- 创建者: 虚拟的现实,上次更新时间:11月 07, 2023 需要 5 分钟阅读时间
编辑配置文件
version: '3.0' services: db: image: mariadb:10.6 container_name: seafile-mysql environment: - MYSQL_ROOT_PASSWORD=www.myj123.com # Requested, set the root's password of MySQL service. - MYSQL_LOG_CONSOLE=true volumes: - /data/seafile/db:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store. networks: - seafile-net memcached: image: memcached:1.6.18 container_name: seafile-memcached entrypoint: memcached -m 256 networks: - seafile-net elasticsearch: image: elasticsearch:7.16.2 container_name: seafile-elasticsearch environment: - discovery.type=single-node - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms1g -Xmx1g" ulimits: memlock: soft: -1 hard: -1 mem_limit: 2g volumes: - /data/seafile/elasticsearch:/usr/share/elasticsearch/data # Requested, specifies the path to Elasticsearch data persistent store. networks: - seafile-net seafile: image: docker.seafile.top/seafileltd/seafile-pro-mc:latest container_name: seafile ports: - "80:80" # - "443:443" # If https is enabled, cancel the comment. volumes: - /data/seafile/data:/shared # Requested, specifies the path to Seafile data persistent store. - /data/seafile/deps/seafile-controller:/opt/seafile/seafile-pro-server-10.0.9/seafile/bin/seafile-controller:rx - /data/seafile/deps/seaf-server:/opt/seafile/seafile-pro-server-10.0.9/seafile/bin/seaf-server:rx - /data/seafile/deps/licenseparse.py:/opt/seafile/seafile-pro-server-10.0.9/seahub/seahub/utils/licenseparse.py:rx environment: - DB_HOST=db - DB_ROOT_PASSWD=www.myj123.com # Requested, the value should be root's password of MySQL service. - TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone. - SEAFILE_ADMIN_EMAIL=13609796771@139.com # Specifies Seafile admin user, default is 'me@example.com' - SEAFILE_ADMIN_PASSWORD=www.myj123.com # Specifies Seafile admin password, default is 'asecret' - SEAFILE_SERVER_LETSENCRYPT=false # Whether to use https or not - SEAFILE_SERVER_HOSTNAME=192.168.182.53 # Specifies your host name if https is enabled depends_on: - db - memcached - elasticsearch networks: - seafile-net networks: seafile-net:
要调整 Elasticsearch 目录的权限,否则会提示无权限运行
mkdir /data/seafile/elasticsearch chmod 777 /data/seafile/elasticsearch
最后通过容器启动云盘服务
docker-compose -f docker-compose.yml up
更多配置项
使用 Let's encrypt SSL 证书
如果把 SEAFILE_SERVER_LETSENCRYPT 设置为 true,该容器将会自动申请一个 letsencrypt 机构颁发的 SSL 证书,并开启 https 访问:
seafile: ... ports: - "80:80" - "443:443" ... environment: ... - SEAFILE_SERVER_LETSENCRYPT=true - SEAFILE_SERVER_HOSTNAME=seafile.example.com ...
使用SSL 证书用来持久化存储 Seafile 数据的目录为 /opt/seafile/seafile-data,创建 /opt/seafile/seafile-data/ssl 目录,然后拷贝证书文件和密钥文件到ssl目录下。
按照如下示例修改 Nginx 的配置文件/opt/seafile-data/nginx/conf/seafile.nginx.conf。不要更改该配置文件的文件名。
server { listen 80; server_name example.seafile.com default_server; location / { rewrite ^ https://$host$request_uri? permanent; } } server { listen 443; ssl on; ssl_certificate /shared/ssl/your-ssl-crt.crt; ssl_certificate_key /shared/ssl/your-ssl-key.key; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; server_name example.seafile.com; ...
重新加载 Nginx 的配置文件。
docker exec -it seafile /usr/sbin/nginx -s reload
查找日志
Seafile 容器中 Seafile 服务本身的日志文件存放在 /shared/logs/seafile 目录下,可以在宿主机上 Seafile 容器的卷目录中找到这些日志,例如:/data/seafile/data/logs/seafile
同样 Seafile 容器的系统日志存放在 /shared/logs/var-log 目录下,或者宿主机目录 /data/seafile/data/logs/var-log。
增加新的管理员
确保各容器正常运行,然后执行以下命令:
docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh
根据提示输入用户名和密码,您现在有了一个新的管理帐户。
日常维护
修改容器核心文件
替换容器中的核心启动文件。
- 查看启动的容器运行情况,记录对应的容器 ID 或名称
- 先停止云盘服务
- 删除或移动原有的核心启动文件
- 复制对应的核心文件到指定位置
- 启动云盘服务
- 保存为独立的本地镜像(后续启动就可以直接引用本地镜像了,已调整好的配置也不会改变)
以上操作时确保云盘容器处于正常运行状态
docker ps docker exec -ti 36d7a9333316 /opt/seafile/seafile-pro-server-10.0.5/seahub.sh stop docker exec -ti 36d7a9333316 /opt/seafile/seafile-pro-server-10.0.5/seafile.sh stop docker exec -it 36d7a9333316 /bin/bash rm /opt/seafile/seafile-pro-server-10.0.5/seafile/bin/seaf-server rm /opt/seafile/seafile-pro-server-10.0.5/seafile/bin/seafile-controller exit docker cp /tmp/seaf-server \ 36d7a9333316:/opt/seafile/seafile-pro-server-10.0.5/seafile/bin/seaf-server docker cp /tmp/seafile-controller 、 36d7a9333316:/opt/seafile/seafile-pro-server-10.0.5/seafile/bin/seafile-controller docker exec -ti 36d7a9333316 /opt/seafile/seafile-pro-server-10.0.5/seafile.sh start docker exec -ti 36d7a9333316 /opt/seafile/seafile-pro-server-10.0.5/seahub.sh start docker commit -m "seafile-pro-10.0.5" 36d7a9333316 seafile-pro:10.05 docker save -o seafile-pro-10.0.5.tar seafile-pro:10.0.5
备份数据库
seafile 数据卷路径是 /data/seafile/data,备份数据存放到 /data/seafile/data/seafile-backup 目录下。先创建一个类似以下 /data/seafile/data/seafile-backup 的目录结构:
- /data/seafile/data/seafile-backup
- ---- databases/ 用来存放 MySQL 容器的备份数据
- ---- data/ 用来存放 Seafile 容器的备份数据
要备份的数据文件:
- /opt/seafile-data/seafile/conf # configuration files
- /opt/seafile-data/seafile/seafile-data # data of seafile
- /opt/seafile-data/seafile/seahub-data # data of seahub
建议每次将数据库备份到一个单独的文件中。至少在一周内不要覆盖旧的数据库备份。
cd /data/seafile/data/seafile-backup/databases docker exec -it seafile-mysql mysqldump -uroot -p** --opt ccnet_db > ccnet_db.sql docker exec -it seafile-mysql mysqldump -uroot -p** --opt seafile_db > seafile_db.sql docker exec -it seafile-mysql mysqldump -uroot -p** --opt seahub_db > seahub_db.sql
备份 Seafile 资料库数据
#直接复制整个数据目录 cp -R /opt/seafile/seafile-data/seafile /opt/seafile-backup/data/ cd /opt/seafile/seafile-backup/data && rm -rf ccnet #使用 rsync 执行增量备份 rsync -az /opt/seafiel/seafile-data/seafile /opt/seafile-backup/data/ cd /opt/seafile/seafile-backup/data && rm -rf ccnet
恢复数据库
