vikarti.anatra/seafile-containerized
1
0
Fork 0
mirror of https://github.com/ggogel/seafile-containerized.git synced 2025-02-23 05:22:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

upgrate to seafile-pro-7.0.9 and modified the config of nginx to show client's real IP in nginx.log.

Browse source
This commit is contained in:
root 2019-09-21 16:03:17 +08:00
parent e35f98514a
commit 9aa93cd228
17 changed files with 25 additions and 357 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
bootstrap/.gitkeep
View file

49
ci/ci.sh
View file

@ -1,49 +0,0 @@
#!/bin/bash
version=6.3.13
set -e -x
./ci/install_deps.sh
(
cd image
# pip install docker-squash
# make base squash-base server
make base
make pro-base
make pro-server
)
mkdir -p /opt/seafile-data
docker run -d --name seafile -e SEAFILE_SERVER_HOSTNAME=127.0.0.1 -v /opt/seafile-data:/shared -p 80:80 -p 443:443 seafileltd/seafile-pro:$version
cat > doc.md <<EOF
# Doc
Hello world.
EOF
sleep 50
python ci/upload.py doc.md
python ci/validate_file.py doc.md
docker restart seafile
sleep 30
python ci/validate_file.py doc.md
docker rm -f seafile
docker run -d --name seafile -e SEAFILE_SERVER_HOSTNAME=127.0.0.1 -v /opt/seafile-data:/shared -p 80:80 -p 443:443 seafileltd/seafile-pro:$version
sleep 30
python ci/validate_file.py doc.md
rm -rf doc.md
if [[ $TRAVIS_TAG =~ ^v([0-9]*?)(\.([0-9])*?){2}-pro$ ]]; then
ci/publish-pro-image.sh
elif [[ $TRAVIS_TAG =~ ^v([0-9]*?)(\.([0-9])*?){2}$ ]]; then
ci/publish-image.sh
elif [[ $TRAVIS_TAG =~ ^seafile-pro-base$ ]]; then
ci/publish-pro-base.sh
elif [[ $TRAVIS_TAG =~ ^seafile-base$ ]]; then
ci/publish-base.sh
else
echo "Not going to push the image to docker hub, since it's not a build triggered by a tag"
fi

3
ci/install_deps.sh
View file

@ -1,3 +0,0 @@
pip install requests
pip install docker-squash
pip install docker==2.7.0

19
ci/publish-base.sh
View file

@ -1,19 +0,0 @@
#!/bin/bash
######################################
# Publish the seafile base image to docker
# registry. This script should only be called during a travis build trigger by a tag.
######################################
# Nerver use "set -x" or it would expose the docker credentials in the travis logs!
set -e
set -o pipefail
## Always use the base image we build manually to reduce the download size of the end user.
docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
(
cd image
make push-base
)

22
ci/publish-image.sh
View file

@ -1,22 +0,0 @@
#!/bin/bash
######################################
# Publish the seafile server image (e.g. seafileltd/seafile:6.2.5) to docker
# registry. This script should only be called during a travis build trigger by a tag.
######################################
# Nerver use "set -x" or it would expose the docker credentials in the travis logs!
set -e
set -o pipefail
docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
## Always use the base image we build manually to reduce the download size of the end user.
docker rm -f $(docker ps -a -q)
docker rmi -f $(docker images -a -q)
docker pull seafileltd/base:18.04
(
cd image
make server push-server
)

24
ci/publish-pro-base.sh
View file

@ -1,24 +0,0 @@
#!/bin/bash
######################################
# Publish the seafile pro-base image to docker
# registry. This script should only be called during a travis build trigger by a tag.
######################################
# Nerver use "set -x" or it would expose the docker credentials in the travis logs!
set -e
set -o pipefail
docker login -u="$DOCKER_PRO_REGISTRY_USER" -p="$DOCKER_PRO_REGISTRY_PASSWORD" docker.seadrive.org
(
cd image
make host=docker.seadrive.org push-pro-base
)
docker login -u="$LOCAL_DOCKER_PRO_REGISTRY_USER" -p="$LOCAL_DOCKER_PRO_REGISTRY_PASSWORD" docker.seafile.top
(
cd image
make host=docker.seafile.top push-pro-base
)

35
ci/publish-pro-image.sh
View file

@ -1,35 +0,0 @@
#!/bin/bash
######################################
# Publish the seafile pro-server image (e.g. seafileltd/seafile-pro:6.2.3) to docker
# registry. This script should only be called during a travis build trigger by a tag.
######################################
# Nerver use "set -x" or it would expose the docker credentials in the travis logs!
set -e
set -o pipefail
docker login -u="$DOCKER_PRO_REGISTRY_USER" -p="$DOCKER_PRO_REGISTRY_PASSWORD" docker.seadrive.org
## Always use the base image we build manually to reduce the download size of the end user.
docker rm -f $(docker ps -a -q)
docker rmi -f $(docker images -a -q)
docker pull docker.seadrive.org/seafileltd/pro-base:18.04
docker tag docker.seadrive.org/seafileltd/pro-base:18.04 seafileltd/pro-base:18.04
(
cd image
make host=docker.seadrive.org pro-server push-pro-server
)
docker login -u="$LOCAL_DOCKER_PRO_REGISTRY_USER" -p="$LOCAL_DOCKER_PRO_REGISTRY_PASSWORD" docker.seafile.top
docker rmi -f $(docker images | awk {'print $3'})
docker pull docker.seafile.top/seafileltd/pro-base:18.04
docker tag docker.seafile.top/seafileltd/pro-base:18.04 seafileltd/pro-base:18.04
(
cd image
make host=docker.seafile.top pro-server push-pro-server
)

2
ci/requirements.txt
View file

@ -1,2 +0,0 @@
pytest==3.7.1
mock==2.0.0

64
ci/upload.py
View file

@ -1,64 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import urllib
import urllib2
import json
import requests
import sys
"""
Get token
"""
hostname = 'http://127.0.0.1'
username = 'me@example.com'
password = 'asecret'
get_token_url = '{}/api2/auth-token/'.format(hostname)
data = urllib.urlencode({'username': username, 'password': password})
request = urllib2.Request(get_token_url,data)
response = urllib2.urlopen(request)
_js_py = json.load(response)
token = _js_py['token']
response.close()
"""
Generate default repo_id
"""
get_library_url = '{}/api2/default-repo/'.format(hostname)
headers = {'Authorization': 'Token ' + token, 'Connection':'close'}
r = requests.post(get_library_url, headers=headers)
assert r.status_code == 200
"""
Get default repo_id
"""
get_library_url = '{}/api2/default-repo/'.format(hostname)
get_repo_id = urllib2.Request(get_library_url)
get_repo_id.add_header('Authorization','Token ' + token)
response_repo_id = urllib2.urlopen(get_repo_id)
_js_py = json.load(response_repo_id)
repo_id = _js_py['repo_id']
response_repo_id.close()
"""
Get upload link
"""
upload_link_url = '{}/api2/repos/{}/upload-link/'.format(hostname, repo_id)
get_upload_link = urllib2.Request(upload_link_url)
get_upload_link.add_header('Authorization','Token ' + token)
response_upload_link = urllib2.urlopen(get_upload_link)
upload_link = json.load(response_upload_link).replace('seafile.example.com', '127.0.0.1').replace('https', 'http')
response_upload_link.close()
"""
Upload file
"""
filename = sys.argv[1]
url = upload_link
files = {'file': open(filename, 'rb')}
r = requests.post(
url, data={'filename': filename, 'parent_dir': '/'},
files=files, headers={'Authorization': 'Token ' + token})
files['file'].close()

48
ci/validate_file.py
View file

@ -1,48 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import urllib
import urllib2
import json
import sys
"""
Get token
"""
hostname = 'http://127.0.0.1'
username = 'me@example.com'
password = 'asecret'
get_token_url = '{}/api2/auth-token/'.format(hostname)
data = urllib.urlencode({'username': username, 'password': password})
request = urllib2.Request(get_token_url,data)
response = urllib2.urlopen(request)
_js_py = json.load(response)
token = _js_py['token']
response.close()
"""
Get default repo_id
"""
get_library_url = '{}/api2/default-repo/'.format(hostname)
get_repo_id = urllib2.Request(get_library_url)
get_repo_id.add_header('Authorization','Token ' + token)
response_repo_id = urllib2.urlopen(get_repo_id)
_js_py = json.load(response_repo_id)
repo_id = _js_py['repo_id']
response_repo_id.close()
"""
Get upload link
"""
filename = sys.argv[1]
view_file_url = '{}/api2/repos/{}/file/?p={}'.format(hostname, repo_id, filename)
view_file_link = urllib2.Request(view_file_url)
view_file_link.add_header('Authorization','Token ' + token)
try:
response_view_file_link = urllib2.urlopen(view_file_link)
res = json.load(response_view_file_link)
except Exception as e:
print e
sys.exit(1)
else:
code = 0 if repo_id in res and filename in res else 1

2
image/Makefile
View file

@ -1,4 +1,4 @@
server_version=7.0.4 server_version=7.0.9
base_image=seafileltd/base-mc:18.04 base_image=seafileltd/base-mc:18.04
base_image_squashed=seafileltd/base-mc:18.04-squashed base_image_squashed=seafileltd/base-mc:18.04-squashed

3
image/base/services/nginx.conf
View file

@ -14,8 +14,9 @@ http {
tcp_nodelay on; tcp_nodelay on;
keepalive_timeout 65; keepalive_timeout 65;
types_hash_max_size 2048; types_hash_max_size 2048;
log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';
access_log /var/log/nginx/access.log; access_log /var/log/nginx/access.log seafileformat;
error_log /var/log/nginx/error.log info; error_log /var/log/nginx/error.log info;
gzip on; gzip on;

4
image/pro_seafile/Dockerfile
View file

@ -1,7 +1,7 @@
FROM seafileltd/pro-base-mc:18.04 FROM seafileltd/pro-base-mc:18.04
WORKDIR /opt/seafile WORKDIR /opt/seafile
ENV SEAFILE_VERSION=7.0.7 SEAFILE_SERVER=seafile-pro-server ENV SEAFILE_VERSION=7.0.9 SEAFILE_SERVER=seafile-pro-server
RUN mkdir -p /etc/my_init.d RUN mkdir -p /etc/my_init.d
@ -10,6 +10,8 @@ RUN mkdir -p /opt/seafile/
RUN curl -sSL -G -d "p=/pro/seafile-pro-server_${SEAFILE_VERSION}_x86-64_Ubuntu.tar.gz&dl=1" https://download.seafile.com/d/6e5297246c/files/ \ RUN curl -sSL -G -d "p=/pro/seafile-pro-server_${SEAFILE_VERSION}_x86-64_Ubuntu.tar.gz&dl=1" https://download.seafile.com/d/6e5297246c/files/ \
| tar xzf - -C /opt/seafile/ | tar xzf - -C /opt/seafile/
#ADD seafile-pro-server_${SEAFILE_VERSION}_x86-64_Ubuntu.tar.gz /opt/seafile/
ADD scripts/create_data_links.sh /etc/my_init.d/01_create_data_links.sh ADD scripts/create_data_links.sh /etc/my_init.d/01_create_data_links.sh
COPY scripts /scripts COPY scripts /scripts

12
image/pro_seafile/templates/seafile.nginx.conf.template
View file

@ -44,20 +44,28 @@ server {
proxy_read_timeout 310s; proxy_read_timeout 310s;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header Forwarded "for=$remote_addr;proto=$scheme"; proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection ""; proxy_set_header Connection "";
proxy_http_version 1.1; proxy_http_version 1.1;
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
} }
location /seafhttp { location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break; rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082; proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0; client_max_body_size 0;
proxy_connect_timeout 36000s; proxy_connect_timeout 36000s;
proxy_read_timeout 36000s; proxy_read_timeout 36000s;
proxy_request_buffering off; proxy_request_buffering off;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
} }
location /seafdav { location /seafdav {
@ -75,7 +83,7 @@ server {
fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name; fastcgi_param SERVER_NAME $server_name;
access_log /var/log/nginx/seafdav.access.log; access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log; error_log /var/log/nginx/seafdav.error.log;
} }

11
image/seafile/templates/seafile.nginx.conf.template
View file

@ -45,20 +45,27 @@ server {
proxy_read_timeout 310s; proxy_read_timeout 310s;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header Forwarded "for=$remote_addr;proto=$scheme"; proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection ""; proxy_set_header Connection "";
proxy_http_version 1.1; proxy_http_version 1.1;
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
} }
location /seafhttp { location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break; rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082; proxy_pass http://127.0.0.1:8082;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 0; client_max_body_size 0;
proxy_connect_timeout 36000s; proxy_connect_timeout 36000s;
proxy_read_timeout 36000s; proxy_read_timeout 36000s;
proxy_request_buffering off; proxy_request_buffering off;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
} }
location /seafdav { location /seafdav {
@ -76,7 +83,7 @@ server {
fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name; fastcgi_param SERVER_NAME $server_name;
access_log /var/log/nginx/seafdav.access.log; access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log; error_log /var/log/nginx/seafdav.error.log;
} }

3
templates/letsencrypt.cron.template
View file

@ -1,3 +0,0 @@
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# min hour dayofmonth month dayofweek command
0 0 1 * * root /scripts/ssl.sh {{ ssl_dir }} {{ domain }}

81
templates/seafile.nginx.conf.template
View file

@ -1,81 +0,0 @@
# -*- mode: nginx -*-
# Auto generated at {{ current_timestr }}
{% if https -%}
server {
listen 80;
server_name _ default_server;
rewrite ^ https://{{ domain }}$request_uri? permanent;
}
{% endif -%}
server {
{% if https -%}
listen 443;
ssl on;
ssl_certificate /shared/ssl/{{ domain }}.crt;
ssl_certificate_key /shared/ssl/{{ domain }}.key;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
# TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
# ssl_session_tickets on;
# ssl_session_ticket_key /etc/nginx/sessionticket.key;
# ssl_session_cache shared:SSL:10m;
# ssl_session_timeout 10m;
{% else -%}
listen 80;
{% endif -%}
server_name {{ domain }};
client_max_body_size 10m;
location / {
proxy_pass http://127.0.0.1:8000/;
proxy_read_timeout 310s;
proxy_set_header Host $host;
proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /seafdav {
client_max_body_size 0;
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
# For letsencrypt
location /.well-known/acme-challenge/ {
alias /var/www/challenges/;
try_files $uri =404;
}
}