💾 Archived View for elmau.net › notes › seafile.gmi captured on 2021-12-04 at 18:04:22. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

➡️ Next capture (2023-03-20)

-=-=-=-=-=-=-

SeaFile

SeaFile es un servidor de archivos.

SeaFile

Debes de tener ya apuntando un registro DNS tipo A a tu dominio o subdominio que vayas a usar con SeaFile, para este ejemplo he usado: seafile.cuates.net

Asumo que es un servidor limpio recien instalado.

Agregar el usuario seafile

adduser seafile

usermod -aG sudo seafile

Instalar los requerimientos.

sudo apt install python-is-python3 python3-pip libmemcached-dev memcached python3-dev default-libmysqlclient-dev build-essential

sudo pip3 install --upgrade pip wheel

pip install --user pillow pylibmc captcha jinja2 sqlalchemy django-pylibmc django-simple-captcha python3-ldap mysqlclient

Instalar y configurar MariaDB

sudo apt install mariadb-server

sudo mysql_secure_installation

sudo mysql -u root -p

    use mysql;
    update user set plugin='mysql_native_password' where user='root';
    flush privileges;
    quit;

sudo mkdir /opt/seafile

sudo chown -R seafile:seafile /opt/seafile

cd /opt/seafile

wget https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_8.0.7_x86-64.tar.gz

tar -xzf seafile-server_8.0.7_x86-64.tar.gz

mkdir installed

mv seafile-server_8.0.7_x86-64.tar.gz installed/

cd seafile-server-8.0.7

./setup-seafile-mysql.sh

---------------------------------

This is your configuration

---------------------------------

server name: seafilecuates

server ip/domain: seafile.cuates.net

seafile data dir: /opt/seafile/seafile-data

fileserver port: 8082

database: create new

ccnet database: ccnet-db

seafile database: seafile-db

seahub database: seahub-db

database user: seafile

---------------------------------

Press ENTER to continue, or Ctrl-C to abort

---------------------------------

...

-----------------------------------------------------------------

Your seafile server configuration has been finished successfully.

-----------------------------------------------------------------

./seafile.sh start

Seafile server started

./seahub.sh start

What is the email for the admin account?

[ admin email ]

What is the password for the admin account?

[ admin password ]

----------------------------------------

Successfully created seafile admin

----------------------------------------

...

Seahub is started

./seahub.sh stop

./seafile.sh stop

sudo apt install certbot

sudo certbot register --agree-tos -m YOUR_EMAIL

sudo certbot certonly --standalone --preferred-challenges http-01 -d DOMAIN

/etc/letsencrypt/live/DOMAIN/fullchain.pem

/etc/letsencrypt/live/DOMAIN/privkey.pem

sudo openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096

sudo vim /etc/letsencrypt/options-ssl-nginx.conf

ssl_session_cache shared:le_nginx_SSL:10m;

ssl_session_timeout 1440m;

ssl_protocols TLSv1.2 TLSv1.3;

ssl_prefer_server_ciphers on;

ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38";

add_header Strict-Transport-Security "max-age=63072000; preload";

add_header X-Frame-Options "SAMEORIGIN";

add_header X-Content-Type-Options nosniff;

add_header X-XSS-Protection "1; mode=block";

add_header Permissions-Policy interest-cohort=();

sudo vim /etc/letsencrypt/certbot.conf

ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;

include /etc/letsencrypt/options-ssl-nginx.conf;

ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

sudo apt install nginx

sudo vim /etc/nginx/nginx.conf

user www-data;

worker_processes auto;

worker_rlimit_nofile 20480;

pid /run/nginx.pid;

error_log /var/log/nginx/error.log warn;

events {

worker_connections 5120;

}

http {

include /etc/nginx/mime.types;

default_type application/octet-stream;

server_tokens off;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '

'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;

keepalive_timeout 65;

include /etc/nginx/sites-enabled/*.conf;

disable_symlinks off;

client_max_body_size 50m;

include /etc/nginx/badagent.rules;

include /etc/nginx/badreferer.rules;

