2a176d2d12
Exits container if seafile-server or socat exits. Exits the container after scheduled garbage collection. These changes allow a clean restart with deterministic behaviour. It is recommended to set the restart policy for the container to "unless-stopped". |
||
---|---|---|
.github | ||
compose | ||
k8s | ||
seafile-caddy | ||
seafile-server | ||
seahub | ||
seahub-media | ||
.dockerignore | ||
.gitattributes | ||
.gitignore | ||
README.md |
Containerized Seafile Deployment
A fully containerized deployment of Seafile for Docker, Docker Swarm and Kubernetes.
Table of Contents
Features
- Complete redesign of the official Docker deployment with containerization best-practices in mind.
- Runs seahub (frontend) and seafile server (backend) in separate containers, which commuicate with each other over TCP.
- Cluster without pro edition.
- Completely removed Nginx and self-implemented Let's Encrypt and replaced it with two caddy services.
- Increased Security:
- The caddy reverse proxy serves as a single entry point to the stack. Everything else runs in an isolated network.
- Using Alpine Linux based images for the frontend, which is designed with security in mind and comes with proactive security features.
- Official Seafile Docker deployment uses entirely outdated base images and dependencies. Here base images and dependencies are updated regularly.
- Reworked Dockerfiles featuring multi-stage builds, allowing for smaller images and faster builds.
- Schedule offline garbage collection with cron job.
- Runs upgrade scripts automatically when a new image version is deployed.
- All features of Seafile Community Edition are included.
Structure
Services:
- seafile-server
- contains the backend component called seafile-server
- handles storage, some direct client access and seafdav
- seahub
- dynamic frontend component called seahub
- serves the web-ui
- communicates with seafile-server
- seahub-media
- serves static website content as well as avatars and custom logos
- db
- the database used by seafile-server and seahub
- memcached
- database cache for seahub
- seafile-caddy
- reverse proxy that forwards paths to the correct endpoints: seafile-server, seahub or seahub-media
- is the single external entry point to the deployment
Volumes:
- seafile-data
- shared data volume of seafile-server and seahub
- also contains configuration and log files
- seafile-mariadb
- volume of the db service
- stores the database
- seahub-custom
- contains custom logos
- stored by seahub and served by seahub-media
- seahub-avatars
- contains user avatars
- stored by seahub and served by seahub-media
Note: In the official docker deployment custom and avatars are served by nginx. Seahub alone cannot serve them for some reason, hence the separate volumes.
Networks:
- seafile-net
- isolated local network used by the services to communicate with each other
Getting Started
-
Prerequisites
Requires Docker and docker-compose to be installed.
For deployment on Kubernetes see Wiki / Kubernetes.
For additional considerations when using Docker in Swarm Mode see Wiki / Docker Swarm.
-
Get the compose file
Use this compose file as a starting point.
wget https://raw.githubusercontent.com/ggogel/seafile-containerized/master/compose/docker-compose.yml
-
Set environment variables
Important: The environment variables are only relevant for the first deployment. The existing configuration in the volumes is not overwritten.
On a first deployment, you need to carefully set those values. Changing them later can be tricky. Please take a look at the Seafile documentation on how to change configuration values.
seafile-server
The name of the mariadb service, which is automatically the docker-internal hostname.
- DB_HOST=db
Password of the mariadb root user. This must equal MYSQL_ROOT_PASSWORD.
- DB_ROOT_PASSWD=db_dev
Time zone used by Seafile.
- TIME_ZONE=Europe/Berlin
This will be used for the SERVICE_URL and FILE_SERVER_ROOT. Important: Changing those values in the config files later won't have any effect because they are written to the database. Those values have priority over the config files. To change them enter the "System Admin" section on the web-ui. If you encounter issues with file upload, those are likely misconfigured.
- SEAFILE_URL=seafile.mydomain.com
If you plan to use a reverse proxy with https, set this to true. This will replace http with https in the SERVICE_URL and FILE_SERVER_ROOT.
- HTTPS=false
seahub
Username / E-Mail of the first admin user.
- SEAFILE_ADMIN_EMAIL=me@example.com
Password of the first admin user.
- SEAFILE_ADMIN_PASSWORD=asecret
db
Password of the mariadb root user. Must match DB_ROOT_PASSWD.
- MYSQL_ROOT_PASSWORD=db_dev
Enable logging console.
- MYSQL_LOG_CONSOLE=true
-
(Optional) Migrating volumes from official Docker deployment or native install
If you set up Seafile from scratch you can skip this part.
This deployment uses named volumes, which come with several advantages over bind mounts, used in the official Seafile Docker deployment. They are the recommended mechanism for persisted storage on Docker.
The default path for named volumes on Docker is
/var/lib/docker/volumes/PROJECT-NAME_VOLUME-NAME/_data
.To migrate storage from the official Docker deployment or native (non-Docker) deployment run:
mkdir -p /var/lib/docker/volumes/seafile_seafile-data/_data
mkdir -p /var/lib/docker/volumes/seafile_seafile-mariadb/_data
mkdir -p /var/lib/docker/volumes/seafile_seahub-custom/_data
mkdir -p /var/lib/docker/volumes/seafile_seahub-avatars/_data
cp -r /opt/seafile-data /var/lib/docker/volumes/seafile_seafile-data/_data
cp -r /opt/seafile-mysql/db /var/lib/docker/volumes/seafile_seafile-mariadb/_data
mv /var/lib/docker/volumes/seafile_seafile-data/_data/seafile/seahub-data/custom /var/lib/docker/volumes/seafile_seahub-custom/_data
mv /var/lib/docker/volumes/seafile_seafile-data/_data/seafile/seahub-data/avatars /var/lib/docker/volumes/seafile_seahub-avatars/_data
If you are migrating from a native (non-Docker) deployment, you additionally need to change the ownership of the folders:
chown -R root:root /var/lib/docker/volumes/seafile_seafile-data
chown -R root:root /var/lib/docker/volumes/seafile_seafile-mariadb
chown -R root:root /var/lib/docker/volumes/seafile_seahub-custom
chown -R root:root /var/lib/docker/volumes/seafile_seahub-avatars
-
(Optional) Reverse Proxy
The caddy reverse proxy integrated with the deployment exposes port 80. Point your existing reverse proxy to that port.
This deployment does by design not include a reverse proxy capable of HTTPS and Let's Encrypt, unlike the official deployment, because usually Docker users already have some docker-based reverse proxy solution deployed, which does exactly that.
-
Deployment
Docker Compose
After you followed the above steps and have configured everything correctly run:
docker-compose -p seafile up -d
Docker Swarm
After you followed the above steps and have configured everything correctly run:
docker stack deploy -c docker-compose.yml seafile
Advanced Configuration and Troubleshooting
For advanced configuration and troubleshooting see the Wiki.