From 3b6abf0d37016b652d572566ce04110d1fe1b2ae Mon Sep 17 00:00:00 2001 From: George Wilkins Date: Tue, 26 May 2026 17:28:35 +0100 Subject: [PATCH] Added Seafile folder, ReadMe, Compose and .env files. --- services/seafile/.env | 43 +++++++++++ services/seafile/README.md | 27 +++++++ services/seafile/compose.yaml | 135 ++++++++++++++++++++++++++++++++++ 3 files changed, 205 insertions(+) create mode 100644 services/seafile/.env create mode 100644 services/seafile/README.md create mode 100644 services/seafile/compose.yaml diff --git a/services/seafile/.env b/services/seafile/.env new file mode 100644 index 0000000..90e46f9 --- /dev/null +++ b/services/seafile/.env @@ -0,0 +1,43 @@ +#version=1.1 +#URL=https://github.com/tailscale-dev/ScaleTail +#COMPOSE_PROJECT_NAME= # Optional: only use when running multiple deployments on the same infrastructure. + +# Service Configuration +SERVICE= seafile # Service name (e.g., adguard). Used as hostname in Tailscale and for container naming (app-${SERVICE}). +SEAFILE_IMAGE=seafileltd/seafile-mc:13.0-latest # Docker image URL from container registry (e.g., adguard/adguard-home). +SEAFILE_DB_IMAGE=mariadb:10.11 +SEAFILE_MEMCACHED_IMAGE=memcached:1.6.29 + +# Network Configuration +SERVICEPORT= # Port to expose to local network. Uncomment the "ports:" section in compose.yaml to enable. +DNS_SERVER=9.9.9.9 # Preferred DNS server for Tailscale. Uncomment the "dns:" section in compose.yaml to enable. + +# Tailscale Configuration +TS_AUTHKEY= # Auth key from https://tailscale.com/admin/authkeys. See: https://tailscale.com/kb/1085/auth-keys#generate-an-auth-key for instructions. + +# Optional Service variables +# PUID=1000 + +#Time Zone setting for containers +TZ=Europe/London # See: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones + +# Any Container environment variables are declared below. See https://docs.docker.com/compose/how-tos/environment-variables/ + +#EXAMPLE_VAR="Environment varibale" +SEAFILE_VOLUME=./seafile-data +SEAFILE_MYSQL_VOLUME=./db +SEAFILE_MYSQL_DB_HOST=db +INIT_SEAFILE_MYSQL_ROOT_PASSWORD=REPLACE_WITH_RANDOM_ALPHANUMERIC_PASSWORD +SEAFILE_MYSQL_DB_USER=seafile +SEAFILE_MYSQL_DB_PASSWORD=REPLACE_WITH_RANDOM_ALPHANUMERIC_PASSWORD +TIME_ZONE=Etc/UTC +JWT_PRIVATE_KEY= #A random string with a length of no less than 32 characters, generate example: pwgen -s 40 1 +SEAFILE_SERVER_HOSTNAME= seafile.tail-scale.ts.net # update with specific MagicDNS suffix +SEAFILE_SERVER_PROTOCOL=https +INIT_SEAFILE_ADMIN_EMAIL= ADD_EMAIL_ADDRESS_HERE +INIT_SEAFILE_ADMIN_PASSWORD= REPLACE_WITH_RANDOM_ALPHANUMERIC_PASSWORD +ENABLE_SEADOC=false +ENABLE_NOTIFICATION_SERVER=false +CACHE_PROVIDER=memcached +MEMCACHED_HOST=app-seafile-memcached +MEMCACHED_PORT=11211 \ No newline at end of file diff --git a/services/seafile/README.md b/services/seafile/README.md new file mode 100644 index 0000000..f1361e1 --- /dev/null +++ b/services/seafile/README.md @@ -0,0 +1,27 @@ +# Seafile with Tailscale Sidecar Configuration + +This Docker Compose configuration sets up [Seafile Community Edition](https://www.seafile.com/en/product/seafile_on_premise/) with Tailscale as a sidecar container to keep the app reachable over your Tailnet. + +## Seafile + +[Seafile Community Edition](https://www.seafile.com/en/product/seafile_on_premise/) is an open‑source, self‑hosted file syncing and collaboration platform that lets individuals and small teams store, share, and version their files on their own servers. It provides fast, reliable file synchronization and team collaboration features. Think self-hosted OneDrive or Dropbox. + +## Configuration Overview + +In