Add seafile
This commit is contained in:
parent
98fa4da216
commit
5d8e07c0c7
|
@ -0,0 +1,70 @@
|
|||
## Mail Server
|
||||
|
||||
DNS
|
||||
|
||||
```
|
||||
@ 86400 IN SOA ns1.gandi.net. hostmaster.gandi.net. 1600703899 10800 3600 604800 10800
|
||||
@ 300 IN A 188.68.36.124
|
||||
@ 300 IN MX 10 mail
|
||||
@ 300 IN TXT "v=spf1 ip4:188.68.36.124 a -all"
|
||||
_dmarc 300 IN TXT "v=DMARC1; p=reject; adkim=s; aspf=s; sp=none; rua=mailto:dmarc@correolibre.org; ruf=mailto:dmarc@correolibre.org"
|
||||
dkim._domainkey 300 IN TXT "v=DKIM1; p="
|
||||
mail 300 IN A 188.68.36.124
|
||||
mail 300 IN AAAA 2a03:4000:13:a72:d8b7:60ff:fec0:ff2
|
||||
```
|
||||
|
||||
apt update
|
||||
|
||||
apt upgrade
|
||||
|
||||
timedatectl set-timezone America/Mexico_City
|
||||
|
||||
vim /var/lib/locales/supported.d/en
|
||||
|
||||
dpkg-reconfigure locales
|
||||
|
||||
localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en"
|
||||
|
||||
vim /etc/environment
|
||||
|
||||
LANG=en_US.UTF-8
|
||||
LC_ALL=en_US.UTF-8
|
||||
|
||||
apt install python-is-python3 mlocate
|
||||
|
||||
vim .bashrc
|
||||
|
||||
`PS1="┌─[\e[0;32m\H\e[m][\e[1;31m\u\e[m]->{\[\e[34;1m\]\w\[\e[0;1m\]}\n└──> \[\e[0m\]"`
|
||||
|
||||
source .bashrc
|
||||
|
||||
hostnamectl set-hostname mail.correolibre.org
|
||||
|
||||
vim /etc/hostname
|
||||
|
||||
mail.cuates.net
|
||||
|
||||
vim /etc/hosts
|
||||
|
||||
127.0.0.1 mail.cuates.net mail localhost
|
||||
|
||||
reboot
|
||||
|
||||
cd /root
|
||||
|
||||
wget https://github.com/iredmail/iRedMail/archive/1.4.2.tar.gz
|
||||
|
||||
tar zxf 1.4.2.tar.gz
|
||||
|
||||
cd iRedMail-1.4.2/
|
||||
|
||||
bash iRedMail.sh
|
||||
|
||||
|
||||
***************************** WARNING ***********************************
|
||||
* Below file contains sensitive infomation (username/password), please *
|
||||
* do remember to *MOVE* it to a safe place after installation. *
|
||||
|
||||
/root/iRedMail-1.4.2/config
|
||||
|
||||
|
|
@ -0,0 +1,363 @@
|
|||
## SeaFile
|
||||
|
||||
SeaFile es un servidor de archivos.
|
||||
=> https://www.seafile.com/en/home/ SeaFile
|
||||
|
||||
Debes de tener ya apuntando un registro DNS tipo A a tu dominio o subdominio que vayas a usar con SeaFile, para este ejemplo he usado: seafile.cuates.net
|
||||
|
||||
Asumo que es un servidor limpio recien instalado.
|
||||
|
||||
* Como root
|
||||
|
||||
Agregar el usuario seafile
|
||||
|
||||
```
|
||||
adduser seafile
|
||||
|
||||
usermod -aG sudo seafile
|
||||
```
|
||||
|
||||
* Como seafile
|
||||
|
||||
Instalar los requerimientos.
