364 lines
8.6 KiB
Plaintext
364 lines
8.6 KiB
Plaintext
## SeaFile
|
|
|
|
SeaFile es un servidor de archivos.
|
|
=> https://www.seafile.com/en/home/ SeaFile
|
|
|
|
Debes de tener ya apuntando un registro DNS tipo A a tu dominio o subdominio que vayas a usar con SeaFile, para este ejemplo he usado: seafile.cuates.net
|
|
|
|
Asumo que es un servidor limpio recien instalado.
|
|
|
|
* Como root
|
|
|
|
Agregar el usuario seafile
|
|
|
|
```
|
|
adduser seafile
|
|
|
|
usermod -aG sudo seafile
|
|
```
|
|
|
|
* Como seafile
|
|
|
|
Instalar los requerimientos.
|
|
|
|
```
|
|
sudo apt install python-is-python3 python3-pip libmemcached-dev memcached python3-dev default-libmysqlclient-dev build-essential
|
|
|
|
sudo pip3 install --upgrade pip wheel
|
|
|
|
pip install --user pillow pylibmc captcha jinja2 sqlalchemy django-pylibmc django-simple-captcha python3-ldap mysqlclient
|
|
```
|
|
|
|
Instalar y configurar MariaDB
|
|
|
|
```
|
|
sudo apt install mariadb-server
|
|
|
|
sudo mysql_secure_installation
|
|
|
|
sudo mysql -u root -p
|
|
|
|
use mysql;
|
|
update user set plugin='mysql_native_password' where user='root';
|
|
flush privileges;
|
|
quit;
|
|
```
|
|
|
|
sudo mkdir /opt/seafile
|
|
|
|
sudo chown -R seafile:seafile /opt/seafile
|
|
|
|
cd /opt/seafile
|
|
|
|
wget https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_8.0.7_x86-64.tar.gz
|
|
|
|
|
|
tar -xzf seafile-server_8.0.7_x86-64.tar.gz
|
|
|
|
mkdir installed
|
|
|
|
mv seafile-server_8.0.7_x86-64.tar.gz installed/
|
|
|
|
cd seafile-server-8.0.7
|
|
|
|
./setup-seafile-mysql.sh
|
|
|
|
---------------------------------
|
|
This is your configuration
|
|
---------------------------------
|
|
|
|
server name: seafilecuates
|
|
server ip/domain: seafile.cuates.net
|
|
|
|
seafile data dir: /opt/seafile/seafile-data
|
|
fileserver port: 8082
|
|
|
|
database: create new
|
|
ccnet database: ccnet-db
|
|
seafile database: seafile-db
|
|
seahub database: seahub-db
|
|
database user: seafile
|
|
|
|
---------------------------------
|
|
Press ENTER to continue, or Ctrl-C to abort
|
|
---------------------------------
|
|
...
|
|
-----------------------------------------------------------------
|
|
Your seafile server configuration has been finished successfully.
|
|
-----------------------------------------------------------------
|
|
|
|
|
|
./seafile.sh start
|
|
|
|
Seafile server started
|
|
|
|
./seahub.sh start
|
|
|
|
What is the email for the admin account?
|
|
[ admin email ]
|
|
|
|
What is the password for the admin account?
|
|
[ admin password ]
|
|
|
|
----------------------------------------
|
|
Successfully created seafile admin
|
|
----------------------------------------
|
|
...
|
|
Seahub is started
|
|
|
|
|
|
./seahub.sh stop
|
|
|
|
./seafile.sh stop
|
|
|
|
|
|
sudo apt install certbot
|
|
|
|
sudo certbot register --agree-tos -m YOUR_EMAIL
|
|
|
|
sudo certbot certonly --standalone --preferred-challenges http-01 -d DOMAIN
|
|
|
|
/etc/letsencrypt/live/DOMAIN/fullchain.pem
|
|
/etc/letsencrypt/live/DOMAIN/privkey.pem
|
|
|
|
sudo openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096
|
|
|
|
sudo vim /etc/letsencrypt/options-ssl-nginx.conf
|
|
|
|
ssl_session_cache shared:le_nginx_SSL:10m;
|
|
ssl_session_timeout 1440m;
|
|
|
|
ssl_protocols TLSv1.2 TLSv1.3;
|
|
ssl_prefer_server_ciphers on;
|
|
|
|
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38";
|
|
|
|
add_header Strict-Transport-Security "max-age=63072000; preload";
|
|
add_header X-Frame-Options "SAMEORIGIN";
|
|
add_header X-Content-Type-Options nosniff;
|
|
add_header X-XSS-Protection "1; mode=block";
|
|
add_header Permissions-Policy interest-cohort=();
|
|
|
|
sudo vim /etc/letsencrypt/certbot.conf
|
|
|
|
ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
|
|
ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
|
|
include /etc/letsencrypt/options-ssl-nginx.conf;
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
|
|
|
|
|
sudo apt install nginx
|
|
|
|
sudo vim /etc/nginx/nginx.conf
|
|
|
|
user www-data;
|
|
worker_processes auto;
|
|
worker_rlimit_nofile 20480;
|
|
pid /run/nginx.pid;
|
|
|
|
error_log /var/log/nginx/error.log warn;
|
|
|
|
events {
|
|
worker_connections 5120;
|
|
}
|
|
|
|
http {
|
|
include /etc/nginx/mime.types;
|
|
