Created
May 18, 2015 18:20
-
-
Save alexanderjackson/a5100c25bb434424f86b to your computer and use it in GitHub Desktop.
seafile-pro-installer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#set -x | |
# ------------------------------------------- | |
# Vars | |
# ------------------------------------------- | |
SEAFILE_ADMIN=admin@seafile.lan | |
SEAFILE_USER=seafile | |
SEAFILE_SERVER_NAME=$(hostname -s | cut -c -16) | |
SEAFILE_DNS=$(hostname -i) | |
HOSTNAME=$(hostname -i) | |
FILESERVER_PORT=8082 | |
SERVER_PORT=10001 | |
SEAFILE_SERVER_PORT=12001 | |
# Don't touch the following variable, unless you know what you are doing | |
SEAFILE_VERSION=4.1.2 | |
SEAFILE_EDITION=pro-server | |
SEAFILE_SOURCE=/usr/src/seafile/seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz | |
# ------------------------------------------- | |
# Seafile Server Professional Edition on Debian Jessie (64bit) | |
# ------------------------------------------- | |
clear | |
cat <<EOF | |
Install Seafile Professional Server on a Debian Jessie (64bit) | |
- Newest Seafile Professional server, MariaDB, Memcached, NGINX - | |
----------------------------------------------------------------- | |
This installer is meant to run on a freshly installed machine | |
only. If you run it on a production server things can and | |
probably will go terrible wrong and you will loose valuable | |
data! | |
For questions or suggestions please contact me at | |
alexander.jackson@seafile.com.de | |
----------------------------------------------------------------- | |
Hit return to proceed or CTRL-C to abort. | |
EOF | |
read dummy | |
clear | |
# ------------------------------------------- | |
# Ensure we are running the installer as root | |
# ------------------------------------------- | |
if [[ $EUID -ne 0 ]]; then | |
echo " Aborting because you are not root" ; exit 1 | |
fi | |
# ------------------------------------------- | |
# Abort if user seafile exists | |
# ------------------------------------------- | |
if getent passwd ${SEAFILE_USER} > /dev/null 2>&1 ; | |
then | |
echo " Aborting because user ${SEAFILE_USER} already exist" ; exit 1 | |
fi | |
# ------------------------------------------- | |
# Abort if directory /opt/seafile/ exists | |
# ------------------------------------------- | |
if [[ -d "/opt/seafile/" ]] ; | |
then | |
echo " Aborting because directory /opt/seafile/ already exist" ; exit 1 | |
fi | |
# ------------------------------------------- | |
# Update System | |
# ------------------------------------------- | |
apt-get update | |
apt-get dist-upgrade -y | |
# ------------------------------------------- | |
# Additional requirements | |
# ------------------------------------------- | |
apt-get install sudo ntp htop pwgen curl openssl unattended-upgrades -y | |
# ------------------------------------------- | |
# ensure correct time is set | |
# ------------------------------------------- | |
ntpd -gq | |
# ------------------------------------------- | |
# Security programs | |
# ------------------------------------------- | |
apt-get install ufw fail2ban -y | |
# ------------------------------------------- | |
# Activate firewall | |
# ------------------------------------------- | |
for i in ssh http https ; do ufw allow $i; done | |
yes | ufw enable | |
# ------------------------------------------- | |
# Seafile requirements | |
# ------------------------------------------- | |
apt-get install python-setuptools python-simplejson python-imaging python-mysqldb \ | |
openjdk-7-jre memcached python-memcache libreoffice python-uno poppler-utils -y | |
# ------------------------------------------- | |
# NGINX | |
# ------------------------------------------- | |
cat > /etc/apt/sources.list.d/nginx.list <<EOF | |
