diff --git a/README.md b/README.md index 24f2d40..632b975 100644 --- a/README.md +++ b/README.md @@ -6,21 +6,35 @@ ## 使用步骤 -安装干净的 Ubuntu 16.04/18.04 或 CentOS 7 系统,并**做好镜像** (如果安装失败需要还原到镜像)。 +安装干净的 Ubuntu 16.04/18.04 或 CentOS 7/8 系统,并**做好镜像** (如果安装失败需要还原到镜像)。 切换成 root 账号 (sudo -i) -### 获取安装脚本(适用于 Seafile 6.0.0 及以上版本) +### 获取安装脚本 -Ubuntu 16.04/18.04 (64bit): -``` -wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-ubuntu-amd64-http -``` +- 适用于 Seafile 7.1.x 及以上版本 -CentOS 7 (64bit): -``` -wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-centos-7-amd64-http -``` + Ubuntu 18.04 (64bit): + ```sh + wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-7.1-ubuntu-amd64-http + ``` + + CentOS 8 (64bit): + ```sh + wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-7.1-centos-amd64-http + ``` + +- 适用于 Seafile 6.x.x 及以上版本 + + Ubuntu 16.04/18.04 (64bit): + ```sh + wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-ubuntu-amd64-http + ``` + + CentOS 7 (64bit): + ```sh + wget https://raw.githubusercontent.com/haiwen/seafile-server-installer-cn/master/seafile-server-centos-7-amd64-http + ``` ### 运行安装脚本并指定要安装的版本 (例如 6.0.13) @@ -58,7 +72,7 @@ bash seafile-server-centos-7-amd64-http 6.0.13 FILE_SERVER_ROOT: 'http://www.myseafile.com/seafhttp' ``` -现在您可以退出管理员界面,并进行基本的测试。关于服务器的配置选项介绍和日常运维可以参考 http://manual-cn.seafile.com/config/index.html +现在您可以退出管理员界面,并进行基本的测试。关于服务器的配置选项介绍和日常运维可以参考 https://cloud.seafile.com/published/seafile-manual-cn/config/README.md ### 如果安装脚本出错 @@ -74,7 +88,7 @@ service seafile-server stop service seafile-server start ``` -CentOS 7: +CentOS 7/8: ``` systemctl stop seafile systemctl stop seahub @@ -93,22 +107,22 @@ systemctl start seahub ### 配置邮件发送 -参考 http://manual-cn.seafile.com/config/sending_email.html +参考 https://cloud.seafile.com/published/seafile-manual-cn/config/sending_email.md ## 升级和其他问题 ### 版本升级 -* 切换为 root 用户 * 关闭 seafile-server 相关服务 +* 切换为 seafile 用户 * 下载高版本的安装包到 /opt/seafile 目录,并解压 -* 进入安装包下的 upgrade 目录,执行相关的升级脚本,具体可参考 http://manual.seafile.com/deploy/upgrade.html +* 进入安装包下的 upgrade 目录,执行相关的升级脚本,具体可参考 https://download.seafile.com/published/seafile-manual/upgrade/upgrade.md * 启动 seafile-server 相关服务 ### 迁移社区版到专业版 -* 切换为 root 用户 * 关闭 seafile-server 相关服务 +* 切换为 seafile 用户 * 下载专业版安装包到 /opt/seafile 目录,并解压 -* 进入解压好的安装包目录,执行 ./pro/pro.py setup --migrate,具体可参考 http://manual.seafile.com/deploy_pro/migrate_from_seafile_community_server.html +* 进入解压好的安装包目录,执行 ./pro/pro.py setup --migrate,具体可参考 https://cloud.seafile.com/published/seafile-manual-cn/deploy_pro/migrate_from_seafile_community_server.md * 启动 seafile-server 相关服务 diff --git a/seafile-server-7.1-centos-amd64-http b/seafile-server-7.1-centos-amd64-http new file mode 100644 index 0000000..3075deb --- /dev/null +++ b/seafile-server-7.1-centos-amd64-http @@ -0,0 +1,610 @@ +#!/bin/bash +# +# seafile-server-installer-cn/seafile-server-centos-8-amd64 +# +# Copyright 2015, Alexander Jackson +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +# + +if [[ $HOME == "" ]]; then + export HOME=/root +fi + +if [[ $SEAFILE_DEBUG != "" ]]; then + set -x +fi +set -e + +if [[ "$#" -ne 1 ]]; then + echo "You must specif Seafile version to install" + echo "Like: $0 7.1.0" + exit 1 +fi + +clear +cat < /dev/null 2>&1 ; +then + echo "Aborting because user ${SEAFILE_SERVER_USER} already exist" ; exit 1 +fi + +# ------------------------------------------- +# Setup permissive selinux +# ------------------------------------------- +# runtime +enforce=`getenforce` +if [[ "${enforce}" != "Disabled" ]]; then + setenforce 0 +fi +# permanently +sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config + +# ------------------------------------------- +# Setup firewall +# ------------------------------------------- +yum install firewalld -y +# https://www.optimox.de/tutorials/linux-allgemein/centos-firewall-konfigurieren-mit-firewalld +systemctl status firewalld &> /dev/null \ +&& for i in ssh http https ; do firewall-cmd --zone=public --add-service=${i} --permanent ; done \ +&& firewall-cmd --reload + +# ------------------------------------------- +# Additional requirements +# ------------------------------------------- +# extra packages for enterprise linux + +yum install epel-release -y + +yum install python3 python3-setuptools memcached java-1.8.0-openjdk libmemcached \ + libreoffice-headless libreoffice-pyuno libffi-devel pwgen curl -y + +# start memcached on system boot +systemctl enable --now memcached + +# ------------------------------------------- +# Install nginx +# ------------------------------------------- +yum install nginx -y +systemctl enable nginx +rm -rf /etc/nginx/conf.d/* + +cat > /etc/nginx/conf.d/seafile.conf << EOF +log_format seafileformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time'; + +server { + listen 80; + server_name seafile.example.com; + + proxy_set_header X-Forwarded-For \$remote_addr; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host \$server_name; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_read_timeout 1200s; + + # used for view/edit office file via Office Online Server + client_max_body_size 0; + + access_log /var/log/nginx/seahub.access.log seafileformat; + error_log /var/log/nginx/seahub.error.log; + } + + location /seafhttp { + rewrite ^/seafhttp(.*)$ \$1 break; + proxy_pass http://127.0.0.1:8082; + client_max_body_size 0; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + + access_log /var/log/nginx/seafhttp.access.log seafileformat; + error_log /var/log/nginx/seafhttp.error.log; + } + location /media { + root ${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub; + } + location /seafdav { + fastcgi_pass 127.0.0.1:8080; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + fastcgi_param PATH_INFO \$fastcgi_script_name; + fastcgi_param SERVER_PROTOCOL \$server_protocol; + fastcgi_param QUERY_STRING \$query_string; + fastcgi_param REQUEST_METHOD \$request_method; + fastcgi_param CONTENT_TYPE \$content_type; + fastcgi_param CONTENT_LENGTH \$content_length; + fastcgi_param SERVER_ADDR \$server_addr; + fastcgi_param SERVER_PORT \$server_port; + fastcgi_param SERVER_NAME \$server_name; + fastcgi_param REMOTE_ADDR \$remote_addr; + + client_max_body_size 0; + + access_log /var/log/nginx/seafdav.access.log seafileformat; + error_log /var/log/nginx/seafdav.error.log; + } +} +EOF + +# Create optimized nginx.conf +cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup +cat > /etc/nginx/nginx.conf <<'ENDOFFILE' +user nginx nginx; +worker_processes 4; + +events { + worker_connections 8096; + multi_accept on; + use epoll; +} + +pid /var/run/nginx.pid; +worker_rlimit_nofile 40000; + +http { + server_tokens off; + server_names_hash_bucket_size 128; + client_max_body_size 50M; + include /etc/nginx/mime.types; + default_type application/octet-stream; + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + error_log /var/log/nginx/error.log warn; + sendfile on; + tcp_nopush on; + tcp_nodelay on; + client_body_timeout 12; + client_header_timeout 12; + keepalive_timeout 15; + send_timeout 10; + # Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/ + gzip off; + #gzip_vary on; + #gzip_proxied expired no-cache no-store private auth any; + #gzip_comp_level 9; + #gzip_min_length 10240; + #gzip_buffers 16 8k; + #gzip_http_version 1.1; + #gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2; + #gzip_disable "MSIE [1-6]."; + include /etc/nginx/conf.d/*.conf; +} +ENDOFFILE + +# Fix NGINX worker_processes to number of CPU cores +CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }') +eval "sed -i 's/worker_processes.