开源的云存储程序－seafile

Open source cloud storage with file encryption and group sharing, and emphasis on reliability and high performance. http://seafile.com/

Introduction 

Seafile is an open source cloud storage system with features on privacy protection and teamwork. Collections of files are called libraries, and each library can be synced separately. A library can also be encrypted with a user chosen password. Seafile also allows users to create groups and easily sharing files into groups.

Feature Summary

Seafile has the following features:

File syncing

1. Selective synchronization of file libraries. Each library can be synced separately.
2. Correct handling of file conflicts based on history instead of timestamp.
3. Only transfering contents not in the server, and incomplete transfers can be resumed.
4. Sync with two or more servers.
5. Sync with existing folders.
6. Sync a sub-folder.

File sharing and collaboration

1. Sharing libraries between users or into groups.
2. Sharing sub-folders between users or into groups.
3. Download links with password protection
4. Upload links
5. Version control with configurable revision number.
6. Restoring deleted files from trash, history or snapshots.

Privacy protection

1. Library encryption with a user chosen password.
2. Client side encryption when using the desktop syncing.

Internal

Seafile's version control model is based on Git, but it is simplified for automatic synchronization does not need Git installed to run Seafile. Each Seafile library behaves like a Git repository. It has its own unique history, which consists of a list of commits. A commit points to the root of a file system snapshot. The snapshot consists of directories and files. Files are further divided into blocks for more efficient network transfer and storage usage.

Differences from Git:

1. Automatic synchronization.
2. Clients do not store file history, thus they avoid the overhead of storing data twice. Git is not efficient for larger files such as images.
3. Files are further divided into blocks for more efficient network transfer and storage usage.
4. File transfer can be paused and resumed.
5. Support for different storage backends on the server side.
6. Support for downloading from multiple block servers to accelerate file transfer.
7. More user-friendly file conflict handling. (Seafile adds the user's name as a suffix to conflicting files.)
8. Graceful handling of files the user modifies while auto-sync is running. Git is not designed to work in these cases.

Build and Run

See http://manual.seafile.com/build_seafile/server.html

FROM https://github.com/haiwen/seafile

http://manual.seafile.com(https://github.com/haiwen/seafile-docs)
--------------

seafile开源的个人网盘及企业网盘搭建

随着大批网盘的倒下，你还在依靠互联网上的网盘携带传输文件么？本文教你如何自己搭建属于自己的个人大容量网盘及企业网盘。

1. seafile简介Seafile是一个面向企业、团队的云盘，解决文件管理和共享的问题。在此基 础上，Seafile提供群组协作的功能，形成一个以文档为中心的协作平台。并且提供全平台的客户端，包括linux、windows及mac.并且提供 手机客户端，支持Android和IOS。
2. 下载服务器
   seafile官网下载地址
   选择下载最新版，这里我用的是最新Linux版的5.1.1 64bit.
3. 解压将下载下来的压缩包解压到/home/seafile下即可.

   tar -zxvf seafile-server-5.1.1 -C /home/seafile

4. 系统环境准备
   因为官方是在centos7上测试的，centos7的自带python是2.7版本的。这里我的系统是centos6.5。而centos6.5的自带python版本是2.6的，所以需要自己编译安装python2.7。
   1）编译安装python2.7
   

   cd <span class="constant">Python</span>-<span class="number">2.7</span>.<span class="number">8</span>
   .<span class="regexp">/configure --prefix=/usr</span><span class="regexp">/local/python</span>2.<span class="number">7</span>
   make
   make install

   2）安装以下软件
   
   • mysql #yum 安装即可
   • python-setuptools
   • python-imaging
   • python-ldap #与ldap结合认证
   • MySQL-python
   • python-memcached #与memcached结合，提高缓存性能
   • pillow #很重要，解决后期验证码刷不出来的问题
     以上软件包都可以去 pypi 下载。
     安装实例：

     tar zxvf Imaging-1.1.7.tar.gz
     cd Imaging-1.1.7
     python2.7 setup.py install   <span class="comment">#注意是python2.7！否则安装也是按系统python2.6编译的，会导致seafile安装不了</span>

5. 安装seafile服务器

   cd /home/seafile/seafile-server-5.1.1
   ./setup-seafile-mysql.sh

   接下来按照提示一步步填写就ok了.
6. 修改防火墙

   $ vim /etc/sysconfig/iptables
   -A INPUT -p tcp -<span class="keyword">m</span> <span class="keyword">state</span> --<span class="keyword">state</span> NEW -<span class="keyword">m</span> tcp --dport <span class="number">8000</span> -j ACCEPT
   -A INPUT -p tcp -<span class="keyword">m</span> <span class="keyword">state</span> --<span class="keyword">state</span> NEW -<span class="keyword">m</span> tcp --dport <span class="number">8082</span> -j ACCEPT