deb http://nginx.org/packages/mainline/debian/ jessie nginx | |
deb-src http://nginx.org/packages/mainline/debian/ jessie nginx | |
EOF | |
wget -O - http://nginx.org/packages/keys/nginx_signing.key | apt-key add - | |
apt-get update | |
apt-get upgrade -y | |
apt-get install nginx -y | |
rm /etc/nginx/conf.d/* | |
cat > /etc/nginx/conf.d/seafile.conf <<'EOF' | |
server { | |
listen 80; | |
server_name ""; | |
return 301 https://$http_host$request_uri?; | |
} | |
server { | |
listen 443 spdy; | |
server_name ""; | |
ssl on; | |
ssl_certificate /etc/nginx/ssl/seafile.crt; | |
ssl_certificate_key /etc/nginx/ssl/seafile.key; | |
location / { | |
fastcgi_pass 127.0.0.1:8000; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_param PATH_INFO $fastcgi_script_name; | |
fastcgi_param SERVER_PROTOCOL $server_protocol; | |
fastcgi_param QUERY_STRING $query_string; | |
fastcgi_param REQUEST_METHOD $request_method; | |
fastcgi_param CONTENT_TYPE $content_type; | |
fastcgi_param CONTENT_LENGTH $content_length; | |
fastcgi_param SERVER_ADDR $server_addr; | |
fastcgi_param SERVER_PORT $server_port; | |
fastcgi_param SERVER_NAME $server_name; | |
fastcgi_param HTTPS on; | |
fastcgi_param HTTP_SCHEME https; | |
access_log /var/log/nginx/seahub.access.log; | |
error_log /var/log/nginx/seahub.error.log; | |
} | |
location /seafhttp { | |
rewrite ^/seafhttp(.*)$ $1 break; | |
proxy_pass http://127.0.0.1:8082; | |
client_max_body_size 0; | |
proxy_connect_timeout 36000s; | |
proxy_read_timeout 36000s; | |
} | |
location /media { | |
root /opt/seafile/seafile-server-latest/seahub; | |
} | |
location /seafdav { | |
fastcgi_pass 127.0.0.1:8080; | |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | |
fastcgi_param PATH_INFO $fastcgi_script_name; | |
fastcgi_param SERVER_PROTOCOL $server_protocol; | |
fastcgi_param QUERY_STRING $query_string; | |
fastcgi_param REQUEST_METHOD $request_method; | |
fastcgi_param CONTENT_TYPE $content_type; | |
fastcgi_param CONTENT_LENGTH $content_length; | |
fastcgi_param SERVER_ADDR $server_addr; | |
fastcgi_param SERVER_PORT $server_port; | |
fastcgi_param SERVER_NAME $server_name; | |
fastcgi_param HTTPS on; | |
client_max_body_size 0; | |
access_log /var/log/nginx/seafdav.access.log; | |
error_log /var/log/nginx/seafdav.error.log; | |
} | |
} | |
EOF | |
mkdir /etc/nginx/ssl | |
openssl genrsa -out /etc/nginx/ssl/seafile.key 4096 | |
openssl req -new -x509 -key /etc/nginx/ssl/seafile.key -out /etc/nginx/ssl/seafile.crt -days 10950 -batch | |
# ------------------------------------------- | |
# Create optimized nginx.conf | |
# ------------------------------------------- | |
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup | |
cat > /etc/nginx/nginx.conf <<'ENDOFFILE' | |
user nginx nginx; | |
worker_processes 4; | |
events { | |
worker_connections 8096; | |
multi_accept on; | |
use epoll; | |
} | |
pid /var/run/nginx.pid; | |
worker_rlimit_nofile 40000; | |
http { | |
server_tokens off; | |
server_names_hash_bucket_size 128; | |
client_max_body_size 50M; | |
include /etc/nginx/mime.types; | |
default_type application/octet-stream; | |
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' | |
'$status $body_bytes_sent "$http_referer" ' | |
'"$http_user_agent" "$http_x_forwarded_for"'; | |
access_log /var/log/nginx/access.log main; | |
error_log /var/log/nginx/error.log warn; | |
sendfile on; | |
tcp_nopush on; | |
tcp_nodelay on; | |
client_body_timeout 12; | |
client_header_timeout 12; | |
keepalive_timeout 15; | |
send_timeout 10; | |
gzip on; | |
gzip_vary on; | |
gzip_proxied expired no-cache no-store private auth any; | |
gzip_comp_level 9; | |
gzip_min_length 10240; | |
gzip_buffers 16 8k; | |
