Seafile 12专业版使用nginx配置https实现公网域名访问并启用onlyoffice

经验分享
1

Seafile 12默认使用了caddy 反向代理,很多人并不熟悉,上手难度比较大,还是使用 nginx 比较顺手,所以自己修改一下,同时启用了 onlyoffice,下边是完整配置,可以复制下来然后修改即可,此教程参考了 docker-seafile-12.0.11 - 虚拟的现实 - 虚拟的现实 特此感谢。

准备工作:

在宿主机上创建 elasticsearch 的映射路径,并且给 777 权限,否则会出现路径权限问题
mkdir -p /opt/seafile-pe/seafile-elasticsearch/data
chmod 777 -R /opt/seafile-pe/seafile-elasticsearch/data

复制SSL证书到 seafile-data 目录
mkdir -p /opt/seafile-pe/seafile-data/certs
cp seafile.example.com.crt /opt/seafile-pe/seafile-data/certs/
cp seafile.example.com.key /opt/seafile-pe/seafile-data/certs/
chmod 400 /opt/seafile-pe/seafile-data/certs/seafile.example.com.key

复制SSL证书到 onlyoffice 目录,证书必须重命名为onlyoffice
mkdir -p /opt/seafile-pe/onlyoffice/data/certs
cp seafile.example.com.crt /opt/seafile-pe/onlyoffice/data/certs/onlyoffice.crt
cp seafile.example.com.key /opt/seafile-pe/onlyoffice/data/certs/onlyoffice.key
chmod 400 /opt/seafile-pe/onlyoffice/data/certs/onlyoffice.key

部署新 Seafile 网站需要修改以下内容

注释或删除 seafile-server.yml 和 seadoc.yml 文件中的 caddy 字段所有内容
.env 文件
BASIC_STORAGE_PATH=
Startup parameters  段落下的自定义部分

seafile-server.yml 文件
  seafile:
    ports:
      - "8443:8443"

seafile.nginx.conf 文件
        listen 8443 ssl
        listen [::]:8443 ssl
        ssl_certificate /shared/certs/seafile.example.com.crt;
        ssl_certificate_key /shared/certs/seafile.example.com.key;
        server_name seafile.example.com localhost 127.0.0.1 192.168.3.5 [::1];
添加 Seadoc 反向代理    location /sdoc-server/ {    } 和 location /socket.io {    } 

seahub_settings.py 文件
ONLYOFFICE_APIJS_URL =
ONLYOFFICE_JWT_SECRET =

完整的配置文件如下:
.env

############################################
#      Docker compose configurations       #
############################################
COMPOSE_FILE='seafile-server.yml,seadoc.yml,onlyoffice.yml'
COMPOSE_PATH_SEPARATOR=','

## Images
SEAFILE_IMAGE=seafileltd/seafile-pro-mc:12.0-latest
SEAFILE_DB_IMAGE=mariadb:10.11.11
SEAFILE_MEMCACHED_IMAGE=memcached:1.6.38
SEAFILE_ELASTICSEARCH_IMAGE=elasticsearch:8.18.0
SEADOC_IMAGE=seafileltd/sdoc-server:1.0-latest
NOTIFICATION_SERVER_IMAGE=seafileltd/notification-server:12.0-latest
SEASEARCH_IMAGE=seafileltd/seasearch:latest
ONLYOFFICE_IMAGE=onlyoffice/documentserver:latest

## Persistent Storage
BASIC_STORAGE_PATH=/opt/seafile-pe        #此处自定义Seafile的安装目录
SEAFILE_VOLUME=$BASIC_STORAGE_PATH/seafile-data
SEAFILE_MYSQL_VOLUME=$BASIC_STORAGE_PATH/seafile-mysql/db
SEAFILE_ELASTICSEARCH_VOLUME=$BASIC_STORAGE_PATH/seafile-elasticsearch/data
NOTIFICATION_SERVER_VOLUME=$BASIC_STORAGE_PATH/notification-data
SS_DATA_PATH=$BASIC_STORAGE_PATH/seasearch-data 
SEADOC_VOLUME=$BASIC_STORAGE_PATH/seadoc-data
ONLYOFFICE_VOLUME=$BASIC_STORAGE_PATH/onlyoffice

