说明
该篇是 https://wiki.waringid.me/x/JwC2Aw 的延续。之前的内容都是在旧版本数据的基础上升级更新而来。
前几天在 QQ 群里的讨论中远程了一位使用自建证书的环境才发现 12 版本的配置和 seadoc 的内容有了变化(例如新版本的 seadoc 本地挂载的目录中只有 logs 这个内容,以往其它的目录都没有了;另外配置本地 SSL 证书存在无法正常打开 seadoc 文档的情况)
本例不启用 caddy.yml 组件,直接使用内置的 nginx 组件。
前置要求
- 配置好容器环境
- 域名和对应的 IP (如果使用域名访问,本示例通过 seafile.waringid.local 为例)
- SSL 证书 (自签名证书 seafile.waringid.local 为例,可以查看附件证书ssl.crt和ssl.key)
- seafile 路径:/data/seafile/seafile-data
- seafile mysql 路径:/data/seafile/seafile-mysql
- seadoc 路径:/data/seafile/seadoc-data
配置步骤
从官网下载配置文件
cd /data/seafile wget -O .env https://manual.seafile.com/12.0/repo/docker/ce/env wget https://manual.seafile.com/12.0/repo/docker/seadoc.yml wget https://manual.seafile.com/12.0/repo/docker/ce/seafile-server.yml wget https://manual.seafile.com/12.0/repo/docker/caddy.yml
.env
COMPOSE_FILE='seafile-server.yml,seadoc.yml' COMPOSE_PATH_SEPARATOR=',' SEAFILE_IMAGE=seafileltd/seafile-mc:12.0-latest SEAFILE_DB_IMAGE=mariadb:10.11 SEAFILE_MEMCACHED_IMAGE=memcached:1.6.29 SEAFILE_CADDY_IMAGE=lucaslorentz/caddy-docker-proxy:2.9-alpine SEAFILE_VOLUME=/data/seafile/seafile-data SEAFILE_MYSQL_VOLUME=/data/seafile/seafile-mysql/db SEAFILE_CADDY_VOLUME=/data/seafile/seafile-caddy SEAFILE_MYSQL_DB_HOST=db INIT_SEAFILE_MYSQL_ROOT_PASSWORD=www.waringid.com SEAFILE_MYSQL_DB_USER=seafile SEAFILE_MYSQL_DB_PASSWORD=www.waringid.com TIME_ZONE=Asia/Shanghai JWT_PRIVATE_KEY=iQbv/xGIWph09Bi2n2NMQOOp4cKKLupafk8XuTNe6YPLoOOKtGh92W0TcB9dpR2P SEAFILE_SERVER_HOSTNAME=seafile.waringid.local SEAFILE_SERVER_PROTOCOL=https INIT_SEAFILE_ADMIN_EMAIL=admin@waringid.local INIT_SEAFILE_ADMIN_PASSWORD=www.waringid.com SEADOC_IMAGE=seafileltd/sdoc-server:1.0-latest SEADOC_VOLUME=/data/seafile/seadoc-data ENABLE_SEADOC=true SEADOC_SERVER_URL=https://seafile.waringid.local/sdoc-server NOTIFICATION_SERVER_IMAGE=seafileltd/notification-server:12.0-latest NOTIFICATION_SERVER_VOLUME=/data/seafile/notification-data
seafile-server.yml
services:
db:
image: ${SEAFILE_DB_IMAGE:-mariadb:10.11}
container_name: seafile-mysql
environment:
- MYSQL_ROOT_PASSWORD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
- MYSQL_LOG_CONSOLE=true
- MARIADB_AUTO_UPGRADE=1
volumes:
- "${SEAFILE_MYSQL_VOLUME:-/opt/seafile-mysql/db}:/var/lib/mysql"
networks:
- seafile-net
healthcheck:
test:
[
"CMD",
"/usr/local/bin/healthcheck.sh",
"--connect",
"--mariadbupgrade",
"--innodb_initialized",
]
interval: 20s
start_period: 30s
timeout: 5s
retries: 10
memcached:
image: ${SEAFILE_MEMCACHED_IMAGE:-memcached:1.6.29}
container_name: seafile-memcached
entrypoint: memcached -m 256
networks:
- seafile-net
seafile:
image: ${SEAFILE_IMAGE:-seafileltd/seafile-mc:12.0-latest}
container_name: seafile
ports:
- "80:80"
- "443:443"
volumes:
- ${SEAFILE_VOLUME:-/opt/seafile-data}:/shared
environment:
- DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
- DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
- DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
- DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
- DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
- SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
- SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
- SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db}
