0. 摘要
Seafile 是一款开源的企业云盘,注重可靠性和性能。支持 Windows, Mac, Linux, iOS, Android 平台。支持文件同步或者直接挂载到本地访问。
AWS(亚马逊云)对新注册的用户提供一年的免费套餐(套餐包括EC2、RDS、S3等云产品)
本文介绍使用 AWS 的 EC2 和 RDS 搭建企业云盘Seafile,在AWS的1年的试用期内,不需要任何费用。
1. 架构图
AWS产品的使用参照官方教程,对于从未使用过AWS产品的可以学习慕课网 AWS的入门与使用
搭建之前可以先体验一下官方已经搭建好的案例:https://demo.seafile.top/
2. Seafile的搭建(MySQL)
本文的搭建步骤完全参照官方文档 部署 Seafile 服务器(使用 MySQL/MariaDB)进行
2.1 MySQL的部署
提前部署好MySQL,使EC2能够连接到MySQL,并在MySQL中创建数据库seafile,用于存储Seafile数据,并授权数据库用户sfuser对数据库seafile拥有所有权限。
MariaDB [(none)]> create database seafile default charset utf8;
MariaDB [(none)]> grant all on seafile.* to 'sfuser'@'%' identified by '';
2.2 配置EPEL源,用于安装Seafile依赖的软件
- 在 RHEL 7 和 Amazon Linux 2 上安装并启用 EPEL rpm 软件包
$ sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
- 在 RHEL 6 上安装并启用 EPEL rpm 软件包
$ sudo yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
- 在 CentOS 7 64 位、CentOS 6 64 位和 CentOS 6 32 位上安装并启用 EPEL rpm 软件包
$ sudo yum install -y epel-release
- 在 Amazon Linux 上安装并启用 EPEL rpm 软件包
$ sudo yum-config-manager --enable epel
2.3 EC2(CentOS7系统)上安装Seafile依赖的软件和库
Seafile依赖以下软件和库
MariaDB 或者 MySQL 服务器 (MariaDB 是 MySQL 的分支)
python 2.7 (从 Seafile 5.1 开始,python 版本最低要求为2.)
python-setuptools
python-imaging
python-mysqldb
python-ldap
python-urllib3
python-memcache (或者 python-memcached)
EC2(CentOS7)上安装依赖的软件和库
$ sudo yum -y install python-pip
$ sudo yum -y install python-imaging MySQL-python python-memcached python-ldap python-urllib3 ffmpeg ffmpeg-devel
$ sudo pip install pillow moviepy
2.4 下载Seafile源码包,解压安装
1. 从Seafile官网 https://www.seafile.com/download/ 下载相应版本的源码包
2. 由于Seafile直接使用源码包里的Shell脚本进行安装、启动、停止服务,所以我们得提前计划好一个路径用于存储这些文件。
# 将源码包解压到/zhubiao/seafile目录小
$ sudo tar -C /zhubiao/seafile -xvf seafile-server_6..2_x86-.tar.gz # 解压后的目录如下
$ sudo tree -L /zhubiao/seafile
/zhubiao/seafile
└── seafile-server-6.3.
├── check_init_admin.py
├── reset-admin.sh
├── runtime
├── seaf-fsck.sh
├── seaf-fuse.sh
├── seaf-gc.sh
├── seafile
├── seafile.sh
├── seahub
├── seahub.sh
├── setup-seafile-mysql.py
├── setup-seafile-mysql.sh
├── setup-seafile.sh
└── upgrade
3. 安装,并回答预设的问题
# 进入源码包目录
$ cd /zhubiao/seafile/seafile-server-6.3./ # 执行Shell脚本安装,并根据脚本提示回答预设的问题
$ sudo ./setup-seafile-mysql.sh ...
Press ENTER to continue
-----------------------------------------------------------------
# 此处按ENTER继续
What is the name of the server? It will be displayed on the client.
- letters or digits
[ server name ] zhubiao # 输入自己喜欢的名字 What is the ip or domain of the server?
For example: www.mycompany.com, 192.168.1.101
[ This server's ip or domain ] file.happyhome.fun #输入域名或主机IP Where do you want to put your seafile data?
Please use a volume with enough free space
[ default "/zhubiao/seafile/seafile-data" ] #输入存放数据的目录 Which port do you want to use for the seafile fileserver?
[ default "" ] #输入seafile 服务启动端口 -------------------------------------------------------
Please choose a way to initialize seafile databases:
------------------------------------------------------- [] Create new ccnet/seafile/seahub databases
[] Use existing ccnet/seafile/seahub databases [ or ] #由脚本自动创建数据库,还是使用自己安装的MySQL数据库,选择2,则下面需要填数据库的连接信息 What is the host of mysql server?
[ default "localhost" ] xxxx.rds.amazonaws.com #数据库连接地址 From which hosts could the mysql account be used?
[ default "%" ] #数据库允许连接的地址 What is the port of mysql server?
[ default "" ] #数据库端口 Which mysql user to use for seafile?
[ mysql user for seafile ] sfuser #数据库连接用户 What is the password for mysql user "sfuser"?
[ password for sfuser ] #数据库密码 verifying password of user sfuser ... done Enter the existing database name for ccnet:
[ ccnet database ] seafile verifying user "sfuser" access to database seafile ... done Enter the existing database name for seafile:
[ seafile database ] seafile verifying user "sfuser" access to database seafile ... done Enter the existing database name for seahub:
[ seahub database ] seafile verifying user "sfuser" access to database seafile ... done ---------------------------------
This is your configuration
--------------------------------- server name: zhubiao
server ip/domain: file.happyhome.fun seafile data dir: /zhubiao/seafile/seafile-data
fileserver port: database: use existing
ccnet database: seafile
seafile database: seafile
seahub database: seafile
database user: sfuser ---------------------------------
Press ENTER to continue, or Ctrl-C to abort
---------------------------------
# 核对上面的信息,正确按ENTER继续
...
2.5 启动Seafile服务
在源码包根目录下有Seafile和Seahub服务的启动脚本,执行启动
# 启动seafile服务,默认监听8082端口
$ sudo ./seafile.sh start # 启动seahub服务,默认监听8000端口,客户端连接该端口进行云盘的管理,并根据脚本提示设置管理员账号和密码
$ sudo ./seahub.sh start LC_ALL is not set in ENV, set to en_US.UTF-
Starting seahub at port ...
----------------------------------------
It's the first time you start the seafile server. Now let's create the admin account
----------------------------------------
What is the email for the admin account?
[ admin email ] xxxx@xx.com #输入管理员邮箱,此邮箱也是管理员账号 What is the password for the admin account? #输入管理员密码
[ admin password ] Enter the password again: #再次输入管理员密码
[ admin password again ] ----------------------------------------
Successfully created seafile admin
----------------------------------------
Seahub is started
Done.
查看监听的端口是否启动
$ sudo netstat -tunlp | egrep '8000|8082'
tcp 0.0.0.0: 0.0.0.0:* LISTEN /python2.
tcp 0.0.0.0: 0.0.0.0:* LISTEN /seaf-server
2.6 开机自启动
创建systemd服务文件
# 创建seafile.service
$ sudo vim /etc/systemd/system/seafile.service
[Unit]
Description=Seafile
# add mysql.service or postgresql.service depending on your database to the line below
After=network.target [Service]
Type=oneshot
ExecStart=${seafile_dir}/seafile-server-latest/seafile.sh start
ExecStop=${seafile_dir}/seafile-server-latest/seafile.sh stop
RemainAfterExit=yes
User=seafile
Group=seafile [Install]
WantedBy=multi-user.target # 创建seahub.service
$ sudo vim /etc/systemd/system/seahub.service
[Unit]
Description=Seafile hub
After=network.target seafile.service [Service]
# change start to start-fastcgi if you want to run fastcgi
ExecStart=${seafile_dir}/seafile-server-latest/seahub.sh start
ExecStop=${seafile_dir}/seafile-server-latest/seahub.sh stop
User=seafile
Group=seafile
Type=oneshot
RemainAfterExit=yes [Install]
WantedBy=multi-user.target
设置开机自启动
sudo systemctl enable seafile.service
sudo systemctl enable seahub.service
2.7 测试登录
浏览器中输入网址http://file.happyhome.fun:8000测试
3. 使用Nginx反向代理,并配置HTTPS
3.1 申请Let's Encrypt免费SSL证书
通过网站https://freessl.org 申请SSL免费证书,Let's Encrypt品牌证书可以申请通配符域名证书,但有效期只有3个月,3个月后需要重新申请。
根据向导,就可以完成证书的申请、将证书下载后妥善保存(特别是私钥,一定不能泄露)
3.2 Nginx下配置Seahub,并启用HTTPS
安装Nginx
$ sudo yum -y install nginx
将证书和私钥上传到EC2服务器 /etc/nginx/conf.d/ssl 目录下,同时通过openssl命令生成密钥交换协议文件dhparam.pem,也保存在该目录下。
# 创建目录
$ sudo mkdir /etc/nginx/conf.d/ssl # 使用openssl命令生成dhparam.pem,将该文件和申请到的的私钥private.key和cacert.pem同时存放于ssl目录下,以便nginx配置文件中引用。
$ sudo openssl dhparam -out dhparam.pem -text
$ tree /etc/nginx/conf.d/ssl/
/etc/nginx/conf.d/ssl/
├── cacert.pem
├── dhparam.pem
└── private.key
配置Nginx反向代理seahub、seafile服务,并配置SSL证书,启用HTTPS协议,Nginx配置文件如下
$ vim /etc/nginx/conf.d/seafile.conf
server {
listen ;
server_name file.happyhome.fun;
# 通过重写,永久定向到HTTPS协议
rewrite ^ https://$http_host$request_uri? permanent;
server_tokens off;
} server {
listen ;
ssl on;
ssl_certificate /etc/nginx/conf.d/ssl/cacert.pem; # 证书文件路径
ssl_certificate_key /etc/nginx/conf.d/ssl/private.key; # 私钥文件路径
server_name file.happyhome.fun;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m; # Diffie-Hellman parameter for DHE ciphersuites, recommended bits
ssl_dhparam /etc/nginx/conf.d/ssl/dhparam.pem; #交换密钥协议文件路径 # secure settings (A+ at SSL Labs ssltest at time of writing)
# see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_protocols TLSv1 TLSv1. TLSv1.;
ssl_prefer_server_ciphers on; proxy_set_header X-Forwarded-For $remote_addr; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
# 反向代理seahub服务
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https; access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log; proxy_read_timeout 1200s; client_max_body_size ;
} #反向代理seafile服务
location /seafhttp {
rewrite ^/seafhttp(.*)$ $ break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size ;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
proxy_request_buffering off; #取消上传文件大小的限制
}
location /media {
root /zhubiao/seafile/seafile-server-latest/seahub;
}
}
重启Nginx
$ sudo systemctl restart nginx
修改 SERVICE_URL 和 FILE_SERVER_ROOT
由于我们使用Nginx做了反向代理,原来seafile配置文件中的 SERVICE_URL 和 FILE_SERVER_ROOT路径也需要修改,对于5.0版本的Seafile直接通过WEB客户端进行修改。
登录WEB客户端,点击右上角头像处的倒三角符 --> 系统管理 --> 设置,修改Nginx中所配置的URL
重启seahub和seafile服务
$ cd /zhubiao/seafile/seafile-server-6.3./
$ sudo ./seahub.sh stop
$ sudo ./seafile.sh stop
$ sudo ./seafile.sh start
$ sudo ./seahub.sh start
3.3 验证通过HTTPS访问Seafile云盘
4. Seafile的使用
官网对Seafile的使用有详细的帮助文档 https://help.seafile.com/zh
5. 参考文档及视频教程
[慕课网视频] AWS的入门与使用
[极客学院] AWS 云中网络服务
[Seafile官网] 服务器手册
[Seafile官网] 使用帮助
[AWS官网] AWS官方文档
