Merge pull request #177 from haiwen/pro-7.0.9

upgrate to seafile-pro-7.0.9 and modified the config of nginx to show…

ci/ci.sh

@@ -1,49 +0,0 @@
-#!/bin/bash
-
-version=6.3.13
-set -e -x
-./ci/install_deps.sh
-
-(
-    cd image
-    # pip install docker-squash
-    # make base squash-base server
-    make base
-    make pro-base
-    make pro-server
-)
-
-mkdir -p /opt/seafile-data
-docker run -d --name seafile -e SEAFILE_SERVER_HOSTNAME=127.0.0.1 -v /opt/seafile-data:/shared -p 80:80 -p 443:443 seafileltd/seafile-pro:$version
-
-
-cat > doc.md <<EOF
-# Doc
-
-Hello world.
-EOF
-
-sleep 50
-python ci/upload.py doc.md
-python ci/validate_file.py doc.md
-docker restart seafile
-sleep 30
-python ci/validate_file.py doc.md
-docker rm -f seafile
-docker run -d --name seafile -e SEAFILE_SERVER_HOSTNAME=127.0.0.1 -v /opt/seafile-data:/shared -p 80:80 -p 443:443 seafileltd/seafile-pro:$version
-sleep 30
-python ci/validate_file.py doc.md
-
-rm -rf doc.md
-
-if [[ $TRAVIS_TAG =~ ^v([0-9]*?)(\.([0-9])*?){2}-pro$ ]]; then
-    ci/publish-pro-image.sh
-elif [[ $TRAVIS_TAG =~ ^v([0-9]*?)(\.([0-9])*?){2}$ ]]; then
-    ci/publish-image.sh
-elif [[ $TRAVIS_TAG =~ ^seafile-pro-base$ ]]; then
-    ci/publish-pro-base.sh
-elif [[ $TRAVIS_TAG =~ ^seafile-base$ ]]; then
-    ci/publish-base.sh
-else
-    echo "Not going to push the image to docker hub, since it's not a build triggered by a tag"
-fi

ci/install_deps.sh

@@ -1,3 +0,0 @@
-pip install requests
-pip install docker-squash
-pip install docker==2.7.0

ci/publish-base.sh

@@ -1,19 +0,0 @@
-#!/bin/bash
-
-######################################
-# Publish the seafile base image to docker
-# registry. This script should only be called during a travis build trigger by a tag.
-######################################
-
-# Nerver use "set -x" or it would expose the docker credentials in the travis logs!
-set -e
-set -o pipefail
-
-
-## Always use the base image we build manually to reduce the download size of the end user.
-docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
-
-(
-    cd image
-    make push-base
-)

ci/publish-image.sh

@@ -1,22 +0,0 @@
-#!/bin/bash
-
-######################################
-# Publish the seafile server image (e.g. seafileltd/seafile:6.2.5) to docker
-# registry. This script should only be called during a travis build trigger by a tag.
-######################################
-
-# Nerver use "set -x" or it would expose the docker credentials in the travis logs!
-set -e
-set -o pipefail
-
-docker login -u="$DOCKER_USERNAME" -p="$DOCKER_PASSWORD"
-
-## Always use the base image we build manually to reduce the download size of the end user.
-docker rm -f $(docker ps -a -q)
-docker rmi -f $(docker images -a -q)
-docker pull seafileltd/base:18.04
-
-(
-    cd image
-    make server push-server
-)

ci/publish-pro-base.sh

@@ -1,24 +0,0 @@
-#!/bin/bash
-
-######################################
-# Publish the seafile pro-base image to docker
-# registry. This script should only be called during a travis build trigger by a tag.
-######################################
-
-# Nerver use "set -x" or it would expose the docker credentials in the travis logs!
-set -e
-set -o pipefail
-
-docker login -u="$DOCKER_PRO_REGISTRY_USER" -p="$DOCKER_PRO_REGISTRY_PASSWORD" docker.seadrive.org
-
-(
-    cd image
-    make host=docker.seadrive.org push-pro-base
-)
-
-docker login -u="$LOCAL_DOCKER_PRO_REGISTRY_USER" -p="$LOCAL_DOCKER_PRO_REGISTRY_PASSWORD" docker.seafile.top
-
-(
-    cd image
-    make host=docker.seafile.top push-pro-base
-)

ci/publish-pro-image.sh

@@ -1,35 +0,0 @@
-#!/bin/bash
-
-######################################
-# Publish the seafile pro-server image (e.g. seafileltd/seafile-pro:6.2.3) to docker
-# registry. This script should only be called during a travis build trigger by a tag.
-######################################
-
-# Nerver use "set -x" or it would expose the docker credentials in the travis logs!
-set -e
-set -o pipefail
-
-docker login -u="$DOCKER_PRO_REGISTRY_USER" -p="$DOCKER_PRO_REGISTRY_PASSWORD" docker.seadrive.org
-
-## Always use the base image we build manually to reduce the download size of the end user.
-docker rm -f $(docker ps -a -q)
-docker rmi -f $(docker images -a -q)
-docker pull docker.seadrive.org/seafileltd/pro-base:18.04
-docker tag docker.seadrive.org/seafileltd/pro-base:18.04 seafileltd/pro-base:18.04
-
-(
-    cd image
-    make host=docker.seadrive.org pro-server push-pro-server
-)
-
-
-
-docker login -u="$LOCAL_DOCKER_PRO_REGISTRY_USER" -p="$LOCAL_DOCKER_PRO_REGISTRY_PASSWORD" docker.seafile.top
-
-docker rmi -f $(docker images | awk {'print $3'})
-docker pull docker.seafile.top/seafileltd/pro-base:18.04
-docker tag docker.seafile.top/seafileltd/pro-base:18.04 seafileltd/pro-base:18.04
-(
-    cd image
-    make host=docker.seafile.top pro-server push-pro-server
-)

ci/requirements.txt

@@ -1,2 +0,0 @@
-pytest==3.7.1
-mock==2.0.0

ci/upload.py

@@ -1,64 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-
-import urllib
-import urllib2
-import json
-import requests
-import sys
-
-"""
-Get token
-"""
-hostname = 'http://127.0.0.1'
-username = 'me@example.com'
-password = 'asecret'
-get_token_url = '{}/api2/auth-token/'.format(hostname)
-data = urllib.urlencode({'username': username, 'password': password})
-request = urllib2.Request(get_token_url,data)
-response = urllib2.urlopen(request)
-_js_py = json.load(response)
-token = _js_py['token']
-response.close()
-
-"""
-Generate default repo_id
-"""
-get_library_url = '{}/api2/default-repo/'.format(hostname)
-headers = {'Authorization': 'Token ' + token, 'Connection':'close'}
-r = requests.post(get_library_url, headers=headers)
-assert r.status_code == 200
-
-"""
-Get default repo_id
-"""
-get_library_url = '{}/api2/default-repo/'.format(hostname)
-get_repo_id = urllib2.Request(get_library_url)
-get_repo_id.add_header('Authorization','Token ' + token)
-response_repo_id = urllib2.urlopen(get_repo_id)
-_js_py = json.load(response_repo_id)
-repo_id = _js_py['repo_id']
-response_repo_id.close()
-
-"""
-Get upload link
-"""
-upload_link_url = '{}/api2/repos/{}/upload-link/'.format(hostname, repo_id)
-get_upload_link = urllib2.Request(upload_link_url)
-get_upload_link.add_header('Authorization','Token ' + token)
-response_upload_link = urllib2.urlopen(get_upload_link)
-upload_link = json.load(response_upload_link).replace('seafile.example.com', '127.0.0.1').replace('https', 'http')
-response_upload_link.close()
-
-"""
-Upload file
-"""
-
-filename = sys.argv[1]
-url = upload_link
-files = {'file': open(filename, 'rb')}
-r = requests.post(
-		url, data={'filename': filename, 'parent_dir': '/'},
-		files=files, headers={'Authorization': 'Token ' + token})
-files['file'].close()
-

ci/validate_file.py

@@ -1,48 +0,0 @@
-#!/usr/bin/env python
-# -*- coding: utf-8 -*-
-
-import urllib
-import urllib2
-import json
-import sys
-
-"""
-Get token
-"""
-hostname = 'http://127.0.0.1'
-username = 'me@example.com'
-password = 'asecret'
-get_token_url = '{}/api2/auth-token/'.format(hostname)
-data = urllib.urlencode({'username': username, 'password': password})
-request = urllib2.Request(get_token_url,data)
-response = urllib2.urlopen(request)
-_js_py = json.load(response)
-token = _js_py['token']
-response.close()
-
-"""
-Get default repo_id
-"""
-get_library_url = '{}/api2/default-repo/'.format(hostname)
-get_repo_id = urllib2.Request(get_library_url)
-get_repo_id.add_header('Authorization','Token ' + token)
-response_repo_id = urllib2.urlopen(get_repo_id)
-_js_py = json.load(response_repo_id)
-repo_id = _js_py['repo_id']
-response_repo_id.close()
-
-"""
-Get upload link
-"""
-filename = sys.argv[1]
-view_file_url = '{}/api2/repos/{}/file/?p={}'.format(hostname, repo_id, filename)
-view_file_link = urllib2.Request(view_file_url)
-view_file_link.add_header('Authorization','Token ' + token)
-try:
-    response_view_file_link = urllib2.urlopen(view_file_link)
-    res = json.load(response_view_file_link)
-except Exception as e:
-    print e
-    sys.exit(1)
-else:
-    code = 0 if repo_id in res and filename in res else 1

image/Makefile

@@ -1,4 +1,4 @@
-server_version=7.0.4
+server_version=7.0.9
 
 base_image=seafileltd/base-mc:18.04
 base_image_squashed=seafileltd/base-mc:18.04-squashed

image/base/services/nginx.conf

@@ -14,8 +14,9 @@ http {
     tcp_nodelay on;
     keepalive_timeout 65;
     types_hash_max_size 2048;
+    log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';
 
-    access_log /var/log/nginx/access.log;
+    access_log /var/log/nginx/access.log seafileformat;
     error_log /var/log/nginx/error.log info;
 
     gzip on;

image/pro_seafile/Dockerfile

@@ -1,7 +1,7 @@
 FROM seafileltd/pro-base-mc:18.04
 WORKDIR /opt/seafile
 
-ENV SEAFILE_VERSION=7.0.7 SEAFILE_SERVER=seafile-pro-server
+ENV SEAFILE_VERSION=7.0.9 SEAFILE_SERVER=seafile-pro-server
 
 RUN mkdir -p /etc/my_init.d
 
@@ -10,6 +10,8 @@ RUN mkdir -p /opt/seafile/
 RUN curl -sSL -G -d "p=/pro/seafile-pro-server_${SEAFILE_VERSION}_x86-64_Ubuntu.tar.gz&dl=1" https://download.seafile.com/d/6e5297246c/files/ \
     | tar xzf - -C /opt/seafile/
 
+#ADD seafile-pro-server_${SEAFILE_VERSION}_x86-64_Ubuntu.tar.gz /opt/seafile/
+
 ADD scripts/create_data_links.sh /etc/my_init.d/01_create_data_links.sh
 
 COPY scripts /scripts

image/pro_seafile/templates/seafile.nginx.conf.template

@@ -44,20 +44,28 @@ server {
         proxy_read_timeout 310s;
         proxy_set_header Host $host;
         proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
-        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Connection "";
         proxy_http_version 1.1;
+
+        client_max_body_size 0;
+        access_log      /var/log/nginx/seahub.access.log seafileformat;
+        error_log       /var/log/nginx/seahub.error.log;
     }
 
     location /seafhttp {
         rewrite ^/seafhttp(.*)$ $1 break;
         proxy_pass http://127.0.0.1:8082;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         client_max_body_size 0;
         proxy_connect_timeout  36000s;
         proxy_read_timeout  36000s;
         proxy_request_buffering off;
+
+        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
+        error_log       /var/log/nginx/seafhttp.error.log;
     }
 
     location /seafdav {
@@ -75,7 +83,7 @@ server {
         fastcgi_param   SERVER_PORT         $server_port;
         fastcgi_param   SERVER_NAME         $server_name;
 
-        access_log      /var/log/nginx/seafdav.access.log;
+        access_log      /var/log/nginx/seafdav.access.log seafileformat;
         error_log       /var/log/nginx/seafdav.error.log;
     }
 

image/seafile/templates/seafile.nginx.conf.template

@@ -45,20 +45,27 @@ server {
         proxy_read_timeout 310s;
         proxy_set_header Host $host;
         proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
-        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header Connection "";
         proxy_http_version 1.1;
+
+        client_max_body_size 0;
+        access_log      /var/log/nginx/seahub.access.log seafileformat;
+        error_log       /var/log/nginx/seahub.error.log;
     }
 
     location /seafhttp {
         rewrite ^/seafhttp(.*)$ $1 break;
         proxy_pass http://127.0.0.1:8082;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         client_max_body_size 0;
         proxy_connect_timeout  36000s;
         proxy_read_timeout  36000s;
         proxy_request_buffering off;
+        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
+        error_log       /var/log/nginx/seafhttp.error.log;
     }
 
     location /seafdav {
@@ -76,7 +83,7 @@ server {
         fastcgi_param   SERVER_PORT         $server_port;
         fastcgi_param   SERVER_NAME         $server_name;
 
-        access_log      /var/log/nginx/seafdav.access.log;
+        access_log      /var/log/nginx/seafdav.access.log seafileformat;
         error_log       /var/log/nginx/seafdav.error.log;
     }
 

templates/letsencrypt.cron.template

@@ -1,3 +0,0 @@
-PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-# min hour dayofmonth month dayofweek  command
-0 0 1 * * root /scripts/ssl.sh {{ ssl_dir }} {{ domain }}

templates/seafile.nginx.conf.template

@@ -1,81 +0,0 @@
-# -*- mode: nginx -*-
-# Auto generated at {{ current_timestr }}
-{% if https -%}
-server {
-    listen 80;
-    server_name _ default_server;
-    rewrite ^ https://{{ domain }}$request_uri? permanent;
-}
-{% endif -%}
-
-server {
-{% if https -%}
-    listen 443;
-    ssl on;
-    ssl_certificate      /shared/ssl/{{ domain }}.crt;
-    ssl_certificate_key  /shared/ssl/{{ domain }}.key;
-
-    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
-
-    # TODO: More SSL security hardening: ssl_session_tickets & ssl_dhparam
-    # ssl_session_tickets on;
-    # ssl_session_ticket_key /etc/nginx/sessionticket.key;
-    # ssl_session_cache shared:SSL:10m;
-    # ssl_session_timeout 10m;
-{% else -%}
-    listen 80;
-{% endif -%}
-
-    server_name {{ domain }};
-
-    client_max_body_size 10m;
-
-    location / {
-        proxy_pass http://127.0.0.1:8000/;
-        proxy_read_timeout 310s;
-        proxy_set_header Host $host;
-        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
-        proxy_set_header X-Forwarded-For $remote_addr;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header Connection "";
-        proxy_http_version 1.1;
-    }
-
-    location /seafhttp {
-        rewrite ^/seafhttp(.*)$ $1 break;
-        proxy_pass http://127.0.0.1:8082;
-        client_max_body_size 0;
-        proxy_connect_timeout  36000s;
-        proxy_read_timeout  36000s;
-    }
-
-    location /seafdav {
-        client_max_body_size 0;
-        fastcgi_pass    127.0.0.1:8080;
-        fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
-        fastcgi_param   PATH_INFO           $fastcgi_script_name;
-
-        fastcgi_param   SERVER_PROTOCOL     $server_protocol;
-        fastcgi_param   QUERY_STRING        $query_string;
-        fastcgi_param   REQUEST_METHOD      $request_method;
-        fastcgi_param   CONTENT_TYPE        $content_type;
-        fastcgi_param   CONTENT_LENGTH      $content_length;
-        fastcgi_param   SERVER_ADDR         $server_addr;
-        fastcgi_param   SERVER_PORT         $server_port;
-        fastcgi_param   SERVER_NAME         $server_name;
-
-        access_log      /var/log/nginx/seafdav.access.log;
-        error_log       /var/log/nginx/seafdav.error.log;
-    }
-
-    location /media {
-        root /opt/seafile/seafile-server-latest/seahub;
-    }
-
-    # For letsencrypt
-    location /.well-known/acme-challenge/ {
-        alias /var/www/challenges/;
-        try_files $uri =404;
-    }
-}