Debian10安装seafile-pro-6.x记录

沈宇定

2023-12-01

一、Debian安装配置

Debian最小安装（只安装ssh服务)

安装完成先设置网络，root账户登陆，输入

nano /etc/network/interfaces

改为如下设置

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
# iface enp3s0 inet dhcp
allow-hotplug enp3s0
auto enp3s0
iface enp3s0 inet static
address 192.168.1.200
netmask 255.255.255.0
gateway 192.168.1.1

附 nano简单操作：

操作	指令
删除行	`Ctrl` + `k`
保存	`Ctrl` + `o`
退出	`Ctrl` + `x`

设置dns比较麻烦些，后来发现在路由器中，通过指定MAC分配IP更为方便。

使用自建用户usera远程登陆debian主机：
```
ssh usera@192.168.1.200
```
切换 root 用户后开始配置。

配置国内 apt 源；

nano /etc/apt/sources.list

进入后，粘贴如下内容

deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster main non-free contrib
deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main non-free contrib
deb http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main non-free contrib
deb http://mirrors.tuna.tsinghua.edu.cn/debian-security/ buster/updates main non-free contrib   
deb-src http://mirrors.tuna.tsinghua.edu.cn/debian/ buster main non-free contrib
deb-src http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-updates main non-free contrib
deb-src http://mirrors.tuna.tsinghua.edu.cn/debian/ buster-backports main non-free contrib
deb-src http://mirrors.tuna.tsinghua.edu.cn/debian-security/ buster/updates main non-free contrib

将自建用户加入sudo用户组：

先安装sudo工具；
```
apt update
apt-get install sudo 
```
修改 /etc/sudoers 文件属性为可写
```
chmod +w /etc/sudoers
```
编辑 /etc/sudoers 在
```
root    ALL=(ALL:ALL) ALL
```
后，添加如下行
```
usera    ALL=(ALL:ALL) ALL
```
保存退出后，变更sudoers文件属性为不可写
```
chmod -w /etc/sudoers
```
~~配置ssh为自建用户可远程root登陆；~~
```
nano /etc/ssh/sshd_config
```
修改
```
#PermitRootLogin prohibit-password
```
为
```
PermitRootLogin yes
```
安装防火墙配置工具ufw；
```
apt install ufw
```
```
ufw disable
```
重启Debian主机。

安装配置FTP工具vsftpd(不是必须项)；

sudo apt install vsftpd

sudo nano /etc/vsftpd.conf

修改为

listen=YES 
#listen_ipv6=YES
write_enable=YES

重启vsftpd服务

sudo /etc/init.d/./vsftpd restart

二、下载所需软件

seafile下载
历史版本(https://download.seafile.com/d/6e5297246c/?p=%2F&mode=list/) 中找到 seafile-pro-server_6.3.14_x86-64.tar.gz下载；
java下载
下载jdk8版本，Linux x64 Compressed Archive(https://www.oracle.com/java/technologies/javase-jdk8-downloads.html) 版；
FTP上传以上软件包到usera目录,
或者使用scp命令传送：
在主机终端，未使用ssh登陆的情况下，例如：
```
scp Downloads/NAS/jdk-8u241-linux-x64.tar.gz usera@192.168.1.200:/home/usera/
```
其中Downloads/NAS/jdk-8u241-linux-x64.tar.gz为本地文件，usera@192.168.16.10:/home/usera/表示远程登陆用户及存放目录。

三、安装Java

将usera目录下的jdk-8u241-linux-x64.tar.gz复制到/usr/lib/jvm目录，解压后删除:

sudo mkdir /usr/lib/jvm
sudo cp ~/jdk-8u241-linux-x64.tar.gz /usr/lib/jvm/
cd /usr/lib/jvm
sudo tar xvf jdk-8u241-linux-x64.tar.gz
sudo rm jdk-8u241-linux-x64.tar.gz

配置环境变量

nano ~/.profile

在最后添加

export JAVA_HOME=/usr/lib/jvm/jdk1.8.0_241
export JRE_HOME=${JAVA_HOME}/jre  
export CLASSPATH=.:${JAVA_HOME}/lib:${JRE_HOME}/lib  
export PATH=${JAVA_HOME}/bin:$PATH

保存关闭，使用source更新下

source ~/.profile

使用env命令察看JAVA_HOME的值

env

如果JAVA_HOME=/usr/lib/jvm/jdk1.8.0_241，说明配置成功。

修改系统默认的jdk

sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/jdk1.8.0_241/bin/java 300
sudo update-alternatives --install /usr/bin/javac javac /usr/lib/jvm/jdk1.8.0_241/bin/javac 300
sudo update-alternatives --config java
sudo update-alternatives --config javac

查看是否配置成功

java -version

输出如下信息，说明成功：

java version "1.8.0_241"
Java(TM) SE Runtime Environment (build 1.8.0_241-b07)
Java HotSpot(TM) 64-Bit Server VM (build 25.241-b07, mixed mode)

