树莓派海文SeaFile配置Nginx前端反代并启用HTTPS全攻略
树莓派海文SeaFile配置Nginx前端反代并启用HTTPS全攻略
Last edited 2022-6-25
type
Post
status
Published
date
Aug 26, 2017
slug
raspberrypi-seafile-conf
summary
很多小伙伴们不会Nginx反代SeaFile,抽空写个教程吧。这里教大家如何使用Nginx反代理海文SeaFile开源网盘,并且启用HTTPS开启HTTP2模式加速SeaFile,Nginx反代理有个好处是可以使用CDN加速,速度与安全肩并肩
tags
树莓派
category
技术分享
icon
password
Property
Jun 25, 2022 10:22 AM
很多小伙伴们不会Nginx反代SeaFile,抽空写个教程吧。这里教大家如何使用Nginx反代理海文SeaFile开源网盘,并且启用HTTPS开启HTTP2模式加速SeaFile,Nginx反代理有个好处是可以使用CDN加速,速度与安全肩并肩!

安装 SeaFile

具体教程请看我的上一篇教程:树莓派自搭建家庭云储存服务,海文SeaFile安装全攻略 或者查看官方英文文档(中文文档更新慢):Deploying Seafile under Linux

建立 SeaFile 启动文件

官方教程 我们直接使用启动文件运行SeaFile,官方有提供启动文件 Start Seafile at System Bootup 请查看 For systems using another init system than systemd 下的 Other Debian based Distributions
本文教程 建立 /etc/init.d/seafile 并修改下方关键信息复制到 /etc/init.d/seafile (需要把 fastcgi=true 设为 true)并赋予执行权限 chmod 775 /etc/init.d/seafile这里是我自己的启动文件,有稍微修改,可单独启动停止 seahub/seafile 服务
#!/bin/sh ### BEGIN INIT INFO # Provides: seafile # Required-Start: $local_fs $remote_fs $network # Required-Stop: $local_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Starts Seafile Server # Description: starts Seafile Server ### END INIT INFO # 请将 user 改为你的Linux用户名 user=root # 请将 script_path 改为你的 Seafile 文件安装路径 seafile_dir=/data/ser/sof/seafile script_path=${seafile_dir}/seafile-server-latest seafile_init_log=${seafile_dir}/logs/seafile.init.log seahub_init_log=${seafile_dir}/logs/seahub.init.log # 若使用 fastcgi, 请将其设置为true fastcgi=true # fastcgi 端口, 默认为 8000. fastcgi_port=8801 case "$1" in start) sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log} if [ $fastcgi = true ]; then sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log} else sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log} fi ;; webstart) if [ $fastcgi = true ]; then sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log} else sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log} fi ;; filestart) sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log} ;; restart) sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log} if [ $fastcgi = true ]; then sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log} else sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log} fi ;; stop) sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log} sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log} ;; webstop) sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log} ;; filestop) sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log} ;; *) echo "Usage: /etc/init.d/seafile {start|stop|restart|webstart|filestart|webstop|filestop}" exit 1 ;; esac

修改 SeaFile 文件服务端口

启动文件修改的端口只是 SeaFile 的网页服务还要修改文件服务的端口 修改安装目录 conf 文件夹下的 seafile.conf 文件,将服务地址修改为 127.0.0.1,端口修改为 8802,其他参数适当修改
[fileserver] #Seafile 服务地址 host = 127.0.0.1 #Seafile 服务端口 port = 8802 #上传文件最大为多少.MB max_upload_size = 256 #最大下载目录限制为多少.MB max_download_dir_size = 512 #文件索引线程 max_indexing_threads = 8 #文件分割为多少.MB fixed_block_size = 2 #当用户上传文件时,文件服务器分配一个令牌来授权上传操作。 #该令牌默认有效1小时。通过WAN上传大型文件时,上传时间可能会超过1小时。 #您可以将令牌到期时间更改为更大的值。 web_token_expire_time = 3600 [quota] #默认每个用户的最大空间.GB #在社区版5.0.5以后,你可以以 KB, MB, GB, TB 为单位来设置默认容量。比如 default = 1GB [history] #默认文件历史 keep_days = 0 #您可以从seahub下载文件夹作为zip存档 #但Windows上的一些zip软件不支持UTF-8 #您可以使用“windows_encoding”设置来解决此问题。 [zip] # The file name encoding of the downloaded zip file. windows_encoding = iso-8859-1

修改 SeaFile 配置文件

修改安装目录 conf 文件夹下的 seahub_settings.py 文件添加两行代码
SERVICE_URL = '<https://www.demo.com:8443>' FILE_SERVER_ROOT = '<https://www.demo.com:8443/seafhttp>'

配置 Nginx

我这里使用非网页常规端口8443,我的树莓派是在没用公网的环境需要经过服务器穿透而我的服务器已经有一个Nginx需要占用80,443端口所谓一山不能容二虎。这个根据自身情况而定 几个关键配置: 修改网页服务后端的 proxy_pass <http://127.0.0.1:8801>; 端口为启动文件处设置的端口地址 修改文件服务后端的 proxy_pass <http://127.0.0.1:8802>; 端口为seafile配置文件处设置的端口地址 修改静态文件后端的 root /data/ser/sof/seafile/seafile-server-latest/seahub; 为你的实际seafile安装地址的 seahub 文件夹(写错会导致页面样式文件和JS文件报404错误) 还有HTTPS证书文件和目录地址跟域名,自行修改为实际地址和域名。 因为我的网盘不对公所以我禁掉了搜索引擎的访问,有需要的请删除“## 禁止网络爬虫”处的配置,以免搜索引擎收录不了。
server { ## 基础配置 listen 8443 ssl http2; access_log off; error_log /dev/null; server_name www.demo.com; root /data/web/dat/nginx/web/www.demo.com; index index.html; # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate ssl_certificate /etc/letsencrypt/live/www.demo.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.demo.com/privkey.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits ssl_dhparam /etc/letsencrypt/live/dhparam.pem; # intermediate configuration. tweak to your needs. ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_prefer_server_ciphers on; # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months) # add_header Strict-Transport-Security max-age=15768000; # OCSP Stapling --- # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; ## verify chain of trust of OCSP response using Root CA and Intermediate certs #ssl_trusted_certificate /etc/letsencrypt/live/www.demo.com/root_ca_cert_plus_intermediates; ## 解析 OCSP 域名的服務器 resolver 8.8.8.8 8.8.4.4; ## 禁止网络爬虫 if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot") { return 403; } ## 禁止非法访问 location /.well-known {} #location / {return 500;} ## 网页服务后端 proxy_set_header X-Forwarded-For $remote_addr; location / { fastcgi_pass 127.0.0.1:8801; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; } # 文件服务后端 location /seafhttp { rewrite ^/seafhttp(.*)$ $1 break; proxy_pass <http://127.0.0.1:8802>; proxy_connect_timeout 36000s; proxy_read_timeout 36000s; proxy_send_timeout 36000s; send_timeout 36000s; } ## 静态文件后端 location /static { rewrite ^/static(.*)$ /media$1 break; root /data/ser/sof/seafile/seafile-server-latest/seahub; } }

启动 Seafile

启动 Seafile sudo /etc/init.d/seafile start 启动 Nginx sudo /etc/init.d/nginx start 设置Seafile开机启动 sudo update-rc.d seafile defaults 设置Seafile开机启动 sudo update-rc.d nginx defaults

END

静态文件后端的 seahub 目录下的文件可以整个CP到又拍云或者七牛云后由Nginx重定向即可实现半CDN加速。
  • 树莓派
  • Nginx如何在使用类似CloudFlare的CDN加速服务后还能正常获取客户端的真实IP地址树莓派自搭建家庭云储存服务,海文SeaFile安装全攻略