727 lines
14 KiB
Plaintext
727 lines
14 KiB
Plaintext
## SeaFile
|
|
|
|
SeaFile es un servidor de archivos similiar a NextCloud.
|
|
=> https://www.seafile.com/en/home/ SeaFile
|
|
|
|
Debes de tener ya apuntando un registro DNS tipo A (o AAAA) a tu dominio o subdominio que vayas a usar con SeaFile, para este ejemplo he usado: "seafile.cuates.net". Si no tienes dominio, puedo ayudarte con un subdominio.
|
|
|
|
Para este proceso he usado Ubuntu Server 22.04 LTS. También asumo que tienes conocimientos básicos de la terminal Linux con cualquier shell. Aquí uso el editor "vim" para editar los archivos, pero puedes usar cualquier editor de texto plano que te guste y este instalado en tu servidor.
|
|
|
|
Si activas el registro abierto en tu instancia y quieres recibir las notificaciones por correo, necesitas un servicio SMTP activo y funcionando.
|
|
|
|
|
|
### [0] Preparación
|
|
|
|
Asumo que es un servidor limpio recién instalado y actualizado.
|
|
|
|
```
|
|
apt update
|
|
apt upgrade
|
|
apt autoremove
|
|
```
|
|
|
|
Asegurate de tener correctamente configurado tu host.
|
|
|
|
```
|
|
hostnamectl set-hostname seafile.cuates.net
|
|
```
|
|
|
|
Tu zona horaria.
|
|
|
|
```
|
|
timedatectl set-timezone America/Mexico_City
|
|
```
|
|
|
|
Y tus locales
|
|
|
|
```
|
|
localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en"
|
|
```
|
|
|
|
### [1] Agregar usuario
|
|
|
|
Como "root", agregar el usuario "seafile".
|
|
|
|
```
|
|
adduser seafile
|
|
```
|
|
|
|
Y agrégalo al grupo "sudo".
|
|
|
|
```
|
|
usermod -aG sudo seafile
|
|
```
|
|
|
|
Cambiate a este nuevo usuario.
|
|
|
|
```
|
|
su seafile
|
|
```
|
|
|
|
|
|
### [2] Instalar los requerimientos previos.
|
|
|
|
Estos requerimientos con "sudo".
|
|
|
|
```
|
|
sudo apt install python-is-python3 python3-pip libmemcached-dev memcached python3-dev default-libmysqlclient-dev build-essential
|
|
```
|
|
|
|
Actualizamos "pip".
|
|
|
|
```
|
|
sudo pip install --upgrade pip wheel
|
|
```
|
|
|
|
Estos requerimientos ya son sin "sudo".
|
|
|
|
```
|
|
pip install --user pillow pylibmc captcha jinja2 sqlalchemy django-pylibmc django-simple-captcha python3-ldap mysqlclient lxml
|
|
```
|
|
|
|
|
|
### [3] Instalar el motor de base de datos MariaDB
|
|
|
|
Instalar con "sudo".
|
|
|
|
```
|
|
sudo apt install mariadb-server
|
|
```
|
|
|
|
Ejecutar el asistente para mejorar la seguridad de MariaDB
|
|
|
|
```
|
|
sudo mysql_secure_installation
|
|
```
|
|
|
|
Asegurate de que la contraseña para el "root" de MariaDB esta bien.
|
|
|
|
```
|
|
sudo mysql -u root -p
|
|
```
|
|
|
|
|
|
### [4] Instalar SeaFile
|
|
|
|
Creamos el directorio de instalación.
|
|
|
|
```
|
|
sudo mkdir /opt/seafile
|
|
```
|
|
|
|
Lo cambiamos de dueño.
|
|
|
|
```
|
|
sudo chown -R seafile:seafile /opt/seafile
|
|
```
|
|
|
|
Nos movemos a el.
|
|
|
|
```
|
|
cd /opt/seafile
|
|
```
|
|
|
|
Descargamos la última versión.
|
|
|
|
```
|
|
wget https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_9.0.9_x86-64.tar.gz
|
|
```
|
|
|
|
Extraemos.
