Seafile 12专业版使用nginx配置https实现公网域名访问并启用onlyoffice

Seafile 12默认使用了caddy 反向代理,很多人并不熟悉,上手难度比较大,还是使用 nginx 比较顺手,所以自己修改一下,同时启用了 onlyoffice,下边是完整配置,可以复制下来然后修改即可,此教程参考了 docker-seafile-12.0.11 - 虚拟的现实 - 虚拟的现实 特此感谢。

准备工作:

在宿主机上创建 elasticsearch 的映射路径,并且给 777 权限,否则会出现路径权限问题
mkdir -p /opt/seafile-pe/seafile-elasticsearch/data
chmod 777 -R /opt/seafile-pe/seafile-elasticsearch/data

复制SSL证书到 seafile-data 目录
mkdir -p /opt/seafile-pe/seafile-data/certs
cp seafile.example.com.crt /opt/seafile-pe/seafile-data/certs/
cp seafile.example.com.key /opt/seafile-pe/seafile-data/certs/
chmod 400 /opt/seafile-pe/seafile-data/certs/seafile.example.com.key

复制SSL证书到 onlyoffice 目录,证书必须重命名为onlyoffice
mkdir -p /opt/seafile-pe/onlyoffice/data/certs
cp seafile.example.com.crt /opt/seafile-pe/onlyoffice/data/certs/onlyoffice.crt
cp seafile.example.com.key /opt/seafile-pe/onlyoffice/data/certs/onlyoffice.key
chmod 400 /opt/seafile-pe/onlyoffice/data/certs/onlyoffice.key

部署新 Seafile 网站需要修改以下内容

注释或删除 seafile-server.yml 和 seadoc.yml 文件中的 caddy 字段所有内容
.env 文件
BASIC_STORAGE_PATH=
Startup parameters  段落下的自定义部分

seafile-server.yml 文件
  seafile:
    ports:
      - "8443:8443"

seafile.nginx.conf 文件
        listen 8443 ssl
        listen [::]:8443 ssl
        ssl_certificate /shared/certs/seafile.example.com.crt;
        ssl_certificate_key /shared/certs/seafile.example.com.key;
        server_name seafile.example.com localhost 127.0.0.1 192.168.3.5 [::1];
添加 Seadoc 反向代理    location /sdoc-server/ {    } 和 location /socket.io {    } 

seahub_settings.py 文件
ONLYOFFICE_APIJS_URL =
ONLYOFFICE_JWT_SECRET =

完整的配置文件如下:
.env

############################################
#      Docker compose configurations       #
############################################
COMPOSE_FILE='seafile-server.yml,seadoc.yml,onlyoffice.yml'
COMPOSE_PATH_SEPARATOR=','

## Images
SEAFILE_IMAGE=seafileltd/seafile-pro-mc:12.0-latest
SEAFILE_DB_IMAGE=mariadb:10.11.11
SEAFILE_MEMCACHED_IMAGE=memcached:1.6.38
SEAFILE_ELASTICSEARCH_IMAGE=elasticsearch:8.18.0
SEADOC_IMAGE=seafileltd/sdoc-server:1.0-latest
NOTIFICATION_SERVER_IMAGE=seafileltd/notification-server:12.0-latest
SEASEARCH_IMAGE=seafileltd/seasearch:latest
ONLYOFFICE_IMAGE=onlyoffice/documentserver:latest

## Persistent Storage
BASIC_STORAGE_PATH=/opt/seafile-pe        #此处自定义Seafile的安装目录
SEAFILE_VOLUME=$BASIC_STORAGE_PATH/seafile-data
SEAFILE_MYSQL_VOLUME=$BASIC_STORAGE_PATH/seafile-mysql/db
SEAFILE_ELASTICSEARCH_VOLUME=$BASIC_STORAGE_PATH/seafile-elasticsearch/data
NOTIFICATION_SERVER_VOLUME=$BASIC_STORAGE_PATH/notification-data
SS_DATA_PATH=$BASIC_STORAGE_PATH/seasearch-data 
SEADOC_VOLUME=$BASIC_STORAGE_PATH/seadoc-data
ONLYOFFICE_VOLUME=$BASIC_STORAGE_PATH/onlyoffice