}

sudo vim /etc/nginx/sites-available/seafile.cuates.net.conf

server {

listen 443 ssl http2;

listen [::]:443 ssl http2;

server_name seafile.cuates.net;

charset utf-8;

include /etc/letsencrypt/custom/elmau.net/certbot.conf;

proxy_set_header X-Forwarded-For $remote_addr;

server_tokens off;

access_log /var/log/nginx/access.log;

error_log /var/log/nginx/error.log;

client_max_body_size 0;

location / {

proxy_pass http://127.0.0.1:8000;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Host $server_name;

proxy_set_header X-Forwarded-Proto https;

proxy_read_timeout 1200s;

}

location /seafhttp {

rewrite ^/seafhttp(.*)$ $1 break;

proxy_pass http://127.0.0.1:8082;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_connect_timeout 36000s;

proxy_read_timeout 36000s;

proxy_send_timeout 36000s;

send_timeout 36000s;

}

location /media {

root /opt/seafile/seafile-server-latest/seahub;

}

}

sudo ln -s /etc/nginx/sites-available/seafile.cuates.net.conf /etc/nginx/sites-enabled/

sudo nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful

cd /opt/seafile/conf

vim ccnet.conf

[General]

SERVICE_URL = https://seafile.cuates.net

vim seahub_settings.py

FILE_SERVER_ROOT = 'https://seafile.elmau.net/seafhttp'

EMAIL_USE_SSL = True

EMAIL_HOST = 'mail.gandi.net'

EMAIL_HOST_USER = 'no-responder@empresalibre.mx'

EMAIL_PORT = 465

EMAIL_USE_LOCALTIME = True

EMAIL_HOST_PASSWORD = 'PASSWORD'

DEFAULT_FROM_EMAIL = EMAIL_HOST_USER

SERVER_EMAIL = EMAIL_HOST_USER

ENABLE_SETTINGS_VIA_WEB = False

ALLOWED_HOSTS = ['seafile.elmau.net']

ENABLE_SIGNUP = True

ACTIVATE_AFTER_REGISTRATION = False

NOTIFY_ADMIN_AFTER_REGISTRATION = True

LOGIN_ATTEMPT_LIMIT = 3

FREEZE_USER_ON_LOGIN_FAILED = True

USER_PASSWORD_MIN_LENGTH = 10

SESSION_EXPIRE_AT_BROWSER_CLOSE = True

TIME_ZONE = 'America/Mexico_City'

LANGUAGE_CODE = 'en'

LANGUAGES = (

('en', 'English'),

('es', 'Español'),

)

SITE_NAME = 'Seafile Cuates'

SITE_TITLE = SITE_NAME

SHARE_LINK_EMAIL_LANGUAGE = 'es-ES'

REST_FRAMEWORK = {

'DEFAULT_THROTTLE_RATES': {

'ping': '600/minute',

'anon': '5/minute',

'user': '300/minute',

},

'UNICODE_JSON': False,

}

CACHES = {

'default': {

'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',

'LOCATION': '127.0.0.1:11211',

},

}

sudo vim /etc/systemd/system/seafile.service

[Unit]

Description=Seafile

After=network.target mysql.service

[Service]

Type=forking

ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start

ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop

LimitNOFILE=infinity

User=seafile

Group=www-data

[Install]

WantedBy=multi-user.target

sudo vim /etc/systemd/system/seahub.service

[Unit]

Description=Seahub

After=network.target seafile.service

[Service]

Environment="LC_ALL=en_US.UTF-8"

Type=forking

ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start

ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop

User=seafile

Group=www-data

[Install]

WantedBy=multi-user.target

sudo systemctl enable seafile

sudo systemctl start seafile

sudo systemctl enable seahub

sudo systemctl start seahub

sudo systemctl restart nginx

sudo apt install ufw

sudo ufw allow 2274/tcp

sudo ufw allow 443/tcp

sudo ufw enable