upstream/seafile-server-installer-cn
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-server-installer-cn synced 2024-09-20 08:15:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
4f9167c391
seafile-server-installer-cn/seafile-server-community_ubuntu-trusty-amd64
yejianguo eaf3ac1b18 add script
2015-05-27 18:37:38 +08:00

623 lines
20 KiB
Bash
Raw Blame History

#!/bin/bash
#
# seafile-server-installer/seafile-server-community_ubuntu-trusty-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
#set -x
# -------------------------------------------
# Vars
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.local
SEAFILE_USER=seafile
SERVER_NAME=$(hostname -s)
IP_OR_DOMAIN=$(hostname -i)
HOSTNAME=$(hostname -i)
FILESERVER_PORT=8082
SERVER_PORT=10001
SEAFILE_SERVER_PORT=12001
# -------------------------------------------
# Seafile Server Community Edition on Ubuntu Trusty (64bit)
# -------------------------------------------
clear
cat <<EOF
This script installs the community edition of the Seafile Server on a Ubuntu Trusty (64bit)
- Newest Seafile server version, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact me at
alexander.jackson@seafile.de
-----------------------------------------------------------------
Hit return to proceed or CTRL-C to abort.
EOF
read dummy
clear
# -------------------------------------------
# Ensure we are running the installer as root
# -------------------------------------------
if [[ $EUID -ne 0 ]]; then
echo " Aborting because you are not root" ; exit 1
fi
# -------------------------------------------
# Abort if user seafile exists
# -------------------------------------------
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ;
then
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1
fi
# -------------------------------------------
# Abort if directory /opt/seafile/ exists
# -------------------------------------------
if [[ -d "/opt/seafile/" ]] ;
then
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
fi
# -------------------------------------------
# Update System
# -------------------------------------------
aptitude update && aptitude dist-upgrade -y
# -------------------------------------------
# Ensure aptitude is installed
# -------------------------------------------
apt-get install aptitude -y
# -------------------------------------------
# Additional requirements
# -------------------------------------------
aptitude install sudo python-setuptools python-simplejson python-imaging python-mysqldb \
openjdk-7-jre memcached python-memcache pwgen curl openssl -y
# -------------------------------------------
# NGINX
# -------------------------------------------
cat > /etc/apt/sources.list.d/nginx.list <<EOF
deb http://nginx.org/packages/mainline/ubuntu/ trusty nginx
deb-src http://nginx.org/packages/mainline/ubuntu/ trusty nginx
EOF
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add -
aptitude update && aptitude upgrade -y
aptitude install nginx -y
rm /etc/nginx/conf.d/*
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name "";
return 301 https://$http_host$request_uri?;
}
server {
listen 443 spdy;
server_name "";
ssl on;
ssl_certificate /etc/nginx/ssl/seafile.crt;
ssl_certificate_key /etc/nginx/ssl/seafile.key;
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
mkdir /etc/nginx/ssl
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch
service nginx restart
# -------------------------------------------
# MariaDB
# -------------------------------------------
DEBIAN_FRONTEND=noninteractive aptitude install mariadb-server -y
SQLROOTPW=$(pwgen)
mysqladmin -u root password $SQLROOTPW
cat > /root/.my.cnf <<EOF
[client]
user=root
password=$SQLROOTPW
EOF
chmod 600 /root/.my.cnf
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/init.d/seafile-server <<'EOF'
#!/bin/bash
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $remote_fs $syslog mysql
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Author: Alexander Jackson <alexander.jackson@seafile.de>
#
# Change the value of "user" to your linux user name
user=seafile
# Change the value of "seafile_dir" to your path of seafile installation
seafile_dir=/opt/seafile
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
EOF
chmod +x /etc/init.d/seafile-server
update-rc.d seafile-server defaults
# -------------------------------------------
# Seafile
# -------------------------------------------
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile
mkdir -p /opt/seafile/installed
cd /opt/seafile/
curl -OL https://download.seafile.com.de/seafile-server_latest_x86-64.tar.gz
tar xzf seafile-server_latest_x86-64.tar.gz
SEAFILE_VERSION=$(basename /opt/seafile/seafile-server-* | awk -F'-' ' { print $3 }')
mv seafile-server_latest_x86-64.tar.gz installed/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
# -------------------------------------------
# Seafile DB
# -------------------------------------------
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile/.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile/.my.cnf
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';"
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';"
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';"
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;"
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;"
mysql seahub-db < /opt/seafile/seafile-server-${SEAFILE_VERSION}/seahub/sql/mysql.sql
# -------------------------------------------
# Go to /opt/seafile/seafile-server-${SEAFILE_VERSION}
# -------------------------------------------
cd /opt/seafile/seafile-server-${SEAFILE_VERSION}/
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
SCRIPT=$(readlink -f "$0")
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
TOPDIR=$(dirname "${INSTALLPATH}")
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db