7. 启动、停止seafile服务器

   ./seafile.sh start
   ./seahub.sh start

   ./seafile.sh stop
   ./seafile.sh stop

至此个人网盘就搭建成功了。
当然个人网盘远不能满足我们需求，让我们再看看企业级网盘的应用。

1. Nginx结合HTTPS下配置seahub保证传输的加密性1）在/home/seafile下生成证书

   openssl genrsa -<span class="keyword">out</span> privkey.pem <span class="number">2048</span>
   openssl req -<span class="keyword">new</span> -x509 -key privkey.pem -<span class="keyword">out</span> cacert.pem -days <span class="number">1095</span>

   2）nginx配置文件示例
   

   server {
      <span class="keyword">listen</span>       <span class="number">80</span>;
      server_name  www.yourdoamin.com;
      rewrite ^ <a href="https://%24http_host%24request_uri/?" target="_blank">https:<span class="regexp">//</span><span class="variable">$http_host</span><span class="variable">$request_uri</span>?</a> permanent;    <span class="comment">#强制将http重定向到https</span>
    }
    server {
      <span class="keyword">listen</span> <span class="number">443</span>;
      ssl on;
      ssl_certificate /home/seafile/cacert.pem;            <span class="comment">#cacert.pem 文件路径</span>
      ssl_certificate_key /home/seafile/privkey.pem;    <span class="comment">#privkey.pem 文件路径</span>
      server_name www.yourdoamin.com;
      proxy_set_header X-Forwarded-For <span class="variable">$remote_addr</span>;
      location / {
          fastcgi_pass    <span class="number">127.0</span>.<span class="number">0</span>.<span class="number">1</span>:<span class="number">8000</span>;
          fastcgi_param   SCRIPT_FILENAME     <span class="variable">$document_root</span><span class="variable">$fastcgi_script_name</span>;
          fastcgi_param   PATH_INFO           <span class="variable">$fastcgi_script_name</span>;
          fastcgi_param   SERVER_PROTOCOL    <span class="variable">$server_protocol</span>;
          fastcgi_param   QUERY_STRING        <span class="variable">$query_string</span>;
          fastcgi_param   REQUEST_METHOD      <span class="variable">$request_method</span>;
          fastcgi_param   CONTENT_TYPE        <span class="variable">$content_type</span>;
          fastcgi_param   CONTENT_LENGTH      <span class="variable">$content_length</span>;
          fastcgi_param   SERVER_ADDR         <span class="variable">$server_addr</span>;
          fastcgi_param   SERVER_PORT         <span class="variable">$server_port</span>;
          fastcgi_param   SERVER_NAME         <span class="variable">$server_name</span>;
          fastcgi_param   HTTPS               on;
          fastcgi_param   HTTP_SCHEME         https;
          access_log      /var/<span class="keyword">log</span>/nginx/seahub.access.<span class="keyword">log</span>;
          error_log       /var/<span class="keyword">log</span>/nginx/seahub.error.<span class="keyword">log</span>;
      }
      location /seafhttp {
          rewrite ^<span class="regexp">/seafhttp(.*)$ $1 break;
          proxy_pass <a href="http://127.0.0.1:8082/" target="_blank">http:/</a></span><a href="http://127.0.0.1:8082/" target="_blank"><span class="regexp">/127.0.0.1:8082</span></a><span class="regexp">;
          client_max_body_size 0;
          proxy_connect_timeout  36000s;
          proxy_read_timeout  36000s;
      }
      location /media</span> {
          root /home/seafile/seafile-server-latest/seahub;
      }
    }

   3）重新加载nginx
   

   ../../sbin/nginx -t
   ../../sbin/nginx -s reload

   4）修改 SERVICE_URL 和 FILE_SERVER_ROOT
   

   <span class="variable">$ </span>vim seafile/conf/ccnet
   <span class="constant">SERVICE_URL</span> = <a href="http://your/" target="_blank"><span class="symbol">http:</span>/<span class="regexp">/your</span></a><span class="regexp"> domain name</span>

   <span class="variable">$ </span>vim seafile/conf/seahub_setting.py
   <span class="constant">FILE_SERVER_ROOT</span> = <span class="string">'<a href="https://seafile.in66.cc/seafhttp" target="_blank">https://seafile.in66.cc/seafhttp</a>'</span>

