Skip to main content

Matt-Cloud Drive

Here are the updated configurations for the LDAP/OIDC sync. What that means is that, if you can configure this properly, it will auto login with the authelia SSO you already have set up. This has been anonymized and not proofread terribly well, so if you are gonna try to replicate this, make sure you pretend like this was written by ChatGPT and verify everything. 

Another few notes, specifically about onlyoffice integration. It seems like it needs to be blown up when it's restarted. Make new dirs and destroy the container and restart it. Seemed to work when saving stopped working when consolidating this shite. 

Additional notes about domains. The seafile domain should be drive.domain.com, and will need 80 & 443 pointed at the real IP on the host, in this example 192.168.1.10. The onlyoffice instance DNS is office.domain.com and should be pointed at the IP and port in this example 10.20.1.1:81. The IPs can be changed as needed. Please note that in my setup I have a proxy managing most of the domain.com in this example, and this is what handles the SSL certs for office.domain.com. Since I have multiple public static IPs, I can have my firewall point one IP to drive and another IP to office. If you only have a single external IP, you can disable the SSL in seafile and probably rig it all through a single proxy. 

seahub_settings.py 
# -*- coding: utf-8 -*-
SECRET_KEY = "deadbeefsecretlolz"
SERVICE_URL = "http://drive.domain.com"

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'seahub_db',
        'USER': 'seafile',
        'PASSWORD': 'deadbeefsecretlolz',
        'HOST': '10.20.1.1',
        'PORT': '3306',
        'OPTIONS': {'charset': 'utf8mb4'},
    }
}


CACHES = {
    'default': {
        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
        'LOCATION': 'memcached:11211',
    },
    'locmem': {
        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
    },
}
COMPRESS_CACHE_BACKEND = 'locmem'

TIME_ZONE = 'America/Los_Angeles'
FILE_SERVER_ROOT = 'https://drive.domain.com/seafhttp'


ENABLE_LDAP = True
LDAP_SERVER_URL = 'ldap://192.168.1.15'
LDAP_BASE_DN = 'OU=Users,DC=domain,DC=local'
LDAP_ADMIN_DN = 'docker-ldap@domain.local'
LDAP_ADMIN_PASSWORD = 'deadbeefsecretlolz'
LDAP_PROVIDER = 'ldap'
LDAP_LOGIN_ATTR = 'sAMAccountName'
LDAP_USER_FIRST_NAME_ATTR = 'givenName'
LDAP_USER_LAST_NAME_ATTR = 'sn'
LDAP_USER_NAME_REVERSE = False
SSO_LDAP_USE_SAME_UID = True
LDAP_FILTER = 'memberOf=CN=Seafile,OU=AD-Groups,OU=Users,DC=domain,DC=local'

ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = False
OAUTH_CLIENT_ID = "matt-drive-oidc"
OAUTH_CLIENT_SECRET = "deadbeefsecretlolz"
OAUTH_REDIRECT_URL = 'https://drive.domain.com/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = 'auth.domain.com'
OAUTH_AUTHORIZATION_URL = 'https://auth.domain.com/api/oidc/authorization'
OAUTH_TOKEN_URL = 'https://auth.domain.com/api/oidc/token'
OAUTH_USER_INFO_URL = 'https://auth.domain.com/api/oidc/userinfo'
OAUTH_SCOPE = [
    "openid",
    "profile",
    "email",
]
OAUTH_ATTRIBUTE_MAP = {
    "preferred_username": (True, "uid") ,
    "preferred_username": (True, "email"),
    "name": (False, "name"),
}

ENABLE_SEADOC = True
SEADOC_PRIVATE_KEY = 'deadbeefsecretlolz'  # sdoc-server private_key
SEADOC_SERVER_URL = 'https://drive.domain.com/sdoc-server'  # sdoc-server service url
# When SeaDoc and Seafile/Seafile docker are deployed on the same host, SEADOC_SERVER_URL should be 'https://seafile.example.com/sdoc-server'
FILE_CONVERTER_SERVER_URL = 'http://192.168.1.10:8888'  # converter-server url
# When SeaDoc and Seafile are deployed on the same host, FILE_CONVERTER_SERVER_URL should be LAN address 'http://127.0.0.1:8888'
# When SeaDoc and Seafile docker are deployed on the same host, FILE_CONVERTER_SERVER_URL should be http://sdoc-server:8888
# M@O8VWUb81YvmtWLHGB2I_V7di5-@0p(MF*GrE!sIws23F

ENABLE_ONLYOFFICE = True
ONLYOFFICE_APIJS_URL = 'https://office.domain.com/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')
ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx','pptx','xlsx')
ONLYOFFICE_JWT_SECRET = 'deadbeefsecretlolz'
docker-compose.yaml 
services:

  seafile:
    image: seafileltd/seafile-mc:12.0-latest
    container_name: mc-drive-seafile
    restart: always
    ports:
      - "192.168.1.10:80:80"
      - "192.168.1.10:443:443"  
    volumes:
      # On my setup, the folder /media/seafile 
      # maps to an 8TB volume
      # as this is where the data lives
      - /media/seafile/data:/shared
      # These are for config files
      - ./seahub_settings.py:/shared/seafile/conf/seahub_settings.py
      - ./seafile.nginx.conf:/shared/nginx/conf/seafile.nginx.conf
    environment:
      - DB_HOST=10.20.1.1
      - DB_ROOT_PASSWD=deadbeefsecretlol
      - DB_PASSWORD=deadbeefsecretlol
      - TIME_ZONE=America/Los_Angeles
      - SEAFILE_SERVER_HOSTNAME=drive.domain.com
      - SEAFILE_SERVER_PROTOCOL=https
      - SEAFILE_SERVER_LETSENCRYPT=true
      - SITE_ROOT=/
      - JWT_PRIVATE_KEY=deadbeefsecretlol
      - ENABLE_SEADOC=true
      - SEADOC_SERVER_URL=https://drive.domain.com/sdoc-server
    depends_on:
      - db
      - memcached
    networks:
      - net


  seadoc:
    image: seafileltd/sdoc-server:1.0-latest
    container_name: seadoc
    volumes:
      - /media/docker/seafile/seadoc-data/:/shared
    environment:
      - DB_HOST=10.20.1.1
      - DB_PORT=3306
      - DB_USER=root
      - DB_PASSWORD=deadbeefsecretlol
      - DB_NAME=seahub_db
      - TIME_ZONE=America/Los_Angeles
      - JWT_PRIVATE_KEY=deadbeefsecretlol
      - SEAHUB_SERVICE_URL=https://drive.domain.com
      - SDOC_SERVER_LETSENCRYPT=true # Whether to use https or not.
      - SDOC_SERVER_HOSTNAME=drive.domain.com # Specifies your host name if https is enabled.
    ports:
      - 192.168.1.20:7070:7070
      - 192.168.1.20:8888:8888
    networks:
      - net

  db:
    image: mariadb:10.11
    restart: always
    container_name: mc-drive-seafile-mysql
    ports:
      - "10.20.1.1:3306:3306"
    environment:
      - MYSQL_ROOT_PASSWORD=deadbeefsecretlol
      - MYSQL_LOG_CONSOLE=true
      - MARIADB_AUTO_UPGRADE=1
    volumes:
      - /media/docker/seafile/db:/var/lib/mysql
    networks:
      - net


  memcached:
    image: memcached:1.6.29
    restart: always
    container_name: mc-drive-seafile-memcached
    entrypoint: memcached -m 256
    networks:
      - net


  onlyoffice:
    image: onlyoffice/documentserver
    container_name: office.domain.com
    environment:
      - JWT_SECRET=deadbeefsecretlol
      - JWT_ENABLED=true
    restart: always
    networks:
      - net
    volumes:
      - log:/var/log/onlyoffice
      - etc-oo:/etc/onlyoffice
      - www:/var/www/onlyoffice/Data
      - var-oo:/var/lib/onlyoffice
      - var-db:/var/lib/postgresql
    ports:
      - "10.20.1.1:81:80"


volumes:
  log:
    driver: local
    driver_opts:
      type: none
      device: /media/docker/seafile/onlyoffice/log
      o: bind
  www:
    driver: local
    driver_opts:
      type: none
      device: /media/docker/seafile/onlyoffice/www
      o: bind
  etc-oo:
    driver: local
    driver_opts:
      type: none
      device: /media/docker/seafile/onlyoffice/etc-oo
      o: bind
  var-oo:
    driver: local
    driver_opts:
      type: none
      device: /media/docker/seafile/onlyoffice/var-oo
      o: bind
  var-db:
    driver: local
    driver_opts:
      type: none
      device: /media/docker/seafile/onlyoffice/var-db
      o: bind
      
networks:
  net:
    driver: bridge
    ipam:
      driver: default
      config:
        -
          subnet: 10.20.1.0/24
No Comments
Back to top