############################################
#      Startup parameters                  #
############################################

SEAFILE_SERVER_PORT=8443        #此处设置Seafile服务的访问端口
SEAFILE_SERVER_PROTOCOL=https        #此处设置是否开启https
SEAFILE_SERVER_HOSTNAME=seafile.example.com:$SEAFILE_SERVER_PORT        #此处设置Seafile服务的域名或IP地址
TIME_ZONE=Asia/Shanghai        #此处设置时区
JWT_PRIVATE_KEY=密码        #此处设置JWT密码,不少于32位

## Database
SEAFILE_MYSQL_DB_HOST=db
SEAFILE_MYSQL_DB_USER=seafile
SEAFILE_MYSQL_DB_PASSWORD=密码        #此处设置数据库seafile用户密码
SEAFILE_MYSQL_DB_CCNET_DB_NAME=ccnet_db
SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=seafile_db
SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=seahub_db

## Database root password, Used to create Seafile users
INIT_SEAFILE_MYSQL_ROOT_PASSWORD=密码        #此处设置数据库root用户密码

## Seafile admin user
INIT_SEAFILE_ADMIN_EMAIL=seafile@example.com        #此处设置Seafile网站的登录邮箱账号
INIT_SEAFILE_ADMIN_PASSWORD=密码        #此处设置Seafile网站的账号登录密码

## Seadoc
ENABLE_SEADOC=true

## OnlyOffice
ONLYOFFICE_PORT=6233        #此处设置onlyoffice的映射端口
ONLYOFFICE_JWT_SECRET=密码        #此处密码应与前边的JWT密码相同

############################################
# Additional configurations for extensions #
############################################

### Storage type
SS_STORAGE_TYPE=disk # options: disk (local disk), s3

### Local storage mode
SS_MAX_OBJ_CACHE_SIZE=10GB

### Log
SS_LOG_TO_STDOUT=false
SS_LOG_OUTPUT=true
SS_LOG_LEVEL=info

### S3 mode
SS_S3_USE_V4_SIGNATURE=false
SS_S3_ACCESS_ID=<your access id>
SS_S3_ACCESS_SECRET=<your access secret>
SS_S3_ENDPOINT=s3.us-east-1.amazonaws.com
SS_S3_BUCKET=<your bucket name>
SS_S3_USE_HTTPS=true
SS_S3_PATH_STYLE_REQUEST=true
SS_S3_AWS_REGION=us-east-1
SS_S3_SSE_C_KEY=<your SSE-C key>

### SeaSearch admin user
INIT_SS_ADMIN_USER=$INIT_SEAFILE_ADMIN_EMAIL
INIT_SS_ADMIN_PASSWORD=$INIT_SEAFILE_ADMIN_PASSWORD

seafile-server.yml 文件

services:
  db:
    image: ${SEAFILE_DB_IMAGE:-mariadb:10.11.11}
    container_name: seafile-mysql
    restart: unless-stopped
    environment:
      - MYSQL_ROOT_PASSWORD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
      - MYSQL_LOG_CONSOLE=true
      - MARIADB_AUTO_UPGRADE=1
    volumes:
      - "${SEAFILE_MYSQL_VOLUME:-/opt/seafile-mysql/db}:/var/lib/mysql"
    networks:
      - seafile-net
    healthcheck:
      test:
        [
          "CMD",
          "/usr/local/bin/healthcheck.sh",
          "--connect",
          "--mariadbupgrade",
          "--innodb_initialized",
        ]
      interval: 20s
      start_period: 30s
      timeout: 5s
      retries: 10

  memcached:
    image: ${SEAFILE_MEMCACHED_IMAGE:-memcached:1.6.38}
    container_name: seafile-memcached
    restart: unless-stopped
    entrypoint: memcached -m 256
    networks:
      - seafile-net

  elasticsearch:
    image: ${SEAFILE_ELASTICSEARCH_IMAGE:-elasticsearch:8.18.0}
    container_name: seafile-elasticsearch
    restart: unless-stopped
    environment:
      - discovery.type=single-node
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
      - "xpack.security.enabled=false"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    mem_limit: 4g
    volumes:
      - "${SEAFILE_ELASTICSEARCH_VOLUME:-/opt/seafile-elasticsearch/data}:/usr/share/elasticsearch/data"
    networks:
      - seafile-net

  seafile:
    image: ${SEAFILE_IMAGE:-seafileltd/seafile-pro-mc:12.0-latest}
    container_name: seafile
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
      - "8443:8443"        # 此处配置Seafile服务的访问端口
    volumes:
      - ${SEAFILE_VOLUME:-/opt/seafile-data}:/shared
    environment:
      - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
      - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
      - DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
      - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
      - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db}
      - TIME_ZONE=${TIME_ZONE:-Asia/Shanghai}
      - INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:-me@example.com}
      - INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret}
      - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
      - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http}
      - SITE_ROOT=${SITE_ROOT:-/}
      - NON_ROOT=${NON_ROOT:-false}
      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
      - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
      - ENABLE_SEADOC=${ENABLE_SEADOC:-true}
      - SEADOC_SERVER_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}/sdoc-server
      - INIT_S3_STORAGE_BACKEND_CONFIG=${INIT_S3_STORAGE_BACKEND_CONFIG:-false}
      - INIT_S3_COMMIT_BUCKET=${INIT_S3_COMMIT_BUCKET:-}
      - INIT_S3_FS_BUCKET=${INIT_S3_FS_BUCKET:-}
      - INIT_S3_BLOCK_BUCKET=${INIT_S3_BLOCK_BUCKET:-}
      - INIT_S3_KEY_ID=${INIT_S3_KEY_ID:-}
      - INIT_S3_SECRET_KEY=${INIT_S3_SECRET_KEY:-}
      - INIT_S3_USE_V4_SIGNATURE=${INIT_S3_USE_V4_SIGNATURE:-true}
      - INIT_S3_AWS_REGION=${INIT_S3_AWS_REGION:-us-east-1}
      - INIT_S3_HOST=${INIT_S3_HOST:-us-east-1}
      - INIT_S3_USE_HTTPS=${INIT_S3_USE_HTTPS:-true}
    depends_on:
      db:
        condition: service_healthy
      memcached:
        condition: service_started
      elasticsearch:
        condition: service_started
    networks:
      - seafile-net

networks:
  seafile-net:
    name: seafile-net

seadoc.yml 文件

services:

  seadoc:
    image: ${SEADOC_IMAGE:-seafileltd/sdoc-server:1.0-latest}
    container_name: seadoc
    restart: unless-stopped
    volumes:
      - ${SEADOC_VOLUME:-/opt/seadoc-data/}:/shared
    # ports:
    #   - "80:80"
    environment:
      - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
      - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
      - DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
      - DB_NAME=${SEADOC_MYSQL_DB_NAME:-seahub_db}
      - TIME_ZONE=${TIME_ZONE:-Asia/Shanghai}
      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
      - NON_ROOT=${NON_ROOT:-false}
      - SEAHUB_SERVICE_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
    depends_on:
      db:
        condition: service_healthy
    networks:
      - seafile-net

networks:
  seafile-net:
    name: seafile-net

onlyoffice.yml 文件

services:

  onlyoffice:
    image: ${ONLYOFFICE_IMAGE:-onlyoffice/documentserver:latest}
    container_name: onlyoffice
    restart: unless-stopped
    environment:
      # - DB_TYPE=${DB_TYPE:-mariadb}
      # - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
      # - DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
      # - DB_PWD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
      - TIME_ZONE=${TIME_ZONE:-Asia/Shanghai}
      - JWT_ENABLED=true
      - JWT_SECRET=${ONLYOFFICE_JWT_SECRET:?Variable is not set or empty}
    ports:
      - ${ONLYOFFICE_PORT:-6233}:443
    volumes:
      - ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/logs:/var/log/onlyoffice
      - ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/data:/var/www/onlyoffice/Data
      - ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/lib:/var/lib/onlyoffice
      - ${ONLYOFFICE_VOLUME:-/opt/onlyoffice}/db:/var/lib/postgresql
    networks:
      - seafile-net

