diff --git a/manual/deploy/deploy_with_apache.md b/manual/deploy/deploy_with_apache.md deleted file mode 100644 index 097b8cfb..00000000 --- a/manual/deploy/deploy_with_apache.md +++ /dev/null @@ -1,100 +0,0 @@ -# Config Seahub with Apache - -## Important - -According to the [security advisory](https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/) published by Django team, we recommend disable [GZip compression](http://httpd.apache.org/docs/2.2/mod/mod_deflate.html) to mitigate [BREACH attack](http://breachattack.com/). - -This tutorial assumes you run at least Apache 2.4. - -## Prepare - -Install and enable apache modules - -On Ubuntu you can use: - -```bash -sudo a2enmod rewrite -sudo a2enmod proxy_http -``` - - - -## Deploy Seahub/FileServer With Apache - -Seahub is the web interface of Seafile server. FileServer is used to handle raw file uploading/downloading through browsers. By default, it listens on port 8082 for HTTP request. - -Here we deploy Seahub and FileServer with reverse proxy. We assume you are running Seahub using domain '''www.myseafile.com'''. - -Modify Apache config file: -(`sites-enabled/000-default`) for ubuntu/debian, (`vhost.conf`) for centos/fedora - -```apache - - ServerName www.myseafile.com - # Use "DocumentRoot /var/www/html" for Centos/Fedora - # Use "DocumentRoot /var/www" for Ubuntu/Debian - DocumentRoot /var/www - Alias /media /home/user/haiwen/seafile-server-latest/seahub/media - - AllowEncodedSlashes On - - RewriteEngine On - - - Require all granted - - - # - # seafile fileserver - # - ProxyPass /seafhttp http://127.0.0.1:8082 - ProxyPassReverse /seafhttp http://127.0.0.1:8082 - RewriteRule ^/seafhttp - [QSA,L] - - # - # seahub - # - SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 - ProxyPreserveHost On - ProxyPass / http://127.0.0.1:8000/ - ProxyPassReverse / http://127.0.0.1:8000/ - -``` - -## Modify seahub_setting.py - -You need to modify the value of `SERVICE_URL` in [seahub_settings.py](../config/seahub_settings_py.md) -to let Seafile know the domain you choose. You can also modify SERVICE_URL via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.) - -```python -SERVICE_URL = 'http://seafile.example.com' -``` - -Note: If you later change the domain assigned to seahub, you also need to change the value of `SERVICE_URL`. - - -You need to add a line in `seahub_settings.py` to set the value of `FILE_SERVER_ROOT`. You can also modify `FILE_SERVER_ROOT` via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.) - -```python -FILE_SERVER_ROOT = 'http://seafile.example.com/seafhttp' -``` - -## Start Seafile and Seahub - -```bash -sudo service apache2 restart -./seafile.sh start -./seahub.sh start -``` - -## Troubleshooting - -### Problems with paths and files containing spaces - -If there are problems with paths or files containing spaces, make sure to have at least Apache 2.4.12. - -References - * https://github.com/haiwen/seafile/issues/1258#issuecomment-188866740 - * https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1284641 - * https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1284641/comments/5 - * https://svn.apache.org/viewvc/httpd/httpd/tags/2.4.12/CHANGES?view=markup#l45 diff --git a/manual/deploy/deploy_with_nginx.md b/manual/deploy/deploy_with_nginx.md deleted file mode 100644 index a539a825..00000000 --- a/manual/deploy/deploy_with_nginx.md +++ /dev/null @@ -1,216 +0,0 @@ -# Configuration of Seahub behind Nginx - - - -[Both components of Seafile Server](https://manual.seafile.com/overview/components/), Seahub and seaf-server, can be configured to run behind a reverse proxy. A reverse proxy increases the performance of Seafile and allows the encryption of inbound and outbound traffic. - -For production use, a setup with a reverse proxy and HTTPS encryption is a MUST . - -[Nginx](http://nginx.org/), a popular and resource-friendly HTTP server and reverse proxy, is a good option. Nginx's documentation is available at http://nginx.org/en/docs/. - -## Setup - -The configuration of Seafile behind Nginx as a reverse proxy is demonstrated using the sample host name `seafile.example.com`. - -These instructions assume the following requirements: - -* Seafile Server Community Edition/Professional Edition was setup according to the instructions in this manual (i.e., a dedicated user seafile exists and all Seafile files are stored in /opt/seafile) -* A host name points at the IP address of the server and the server is available on port 80 - -If your setup differs from thes requirements, adjust the following instructions accordingly. - -### Installing Nginx - -Install Nginx using the package repositories: - -```bash -# CentOS -sudo yum install nginx -y - -# Debian/Ubuntu -sudo apt install nginx -y -``` - -After the installation, start the server and enable it so that Nginx starts at system boot: - -```bash -# CentOS/Debian/Ubuntu -sudo systemctl start nginx -sudo systemctl enable nginx -``` - -### Preparing Nginx - -The configuration of a proxy server in Nginx differs slightly between CentOS and Debian/Ubuntu. Additionally, the restrictive default settings of SELinux's configuration on CentOS require a modification. - -#### Preparing Nginx on CentOS - -Switch SELinux into permissive mode and perpetuate the setting: - -``` bash -sudo setenforce permissive -sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config -``` - -Create a configuration file for seafile in `/etc/nginx/conf.d`: - -```bash -touch /etc/nginx/conf.d/seafile.conf -``` - -#### Preparing Nginx on Debian/Ubuntu - -Create a configuration file for seafile in `/etc/nginx/sites-available/`: - -```bash -touch /etc/nginx/sites-available/seafile.conf -``` - -Delete the default files in `/etc/nginx/sites-enabled/` and `/etc/nginx/sites-available`: - -````bash -rm /etc/nginx/sites-enabled/default -rm /etc/nginx/sites-available/default -```` - -Create a symbolic link: - -````bash -ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf -```` - -### Configuring Nginx - -Copy the following sample Nginx config file into the just created `seafile.conf` and modify the content to fit your needs: - -```nginx - -log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time'; - -server { - listen 80; - server_name seafile.example.com; - - proxy_set_header X-Forwarded-For $remote_addr; - - location / { - proxy_pass http://127.0.0.1:8000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; - proxy_read_timeout 1200s; - - # used for view/edit office file via Office Online Server - client_max_body_size 0; - - access_log /var/log/nginx/seahub.access.log seafileformat; - error_log /var/log/nginx/seahub.error.log; - } - -# If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI), -# which is not recommended, you should use the following config for location `/`. -# -# location / { -# fastcgi_pass 127.0.0.1:8000; -# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -# fastcgi_param PATH_INFO $fastcgi_script_name; -# -# fastcgi_param SERVER_PROTOCOL $server_protocol; -# fastcgi_param QUERY_STRING $query_string; -# fastcgi_param REQUEST_METHOD $request_method; -# fastcgi_param CONTENT_TYPE $content_type; -# fastcgi_param CONTENT_LENGTH $content_length; -# fastcgi_param SERVER_ADDR $server_addr; -# fastcgi_param SERVER_PORT $server_port; -# fastcgi_param SERVER_NAME $server_name; -# fastcgi_param REMOTE_ADDR $remote_addr; -# fastcgi_read_timeout 36000; -# -# client_max_body_size 0; -# -# access_log /var/log/nginx/seahub.access.log; -# error_log /var/log/nginx/seahub.error.log; -# } - - location /seafhttp { - rewrite ^/seafhttp(.