腾讯云新春活动,没忍住剁手买了三年4C8G-100GBSSD-1TB硬盘的轻量云主机,主机到手就想着搭建个网盘,在测试了可道云、owncloud和seafile之后决定搭建seafile。
1、查了一下Seafile的文档,最终使用docker进行搭建,首先安装docker-compose
yum install docker-compose -y2、下载并修改 docker-compose.yml
Seafile官方已经发布了配置文件,我们只需简单修改后直接运行。
version: '2.0'
services:
db:
image: mariadb:10.5
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=XXXXXX # mysql的密码
- MYSQL_LOG_CONSOLE=true
volumes:
- /data/seafile/seafile-mysql/db:/var/lib/mysql # 这里前面是物理机挂载的盘,后面是docker里面的路径
networks:
- seafile-net
memcached:
image: memcached:1.5.6
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net
seafile:
image: seafileltd/seafile-mc:latest
container_name: seafile
ports:
- "8080:80"
- "4433:443" # 如果需要443端口的话,这里需要修改,由于我使用了4433和8080端口,这里改成了相关端口.
volumes:
- /data/seafile/seafile-data:/shared # 这里前面是物理机挂载的盘,后面是docker里面的路径
environment:
- DB_HOST=db
- DB_ROOT_PASSWD=xxxxxx # 输入mysql的密码
- TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone.
- SEAFILE_ADMIN_EMAIL=XXXXXXX@qq.com # 这个是最后seafile登陆账号
- SEAFILE_ADMIN_PASSWORD=XXXXXXX # 这个是最后seafile登陆密码
- SEAFILE_SERVER_LETSENCRYPT=true # 如果需要使用letsencrypt自动申请证书,这个选择true
- SEAFILE_SERVER_HOSTNAME=xxxxxx # 写你的域名.
depends_on:
- db
- memcached
networks:
- seafile-net
networks:
seafile-net:按照需求修改完配置以后,在docker-compose.yml所在的目录使用命令拉取镜像。
docker-compose up -d需要等待几分钟,等容器首次启动时的初始化操作完成后,就可以在浏览器上访问http://seafile.example.com 来打开 Seafile 主页。
3、我的自定义配置
由于我使用了4433作为SSL的端口,而且我使用了阿里云的免费证书,所以还需要做下面的配置。如果用来持久化存储 Seafile 数据的目录为 /opt/seafile-data:
创建 /opt/seafile-data/ssl 目录,然后拷贝您的证书文件和密钥文件到ssl目录下。
假设站点名称是 seafile.example.com,那么证书名称必须就是 seafile.example.com.crt,密钥文件名称就必须是 seafile.example.com.key。下面是我的Nginx配置,可以直接使用:
# -*- mode: nginx -*-
# Auto generated at 03/03/2022 21:42:40
server {
listen 80;
server_name _ default_server;
location / {
rewrite ^ https://xxxxx.xxxxx.net$request_uri? permanent;#z这个是自动生成的。
}
}
server {
listen 443 ssl;
# ssl on;
ssl_certificate /shared/ssl/xxxxx.xxxxx.net.crt;这里是SSL相关文件的目录
ssl_certificate_key /shared/ssl/xxxxx.xxxxx.net.key;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
# TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
# ssl_session_tickets on;
# ssl_session_ticket_key /etc/nginx/sessionticket.key;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 10m;
server_name cloud.funnn.net;
client_max_body_size 10m;
location / {
proxy_pass http://127.0.0.1:8000/;
proxy_read_timeout 310s;
proxy_set_header Host $host:4433;
proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_request_buffering off;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /seafdav {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1200s;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
# For letsencrypt
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
}在配置完成后碰到了一个问题,配置了SSL之后,手机APP可以正常登陆使用,但是使用网页登陆后会报错403,研究后发现需要更改nginx配置中反向代理的配置,需要增加端口为你实际使用的端口。
Comments | NOTHING