|
|
|
|
```
|
|
tar -xzf seafile-server_9.0.9_x86-64.tar.gz
|
|
```
|
|
|
|
Creamos un directorio para guardar el archivo descargado.
|
|
|
|
```
|
|
mkdir installed
|
|
```
|
|
|
|
Y lo movemos.
|
|
|
|
```
|
|
mv seafile-server_9.0.9_x86-64.tar.gz installed/
|
|
```
|
|
|
|
Entramos al directorio.
|
|
|
|
```
|
|
cd seafile-server-9.0.9
|
|
```
|
|
|
|
Iniciamos el asistente de instalación de SeaFile.
|
|
|
|
```
|
|
./setup-seafile-mysql.sh
|
|
|
|
---------------------------------
|
|
This is your configuration
|
|
---------------------------------
|
|
|
|
server name: seafilecuates
|
|
server ip/domain: seafile.cuates.net
|
|
|
|
seafile data dir: /opt/seafile/seafile-data
|
|
fileserver port: 8082
|
|
|
|
database: create new
|
|
ccnet database: ccnet-db
|
|
seafile database: seafile-db
|
|
seahub database: seahub-db
|
|
database user: seafile
|
|
|
|
---------------------------------
|
|
Press ENTER to continue, or Ctrl-C to abort
|
|
---------------------------------
|
|
...
|
|
-----------------------------------------------------------------
|
|
Your seafile server configuration has been finished successfully.
|
|
-----------------------------------------------------------------
|
|
```
|
|
|
|
No continúes si "no ves" este último mensaje.
|
|
|
|
Iniciamos "seafile" para comprobar que todo esta bien.
|
|
|
|
```
|
|
./seafile.sh start
|
|
```
|
|
|
|
Si todo esta bien, debes de ver un mensaje similar a:
|
|
|
|
```
|
|
Starting seafile server, please wait ...
|
|
** Message: 19:17:49.928: seafile-controller.c(621): No seafevents.
|
|
|
|
Seafile server started
|
|
|
|
Done.
|
|
```
|
|
|
|
Iniciamos "seahub".
|
|
|
|
```
|
|
./seahub.sh start
|
|
```
|
|
|
|
Como es la primera vez, te solicitará una cuenta de correo que será la cuenta adminstración de la instancia. También te pedirá una contraseña, no uses la misma de tu correo, usa una diferente.
|
|
|
|
```
|
|
Starting seahub at port 8000 ...
|
|
|
|
----------------------------------------
|
|
It's the first time you start the seafile server. Now let's create the admin account
|
|
----------------------------------------
|
|
|
|
What is the email for the admin account?
|
|
[ admin email ] admin@correo.com
|
|
|
|
What is the password for the admin account?
|
|
[ admin password ]
|
|
|
|
Enter the password again:
|
|
[ admin password again ]
|
|
|
|
----------------------------------------
|
|
Successfully created seafile admin
|
|
----------------------------------------
|
|
|
|
Seahub is started
|
|
|
|
Done.
|
|
```
|
|
|
|
Si todo esta bien, es decir, si ves correctamente los mensajes anteriores, detenemos los servicios.
|
|
|
|
```
|
|
./seahub.sh stop
|
|
|
|
Stopping seahub ...
|
|
Done.
|
|
|
|
./seafile.sh stop
|
|
|
|
Stopping seafile server ...
|
|
Done.
|
|
```
|
|
|
|
|
|
### [5] Instalar CertBot
|
|
|
|
Instalar
|
|
|
|
```
|
|
sudo apt install certbot
|
|
```
|
|
|
|
Registrar un correo. Utiliza un correo válido, recibirás las notificaciones para cuando estén por vencerse los certificados.
|
|
|
|
```
|
|
sudo certbot register --agree-tos -m YOUR_EMAIL
|
|
```
|
|
|
|
Solicitamos los certificados para nuestro dominio. Reemplaza DOMAIN por el dominio o subdominio que estés usando.
|
|
|
|
```
|
|
sudo certbot certonly --standalone --preferred-challenges http-01 -d DOMAIN
|
|
```
|
|
|
|
Si todo esta bien, debes de ver un mensaje similar a:
|
|
|
|
```
|
|
Successfully received certificate.