default_type application/octet-stream;
|
|
|
|
server_tokens off;
|
|
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
access_log /var/log/nginx/access.log main;
|
|
|
|
sendfile on;
|
|
|
|
keepalive_timeout 65;
|
|
|
|
include /etc/nginx/sites-enabled/*.conf;
|
|
|
|
disable_symlinks off;
|
|
|
|
client_max_body_size 50m;
|
|
|
|
include /etc/nginx/badagent.rules;
|
|
include /etc/nginx/badreferer.rules;
|
|
}
|
|
|
|
sudo vim /etc/nginx/sites-available/seafile.cuates.net.conf
|
|
|
|
server {
|
|
listen 443 ssl http2;
|
|
listen [::]:443 ssl http2;
|
|
server_name seafile.cuates.net;
|
|
charset utf-8;
|
|
|
|
include /etc/letsencrypt/custom/elmau.net/certbot.conf;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
server_tokens off;
|
|
|
|
access_log /var/log/nginx/access.log;
|
|
error_log /var/log/nginx/error.log;
|
|
|
|
client_max_body_size 0;
|
|
|
|
location / {
|
|
proxy_pass http://127.0.0.1:8000;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Host $server_name;
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
proxy_read_timeout 1200s;
|
|
}
|
|
|
|
location /seafhttp {
|
|
rewrite ^/seafhttp(.*)$ $1 break;
|
|
proxy_pass http://127.0.0.1:8082;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_connect_timeout 36000s;
|
|
proxy_read_timeout 36000s;
|
|
proxy_send_timeout 36000s;
|
|
send_timeout 36000s;
|
|
}
|
|
|
|
location /media {
|
|
root /opt/seafile/seafile-server-latest/seahub;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
sudo ln -s /etc/nginx/sites-available/seafile.cuates.net.conf /etc/nginx/sites-enabled/
|
|
|
|
sudo nginx -t
|
|
|
|
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
|
|
nginx: configuration file /etc/nginx/nginx.conf test is successful
|
|
|
|
|
|
cd /opt/seafile/conf
|
|
|
|
vim ccnet.conf
|
|
|
|
[General]
|
|
SERVICE_URL = https://seafile.cuates.net
|
|
|
|
vim seahub_settings.py
|
|
|
|
FILE_SERVER_ROOT = 'https://seafile.elmau.net/seafhttp'
|
|
|
|
EMAIL_USE_SSL = True
|
|
EMAIL_HOST = 'mail.gandi.net'
|
|
EMAIL_HOST_USER = 'no-responder@empresalibre.mx'
|
|
EMAIL_PORT = 465
|
|
EMAIL_USE_LOCALTIME = True
|
|
EMAIL_HOST_PASSWORD = 'PASSWORD'
|
|
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
|
|
SERVER_EMAIL = EMAIL_HOST_USER
|
|
|
|
ENABLE_SETTINGS_VIA_WEB = False
|
|
|
|
ALLOWED_HOSTS = ['seafile.elmau.net']
|
|
|
|
ENABLE_SIGNUP = True
|
|
|
|
ACTIVATE_AFTER_REGISTRATION = False
|
|
|
|
NOTIFY_ADMIN_AFTER_REGISTRATION = True
|
|
|
|
LOGIN_ATTEMPT_LIMIT = 3
|
|
|
|
FREEZE_USER_ON_LOGIN_FAILED = True
|
|
|
|
USER_PASSWORD_MIN_LENGTH = 10
|
|
|
|
SESSION_EXPIRE_AT_BROWSER_CLOSE = True
|
|
|
|
TIME_ZONE = 'America/Mexico_City'
|
|
|
|
LANGUAGE_CODE = 'en'
|
|
|
|
LANGUAGES = (
|
|
('en', 'English'),
|
|
('es', 'Español'),
|
|
)
|
|
|
|
SITE_NAME = 'Seafile Cuates'
|
|
|
|
SITE_TITLE = SITE_NAME
|
|
|
|
SHARE_LINK_EMAIL_LANGUAGE = 'es-ES'
|
|
|
|
REST_FRAMEWORK = {
|
|
'DEFAULT_THROTTLE_RATES': {
|
|
'ping': '600/minute',
|
|
'anon': '5/minute',
|
|
'user': '300/minute',
|
|
},
|
|
'UNICODE_JSON': False,
|
|
}
|
|
|
|
CACHES = {
|
|
'default': {
|
|
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
|
|
'LOCATION': '127.0.0.1:11211',
|
|
},
|
|
}
|
|
|
|
|
|
sudo vim /etc/systemd/system/seafile.service
|
|
|
|
[Unit]
|
|
Description=Seafile
|
|
After=network.target mysql.service
|
|
|
|
[Service]
|
|
Type=forking
|
|
ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start
|
|
ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop
|
|
LimitNOFILE=infinity
|
|
User=seafile
|
|
Group=www-data
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
sudo vim /etc/systemd/system/seahub.service
|
|
|
|
[Unit]
|
|
Description=Seahub
|
|
After=network.target seafile.service
|
|
|
|
[Service]
|
|
Environment="LC_ALL=en_US.UTF-8"
|
|
Type=forking
|
|
ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start
|
|
ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop
|
|
User=seafile
|
|
Group=www-data
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
|
|
sudo systemctl enable seafile
|
|
sudo systemctl start seafile
|
|
|
|
sudo systemctl enable seahub
|
|
sudo systemctl start seahub
|
|
|
|
sudo systemctl restart nginx
|
|
|
|
|
|
sudo apt install ufw
|
|
|
|
sudo ufw allow 2274/tcp
|
|
|
|
sudo ufw allow 443/tcp
|
|
|
|
sudo ufw enable
|
|
|
|
|