- TIME_ZONE=${TIME_ZONE:-Etc/UTC}
- INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:-me@example.com}
- INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret}
- SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
- SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http}
- SITE_ROOT=${SITE_ROOT:-/}
- NON_ROOT=${NON_ROOT:-false}
- JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
- SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
- ENABLE_SEADOC=${ENABLE_SEADOC:-true}
- SEADOC_SERVER_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}/sdoc-server
#labels:
# caddy: ${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
# caddy.reverse_proxy: "{{upstreams 80}}"
depends_on:
db:
condition: service_healthy
memcached:
condition: service_started
networks:
- seafile-net
networks:
seafile-net:
name: seafile-net
seadoc.yml
services:
seadoc:
image: ${SEADOC_IMAGE:-seafileltd/sdoc-server:1.0-latest}
container_name: seadoc
volumes:
- ${SEADOC_VOLUME:-/opt/seadoc-data/}:/shared
#ports:
# - "80:80"
environment:
- DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
- DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
- DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
- DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
- DB_NAME=${SEADOC_MYSQL_DB_NAME:-seahub_db}
- TIME_ZONE=${TIME_ZONE:-Etc/UTC}
- JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
- NON_ROOT=${NON_ROOT:-false}
- SEAHUB_SERVICE_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
#labels:
# caddy: ${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
# caddy.@ws.0_header: "Connection *Upgrade*"
# caddy.@ws.1_header: "Upgrade websocket"
# caddy.0_reverse_proxy: "@ws {{upstreams 80}}"
# caddy.1_handle_path: "/socket.io/*"
# caddy.1_handle_path.0_rewrite: "* /socket.io{uri}"
# caddy.1_handle_path.1_reverse_proxy: "{{upstreams 80}}"
# caddy.2_handle_path: "/sdoc-server/*"
# caddy.2_handle_path.0_rewrite: "* {uri}"
# caddy.2_handle_path.1_reverse_proxy: "{{upstreams 80}}"
depends_on:
db:
condition: service_healthy
networks:
- seafile-net
networks:
seafile-net:
name: seafile-net
启动服务
docker compose -f /data/seafile/.env up -d mkdir /data/seafile/seafile-data/nginx/ssl cp ssl.crt ssl.key /data/seafile/seafile-data/nginx/ssl/
完成服务启动后,系统可以通过 http 的方式访问,但是无法通过 https 访问。原因是取消了 caddy.yml 配置,无法正常生成 SSL 证书和对应的配置文件。需要配置 SSL 证书和 Nginx 访问。
按上述配置复制对应的 SSL 证书到指定的位置。然后按以下的配置修改 Nginx 配置文件(/data/seafile/seafile-data/nginx/conf/seafile.nginx.conf)
seafile.nginx.conf
# -*- mode: nginx -*-
# Auto generated at 04/16/2025 14:18:39
server {
listen 80;
server_name seafile.waringid.local;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server {
listen 443 ssl;
ssl_certificate /shared/nginx/ssl/ssl.crt;
ssl_certificate_key /shared/nginx/ssl/ssl.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
client_max_body_size 10m;
location / {
proxy_pass http://127.0.0.1:8000/;
proxy_read_timeout 310s;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
add_header Access-Control-Allow-Origin *;
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0;
proxy_read_timeout 36000s;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /notification/ping {
proxy_pass http://127.0.0.1:8083/ping;
access_log /var/log/nginx/notification.access.log seafileformat;
error_log /var/log/nginx/notification.error.log;
}
location /notification {
proxy_pass http://127.0.0.1:8083/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
access_log /var/log/nginx/notification.access.log seafileformat;
error_log /var/log/nginx/notification.error.log;
}
location /seafdav {
rewrite ^/seafdav$ /seafdav/ permanent;
}
location /seafdav/ {
proxy_pass http://127.0.0.1:8080/seafdav/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log;
}
location /:dir_browser {
# Logo of WebDAV
proxy_pass http://127.0.0.1:8080/:dir_browser;
}
location /sdoc-server/ {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
add_header Access-Control-Allow-Headers "deviceType,token, authorization, content-type";
if ($request_method = 'OPTIONS') {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
add_header Access-Control-Allow-Headers "deviceType,token, authorization, content-type";
return 204;
}
proxy_pass http://seadoc:80/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100m;
access_log /var/log/nginx/seadoc.access.log seafileformat;
error_log /var/log/nginx/seadoc.error.log;
}
location /socket.io {
proxy_pass http://seadoc:80;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_redirect off;
proxy_buffers 8 32k;
proxy_buffer_size 64k;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
}
seahub_settings.py
SECRET_KEY = "s-g22nrldjimu!a9h4h)keb*1*lsu*rhbw#r&1w=qvi#&f)_-t"
SERVICE_URL = "https://seafile.waringid.local"
CSRF_TRUSTED_ORIGINS = ['https://seafile.waringid.local','http://seafile.waringid.local']
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub_db',
'USER': 'seafile',
'PASSWORD': 'www.waringid.com',
'HOST': 'db',
'PORT': '3306',
'OPTIONS': {'charset': 'utf8mb4'},
}
}
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': 'memcached:11211',
},
'locmem': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
},
}
COMPRESS_CACHE_BACKEND = 'locmem'
TIME_ZONE = 'Asia/Shanghai'
FILE_SERVER_ROOT = 'https://seafile.waringid.local/seafhttp'
重启服务
重启服务后即可实现 SSL 的内部访问模式。需要注意的是 seadoc 文件在 https 自签名证书(非公网证书)的配置下无法正常打开和编辑。
docker compose -f /data/seafile/.env restart
7 评论
匿名用户 发表:
4月 21, 2025教程非常详细,十分感谢,按照配置一步步修改,已经成功安装并启动seafile,发现用notification替换了elasticsearch,这个搜索有何过人之处呢,没有使用过,请赐教。另外就是seadoc和知识库暂时无法使用,因为使用的自签名证书,教程中也提到这个问题了,等下申请个正式的ssl证书再测试一下,测试之后回来反馈。
匿名用户 发表:
4月 21, 2025经测试,seadoc还是无法正常使用,打开doc文件依然显示“此文件格式不支持云端查看”,只能下载不能编辑。知识库新建页面的时候依然会提示“Internal Server Error”,不知道是不是seadoc也需要配置https呢?
虚拟的现实 发表:
4月 22, 2025已经验证 seadoc 和 wiki 在直接启用 https 的方式下存在问题,但还没有找到具体的原因。
对照我自建的 https://yunpan.waringid.me 的方式配置都一样,只有 seadoc 版本不一样,我正常能访问的版本是 1.0.3,现在使用的版本是1.0.5
匿名用户 发表:
4月 22, 2025我把seadoc换成1.0.3版本,也还是没作用,看来是新版本的固有问题,我按照官网给的方案使用caddy直接安装,结果也是seadoc不能用
虚拟的现实 发表:
4月 23, 2025从这几天的验证情况看,seadoc 如需启用 ssl 方式有2个要求
1、SSL 的证书需要使用公网的域名证书
2、seadoc URL 的访问域名需要在各容器内部都能被访问到
详细的过程可以参考:https://forum.seafile.com/t/seadoc-accesses-seahub-not-through-seahub-service-url/23683/3
匿名用户 发表:
4月 22, 2025还有个小问题,按照配置启动以后,seahub_settings.py中 SERVICE_URL = "https://seafile.waringid.local" 这一项,默认是http://,需要自己修改成https,你那边也是这样吗
虚拟的现实 发表:
4月 22, 2025比较奇怪的是默认 http:// 这样的设置不影响正常访问(web 界面下,没验证客户端)