docker cp /data/seafile/data/seafile-backup/databases/ccnet_db.sql \ seafile-mysql:/tmp/ccnet_db.sql docker cp /data/seafile/data/seafile-backup/databases/seafile_db.sql \ seafile-mysql:/tmp/seafile_db.sql docker cp /data/seafile/data/seafile-backup/databases/seahub_db.sql \ seafile-mysql:/tmp/seahub_db.sql docker exec -it seafile-mysql /bin/sh \ -c "mysql -uroot -p** ccnet_db < /tmp/ccnet_db.sql" docker exec -it seafile-mysql /bin/sh \ -c "mysql -uroot -p** seafile_db < /tmp/seafile_db.sql" docker exec -it seafile-mysql /bin/sh \ -c "mysql -uroot -p** seahub_db < /tmp/seahub_db.sql"
恢复 seafile 数据
cp -R /opt/seafile-backup/data/* /opt/seafile-data/seafile/
应用新镜像
参照完成自定义镜像的配置后将新镜像保存到本地并离线到另一台容器主机上加载后,如果直接使用步骤1的容器配置文件加载容器是无法正常启动的。
主要原因是新保存的离线镜像文件是以启动后的镜像为模板生成的(也就是说已经存在了配置文件),而新加载的离线容器是不存在配置文件的,并且它不会自动生成配置文件(因为新镜像不是初始镜像)。
如果新配置的镜像无法正常启动,可以按照以下的方式重新调整
- 修改 yml 配置文件中 seafile 的镜像为官方原始镜像
- 启动容器镜像。此时容器会通过官网镜像自动生成对应的配置文件
- 停止容器,修改镜像配置文件为新的离线镜像
- 启动离线镜像,此时新镜像就应用正常了
集成 onlyoffice
【可选】集成 onlyoffice,在 docker-compose 的配置文件中增加以下的内容
services: ... oods: image: onlyoffice/documentserver:latest container_name: seafile-oods ports: - "127.0.0.1:9000:80" volumes: - ./seafile-oods/DocumentServer/logs:/var/log/onlyoffice - ./seafile-oods/DocumentServer/data:/var/www/onlyoffice/Data - ./seafile-oods/DocumentServer/lib:/var/lib/onlyoffice - ./seafile-oods/DocumentServer/local-production-linux.json:/etc/onlyoffice/documentserver/local-production-linux.json networks: - seafile-net environment: - JWT_ENABLED=true - JWT_SECRET=fddafxkloiuioujklss # 保护文档不被未经授权访问 ...
新建需要的目录,配置自动保存功能
cd /opt/seafile mkdir -p seafile-oods/DocumentServer/ vim seafile-oods/DocumentServer/local-production-linux.json { "services": { "CoAuthoring": { "autoAssembly": { "enable": true, "interval": "5m" } } }, "FileConverter": { "converter": { "downloadAttemptMaxCount": 1 } } }
编辑seafile配置文件并加入对应的配置
vim /opt/seafile/seafile-data/seafile/conf/seahub_settings.py ENABLE_ONLYOFFICE = True VERIFY_ONLYOFFICE_CERTIFICATE = True ONLYOFFICE_APIJS_URL = 'https://onlyoffice.example.com/web-apps/apps/api/documents/api.js' ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods') ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx') ONLYOFFICE_JWT_SECRET = 'fddafxkloiuioujklss'
调整 Nginx 配置
upstream docservice { server 127.0.0.1:9000; } map $http_host $this_host { "" $host; default $http_host; } map $http_x_forwarded_proto $the_scheme { default $http_x_forwarded_proto; "" $scheme; } map $http_x_forwarded_host $the_host { default $http_x_forwarded_host; "" $this_host; } map $http_upgrade $proxy_connection { default upgrade; "" close; } server { listen 80; server_name onlyoffice.example.com; # 与ONLYOFFICE_APIJS_URL对应 client_max_body_size 0; location / { proxy_pass http://docservice; proxy_http_version 1.1; proxy_read_timeout 3600s; proxy_connect_timeout 3600s; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_set_header X-Forwarded-Host $the_host; proxy_set_header X-Forwarded-Proto $the_scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
- 无标签