四、安装NMP

apt安装nginx:
```
sudo apt install nginx
```
apt安装mariadb-server:
```
sudo apt install mariadb-server
```
初始化mariadb安全设置
```
sudo mysql_secure_installation
```
根据提示，设置数据库root密码。

apt安装python2.7环境

sudo apt-get install python2.7 python-setuptools python-mysqldb python-urllib3 python-ldap -y

五、配置Seafile

添加seafile安装运行目录
```
sudo mkdir /opt/seafile_rt
```

将usera目录下的seafile-pro-server_6.3.14_x86-64.tar.gz复制到/opt/seafile_rt录，解压:

sudo cp ~/seafile-pro-server_6.3.14_x86-64.tar.gz /opt/seafile_rt/
cd /opt/seafile_rt
sudo tar xvf seafile-pro-server_6.3.14_x86-64.tar.gz
sudo mkdir installed
sudo mv seafile-pro-server_6.3.14_x86-64.tar.gz installed/

运行seafile初始化配置

cd seafile-pro-server-6.3.14/
sudo ./setup-seafile-mysql.sh

提示缺少依赖软件

python-imaging  is not installed, Please install it first.

安装之

sudo apt-get install python-imaging

又提示

没有可用的软件包 python-imaging，但是它被其它的软件包引用了。
然而下列软件包会取代它：
python-pil

那就安装python-pil吧

sudo apt install python-pil

再次运行seafile初始化配置

sudo ./setup-seafile-mysql.sh

提示成功：

-----------------------------------------------------------------
Your seafile server configuration has been finished successfully.
-----------------------------------------------------------------

run seafile server:     ./seafile.sh { start | stop | restart }
run seahub  server:     ./seahub.sh  { start <port> | stop | restart <port> }

-----------------------------------------------------------------
If you are behind a firewall, remember to allow input/output of    these tcp ports:
-----------------------------------------------------------------

port of seafile fileserver:   8082
port of seahub:               8000

When problems occur, Refer to

    https://github.com/haiwen/seafile/wiki

for information.

六、启动seafile

启动 Seafile

sudo ./seafile.sh start

报错

** Message: seafile-controller.c(1155): loading seafdav config from /opt/seafile_rt/conf/seafdav.conf

ccnet-server: error while loading shared libraries: libssl3.so: cannot open shared object file: No such   file or directory
failed to run "ccnet-server -t"

安装缺少的库文件

sudo apt install libnss3

再次启动seafile，成功。

继续启动seahub

sudo ./seahub.sh start

报错

/opt/seafile_rt/ccnet/seafile.ini not found. Now quit

seahub 服务提供一种类似于 debug 的启动方式，可详细展现 seahub 服务启动的过程，方法是在 seafile server 部署路径下执行如下命令：

./seahub.sh start-fastcgi

得到

LC_ALL is not set in ENV, set to en_US.UTF-8
./seahub.sh:行231: 警告：setlocale：LC_ALL：无法改变区域选项 (en_US.UTF-8)：没有那个文件或目录
Starting seahub (fastcgi) at 127.0.0.1:8000 ...
……
ImportError: libpython2.7.so.1.0: cannot open shared object file: No such file or directory
Error:Seahub failed to start.

缺少libpython2.7的依赖，安装之

sudo apt install libpython2.7

再次启动seahub，成功。

七、Nginx配置

配置seafile的代理

sudo nano /etc/nginx/sites-available/seafile.conf

此处seafile官网有错误，/etc/nginx/sites-*** 错写成了/etc/nginx/site-***
粘贴以下内容

server {
    listen 80;
    server_name seafile.example.com;

    proxy_set_header X-Forwarded-For $remote_addr;

    location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
         proxy_read_timeout  1200s;

         # used for view/edit office file via Office Online Server
         client_max_body_size 0;

         access_log      /var/log/nginx/seahub.access.log;
         error_log       /var/log/nginx/seahub.error.log;
    }

# If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI),
# which is not recommended, you should use the following config for location `/`.
#
#    location / {
#         fastcgi_pass    127.0.0.1:8000;
#         fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
#         fastcgi_param   PATH_INFO           $fastcgi_script_name;
#
#         fastcgi_param     SERVER_PROTOCOL     $server_protocol;
#         fastcgi_param   QUERY_STRING        $query_string;
#         fastcgi_param   REQUEST_METHOD      $request_method;
#         fastcgi_param   CONTENT_TYPE        $content_type;
#         fastcgi_param   CONTENT_LENGTH      $content_length;
#         fastcgi_param     SERVER_ADDR         $server_addr;
#         fastcgi_param     SERVER_PORT         $server_port;
#         fastcgi_param     SERVER_NAME         $server_name;
#         fastcgi_param   REMOTE_ADDR         $remote_addr;
#          fastcgi_read_timeout 36000;
#
#         client_max_body_size 0;
#
#         access_log      /var/log/nginx/seahub.access.log;
#          error_log       /var/log/nginx/seahub.error.log;
#    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }
    location /media {
        root /opt/seafile_rt/seafile-server-latest/seahub;
    }
}

删除nginx默认代理配置

sudo rm /etc/nginx/sites-enabled/default

创建符号链接

sudo ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf

重启nginx
```
sudo nginx -s reload
```
以上实现80端口的http访问。

八、启用https

通过 OpenSSL 生成 SSL 自签名数字认证
进入要存放证书的目录，例如放在/opt/exthdd/ssl_cert/下，执行

openssl genrsa -out privkey.pem 2048

openssl req -new -x509 -key privkey.pem -out cacert.pem -days 3650

openssl dhparam -out /etc/nginx/dhparam.pem 2048

修改seafile的nginx代理配置

sudo nano /etc/nginx/sites-available/seafile.conf

粘贴如下文本

server {
    listen 80;
    server_name  seafile.example.com;
    rewrite ^ https://$http_host$request_uri? permanent;	
    server_tokens off;
}
server {
    listen 443;
    ssl on;
    ssl_certificate /opt/exthdd/ssl_cert/cacert.pem;
    ssl_certificate_key /opt/exthdd/ssl_cert/privkey.pem;
    server_name seafile.example.com;
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:5m;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/nginx/dhparam.pem;

    # secure settings (A+ at SSL Labs ssltest at time of writing)
    # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
    ssl_prefer_server_ciphers on;

    proxy_set_header X-Forwarded-For $remote_addr;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    server_tokens off;

    location / {
        proxy_pass         http://127.0.0.1:8000;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto https;

        access_log      /var/log/nginx/seahub.access.log;
        error_log       /var/log/nginx/seahub.error.log;

        proxy_read_timeout  1200s;

        client_max_body_size 0;
    }

# 如果你使用 fastcgi 请使用此配置
#
#    location / {
#        fastcgi_pass    127.0.0.1:8000;
#        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
#        fastcgi_param   PATH_INFO           $fastcgi_script_name;
#
#        fastcgi_param   SERVER_PROTOCOL     $server_protocol;
#        fastcgi_param   QUERY_STRING        $query_string;
#        fastcgi_param   REQUEST_METHOD      $request_method;
#        fastcgi_param   CONTENT_TYPE        $content_type;
#        fastcgi_param   CONTENT_LENGTH      $content_length;
#        fastcgi_param   SERVER_ADDR         $server_addr;
#        fastcgi_param   SERVER_PORT         $server_port;
#        fastcgi_param   SERVER_NAME         $server_name;
#        fastcgi_param   REMOTE_ADDR         $remote_addr;
#        fastcgi_read_timeout 36000;
#
#        client_max_body_size 0;
#
#        access_log      /var/log/nginx/seahub.access.log;
#        error_log       /var/log/nginx/seahub.error.log;
#    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;
        send_timeout  36000s;
    }
    location /media {
         root /opt/exthdd/seafile/seafile-server-latest/seahub;
    }
}

重启nginx
```
sudo nginx -s reload
```
以上实现的是443端口的https访问，并且强制使用80端口访问时跳转为https访问。

九、设定seafile开机自启动

root账户下，更改seafile文件所属为要运行的用户
```
chown usera -R seafile_rt
```
```
chgrp usera -R seafile_rt
```

创建 systemd 服务文件

sudo nano /etc/systemd/system/seafile.service

粘贴如下文本

[Unit]
Description=Seafile
# add mysql.service or postgresql.service depending on your database to the line below
After=network.target mysql.service

[Service]
Type=oneshot
ExecStart=/opt/seafile_rt/seafile-server-latest/seafile.sh start 
ExecStop=/opt/seafile_rt/seafile-server-latest/seafile.sh stop
RemainAfterExit=yes
User=usera
Group=usera

[Install]
WantedBy=multi-user.target

然后

sudo nano /etc/systemd/system/seahub.service

粘贴如下文本

[Unit]
Description=Seafile hub
After=network.target seafile.service

[Service]
# change start to start-fastcgi if you want to run fastcgi
ExecStart=/opt/seafile_rt/seafile-server-latest/seahub.sh start
ExecStop=/opt/seafile_rt/seafile-server-latest/seahub.sh stop
User=usera
Group=usera
Type=oneshot
RemainAfterExit=yes

[Install]
WantedBy=multi-user.target

重新加载 systemd 的守护进程：

sudo systemctl daemon-reload

设置服务开机自启动

sudo systemctl enable seafile.service

sudo systemctl enable seahub.service

Debian10安装seafile-pro-6.x记录

一、Debian安装配置

二、下载所需软件

三、安装Java

四、安装NMP

五、配置Seafile

六、启动seafile

七、Nginx配置

八、启用https

九、设定seafile开机自启动

相关阅读

相关文章

相关问答

相关文档