|
||||
|
||||
```
|
||||
sudo apt install python-is-python3 python3-pip libmemcached-dev memcached python3-dev default-libmysqlclient-dev build-essential
|
||||
|
||||
sudo pip3 install --upgrade pip wheel
|
||||
|
||||
pip install --user pillow pylibmc captcha jinja2 sqlalchemy django-pylibmc django-simple-captcha python3-ldap mysqlclient
|
||||
```
|
||||
|
||||
Instalar y configurar MariaDB
|
||||
|
||||
```
|
||||
sudo apt install mariadb-server
|
||||
|
||||
sudo mysql_secure_installation
|
||||
|
||||
sudo mysql -u root -p
|
||||
|
||||
use mysql;
|
||||
update user set plugin='mysql_native_password' where user='root';
|
||||
flush privileges;
|
||||
quit;
|
||||
```
|
||||
|
||||
sudo mkdir /opt/seafile
|
||||
|
||||
sudo chown -R seafile:seafile /opt/seafile
|
||||
|
||||
cd /opt/seafile
|
||||
|
||||
wget https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_8.0.7_x86-64.tar.gz
|
||||
|
||||
|
||||
tar -xzf seafile-server_8.0.7_x86-64.tar.gz
|
||||
|
||||
mkdir installed
|
||||
|
||||
mv seafile-server_8.0.7_x86-64.tar.gz installed/
|
||||
|
||||
cd seafile-server-8.0.7
|
||||
|
||||
./setup-seafile-mysql.sh
|
||||
|
||||
---------------------------------
|
||||
This is your configuration
|
||||
---------------------------------
|
||||
|
||||
server name: seafilecuates
|
||||
server ip/domain: seafile.cuates.net
|
||||
|
||||
seafile data dir: /opt/seafile/seafile-data
|
||||
fileserver port: 8082
|
||||
|
||||
database: create new
|
||||
ccnet database: ccnet-db
|
||||
seafile database: seafile-db
|
||||
seahub database: seahub-db
|
||||
database user: seafile
|
||||
|
||||
---------------------------------
|
||||
Press ENTER to continue, or Ctrl-C to abort
|
||||
---------------------------------
|
||||
...
|
||||
-----------------------------------------------------------------
|
||||
Your seafile server configuration has been finished successfully.
|
||||
-----------------------------------------------------------------
|
||||
|
||||
|
||||
./seafile.sh start
|
||||
|
||||
Seafile server started
|
||||
|
||||
./seahub.sh start
|
||||
|
||||
What is the email for the admin account?
|
||||
[ admin email ]
|
||||
|
||||
What is the password for the admin account?
|
||||
[ admin password ]
|
||||
|
||||
----------------------------------------
|
||||
Successfully created seafile admin
|
||||
----------------------------------------
|
||||
...
|
||||
Seahub is started
|
||||
|
||||
|
||||
./seahub.sh stop
|
||||
|
||||
./seafile.sh stop
|
||||
|
||||
|
||||
sudo apt install certbot
|
||||
|
||||
sudo certbot register --agree-tos -m YOUR_EMAIL
|
||||
|
||||
sudo certbot certonly --standalone --preferred-challenges http-01 -d DOMAIN
|
||||
|
||||
/etc/letsencrypt/live/DOMAIN/fullchain.pem
|
||||
/etc/letsencrypt/live/DOMAIN/privkey.pem
|
||||
|
||||
sudo openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096
|
||||
|
||||
sudo vim /etc/letsencrypt/options-ssl-nginx.conf
|
||||
|
||||
ssl_session_cache shared:le_nginx_SSL:10m;
|
||||
ssl_session_timeout 1440m;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38";
|
||||
|
||||
add_header Strict-Transport-Security "max-age=63072000; preload";
|
||||
add_header X-Frame-Options "SAMEORIGIN";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header Permissions-Policy interest-cohort=();
|
||||
|
||||
sudo vim /etc/letsencrypt/certbot.conf
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
