diff --git a/install-seafile.sh b/install-seafile.sh index 5bdd864..3b9bcb9 100755 --- a/install-seafile.sh +++ b/install-seafile.sh @@ -3,7 +3,7 @@ # seafile 7/8 requires python3 sudo apt-get update sudo apt-get install python3 python3-setuptools python3-pip python3-ldap sqlite3 -y -sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.3.8 psd-tools django-pylibmc django-simple-captcha +sudo pip3 install --timeout=3600 django==2.2.* future Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 psd-tools django-pylibmc django-simple-captcha pushd /faronear sudo mkdir bin.seafile @@ -19,7 +19,12 @@ sudo ./seafile.sh start # changed "127.0.0.1:8000" to "0.0.0.0:8000", otherwise it can only be accessed on the localhost, unless using nginx/apache to proxy sudo sed -i "s/127\.0\.0\.1/0.0.0.0/g" ../conf/gunicorn.conf.py -# to change seahub port, to edit gunicorn.conf.py, it works although it still promts "Starting seahub at port 8000 ...". (Directly `./seahub.sh start ` prompts "Starting seahub at port ..." but it actually doesn't listen on .) +# to change seahub port, to edit gunicorn.conf.py, it works although it still promts "Starting seahub at port 8000 ...". +# (Directly `./seahub.sh start ` prompts "Starting seahub at port ..." but it actually doesn't listen on .) sudo ./seahub.sh start popd + +sudo apt install nginx -y +rm /etc/nginx/sites-enabled/default +ln -s /faronear/fon/sysconfig/nginx-seafile-https.conf /etc/nginx/sites-enabled/seafile.conf \ No newline at end of file diff --git a/nginx-seafile-http.conf b/nginx-seafile-http.conf new file mode 100644 index 0000000..f1711f0 --- /dev/null +++ b/nginx-seafile-http.conf @@ -0,0 +1,40 @@ +server { + listen 80; + server_name cloud.faronear.org; + + proxy_set_header X-Forwarded-For $remote_addr; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_read_timeout 1200s; + + # used for view/edit office file via Office Online Server + client_max_body_size 0; + + access_log /var/log/nginx/seahub.access.log; + error_log /var/log/nginx/seahub.error.log; + } + + location /seafhttp { + rewrite ^/seafhttp(.*)$ $1 break; + proxy_pass http://127.0.0.1:8082; + client_max_body_size 0; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + proxy_send_timeout 36000s; + + send_timeout 36000s; + + proxy_request_buffering off; + } + + location /media { + root /faronear/bin.seafile/sea/seahub; + } +} diff --git a/nginx-seafile-https.conf b/nginx-seafile-https.conf new file mode 100644 index 0000000..27d8d34 --- /dev/null +++ b/nginx-seafile-https.conf @@ -0,0 +1,60 @@ +server { + listen 80; + server_name cloud.faronear.org; + rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https + server_tokens off; # Enables or disables emitting nginx version on error pages and in the "Server" response header field. +} + +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/cloud.faronear.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.faronear.org/privkey.pem; + server_name cloud.faronear.org; + + server_tokens off; + + ssl_session_timeout 5m; + ssl_session_cache shared:SSL:5m; + # secure settings (A+ at SSL Labs ssltest at time of writing) + # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; + ssl_prefer_server_ciphers on; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto https; + + proxy_read_timeout 1200s; + + # used for view/edit office file via Office Online Server + client_max_body_size 0; + + access_log /var/log/nginx/seahub.access.log; + error_log /var/log/nginx/seahub.error.log; + } + + location /seafhttp { + rewrite ^/seafhttp(.*)$ $1 break; + proxy_pass http://127.0.0.1:8082; + client_max_body_size 0; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + proxy_send_timeout 36000s; + + send_timeout 36000s; + + proxy_request_buffering off; + } + + location /media { + root /faronear/bin.seafile/sea/seahub; + } +} diff --git a/serve-seafile.sh b/serve-seafile.sh index 529e4ac..2c401f8 100755 --- a/serve-seafile.sh +++ b/serve-seafile.sh @@ -1,4 +1,4 @@ -cd /faronear/seafile/seafile-server-latest +cd /faronear/bin.seafile/sea sudo ./seafile.sh start sudo ./seahub.sh start