提供了编程的基础技术教程

zl程序教程

您现在的位置是:首页 >  Javascript

当前栏目

树莓派海文SeaFile配置Nginx前端反代并启用HTTPS全攻略

2023-02-19 12:20:02 时间

很多小伙伴们不会Nginx反代SeaFile,抽空写个教程吧。这里教大家如何使用Nginx反代理海文SeaFile开源网盘,并且启用HTTPS开启HTTP2模式加速SeaFile,Nginx反代理有个好处是可以使用CDN加速,速度与安全肩并肩!

安装 SeaFile

具体教程请看我的上一篇教程:树莓派自搭建家庭云储存服务,海文SeaFile安装全攻略 或者查看官方英文文档(中文文档更新慢):Deploying Seafile under Linux

建立 SeaFile 启动文件

官方教程 我们直接使用启动文件运行SeaFile,官方有提供启动文件 Start Seafile at System Bootup 请查看 For systems using another init system than systemd 下的 Other Debian based Distributions

本文教程 建立 /etc/init.d/seafile 并修改下方关键信息复制到 /etc/init.d/seafile (需要把 fastcgi=true 设为 true)并赋予执行权限 chmod 775 /etc/init.d/seafile这里是我自己的启动文件,有稍微修改,可单独启动停止 seahub/seafile 服务

#!/bin/sh

### BEGIN INIT INFO
# Provides:          seafile
# Required-Start:    $local_fs $remote_fs $network
# Required-Stop:     $local_fs
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Starts Seafile Server
# Description:       starts Seafile Server
### END INIT INFO

# 请将 user 改为你的Linux用户名
user=root

# 请将 script_path 改为你的 Seafile 文件安装路径
seafile_dir=/data/ser/sof/seafile
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log

# 若使用 fastcgi, 请将其设置为true
fastcgi=true
# fastcgi 端口, 默认为 8000.
fastcgi_port=8801

case "$1" in
        start)
                sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
                if [  $fastcgi = true ];
                then
                        sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
                else
                        sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
                fi
        ;;
        webstart)
                if [  $fastcgi = true ];
                then
                        sudo -u ${user} ${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log}
                else
                        sudo -u ${user} ${script_path}/seahub.sh start >> ${seahub_init_log}
                fi
        ;;
        filestart)
                sudo -u ${user} ${script_path}/seafile.sh start >> ${seafile_init_log}
        ;;
        restart)
                sudo -u ${user} ${script_path}/seafile.sh restart >> ${seafile_init_log}
                if [  $fastcgi = true ];
                then
                        sudo -u ${user} ${script_path}/seahub.sh restart-fastcgi ${fastcgi_port} >> ${seahub_init_log}
                else
                        sudo -u ${user} ${script_path}/seahub.sh restart >> ${seahub_init_log}
                fi
        ;;
        stop)
                sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
                sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
        ;;
        webstop)
		sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log}
        ;;
        filestop)
		sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log}
        ;;
        *)
                echo "Usage: /etc/init.d/seafile {start|stop|restart|webstart|filestart|webstop|filestop}"
                exit 1
        ;;
esac

修改 SeaFile 文件服务端口

启动文件修改的端口只是 SeaFile 的网页服务还要修改文件服务的端口 修改安装目录 conf 文件夹下的 seafile.conf 文件,将服务地址修改为 127.0.0.1,端口修改为 8802,其他参数适当修改

[fileserver]
#Seafile 服务地址
host = 127.0.0.1
#Seafile 服务端口
port = 8802
#上传文件最大为多少.MB
max_upload_size       = 256
#最大下载目录限制为多少.MB
max_download_dir_size = 512
#文件索引线程
max_indexing_threads  = 8
#文件分割为多少.MB
fixed_block_size      = 2
#当用户上传文件时,文件服务器分配一个令牌来授权上传操作。
#该令牌默认有效1小时。通过WAN上传大型文件时,上传时间可能会超过1小时。
#您可以将令牌到期时间更改为更大的值。
web_token_expire_time = 3600
[quota]
#默认每个用户的最大空间.GB
#在社区版5.0.5以后,你可以以 KB, MB, GB, TB 为单位来设置默认容量。比如
default = 1GB
[history]
#默认文件历史
keep_days = 0
#您可以从seahub下载文件夹作为zip存档
#但Windows上的一些zip软件不支持UTF-8
#您可以使用“windows_encoding”设置来解决此问题。
[zip]
# The file name encoding of the downloaded zip file.
windows_encoding = iso-8859-1

修改 SeaFile 配置文件

修改安装目录 conf 文件夹下的 seahub_settings.py 文件添加两行代码

SERVICE_URL = '<https://www.demo.com:8443>'
FILE_SERVER_ROOT = '<https://www.demo.com:8443/seafhttp>'

配置 Nginx

我这里使用非网页常规端口8443,我的树莓派是在没用公网的环境需要经过服务器穿透而我的服务器已经有一个Nginx需要占用80,443端口所谓一山不能容二虎。这个根据自身情况而定 几个关键配置: 修改网页服务后端的 proxy_pass <http://127.0.0.1:8801>; 端口为启动文件处设置的端口地址 修改文件服务后端的 proxy_pass <http://127.0.0.1:8802>; 端口为seafile配置文件处设置的端口地址 修改静态文件后端的 root /data/ser/sof/seafile/seafile-server-latest/seahub; 为你的实际seafile安装地址的 seahub 文件夹(写错会导致页面样式文件和JS文件报404错误) 还有HTTPS证书文件和目录地址跟域名,自行修改为实际地址和域名。 因为我的网盘不对公所以我禁掉了搜索引擎的访问,有需要的请删除“## 禁止网络爬虫”处的配置,以免搜索引擎收录不了。

server {
	## 基础配置
	listen 8443 ssl http2;
	access_log off;
	error_log  /dev/null;
	server_name www.demo.com;
	root /data/web/dat/nginx/web/www.demo.com;
	index index.html;

	# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
	ssl_certificate /etc/letsencrypt/live/www.demo.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/www.demo.com/privkey.pem;
	ssl_session_timeout 1d;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;

	# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
	ssl_dhparam /etc/letsencrypt/live/dhparam.pem;

	# intermediate configuration. tweak to your needs.
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
	ssl_prefer_server_ciphers on;

	# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
	# add_header Strict-Transport-Security max-age=15768000;

	# OCSP Stapling ---
	# fetch OCSP records from URL in ssl_certificate and cache them
	ssl_stapling on;
	ssl_stapling_verify on;

	## verify chain of trust of OCSP response using Root CA and Intermediate certs
	#ssl_trusted_certificate /etc/letsencrypt/live/www.demo.com/root_ca_cert_plus_intermediates;

	## 解析 OCSP 域名的服務器
	resolver 8.8.8.8 8.8.4.4;

	## 禁止网络爬虫
	if ($http_user_agent ~* "qihoobot|Baiduspider|Googlebot|Googlebot-Mobile|Googlebot-Image|Mediapartners-Google|Adsbot-Google|Feedfetcher-Google|Yahoo! Slurp|Yahoo! Slurp China|YoudaoBot|Sosospider|Sogou spider|Sogou web spider|MSNBot|ia_archiver|Tomato Bot")
	{ return 403; }

	## 禁止非法访问
	location /.well-known {}
	#location / {return 500;}

	## 网页服务后端
	proxy_set_header X-Forwarded-For $remote_addr;
	location / {
		fastcgi_pass    127.0.0.1:8801;
		fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
		fastcgi_param   PATH_INFO           $fastcgi_script_name;
		fastcgi_param   SERVER_PROTOCOL     $server_protocol;
		fastcgi_param   QUERY_STRING        $query_string;
		fastcgi_param   REQUEST_METHOD      $request_method;
		fastcgi_param   CONTENT_TYPE        $content_type;
		fastcgi_param   CONTENT_LENGTH      $content_length;
		fastcgi_param   SERVER_ADDR         $server_addr;
		fastcgi_param   SERVER_PORT         $server_port;
		fastcgi_param   SERVER_NAME         $server_name;
		fastcgi_param   REMOTE_ADDR         $remote_addr;
		fastcgi_param   HTTPS               on;
		fastcgi_param   HTTP_SCHEME         https;
	}

	# 文件服务后端
	location /seafhttp {
		rewrite ^/seafhttp(.*)$ $1 break;
		proxy_pass <http://127.0.0.1:8802>;
		proxy_connect_timeout  36000s;
		proxy_read_timeout  36000s;
		proxy_send_timeout  36000s;
		send_timeout  36000s;
	}

	## 静态文件后端
	location /static {
		rewrite ^/static(.*)$ /media$1 break;
		root /data/ser/sof/seafile/seafile-server-latest/seahub;
	}
}

启动 Seafile

启动 Seafile sudo /etc/init.d/seafile start 启动 Nginx sudo /etc/init.d/nginx start 设置Seafile开机启动 sudo update-rc.d seafile defaults 设置Seafile开机启动 sudo update-rc.d nginx defaults

END

静态文件后端的 seahub 目录下的文件可以整个CP到又拍云或者七牛云后由Nginx重定向即可实现半CDN加速。

相关文章