networks:
  seafile-net:
    name: seafile-net

seafile.nginx.conf 文件

# -*- mode: nginx -*-

    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
        server_tokens off;
    }

    server {
        listen 443 ssl default_server;
        listen 8443 ssl default_server;
        listen [::]:443 ssl default_server;
        listen [::]:8443 ssl default_server;
        http2 on;
        server_name _;
        error_page 497 =301 https://$host:$server_port$request_uri;
        return 444;
        server_tokens off;
        ssl_certificate /shared/certs/seafile.example.com.crt;
        ssl_certificate_key /shared/certs/seafile.example.com.key;
    }

    server {
        listen 443 ssl;
        listen 8443 ssl;
        listen [::]:443 ssl;
        listen [::]:8443 ssl;
        http2 on;
        server_name seafile.example.com localhost 127.0.0.1 192.168.3.5 [::1];
        error_page 497 =301 https://$host:$server_port$request_uri;
        server_tokens off;

        ssl_certificate /shared/certs/seafile.example.com.crt;
        ssl_certificate_key /shared/certs/seafile.example.com.key;

        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:5m;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
        ssl_prefer_server_ciphers on;
        proxy_set_header X-Forwarded-For $remote_addr;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    location / {
        proxy_pass http://127.0.0.1:8000/;
        proxy_read_timeout 1200s;
        proxy_set_header Host $http_host;
        proxy_set_header Forwarded "for=$remote_addr;proto=$scheme";
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection "";
        proxy_http_version 1.1;
        client_max_body_size 0;
        access_log      /var/log/nginx/seahub.access.log seafileformat;
        error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        client_max_body_size 0;
        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_request_buffering off;
        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }

    location /notification/ping {
        proxy_pass http://127.0.0.1:8083/ping;
        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }

    location /notification {
        proxy_pass http://127.0.0.1:8083/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        access_log      /var/log/nginx/notification.access.log seafileformat;
        error_log       /var/log/nginx/notification.error.log;
    }

    location /seafdav {
        proxy_pass         http://127.0.0.1:8080;
        proxy_set_header   Host $host;
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_set_header   X-Forwarded-Proto $scheme;
        proxy_read_timeout  1200s;
        client_max_body_size 0;

        access_log      /var/log/nginx/seafdav.access.log seafileformat;
        error_log       /var/log/nginx/seafdav.error.log;
    }

    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }

    location /sdoc-server/ {
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
        add_header Access-Control-Allow-Headers "deviceType,token, authorization, content-type";
        if ($request_method = 'OPTIONS') {
            add_header Access-Control-Allow-Origin *;
            add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;
            add_header Access-Control-Allow-Headers "deviceType,token, authorization, content-type";
            return 204;
        }
        proxy_pass         http://seadoc:80/;
        proxy_redirect     off;
        proxy_set_header   Host              $host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host  $server_name;
        proxy_set_header   X-Forwarded-Proto $scheme;
        client_max_body_size 100m;
        access_log      /var/log/nginx/seadoc.access.log seafileformat;
        error_log       /var/log/nginx/seadoc.error.log;
    }

    location /socket.io {
        proxy_pass http://seadoc:80;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_redirect off;
        proxy_buffers 8 32k;
        proxy_buffer_size 64k;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
    }

}

把相关内容修改成自己的信息后,开始安装

docker compose pull      #拉取或更新镜像
docker compose up -d

编辑 /opt/seafile-pe/seafile-data/seafile/conf/seahub_settings.py 文件,添加以下内容

ENABLE_ONLYOFFICE = True
ONLYOFFICE_APIJS_URL = 'https://seafile.example.com:6233/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')
ONLYOFFICE_EDIT_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')
ONLYOFFICE_JWT_SECRET = 'env文件中配置的JWT密码'

docker compose stop
docker compose up -d

顺利的话此时应该可以使用域名访问你的 Seafile 网站了。

1 个赞

我弄了很久,早看到这篇就好了

1 个赞

这个方案不是很理想,最佳是用反代,统一入口,也方便证书管理。

嗯,不用caddy,我想用nginx proxy manager来处理反代,安装时全部用局域网地址进行,感觉这样处理比较好,下次试试。在家用局域网,在外面用反代。