Seafile开源的个人网盘及企业网盘搭建

    技术教程 Dr.V 1636次浏览 0个评论 扫描二维码

    随着大批网盘的倒下,你还在依靠互联网上的网盘携带传输文件么?本文教你如何自己搭建属于自己的个人大容量网盘及企业网盘。

    1. seafile简介Seafile是一个面向企业、团队的云盘,解决文件管理和共享的问题。在此基础上,Seafile提供群组协作的功能,形成一个以文档为中心的协作平台。并且提供全平台的客户端,包括linux、windows及mac.并且提供手机客户端,支持Android和IOS。

    2. 下载服务器

      seafile官网下载地址

      选择下载最新版,这里我用的是最新Linux版的5.1.1 64bit.

    3. 解压将下载下来的压缩包解压到/home/seafile下即可.
      tar -zxvf seafile-server-5.1.1 -C /home/seafile
    4. 系统环境准备

      因为官方是在centos7上测试的,centos7的自带python是2.7版本的。这里我的系统是centos6.5。而centos6.5的自带python版本是2.6的,所以需要自己编译安装python2.7。

      1)编译安装python2.7

      cd <span class="constant">Python</span>-<span class="number">2.7</span>.<span class="number">8</span>
      .<span class="regexp">/configure --prefix=/usr</span><span class="regexp">/local/python</span>2.<span class="number">7</span>
      make
      make install

      2)安装以下软件

      • mysql #yum 安装即可
      • python-setuptools
      • python-imaging
      • python-ldap #与ldap结合认证
      • MySQL-python
      • python-memcached #与memcached结合,提高缓存性能
      • pillow #很重要,解决后期验证码刷不出来的问题
        以上软件包都可以去 pypi 下载。
        安装实例:

        tar zxvf Imaging-1.1.7.tar.gz
        cd Imaging-1.1.7
        python2.7 setup.py install   <span class="comment">#注意是python2.7!否则安装也是按系统python2.6编译的,会导致seafile安装不了</span>
    5. 安装seafile服务器
      cd /home/seafile/seafile-server-5.1.1
      ./setup-seafile-mysql.sh

      接下来按照提示一步步填写就ok了.

    6. 修改防火墙
      $ vim /etc/sysconfig/iptables
      -A INPUT -p tcp -<span class="keyword">m</span> <span class="keyword">state</span> --<span class="keyword">state</span> NEW -<span class="keyword">m</span> tcp --dport <span class="number">8000</span> -j ACCEPT
      -A INPUT -p tcp -<span class="keyword">m</span> <span class="keyword">state</span> --<span class="keyword">state</span> NEW -<span class="keyword">m</span> tcp --dport <span class="number">8082</span> -j ACCEPT
    7. 启动、停止seafile服务器
      ./seafile.sh start
      ./seahub.sh start
      ./seafile.sh stop
      ./seafile.sh stop

    至此个人网盘就搭建成功了。

    当然个人网盘远不能满足我们需求,让我们再看看企业级网盘的应用。

    1. Nginx结合HTTPS下配置seahub保证传输的加密性1)在/home/seafile下生成证书
      openssl genrsa -<span class="keyword">out</span> privkey.pem <span class="number">2048</span>
      openssl req -<span class="keyword">new</span> -x509 -key privkey.pem -<span class="keyword">out</span> cacert.pem -days <span class="number">1095</span>

      2)nginx配置文件示例

      server {
         <span class="keyword">listen</span>       <span class="number">80</span>;
         server_name  www.yourdoamin.com;
         rewrite ^ https:<span class="regexp">//</span><span class="variable">$http_host</span><span class="variable">$request_uri</span>? permanent;    <span class="comment">#强制将http重定向到https</span>
       }
       server {
         <span class="keyword">listen</span> <span class="number">443</span>;
         ssl on;
         ssl_certificate /home/seafile/cacert.pem;            <span class="comment">#cacert.pem 文件路径</span>
         ssl_certificate_key /home/seafile/privkey.pem;    <span class="comment">#privkey.pem 文件路径</span>
         server_name www.yourdoamin.com;
         proxy_set_header X-Forwarded-For <span class="variable">$remote_addr</span>;
         location / {
             fastcgi_pass    <span class="number">127.0</span>.<span class="number">0</span>.<span class="number">1</span>:<span class="number">8000</span>;
             fastcgi_param   SCRIPT_FILENAME     <span class="variable">$document_root</span><span class="variable">$fastcgi_script_name</span>;
             fastcgi_param   PATH_INFO           <span class="variable">$fastcgi_script_name</span>;
             fastcgi_param   SERVER_PROTOCOL    <span class="variable">$server_protocol</span>;
             fastcgi_param   QUERY_STRING        <span class="variable">$query_string</span>;
             fastcgi_param   REQUEST_METHOD      <span class="variable">$request_method</span>;
             fastcgi_param   CONTENT_TYPE        <span class="variable">$content_type</span>;
             fastcgi_param   CONTENT_LENGTH      <span class="variable">$content_length</span>;
             fastcgi_param   SERVER_ADDR         <span class="variable">$server_addr</span>;
             fastcgi_param   SERVER_PORT         <span class="variable">$server_port</span>;
             fastcgi_param   SERVER_NAME         <span class="variable">$server_name</span>;
             fastcgi_param   HTTPS               on;
             fastcgi_param   HTTP_SCHEME         https;
             access_log      /var/<span class="keyword">log</span>/nginx/seahub.access.<span class="keyword">log</span>;
             error_log       /var/<span class="keyword">log</span>/nginx/seahub.error.<span class="keyword">log</span>;
         }
         location /seafhttp {
             rewrite ^<span class="regexp">/seafhttp(.*)$ $1 break;
             proxy_pass http:/</span><span class="regexp">/127.0.0.1:8082</span><span class="regexp">;
             client_max_body_size 0;
             proxy_connect_timeout  36000s;
             proxy_read_timeout  36000s;
         }
         location /media</span> {
             root /home/seafile/seafile-server-latest/seahub;
         }
       }

      3)重新加载nginx

      ../../sbin/nginx -t
      ../../sbin/nginx -s reload

      4)修改 SERVICE_URL 和 FILE_SERVER_ROOT

      <span class="variable">$ </span>vim seafile/conf/ccnet
      <span class="constant">SERVICE_URL</span> = <span class="symbol">http:</span>/<span class="regexp">/your</span><span class="regexp"> domain name</span>
      <span class="variable">$ </span>vim seafile/conf/seahub_setting.py
      <span class="constant">FILE_SERVER_ROOT</span> = <span class="string">'https://seafile.in66.cc/seafhttp'</span>

      5)修改防火墙 增加开放443端口

      -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
    2. 使用memcached提高性能

      1)yum安装memcache

      2)启动memcached

      3)编辑sehub_settings.py添加相关配置

      CACHES = {
       'default': {
           'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
           'LOCATION': '127.0.0.1:11211',
       }
      }
    3. 编写service服务脚本,实现开启自启动1)创建/etc/sysconfig/seafile
      <span class="variable">$ </span>vim /etc/sysconfig/seafile
      user=root
      seafile_dir=<span class="regexp">/home/seafile</span>
      script_path=<span class="variable">${</span>seafile_dir}/seafile-server-latest
      seafile_init_log=<span class="variable">${</span>seafile_dir}/logs/seafile.init.log
      seahub_init_log=<span class="variable">${</span>seafile_dir}/logs/seahub.init.log
      fastcgi=<span class="keyword">true</span>
      fastcgi_port=<span class="number">8000</span>

    2)创建/etc/init.d/seafile文件

    $ vim /etc/init.d/seafile
    <span class="comment">#!/bin/bash</span>
    <span class="comment">#</span>
    <span class="comment"># seafile</span>
    <span class="comment">#</span>
    <span class="comment"># chkconfig: - 68 32</span>
    <span class="comment"># description: seafile</span>
    <span class="comment"># Source function library.</span>
    . <span class="regexp">/etc/init</span>.d/functions
    <span class="comment"># Source networking configuration.</span>
    . <span class="regexp">/etc/sysconfig</span><span class="regexp">/network
    if [ -f /etc</span><span class="regexp">/sysconfig/seafile</span> ];then
            . <span class="regexp">/etc/sysconfig</span><span class="regexp">/seafile
            else
                echo "Config file /etc</span><span class="regexp">/sysconfig/seafile</span> <span class="keyword">not</span> found! Bye.<span class="string">"
                exit 200
            fi
    RETVAL=0
    start() {
            # Start daemons.
            echo -n <span class="variable">$"</span>Starting seafile: "</span>
            ulimit -n <span class="number">30000</span>
            su - <span class="variable">${user}</span> -c<span class="string">"<span class="subst">${script_path}</span>/seafile.sh start >> <span class="subst">${seafile_init_log}</span> 2>&1"</span>
            RETVAL=<span class="variable">$?</span>
            echo
            [ <span class="variable">$RETVAL</span> -eq <span class="number">0</span> ] && touch /var/lock/subsys/seafile
            <span class="keyword">return</span> <span class="variable">$RETVAL</span>
    }
    stop() {
            echo -n <span class="variable">$"</span>Shutting down seafile: <span class="string">"
            su - <span class="subst">${user}</span> -c"</span><span class="variable">${script_path}</span>/seafile.sh stop >> <span class="variable">${seafile_init_log}</span> <span class="number">2</span>>&<span class="number">1</span><span class="string">"
            RETVAL=<span class="variable">$?</span>
            echo
            [ <span class="variable">$RETVAL</span> -eq 0 ] && rm -f /var/lock/subsys/seafile
            return <span class="variable">$RETVAL</span>
    }
    # See how we were called.
    case "</span><span class="variable">$1</span><span class="string">" in
      start)
            start
            ;;
      stop)
            stop
            ;;
      restart|reload)
            stop
            start
            RETVAL=<span class="variable">$?</span>
            ;;
      <span class="variable">*)</span>
            echo <span class="variable">$"</span>Usage: <span class="variable">$0</span> {start|stop|restart}"</span>
            RETVAL=<span class="number">3</span>
    esac
    <span class="keyword">exit</span> <span class="variable">$RETVAL</span>

    3)创建/etc/init.d/seahub文件

    $ vim /etc/init.d/seahub
    <span class="comment">#!/bin/bash</span>
    <span class="comment">#</span>
    <span class="comment"># seahub</span>
    <span class="comment">#</span>
    <span class="comment"># chkconfig: - 69 31</span>
    <span class="comment"># description: seahub</span>
    <span class="comment"># Source function library.</span>
    . <span class="regexp">/etc/init</span>.d/functions
    <span class="comment"># Source networking configuration.</span>
    . <span class="regexp">/etc/sysconfig</span><span class="regexp">/network
    if [ -f /etc</span><span class="regexp">/sysconfig/seafile</span> ];then
            . <span class="regexp">/etc/sysconfig</span><span class="regexp">/seafile
            else
                echo "Config file /etc</span><span class="regexp">/sysconfig/seafile</span> <span class="keyword">not</span> found! Bye.<span class="string">"
                exit 200
            fi
    RETVAL=0
    start() {
            # Start daemons.
            echo -n <span class="variable">$"</span>Starting seahub: "</span>
            ulimit -n <span class="number">30000</span>
            <span class="keyword">if</span> [  <span class="variable">$fastcgi</span> = true ];
                    then
                    su - <span class="variable">${user}</span> -c<span class="string">"<span class="subst">${script_path}</span>/seahub.sh start-fastcgi <span class="subst">${fastcgi_port}</span> >> <span class="subst">${seahub_init_log}</span> 2>&1"</span>
                    <span class="keyword">else</span>
                    su - <span class="variable">${user}</span> -c<span class="string">"<span class="subst">${script_path}</span>/seahub.sh start >> <span class="subst">${seahub_init_log}</span> 2>&1"</span>
                    fi
            RETVAL=<span class="variable">$?</span>
            echo
            [ <span class="variable">$RETVAL</span> -eq <span class="number">0</span> ] && touch /var/lock/subsys/seahub
            <span class="keyword">return</span> <span class="variable">$RETVAL</span>
    }
    stop() {
            echo -n <span class="variable">$"</span>Shutting down seafile: <span class="string">"
            su - <span class="subst">${user}</span> -c"</span><span class="variable">${script_path}</span>/seahub.sh stop >> <span class="variable">${seahub_init_log}</span> <span class="number">2</span>>&<span class="number">1</span><span class="string">"
            RETVAL=<span class="variable">$?</span>
            echo
            [ <span class="variable">$RETVAL</span> -eq 0 ] && rm -f /var/lock/subsys/seahub
            return <span class="variable">$RETVAL</span>
    }
    # See how we were called.
    case "</span><span class="variable">$1</span><span class="string">" in
      start)
            start
            ;;
      stop)
            stop
            ;;
      restart|reload)
            stop
            start
            RETVAL=<span class="variable">$?</span>
            ;;
      <span class="variable">*)</span>
            echo <span class="variable">$"</span>Usage: <span class="variable">$0</span> {start|stop|restart}"</span>
            RETVAL=<span class="number">3</span>
    esac
    <span class="keyword">exit</span> <span class="variable">$RETVA</span>

