version: '3.0' services: db: image: mariadb:10.6 container_name: seafile-mysql environment: - MYSQL_ROOT_PASSWORD=password # Requested, set the root's password of MySQL service. - MYSQL_LOG_CONSOLE=true volumes: - /data/seafile/db:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store. networks: - seafile-net memcached: image: memcached:1.6.18 container_name: seafile-memcached entrypoint: memcached -m 256 networks: - seafile-net elasticsearch: image: elasticsearch:7.16.2 container_name: seafile-elasticsearch environment: - discovery.type=single-node - bootstrap.memory_lock=true - "ES_JAVA_OPTS=-Xms1g -Xmx1g" ulimits: memlock: soft: -1 hard: -1 mem_limit: 2g volumes: - /data/seafile/elasticsearch:/usr/share/elasticsearch/data # Requested, specifies the path to Elasticsearch data persistent store. networks: - seafile-net seafile: image: container_name: seafile ports: - "80:80" # - "443:443" # If https is enabled, cancel the comment. volumes: - /data/seafile/data:/shared # Requested, specifies the path to Seafile data persistent store. - /data/seafile/deps/seafile-controller:/opt/seafile/seafile-pro-server-10.0.9/seafile/bin/seafile-controller:rx - /data/seafile/deps/seaf-server:/opt/seafile/seafile-pro-server-10.0.9/seafile/bin/seaf-server:rx - /data/seafile/deps/ environment: - DB_HOST=db - DB_ROOT_PASSWD=password # Requested, the value should be root's password of MySQL service. - TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone. - # Specifies Seafile admin user, default is '' - SEAFILE_ADMIN_PASSWORD=password # Specifies Seafile admin password, default is 'asecret' - SEAFILE_SERVER_LETSENCRYPT=false # Whether to use https or not - SEAFILE_SERVER_HOSTNAME= # Specifies your host name if https is enabled depends_on: - db - memcached - elasticsearch networks: - seafile-net networks: seafile-net: |
要调整 Elasticsearch 目录的权限,否则会提示无权限运行
mkdir /data/seafile/elasticsearch chmod 777 /data/seafile/elasticsearch |
docker-compose -f docker-compose.yml up |
如果把 SEAFILE_SERVER_LETSENCRYPT 设置为 true,该容器将会自动申请一个 letsencrypt 机构颁发的 SSL 证书,并开启 https 访问:
seafile: ... ports: - "80:80" - "443:443" ... environment: ... - SEAFILE_SERVER_LETSENCRYPT=true - ... |
使用SSL 证书用来持久化存储 Seafile 数据的目录为 /opt/seafile/seafile-data,创建 /opt/seafile/seafile-data/ssl 目录,然后拷贝证书文件和密钥文件到ssl目录下。
按照如下示例修改 Nginx 的配置文件/opt/seafile-data/nginx/conf/seafile.nginx.conf。不要更改该配置文件的文件名。
server { listen 80; server_name default_server; location / { rewrite ^ https://$host$request_uri? permanent; } } server { listen 443; ssl on; ssl_certificate /shared/ssl/your-ssl-crt.crt; ssl_certificate_key /shared/ssl/your-ssl-key.key; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; server_name; ... |
重新加载 Nginx 的配置文件。
docker exec -it seafile /usr/sbin/nginx -s reload |
Seafile 容器中 Seafile 服务本身的日志文件存放在 /shared/logs/seafile 目录下,可以在宿主机上 Seafile 容器的卷目录中找到这些日志,例如:/data/seafile/data/logs/seafile
同样 Seafile 容器的系统日志存放在 /shared/logs/var-log 目录下,或者宿主机目录 /data/seafile/data/logs/var-log。
docker exec -it seafile /opt/seafile/seafile-server-latest/ |
docker ps docker exec -ti 36d7a9333316 /opt/seafile/seafile-pro-server-10.0.5/ stop docker exec -ti 36d7a9333316 /opt/seafile/seafile-pro-server-10.0.5/ stop docker exec -it 36d7a9333316 /bin/bash rm /opt/seafile/seafile-pro-server-10.0.5/seafile/bin/seaf-server rm /opt/seafile/seafile-pro-server-10.0.5/seafile/bin/seafile-controller exit docker cp /tmp/seaf-server \ 36d7a9333316:/opt/seafile/seafile-pro-server-10.0.5/seafile/bin/seaf-server docker cp /tmp/seafile-controller 、 36d7a9333316:/opt/seafile/seafile-pro-server-10.0.5/seafile/bin/seafile-controller docker exec -ti 36d7a9333316 /opt/seafile/seafile-pro-server-10.0.5/ start docker exec -ti 36d7a9333316 /opt/seafile/seafile-pro-server-10.0.5/ start docker commit -m "seafile-pro-10.0.5" 36d7a9333316 seafile-pro:10.05 docker save -o seafile-pro-10.0.5.tar seafile-pro:10.0.5 |
