安装nginx最新版
#安装先决条件:
apt update
apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring
#导入官方 nginx 签名密钥,以便 apt 可以验证包的真实性。获取密钥:
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
#验证下载的文件是否包含正确的密钥:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
#输出应包含完整的指纹 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
#要为稳定的 nginx 软件包设置 apt 存储库,请运行以下命令:
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list
#设置存储库锁定以优先使用我们的包,而不是发行版提供的包
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | tee /etc/apt/preferences.d/99nginx
#要安装 nginx,请运行以下命令:
apt update
apt install nginx
安装mariadb-server
apt install mariadb-server
#安全设置
mysql_secure_installation
1.下载安装包
首先使用一键工具搭建环境
下载seafile
#下载最新版seafile,下载地址查询https://www.seafile.com/download/
wget https://seafile-downloads.oss-cn-shanghai.aliyuncs.com/seafile-server_11.0.12_x86-64.tar.gz
mkdir -p /app/seafile
mv seafile-server_* /app/seafile
cd /app/seafile
将 seafile-server_* 移动到目录下后
tar -xzf seafile-server_*
mkdir installed
mv seafile-server_* installed
2.安装前的准备工作
#其他seafile版本安装,请查询https://cloud.seafile.com/published/seafile-manual-cn/deploy/using_mysql.md
# Debian 12
apt update
apt install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv
apt install -y memcached libmemcached-dev
#mkdir /opt/seafile
#cd /opt/seafile
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3
3.安装
cd seafile-server-*
./setup-seafile-mysql.sh
在这里, 你会被要求选择一种创建 Seafile 数据库的方式:
——————————————————-
Please choose a way to initialize seafile databases:
——————————————————-
[1] Create new ccnet/seafile/seahub databases
[2] Use existing ccnet/seafile/seahub databases
如果选择1, 你需要提供根密码. 脚本程序会创建数据库和用户。
如果选择2, ccnet/seafile/seahub 数据库应该已经被你(或者其他人)提前创建
seafile-server-latest
文件夹为指向当前 Seafile
服务器文件夹的符号链接.
将来你升级到新版本后, 升级脚本会自动更新使其始终指向最新的 Seafile
服务器文件夹。
4.启动seafile
启动 Seafile:
cd ..
cd seafile-server-latest
./seafile.sh start
启动 Seahub
./seahub.sh start
查看进程
pgrep -f seafile-controller # 查看 Seafile 进程
pgrep -f "seahub" # 查看 Seahub 进程
开机启动 Seafile
首先,创建一个脚本来激活 python 虚拟环境
,该脚本位于${seafile_dir}
目录中。换句话说,它不会进入“seafile-server-latest”
,而是进入其上方的目录。
nano /app/seafile/run_with_venv.sh
该文件的内容是:
#!/bin/bash
# Activate the python virtual environment (venv) before starting one of the seafile scripts
dir_name="$(dirname $0)"
source "${dir_name}/python-venv/bin/activate"
script="$1"
shift 1
echo "${dir_name}/seafile-server-latest/${script}" "$@"
"${dir_name}/seafile-server-latest/${script}" "$@"
使该脚本可执行
chmod 755 /app/seafile/run_with_venv.sh
nano /etc/systemd/system/seafile.service
文件内容如下:
[Unit]
Description=Seafile
# add mysql.service or postgresql.service depending on your database to the line below
After=network.target
[Service]
Type=forking
ExecStart=bash /app/seafile/run_with_venv.sh seafile.sh start
ExecStop=bash /app/seafile/seafile-server-latest/seafile.sh stop
LimitNOFILE=infinity
User=root
Group=root
[Install]
WantedBy=multi-user.target
创建 systemd 服务文件 /etc/systemd/system/seahub.service
nano /etc/systemd/system/seahub.service
文件内容如下(如果你想要运行fastcgi模式,请不要忘记修改它。)
[Unit]
Description=Seafile hub
After=network.target seafile.service
[Service]
Type=forking
ExecStart=bash /app/seafile/run_with_venv.sh seahub.sh start
ExecStop=bash /app/seafile/seafile-server-latest/seahub.sh stop
User=root
Group=root
[Install]
WantedBy=multi-user.target
开机启动
systemctl daemon-reload
systemctl enable seafile
systemctl enable seahub
给予文件夹权限
chmod -R 777 /app/seafile/
申请证书
#nginx -s stop
cd
systemctl stop nginx
apt-get install socat curl cron
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
~/.acme.sh/acme.sh --issue -d 网址.com --standalone -k ec-256 --force --test
rm -rf ~/.acme.sh/网址.com_ecc
以上是测试
~/.acme.sh/acme.sh --issue -d 网址.com --standalone -k ec-256 --force
mkdir /etc/nginx/ssl/
~/.acme.sh/acme.sh --installcert -d 网址.com --fullchainpath /etc/nginx/ssl/网址.com.crt --keypath /etc/nginx/ssl/网址.com.key --ecc --force
Nginx配置
打开nginx.conf
nano /etc/nginx/nginx.conf
编辑nginx.conf
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
http {
include /etc/nginx/mime.types; #注意路径
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
large_client_header_buffers 4 32k;
client_max_body_size 10G;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 720;
fastcgi_connect_timeout 3600;
fastcgi_send_timeout 3600;
fastcgi_read_timeout 3600;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
server_tokens off;
include /etc/nginx/conf.d/*.conf;
}
seafile.conf配置
打开seafile.conf
nano /etc/nginx/conf.d/seafile.conf
编辑seafile.conf
server {
listen 0.0.0.0:443 ssl;
server_name 网址.com;
# root /app/seafile/;#路径,按具体情况修改
ssl_certificate /etc/nginx/ssl/网址.com.crt; #pem文件路径
ssl_certificate_key /etc/nginx/ssl/网址.com.key; #key文件路径
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers off;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
# add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";
location / {
#seahub端口,根据实际情况设置,默认是8000
proxy_pass http://127.0.0.1:8000; #使用https链接此处也不必改成https
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
proxy_set_header X-Forwarded-Proto https;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
#seafile的端口,根据实际情况设置,默认是8082
proxy_pass http://127.0.0.1:8082; #使用https链接此处也不必改成https
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_request_buffering off;
}
location /media {
#静态文件路径,根据实际安装路径找到/seafile-server-latest/seahub的位置
root /app/seafile/seafile-server-latest/seahub;
}
}
server {
listen 0.0.0.0:80;
server_name 网址.com;
return 301 https://网址.com$request_uri;
}
保存,重启nginx
systemctl restart nginx
退出虚拟环境
deactivate
之后通过浏览器访问https站点,登陆,点击头像-系统管理-设置,
将SERVICE_URL
改为https://[domain]
,
将FILE_SERVER_ROOT
改为https://[domain]/seafhttp
,
分别点击对号保存,上传应该就正常了。