距离上次部署Seafile 10.x已经过去了一年多,Seafile 12.x已经正式发布了。Seafile 11.x主要引入了基于markdown的文档协作工具SeaDoc和通知服务器,但部署方式与Seafile 11.x没有什么太大的差异,Seafile 12.x主要改进了界面,引入新的搜索服务器SeaSearch,不过目前SeaSearch似乎还没有全面支持搜索功能。更多信息可查看变更日志、路线图。除此之外,官网的服务器手册也有较大更改,由原来的单一.yml文件变为.env文件外加若干不同模块的.yml文件,这样做便于修改文件中的特定变量,并且使用caddy以实现更方便的ssl证书部署。由于不需要caddy申请证书,同时为了简便,以下仍按以前的方式使用单一.yml文件进行部署。
部署之前
若需要部署elasticsearch,在部署之前需要手动在宿主机上创建elasticsearch的映射路径:
mkdir -p /opt/seafile-elasticsearch/data
chmod 777 -R /opt/seafile-elasticsearch/data
否则elasticsearch会报错。
部署
部署内容包含Seafile Pro、elasticsearch、office-preview、sdoc-server、notification-server:
services:
db:
image: mariadb:10.11
container_name: seafile-mysql
environment:
# Need to modify.
- MYSQL_ROOT_PASSWORD=INIT_SEAFILE_MYSQL_ROOT_PASSWORD
- MYSQL_LOG_CONSOLE=true
- MARIADB_AUTO_UPGRADE=1
volumes:
- "/opt/seafile-mysql/db:/var/lib/mysql"
networks:
- seafile-net
healthcheck:
test:
[
"CMD",
"/usr/local/bin/healthcheck.sh",
"--connect",
"--mariadbupgrade",
"--innodb_initialized",
]
interval: 20s
start_period: 30s
timeout: 5s
retries: 10
memcached:
image: memcached:1.6.29
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net
elasticsearch:
image: elasticsearch:8.15.0
container_name: seafile-elasticsearch
environment:
- discovery.type=single-node
- bootstrap.memory_lock=true
- "ES_JAVA_OPTS=-Xms2g -Xmx2g"
- "xpack.security.enabled=false"
ulimits:
memlock:
soft: -1
hard: -1
mem_limit: 4g
volumes:
- "/opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data"
networks:
- seafile-net
office:
image: seafileltd/office-preview:latest
container_name: seafile-office-preview
command: bash start.sh
volumes:
- /opt/seafile-office-preview/office:/shared
extra_hosts:
# Need to modify. Example:
# - "your-hostname:host-gateway"
- "example.com:host-gateway"
networks:
- seafile-net
seadoc:
image: seafileltd/sdoc-server:latest
container_name: seadoc
volumes:
- /opt/seadoc-data/:/shared
environment:
- DB_HOST=db
- DB_PORT=3306
- DB_USER=seafile
# Need to modify.
- DB_PASSWORD=INIT_SEAFILE_MYSQL_ROOT_PASSWORD
- DB_NAME=seahub_db
- TIME_ZONE=Asia/Shanghai
# Need to modify.
# Use 'pwgen -s 40 1' to generate.
- JWT_PRIVATE_KEY=SEAFILE_JWT_PRIVATE_KEY
- NON_ROOT=false
# Need to modify.
# your seafile url, include port
- SEAHUB_SERVICE_URL=https://example.com:8000
depends_on:
db:
condition: service_healthy
networks:
- seafile-net
notification-server:
image: seafileltd/notification-server:latest
container_name: notification-server
restart: always
volumes:
- /opt/notification-data:/shared
- /opt/notification-data/logs:/shared/logs
environment:
- SEAFILE_MYSQL_DB_HOST=db
- SEAFILE_MYSQL_DB_PORT=3306
- SEAFILE_MYSQL_DB_USER=seafile
# Need to modify.
- SEAFILE_MYSQL_DB_PASSWORD=INIT_SEAFILE_MYSQL_ROOT_PASSWORD
- SEAFILE_MYSQL_DB_CCNET_DB_NAME=ccnet_db
- SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=seafile_db
# Need to modify.
- JWT_PRIVATE_KEY=SEAFILE_JWT_PRIVATE_KEY
- SEAFILE_LOG_TO_STDOUT=false
- NOTIFICATION_SERVER_LOG_LEVEL=info
depends_on:
db:
condition: service_healthy
networks:
- seafile-net
seafile:
image: seafileltd/seafile-pro-mc:latest
container_name: seafile
ports:
- "8000:80"
volumes:
- /opt/seafile-data:/shared
environment:
- DB_HOST=db
- DB_PORT=3306
- DB_USER=seafile
# Need to modify.
- DB_ROOT_PASSWD=INIT_SEAFILE_MYSQL_ROOT_PASSWORD
# Need to modify.
- DB_PASSWORD=SEAFILE_MYSQL_DB_PASSWORD
- SEAFILE_MYSQL_DB_CCNET_DB_NAME=ccnet_db
- SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=seafile_db
- SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=seahub_db
- TIME_ZONE=Asia/Shanghai
# Need to modify.
- INIT_SEAFILE_ADMIN_EMAIL=me@example.com
# Need to modify.
- INIT_SEAFILE_ADMIN_PASSWORD=asecret
# Need to modify. Include domain and port.
- SEAFILE_SERVER_HOSTNAME=example.com:8000
- SEAFILE_SERVER_PROTOCOL=https
- SITE_ROOT=/
- NON_ROOT=false
# Need to modify.
- JWT_PRIVATE_KEY=SEAFILE_JWT_PRIVATE_KEY
- SEAFILE_LOG_TO_STDOUT=false
- ENABLE_SEADOC=true
# Need to modify. Full url.
- SEADOC_SERVER_URL=https://example.com:8000/sdoc-server
- INIT_S3_STORAGE_BACKEND_CONFIG=false
- INIT_S3_COMMIT_BUCKET=
- INIT_S3_FS_BUCKET=
- INIT_S3_BLOCK_BUCKET=
- INIT_S3_KEY_ID=
- INIT_S3_SECRET_KEY=
- INIT_S3_USE_V4_SIGNATURE=true
- INIT_S3_AWS_REGION=us-east-1
- INIT_S3_HOST=us-east-1
- INIT_S3_USE_HTTPS=true
depends_on:
db:
condition: service_healthy
memcached:
condition: service_started
elasticsearch:
condition: service_started
networks:
- seafile-net
networks:
seafile-net:
name: seafile-net
修改说明:
- 修改数据库密码:替换INIT_SEAFILE_MYSQL_ROOT_PASSWORD为数据库密码,在mysql、seafile、sdoc-server的配置中都需要修改为一样的值。
- office-preview配置extra_hosts:office-preview在获取文件的时候是按照域名访问的,但有时容器无法正常解析域名,因此可以手动将域名解析到容器。
- 生成JWT_PRIVATE_KEY:使用命令
pwgen -s 40 1
生成,并替换notification-server、sdoc-server和seafile的SEAFILE_JWT_PRIVATE_KEY为相同的值。 - 修改seadoc的seahub地址:修改SEAHUB_SERVICE_URL的值为seafile的url,包含完整协议、域名、端口。
- 修改数据库seafile用户密码:替换SEAFILE_MYSQL_DB_PASSWORD为seafile用户密码。
- 修改管理员的用户名和密码:修改INIT_SEAFILE_ADMIN_EMAIL、INIT_SEAFILE_ADMIN_PASSWORD的值。
- 修改seafle地址:修改SEAFILE_SERVER_HOSTNAME为域名和端口,修改SEAFILE_SERVER_PROTOCOL为实际使用的协议
- 修改seafile中的sdoc地址:修改SEADOC_SERVER_URL的值为seadoc的url,包含完整协议、域名、端口。
部署后
使用seafile容器中的nginx为seadoc做反向代理,在seafile的nginx配置文件中添加以下内容:
location /sdoc-server/ {
proxy_pass http://seadoc:80/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100m;
}
location /socket.io {
proxy_pass http://seadoc:80;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_redirect off;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
其余可选配置可以参考Seafile 10.x 专业版(含office预览)安装指南和在Seafile 11.0中使用office-preview,office-preview在12.x中可以正常工作。
可能出现的问题
登录后提示CSRF
这是由于跨域引起的问题,在协议、域名和端口有任意一项不同时均会引起此问题。在以上部署中,通常是由于反向代理未正常配置导致的,需要确保协议、域名和端口都正确传递。如果使用nginx,可以尝试在第一级代理中添加以下内容:
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;