💾 Archived View for elmau.net › notes › seafile.gmi captured on 2021-12-04 at 18:04:22. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2021-11-30)
-=-=-=-=-=-=-
SeaFile es un servidor de archivos.
Debes de tener ya apuntando un registro DNS tipo A a tu dominio o subdominio que vayas a usar con SeaFile, para este ejemplo he usado: seafile.cuates.net
Asumo que es un servidor limpio recien instalado.
Agregar el usuario seafile
adduser seafile usermod -aG sudo seafile
Instalar los requerimientos.
sudo apt install python-is-python3 python3-pip libmemcached-dev memcached python3-dev default-libmysqlclient-dev build-essential sudo pip3 install --upgrade pip wheel pip install --user pillow pylibmc captcha jinja2 sqlalchemy django-pylibmc django-simple-captcha python3-ldap mysqlclient
Instalar y configurar MariaDB
sudo apt install mariadb-server sudo mysql_secure_installation sudo mysql -u root -p use mysql; update user set plugin='mysql_native_password' where user='root'; flush privileges; quit;
sudo mkdir /opt/seafile
sudo chown -R seafile:seafile /opt/seafile
cd /opt/seafile
wget https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_8.0.7_x86-64.tar.gz
tar -xzf seafile-server_8.0.7_x86-64.tar.gz
mkdir installed
mv seafile-server_8.0.7_x86-64.tar.gz installed/
cd seafile-server-8.0.7
./setup-seafile-mysql.sh
---------------------------------
This is your configuration
---------------------------------
server name: seafilecuates
server ip/domain: seafile.cuates.net
seafile data dir: /opt/seafile/seafile-data
fileserver port: 8082
database: create new
ccnet database: ccnet-db
seafile database: seafile-db
seahub database: seahub-db
database user: seafile
---------------------------------
Press ENTER to continue, or Ctrl-C to abort
---------------------------------
...
-----------------------------------------------------------------
Your seafile server configuration has been finished successfully.
-----------------------------------------------------------------
./seafile.sh start
Seafile server started
./seahub.sh start
What is the email for the admin account?
[ admin email ]
What is the password for the admin account?
[ admin password ]
----------------------------------------
Successfully created seafile admin
----------------------------------------
...
Seahub is started
./seahub.sh stop
./seafile.sh stop
sudo apt install certbot
sudo certbot register --agree-tos -m YOUR_EMAIL
sudo certbot certonly --standalone --preferred-challenges http-01 -d DOMAIN
/etc/letsencrypt/live/DOMAIN/fullchain.pem
/etc/letsencrypt/live/DOMAIN/privkey.pem
sudo openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096
sudo vim /etc/letsencrypt/options-ssl-nginx.conf
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38";
add_header Strict-Transport-Security "max-age=63072000; preload";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Permissions-Policy interest-cohort=();
sudo vim /etc/letsencrypt/certbot.conf
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
sudo apt install nginx
sudo vim /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
worker_rlimit_nofile 20480;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log warn;
events {
worker_connections 5120;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
keepalive_timeout 65;
include /etc/nginx/sites-enabled/*.conf;
disable_symlinks off;
client_max_body_size 50m;
include /etc/nginx/badagent.rules;
include /etc/nginx/badreferer.rules;
}
sudo vim /etc/nginx/sites-available/seafile.cuates.net.conf
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name seafile.cuates.net;
charset utf-8;
include /etc/letsencrypt/custom/elmau.net/certbot.conf;
proxy_set_header X-Forwarded-For $remote_addr;
server_tokens off;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 0;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 1200s;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
}
sudo ln -s /etc/nginx/sites-available/seafile.cuates.net.conf /etc/nginx/sites-enabled/
sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
cd /opt/seafile/conf
vim ccnet.conf
[General]
SERVICE_URL = https://seafile.cuates.net
vim seahub_settings.py
FILE_SERVER_ROOT = 'https://seafile.elmau.net/seafhttp'
EMAIL_USE_SSL = True
EMAIL_HOST = 'mail.gandi.net'
EMAIL_HOST_USER = 'no-responder@empresalibre.mx'
EMAIL_PORT = 465
EMAIL_USE_LOCALTIME = True
EMAIL_HOST_PASSWORD = 'PASSWORD'
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
SERVER_EMAIL = EMAIL_HOST_USER
ENABLE_SETTINGS_VIA_WEB = False
ALLOWED_HOSTS = ['seafile.elmau.net']
ENABLE_SIGNUP = True
ACTIVATE_AFTER_REGISTRATION = False
NOTIFY_ADMIN_AFTER_REGISTRATION = True
LOGIN_ATTEMPT_LIMIT = 3
FREEZE_USER_ON_LOGIN_FAILED = True
USER_PASSWORD_MIN_LENGTH = 10
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
TIME_ZONE = 'America/Mexico_City'
LANGUAGE_CODE = 'en'
LANGUAGES = (
('en', 'English'),
('es', 'Español'),
)
SITE_NAME = 'Seafile Cuates'
SITE_TITLE = SITE_NAME
SHARE_LINK_EMAIL_LANGUAGE = 'es-ES'
REST_FRAMEWORK = {
'DEFAULT_THROTTLE_RATES': {
'ping': '600/minute',
'anon': '5/minute',
'user': '300/minute',
},
'UNICODE_JSON': False,
}
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '127.0.0.1:11211',
},
}
sudo vim /etc/systemd/system/seafile.service
[Unit]
Description=Seafile
After=network.target mysql.service
[Service]
Type=forking
ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start
ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop
LimitNOFILE=infinity
User=seafile
Group=www-data
[Install]
WantedBy=multi-user.target
sudo vim /etc/systemd/system/seahub.service
[Unit]
Description=Seahub
After=network.target seafile.service
[Service]
Environment="LC_ALL=en_US.UTF-8"
Type=forking
ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start
ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop
User=seafile
Group=www-data
[Install]
WantedBy=multi-user.target
sudo systemctl enable seafile
sudo systemctl start seafile
sudo systemctl enable seahub
sudo systemctl start seahub
sudo systemctl restart nginx
sudo apt install ufw
sudo ufw allow 2274/tcp
sudo ufw allow 443/tcp
sudo ufw enable