############################################
#      Startup parameters                  #
############################################

SEAFILE_SERVER_PORT=8443        #此处设置Seafile服务的访问端口
SEAFILE_SERVER_PROTOCOL=https        #此处设置是否开启https
SEAFILE_SERVER_HOSTNAME=seafile.example.com:$SEAFILE_SERVER_PORT        #此处设置Seafile服务的域名或IP地址
TIME_ZONE=Asia/Shanghai        #此处设置时区
JWT_PRIVATE_KEY=密码        #此处设置JWT密码,不少于32位

## Database
SEAFILE_MYSQL_DB_HOST=db
SEAFILE_MYSQL_DB_USER=seafile
SEAFILE_MYSQL_DB_PASSWORD=密码        #此处设置数据库seafile用户密码
SEAFILE_MYSQL_DB_CCNET_DB_NAME=ccnet_db
SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=seafile_db
SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=seahub_db

## Database root password, Used to create Seafile users
INIT_SEAFILE_MYSQL_ROOT_PASSWORD=密码        #此处设置数据库root用户密码

## Seafile admin user
INIT_SEAFILE_ADMIN_EMAIL=seafile@example.com        #此处设置Seafile网站的登录邮箱账号
INIT_SEAFILE_ADMIN_PASSWORD=密码        #此处设置Seafile网站的账号登录密码

## Seadoc
ENABLE_SEADOC=true

## OnlyOffice
ONLYOFFICE_PORT=6233        #此处设置onlyoffice的映射端口
ONLYOFFICE_JWT_SECRET=密码        #此处密码应与前边的JWT密码相同

############################################
# Additional configurations for extensions #
############################################

### Storage type
SS_STORAGE_TYPE=disk # options: disk (local disk), s3

### Local storage mode
SS_MAX_OBJ_CACHE_SIZE=10GB

### Log
SS_LOG_TO_STDOUT=false
SS_LOG_OUTPUT=true
SS_LOG_LEVEL=info

### S3 mode
SS_S3_USE_V4_SIGNATURE=false
SS_S3_ACCESS_ID=<your access id>
SS_S3_ACCESS_SECRET=<your access secret>
SS_S3_ENDPOINT=s3.us-east-1.amazonaws.com
SS_S3_BUCKET=<your bucket name>
SS_S3_USE_HTTPS=true
SS_S3_PATH_STYLE_REQUEST=true
SS_S3_AWS_REGION=us-east-1
SS_S3_SSE_C_KEY=<your SSE-C key>

### SeaSearch admin user
INIT_SS_ADMIN_USER=$INIT_SEAFILE_ADMIN_EMAIL
INIT_SS_ADMIN_PASSWORD=$INIT_SEAFILE_ADMIN_PASSWORD

seafile-server.yml 文件

services:
  db:
    image: ${SEAFILE_DB_IMAGE:-mariadb:10.11.11}
    container_name: seafile-mysql
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
      - MYSQL_LOG_CONSOLE=true
      - MARIADB_AUTO_UPGRADE=1
    volumes:
      - "${SEAFILE_MYSQL_VOLUME:-/opt/seafile-mysql/db}:/var/lib/mysql"
    networks:
      - seafile-net
    healthcheck:
      test:
        [
          "CMD",
          "/usr/local/bin/healthcheck.sh",
          "--connect",
          "--mariadbupgrade",
          "--innodb_initialized",
        ]
      interval: 20s
      start_period: 30s
      timeout: 5s
      retries: 10

  memcached:
    image: ${SEAFILE_MEMCACHED_IMAGE:-memcached:1.6.38}
    container_name: seafile-memcached
    restart: unless-stopped
    entrypoint: memcached -m 256
    networks:
      - seafile-net

  elasticsearch:
    image: ${SEAFILE_ELASTICSEARCH_IMAGE:-elasticsearch:8.18.0}
    container_name: seafile-elasticsearch
    restart: unless-stopped
    environment:
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - "xpack.security.enabled=false"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 4g
    volumes:
      - "${SEAFILE_ELASTICSEARCH_VOLUME:-/opt/seafile-elasticsearch/data}:/usr/share/elasticsearch/data"
    networks:
      - seafile-net

  seafile:
    image: ${SEAFILE_IMAGE:-seafileltd/seafile-pro-mc:12.0-latest}
    container_name: seafile
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8443:8443"        # 此处配置Seafile服务的访问端口
    volumes:
      - ${SEAFILE_VOLUME:-/opt/seafile-data}:/shared
    environment:
      - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
      - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
      - DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
      - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
      - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db}
      - TIME_ZONE=${TIME_ZONE:-Asia/Shanghai}
      - INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:-me@example.com}
      - INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret}
      - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
      - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http}
      - SITE_ROOT=${SITE_ROOT:-/}
      - NON_ROOT=${NON_ROOT:-false}
      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
      - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
      - ENABLE_SEADOC=${ENABLE_SEADOC:-true}
      - SEADOC_SERVER_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}/sdoc-server
      - INIT_S3_STORAGE_BACKEND_CONFIG=${INIT_S3_STORAGE_BACKEND_CONFIG:-false}
      - INIT_S3_COMMIT_BUCKET=${INIT_S3_COMMIT_BUCKET:-}
      - INIT_S3_FS_BUCKET=${INIT_S3_FS_BUCKET:-}
      - INIT_S3_BLOCK_BUCKET=${INIT_S3_BLOCK_BUCKET:-}
      - INIT_S3_KEY_ID=${INIT_S3_KEY_ID:-}
      - INIT_S3_SECRET_KEY=${INIT_S3_SECRET_KEY:-}
      - INIT_S3_USE_V4_SIGNATURE=${INIT_S3_USE_V4_SIGNATURE:-true}
      - INIT_S3_AWS_REGION=${INIT_S3_AWS_REGION:-us-east-1}
      - INIT_S3_HOST=${INIT_S3_HOST:-us-east-1}
      - INIT_S3_USE_HTTPS=${INIT_S3_USE_HTTPS:-true}
    depends_on:
      db:
        condition: service_healthy
      memcached:
        condition: service_started
      elasticsearch:
        condition: service_started
    networks:
      - seafile-net

networks:
  seafile-net:
    name: seafile-net

seadoc.yml 文件

services:

  seadoc:
    image: ${SEADOC_IMAGE:-seafileltd/sdoc-server:1.0-latest}
    container_name: seadoc
    restart: unless-stopped
    volumes:
      - ${SEADOC_VOLUME:-/opt/seadoc-data/}:/shared
    # ports:
    #   - "80:80"
    environment:
      - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
      - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
      - DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
      - DB_NAME=${SEADOC_MYSQL_DB_NAME:-seahub_db}
      - TIME_ZONE=${TIME_ZONE:-Asia/Shanghai}
      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
      - NON_ROOT=${NON_ROOT:-false}
      - SEAHUB_SERVICE_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
    depends_on:
      db:
        condition: service_healthy
    networks:
      - seafile-net

networks:
  seafile-net:
    name: seafile-net

onlyoffice.yml 文件

services:

  onlyoffice:
    image: ${ONLYOFFICE_IMAGE:-onlyoffice/documentserver:latest}
    container_name: onlyoffice
    restart: unless-stopped
    environment:
      # - DB_TYPE=${DB_TYPE:-mariadb}
      # - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
      # - DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
      # - DB_PWD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
      - TIME_ZONE=${TIME_ZONE:-Asia/Shanghai}
      - JWT_ENABLED=true
      - JWT_SECRET=${ONLYOFFICE_JWT_SECRET:?Variable is not set or empty}
    ports:
      - ${ONLYOFFICE_PORT:-6233}:443
    volumes:
      - ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/logs:/var/log/onlyoffice
      - ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/data:/var/www/onlyoffice/Data
      - ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/lib:/var/lib/onlyoffice
      - ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/db:/var/lib/postgresql
    networks:
      - seafile-net

networks:
  seafile-net:
    name: seafile-net

seafile.nginx.conf 文件

# -*- mode: nginx -*-

    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
        server_tokens off;
    }

    server {
        listen 443 ssl default_server;
        listen 8443 ssl default_server;
        listen [::]:443 ssl default_server;
        listen [::]:8443 ssl default_server;
        http2 on;
        server_name _;
        error_page 497 =301 https://$host:$server_port$request_uri;
        return 444;
        server_tokens off;
        ssl_certificate /shared/certs/seafile.example.com.crt;
        ssl_certificate_key /shared/certs/seafile.example.com.key;
    }

    server {
        listen 443 ssl;
        listen 8443 ssl;
        listen [::]:443 ssl;
        listen [::]:8443 ssl;
        http2 on;
        server_name seafile.example.com localhost 127.0.0.1 192.168.3.5 [::1];
        error_page 497 =301 https://$host:$server_port$request_uri;
        server_tokens off;

        ssl_certificate /shared/certs/seafile.example.com.crt;
        ssl_certificate_key /shared/certs/seafile.example.com.key;

        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:5m;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
        ssl_prefer_server_ciphers on;
        proxy_set_header X-Forwarded-For $remote_addr;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    location / {
        proxy_pass http://127.0.0.1:8000/;
        proxy_read_timeout 1200s;
        proxy_set_header Host $http_host;
        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_http_version 1.1;
        client_max_body_size 0;
        access_log      /var/log/nginx/seahub.access.log seafileformat;
        error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_request_buffering off;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }

    location /notification/ping {
        proxy_pass http://127.0.0.1:8083/ping;
        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }

    location /notification {
        proxy_pass http://127.0.0.1:8083/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }

    location /seafdav {
        proxy_pass         http://127.0.0.1:8080;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_read_timeout  1200s;
        client_max_body_size 0;

        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }

    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }

    location /sdoc-server/ {
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
        add_header Access-Control-Allow-Headers "deviceType,token, authorization, content-type";
        if ($request_method = 'OPTIONS') {
            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
            add_header Access-Control-Allow-Headers "deviceType,token, authorization, content-type";
            return 204;
        }
        proxy_pass         http://seadoc:80/;
        proxy_redirect     off;
        proxy_set_header   Host              $host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host  $server_name;
        proxy_set_header   X-Forwarded-Proto $scheme;
        client_max_body_size 100m;
        access_log      /var/log/nginx/seadoc.access.log seafileformat;
        error_log       /var/log/nginx/seadoc.error.log;
    }

    location /socket.io {
        proxy_pass http://seadoc:80;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_redirect off;
        proxy_buffers 8 32k;
        proxy_buffer_size 64k;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
    }

}

把相关内容修改成自己的信息后,开始安装

docker compose pull      #拉取或更新镜像
docker compose up -d

编辑 /opt/seafile-pe/seafile-data/seafile/conf/seahub_settings.py 文件,添加以下内容

ENABLE_ONLYOFFICE = True
ONLYOFFICE_APIJS_URL = 'https://seafile.example.com:6233/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')
ONLYOFFICE_EDIT_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')
ONLYOFFICE_JWT_SECRET = 'env文件中配置的JWT密码'

docker compose stop
docker compose up -d

顺利的话此时应该可以使用域名访问你的 Seafile 网站了。

1 个赞
2

我弄了很久,早看到这篇就好了

1 个赞
3

这个方案不是很理想,最佳是用反代,统一入口,也方便证书管理。

4

嗯,不用caddy,我想用nginx proxy manager来处理反代,安装时全部用局域网地址进行,感觉这样处理比较好,下次试试。在家用局域网,在外面用反代。

5

部署完后onlyoffice可以打开welcome
js也能打开
但是seafile打开文档就是调用不了 seahub.settings.py配置反复看都没看出哪里有问题
ENABLE_ONLYOFFICE = True
ONLYOFFICE_APIJS_URL = ‘https://77.1111.xyz:8888/web-apps/apps/api/documents/api.js’
ONLYOFFICE_FILE_EXTENSION = (‘doc’, ‘docx’, ‘ppt’, ‘pptx’, ‘xls’, ‘xlsx’, ‘odt’, ‘fodt’, ‘odp’, ‘fodp’, ‘ods’, ‘fods’, ‘csv’, ‘ppsx’, ‘pps’)
ONLYOFFICE_EDIT_FILE_EXTENSION = (‘docx’, ‘pptx’, ‘xlsx’)
ONLYOFFICE_JWT_SECRET = ‘3b6r8c8ZoUF4kNsv0cMgiVIRVJRnT64i’

6

Generating WOPI private key…Done
Generating WOPI public key…Done

  • Starting PostgreSQL 16 database server
    …done.
  • Starting RabbitMQ Messaging Server rabbitmq-server
    …done.
    Connection to localhost (::1) 5432 port [tcp/postgresql] succeeded!
    Connection to localhost (::1) 5672 port [tcp/amqp] succeeded!
    psql:/var/www/onlyoffice/documentserver/server/schema/postgresql/removetbl.sql:4: NOTICE: table “doc_callbacks” does not exist, skipping
    psql:/var/www/onlyoffice/documentserver/server/schema/postgresql/removetbl.sql:9: NOTICE: function merge_db(pg_catalog.varchar,int2,int8,pg_catalog.timestamp,pg_catalog
    .varchar,int8,int8) does not exist, skippingpsql:/var/www/onlyoffice/documentserver/server/schema/postgresql/removetbl.sql:10: NOTICE: function merge_db(pg_catalog.varchar,int2,int4,pg_catalog.timestamp,pg_catalo
    g.varchar,int4,int4) does not exist, skippingpsql:/var/www/onlyoffice/documentserver/server/schema/postgresql/removetbl.sql:11: NOTICE: function merge_db(pg_catalog.varchar,int2,int4,pg_catalog.timestamp,int4,int4
    ,text,text) does not exist, skippingStarting supervisor: supervisord.
  • Starting periodic command scheduler cron
    …done.
  • Starting nginx nginx
    …done.
    Generating AllFonts.js, please wait…Done
    Generating presentation themes, please wait…Done
    Generating js caches, please wait…Done
    ds:docservice: stopped
    ds:docservice: started
    ds:converter: stopped
    ds:converter: started
  • Reloading nginx configuration nginx
    …done.
7

360截图20250601210145168
360截图202506012101451681930×875 48.7 KB

不懂啥问题

8

这种情况一般是onlyoffice服务无法读取seafile的文件导致,最好是贴出完整配置看一下,你这个应该不是完全复制我的配置来的,把.env和onlyoffice.yml,seafile-server.yml贴出来看看

9

.eny


############################################
COMPOSE_FILE='seafile-server.yml,onlyoffice.yml,seasearch.yml'
COMPOSE_PATH_SEPARATOR=','

### Images
SEAFILE_IMAGE=seafileltd/seafile-pro-mc:12.0-latest
SEAFILE_DB_IMAGE=mariadb:10.11.11
SEAFILE_MEMCACHED_IMAGE=memcached:1.6.38
NOTIFICATION_SERVER_IMAGE=seafileltd/notification-server:12.0-latest
SEASEARCH_IMAGE=seafileltd/seasearch:0.9-latest
ONLYOFFICE_IMAGE=onlyoffice/documentserver:8.1.0.1
#SEADOC_IMAGE=seafileltd/sdoc-server:1.0-latest

### Persistent Storage
BASIC_STORAGE_PATH=/opt/
SEAFILE_VOLUME=$BASIC_STORAGE_PATH/seafile-data
SEAFILE_MYSQL_VOLUME=$BASIC_STORAGE_PATH/seafile-mysql/db
NOTIFICATION_SERVER_VOLUME=$BASIC_STORAGE_PATH/notification-data
SS_DATA_PATH=$BASIC_STORAGE_PATH/seasearch-data
ONLYOFFICE_VOLUME=$BASIC_STORAGE_PATH/onlyoffice
#
#############################################
##      Startup parameters                  #
#############################################

SEAFILE_SERVER_HOSTNAME=088.1111xyz:8888
SEAFILE_SERVER_PROTOCOL=https
TIME_ZONE=Asia/Shanghai        #此处设置时区
JWT_PRIVATE_KEY=3b6r8c8ZoUF4kNsv0cMgiVIRVJRnTwD8e043X64i #此处设置JWT密码,不少于32位

### Database
SEAFILE_MYSQL_DB_HOST=db
SEAFILE_MYSQL_DB_USER=seafile
SEAFILE_MYSQL_DB_PASSWORD=ln1111      #此处设置数据库seafile用户密码
SEAFILE_MYSQL_DB_CCNET_DB_NAME=ccnet_db
SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=seafile_db
SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=seahub_db

### Database root password, Used to create Seafile users
INIT_SEAFILE_MYSQL_ROOT_PASSWORD=ln11111       #此处设置数据库root用户密码
#
### Seafile admin user
INIT_SEAFILE_ADMIN_EMAIL=1111@qq.com        #此处设置Seafile网站的登录邮箱账号
INIT_SEAFILE_ADMIN_PASSWORD=ln1111     #此处设置Seafile网站的账号登录密码

### OnlyOffice
ONLYOFFICE_PORT=6233        #此处设置onlyoffice的映射端口
ONLYOFFICE_JWT_SECRET=3b6r8c8ZoUF4kNsv0cMgiVIRVJRnTw11111     #此处密码应与前边的JWT密码相同

## SeaDoc service
#ENABLE_SEADOC=true

#### Storage type
SS_STORAGE_TYPE=disk # options: disk (local disk), s3

#### Local storage mode
SS_MAX_OBJ_CACHE_SIZE=10GB
#
#### Log
SS_LOG_TO_STDOUT=false
SS_LOG_OUTPUT=true
SS_LOG_LEVEL=info
#
INIT_SS_ADMIN_USER=$INIT_SEAFILE_ADMIN_EMAIL
INIT_SS_ADMIN_PASSWORD=$INIT_SEAFILE_ADMIN_PASSWORD

seafile-server

services:
  db:
    image: ${SEAFILE_DB_IMAGE:-mariadb:10.11.11}
    container_name: seafile-mysql
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
      - MYSQL_LOG_CONSOLE=true
      - MARIADB_AUTO_UPGRADE=1
    volumes:
      - "${SEAFILE_MYSQL_VOLUME:-/opt/seafile-mysql/db}:/var/lib/mysql"
    networks:
      - seafile-net
    healthcheck:
      test:
        [
          "CMD",
          "/usr/local/bin/healthcheck.sh",
          "--connect",
          "--mariadbupgrade",
          "--innodb_initialized",
        ]
      interval: 20s
      start_period: 30s
      timeout: 5s
      retries: 10

  memcached:
    image: ${SEAFILE_MEMCACHED_IMAGE:-memcached:1.6.38}
    container_name: seafile-memcached
    restart: unless-stopped
    entrypoint: memcached -m 256
    networks:
      - seafile-net
  seafile:
    image: ${SEAFILE_IMAGE:-seafileltd/seafile-pro-mc:12.0-latest}
    container_name: seafile
    restart: unless-stopped
    ports:
      - "80:80"
      - "8000:8000"
      - "8082:8082"
    volumes:
      - ${SEAFILE_VOLUME:-/opt/seafile-data}:/shared
    environment:
      - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
      - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
      - DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
      - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
      - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db}
      - TIME_ZONE=${TIME_ZONE:-Asia/Shanghai}
      - INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:-me@example.com}
      - INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret}
      - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
      - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http}
      - SITE_ROOT=${SITE_ROOT:-/}
      - NON_ROOT=${NON_ROOT:-false}
      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
      - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
      - ENABLE_SEADOC=${ENABLE_SEADOC:-true}
    depends_on:
      db:
        condition: service_healthy
      memcached:
        condition: service_started
    networks:
      - seafile-net


networks:
  seafile-net:
    name: seafile-net

                               ```


onlyoffice

services:

onlyoffice:
image: ${ONLYOFFICE_IMAGE:-onlyoffice/documentserver:latest}
container_name: seafile-onlyoffice
restart: unless-stopped
environment:
- TIME_ZONE=${TIME_ZONE:-Asia/Shanghai}
- JWT_ENABLED=true
- JWT_SECRET=${ONLYOFFICE_JWT_SECRET:?Variable is not set or empty}
- allowPrivateIPAddress=true
- allowMetaIPAddress=true
- rejectUnauthorized=false
ports:
- ${ONLYOFFICE_PORT:-6233}:80
volumes:
- ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/logs:/var/log/onlyoffice
- ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/data:/var/www/onlyoffice/Data
- ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/lib:/var/lib/onlyoffice
- ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/db:/var/lib/postgresql
- /etc/hosts:/etc/hosts
networks:
- seafile-net

networks:
seafile-net:
name: seafile-net

10

seahub.settings.py配置中的onlyoffice端口8888是在哪里指定的?我看你的配置端口应该是6233才对,另外onlyoffice.yml中的- ${ONLYOFFICE_PORT:-6233}:80这里也应该映射443端口而不是80端口,而你说可以打开onlyoffice的welcome,打开的是哪个链接呢?如果要使用8888端口,先修改一下.env文件中的ONLYOFFICE_PORT=6233

另外建议实在不行的话就重新部署一下,把帖子中的配置文件完全复制下来然后根据需要修改,不然只是参考对照修改的话很容易有遗漏的地方。

11

8888是反向代理指定的,一个端口不同子域名访问不同服务,打开的是服务器ip:6233/welcome和服务器域名:8888/welcome

12

不用443是因为没在only放证书,证书全在代理服务器统一管理

13

我感觉问题可能出在这里了,因为本身onlyoffice就有一层nginx代理,你试着把证书放到onlyoffice/data/certs,然后看看是否正常

14

我之前就放过了不正常。我发的配置都是最新的。nginx没有做这个代理 ,代理是有单独的软件去做的。seafile的话官方的nginx监听了80端口。然后也是独立的代理软件去代理访问这个80端口。

15

nginx配置问题,我开始也是,现在没问题了,用的这个镜像:ONLYOFFICE_IMAGE=onlyoffice/documentserver:8.3.3.1
server {
listen 80 ;
listen [::]:80 ;
listen 443 ssl ;
listen [::]:443 ssl ;
server_name oo.域名.top;
index index.php index.html index.htm default.php default.htm default.html;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
access_log /www/sites/oo.域名.top/log/access.log main;
error_log /www/sites/oo.域名.top/log/error.log;
location ^~ /.well-known {
allow all;
root /usr/share/nginx/html;
}
http2 on;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
ssl_certificate /www/sites/oo.域名.top/ssl/fullchain.pem;
ssl_certificate_key /www/sites/oo.域名.top/ssl/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!SRP:!CAMELLIA:!SEED;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
error_page 497 https://$host$request_uri;
proxy_set_header X-Forwarded-Proto https;
add_header Strict-Transport-Security “max-age=31536000”;

location ^~ / {
proxy_pass http://127.0.0.1:6233; 
proxy_set_header Host $host; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_set_header REMOTE-HOST $remote_addr; 
proxy_set_header Upgrade $http_upgrade; 
proxy_set_header Connection $http_connection; 
proxy_set_header X-Forwarded-Proto $scheme; 
proxy_set_header X-Forwarded-Port $server_port; 
proxy_http_version 1.1; 
add_header X-Cache $upstream_cache_status; 
add_header Cache-Control no-cache; 
proxy_ssl_server_name off; 
proxy_ssl_name $proxy_host;

}
}