   5）修改防火墙 增加开放443端口
   

   -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

2. 使用memcached提高性能
   1）yum安装memcache
   2）启动memcached
   3）编辑sehub_settings.py添加相关配置

   CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': '127.0.0.1:11211',
    }
   }

3. 编写service服务脚本，实现开启自启动1）创建/etc/sysconfig/seafile

   <span class="variable">$ </span>vim /etc/sysconfig/seafile
   user=root
   seafile_dir=<span class="regexp">/home/seafile</span>
   script_path=<span class="variable">${</span>seafile_dir}/seafile-server-latest
   seafile_init_log=<span class="variable">${</span>seafile_dir}/logs/seafile.init.log
   seahub_init_log=<span class="variable">${</span>seafile_dir}/logs/seahub.init.log
   fastcgi=<span class="keyword">true</span>
   fastcgi_port=<span class="number">8000</span>

2）创建/etc/init.d/seafile文件

$ vim /etc/init.d/seafile
<span class="comment">#!/bin/bash</span>
<span class="comment">#</span>
<span class="comment"># seafile</span>
<span class="comment">#</span>
<span class="comment"># chkconfig: - 68 32</span>
<span class="comment"># description: seafile</span>
<span class="comment"># Source function library.</span>
. <span class="regexp">/etc/init</span>.d/functions
<span class="comment"># Source networking configuration.</span>
. <span class="regexp">/etc/sysconfig</span><span class="regexp">/network
if [ -f /etc</span><span class="regexp">/sysconfig/seafile</span> ];then
        . <span class="regexp">/etc/sysconfig</span><span class="regexp">/seafile
        else
            echo "Config file /etc</span><span class="regexp">/sysconfig/seafile</span> <span class="keyword">not</span> found! Bye.<span class="string">"
            exit 200
        fi
RETVAL=0
start() {
        # Start daemons.
        echo -n <span class="variable">$"</span>Starting seafile: "</span>
        ulimit -n <span class="number">30000</span>
        su - <span class="variable">${user}</span> -c<span class="string">"<span class="subst">${script_path}</span>/seafile.sh start >> <span class="subst">${seafile_init_log}</span> 2>&1"</span>
        RETVAL=<span class="variable">$?</span>
        echo
        [ <span class="variable">$RETVAL</span> -eq <span class="number">0</span> ] && touch /var/lock/subsys/seafile
        <span class="keyword">return</span> <span class="variable">$RETVAL</span>
}
stop() {
        echo -n <span class="variable">$"</span>Shutting down seafile: <span class="string">"
        su - <span class="subst">${user}</span> -c"</span><span class="variable">${script_path}</span>/seafile.sh stop >> <span class="variable">${seafile_init_log}</span> <span class="number">2</span>>&<span class="number">1</span><span class="string">"
        RETVAL=<span class="variable">$?</span>
        echo
        [ <span class="variable">$RETVAL</span> -eq 0 ] && rm -f /var/lock/subsys/seafile
        return <span class="variable">$RETVAL</span>
}
# See how we were called.
case "</span><span class="variable">$1</span><span class="string">" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart|reload)
        stop
        start
        RETVAL=<span class="variable">$?</span>
        ;;
  <span class="variable">*)</span>
        echo <span class="variable">$"</span>Usage: <span class="variable">$0</span> {start|stop|restart}"</span>
        RETVAL=<span class="number">3</span>
esac
<span class="keyword">exit</span> <span class="variable">$RETVAL</span>

3）创建/etc/init.d/seahub文件

$ vim /etc/init.d/seahub
<span class="comment">#!/bin/bash</span>
<span class="comment">#</span>
<span class="comment"># seahub</span>
<span class="comment">#</span>
<span class="comment"># chkconfig: - 69 31</span>
<span class="comment"># description: seahub</span>
<span class="comment"># Source function library.</span>
. <span class="regexp">/etc/init</span>.d/functions
<span class="comment"># Source networking configuration.</span>
. <span class="regexp">/etc/sysconfig</span><span class="regexp">/network
if [ -f /etc</span><span class="regexp">/sysconfig/seafile</span> ];then
        . <span class="regexp">/etc/sysconfig</span><span class="regexp">/seafile
        else
            echo "Config file /etc</span><span class="regexp">/sysconfig/seafile</span> <span class="keyword">not</span> found! Bye.<span class="string">"
            exit 200
        fi
RETVAL=0
start() {
        # Start daemons.
        echo -n <span class="variable">$"</span>Starting seahub: "</span>
        ulimit -n <span class="number">30000</span>
        <span class="keyword">if</span> [  <span class="variable">$fastcgi</span> = true ];
                then
                su - <span class="variable">${user}</span> -c<span class="string">"<span class="subst">${script_path}</span>/seahub.sh start-fastcgi <span class="subst">${fastcgi_port}</span> >> <span class="subst">${seahub_init_log}</span> 2>&1"</span>
                <span class="keyword">else</span>
                su - <span class="variable">${user}</span> -c<span class="string">"<span class="subst">${script_path}</span>/seahub.sh start >> <span class="subst">${seahub_init_log}</span> 2>&1"</span>
                fi
        RETVAL=<span class="variable">$?</span>
        echo
        [ <span class="variable">$RETVAL</span> -eq <span class="number">0</span> ] && touch /var/lock/subsys/seahub
        <span class="keyword">return</span> <span class="variable">$RETVAL</span>
}
stop() {
        echo -n <span class="variable">$"</span>Shutting down seafile: <span class="string">"
        su - <span class="subst">${user}</span> -c"</span><span class="variable">${script_path}</span>/seahub.sh stop >> <span class="variable">${seahub_init_log}</span> <span class="number">2</span>>&<span class="number">1</span><span class="string">"
        RETVAL=<span class="variable">$?</span>
        echo
        [ <span class="variable">$RETVAL</span> -eq 0 ] && rm -f /var/lock/subsys/seahub
        return <span class="variable">$RETVAL</span>
}
# See how we were called.
case "</span><span class="variable">$1</span><span class="string">" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart|reload)
        stop
        start
        RETVAL=<span class="variable">$?</span>
        ;;
  <span class="variable">*)</span>
        echo <span class="variable">$"</span>Usage: <span class="variable">$0</span> {start|stop|restart}"</span>
        RETVAL=<span class="number">3</span>
esac
<span class="keyword">exit</span> <span class="variable">$RETVA</span>

4）接下来启动程序

chmod 550 /etc/init.d/seafile
chmod 550 /etc/init.d/seahub
chkconfig <span class="comment">--add seafile</span>
chkconfig <span class="comment">--add seahub</span>
chkconfig seahub on
chkconfig seafile on

5）执行

service seafile start
service seahub start

企业版的网盘就ok啦！可以给几百人个人都不是事！
美中不足的一点是每个人的账号密码都需要管理员手工常见，麻烦，费事，下面再介绍个更加高大上的，结合ldap来进行认证。

1. ldap的认证配置我这里就不多说。自行google下。
2. 结合ldap。
   • 这里我使用Email方式。因为ldap配置时公司几乎都会给个Email账号这样方便在seafile中区分唯一id。

配置说明：

<span class="title">[LDAP]</span>
<span class="setting">HOST = <span class="value">ldap://<span class="number">192.168</span>.<span class="number">1.123</span>/  #ldap地址</span></span>
<span class="setting">BASE = <span class="value">cn=users,accounts,dc=example,dc=com  #根据你自己的ldap结构来配置</span></span>
<span class="setting">USER_DN = <span class="value">administrator@example.local</span></span>
<span class="setting">PASSWORD = <span class="value">secret</span></span>
<span class="setting">LOGIN_ATTR = <span class="value">mail</span></span>

下面是我的ldap配置：

<span class="title">[LDAP]</span>
<span class="setting">HOST = <span class="value">ldap://<span class="number">10.10</span>.<span class="number">106.201</span>/</span></span>
<span class="setting">BASE = <span class="value">cn=users,cn=accounts,dc=in77,dc=cc</span></span>
<span class="setting">LOGIN_ATTR = <span class="value">mail</span></span>

说明：我没配USER_DN和PASSWORD,因为我的ldap用户匿名用户就可以访问。我刚配的时候就是坑啊！配了USER_DN，死活没用。踩坑成功。。

1. 完成后，直接用ldap账号密码就可以登陆seafile了。

小结：
seafile还是很强的，可以给文件加密来分享给别人。即使管理员也看不了！
可以分组，只给组内人分享。

相关链接：
seafile手册
seafile手册2

--------------

下面我们来说一下我们需要用到的软件，当然都是部署在服务器端的，首先是云盘软件，私人云软件有很多，我选择的是seafile，开源软件，也有付费版，专业团队维护，开源软件不用担心有后门之类的，大家有兴趣可以去官网看看Seafile，支持安卓，iPhone，iPad，mac，windows，linux客户端，我建议大家用linux系统去搭建，官网有搭建教程，有技术的可以去自己试试.