*/worker_processes $CPUS;/g' /etc/nginx/nginx.conf" + +systemctl restart nginx + +# ------------------------------------------- +# MariaDB +# ------------------------------------------- +if [[ -f "/root/.my.cnf" ]] ; +then + echo "MariaDB installed before, skip this part" + SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf` +else + yum install mariadb-server -y + systemctl start mariadb + systemctl enable mariadb + + SQLROOTPW=$(pwgen) + + mysqladmin -u root password $SQLROOTPW + + cat > /root/.my.cnf < /etc/systemd/system/seafile.service << EOF +[Unit] +Description=Seafile Server +After=network.target remote-fs.target mariadb.service + +[Service] +ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh start +ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh stop +User=${SEAFILE_SERVER_USER} +Group=${SEAFILE_SERVER_USER} +LimitNOFILE=infinity +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable seafile + +cat > /etc/systemd/system/seahub.service << EOF +[Unit] +Description=Seafile Seahub +After=network.target seafile.service + +[Service] +ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh start +ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh stop +User=${SEAFILE_SERVER_USER} +Group=${SEAFILE_SERVER_USER} +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target +EOF +systemctl enable seahub + +# Seafile restart script +cat > /usr/local/sbin/seafile-server-restart << 'EOF' +#!/bin/bash +for ACTION in stop start ; do + for SERVICE in seafile seahub ; do + systemctl ${ACTION} ${SERVICE} + done +done +EOF +chmod 700 /usr/local/sbin/seafile-server-restart + +# ------------------------------------------- +# Seafile +# ------------------------------------------- +mkdir -p ${SEAFILE_SERVER_HOME}/installed +cd ${SEAFILE_SERVER_HOME} +if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then + curl -OL ${SEAFILE_SERVER_PACKAGE_URL} +else + cp /opt/${SEAFILE_SERVER_PACKAGE} . +fi +tar xzf ${SEAFILE_SERVER_PACKAGE} + +mv ${SEAFILE_SERVER_PACKAGE} installed + + +# ------------------------------------------- +# Seafile DB +# ------------------------------------------- +if [[ -f "/opt/seafile.my.cnf" ]] ; +then + echo "MariaDB installed before, skip this part" + SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf` +else + SQLSEAFILEPW=$(pwgen) + + cat > /opt/seafile.my.cnf <> ${DEST_SETTINGS_PY} < ${TOPDIR}/aio_seafile-server.log< +# Copyright 2016, Zheng Xie +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License for more details. +# +# You should have received a copy of the GNU Affero General Public License +# along with this program. If not, see . +# +# + +if [[ $HOME == "" ]]; then + export HOME=/root +fi + +if [[ $SEAFILE_DEBUG != "" ]]; then + set -x +fi +set -e + +if [[ "$#" -ne 1 ]]; then + echo "You must specif Seafile version to install" + echo "Like: $0 7.1.0" + exit 1 +fi + +clear +cat < /etc/nginx/sites-available/seafile.conf << EOF +log_format seafileformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time'; + +server { + listen 80; + server_name seafile.example.com; + + proxy_set_header X-Forwarded-For \$remote_addr; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host \$server_name; + proxy_set_header X-Forwarded-Proto \$scheme; + proxy_read_timeout 1200s; + + # used for view/edit office file via Office Online Server + client_max_body_size 0; + + access_log /var/log/nginx/seahub.access.log seafileformat; + error_log /var/log/nginx/seahub.error.log; + } + + location /seafhttp { + rewrite ^/seafhttp(.