|
|
Certificate is saved at: /etc/letsencrypt/live/DOMAIN/fullchain.pem
|
|
Key is saved at: /etc/letsencrypt/live/DOMAIN/privkey.pem
|
|
This certificate expires on 2023-02-13.
|
|
These files will be updated when the certificate renews.
|
|
Certbot has set up a scheduled task to automatically renew this certificate in the background.
|
|
```
|
|
|
|
Toma nota de las rutas completas de tus nuevos certificados.
|
|
|
|
```
|
|
/etc/letsencrypt/live/DOMAIN/fullchain.pem
|
|
/etc/letsencrypt/live/DOMAIN/privkey.pem
|
|
```
|
|
|
|
|
|
### [6] Configurar archivos para HTTPS.
|
|
|
|
Crear archivo "ssl-dhparams.pem"
|
|
|
|
```
|
|
sudo openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096
|
|
```
|
|
|
|
Crear el archivo "options-ssl-nginx.conf"
|
|
|
|
```
|
|
sudo vim /etc/letsencrypt/options-ssl-nginx.conf
|
|
```
|
|
|
|
Con el siguiente contenido:
|
|
|
|
```
|
|
ssl_session_cache shared:le_nginx_SSL:10m;
|
|
ssl_session_timeout 1440m;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38";
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000; preload";
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Permissions-Policy interest-cohort=();
|
|
```
|
|
|
|
Crear el archivo "certbot.conf"
|
|
|
|
```
|
|
sudo vim /etc/letsencrypt/certbot.conf
|
|
```
|
|
|
|
Con el siguiente contenido. Asegurate de reemplazar DOMAIN por tu dominio.
|
|
|
|
```
|
|
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
```
|
|
|
|
|
|
### [7] Instalar y configurar "nginx"
|
|
|
|
Instalar.
|
|
|
|
```
|
|
sudo apt install nginx
|
|
```
|
|
|
|
Reemplazar el contenido del archivo "nginx.conf"
|
|
|
|
```
|
|
sudo vim /etc/nginx/nginx.conf
|
|
```
|
|
|
|
Por:
|
|
|
|
```
|
|
user www-data;
|
|
worker_processes auto;
|
|
worker_rlimit_nofile 20480;
|
|
pid /run/nginx.pid;
|
|
|
|
error_log /var/log/nginx/error.log warn;
|
|
|
|
events {
|
|
worker_connections 5120;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
server_tokens off;
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
include /etc/nginx/sites-enabled/*.conf;
|
|
|
|
disable_symlinks off;
|
|
}
|
|
```
|
|
|
|
Configurar el dominio en el archivo "DOMAIN.conf", no olvides reemplazar DOMAIN por tu dominio o subdominio.
|
|
|
|
```
|
|
sudo vim /etc/nginx/sites-available/DOMAIN.conf
|
|
```
|
|
|
|
Con el siguiente contenido.
|
|
|
|
```
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name seafile.cuates.net;
|
|
charset utf-8;
|
|
|
|
include /etc/letsencrypt/certbot.conf;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
server_tokens off;
|
|
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
client_max_body_size 0;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8000;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Host $server_name;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_read_timeout 1200s;
|
|
}
|
|
|
|
location /seafhttp {
|
|
rewrite ^/seafhttp(.*)$ $1 break;
|
|
proxy_pass http://127.0.0.1:8082;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_connect_timeout 36000s;
|
|
proxy_read_timeout 36000s;
|
|
proxy_send_timeout 36000s;
|
|
send_timeout 36000s;
|
|
}
|
|
|
|
location /media {
|
|
root /opt/seafile/seafile-server-latest/seahub;
|
|
}
|
|
|
|
}
|
|
```
|
|
|
|
Creamos un enlace simbólico al archivo anterior.
|
|
|
|
```
|
|
sudo ln -s /etc/nginx/sites-available/seafile.cuates.net.conf /etc/nginx/sites-enabled/
|
|
```
|
|
|
|
Probamos la configuración.