|
||||
include /etc/letsencrypt/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||
|
||||
|
||||
sudo apt install nginx
|
||||
|
||||
sudo vim /etc/nginx/nginx.conf
|
||||
|
||||
user www-data;
|
||||
worker_processes auto;
|
||||
worker_rlimit_nofile 20480;
|
||||
pid /run/nginx.pid;
|
||||
|
||||
error_log /var/log/nginx/error.log warn;
|
||||
|
||||
events {
|
||||
worker_connections 5120;
|
||||
}
|
||||
|
||||
http {
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
server_tokens off;
|
||||
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
||||
'$status $body_bytes_sent "$http_referer" '
|
||||
'"$http_user_agent" "$http_x_forwarded_for"';
|
||||
|
||||
access_log /var/log/nginx/access.log main;
|
||||
|
||||
sendfile on;
|
||||
|
||||
keepalive_timeout 65;
|
||||
|
||||
include /etc/nginx/sites-enabled/*.conf;
|
||||
|
||||
disable_symlinks off;
|
||||
|
||||
client_max_body_size 50m;
|
||||
|
||||
include /etc/nginx/badagent.rules;
|
||||
include /etc/nginx/badreferer.rules;
|
||||
}
|
||||
|
||||
sudo vim /etc/nginx/sites-available/seafile.cuates.net.conf
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
server_name seafile.cuates.net;
|
||||
charset utf-8;
|
||||
|
||||
include /etc/letsencrypt/custom/elmau.net/certbot.conf;
|
||||
proxy_set_header X-Forwarded-For $remote_addr;
|
||||
server_tokens off;
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
client_max_body_size 0;
|
||||
|
||||
location / {
|
||||
proxy_pass http://127.0.0.1:8000;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Host $server_name;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_read_timeout 1200s;
|
||||
}
|
||||
|
||||
location /seafhttp {
|
||||
rewrite ^/seafhttp(.*)$ $1 break;
|
||||
proxy_pass http://127.0.0.1:8082;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_connect_timeout 36000s;
|
||||
proxy_read_timeout 36000s;
|
||||
proxy_send_timeout 36000s;
|
||||
send_timeout 36000s;
|
||||
}
|
||||
|
||||
location /media {
|
||||
root /opt/seafile/seafile-server-latest/seahub;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
sudo ln -s /etc/nginx/sites-available/seafile.cuates.net.conf /etc/nginx/sites-enabled/
|
||||
|
||||
sudo nginx -t
|
||||
|
||||
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
|
||||
nginx: configuration file /etc/nginx/nginx.conf test is successful
|
||||
|
||||
|
||||
cd /opt/seafile/conf
|
||||
|
||||
vim ccnet.conf
|
||||
|
||||
[General]
|
||||
SERVICE_URL = https://seafile.cuates.net
|
||||
|
||||
vim seahub_settings.py
|
||||
|
||||
FILE_SERVER_ROOT = 'https://seafile.elmau.net/seafhttp'
|
||||
|
||||
EMAIL_USE_SSL = True
|
||||
EMAIL_HOST = 'mail.gandi.net'
|
||||
EMAIL_HOST_USER = 'no-responder@empresalibre.mx'
|
||||
EMAIL_PORT = 465
|
||||
EMAIL_USE_LOCALTIME = True
|
||||
EMAIL_HOST_PASSWORD = 'PASSWORD'
|
||||
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
|
||||
SERVER_EMAIL = EMAIL_HOST_USER
|
||||
|
||||
ENABLE_SETTINGS_VIA_WEB = False
|
||||
|
||||
ALLOWED_HOSTS = ['seafile.elmau.net']
|
||||
|
||||
ENABLE_SIGNUP = True
|
||||
|
||||
ACTIVATE_AFTER_REGISTRATION = False
|
||||
|
||||
NOTIFY_ADMIN_AFTER_REGISTRATION = True
|
||||
|
||||
LOGIN_ATTEMPT_LIMIT = 3
|
||||
|
||||
FREEZE_USER_ON_LOGIN_FAILED = True
|
||||
|
||||
USER_PASSWORD_MIN_LENGTH = 10
|
||||
|
||||
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
||||
|
||||