this setup, the `tailscale-seafile` service runs Tailscale, which manages secure networking for Seafile. The Seafile service utilizes the Tailscale network stack via Docker's `network_mode: service:` configuration. This keeps the app Tailnet-only unless you intentionally expose ports. + +## Notes + +- This configuration is intended for small (single digit) groups of users. It omits the SeaDoc, Collabora and Notification servers, and uses Memcached instead of Redis. You would probably want all of those things in a large deployment. +- Additional Docker Compose settings for Seafile can be found here: https://manual.seafile.com/latest/setup/setup_ce_by_docker/ + +## Files to check + +Please check the following contents for validity as some variables need to be defined upfront. + +- `TS_AUTHKEY`: Paste in an Auth Key for your Tailnet. +- Volumes: Update the locations for the `SEAFILE_VOLUME` and `SEAFILE_MYSQL_VOLUME` in .ENV. +- Passwords: There are three passwords (for MySQL/MariaDB and intial Seafile administrator) which need to be set in .ENV. +- Admin Email: Update `INIT_SEAFILE_ADMIN_EMAIL`. This doesn't have to be a valid email address, although you can configure SMTP notifications in Seafile, which will require a valid email address. +- `JWT_PRIVATE_KEY`: Generate this by running "pwgen -s 40 1". +- `SEAFILE_SERVER_HOSTNAME`: Update the FQDN to match your Tailnet MagicDNS suffix. diff --git a/services/seafile/compose.yaml b/services/seafile/compose.yaml new file mode 100644 index 0000000..addebbc --- /dev/null +++ b/services/seafile/compose.yaml @@ -0,0 +1,135 @@ +configs: + ts-serve: + content: | + {"TCP":{"443":{"HTTPS":true}}, + "Web":{"$${TS_CERT_DOMAIN}:443": + {"Handlers":{"/": + {"Proxy":"http://127.0.0.1:80"}}}}, + "AllowFunnel":{"$${TS_CERT_DOMAIN}:443":false}} + +services: + # Make sure you have updated/checked the .env file with the correct variables. + # All the ${xx} need to be defined there. + # Tailscale Sidecar Configuration + tailscale: + image: tailscale/tailscale:latest # Image to be used + container_name: tailscale-${SERVICE} # Name for local container management + hostname: ${SERVICE} # Name used within your Tailscale environment + environment: + - TS_AUTHKEY=${TS_AUTHKEY} + - TS_STATE_DIR=/var/lib/tailscale + - TS_SERVE_CONFIG=/config/serve.json # Tailscale Serve configuration to expose the web interface on your local Tailnet - remove this line if not required + - TS_USERSPACE=false + # Uncomment this line and comment out TS_AUTH_ONCE if you want to the service to receive advertised routes, or add other arguements. + #- TS_EXTRA_ARGS=--accept-routes=true + - TS_ENABLE_HEALTH_CHECK=true # Enable healthcheck endpoint: "/healthz" + - TS_LOCAL_ADDR_PORT=127.0.0.1:41234 # The : for the healthz endpoint + #- TS_ACCEPT_DNS=true # Uncomment when using MagicDNS + - TS_AUTH_ONCE=true + configs: + - source: ts-serve + target: /config/serve.json + volumes: + - ./config:/config # Config folder used to store Tailscale files - you may need to change the path + - ./ts/state:/var/lib/tailscale # Tailscale requirement - you may need to change the path + devices: + - /dev/net/tun:/dev/net/tun # Network configuration for Tailscale to work + cap_add: + - net_admin # Tailscale requirement + #ports: + # - 0.0.0.0:${SERVICEPORT}:${SERVICEPORT} # Binding port ${SERVICE}PORT to the local network - may be removed if only exposure to your Tailnet is required + # If any DNS issues arise, use your preferred DNS provider by uncommenting the config below + #dns: + # - ${DNS_SERVER} + healthcheck: + test: ["CMD", "wget", "--spider", "-q", "http://127.0.0.1:41234/healthz"] # Check Tailscale has a Tailnet IP and is operational + interval: 1m # How often to perform the check + timeout: 10s # Time to wait for the check to succeed + retries: 3 # Number of retries before marking as unhealthy + start_period: 10s # Time to wait before starting health checks + restart: always + + db: + image: ${SEAFILE_DB_IMAGE:-mariadb:10.11} + container_name: app-${SERVICE}-db + restart: unless-stopped + environment: + - MYSQL_ROOT_PASSWORD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-} + - MYSQL_LOG_CONSOLE=true + - MARIADB_AUTO_UPGRADE=1 + volumes: + - "${SEAFILE_MYSQL_VOLUME:-/opt/seafile-mysql/db}:/var/lib/mysql" + healthcheck: + test: + [ + "CMD", + "/usr/local/bin/healthcheck.sh", + "--connect", + "--mariadbupgrade", + "--innodb_initialized", + ] + interval: 20s + start_period: 30s + timeout: 5s + retries: 10 + + memcached: + image: ${SEAFILE_MEMCACHED_IMAGE:-memcached:1.6.29} + container_name: app-${SERVICE}-memcached + entrypoint: memcached -m 256 + + seafile: + image: ${SEAFILE_IMAGE:-seafileltd/seafile-mc:13.0-latest} + container_name: app-${SERVICE} + network_mode: service:tailscale + restart: unless-stopped + #ports: + #- "80:80" + volumes: + - ${SEAFILE_VOLUME:-/opt/seafile-data}:/shared + environment: + - SEAFILE_MYSQL_DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db} + - SEAFILE_MYSQL_DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306} + - SEAFILE_MYSQL_DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile} + - SEAFILE_MYSQL_DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty} + - INIT_SEAFILE_MYSQL_ROOT_PASSWORD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-} + - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db} + - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db} + - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db} + - TIME_ZONE=${TIME_ZONE:-Etc/UTC} + - INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:-me@example.com} + - INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret} + - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty} + - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-https} + - SITE_ROOT=${SITE_ROOT:-/} + - NON_ROOT=${NON_ROOT:-false} + - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty} + - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false} + - ENABLE_GO_FILESERVER=${ENABLE_GO_FILESERVER:-true} + - ENABLE_SEADOC=${ENABLE_SEADOC:-true} + - SEADOC_SERVER_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}/sdoc-server + - CACHE_PROVIDER=${CACHE_PROVIDER:-redis} + - REDIS_HOST=${REDIS_HOST:-redis} + - REDIS_PORT=${REDIS_PORT:-6379} + - REDIS_PASSWORD=${REDIS_PASSWORD:-} + - MEMCACHED_HOST=${MEMCACHED_HOST:-memcached} + - MEMCACHED_PORT=${MEMCACHED_PORT:-11211} + - ENABLE_NOTIFICATION_SERVER=${ENABLE_NOTIFICATION_SERVER:-false} + - INNER_NOTIFICATION_SERVER_URL=${INNER_NOTIFICATION_SERVER_URL:-http://notification-server:8083} + - NOTIFICATION_SERVER_URL=${NOTIFICATION_SERVER_URL:-${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}/notification} + - ENABLE_SEAFILE_AI=${ENABLE_SEAFILE_AI:-false} + - ENABLE_FACE_RECOGNITION=${ENABLE_FACE_RECOGNITION:-false} + - SEAFILE_AI_SERVER_URL=${SEAFILE_AI_SERVER_URL:-http://seafile-ai:8888} + - SEAFILE_AI_SECRET_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty} + - MD_FILE_COUNT_LIMIT=${MD_FILE_COUNT_LIMIT:-100000} + healthcheck: + test: ["CMD-SHELL", "curl -f http://localhost:80 || exit 1"] + interval: 30s + timeout: 10s + retries: 3 + start_period: 10s + depends_on: + db: + condition: service_healthy + memcached: + condition: service_started \ No newline at end of file