|
|
|
|
```
|
|
sudo nginx -t
|
|
```
|
|
|
|
Debes de ver el mensaje siguiente:
|
|
|
|
```
|
|
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
|
|
nginx: configuration file /etc/nginx/nginx.conf test is successful
|
|
```
|
|
|
|
No continues si obtienes cualquier error.
|
|
|
|
|
|
### [8] Configurar SeaFile
|
|
|
|
Entramos al directorio.
|
|
|
|
```
|
|
cd /opt/seafile/conf
|
|
```
|
|
|
|
Editamos el archivo "ccnet.conf"
|
|
|
|
```
|
|
vim ccnet.conf
|
|
```
|
|
|
|
En la sección "General" agregamos:
|
|
|
|
```
|
|
[General]
|
|
SERVICE_URL = https://seafile.cuates.net
|
|
```
|
|
|
|
Editamos el archivo "seahub_settings.py"
|
|
|
|
```
|
|
vim seahub_settings.py
|
|
```
|
|
|
|
Asegurate de cambiar:
|
|
|
|
```
|
|
SERVICE_URL = "http://DOMAIN/"
|
|
```
|
|
|
|
Por:
|
|
|
|
```
|
|
SERVICE_URL = "https://DOMAIN/"
|
|
```
|
|
|
|
Y agregas al final del archivo.
|
|
|
|
```
|
|
FILE_SERVER_ROOT = 'https://seafile.cuates.net/seafhttp'
|
|
|
|
ENABLE_SETTINGS_VIA_WEB = False
|
|
|
|
ALLOWED_HOSTS = ['seafile.cuates.net']
|
|
|
|
TIME_ZONE = 'America/Mexico_City'
|
|
|
|
LANGUAGE_CODE = 'es'
|
|
|
|
LANGUAGES = (
|
|
('en', 'English'),
|
|
('es', 'Español'),
|
|
)
|
|
|
|
SITE_NAME = 'Seafile puros Cuates'
|
|
|
|
SITE_TITLE = SITE_NAME
|
|
|
|
REST_FRAMEWORK = {
|
|
'DEFAULT_THROTTLE_RATES': {
|
|
'ping': '600/minute',
|
|
'anon': '5/minute',
|
|
'user': '300/minute',
|
|
},
|
|
'UNICODE_JSON': False,
|
|
}
|
|
|
|
EMAIL_USE_SSL = True
|
|
EMAIL_HOST = 'mail.gandi.net'
|
|
EMAIL_HOST_USER = 'no-responder@correo.email'
|
|
EMAIL_PORT = 465
|
|
EMAIL_USE_LOCALTIME = True
|
|
EMAIL_HOST_PASSWORD = 'SUPER_SECRET_PASSWORD'
|
|
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
|
|
SERVER_EMAIL = EMAIL_HOST_USER
|
|
|
|
ENABLE_SIGNUP = True
|
|
|
|
ACTIVATE_AFTER_REGISTRATION = False
|
|
|
|
NOTIFY_ADMIN_AFTER_REGISTRATION = True
|
|
|
|
LOGIN_ATTEMPT_LIMIT = 3
|
|
|
|
FREEZE_USER_ON_LOGIN_FAILED = True
|
|
|
|
USER_PASSWORD_MIN_LENGTH = 10
|
|
|
|
USER_STRONG_PASSWORD_REQUIRED = True
|
|
|
|
FORCE_PASSWORD_CHANGE = True
|
|
|
|
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
|
|
|
SHARE_LINK_EMAIL_LANGUAGE = 'es-ES'
|
|
|
|
CACHES = {
|
|
'default': {
|
|
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
|
|
'LOCATION': '127.0.0.1:11211',
|
|
},
|
|
}
|
|
|
|
TEXT_PREVIEW_EXT = """ac, am, bat, c, cc, cmake, cpp, cs, css, diff, el, gmi, h, html,
|
|
htm, java, js, json, less, make, org, php, pl, properties, py, rb,
|
|
scala, script, sh, sql, txt, text, tex, vi, vim, xhtml, xml, log, csv,
|
|
groovy, rst, patch, go"""
|
|
```
|
|
|
|
Editamos el archivo "seafile.conf"
|
|
|
|
```
|
|
vim seafile.conf
|
|
```
|
|
|
|
En la sección "fileserver" comenta las dos líneas:
|
|
|
|
```
|
|
#[fileserver]
|
|
#port = 8082
|
|
```
|
|
|
|
Y agrega al final del archivo después de la sección "[database]":
|
|
|
|
```
|
|
[quota]
|
|
default = 10
|
|
|
|
[history]