TIME_ZONE = 'America/Mexico_City'
|
||||
|
||||
LANGUAGE_CODE = 'en'
|
||||
|
||||
LANGUAGES = (
|
||||
('en', 'English'),
|
||||
('es', 'Español'),
|
||||
)
|
||||
|
||||
SITE_NAME = 'Seafile Cuates'
|
||||
|
||||
SITE_TITLE = SITE_NAME
|
||||
|
||||
SHARE_LINK_EMAIL_LANGUAGE = 'es-ES'
|
||||
|
||||
REST_FRAMEWORK = {
|
||||
'DEFAULT_THROTTLE_RATES': {
|
||||
'ping': '600/minute',
|
||||
'anon': '5/minute',
|
||||
'user': '300/minute',
|
||||
},
|
||||
'UNICODE_JSON': False,
|
||||
}
|
||||
|
||||
CACHES = {
|
||||
'default': {
|
||||
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
|
||||
'LOCATION': '127.0.0.1:11211',
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
sudo vim /etc/systemd/system/seafile.service
|
||||
|
||||
[Unit]
|
||||
Description=Seafile
|
||||
After=network.target mysql.service
|
||||
|
||||
[Service]
|
||||
Type=forking
|
||||
ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start
|
||||
ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop
|
||||
LimitNOFILE=infinity
|
||||
User=seafile
|
||||
Group=www-data
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
sudo vim /etc/systemd/system/seahub.service
|
||||
|
||||
[Unit]
|
||||
Description=Seahub
|
||||
After=network.target seafile.service
|
||||
|
||||
[Service]
|
||||
Environment="LC_ALL=en_US.UTF-8"
|
||||
Type=forking
|
||||
ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start
|
||||
ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop
|
||||
User=seafile
|
||||
Group=www-data
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
||||
sudo systemctl enable seafile
|
||||
sudo systemctl start seafile
|
||||
|
||||
sudo systemctl enable seahub
|
||||
sudo systemctl start seahub
|
||||
|
||||
sudo systemctl restart nginx
|
||||
|
||||
|
||||
sudo apt install ufw
|
||||
|
||||
sudo ufw allow 2274/tcp
|
||||
|
||||
sudo ufw allow 443/tcp
|
||||
|
||||
sudo ufw enable
|
||||
|
||||
|
|
@ -0,0 +1,65 @@
|
|||
SimpleLogin
|
||||
|
||||
Servidor para alias de correo.
|
||||
|
||||
|
||||
sudo apt install dnsutils apt-transport-https
|
||||
|
||||
cd /opt
|
||||
|
||||
sudo mkdir simplelogin
|
||||
sudo mkdir simplelogin/pgp # to store PGP key
|
||||
sudo mkdir simplelogin/db # to store database
|
||||
sudo mkdir simplelogin/upload # to store quarantine emails
|
||||
|
||||
cd simplelogin
|
||||
|
||||
sudo openssl genrsa -out dkim.key 2048
|
||||
sudo openssl rsa -in dkim.key -pubout -out dkim.pub.key
|
||||
|
||||
|
||||
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
|
||||
|
||||
echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
|
||||
|
||||
sudo apt update
|
||||
|
||||
sudo apt install docker-ce docker-ce-cli containerd.io
|
||||
|
||||
sudo usermod -aG docker $USER
|
||||
|
||||
|
||||
sudo docker network create -d bridge \
|
||||
--subnet=240.0.0.0/24 \
|
||||
--gateway=240.0.0.1 \
|
||||
sl-network
|
||||
|
||||
|
||||
docker run -d \
|
||||
--name sl-db \
|
||||
-e POSTGRES_PASSWORD=PASSWORD \
|
||||
-e POSTGRES_USER=simplelogisudo aptn \
|
||||
-e POSTGRES_DB=simplelogin \
|
||||
-p 5432:5432 \
|
||||
-v /opt/simplelogin/db:/var/lib/postgresql/data \
|
||||
--restart always \
|
||||
--network="sl-network" \
|
||||
postgres:12.1
|
||||
|
||||
|
||||
docker exec -it sl-db psql -U simplelogin simplelogin
|
||||
|
||||
|
||||
|
||||
sudo apt install postfix postfix-pgsql
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue