upstream/seafile-server-installer-cn
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-server-installer-cn synced 2024-09-20 08:15:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
f30d6f27bb
seafile-server-installer-cn/seafile-server-7.1-centos-amd64-http
Hulk 12af02bb77 remove django-compressor
2019-12-25 10:28:00 +08:00

609 lines
19 KiB
Bash
Raw Blame History

#!/bin/bash
#
# seafile-server-installer-cn/seafile-server-centos-8-amd64
#
# Copyright 2015, Alexander Jackson <alexander.jackson@seafile.de>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
#
if [[ $HOME == "" ]]; then
export HOME=/root
fi
if [[ $SEAFILE_DEBUG != "" ]]; then
set -x
fi
set -e
if [[ "$#" -ne 1 ]]; then
echo "You must specif Seafile version to install"
echo "Like: $0 7.1.0"
exit 1
fi
clear
cat <<EOF
This script installs the community edition of the Seafile Server on a Centos 7 64bit
- Newest Seafile server version, MariaDB, Memcached, NGINX -
-----------------------------------------------------------------
This installer is meant to run on a freshly installed machine
only. If you run it on a production server things can and
probably will go terrible wrong and you will loose valuable
data!
For questions or suggestions please contact us at
support@seafile.com
-----------------------------------------------------------------
Possible options:
1 = Seafile Community (Free) Edition (CE)
2 = Seafile Professional Edition (PRO)
EOF
if [[ ${SEAFILE_PRO} == "" ]]; then
PS3="Which Seafile version would you like to install? "
select SEAFILE_SERVER_VERSION in CE PRO ABORT; do
case "${SEAFILE_SERVER_VERSION}" in
ABORT)
echo "Aborting"
break
;;
"")
echo "$REPLY: Wrong value. Select 1 or 2."
;;
*)
if [[ ${SEAFILE_SERVER_VERSION} = "PRO" ]]; then
SEAFILE_PRO=1
else
SEAFILE_PRO=0
fi
break
esac
done
fi
is_pro() {
if [[ "$SEAFILE_PRO" == "1" ]]; then
return 0
else
return 1
fi
}
echo
if is_pro; then
echo "This script will install Seafile Professional Edition for you."
else
echo "This script will install Seafile Community Edition for you."
fi
echo
# -------------------------------------------
# Vars
# -------------------------------------------
SEAFILE_ADMIN=admin@seafile.local
SEAFILE_SERVER_USER=seafile
SEAFILE_SERVER_HOME=/opt/seafile
IP_OR_DOMAIN=127.0.0.1
SEAFILE_VERSION=$1
TIME_ZONE=Asia/Shanghai
if is_pro; then
SEAFILE_SERVER_PACKAGE=seafile-pro-server_${SEAFILE_VERSION}_x86-64.tar.gz
if [[ ! -e /opt/$SEAFILE_SERVER_PACKAGE ]]; then
echo
echo "You must download \"$SEAFILE_SERVER_PACKAGE\" to the /opt/ folder before running this script!"
echo
exit 1
fi
INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-pro-server-${SEAFILE_VERSION}/
else
SEAFILE_SERVER_PACKAGE=seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
SEAFILE_SERVER_PACKAGE_URL=http://seafile-downloads.oss-cn-shanghai.aliyuncs.com/${SEAFILE_SERVER_PACKAGE}
INSTALLPATH=${SEAFILE_SERVER_HOME}/seafile-server-${SEAFILE_VERSION}/
fi
# -------------------------------------------
# Ensure we are running the installer as root
# -------------------------------------------
if [[ $EUID -ne 0 ]]; then
echo " Aborting because you are not root" ; exit 1
fi
# -------------------------------------------
# Abort if directory /opt/seafile/ exists
# -------------------------------------------
if [[ -d "${SEAFILE_SERVER_HOME}" ]] ;
then
echo " Aborting because directory ${SEAFILE_SERVER_HOME} already exist" ; exit 1
fi
# -------------------------------------------
# Abort if directory /opt/seafile/ exists
# -------------------------------------------
if getent passwd ${SEAFILE_SERVER_USER} > /dev/null 2>&1 ;
then
echo "Aborting because user ${SEAFILE_SERVER_USER} already exist" ; exit 1
fi
# -------------------------------------------
# Setup permissive selinux
# -------------------------------------------
# runtime
enforce=`getenforce`
if [[ "${enforce}" != "Disabled" ]]; then
setenforce 0
fi
# permanently
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
# -------------------------------------------
# Setup firewall
# -------------------------------------------
yum install firewalld -y
# https://www.optimox.de/tutorials/linux-allgemein/centos-firewall-konfigurieren-mit-firewalld
systemctl status firewalld &> /dev/null \
&& for i in ssh http https ; do firewall-cmd --zone=public --add-service=${i} --permanent ; done \
&& firewall-cmd --reload
# -------------------------------------------
# Additional requirements
# -------------------------------------------
# extra packages for enterprise linux
yum install epel-release -y
yum install python3 python3-setuptools python3-pip python3-ldap memcached java-1.8.0-openjdk \
libmemcached libreoffice-headless libreoffice-pyuno libffi-devel pwgen curl -y
pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy psd-tools \
django-pylibmc django-simple-captcha
# start memcached on system boot
systemctl enable --now memcached
# -------------------------------------------
# Install nginx
# -------------------------------------------
yum install nginx -y
systemctl enable nginx
rm -rf /etc/nginx/conf.d/*
cat > /etc/nginx/conf.d/seafile.conf << EOF
log_format seafileformat '\$http_x_forwarded_for \$remote_addr [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" \$upstream_response_time';
server {
listen 80;
server_name seafile.example.com;
proxy_set_header X-Forwarded-For \$remote_addr;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host \$server_name;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ \$1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /media {
root ${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub;
}
location /seafdav {
proxy_pass http://127.0.0.1:8080/seafdav;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host \$server_name;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_read_timeout 1200s;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log;
}
}
EOF
# Create optimized nginx.conf
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup
cat > /etc/nginx/nginx.conf <<'ENDOFFILE'
user nginx nginx;
worker_processes 4;
events {
worker_connections 8096;
multi_accept on;
use epoll;
}
pid /var/run/nginx.pid;
worker_rlimit_nofile 40000;
http {
server_tokens off;
server_names_hash_bucket_size 128;
client_max_body_size 50M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
# Fully disabled gzip compression to mitigate Django BREACH attack: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
gzip off;
#gzip_vary on;
#gzip_proxied expired no-cache no-store private auth any;
#gzip_comp_level 9;
#gzip_min_length 10240;
#gzip_buffers 16 8k;
#gzip_http_version 1.1;
#gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2;
#gzip_disable "MSIE [1-6].";
include /etc/nginx/conf.d/*.conf;
}
ENDOFFILE
# Fix NGINX worker_processes to number of CPU cores
CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }')
eval "sed -i 's/worker_processes.*/worker_processes $CPUS;/g' /etc/nginx/nginx.conf"
systemctl restart nginx
# -------------------------------------------
# MariaDB
# -------------------------------------------
if [[ -f "/root/.my.cnf" ]] ;
then
echo "MariaDB installed before, skip this part"
SQLROOTPW=`sed -n 's/password=//p' /root/.my.cnf`
else
yum install mariadb-server -y
systemctl start mariadb
systemctl enable mariadb
SQLROOTPW=$(pwgen)
mysqladmin -u root password $SQLROOTPW
cat > /root/.my.cnf <<EOF
[client]
user=root
password=$SQLROOTPW
EOF
chmod 600 /root/.my.cnf
fi
# -------------------------------------------
# Seafile init script
# -------------------------------------------
cat > /etc/systemd/system/seafile.service << EOF
[Unit]
Description=Seafile Server
After=network.target remote-fs.target mariadb.service
[Service]
ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh start
ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seafile.sh stop
User=${SEAFILE_SERVER_USER}
Group=${SEAFILE_SERVER_USER}
LimitNOFILE=infinity
Type=oneshot
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
systemctl enable seafile
cat > /etc/systemd/system/seahub.service << EOF
[Unit]
Description=Seafile Seahub
After=network.target seafile.service
[Service]
ExecStart=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh start
ExecStop=${SEAFILE_SERVER_HOME}/seafile-server-latest/seahub.sh stop
User=${SEAFILE_SERVER_USER}
Group=${SEAFILE_SERVER_USER}
Type=oneshot
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
systemctl enable seahub
# Seafile restart script
cat > /usr/local/sbin/seafile-server-restart << 'EOF'
#!/bin/bash
for ACTION in stop start ; do
for SERVICE in seafile seahub ; do
systemctl ${ACTION} ${SERVICE}
done
done
EOF
chmod 700 /usr/local/sbin/seafile-server-restart
# -------------------------------------------
# Seafile
# -------------------------------------------
mkdir -p ${SEAFILE_SERVER_HOME}/installed
cd ${SEAFILE_SERVER_HOME}
if ! is_pro && [[ ! -e /opt/${SEAFILE_SERVER_PACKAGE} ]]; then
curl -OL ${SEAFILE_SERVER_PACKAGE_URL}
else
cp /opt/${SEAFILE_SERVER_PACKAGE} .
fi
tar xzf ${SEAFILE_SERVER_PACKAGE}
mv ${SEAFILE_SERVER_PACKAGE} installed
# -------------------------------------------
# Seafile DB
# -------------------------------------------
if [[ -f "/opt/seafile.my.cnf" ]] ;
then
echo "MariaDB installed before, skip this part"
SQLSEAFILEPW=`sed -n 's/password=//p' /opt/seafile.my.cnf`
else
SQLSEAFILEPW=$(pwgen)
cat > /opt/seafile.my.cnf <<EOF
[client]
user=seafile
password=$SQLSEAFILEPW
EOF
chmod 600 /opt/seafile.my.cnf
fi
# -------------------------------------------
# Add seafile user
# -------------------------------------------
useradd --system --comment "${SEAFILE_SERVER_USER}" ${SEAFILE_SERVER_USER} --home-dir ${SEAFILE_SERVER_HOME}
# -------------------------------------------
# Go to /opt/seafile/seafile-pro-server-${SEAFILE_VERSION}
# -------------------------------------------
cd $INSTALLPATH
# -------------------------------------------
# Vars - Don't touch these unless you really know what you are doing!
# -------------------------------------------
TOPDIR=$(dirname "${INSTALLPATH}")
DEFAULT_CONF_DIR=${TOPDIR}/conf
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data
DEST_SETTINGS_PY=${TOPDIR}/conf/seahub_settings.py
mkdir -p ${DEFAULT_CONF_DIR}
# -------------------------------------------
# Create ccnet, seafile, seahub conf using setup script
# -------------------------------------------
./setup-seafile-mysql.sh auto -u seafile -w ${SQLSEAFILEPW} -r ${SQLROOTPW}
# -------------------------------------------
# Configure Seafile WebDAV Server(SeafDAV)
# -------------------------------------------
sed -i 's/enabled = .*/enabled = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
sed -i 's/fastcgi = .*/fastcgi = true/' ${DEFAULT_CONF_DIR}/seafdav.conf
sed -i 's/share_name = .*/share_name = \/seafdav/' ${DEFAULT_CONF_DIR}/seafdav.conf
# -------------------------------------------
# Configuring seahub_settings.py
# -------------------------------------------
cat >> ${DEST_SETTINGS_PY} <<EOF
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '127.0.0.1:11211',
},
'locmem': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
},
}
COMPRESS_CACHE_BACKEND = 'locmem'
# EMAIL_USE_TLS = False
# EMAIL_HOST = 'localhost'
# EMAIL_HOST_USER = ''
# EMAIL_HOST_PASSWORD = ''
# EMAIL_PORT = '25'
# DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
# SERVER_EMAIL = EMAIL_HOST_USER
TIME_ZONE = '${TIME_ZONE}'
SITE_BASE = 'http://${IP_OR_DOMAIN}'
SITE_NAME = 'Seafile Server'
SITE_TITLE = 'Seafile Server'
SITE_ROOT = '/'
ENABLE_SIGNUP = False
ACTIVATE_AFTER_REGISTRATION = False
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
CLOUD_MODE = False
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
SESSION_SAVE_EVERY_REQUEST = False
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
FILE_SERVER_ROOT = 'http://${IP_OR_DOMAIN}/seafhttp'
EOF
# -------------------------------------------
# Backup check_init_admin.py befor applying changes
# -------------------------------------------
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup
# -------------------------------------------
# Set admin credentials in check_init_admin.py
# -------------------------------------------
SEAFILE_ADMIN_PW=$(pwgen)
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py"
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py"
# -------------------------------------------
# Start and stop Seafile eco system. This generates the initial admin user.
# -------------------------------------------
${INSTALLPATH}/seafile.sh start
${INSTALLPATH}/seahub.sh start
wait # wait for a while, otherwise seahub will not be stopped
${INSTALLPATH}/seahub.sh stop
sleep 1
${INSTALLPATH}/seafile.sh stop
# -------------------------------------------
# Restore original check_init_admin.py
# -------------------------------------------
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py
if is_pro; then
PRO_PY=${INSTALLPATH}/pro/pro.py
$PYTHON ${PRO_PY} setup --mysql --mysql_host=127.0.0.1 --mysql_port=3306 --mysql_user=seafile --mysql_password=${SQLSEAFILEPW} --mysql_db=seahub_db
fi
# -------------------------------------------
# Fix permissions
# -------------------------------------------
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R ${SEAFILE_SERVER_HOME}
if [[ -d /tmp/seafile-office-output/ ]]; then
chown ${SEAFILE_SERVER_USER}:${SEAFILE_SERVER_USER} -R /tmp/seafile-office-output/
fi
# -------------------------------------------
# Restart seafile server
# -------------------------------------------
/usr/local/sbin/seafile-server-restart
# -------------------------------------------
# Final report
# -------------------------------------------
cat > ${TOPDIR}/aio_seafile-server.log<<EOF
Your Seafile server is installed
-----------------------------------------------------------------
Server Address: http://${IP_OR_DOMAIN}
Seafile Admin: ${SEAFILE_ADMIN}
Admin Password: ${SEAFILE_ADMIN_PW}
Seafile Data Dir: ${SEAFILE_DATA_DIR}
Seafile DB Credentials: Check /opt/seafile.my.cnf
Root DB Credentials: Check /root/.my.cnf
This report is also saved to ${TOPDIR}/aio_seafile-server.log
Next you should manually complete the following steps
-----------------------------------------------------------------
1) Log in to Seafile and configure your server domain via the system
admin area if applicable.
2) If this server is behind a firewall, you need to ensure that
tcp port 80 is open.
3) Seahub tries to send emails via the local server. Install and
configure Postfix for this to work or
check https://cloud.seafile.com/published/seafile-manual-cn/config/sending_email.md
for instructions on how to use an existing email account via SMTP.
Optional steps
-----------------------------------------------------------------
1) Check seahub_settings.py and customize it to fit your needs. Consult
https://cloud.seafile.com/published/seafile-manual-cn/config/seahub_settings_py.md
for possible switches.
2) Setup NGINX with official SSL certificate.
3) Secure server with iptables based firewall. For instance: UFW or shorewall
4) Harden system with port knocking, fail2ban, etc.
5) Enable unattended installation of security updates. Check
https://wiki.Ubuntu.org/UnattendedUpgrades for details.
6) Implement a backup routine for your Seafile server.
7) Update NGINX worker processes to reflect the number of CPU cores.
Seafile support options
-----------------------------------------------------------------
For free community support visit: https://bbs.seafile.com
For paid commercial support visit: https://seafile.com
EOF
chmod 600 ${TOPDIR}/aio_seafile-server.log
clear
cat ${TOPDIR}/aio_seafile-server.log
Reference in New Issue View Git Blame Copy Permalink