Debian10安装seafile-pro-6.x记录
一、Debian安装配置
-
Debian最小安装(只安装ssh服务)
-
安装完成先设置网络,root账户登陆,输入
nano /etc/network/interfaces
改为如下设置
# The loopback network interface auto lo iface lo inet loopback # The primary network interface # iface enp3s0 inet dhcp allow-hotplug enp3s0 auto enp3s0 iface enp3s0 inet static address 192.168.1.200 netmask 255.255.255.0 gateway 192.168.1.1
附 nano简单操作:
操作 指令 删除行 Ctrl + k 保存 Ctrl + o 退出 Ctrl + x 设置dns比较麻烦些,后来发现在路由器中,通过指定MAC分配IP更为方便。
-
使用自建用户usera远程登陆debian主机:
ssh usera@192.168.1.200
-
切换 root 用户后开始配置。
-
配置国内 apt 源;
nano /etc/apt/sources.list
进入后,粘贴如下内容
deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster main non-free contrib deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main non-free contrib deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main non-free contrib deb http://mirrors.tuna.tsinghua.edu.cn/debian-security/ buster/updates main non-free contrib deb-src http://mirrors.tuna.tsinghua.edu.cn/debian/ buster main non-free contrib deb-src http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main non-free contrib deb-src http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main non-free contrib deb-src http://mirrors.tuna.tsinghua.edu.cn/debian-security/ buster/updates main non-free contrib
-
将自建用户加入sudo用户组:
先安装sudo工具;
apt update apt-get install sudo
修改 /etc/sudoers 文件属性为可写
chmod +w /etc/sudoers
编辑 /etc/sudoers 在
root ALL=(ALL:ALL) ALL
后,添加如下行
usera ALL=(ALL:ALL) ALL
-
保存退出后,变更sudoers文件属性为不可写
chmod -w /etc/sudoers
配置ssh为自建用户可远程root登陆;nano /etc/ssh/sshd_config
修改#PermitRootLogin prohibit-password
为PermitRootLogin yes
-
安装防火墙配置工具ufw;
apt install ufw
ufw disable
-
重启Debian主机。
-
安装配置FTP工具vsftpd(不是必须项);
sudo apt install vsftpd
sudo nano /etc/vsftpd.conf
修改为
listen=YES #listen_ipv6=YES write_enable=YES
重启vsftpd服务
sudo /etc/init.d/./vsftpd restart
二、下载所需软件
- seafile下载
历史版本
(https://download.seafile.com/d/6e5297246c/?p=%2F&mode=list/) 中找到seafile-pro-server_6.3.14_x86-64.tar.gz
下载; - java下载
下载jdk8版本,Linux x64 Compressed Archive
(https://www.oracle.com/java/technologies/javase-jdk8-downloads.html) 版; - FTP上传以上软件包到usera目录,
或者使用scp命令传送:
在主机终端,未使用ssh登陆的情况下,例如:
其中scp Downloads/NAS/jdk-8u241-linux-x64.tar.gz usera@192.168.1.200:/home/usera/
Downloads/NAS/jdk-8u241-linux-x64.tar.gz
为本地文件,usera@192.168.16.10:/home/usera/
表示远程登陆用户及存放目录。
三、安装Java
- 将usera目录下的jdk-8u241-linux-x64.tar.gz复制到/usr/lib/jvm目录,解压后删除:
sudo mkdir /usr/lib/jvm sudo cp ~/jdk-8u241-linux-x64.tar.gz /usr/lib/jvm/ cd /usr/lib/jvm sudo tar xvf jdk-8u241-linux-x64.tar.gz sudo rm jdk-8u241-linux-x64.tar.gz
- 配置环境变量
在最后添加nano ~/.profile
保存关闭,使用source更新下export JAVA_HOME=/usr/lib/jvm/jdk1.8.0_241 export JRE_HOME=${JAVA_HOME}/jre export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib export PATH=${JAVA_HOME}/bin:$PATH
使用env命令察看JAVA_HOME的值source ~/.profile
如果JAVA_HOME=/usr/lib/jvm/jdk1.8.0_241,说明配置成功。env
- 修改系统默认的jdk
sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/jdk1.8.0_241/bin/java 300 sudo update-alternatives --install /usr/bin/javac javac /usr/lib/jvm/jdk1.8.0_241/bin/javac 300 sudo update-alternatives --config java sudo update-alternatives --config javac
- 查看是否配置成功
输出如下信息,说明成功:java -version
java version "1.8.0_241" Java(TM) SE Runtime Environment (build 1.8.0_241-b07) Java HotSpot(TM) 64-Bit Server VM (build 25.241-b07, mixed mode)
四、安装NMP
- apt安装nginx:
sudo apt install nginx
- apt安装mariadb-server:
sudo apt install mariadb-server
- 初始化mariadb安全设置
根据提示,设置数据库root密码。sudo mysql_secure_installation
- apt安装python2.7环境
sudo apt-get install python2.7 python-setuptools python-mysqldb python-urllib3 python-ldap -y
五、配置Seafile
- 添加seafile安装运行目录
sudo mkdir /opt/seafile_rt
- 将usera目录下的seafile-pro-server_6.3.14_x86-64.tar.gz复制到/opt/seafile_rt录,解压:
sudo cp ~/seafile-pro-server_6.3.14_x86-64.tar.gz /opt/seafile_rt/ cd /opt/seafile_rt sudo tar xvf seafile-pro-server_6.3.14_x86-64.tar.gz sudo mkdir installed sudo mv seafile-pro-server_6.3.14_x86-64.tar.gz installed/
- 运行seafile初始化配置
提示缺少依赖软件cd seafile-pro-server-6.3.14/ sudo ./setup-seafile-mysql.sh
安装之python-imaging is not installed, Please install it first.
又提示sudo apt-get install python-imaging
那就安装python-pil吧没有可用的软件包 python-imaging,但是它被其它的软件包引用了。 然而下列软件包会取代它: python-pil
sudo apt install python-pil
- 再次运行seafile初始化配置
提示成功:sudo ./setup-seafile-mysql.sh
----------------------------------------------------------------- Your seafile server configuration has been finished successfully. ----------------------------------------------------------------- run seafile server: ./seafile.sh { start | stop | restart } run seahub server: ./seahub.sh { start <port> | stop | restart <port> } ----------------------------------------------------------------- If you are behind a firewall, remember to allow input/output of these tcp ports: ----------------------------------------------------------------- port of seafile fileserver: 8082 port of seahub: 8000 When problems occur, Refer to https://github.com/haiwen/seafile/wiki for information.
六、启动seafile
- 启动 Seafile
报错sudo ./seafile.sh start
安装缺少的库文件** Message: seafile-controller.c(1155): loading seafdav config from /opt/seafile_rt/conf/seafdav.conf ccnet-server: error while loading shared libraries: libssl3.so: cannot open shared object file: No such file or directory failed to run "ccnet-server -t"
再次启动seafile,成功。sudo apt install libnss3
- 继续启动seahub
报错sudo ./seahub.sh start
seahub 服务提供一种类似于 debug 的启动方式,可详细展现 seahub 服务启动的过程,方法是在 seafile server 部署路径下执行如下命令:/opt/seafile_rt/ccnet/seafile.ini not found. Now quit
得到./seahub.sh start-fastcgi
缺少libpython2.7的依赖,安装之LC_ALL is not set in ENV, set to en_US.UTF-8 ./seahub.sh:行231: 警告:setlocale:LC_ALL:无法改变区域选项 (en_US.UTF-8):没有那个文件或目录 Starting seahub (fastcgi) at 127.0.0.1:8000 ... …… ImportError: libpython2.7.so.1.0: cannot open shared object file: No such file or directory Error:Seahub failed to start.
再次启动seahub,成功。sudo apt install libpython2.7
七、Nginx配置
-
配置seafile的代理
sudo nano /etc/nginx/sites-available/seafile.conf
此处seafile官网有错误,/etc/nginx/sites-*** 错写成了/etc/nginx/site-***
粘贴以下内容server { listen 80; server_name seafile.example.com; proxy_set_header X-Forwarded-For $remote_addr; location / { proxy_pass http://127.0.0.1:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_read_timeout 1200s; # used for view/edit office file via Office Online Server client_max_body_size 0; access_log /var/log/nginx/seahub.access.log; error_log /var/log/nginx/seahub.error.log; } # If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI), # which is not recommended, you should use the following config for location `/`. # # location / { # fastcgi_pass 127.0.0.1:8000; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_param PATH_INFO $fastcgi_script_name; # # fastcgi_param SERVER_PROTOCOL $server_protocol; # fastcgi_param QUERY_STRING $query_string; # fastcgi_param REQUEST_METHOD $request_method; # fastcgi_param CONTENT_TYPE $content_type; # fastcgi_param CONTENT_LENGTH $content_length; # fastcgi_param SERVER_ADDR $server_addr; # fastcgi_param SERVER_PORT $server_port; # fastcgi_param SERVER_NAME $server_name; # fastcgi_param REMOTE_ADDR $remote_addr; # fastcgi_read_timeout 36000; # # client_max_body_size 0; # # access_log /var/log/nginx/seahub.access.log; # error_log /var/log/nginx/seahub.error.log; # } location /seafhttp { rewrite ^/seafhttp(.*)$ $1 break; proxy_pass http://127.0.0.1:8082; client_max_body_size 0; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 36000s; proxy_read_timeout 36000s; proxy_send_timeout 36000s; send_timeout 36000s; } location /media { root /opt/seafile_rt/seafile-server-latest/seahub; } }
-
删除nginx默认代理配置
sudo rm /etc/nginx/sites-enabled/default
-
创建符号链接
sudo ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf
-
重启nginx
sudo nginx -s reload
以上实现80端口的http访问。
八、启用https
-
通过 OpenSSL 生成 SSL 自签名数字认证
进入要存放证书的目录,例如放在/opt/exthdd/ssl_cert/下,执行openssl genrsa -out privkey.pem 2048
openssl req -new -x509 -key privkey.pem -out cacert.pem -days 3650
openssl dhparam -out /etc/nginx/dhparam.pem 2048
-
修改seafile的nginx代理配置
sudo nano /etc/nginx/sites-available/seafile.conf
粘贴如下文本
server { listen 80; server_name seafile.example.com; rewrite ^ https://$http_host$request_uri? permanent; server_tokens off; } server { listen 443; ssl on; ssl_certificate /opt/exthdd/ssl_cert/cacert.pem; ssl_certificate_key /opt/exthdd/ssl_cert/privkey.pem; server_name seafile.example.com; ssl_session_timeout 5m; ssl_session_cache shared:SSL:5m; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/nginx/dhparam.pem; # secure settings (A+ at SSL Labs ssltest at time of writing) # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS'; ssl_prefer_server_ciphers on; proxy_set_header X-Forwarded-For $remote_addr; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; server_tokens off; location / { proxy_pass http://127.0.0.1:8000; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; proxy_set_header X-Forwarded-Proto https; access_log /var/log/nginx/seahub.access.log; error_log /var/log/nginx/seahub.error.log; proxy_read_timeout 1200s; client_max_body_size 0; } # 如果你使用 fastcgi 请使用此配置 # # location / { # fastcgi_pass 127.0.0.1:8000; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_param PATH_INFO $fastcgi_script_name; # # fastcgi_param SERVER_PROTOCOL $server_protocol; # fastcgi_param QUERY_STRING $query_string; # fastcgi_param REQUEST_METHOD $request_method; # fastcgi_param CONTENT_TYPE $content_type; # fastcgi_param CONTENT_LENGTH $content_length; # fastcgi_param SERVER_ADDR $server_addr; # fastcgi_param SERVER_PORT $server_port; # fastcgi_param SERVER_NAME $server_name; # fastcgi_param REMOTE_ADDR $remote_addr; # fastcgi_read_timeout 36000; # # client_max_body_size 0; # # access_log /var/log/nginx/seahub.access.log; # error_log /var/log/nginx/seahub.error.log; # } location /seafhttp { rewrite ^/seafhttp(.*)$ $1 break; proxy_pass http://127.0.0.1:8082; client_max_body_size 0; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 36000s; proxy_read_timeout 36000s; proxy_send_timeout 36000s; send_timeout 36000s; } location /media { root /opt/exthdd/seafile/seafile-server-latest/seahub; } }
-
重启nginx
sudo nginx -s reload
以上实现的是443端口的https访问,并且强制使用80端口访问时跳转为https访问。
九、设定seafile开机自启动
- root账户下,更改seafile文件所属为要运行的用户
chown usera -R seafile_rt
chgrp usera -R seafile_rt
- 创建 systemd 服务文件
粘贴如下文本sudo nano /etc/systemd/system/seafile.service
然后[Unit] Description=Seafile # add mysql.service or postgresql.service depending on your database to the line below After=network.target mysql.service [Service] Type=oneshot ExecStart=/opt/seafile_rt/seafile-server-latest/seafile.sh start ExecStop=/opt/seafile_rt/seafile-server-latest/seafile.sh stop RemainAfterExit=yes User=usera Group=usera [Install] WantedBy=multi-user.target
粘贴如下文本sudo nano /etc/systemd/system/seahub.service
重新加载 systemd 的守护进程:[Unit] Description=Seafile hub After=network.target seafile.service [Service] # change start to start-fastcgi if you want to run fastcgi ExecStart=/opt/seafile_rt/seafile-server-latest/seahub.sh start ExecStop=/opt/seafile_rt/seafile-server-latest/seahub.sh stop User=usera Group=usera Type=oneshot RemainAfterExit=yes [Install] WantedBy=multi-user.target
设置服务开机自启动sudo systemctl daemon-reload
sudo systemctl enable seafile.service
sudo systemctl enable seahub.service