*)$ \$1 break; + proxy_pass http://127.0.0.1:8082; + client_max_body_size 0; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + + access_log /var/log/nginx/seafhttp.access.log seafileformat; + error_log /var/log/nginx/seafhttp.error.log; + } + location /media { + root ${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub; + } + location /seafdav { + fastcgi_pass 127.0.0.1:8080; + fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name; + fastcgi_param PATH_INFO \$fastcgi_script_name; + fastcgi_param SERVER_PROTOCOL \$server_protocol; + fastcgi_param QUERY_STRING \$query_string; + fastcgi_param REQUEST_METHOD \$request_method; + fastcgi_param CONTENT_TYPE \$content_type; + fastcgi_param CONTENT_LENGTH \$content_length; + fastcgi_param SERVER_ADDR \$server_addr; + fastcgi_param SERVER_PORT \$server_port; + fastcgi_param SERVER_NAME \$server_name; + fastcgi_param REMOTE_ADDR \$remote_addr; + + client_max_body_size 0; + + access_log /var/log/nginx/seafdav.access.log seafileformat; + error_log /var/log/nginx/seafdav.error.log; + } +} +EOF + +ln -sf /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf + +service nginx restart + + +# ------------------------------------------- +# MariaDB +# ------------------------------------------- +if [[ -f "/root/.my.cnf" ]] ; +then + echo "MariaDB installed before, skip this part" + SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf` +else + DEBIAN_FRONTEND=noninteractive apt-get install -y mariadb-server + + SQLROOTPW=$(pwgen) + + mysqladmin -u root password $SQLROOTPW + + cat > /root/.my.cnf < /etc/init.d/seafile-server << EOF +#!/bin/bash +### BEGIN INIT INFO +# Provides: seafile-server +# Required-Start: \$remote_fs \$syslog mysql +# Required-Stop: \$remote_fs \$syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Seafile server +# Description: Start Seafile server +### END INIT INFO + +# Author: Alexander Jackson + +# Change the value of "seafile_dir" to your path of seafile installation +user=${SEAFILE_SERVER_USER} +seafile_dir=${SEAFILE_SERVER_HOME} +script_path=\${seafile_dir}/seafile-server-latest +seafile_init_log=\${seafile_dir}/logs/seafile.init.log +seahub_init_log=\${seafile_dir}/logs/seahub.init.log + + +case "\$1" in + start) + sudo -u \${user} \${script_path}/seafile.sh start >> \${seafile_init_log} + sudo -u \${user} \${script_path}/seahub.sh start >> \${seahub_init_log} + ;; + restart) + sudo -u \${user} \${script_path}/seafile.sh restart >> \${seafile_init_log} + sudo -u \${user} \${script_path}/seahub.sh restart >> \${seahub_init_log} + ;; + stop) + sudo -u \${user} \${script_path}/seafile.sh \$1 >> \${seafile_init_log} + sudo -u \${user} \${script_path}/seahub.sh \$1 >> \${seahub_init_log} + ;; + *) + echo "Usage: /etc/init.d/seafile-server {start|stop|restart}" + exit 1 + ;; +esac +EOF + +chmod +x /etc/init.d/seafile-server +update-rc.d seafile-server defaults + + +# ------------------------------------------- +# Seafile +# ------------------------------------------- +mkdir -p ${SEAFILE_SERVER_HOME}/installed +cd ${SEAFILE_SERVER_HOME} +if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then + curl -OL ${SEAFILE_SERVER_PACKAGE_URL} +else + cp /opt/${SEAFILE_SERVER_PACKAGE} . +fi +tar xzf ${SEAFILE_SERVER_PACKAGE} + +mv ${SEAFILE_SERVER_PACKAGE} installed + + +# ------------------------------------------- +# Seafile DB +# ------------------------------------------- +if [[ -f "/opt/seafile.my.cnf" ]] ; +then + echo "MariaDB installed before, skip this part" + SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf` +else + SQLSEAFILEPW=$(pwgen) + + cat > /opt/seafile.my.cnf <> ${DEST_SETTINGS_PY} < ${TOPDIR}/aio_seafile-server.log<