||
EOF
|
||||
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
|
||||
|
||||
aptitude update && aptitude upgrade -y
|
||||
aptitude install nginx -y
|
||||
|
||||
rm /etc/nginx/conf.d/*
|
||||
|
||||
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
|
||||
server {
|
||||
listen 80;
|
||||
server_name "";
|
||||
return 301 https://$http_host$request_uri?;
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 spdy;
|
||||
server_name "";
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/nginx/ssl/seafile.crt;
|
||||
ssl_certificate_key /etc/nginx/ssl/seafile.key;
|
||||
|
||||
location / {
|
||||
fastcgi_pass 127.0.0.1:8000;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS on;
|
||||
fastcgi_param HTTP_SCHEME https;
|
||||
|
||||
access_log /var/log/nginx/seahub.access.log;
|
||||
error_log /var/log/nginx/seahub.error.log;
|
||||
}
|
||||
location /seafhttp {
|
||||
rewrite ^/seafhttp(.*)$ $1 break;
|
||||
proxy_pass http://127.0.0.1:8082;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 36000s;
|
||||
proxy_read_timeout 36000s;
|
||||
}
|
||||
location /media {
|
||||
root /opt/seafile/seafile-server-latest/seahub;
|
||||
}
|
||||
location /seafdav {
|
||||
fastcgi_pass 127.0.0.1:8080;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
fastcgi_param PATH_INFO $fastcgi_script_name;
|
||||
fastcgi_param SERVER_PROTOCOL $server_protocol;
|
||||
fastcgi_param QUERY_STRING $query_string;
|
||||
fastcgi_param REQUEST_METHOD $request_method;
|
||||
fastcgi_param CONTENT_TYPE $content_type;
|
||||
fastcgi_param CONTENT_LENGTH $content_length;
|
||||
fastcgi_param SERVER_ADDR $server_addr;
|
||||
fastcgi_param SERVER_PORT $server_port;
|
||||
fastcgi_param SERVER_NAME $server_name;
|
||||
fastcgi_param HTTPS on;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
access_log /var/log/nginx/seafdav.access.log;
|
||||
error_log /var/log/nginx/seafdav.error.log;
|
||||
}
|
||||
}
|
||||
EOF
|
||||
|
||||
mkdir /etc/nginx/ssl
|
||||
|
||||
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
|
||||
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
|
||||
|
||||
service nginx restart
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# MariaDB
|
||||
# -------------------------------------------
|
||||
DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
|
||||
|
||||
SQLROOTPW=$(pwgen)
|
||||
|
||||
mysqladmin -u root password $SQLROOTPW
|
||||
|
||||
cat > /root/.my.cnf <<EOF
|
||||
[client]
|
||||
user=root
|
||||
password=$SQLROOTPW
|
||||
EOF
|
||||
|
||||
chmod 600 /root/.my.cnf
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile init script
|
||||
# -------------------------------------------
|
||||
cat > /etc/init.d/seafile-server <<'EOF'
|
||||
#!/bin/bash
|
||||
### BEGIN INIT INFO
|
||||
# Provides: seafile-server
|
||||
# Required-Start: $remote_fs $syslog mysql
|
||||
# Required-Stop: $remote_fs $syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Seafile server
|
||||
# Description: Start Seafile server
|
||||
### END INIT INFO
|
||||
|
||||
# Author: Alexander Jackson <alexander.jackson@seafile.de>
|
||||
#
|
||||
|
||||
# Change the value of "user" to your linux user name
|
||||
user=seafile
|
||||
|
||||
# Change the value of "seafile_dir" to your path of seafile installation
|
||||
seafile_dir=/opt/seafile
|
||||
script_path=${seafile_dir}/seafile-server-latest
|
||||
seafile_init_log=${seafile_dir}/logs/seafile.init.log
|
||||
seahub_init_log=${seafile_dir}/logs/seahub.init.log
|
||||
|
||||
# Change the value of fastcgi to true if fastcgi is to be used
|
||||
fastcgi=true
|
||||
# Set the port of fastcgi, default is 8000. Change it if you need different.
|
||||
fastcgi_port=8000
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
restart)
|
||||
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
|
||||
if [ $fastcgi = true ];
|
||||
then
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
|
||||
else
|
||||
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
|
||||
fi
|
||||
;;
|
||||
stop)
|
||||
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
|
||||
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
|
||||
;;
|
||||
*)
|
||||
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
EOF
|
||||
|
||||
chmod +x /etc/init.d/seafile-server
|
||||
update-rc.d seafile-server defaults
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile
|
||||
# -------------------------------------------
|
||||
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
|
||||
mkdir -p /opt/seafile/installed
|
||||
cd /opt/seafile/
|
||||
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
|
||||
tar xzf seafile-server_latest_x86-64.tar.gz
|
||||
|
||||
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
|
||||
|
||||
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Seafile DB
|
||||
# -------------------------------------------
|
||||
SQLSEAFILEPW=$(pwgen)
|
||||
|
||||
cat > /opt/seafile/.my.cnf <<EOF
|
||||
[client]
|
||||
user=seafile
|
||||
password=$SQLSEAFILEPW
|
||||
EOF
|
||||
|
||||
chmod 600 /opt/seafile/.my.cnf
|
||||
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
|
||||
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
|
||||
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
|
||||
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
|
||||
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
|
||||
mysql seahub-db < /opt/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Go to /opt/seafile/seafile-server-${SEAFILE_VERSION}
|
||||
# -------------------------------------------
|
||||
cd /opt/seafile/seafile-server-${SEAFILE_VERSION}/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Vars - Don't touch these unless you really know what you are doing!
|
||||
# -------------------------------------------
|
||||
SCRIPT=$(readlink -f "$0")
|
||||
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
|
||||
TOPDIR=$(dirname "${INSTALLPATH}")
|
||||
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
|
||||
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
|
||||
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
|
||||
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
|
||||
DEFAULT_CONF_DIR=${TOPDIR}/conf
|
||||
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
|
||||
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
|
||||
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
|
||||
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
|
||||
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
|
||||
MEDIA_DIR=${INSTALLPATH}/seahub/media
|
||||
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
|
||||
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
|
||||
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create ccnet conf
|
||||
# -------------------------------------------
|
||||
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
|
||||
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
|
||||
|
||||
# Fix service url
|
||||
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create seafile conf
|
||||
# -------------------------------------------
|
||||
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
|
||||
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Write seafile.ini
|
||||
# -------------------------------------------
|
||||
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configure Seafile WebDAV Server(SeafDAV)
|
||||
# -------------------------------------------
|
||||
mkdir -p ${DEFAULT_CONF_DIR}
|
||||
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
|
||||
[WEBDAV]
|
||||
enabled = true
|
||||
port = 8080
|
||||
fastcgi = true
|
||||
share_name = /seafdav
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# generate seahub_settings.py
|
||||
# -------------------------------------------
|
||||
key=$(python "${SEAHUB_SECRET_KEYGEN}")
|
||||
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# prepare avatar directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/seahub-data"
|
||||
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
|
||||
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# create logs directory
|
||||
# -------------------------------------------
|
||||
mkdir -p "${TOPDIR}/logs"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Create symlink for current server version
|
||||
# -------------------------------------------
|
||||
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
|
||||
|
||||
|
||||
# Fix permissions
|
||||
chmod 0600 "$DEST_SETTINGS_PY"
|
||||
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
|
||||
chmod 0700 "$SEAFILE_DATA_DIR"
|
||||
chmod 0700 "$DEFAULT_CONF_DIR"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# copy user manuals to library template
|
||||
# -------------------------------------------
|
||||
mkdir -p ${LIBRARY_TEMPLATE_DIR}
|
||||
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring ccnet.conf
|
||||
# -------------------------------------------
|
||||
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
|
||||
|
||||
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
|
||||
|
||||
[Database]
|
||||
ENGINE = mysql
|
||||
HOST = 127.0.0.1
|
||||
PORT = 3306
|
||||
USER = seafile
|
||||
PASSWD = $SEAFILESQLPW
|
||||
DB = ccnet-db
|
||||
CONNECTION_CHARSET = utf8
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Configuring seahub_settings.py
|
||||
# -------------------------------------------
|
||||
cat >> ${DEST_SETTINGS_PY} <<EOF
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'django.db.backends.mysql',
|
||||
'NAME': 'seahub-db',
|
||||
'USER': 'seafile',
|
||||
'PASSWORD': '$SEAFILESQLPW',
|
||||
'HOST': '127.0.0.1',
|
||||
'PORT': '3306',
|
||||
'OPTIONS': {
|
||||
'init_command': 'SET storage_engine=INNODB',
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
CACHES = {
|
||||
'default': {
|
||||
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
|
||||
'LOCATION': '127.0.0.1:11211',
|
||||
}
|
||||
}
|
||||
|
||||
EMAIL_USE_TLS = False
|
||||
EMAIL_HOST = 'localhost'
|
||||
EMAIL_HOST_USER = ''
|
||||
EMAIL_HOST_PASSWORD = ''
|
||||
EMAIL_PORT = '25'
|
||||
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
|
||||
SERVER_EMAIL = 'EMAIL_HOST_USER'
|
||||
TIME_ZONE = 'Europe/Berlin'
|
||||
SITE_BASE = 'https://${IP_OR_DOMAIN}'
|
||||
SITE_NAME = 'Seafile Server'
|
||||
SITE_TITLE = 'Seafile Server'
|
||||
SITE_ROOT = '/'
|
||||
USE_PDFJS = True
|
||||
ENABLE_SIGNUP = False
|
||||
ACTIVATE_AFTER_REGISTRATION = False
|
||||
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
|
||||
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
|
||||
CLOUD_MODE = False
|
||||
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
|
||||
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
|
||||
SESSION_SAVE_EVERY_REQUEST = False
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
|
||||
FILE_SERVER_ROOT = 'https://${IP_OR_DOMAIN}/seafhttp'
|
||||
EOF
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Backup check_init_admin.py befor applying changes
|
||||
# -------------------------------------------
|
||||
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Set admin credentials in check_init_admin.py
|
||||
# -------------------------------------------
|
||||
SEAFILE_ADMIN_PW=$(pwgen)
|
||||
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start and stop Seafile eco system. This generates the initial admin user.
|
||||
# -------------------------------------------
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
|
||||
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Restore original check_init_admin.py
|
||||
# -------------------------------------------
|
||||
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Fix permissions
|
||||
# -------------------------------------------
|
||||
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Start seafile server
|
||||
# -------------------------------------------
|
||||
echo "Starting productive Seafile server"
|
||||
service seafile-server start
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Final report
|
||||
# -------------------------------------------
|
||||
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
|
||||
|
||||
Your Seafile server is installed
|
||||
-----------------------------------------------------------------
|
||||
|
||||
Server Name: ${SERVER_NAME}
|
||||
Server Address: https://${IP_OR_DOMAIN}
|
||||
|
||||
Seafile Admin: ${SEAFILE_ADMIN}
|
||||
Admin Password: ${SEAFILE_ADMIN_PW}
|
||||
|
||||
Seafile Data Dir: ${SEAFILE_DATA_DIR}
|
||||
|
||||
Seafile DB Credentials: Check /opt/seafile/.my.cnf
|
||||
Root DB Credentials: Check /root/.my.cnf
|
||||
|
||||
This report is also saved to ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
|
||||
Next you should manually complete the following steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Run seafile-server-change-address to add your Seafile servers DNS name
|
||||
|
||||
2) If this server is behind a firewall, you need to ensure that
|
||||
tcp port 443 for the NGINX reverse proxy is open. Optionally
|
||||
you may also open tcp port 80 which redirects all unencrypted
|
||||
http traffic to the encrypted https port.
|
||||
|
||||
3) Seahub tries to send emails via the local server. Install and
|
||||
configure Postfix for this to work.
|
||||
|
||||
|
||||
|
||||
|
||||
Optional steps
|
||||
-----------------------------------------------------------------
|
||||
|
||||
1) Check seahub_settings.py and customize it to fit your needs. Consult
|
||||
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
|
||||
|
||||
2) Setup NGINX with official SSL certificate.
|
||||
|
||||
3) Secure server with iptables based firewall. For instance: UFW or shorewall
|
||||
|
||||
4) Harden system with port knocking, fail2ban, etc.
|
||||
|
||||
5) Enable unattended installation of security updates. Check
|
||||
https://wiki.Ubuntu.org/UnattendedUpgrades for details.
|
||||
|
||||
6) Implement a backup routine for your Seafile server.
|
||||
|
||||
7) Update NGINX worker processes to reflect the number of CPU cores.
|
||||
|
||||
|
||||
|
||||
|
||||
Seafile support options
|
||||
-----------------------------------------------------------------
|
||||
|
||||
For free community support visit: https://forum.seafile-server.org
|
||||
For paid commercial support visit: https://seafile.com.de
|
||||
|
||||
|
||||
|
||||
|
||||
Contribute
|
||||
-----------------------------------------------------------------
|
||||
Please contact alexander.jackson@seafile.de
|
||||
for bugs or suggestions about this installer. Thank you!
|
||||
|
||||
EOF
|
||||
|
||||
chmod 600 ${seafile_dir}/aio_seafile-server.log
|
||||
chown -R ${SEAFILE_USER}.nogroup ${seafile_dir}/aio_seafile-server.log
|
||||
|
||||
|
||||
# -------------------------------------------
|
||||
# Install seafile-server-change-address script
|
||||
# -------------------------------------------
|
||||
wget https://gist.githubusercontent.com/alexanderjackson/7e6fd01187327ffd8518/raw/2a87ea94ec8906f8e1847236711eef27ba1d2bb8/seafile-server-change-address -O /usr/local/sbin/seafile-server-change-address
|
||||
chmod 500 /usr/local/sbin/seafile-server-change-address
|
||||
|
||||
clear
|
||||
|
||||
cat ${seafile_dir}/aio_seafile-server.log
|
Loading…
Reference in New Issue
Block a user