gzip_http_version 1.1; | |
gzip_types text/plain text/css text/xml text/javascript application/javascript application/x-javascript application/xml font/woff2; | |
gzip_disable "MSIE [1-6]."; | |
include /etc/nginx/conf.d/*.conf; | |
include /etc/nginx/sites-enabled/*; | |
map $scheme $php_https { default off; https on; } | |
include perfect-forward-secrecy.conf; | |
} | |
ENDOFFILE | |
# ------------------------------------------- | |
# Setup perfect forward secrecy | |
# ------------------------------------------- | |
openssl dhparam -dsaparam -out /etc/nginx/dh4096.pem 4096 | |
cat > /etc/nginx/perfect-forward-secrecy.conf <<'EOF' | |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | |
ssl_prefer_server_ciphers on; | |
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA"; | |
ssl_dhparam dh4096.pem; | |
ssl_session_cache shared:SSL:10m; | |
ssl_session_timeout 10m; | |
EOF | |
# ------------------------------------------- | |
# Fix NGINX worker_processes to number of CPU cores | |
# ------------------------------------------- | |
CPUS=$(cat /proc/cpuinfo | grep processor | wc | awk '{ print $1 }') | |
eval "sed -i 's/worker_processes.*/worker_processes $CPUS;/g' /etc/nginx/nginx.conf" | |
systemctl restart nginx | |
# ------------------------------------------- | |
# MariaDB | |
# ------------------------------------------- | |
DEBIAN_FRONTEND=noninteractive apt-get install mariadb-server -y | |
SQLROOTPW=$(pwgen) | |
mysqladmin -u root password $SQLROOTPW | |
cat > /root/.my.cnf <<EOF | |
[client] | |
user=root | |
password=$SQLROOTPW | |
EOF | |
chmod 600 /root/.my.cnf | |
# ------------------------------------------- | |
# Seafile init script | |
# ------------------------------------------- | |
cat > /etc/init.d/seafile-server <<'EOF' | |
#!/bin/bash | |
### BEGIN INIT INFO | |
# Provides: seafile-server | |
# Required-Start: $remote_fs $syslog mysql | |
# Required-Stop: $remote_fs $syslog | |
# Default-Start: 2 3 4 5 | |
# Default-Stop: 0 1 6 | |
# Short-Description: Seafile server | |
# Description: Start Seafile server | |
### END INIT INFO | |
# Author: Alexander Jackson <alexander.jackson@seafile.com.de> | |
# | |
# Change the value of "user" to your linux user name | |
USER=seafile | |
# Change the value of "SEAFILE_DIR" to your path of seafile installation | |
SEAFILE_DIR=/opt/seafile | |
SCRIPT_PATH=${SEAFILE_DIR}/seafile-server-latest | |
SEAFILE_INIT_LOG=${SEAFILE_DIR}/logs/seafile.init.log | |
SEAHUB_INIT_LOG=${SEAFILE_DIR}/logs/seahub.init.log | |
# Change the value of fastcgi to true if fastcgi is to be used | |
fastcgi=true | |
# Set the port of fastcgi, default is 8000. Change it if you need different. | |
fastcgi_port=8000 | |
case "$1" in | |
start) | |
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh start >> ${SEAFILE_INIT_LOG} | |
if [ $fastcgi = true ]; | |
then | |
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh start-fastcgi ${fastcgi_port} >> ${SEAHUB_INIT_LOG} | |
else | |
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh start >> ${SEAHUB_INIT_LOG} | |
fi | |
;; | |
restart) | |
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh restart >> ${SEAFILE_INIT_LOG} | |
if [ $fastcgi = true ]; | |
then | |
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${SEAHUB_INIT_LOG} | |
else | |
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh restart >> ${SEAHUB_INIT_LOG} | |
fi | |
;; | |
stop) | |
sudo -u ${USER} ${SCRIPT_PATH}/seafile.sh $1 >> ${SEAFILE_INIT_LOG} | |
sudo -u ${USER} ${SCRIPT_PATH}/seahub.sh $1 >> ${SEAHUB_INIT_LOG} | |
;; | |
*) | |
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}" | |
exit 1 | |
;; | |
esac | |
EOF | |
chmod +x /etc/init.d/seafile-server | |
systemctl enable seafile-server | |
# ------------------------------------------- | |
# Install seafile-server-change-address script | |
# ------------------------------------------- | |
cat > /usr/local/sbin/seafile-server-change-address <<'ENDOFFILE' | |
#/bin/bash | |
#set -x | |
# ------------------------------------------- | |
# Vars | |
# ------------------------------------------- | |
HOSTNAME=$(hostname -f) | |
SEAFILE_DIR=/opt/seafile | |
# ------------------------------------------- | |
# Intro | |
# ------------------------------------------- | |
clear | |
cat <<EOF | |
Mit diesem Skript können Sie die Adresse Ihres | |
Seafile Servers Ändern. Das ist zum Beispiel nötig wenn | |
sich Ihre Domain- oder IP-Adresse geändert hat. | |
Wird Seafile mit der falschen Adresse betrieben, | |
funktioniert der Up- und Download von Dateien nicht. | |
Soll der Server mittes Portweiterleitung erreichbar | |
sein, verwenden Sie bitte die öffentliche oder externe | |
IP Ihres Routers bzw. einen öffentlich Domainnamen. | |
Bei Falscheingaben rufen Sie das Skript bitte erneut auf. | |
Der aktuelle Hostname wird vorausgefüllt. Ggf. einfach | |
ändern. | |
EOF | |
echo "Geben Sie jetzt die neue IP oder Domainadresse" | |
read -e -p "Neue Domainadresse:" -i " ${HOSTNAME}" URL | |
cat <<EOF | |
Die eingebenen Adresse lautet: ${URL} | |
------------------------------------------- | |
Fortfahren mit ENTER. Abruch mit STRG-C... | |
EOF | |
read dummy | |
clear | |
# ------------------------------------------- | |
# Aendere Adressen in seahub_settings.py und ccnet.conf | |
# ------------------------------------------- | |
sed -i "s/^SITE_BASE.*/SITE_BASE = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py | |
sed -i "s/^SITE_NAME.*/SITE_NAME = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py | |
sed -i "s/^SITE_TITLE.*/SITE_TITLE = \'${URL}\'/g" ${SEAFILE_DIR}/seahub_settings.py | |
sed -i "s/^FILE_SERVER_ROOT.*/FILE_SERVER_ROOT = '\https:\/\/${URL}\/seafhttp\'/g" ${SEAFILE_DIR}/seahub_settings.py | |
sed -i "s/^SERVICE_URL.*/SERVICE_URL = https:\/\/${URL}/g" ${SEAFILE_DIR}/ccnet/ccnet.conf | |
# ------------------------------------------- | |
# Starte Seafile neu | |
# ------------------------------------------- | |
systemctl restart seafile-server | |
# ------------------------------------------- | |
# Outro | |
# ------------------------------------------- | |
cat <<EOF | |
Fertig! Der Seafile Server wurde neu gestartet. | |
Seahub sollte nun über https://${HOSTNAME} erreichbar sein. | |
EOF | |
ENDOFFILE | |
chmod 500 /usr/local/sbin/seafile-server-change-address | |
# ------------------------------------------- | |
# Seafile | |
# ------------------------------------------- | |
adduser --system --gecos "${SEAFILE_USER}" ${SEAFILE_USER} --home /opt/seafile | |
mkdir -p /opt/seafile/installed | |
cd /opt/seafile/ | |
cp ${SEAFILE_SOURCE} ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz | |
tar xzf ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz | |
mv ./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz installed/./seafile-${SEAFILE_EDITION}_${SEAFILE_VERSION}_x86-64.tar.gz | |
# ------------------------------------------- | |
# Seafile DB | |
# ------------------------------------------- | |
SQLSEAFILEPW=$(pwgen) | |
cat > /opt/seafile/.my.cnf <<EOF | |
[client] | |
user=seafile | |
password=$SQLSEAFILEPW | |
EOF | |
chmod 600 /opt/seafile/.my.cnf | |
chown -R ${SEAFILE_USER}.nogroup /opt/seafile/ | |
mysql -e "CREATE DATABASE IF NOT EXISTS \`ccnet-db\` character set = 'utf8';" | |
mysql -e "CREATE DATABASE IF NOT EXISTS \`seafile-db\` character set = 'utf8';" | |
mysql -e "CREATE DATABASE IF NOT EXISTS \`seahub-db\` character set = 'utf8';" | |
mysql -e "create user 'seafile'@'localhost' identified by '$SQLSEAFILEPW';" | |
mysql -e "GRANT ALL PRIVILEGES ON \`ccnet-db\`.* to \`seafile\`;" | |
mysql -e "GRANT ALL PRIVILEGES ON \`seafile-db\`.* to \`seafile\`;" | |
mysql -e "GRANT ALL PRIVILEGES ON \`seahub-db\`.* to \`seafile\`;" | |
mysql seahub-db < /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub/sql/mysql.sql | |
# ------------------------------------------- | |
# Go to /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION} | |
# ------------------------------------------- | |
cd /opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/ | |
# ------------------------------------------- | |
# Vars - Don't touch these unless you really know what you are doing! | |
# ------------------------------------------- | |
SCRIPT=$(readlink -f "$0") | |
INSTALLPATH=/opt/seafile/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/ | |
TOPDIR=$(dirname "${INSTALLPATH}") | |
SRC_DOCS_DIR=${INSTALLPATH}/seafile/docs/ | |
SEAHUB_SECRET_KEYGEN=${INSTALLPATH}/seahub/tools/secret_key_generator.py | |
DEFAULT_CCNET_CONF_DIR=${TOPDIR}/ccnet | |
DEFAULT_SEAFILE_DATA_DIR=${TOPDIR}/seafile-data | |
DEFAULT_SEAHUB_DB=${TOPDIR}/seahub.db | |
DEFAULT_CONF_DIR=${TOPDIR}/conf | |
SEAFILE_DATA_DIR=${TOPDIR}/seafile-data | |
LIBRARY_TEMPLATE_DIR=${SEAFILE_DATA_DIR}/library-template | |
DEST_SETTINGS_PY=${TOPDIR}/seahub_settings.py | |
CCNET_INIT=${INSTALLPATH}/seafile/bin/ccnet-init | |
SEAF_SERVER_INIT=${INSTALLPATH}/seafile/bin/seaf-server-init | |
MEDIA_DIR=${INSTALLPATH}/seahub/media | |
ORIG_AVATAR_DIR=${INSTALLPATH}/seahub/media/avatars | |
DEST_AVATAR_DIR=${TOPDIR}/seahub-data/avatars | |
SEAFILE_SERVER_SYMLINK=${TOPDIR}/seafile-server-latest | |
# ------------------------------------------- | |
# Create ccnet conf | |
# ------------------------------------------- | |
export SEAFILE_LD_LIBRARY_PATH=${INSTALLPATH}/seafile/lib/:${INSTALLPATH}/seafile/lib64:${LD_LIBRARY_PATH} | |
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH "${CCNET_INIT}" -c "${DEFAULT_CCNET_CONF_DIR}" \ | |
--name "${SEAFILE_SERVER_NAME}" --port "${SERVER_PORT}" --host "${SEAFILE_DNS}" | |
# Fix service url | |
eval "sed -i 's/^SERVICE_URL.*/SERVICE_URL = https:\/\/${SEAFILE_DNS}/' ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf" | |
# ------------------------------------------- | |
# Create seafile conf | |
# ------------------------------------------- | |
LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${SEAF_SERVER_INIT} --seafile-dir "${SEAFILE_DATA_DIR}" \ | |
--port ${SEAFILE_SERVER_PORT} --fileserver-port ${FILESERVER_PORT} | |
# ------------------------------------------- | |
# Write seafile.ini | |
# ------------------------------------------- | |
echo "${SEAFILE_DATA_DIR}" > "${DEFAULT_CCNET_CONF_DIR}/seafile.ini" | |
# ------------------------------------------- | |
# Configure Seafile WebDAV Server(SeafDAV) | |
# ------------------------------------------- | |
mkdir -p ${DEFAULT_CONF_DIR} | |
cat > ${DEFAULT_CONF_DIR}/seafdav.conf <<EOF | |
[WEBDAV] | |
enabled = true | |
port = 8080 | |
fastcgi = true | |
share_name = /seafdav | |
EOF | |
# ------------------------------------------- | |
# generate seahub_settings.py | |
# ------------------------------------------- | |
key=$(python "${SEAHUB_SECRET_KEYGEN}") | |
echo "SECRET_KEY = \"${key}\"" > "${DEST_SETTINGS_PY}" | |
# ------------------------------------------- | |
# prepare avatar directory | |
# ------------------------------------------- | |
mkdir -p "${TOPDIR}/seahub-data" | |
mv "${ORIG_AVATAR_DIR}" "${DEST_AVATAR_DIR}" | |
ln -s ../../../seahub-data/avatars ${MEDIA_DIR} | |
# ------------------------------------------- | |
# create logs directory | |
# ------------------------------------------- | |
mkdir -p "${TOPDIR}/logs" | |
