seafile-ce 8.0

haiwen · Jan 28, 2021 · 6dd2698 · 6dd2698
1 parent 2609813
commit 6dd2698
Show file tree

Hide file tree

Showing 5 changed files with 196 additions and 0 deletions.
diff --git a/image/seafile_8.0/Dockerfile b/image/seafile_8.0/Dockerfile
@@ -0,0 +1,62 @@
+# See https://hub.docker.com/r/phusion/baseimage/tags/
+FROM phusion/baseimage:0.11
+ENV SEAFILE_SERVER=seafile-server SEAFILE_VERSION=
+
+RUN apt-get update --fix-missing
+
+# Utility tools
+RUN apt-get install -y vim htop net-tools psmisc wget curl git
+
+# For suport set local time zone.
+RUN export DEBIAN_FRONTEND=noninteractive && apt-get install tzdata -y
+
+# Nginx
+RUN apt-get install -y nginx
+
+#
+RUN apt-get install -y libmysqlclient-dev
+
+# Python3
+RUN apt-get install -y python3 python3-pip python3-setuptools
+RUN python3.6 -m pip install --upgrade pip && rm -r /root/.cache/pip
+
+RUN pip3 install --timeout=3600 click termcolor colorlog pymysql \
+    django==2.2.* && rm -r /root/.cache/pip
+
+RUN pip3 install --timeout=3600 future mysqlclient Pillow pylibmc captcha jinja2 \
+    sqlalchemy django-pylibmc django-simple-captcha pyjwt && \
+    rm -r /root/.cache/pip
+
+
+# Scripts
+COPY scripts_7.1 /scripts
+COPY templates /templates
+COPY services /services
+RUN chmod u+x /scripts/*
+
+RUN mkdir -p /etc/my_init.d && \
+    rm -f /etc/my_init.d/* && \
+    cp /scripts/create_data_links.sh /etc/my_init.d/01_create_data_links.sh
+
+RUN mkdir -p /etc/service/nginx && \
+    rm -f /etc/nginx/sites-enabled/* /etc/nginx/conf.d/* && \
+    mv /services/nginx.conf /etc/nginx/nginx.conf && \
+    mv /services/nginx.sh /etc/service/nginx/run
+
+
+# Seafile
+WORKDIR /opt/seafile
+
+RUN mkdir -p /opt/seafile/ && cd /opt/seafile/ && \
+    wget https://download.seadrive.org/seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz && \
+    tar -zxvf seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz && \
+    rm -f seafile-server_${SEAFILE_VERSION}_x86-64.tar.gz
+
+# For using TLS connection to LDAP/AD server with docker-ce.
+RUN find /opt/seafile/ \( -name "liblber-*" -o -name "libldap-*" -o -name "libldap_r*" -o -name "libsasl2.so*" \) -delete
+
+
+EXPOSE 80
+
+
+CMD ["/sbin/my_init", "--", "/scripts/start.py"]
diff --git a/image/seafile_8.0/services/nginx.conf b/image/seafile_8.0/services/nginx.conf
@@ -0,0 +1,34 @@
+daemon off;
+user www-data;
+worker_processes auto;
+
+events {
+    worker_connections 768;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    server_names_hash_bucket_size 256;
+    server_names_hash_max_size 1024;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 65;
+    types_hash_max_size 2048;
+    log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';
+
+    access_log /var/log/nginx/access.log seafileformat;
+    error_log /var/log/nginx/error.log info;
+
+    gzip on;
+    gzip_types  text/plain text/css application/javascript application/json text/javascript;
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*;
+
+    server {
+        listen 80;
+        location / {
+            return 444;
+        }
+    }
+}
diff --git a/image/seafile_8.0/services/nginx.sh b/image/seafile_8.0/services/nginx.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+exec 2>&1
+exec /usr/sbin/nginx
diff --git a/image/seafile_8.0/templates/letsencrypt.cron.template b/image/seafile_8.0/templates/letsencrypt.cron.template
@@ -0,0 +1,3 @@
+PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+# min hour dayofmonth month dayofweek  command
+0 0 1 * * root /scripts/ssl.sh {{ ssl_dir }} {{ domain }}
diff --git a/image/seafile_8.0/templates/seafile.nginx.conf.template b/image/seafile_8.0/templates/seafile.nginx.conf.template
@@ -0,0 +1,94 @@
+# -*- mode: nginx -*-
+# Auto generated at {{ current_timestr }}
+{% if https -%}
+server {
+    listen 80;
+    server_name _ default_server;
+
+    # allow certbot to connect to challenge location via HTTP Port 80
+    # otherwise renewal request will fail
+    location /.well-known/acme-challenge/ {
+        alias /var/www/challenges/;
+        try_files $uri =404;
+    }
+
+    location / {
+        rewrite ^ https://{{ domain }}$request_uri? permanent;
+    }
+}
+{% endif -%}
+
+server {
+{% if https -%}
+    listen 443;
+    ssl on;
+    ssl_certificate      /shared/ssl/{{ domain }}.crt;
+    ssl_certificate_key  /shared/ssl/{{ domain }}.key;
+
+    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
+
+    # TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
+    # ssl_session_tickets on;
+    # ssl_session_ticket_key /etc/nginx/sessionticket.key;
+    # ssl_session_cache shared:SSL:10m;
+    # ssl_session_timeout 10m;
+{% else -%}
+    listen 80;
+{% endif -%}
+
+    server_name {{ domain }};
+
+    client_max_body_size 10m;
+
+    location / {
+        proxy_pass http://127.0.0.1:8000/;
+        proxy_read_timeout 310s;
+        proxy_set_header Host $host;
+        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header Connection "";
+        proxy_http_version 1.1;
+
+        client_max_body_size 0;
+        access_log      /var/log/nginx/seahub.access.log seafileformat;
+        error_log       /var/log/nginx/seahub.error.log;
+    }
+
+    location /seafhttp {
+        rewrite ^/seafhttp(.*)$ $1 break;
+        proxy_pass http://127.0.0.1:8082;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        client_max_body_size 0;
+        proxy_connect_timeout  36000s;
+        proxy_read_timeout  36000s;
+        proxy_request_buffering off;
+        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
+        error_log       /var/log/nginx/seafhttp.error.log;
+    }
+
+    location /seafdav {
+        proxy_pass         http://127.0.0.1:8080;
+        proxy_set_header   Host $host;
+        proxy_set_header   X-Real-IP $remote_addr;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Host $server_name;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_read_timeout  1200s;
+        client_max_body_size 0;
+
+        access_log      /var/log/nginx/seafdav.access.log seafileformat;
+        error_log       /var/log/nginx/seafdav.error.log;
+    }
+
+    location /media {
+        root /opt/seafile/seafile-server-latest/seahub;
+    }
+
+    # For letsencrypt
+    location /.well-known/acme-challenge/ {
+        alias /var/www/challenges/;
+        try_files $uri =404;
+    }
+}