upstream/seafile-server-installer-cn
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-server-installer-cn synced 2024-09-20 08:15:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
b4193fa48a
seafile-server-installer-cn/seafile-server-centos-7-amd64-http
Hulk 592aff262d suport the psd onlineview
2018-12-10 11:36:39 +08:00

579 lines
17 KiB
Bash
Raw Blame History

#!/bin/bash
#
# seafile-server-installer/seafile-server-centos-7-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
if [[ $HOME == "" ]]; then
export HOME=/root
fi
if [[ $SEAFILE_DEBUG != "" ]]; then
set -x
fi
set -e
if [[ "$#" -ne 1 ]]; then
echo "You must specif Seafile version to install"
echo "Like: $0 4.4.2"
exit 1
fi
clear
cat <<EOF
This script installs the community edition of the Seafile Server on a Centos 7 64bit
- Newest Seafile server version, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact us at
support@seafile.com
-----------------------------------------------------------------
Possible options:
1 = Seafile Community (Free) Edition (CE)
2 = Seafile Professional Edition (PRO)
EOF
if [[ ${SEAFILE_PRO} == "" ]]; then
PS3="Which Seafile version would you like to install? "
select SEAFILE_SERVER_VERSION in CE PRO ABORT; do
case "${SEAFILE_SERVER_VERSION}" in
ABORT)
echo "Aborting"
break
;;
"")
echo "$REPLY: Wrong value. Select 1 or 2."
;;
*)
if [[ ${SEAFILE_SERVER_VERSION} = "PRO" ]]; then
SEAFILE_PRO=1
else
SEAFILE_PRO=0
fi
break
esac
done
fi
is_pro() {
if [[ "$SEAFILE_PRO" == "1" ]]; then
return 0
else
return 1
fi
}
echo
if is_pro; then
echo "This script will install Seafile Professional Edition for you."
else
echo "This script will install Seafile Community Edition for you."
fi
echo
# -------------------------------------------
# Vars
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.local
IP_OR_DOMAIN=127.0.0.1
SEAFILE_VERSION=$1
TIME_ZONE=Asia/Shanghai
if is_pro; then
SEAFILE_SERVER_PACKAGE=seafile-pro-server_${SEAFILE_VERSION}_x86-64.tar.gz
if [[ ! -e /opt/$SEAFILE_SERVER_PACKAGE ]]; then
echo
echo "You must download \"$SEAFILE_SERVER_PACKAGE\" to the /opt/ folder before running this script!"
echo
exit 1
fi
INSTALLPATH=/opt/seafile/seafile-pro-server-${SEAFILE_VERSION}/
else
SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
SEAFILE_SERVER_PACKAGE_URL=http://seafile-downloads.oss-cn-shanghai.aliyuncs.com/${SEAFILE_SERVER_PACKAGE}
INSTALLPATH=/opt/seafile/seafile-server-${SEAFILE_VERSION}/
fi
# -------------------------------------------
# Ensure we are running the installer as root
# -------------------------------------------
if [[ $EUID -ne 0 ]]; then
echo " Aborting because you are not root" ; exit 1
fi
# -------------------------------------------
# Abort if directory /opt/seafile/ exists
# -------------------------------------------
if [[ -d "/opt/seafile/" ]] ;
then
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1
fi
# -------------------------------------------
# Setup permissive selinux
# -------------------------------------------
# runtime
enforce=`getenforce`
if [[ "${enforce}" != "Disabled" ]]; then
setenforce 0
fi
# permanently
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
# -------------------------------------------
# Setup firewall
# -------------------------------------------
yum install firewalld fail2ban -y
# https://www.optimox.de/tutorials/linux-allgemein/centos-firewall-konfigurieren-mit-firewalld
for i in ssh http https ; do firewall-cmd --zone=public --add-service=${i} --permanent ; done
firewall-cmd --reload
# -------------------------------------------
# Additional requirements
# -------------------------------------------
# extra packages for enterprise linux
yum install epel-release -y
yum upgrade -y
yum install python-setuptools MySQL-python memcached python-urllib3 \
pwgen curl openssl python-ldap java-1.7.0-openjdk poppler-utils libreoffice python-requests \
libreoffice-headless libreoffice-pyuno wqy-microhei-fonts wqy-zenhei-fonts wqy-unibit-fonts \
gcc libffi-devel python-devel openssl-devel libmemcached libmemcached-devel python2-pip -y
pip install pylibmc==1.6.0 django-pylibmc==0.6.1
pip install --timeout=3600 Pillow==4.3.0
pip install psd-tools==1.4
# start memcached on system boot
systemctl enable --now memcached
# -------------------------------------------
# Install nginx
# -------------------------------------------
yum install nginx -y
systemctl enable nginx
rm -rf /etc/nginx/conf.d/*
cat > /etc/nginx/conf.d/seafile.conf <<'EOF'
server {
listen 80;
server_name seafile.example.com;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
# Create optimized nginx.conf
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
user nginx nginx;
worker_processes 4;
events {
worker_connections 8096;
multi_accept on;
use epoll;
}
pid /var/run/nginx.pid;
worker_rlimit_nofile 40000;
http {
server_tokens off;
server_names_hash_bucket_size 128;
client_max_body_size 50M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
# Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
gzip off;
#gzip_vary on;
#gzip_proxied expired no-cache no-store private auth any;
#gzip_comp_level 9;
#gzip_min_length 10240;
#gzip_buffers 16 8k;
#gzip_http_version 1.1;
#gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
#gzip_disable "MSIE [1-6].";
include /etc/nginx/conf.d/*.conf;
}
ENDOFFILE
systemctl restart nginx
# -------------------------------------------
# MariaDB
# -------------------------------------------
if [[ -f "/root/.my.cnf" ]] ;
then
echo "MariaDB installed before, skip this part"
SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf`
else
yum install mariadb-server -y
systemctl start mariadb
systemctl enable mariadb
SQLROOTPW=$(pwgen)
mysqladmin -u root password $SQLROOTPW
cat > /root/.my.cnf <<EOF
[client]
user=root
password=$SQLROOTPW
EOF
chmod 600 /root/.my.cnf
fi
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/systemd/system/seafile.service <<'EOF'
[Unit]
Description=Seafile Server
After=network.target mariadb.service
[Service]
Type=oneshot
ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start
ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop
RemainAfterExit=yes
User=root
Group=root
[Install]
WantedBy=multi-user.target
EOF
systemctl enable seafile
cat > /etc/systemd/system/seahub.service <<'EOF'
[Unit]
Description=Seafile Seahub
After=network.target seafile.service
[Service]
ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start 8000
ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop
User=root
Group=root
Type=oneshot
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
systemctl enable seahub
# Seafile restart script
cat > /usr/local/sbin/seafile-server-restart << 'EOF'
#!/bin/bash
for ACTION in stop start ; do
for SERVICE in seafile seahub ; do
systemctl ${ACTION} ${SERVICE}
done
done
EOF
chmod 700 /usr/local/sbin/seafile-server-restart
# -------------------------------------------
# Seafile
# -------------------------------------------
mkdir -p /opt/seafile/installed
cd /opt/seafile/
if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then
curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
else
cp /opt/${SEAFILE_SERVER_PACKAGE} .
fi
tar xzf ${SEAFILE_SERVER_PACKAGE}
mv ${SEAFILE_SERVER_PACKAGE} installed
# -------------------------------------------
# Seafile DB
# -------------------------------------------
if [[ -f "/opt/seafile.my.cnf" ]] ;
then
echo "MariaDB installed before, skip this part"
SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf`
else
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile.my.cnf
fi
# -------------------------------------------
# Go to /opt/seafile/seafile-pro-server-${SEAFILE_VERSION}
# -------------------------------------------
cd $INSTALLPATH
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
TOPDIR=$(dirname "${INSTALLPATH}")
DEFAULT_CONF_DIR=${TOPDIR}/conf
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEST_SETTINGS_PY=${TOPDIR}/conf/seahub_settings.py
mkdir -p ${DEFAULT_CONF_DIR}
# -------------------------------------------
# Create ccnet, seafile, seahub conf using setup script
# -------------------------------------------
./setup-seafile-mysql.sh auto -u seafile -w ${SQLSEAFILEPW} -r ${SQLROOTPW}
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '127.0.0.1:11211',
},
'locmem': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
},
}
COMPRESS_CACHE_BACKEND = 'locmem'
# EMAIL_USE_TLS = False
# EMAIL_HOST = 'localhost'
# EMAIL_HOST_USER = ''
# EMAIL_HOST_PASSWORD = ''
# EMAIL_PORT = '25'
# DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
# SERVER_EMAIL = EMAIL_HOST_USER
TIME_ZONE = '${TIME_ZONE}'
SITE_BASE = 'http://${IP_OR_DOMAIN}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
SITE_ROOT = '/'
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
SEAFILE_ADMIN_PW=$(pwgen)
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${INSTALLPATH}/seafile.sh start
${INSTALLPATH}/seahub.sh start
sleep 2 # sleep for a while, otherwise seahub will not be stopped
${INSTALLPATH}/seahub.sh stop
sleep 1
${INSTALLPATH}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
if is_pro; then
PRO_PY=${INSTALLPATH}/pro/pro.py
$PYTHON ${PRO_PY} setup --mysql --mysql_host=127.0.0.1 --mysql_port=3306 --mysql_user=seafile --mysql_password=${SQLSEAFILEPW} --mysql_db=seahub_db
fi
# -------------------------------------------
# Restart seafile server
# -------------------------------------------
/usr/local/sbin/seafile-server-restart
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${TOPDIR}/aio_seafile-server.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Address: http://${IP_OR_DOMAIN}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${TOPDIR}/aio_seafile-server.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) Log in to Seafile and configure your server domain via the system
admin area if applicable.
2) If this server is behind a firewall, you need to ensure that
tcp port 80 is open.
3) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work or
check https://manual.seafile.com/config/sending_email.html
for instructions on how to use an existing email account via SMTP.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
2) Setup NGINX with official SSL certificate.
3) Secure server with iptables based firewall. For instance: UFW or shorewall
4) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.Ubuntu.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://bbs.seafile.com
For paid commercial support visit: https://seafile.com
EOF
chmod 600 ${TOPDIR}/aio_seafile-server.log
clear
cat ${TOPDIR}/aio_seafile-server.log
Reference in New Issue View Git Blame Copy Permalink