# ------------------------------------------- | |
# Create symlink for current server version | |
# ------------------------------------------- | |
ln -s $(basename ${INSTALLPATH}) ${SEAFILE_SERVER_SYMLINK} | |
# Fix permissions | |
chmod 0600 "$DEST_SETTINGS_PY" | |
chmod 0700 "$DEFAULT_CCNET_CONF_DIR" | |
chmod 0700 "$SEAFILE_DATA_DIR" | |
chmod 0700 "$DEFAULT_CONF_DIR" | |
# ------------------------------------------- | |
# copy user manuals to library template | |
# ------------------------------------------- | |
mkdir -p ${LIBRARY_TEMPLATE_DIR} | |
cp -f ${SRC_DOCS_DIR}/*.doc ${LIBRARY_TEMPLATE_DIR} | |
# ------------------------------------------- | |
# Setup professional features | |
# ------------------------------------------- | |
PRO_PY=${INSTALLPATH}/pro/pro.py | |
$PYTHON ${PRO_PY} setup | |
# ------------------------------------------- | |
# Configuring ccnet.conf | |
# ------------------------------------------- | |
SEAFILESQLPW=$(grep password /opt/seafile/.my.cnf | awk -F'=' {'print $2'}) | |
cat >> ${DEFAULT_CCNET_CONF_DIR}/ccnet.conf <<EOF | |
[Database] | |
ENGINE = mysql | |
HOST = 127.0.0.1 | |
PORT = 3306 | |
USER = seafile | |
PASSWD = ${SEAFILESQLPW} | |
DB = ccnet-db | |
CONNECTION_CHARSET = utf8 | |
EOF | |
# ------------------------------------------- | |
# Configuring seahub_settings.py | |
# ------------------------------------------- | |
cat >> ${DEST_SETTINGS_PY} <<EOF | |
DATABASES = { | |
'default': { | |
'ENGINE': 'django.db.backends.mysql', | |
'NAME': 'seahub-db', | |
'USER': 'seafile', | |
'PASSWORD': '${SEAFILESQLPW}', | |
'HOST': '127.0.0.1', | |
'PORT': '3306', | |
'OPTIONS': { | |
'init_command': 'SET storage_engine=INNODB', | |
} | |
} | |
} | |
CACHES = { | |
'default': { | |
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', | |
'LOCATION': '127.0.0.1:11211', | |
} | |
} | |
EMAIL_USE_TLS = False | |
EMAIL_HOST = 'localhost' | |
EMAIL_HOST_USER = '' | |
EMAIL_HOST_PASSWORD = '' | |
EMAIL_PORT = '25' | |
DEFAULT_FROM_EMAIL = 'seafile@${SEAFILE_DNS}' | |
SERVER_EMAIL = 'EMAIL_HOST_USER' | |
TIME_ZONE = 'Europe/Berlin' | |
SITE_BASE = 'https://${SEAFILE_DNS}' | |
SITE_NAME = 'Seafile Professional Server' | |
SITE_TITLE = 'Seafile Professional Server' | |
SITE_ROOT = '/' | |
USE_PDFJS = True | |
ENABLE_SIGNUP = False | |
ACTIVATE_AFTER_REGISTRATION = False | |
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True | |
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True | |
CLOUD_MODE = False | |
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024 | |
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 | |
SESSION_SAVE_EVERY_REQUEST = False | |
SESSION_EXPIRE_AT_BROWSER_CLOSE = False | |
FILE_SERVER_ROOT = 'https://${SEAFILE_DNS}/seafhttp' | |
REPO_PASSWORD_MIN_LENGTH = 8 | |
USER_PASSWORD_MIN_LENGTH = 6 | |
USER_PASSWORD_STRENGTH_LEVEL = 3 | |
USER_STRONG_PASSWORD_REQUIRED = True | |
ENABLE_MAKE_GROUP_PUBLIC = False | |
ENABLE_THUMBNAIL = True | |
THUMBNAIL_ROOT = '${TOPDIR}/seahub-data/thumbnail/thumb/' | |
THUMBNAIL_EXTENSION = 'png' | |
THUMBNAIL_DEFAULT_SIZE = '24' | |
PREVIEW_DEFAULT_SIZE = '100' | |
EOF | |
# ------------------------------------------- | |
# Backup check_init_admin.py befor applying changes | |
# ------------------------------------------- | |
cp ${INSTALLPATH}/check_init_admin.py ${INSTALLPATH}/check_init_admin.py.backup | |
# ------------------------------------------- | |
# Set admin credentials in check_init_admin.py | |
# ------------------------------------------- | |
SEAFILE_ADMIN_PW=$(pwgen) | |
eval "sed -i 's/= ask_admin_email()/= \"${SEAFILE_ADMIN}\"/' ${INSTALLPATH}/check_init_admin.py" | |