|
|
keep_days = 30
|
|
|
|
[zip]
|
|
windows_encoding = iso-8859-1
|
|
|
|
[fileserver]
|
|
use_go_fileserver = true
|
|
```
|
|
|
|
|
|
### [9] Configuramos los servicios para controlar SeaFile
|
|
|
|
Creamos el archivo "seafile.service"
|
|
|
|
```
|
|
sudo vim /etc/systemd/system/seafile.service
|
|
```
|
|
|
|
Con el siguiente contenido:
|
|
|
|
```
|
|
[Unit]
|
|
Description=Seafile
|
|
After=network.target mysql.service
|
|
|
|
[Service]
|
|
Type=forking
|
|
ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start
|
|
ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop
|
|
LimitNOFILE=infinity
|
|
User=seafile
|
|
Group=www-data
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
```
|
|
|
|
Creamos el archivo "seahub.service"
|
|
|
|
```
|
|
sudo vim /etc/systemd/system/seahub.service
|
|
```
|
|
|
|
Con el siguiente contenido.
|
|
|
|
```
|
|
[Unit]
|
|
Description=Seahub
|
|
After=network.target seafile.service
|
|
|
|
[Service]
|
|
Environment="LC_ALL=en_US.UTF-8"
|
|
Type=forking
|
|
ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start
|
|
ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop
|
|
User=seafile
|
|
Group=www-data
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
```
|
|
|
|
Activamos para que inicien al reiniciar el servidor.
|
|
|
|
```
|
|
sudo systemctl enable seafile
|
|
sudo systemctl enable seahub
|
|
```
|
|
|
|
Iniciamos los servicios.
|
|
|
|
```
|
|
sudo systemctl start seafile
|
|
sudo systemctl start seahub
|
|
```
|
|
|
|
Verifica que los dos estén activos y funcionando.
|
|
|
|
```
|
|
sudo systemctl status seafile
|
|
sudo systemctl status seahub
|
|
```
|
|
|
|
Reiniciamos "nginx"
|
|
|
|
```
|
|
sudo systemctl restart nginx
|
|
```
|
|
|
|
|
|
### [10] Instalar y configurar el firewall
|
|
|
|
Instalamos "ufw", puede que ya este instalado.
|
|
|
|
```
|
|
sudo apt install ufw
|
|
```
|
|
|
|
Abrimos los puertos necesarios, reemplaza SSH_PORT por el puerto que hayas configurado en tu acceso SSH, no es recomendable dejar el 22 predeterminado.
|
|
|
|
```
|
|
sudo ufw allow SSH_PORT/tcp
|
|
sudo ufw allow 443/tcp
|
|
```
|
|
|
|
Asegurate de que el puerto SSH sea el correcto "antes" de activar el firewall, si no es el correcto, puedes perder el acceso a tu servidor.
|
|
|
|
Lo activamos.
|
|
|
|
```
|
|
sudo ufw enable
|
|
```
|
|
|
|
En este momento, ya deberías tener acceso desde tu dominio o subdominio configurado con las credenciales administrativas configuradas anteriormente.
|
|
|
|
Ya puedes también, instalar un cliente para sincronizar en tu sistema operativo.
|
|
=> https://www.seafile.com/en/download/ Clientes SeaFile
|
|
|
|
|
|
Si este tutorial te ha sido útil considera hacer un aprecio al mismo:
|
|
|
|
En Junas (G1)
|
|
|
|
```
|
|
A5DdXxCKPw3QKWVdDVs7CzkNugNUW1sHu5zDJFWxCU2h
|
|
```
|
|
|
|
En Euros:
|
|
|
|
```
|
|
IBAN: BE60 9671 0556 5870
|
|
SWIFT / BIC: TRWIBEB1XXX
|
|
```
|
|
|
|
Gracias
|