安装nginx最新版

#安装先决条件:
apt update
apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring
#导入官方 nginx 签名密钥,以便 apt 可以验证包的真实性。获取密钥:
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
#验证下载的文件是否包含正确的密钥:
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
#输出应包含完整的指纹 573BFD6B3D8FBC641079A6ABABF5BD827BD9BF62
#要为稳定的 nginx 软件包设置 apt 存储库,请运行以下命令:
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/debian `lsb_release -cs` nginx" | tee /etc/apt/sources.list.d/nginx.list
#设置存储库锁定以优先使用我们的包,而不是发行版提供的包
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | tee /etc/apt/preferences.d/99nginx
#要安装 nginx,请运行以下命令:
apt update
apt install nginx

安装mariadb-server

apt install mariadb-server
#安全设置
mysql_secure_installation

1.下载安装包

首先使用一键工具搭建环境

下载seafile

#下载最新版seafile,下载地址查询https://www.seafile.com/download/
wget https://seafile-downloads.oss-cn-shanghai.aliyuncs.com/seafile-server_11.0.12_x86-64.tar.gz
mkdir -p /app/seafile
mv seafile-server_* /app/seafile
cd /app/seafile

将 seafile-server_* 移动到目录下后

tar -xzf seafile-server_*
mkdir installed
mv seafile-server_* installed

2.安装前的准备工作

#其他seafile版本安装,请查询https://cloud.seafile.com/published/seafile-manual-cn/deploy/using_mysql.md
# Debian 12
apt update
apt install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv
apt install -y memcached libmemcached-dev

#mkdir /opt/seafile
#cd /opt/seafile

# create the vitual environment in the python-venv directory
python3 -m venv python-venv

# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active

# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600  django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3

3.安装

cd seafile-server-*
./setup-seafile-mysql.sh

在这里, 你会被要求选择一种创建 Seafile 数据库的方式:

——————————————————-

Please choose a way to initialize seafile databases:

——————————————————-

[1] Create new ccnet/seafile/seahub databases

[2] Use existing ccnet/seafile/seahub databases

如果选择1, 你需要提供根密码. 脚本程序会创建数据库和用户。
如果选择2, ccnet/seafile/seahub 数据库应该已经被你(或者其他人)提前创建

seafile-server-latest文件夹为指向当前 Seafile 服务器文件夹的符号链接.
将来你升级到新版本后, 升级脚本会自动更新使其始终指向最新的 Seafile 服务器文件夹。

4.启动seafile

启动 Seafile:

cd ..
cd seafile-server-latest
./seafile.sh start

启动 Seahub

./seahub.sh start

查看进程

pgrep -f seafile-controller # 查看 Seafile 进程
pgrep -f "seahub" # 查看 Seahub 进程

开机启动 Seafile

首先,创建一个脚本来激活 python 虚拟环境,该脚本位于${seafile_dir}目录中。换句话说,它不会进入“seafile-server-latest”,而是进入其上方的目录。

nano /app/seafile/run_with_venv.sh

该文件的内容是:

#!/bin/bash
# Activate the python virtual environment (venv) before starting one of the seafile scripts

dir_name="$(dirname $0)"
source "${dir_name}/python-venv/bin/activate"
script="$1"
shift 1

echo "${dir_name}/seafile-server-latest/${script}" "$@"
"${dir_name}/seafile-server-latest/${script}" "$@"

使该脚本可执行

chmod 755 /app/seafile/run_with_venv.sh
nano /etc/systemd/system/seafile.service

文件内容如下:

[Unit]
Description=Seafile
# add mysql.service or postgresql.service depending on your database to the line below
After=network.target

[Service]
Type=forking
ExecStart=bash /app/seafile/run_with_venv.sh seafile.sh start
ExecStop=bash /app/seafile/seafile-server-latest/seafile.sh stop
LimitNOFILE=infinity
User=root
Group=root

[Install]
WantedBy=multi-user.target

创建 systemd 服务文件 /etc/systemd/system/seahub.service

nano /etc/systemd/system/seahub.service

文件内容如下(如果你想要运行fastcgi模式,请不要忘记修改它。)

[Unit]
Description=Seafile hub
After=network.target seafile.service

[Service]
Type=forking
ExecStart=bash /app/seafile/run_with_venv.sh seahub.sh start
ExecStop=bash /app/seafile/seafile-server-latest/seahub.sh stop
User=root
Group=root

[Install]
WantedBy=multi-user.target

开机启动

systemctl daemon-reload
systemctl enable seafile
systemctl enable seahub

给予文件夹权限

chmod -R 777 /app/seafile/

申请证书

#nginx -s stop
cd
systemctl stop nginx
apt-get install socat curl cron
curl https://get.acme.sh | sh
~/.acme.sh/acme.sh --set-default-ca --server letsencrypt
~/.acme.sh/acme.sh --issue -d 网址.com --standalone -k ec-256 --force --test
rm -rf ~/.acme.sh/网址.com_ecc
以上是测试
~/.acme.sh/acme.sh --issue -d 网址.com --standalone -k ec-256 --force
mkdir /etc/nginx/ssl/
~/.acme.sh/acme.sh --installcert -d 网址.com --fullchainpath /etc/nginx/ssl/网址.com.crt --keypath /etc/nginx/ssl/网址.com.key --ecc --force

Nginx配置
打开nginx.conf

nano /etc/nginx/nginx.conf

编辑nginx.conf

user  root;
worker_processes  auto;
error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;
events {
    use epoll;
    worker_connections  1024;
    multi_accept on;
}
http {
    include /etc/nginx/mime.types; #注意路径
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
        access_log  /var/log/nginx/access.log  main;
        server_names_hash_bucket_size 512;
        client_header_buffer_size 32k;
        large_client_header_buffers 4 32k;
        client_max_body_size 10G;
 
        sendfile        on;
        tcp_nopush     on;
        tcp_nodelay on;
        keepalive_timeout 720;
 
        fastcgi_connect_timeout 3600;
        fastcgi_send_timeout 3600;
        fastcgi_read_timeout 3600;
        fastcgi_buffer_size 64k;
        fastcgi_buffers 4 64k;
        fastcgi_busy_buffers_size 128k;
        fastcgi_temp_file_write_size 256k;
        fastcgi_intercept_errors on;
 
        server_tokens off;
        include /etc/nginx/conf.d/*.conf;
}

seafile.conf配置

打开seafile.conf

nano /etc/nginx/conf.d/seafile.conf

编辑seafile.conf

server {
     listen 0.0.0.0:443 ssl;
     server_name  网址.com;
#    root /app/seafile/;#路径,按具体情况修改
     ssl_certificate /etc/nginx/ssl/网址.com.crt;   #pem文件路径
     ssl_certificate_key /etc/nginx/ssl/网址.com.key; #key文件路径
     ssl_session_timeout 5m;
     ssl_protocols  TLSv1.2 TLSv1.3;
     ssl_ciphers           TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
     ssl_prefer_server_ciphers off;
     proxy_set_header X-Forwarded-For $remote_addr;
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
     server_tokens off;
#    add_header Content-Security-Policy "upgrade-insecure-requests;connect-src *";
        location / {
             #seahub端口,根据实际情况设置,默认是8000
             proxy_pass         http://127.0.0.1:8000; #使用https链接此处也不必改成https
             proxy_set_header   Host $host;
             proxy_set_header   X-Real-IP $remote_addr;
             proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header   X-Forwarded-Host $server_name;
             proxy_read_timeout  1200s;
             proxy_set_header   X-Forwarded-Proto https;
            # used for view/edit office file via Office Online Server
             client_max_body_size 0;
        }
        location /seafhttp {
            rewrite ^/seafhttp(.*)$ $1 break;
            #seafile的端口,根据实际情况设置,默认是8082
            proxy_pass http://127.0.0.1:8082; #使用https链接此处也不必改成https
            client_max_body_size 0;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout  36000s;
            proxy_read_timeout  36000s;
            proxy_send_timeout  36000s;
            send_timeout  36000s;
            proxy_request_buffering off;
        }
        location /media {
            #静态文件路径,根据实际安装路径找到/seafile-server-latest/seahub的位置
            root /app/seafile/seafile-server-latest/seahub;
        }
}
server {
     listen       0.0.0.0:80;
     server_name  网址.com;
     return 301 https://网址.com$request_uri;
}

保存,重启nginx

systemctl restart nginx

退出虚拟环境

deactivate

之后通过浏览器访问https站点,登陆,点击头像-系统管理-设置,
SERVICE_URL改为https://[domain]
FILE_SERVER_ROOT改为https://[domain]/seafhttp
分别点击对号保存,上传应该就正常了。

最后修改:2024 年 09 月 24 日
如果觉得我的文章对你有用,请随意赞赏