阿里云服务器上搭建seafile专业版

因为官方一键安装教程在阿里云服务器上无法安装，由于水平有限，无法解决，所以选择手动安装

参考资料：

1,、腾讯云搭建seafile服务器

2、How to Install Seafile with Nginx on CentOS 7

先将防火墙关闭

systemctl stop firewalld.service #停止firewall

一.部署环境

云服务器：阿里云 1vCPU 1GB ecs.xn4.small 100Mbps centos 7.4 64位

环境安装：

yum update
yum install -y tree vim

部署mysql5.7

下载mysql源安装包

wget http://dev.mysql.com/get/mysql57-community-release-el7-8.noarch.rpm

安装mysql源

yum localinstall -y mysql57-community-release-el7-8.noarch.rpm

检查mysql源是否安装成功

扫描二维码关注公众号，回复： 9240957 查看本文章

yum repolist enabled | grep "mysql.*-community.*"

安装mysql

yum install -y mysql-community-server

启动mysql服务

systemctl start mysqld

设置开机启动

systemctl enable mysqld
systemctl daemon-reload

修改root本地登录密码

#查看root默认密码

grep 'temporary password' /var/log/mysqld.log

#修改root密码

mysql -uroot -p
set password for 'root'@'localhost'=password('密码');

注意：mysql5.7默认安装了密码安全检查插件（validate_password），默认密码检查策略要求密码必须包含：大小写字母、数字和特殊符号，并且长度不能少于8位。否则会提示ERROR 1819 (HY000): Your password does not satisfy the current policy requirements错误。

重新启动mysql服务使配置生效：

systemctl restart mysqld

打开远程登录和配置默认编码utf8

mysql>grant all privileges on *.* to 'root'@'%' identified by '密码' with grant option;
mysql>FLUSH PRIVILEGES;

修改/etc/my.cnf配置文件，在[mysqld]下添加编码配置，如下所示：

[mysqld]
character_set_server=utf8
init_connect='SET NAMES utf8'

3.部署nginx 1.12.2

yum install -y openssl-devel pcre-devel epel-release
yum install -y nginx

启动nginx

systemctl start nginx

4.部署python关联包

按照seafile官方手册安装如下：

# yum -y install epel-release
# rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
# yum -y install python-imaging MySQL-python python-memcached python-ldap python-urllib3 ffmpeg ffmpeg-devel
# pip install pillow moviepy  #这步提示错误，没有pip，然后
# yum -y install python-pip 和 # pip install --upgrade pip  仍然报错，然后
# pip install setuptools==33.1.1 后再安装pillow成功。

5.部署jre

yum install jre

二.部署seafile

1.目录设计，将seafile专业版安装包下载到/opt目录下

mkdir -p /opt/seafile/installed
mv /opt/seafile-pro-server_* /opt/seafile
cd /opt/seafile
tar -xzf seafile-pro-server_*
mv seafile-pro-server_* installed

2.部署seafile

cd seafile-pro-server-*
./setup-seafile-mysql.sh  #运行安装脚本并回答预设问题

参数	作用	说明
seafile server name	seafile 服务器的名字，目前该配置已经不再使用	3 ~ 15 个字符，可以用英文字母，数字，下划线
seafile server ip or domain	seafile 服务器的 IP 地址或者域名	客户端将通过这个 IP 或者地址来访问你的 Seafile 服务
seafile data dir	seafile 数据存放的目录，用上面的例子，默认将是/data/haiwen/seafile-data	seafile 数据将随着使用而逐渐增加，请把它放在一个有足够大空闲空间的分区上
seafile fileserver port	seafile fileserver 使用的 TCP 端口	该端口用于文件同步，请使用默认的 8082，不能更改。

在这里, 你会被要求选择一种创建 Seafile 数据库的方式:

-------------------------------------------------------
Please choose a way to initialize seafile databases:
-------------------------------------------------------

[1] Create new ccnet/seafile/seahub databases
[2] Use existing ccnet/seafile/seahub databases

如果选择1, 你需要提供根密码. 脚本程序会创建数据库和用户。
如果选择2, ccnet/seafile/seahub 数据库应该已经被你（或者其他人）提前创建。

3.配置 Seafile和Seahub服务

Next, go to the systemd directory and create a seafile.service file with vim:

cd /etc/systemd/system/
vim seafile.service

Paste seafile service configuration below:

[Unit]
Description=Seafile Server
Before=seahub.service
After=network.target mariadb.service

[Service]
Type=oneshot
ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start
ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop
RemainAfterExit=yes
User=root
Group=root

[Install]
WantedBy=multi-user.target

Now create new seahub.service file.

vim seahub.service

And paste configuration below.

[Unit]
Description=Seafile Hub
After=network.target seafile.target mariadb.service

[Service]
Type=oneshot
ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start
ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop
RemainAfterExit=yes
User=root
Group=root

[Install]
WantedBy=multi-user.target

Reload the systemd service and start seafile and seahub with systemctl.

systemctl daemon-reload
systemctl start seafile
systemctl start seahub

Make sure there is no error and check that the seafile and seahub service is running on port 8082 and 8000.

netstat -plntu

Start seafile and Seahub service

4.创建ssl证书

Create the ssl directory.

mkdir -p /etc/nginx/ssl
cd /etc/nginx/ssl

Generate self signed certificate files and a dhparam file with command below:

openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
openssl req -new -x509 -sha256 -days 365 -newkey rsa:2048 -nodes -keyout server.key -out server.crt
ps:如果没有证书，可以使用上面的命令根据步骤生成一个

5.Nginx下配置Seahub

In this step, we will configure Nginx as a reverse proxy for the seafile-server on port 8000 and 8002.

Go to the nginx configuration directory and create a new virtual host file for seafile.

cd /etc/nginx/

备份原有的配置nginx.conf为nginx.conf.backup

mv nginx.conf nginx.conf.backup
vim nginx.conf

编辑nginx.conf内容

user nginx nginx;
worker_processes 4;

events {
  worker_connections 8096;
  multi_accept on;
  use epoll;
}

pid /var/run/nginx.pid;
worker_rlimit_nofile 40000;

http {
  server_tok 大专栏  阿里云服务器上搭建seafile专业版ens off;
  server_names_hash_bucket_size 128;
  client_max_body_size 50M;
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for"';
  access_log /var/log/nginx/access.log main;
  error_log /var/log/nginx/error.log warn;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  client_body_timeout 12;
  client_header_timeout 12;
  keepalive_timeout 15;
  send_timeout 10;
  # Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
  gzip off;
  #gzip_vary on;
  #gzip_proxied expired no-cache no-store private auth any;
  #gzip_comp_level 9;
  #gzip_min_length 10240;
  #gzip_buffers 16 8k;
  #gzip_http_version 1.1;
  #gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
  #gzip_disable "MSIE [1-6].";
  include /etc/nginx/conf.d/*.conf;
}

vim conf.d/seafile.conf

Paste virtual host configuration below:

server {
    listen       80;
    server_name  fz419.cn;
    rewrite ^ https://$http_host$request_uri? permanent;    #强制将http重定向到https
    server_tokens off;
}
server {
    listen 443;
    ssl on;
    ssl_certificate 	/etc/nginx/ssl/@fz419.cn.pem;  
    ssl_certificate_key /etc/nginx/ssl/@fz419.cn.key;
    server_name fz419.cn;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    # secure settings (A+ at SSL Labs ssltest at time of writing)
    # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
    ssl_prefer_server_ciphers on;

    proxy_set_header X-Forwarded-For $remote_addr;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;

    location / {
        proxy_pass         http://127.0.0.1:8000;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto https;

        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;

        proxy_read_timeout  1200s;

        client_max_body_size 0;
    }

# 如果你使用 fastcgi 请使用此配置
#
#    location / {
#        fastcgi_pass    127.0.0.1:8000;
#        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
#        fastcgi_param   PATH_INFO           $fastcgi_script_name;
#
#        fastcgi_param   SERVER_PROTOCOL     $server_protocol;
#        fastcgi_param   QUERY_STRING        $query_string;
#        fastcgi_param   REQUEST_METHOD      $request_method;
#        fastcgi_param   CONTENT_TYPE        $content_type;
#        fastcgi_param   CONTENT_LENGTH      $content_length;
#        fastcgi_param   SERVER_ADDR         $server_addr;
#        fastcgi_param   SERVER_PORT         $server_port;
#        fastcgi_param   SERVER_NAME         $server_name;
#        fastcgi_param   REMOTE_ADDR         $remote_addr;
#        fastcgi_read_timeout 36000;
#
#        client_max_body_size 0;
#
#        access_log      /var/log/nginx/seahub.access.log;
#        error_log       /var/log/nginx/seahub.error.log;
#    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }
    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }
}

Save and exit.

I will use use ‘cloud.natsume.co’ as the domain name. Please replace that with your own domain name in the config above.

Now test the Nginx configuration and make sure that there are no errors.

nginx -t

Start Nginx with the systemctl command:

systemctl start nginx

Make sure port 80 and 443 are available in the list that netstat provides:

netstat -plntu

Check that Nginx is listening on the port 80

Next, we have to add the domain name to the seafile configuration. Go to the seafile directory and edit the configuration file.

cd /opt/seafile/
vim conf/ccnet.conf

Change the service URL to your domain name.

SERVICE_URL = https://fz419.cn

Save and exit.

Edit the seahub configuration file.

vim conf/seahub_settings.py

On the second line, add configuration below:

HTTP_SERVER_ROOT = 'https://fz419.cn/seafhttp'

Replace the domain name with your domain here again. Save and exit.

Restart seafile and add all services to start at boot time:

systemctl restart seafile
systemctl restart seahub

systemctl enable nginx
systemctl enable mysqld
systemctl enable seafile
systemctl enable seahub

6.配置防火墙

Start firewalld.

systemctl start firewalld
systemctl enable firewalld

Add HTTP and HTTPS port to the firewall configuration with the firewall-cmd command below:

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent

Reload the firewall configuration and check the port list.

firewall-cmd --reload
firewall-cmd --list-all

打开TCP的80和443端口即可。

三.配置office在线预览功能

1.安装 Libreoffice/UNO

sudo yum install libreoffice libreoffice-headless libreoffice-pyuno poppler-utils

2.安装字体

sudo yum install wqy-microhei-fonts wqy-zenhei-fonts wqy-unibit-fonts -y

3.开启配置项

打开 conf/seafevents.conf, 添加:
[OFFICE CONVERTER]

enabled = true

保存后 seafevents.conf 重启 Seafile 服务

./seafile.sh restart