*)$ $1 break; - proxy_pass http://127.0.0.1:8082; - client_max_body_size 0; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - proxy_connect_timeout 36000s; - proxy_read_timeout 36000s; - proxy_send_timeout 36000s; - - send_timeout 36000s; - - access_log /var/log/nginx/seafhttp.access.log seafileformat; - error_log /var/log/nginx/seafhttp.error.log; - } - location /media { - root /opt/seafile/seafile-server-latest/seahub; - } -} -``` - -The following options must be modified in the CONF file: - -* Server name (server_name) - -Optional customizable options in the seafile.conf are: - -* Server listening port (listen) - if Seafile server should be available on a non-standard port -* Proxy pass for location / - if Seahub is configured to start on a different port than 8000 -* Proxy pass for location /seafhttp - if seaf-server is configured to start on a different port than 8082 -* Maximum allowed size of the client request body (client_max_body_size) - -The default value for `client_max_body_size` is 1M. Uploading larger files will result in an error message HTTP error code 413 ("Request Entity Too Large"). It is recommended to syncronize the value of client_max_body_size with the parameter `max_upload_size` in section `[fileserver]` of [seafile.conf](../config/seafile-conf.md). Optionally, the value can also be set to 0 to disable this feature. Client uploads are only partly effected by this limit. With a limit of 100 MiB they can safely upload files of any size. - -Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect: - -```bash -nginx -t -nginx -s reload -``` - -### Modify seahub_setting.py - -You need to modify the value of `SERVICE_URL` in [seahub_settings.py](../config/seahub_settings_py.md) -to let Seafile know the domain you choose. You can also modify SERVICE_URL via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.) - -```python -SERVICE_URL = 'http://www.myseafile.com' -``` - -Note: If you later change the domain assigned to seahub, you also need to change the value of `SERVICE_URL`. - - -You need to add a line in `seahub_settings.py` to set the value of `FILE_SERVER_ROOT`. You can also modify `FILE_SERVER_ROOT` via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.) - -```python -FILE_SERVER_ROOT = 'http://seafile.example.com/seafhttp' -``` - -### Modifying seafile.conf - -To improve security, the file server should only be accessible via Nginx. - -Add the following line in the [fileserver] block on `seafile.conf` in `/opt/seafile/conf`: - -``` -host = 127.0.0.1 ## default port 0.0.0.0 -``` - -After his change, the file server only accepts requests from Nginx. - -### Starting Seafile and Seahub - -Restart the seaf-server and Seahub for the config changes to take effect: - -```bash -su seafile -cd /opt/seafile/seafile-server-latest -./seafile.sh restart -./seahub.sh restart # or "./seahub.sh start-fastcgi" if you're using fastcgi -``` diff --git a/mkdocs.yml b/mkdocs.yml index 57f3cb89..f32cc6ca 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -57,44 +57,12 @@ nav: - Installation with MySQL: deploy/using_mysql.md - HTTPS with Nginx: deploy/https_with_nginx.md - HTTPS with Apache: deploy/https_with_apache.md - - LDAP/AD Integration: deploy/using_ldap.md - - Single Sign On: - - Outline: deploy/single_sign_on.md - - Shibboleth Authentication: deploy/shibboleth_config_v6.3.md - - OAuth Authentication: deploy/oauth.md - - Remote User Authentication: deploy/remote_user.md - - Auto Login to SeaDrive on Windows: deploy/auto_login_seadrive.md - - Syslog Integration: deploy/using_syslog.md - - Online File Preview and Edit: - - LibreOffice Online Integration: deploy/libreoffice_online.md - - OnlyOffice Integration: deploy/only_office.md - - Open Cloud Mesh: deploy/ocm.md - - Notification Server: deploy/notification-server.md - - Other Deployment Notes: - - Start Seafile at System Bootup: deploy/start_seafile_at_system_bootup.md - - Firewall settings: deploy/using_firewall.md - - Logrotate: deploy/using_logrotate.md - - Add Memcached: deploy/add_memcached.md - - Deploy Seafile behind NAT: deploy/deploy_seafile_behind_nat.md - - Deploy Seahub at Non-root domain: deploy/deploy_seahub_at_non-root_domain.md - - Migrate From SQLite to MySQL: deploy/migrate_from_sqlite_to_mysql.md + - Add Memcached: deploy/add_memcached.md - Common Problems for Setting up Server: faq.md - Seafile Professional Setup on Linux: - Outline: deploy_pro/README.md - Installation: deploy_pro/download_and_setup_seafile_professional_server.md - - Migration from Seafile Community: deploy_pro/migrate_from_seafile_community_server.md - - LDAP/AD Integration: - - LDAP Configuration for Seafile Pro: deploy_pro/using_ldap_pro.md - - Importing Groups from LDAP: deploy_pro/ldap_group_sync.md - - Importing Roles from LDAP: deploy_pro/ldap_role_sync.md - - Online File Preview and Edit: - - Office Documents Preview: deploy_pro/office_documents_preview.md - - Office Online Server Integration: deploy_pro/office_web_app.md - - File Search: deploy_pro/details_about_file_search.md - - Virus Scan: - - Outline: deploy_pro/virus_scan.md - - Run ClamAV as a Daemon: deploy_pro/deploy_clamav_as_daemon.md - - Virus Scan With Kav4fs: deploy_pro/virus_scan_with_kav4fs.md + - Migration from Seafile Community: deploy_pro/migrate_from_seafile_community_server.md - Storage Backends: - Amazon S3 Backend: deploy_pro/setup_with_amazon_s3.md - Ceph Backend: deploy_pro/setup_with_ceph.md @@ -109,16 +77,6 @@ nav: - Notification Server in Cluster: deploy_pro/notification-server.md - Setup Seafile cluster with NFS: deploy_pro/setup_seafile_cluster_with_nfs.md - Upgrade a cluster: deploy_pro/upgrade_a_cluster.md - - Advanced User Management: - - Multi-Institutions Support: deploy_pro/multi_institutions.md - - Roles and Permissions: deploy_pro/roles_permissions.md - - Administrator Roles and Permissions: deploy_pro/admin_roles_permissions.md - - Multi-Tenancy Support: deploy_pro/multi_tenancy.md - - Advanced Authentication: - - Two-factor Authentication: deploy_pro/two_factor_authentication.md - - ADFS or SAML 2.0: deploy_pro/adfs.md - - SAML 2.0 in version 10.0: deploy_pro/saml2_in_10.0.md - - CAS Authentication: deploy_pro/cas.md - Advanced Maintenance Tools: - Real-time Backup Server: deploy_pro/real_time_backup.md - Import Directory To Seafile: deploy_pro/seaf_import.md @@ -134,6 +92,45 @@ nav: - Upgrade Seafile Docker CE: docker/6.3_upgrade_to_7.0.md - Upgrade Seafile Docker Pro: docker/pro-edition/6.3_upgrade_to_7.0.md - Upgrade for other versions: docker/upgrade/upgrade_docker.md + - Advanced Setup Options + - Online Office + - LibreOffice Online Integration: deploy/libreoffice_online.md + - OnlyOffice Integration: deploy/only_office.md + - Office Online Server Integration (Pro): deploy_pro/office_web_app.md + - Notification Server: deploy/notification-server.md + - Two-factor Authentication: deploy_pro/two_factor_authentication.md + - LDAP/AD Integration: + - LDAP Integration: deploy/using_ldap.md + - LDAP Configuration for Seafile Pro: deploy_pro/using_ldap_pro.md + - Importing Groups from LDAP (Pro): deploy_pro/ldap_group_sync.md + - Importing Roles from LDAP (Pro): deploy_pro/ldap_role_sync.md + - Single Sign On: + - Outline: deploy/single_sign_on.md + - Shibboleth Authentication: deploy/shibboleth_config_v6.3.md + - OAuth Authentication: deploy/oauth.md + - Remote User Authentication: deploy/remote_user.md + - Auto Login to SeaDrive on Windows: deploy/auto_login_seadrive.md + - ADFS or SAML 2.0 (Pro): deploy_pro/adfs.md + - SAML 2.0 in version 10.0 (Pro): deploy_pro/saml2_in_10.0.md + - CAS Authentication (Pro): deploy_pro/cas.md + - Virus Scan (Pro): + - Outline: deploy_pro/virus_scan.md + - Run ClamAV as a Daemon: deploy_pro/deploy_clamav_as_daemon.md + - Virus Scan With Kav4fs: deploy_pro/virus_scan_with_kav4fs.md + - Advanced User Management (Pro): + - Multi-Institutions Support: deploy_pro/multi_institutions.md + - Roles and Permissions: deploy_pro/roles_permissions.md + - Administrator Roles and Permissions: deploy_pro/admin_roles_permissions.md + - Multi-Tenancy Support: deploy_pro/multi_tenancy.md + - Advanced File Search configuration (Pro): deploy_pro/details_about_file_search.md + - Migrate From SQLite to MySQL: deploy/migrate_from_sqlite_to_mysql.md + - Others Deployment Notes: + - Open Cloud Mesh: deploy/ocm.md + - Firewall settings: deploy/using_firewall.md + - Deploy Seafile behind NAT: deploy/deploy_seafile_behind_nat.md + - Deploy Seahub at Non-root domain: deploy/deploy_seahub_at_non-root_domain.md + - Start Seafile at System Bootup: deploy/start_seafile_at_system_bootup.md + - Logrotate: deploy/using_logrotate.md - Configuration and Customization: - Outline: config/README.md - ccnet.conf: config/ccnet-conf.md