    4)接下来启动程序

    chmod 550 /etc/init.d/seafile
    chmod 550 /etc/init.d/seahub
    chkconfig <span class="comment">--add seafile</span>
    chkconfig <span class="comment">--add seahub</span>
    chkconfig seahub on
    chkconfig seafile on

    5)执行

    service seafile start
    service seahub start

    企业版的网盘就ok啦!可以给几百人个人都不是事!

    美中不足的一点是每个人的账号密码都需要管理员手工常见,麻烦,费事,下面再介绍个更加高大上的,结合ldap来进行认证。

    1. ldap的认证配置我这里就不多说。自行google下。

    2. 结合ldap。
      • 这里我使用Email方式。因为ldap配置时公司几乎都会给个Email账号这样方便在seafile中区分唯一id。

    配置说明:

    <span class="title">[LDAP]</span>
    <span class="setting">HOST = <span class="value">ldap://<span class="number">192.168</span>.<span class="number">1.123</span>/  #ldap地址</span></span>
    <span class="setting">BASE = <span class="value">cn=users,accounts,dc=example,dc=com  #根据你自己的ldap结构来配置</span></span>
    <span class="setting">USER_DN = <span class="value">[email protected]</span></span>
    <span class="setting">PASSWORD = <span class="value">secret</span></span>
    <span class="setting">LOGIN_ATTR = <span class="value">mail</span></span>

    下面是我的ldap配置:

    <span class="title">[LDAP]</span>
    <span class="setting">HOST = <span class="value">ldap://<span class="number">10.10</span>.<span class="number">106.201</span>/</span></span>
    <span class="setting">BASE = <span class="value">cn=users,cn=accounts,dc=in77,dc=cc</span></span>
    <span class="setting">LOGIN_ATTR = <span class="value">mail</span></span>

    说明:我没配USER_DN和PASSWORD,因为我的ldap用户匿名用户就可以访问。我刚配的时候就是坑啊!配了USER_DN,死活没用。踩坑成功。。

    1. 完成后,直接用ldap账号密码就可以登陆seafile了。

    小结:

    seafile还是很强的,可以给文件加密来分享给别人。即使管理员也看不了!

    可以分组,只给组内人分享。

    相关链接:

    seafile手册

    seafile手册2

    原文  http://www.jianshu.com/p/d7635d0ecfbd
    anyShare分享到:

    VPN信息网 , 版权所有丨如未注明 , 均为原创丨本网站采用BY-NC-SA协议进行授权 , 转载请注明-VPN信息网-Seafile开源的个人网盘及企业网盘搭建
    喜欢 (1)
    发表我的评论
    取消评论

    表情 贴图 加粗 删除线 居中 斜体 签到

    Hi,您需要填写昵称和邮箱!

    • 昵称 (必填)
    • 邮箱 (必填)
    • 网址