DEFAULT_CONF_DIR=${TOPDIR}/conf
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init
MEDIA_DIR=${INSTALLPATH}/seahub/media
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest
# -------------------------------------------
# Create ccnet conf
# -------------------------------------------
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH}
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \
--name "${SERVER_NAME}" --port "${SERVER_PORT}" --host "${IP_OR_DOMAIN}"
# Fix service url
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${IP_OR_DOMAIN}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf"
# -------------------------------------------
# Create seafile conf
# -------------------------------------------
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT}
# -------------------------------------------
# Write seafile.ini
# -------------------------------------------
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini"
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
mkdir -p ${DEFAULT_CONF_DIR}
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF
[WEBDAV]
enabled = true
port = 8080
fastcgi = true
share_name = /seafdav
EOF
# -------------------------------------------
# generate seahub_settings.py
# -------------------------------------------
key=$(python "${SEAHUB_SECRET_KEYGEN}")
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}"
# -------------------------------------------
# prepare avatar directory
# -------------------------------------------
mkdir -p "${TOPDIR}/seahub-data"
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}"
ln -s ../../../seahub-data/avatars ${MEDIA_DIR}
# -------------------------------------------
# create logs directory
# -------------------------------------------
mkdir -p "${TOPDIR}/logs"
# -------------------------------------------
# Create symlink for current server version
# -------------------------------------------
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK}
# Fix permissions
chmod 0600 "$DEST_SETTINGS_PY"
chmod 0700 "$DEFAULT_CCNET_CONF_DIR"
chmod 0700 "$SEAFILE_DATA_DIR"
chmod 0700 "$DEFAULT_CONF_DIR"
# -------------------------------------------
# copy user manuals to library template
# -------------------------------------------
mkdir -p ${LIBRARY_TEMPLATE_DIR}
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR}
# -------------------------------------------
# Configuring ccnet.conf
# -------------------------------------------
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'})
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = $SEAFILESQLPW
DB = ccnet-db
CONNECTION_CHARSET = utf8
EOF
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': '$SEAFILESQLPW',
'HOST': '127.0.0.1',
'PORT': '3306',
'OPTIONS': {
'init_command': 'SET storage_engine=INNODB',
}
}
}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
EMAIL_USE_TLS = False
EMAIL_HOST = 'localhost'
EMAIL_HOST_USER = ''
EMAIL_HOST_PASSWORD = ''
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = 'seafile@${IP_OR_DOMAIN}'
SERVER_EMAIL = 'EMAIL_HOST_USER'
TIME_ZONE = 'Europe/Berlin'
SITE_BASE = 'https://${IP_OR_DOMAIN}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
SITE_ROOT = '/'
USE_PDFJS = True
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'https://${IP_OR_DOMAIN}/seafhttp'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
SEAFILE_ADMIN_PW=$(pwgen)
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh start
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seahub.sh stop
${TOPDIR}/seafile-server-${SEAFILE_VERSION}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
# -------------------------------------------
# Fix permissions
# -------------------------------------------
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/
# -------------------------------------------
# Start seafile server
# -------------------------------------------
echo "Starting productive Seafile server"
service seafile-server start
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${seafile_dir}/aio_seafile-server.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Name: ${SERVER_NAME}
Server Address: https://${IP_OR_DOMAIN}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile/.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${seafile_dir}/aio_seafile-server.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) Run seafile-server-change-address to add your Seafile servers DNS name
2) If this server is behind a firewall, you need to ensure that
tcp port 443 for the NGINX reverse proxy is open. Optionally
you may also open tcp port 80 which redirects all unencrypted
http traffic to the encrypted https port.
3) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Setup NGINX with official SSL certificate.
3) Secure server with iptables based firewall. For instance: UFW or shorewall
4) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.Ubuntu.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://forum.seafile-server.org
For paid commercial support visit: https://seafile.com.de
Contribute
-----------------------------------------------------------------
Please contact alexander.jackson@seafile.de
for bugs or suggestions about this installer. Thank you!
EOF
chmod 600 ${seafile_dir}/aio_seafile-server.log
chown -R ${SEAFILE_USER}.nogroup ${seafile_dir}/aio_seafile-server.log
# -------------------------------------------
# Install seafile-server-change-address script
# -------------------------------------------
wget https://gist.githubusercontent.com/alexanderjackson/7e6fd01187327ffd8518/raw/2a87ea94ec8906f8e1847236711eef27ba1d2bb8/seafile-server-change-address -O /usr/local/sbin/seafile-server-change-address
chmod 500 /usr/local/sbin/seafile-server-change-address
clear
cat ${seafile_dir}/aio_seafile-server.log
Reference in New Issue View Git Blame Copy Permalink