seafile 数据卷路径是 /data/seafile/data,备份数据存放到 /data/seafile/data/seafile-backup 目录下。先创建一个类似以下 /data/seafile/data/seafile-backup 的目录结构:
cd /data/seafile/data/seafile-backup/databases docker exec -it seafile-mysql mysqldump -uroot -p** --opt ccnet_db > ccnet_db.sql docker exec -it seafile-mysql mysqldump -uroot -p** --opt seafile_db > seafile_db.sql docker exec -it seafile-mysql mysqldump -uroot -p** --opt seahub_db > seahub_db.sql |
#直接复制整个数据目录 cp -R /opt/seafile/seafile-data/seafile /opt/seafile-backup/data/ cd /opt/seafile/seafile-backup/data && rm -rf ccnet #使用 rsync 执行增量备份 rsync -az /opt/seafiel/seafile-data/seafile /opt/seafile-backup/data/ cd /opt/seafile/seafile-backup/data && rm -rf ccnet |
docker cp /data/seafile/data/seafile-backup/databases/ccnet_db.sql \ seafile-mysql:/tmp/ccnet_db.sql docker cp /data/seafile/data/seafile-backup/databases/seafile_db.sql \ seafile-mysql:/tmp/seafile_db.sql docker cp /data/seafile/data/seafile-backup/databases/seahub_db.sql \ seafile-mysql:/tmp/seahub_db.sql docker exec -it seafile-mysql /bin/sh \ -c "mysql -uroot -p** ccnet_db < /tmp/ccnet_db.sql" docker exec -it seafile-mysql /bin/sh \ -c "mysql -uroot -p** seafile_db < /tmp/seafile_db.sql" docker exec -it seafile-mysql /bin/sh \ -c "mysql -uroot -p** seahub_db < /tmp/seahub_db.sql" |
cp -R /opt/seafile-backup/data/* /opt/seafile-data/seafile/ |
正常情况下通过 wget 直接下载分享的文件后,保存到本地的文件会以“index.html”保存,可以通过以下的方式下载
wget --content-disposition "url?raw=1" (or dl=1) |
【可选】集成 onlyoffice,在 docker-compose 的配置文件中增加以下的内容
services: ... oods: image: onlyoffice/documentserver:latest container_name: seafile-oods ports: - "" volumes: - ./seafile-oods/DocumentServer/logs:/var/log/onlyoffice - ./seafile-oods/DocumentServer/data:/var/www/onlyoffice/Data - ./seafile-oods/DocumentServer/lib:/var/lib/onlyoffice - ./seafile-oods/DocumentServer/local-production-linux.json:/etc/onlyoffice/documentserver/local-production-linux.json networks: - seafile-net environment: - JWT_ENABLED=true - JWT_SECRET=fddafxkloiuioujklss # 保护文档不被未经授权访问 ... |
cd /opt/seafile mkdir -p seafile-oods/DocumentServer/ vim seafile-oods/DocumentServer/local-production-linux.json { "services": { "CoAuthoring": { "autoAssembly": { "enable": true, "interval": "5m" } } }, "FileConverter": { "converter": { "downloadAttemptMaxCount": 1 } } } |
vim /opt/seafile/seafile-data/seafile/conf/ ENABLE_ONLYOFFICE = True VERIFY_ONLYOFFICE_CERTIFICATE = True ONLYOFFICE_APIJS_URL = '' ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods') ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx') ONLYOFFICE_JWT_SECRET = 'fddafxkloiuioujklss' |
调整 Nginx 配置
upstream docservice { server; } map $http_host $this_host { "" $host; default $http_host; } map $http_x_forwarded_proto $the_scheme { default $http_x_forwarded_proto; "" $scheme; } map $http_x_forwarded_host $the_host { default $http_x_forwarded_host; "" $this_host; } map $http_upgrade $proxy_connection { default upgrade; "" close; } server { listen 80; server_name; # 与ONLYOFFICE_APIJS_URL对应 client_max_body_size 0; location / { proxy_pass http://docservice; proxy_http_version 1.1; proxy_read_timeout 3600s; proxy_connect_timeout 3600s; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_set_header X-Forwarded-Host $the_host; proxy_set_header X-Forwarded-Proto $the_scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } |