This lab assumes that we have a running LXD setup based on this gist : UNprivileged lxd containers on top of Open vSwitch
Let's start with a container named seafile.
$ lxc ls
+---------+---------+-------------------+-----------------------------------+------------+-----------+
| NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+---------+---------+-------------------+-----------------------------------+------------+-----------+
| seafile | RUNNING | 192.0.2.78 (eth0) | fdc0:2::216:3eff:fef5:eccf (eth0) | PERSISTENT | 0 |
+---------+---------+-------------------+-----------------------------------+------------+-----------+
Seafile server with sqlite installation instructions are there : Deploying Seafile with SQLite
First, we open a session within the seafile container.
$ lxc exec seafile -- /bin/bash
root@seafile:~# apt install wget
Start by downloading the server tarball, and then extract in /var/lib directory for instance.
wget -q https://download.seadrive.org/seafile-server_7.0.5_x86-64.tar.gz
mkdir /var/lib/seafile
cd /var/lib/seafile
tar xf ~/seafile-server_7.0.5_x86-64.tar.gz
ln -s seafile-server-7.0.5 seafile-server
mkdir installed
mv ~/seafile-server_7.0.5_x86-64.tar.gz installed
Now we have the following tree layout which is almost identical to the one proposed in the official documentation.
root@seafile:/var/lib/seafile# tree . -L 2
.
├── installed
│ └── seafile-server_7.0.5_x86-64.tar.gz
├── seafile-server -> seafile-server-7.0.5
└── seafile-server-7.0.5
├── check_init_admin.py
├── reset-admin.sh
├── runtime
├── seaf-fsck.sh
├── seaf-fuse.sh
├── seaf-gc.sh
├── seafile
├── seafile.sh
├── seahub
├── seahub.sh
├── setup-seafile-mysql.py
├── setup-seafile-mysql.sh
├── setup-seafile.sh
├── sql
└── upgrade
According to the official documentation
apt install python2.7 libpython2.7 python-setuptools python-ldap python-urllib3 sqlite3 python-requests
We run the setup script provided by the server tarball.
cd seafile-server
./setup-seafile.sh
-----------------------------------------------------------------
This script will guide you to config and setup your seafile server.
Make sure you have read seafile server manual at
https://github.com/haiwen/seafile/wiki
Note: This script will guide your to setup seafile server using sqlite3,
which may have problems if your disk is on a NFS/CIFS/USB.
In these cases, we suggest you setup seafile server using MySQL.
Press [ENTER] to continue
-----------------------------------------------------------------
After having answered the few questions we get the following setup.
This is your config information:
server name: localCloud-SF
server ip/domain: seafile.localcloud
seafile data dir: /var/lib/seafile/seafile-data
fileserver port: 8082
First, we start seafile service.
# ./seafile.sh start
[11/04/19 14:31:07] ../common/session.c(132): using config file /var/lib/seafile/conf/ccnet.conf
Starting seafile server, please wait ...
** Message: seafile-controller.c(718): No seafevents.
Seafile server started
Done.
Then, we start the seahub service and we are asked to define the admin account authentication parameters.
# ./seahub.sh start
LC_ALL is not set in ENV, set to en_US.UTF-8
Starting seahub at port 8000 ...
----------------------------------------
It's the first time you start the seafile server. Now let's create the admin account
----------------------------------------
What is the email for the admin account?
[ admin email ] etu@seafile.localcloud
What is the password for the admin account?
[ admin password ]
Enter the password again:
[ admin password again ]
----------------------------------------
Successfully created seafile admin
----------------------------------------
Seahub is started
Done.
Hmm, while checking open ports we find that the seahub service is not properly configured in our container context. The service is waiting for connection on the loopback interface address only.
ss -atn
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 127.0.0.1:8000 0.0.0.0:*
So, we have to stop the service and edit the gunicorn.conf file in order to make it listen on any IP address. Here is a copy of the /var/lib/seafile/conf/gunicorn.conf file.
import os
daemon = True
workers = 5
# default localhost:8000
bind = "[::]:8000"
# Pid
pids_dir = '/var/lib/seafile/pids'
pidfile = os.path.join(pids_dir, 'seahub.pid')
# for file upload, we need a longer timeout value (default is only 30s, too short)
timeout = 1200
limit_request_line = 8190
After a new start of the service we get the following list of network listening processes.
ss -atn
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 0.0.0.0:5355 0.0.0.0:*
LISTEN 0 128 0.0.0.0:8082 0.0.0.0:*
LISTEN 0 128 127.0.0.53%lo:53 0.0.0.0:*
LISTEN 0 128 *:8000 *:*
LISTEN 0 128 [::]:5355 [::]:*
wget -O /dev/null http://localhost:8000
--2019-11-04 15:01:45-- http://localhost:8000/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:8000... connected.
HTTP request sent, awaiting response... 302 Found
Location: /accounts/login/?next=/ [following]
--2019-11-04 15:01:45-- http://localhost:8000/accounts/login/?next=/
Connecting to localhost (localhost)|::1|:8000... connected.
HTTP request sent, awaiting response... 200 OK
Length: 12260 (12K) [text/html]
Saving to: ‘/dev/null’
/dev/null 100%[========================================================================================>] 11.97K --.-KB/s in 0s
2019-11-04 15:01:45 (285 MB/s) - ‘/dev/null’ saved [12260/12260]
After getting the 200 HTTP code, we know that the service is functionnal.
In our container context, only the host system is accessible from the Internet. In order make our new seafile service visible, we have to setup a proxy on the host. We choose to use apache and the official documentation available here : Config Seahub with Apache.
Following the preparation section, we run the following commands.
sudo apt install apache2
sudo a2enmod rewrite
sudo a2enmod proxy_http
sudo systemctl restart apache2
Then we edit the default site definition file : /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
#
# seafile fileserver
#
ProxyPass /seafhttp http://seafile.localcloud:8082
ProxyPassReverse /seafhttp http://seafile.localcloud:8082
RewriteRule ^/seafhttp - [QSA,L]
#
# seahub
#
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPreserveHost On
ProxyPass / http://seafile.localcloud:8000/
ProxyPassReverse / http://seafile.localcloud:8000/
</VirtualHost>
After reloading the apache2 service, we can check the seafile website availability through a brower.
As a proof sample, here is an excerpt of the apache2 access log file : /var/log/apache2/access.log
2001:678:3fc:d6::5 - - [04/Nov/2019:16:27:35 +0100] "GET /accounts/login/?next=/ HTTP/1.1" 200 4399 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.70 Safari/537.36"