eval "sed -i 's/= ask_admin_password()/= \"${SEAFILE_ADMIN_PW}\"/' ${INSTALLPATH}/check_init_admin.py" | |
# ------------------------------------------- | |
# Start and stop Seafile eco system. This generates the initial admin user. | |
# ------------------------------------------- | |
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seafile.sh start | |
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub.sh start | |
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seahub.sh stop | |
${TOPDIR}/seafile-${SEAFILE_EDITION}-${SEAFILE_VERSION}/seafile.sh stop | |
# ------------------------------------------- | |
# Restore original check_init_admin.py | |
# ------------------------------------------- | |
mv ${INSTALLPATH}/check_init_admin.py.backup ${INSTALLPATH}/check_init_admin.py | |
# ------------------------------------------- | |
# Fix permissions | |
# ------------------------------------------- | |
chown ${SEAFILE_USER}.nogroup -R /opt/seafile/ | |
# ------------------------------------------- | |
# Start seafile server | |
# ------------------------------------------- | |
echo "Starting productive Seafile server" | |
systemctl restart seafile-server | |
# ------------------------------------------- | |
# Final report | |
# ------------------------------------------- | |
cat > ${SEAFILE_DIR}/seafile-pro-installer.log<<EOF | |
Your Seafile server is installed | |
----------------------------------------------------------------- | |
Server Name: ${SEAFILE_SERVER_NAME} | |
Server Address: https://${SEAFILE_DNS} | |
Seafile Admin: ${SEAFILE_ADMIN} | |
Admin Password: ${SEAFILE_ADMIN_PW} | |
Seafile Data Dir: ${SEAFILE_DATA_DIR} | |
Seafile DB Credentials: Check /opt/seafile/.my.cnf | |
Root DB Credentials: Check /root/.my.cnf | |
This report is also saved to ${SEAFILE_DIR}/seafile-pro-installer.log | |
Next you should manually complete the following steps | |
----------------------------------------------------------------- | |
1) Run seafile-server-change-address to add your Seafile servers DNS name | |
2) If this server is behind a firewall, you need to ensure that | |
tcp port 443 for the NGINX reverse proxy is open. Optionally | |
you may also open tcp port 80 which redirects all unencrypted | |
http traffic to the encrypted https port. | |
3) Seahub tries to send emails via the local server. Install and | |
configure Postfix for this to work. | |
Optional steps | |
----------------------------------------------------------------- | |
1) Check seahub_settings.py and customize it to fit your needs. Consult | |
http://manual.seafile.com/config/seahub_settings_py.html for possible switches. | |
2) Setup NGINX with official SSL certificate. | |
3) Harden system with port knocking, fail2ban, etc. | |
5) Enable unattended installation of security updates. Check | |
https://wiki.debian.org/UnattendedUpgrades for details. | |
6) Implement a backup routine for your Seafile server. | |
7) Update NGINX worker processes to reflect the number of CPU cores. | |
Seafile support options | |
----------------------------------------------------------------- | |
For free community support visit: https://forum.seafile-server.org | |
For paid commercial support visit: https://seafile.com.de | |
Contribute | |
----------------------------------------------------------------- | |
Please contact alexander.jackson@seafile.com.de | |
for bugs or suggestions about this installer. Thank you! | |
EOF | |
chmod 600 ${SEAFILE_DIR}/seafile-pro-installer.log | |
chown -R ${SEAFILE_USER}.nogroup ${SEAFILE_DIR}/seafile-pro-installer.log | |
clear | |
less ${SEAFILE_DIR}/seafile-pro-installer.log | |
echo I am finished, enjoy! \;-\) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment