Matt-Cloud Drive
Here are the updated configurations for the LDAP/OIDC sync. This has been anonymized and not proofread terribly well, so if you are gonna try to replicate this, make sure you pretend like this was written by ChatGPT and verify everything.
Another few notes, specifically about onlyoffice integration. After starting the containers for the first time, onlyoffice will generate a jwt token. This is the token that needs to be added to the seahub settings file. I am making this note much later than the original file.
seahub_settings.py
# -*- coding: utf-8 -*-
SECRET_KEY = "deadbeefsecretlolz"
SERVICE_URL = "http://drive.domain.com"
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub_db',
'USER': 'seafile',
'PASSWORD': 'deadbeefsecretlolz',
'HOST': '192.168.1.10',
'PORT': '3306',
'OPTIONS': {'charset': 'utf8mb4'},
}
}
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': 'memcached:11211',
},
'locmem': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
},
}
COMPRESS_CACHE_BACKEND = 'locmem'
TIME_ZONE = 'America/Los_Angeles'
FILE_SERVER_ROOT = 'https://drive.domain.com/seafhttp'
ENABLE_LDAP = True
LDAP_SERVER_URL = 'ldap://192.168.1.15'
LDAP_BASE_DN = 'OU=Users,DC=domain,DC=local'
LDAP_ADMIN_DN = 'docker-ldap@domain.local'
LDAP_ADMIN_PASSWORD = 'deadbeefsecretlolz'
LDAP_PROVIDER = 'ldap'
LDAP_LOGIN_ATTR = 'sAMAccountName'
LDAP_USER_FIRST_NAME_ATTR = 'givenName'
LDAP_USER_LAST_NAME_ATTR = 'sn'
LDAP_USER_NAME_REVERSE = False
SSO_LDAP_USE_SAME_UID = True
LDAP_FILTER = 'memberOf=CN=Seafile,OU=AD-Groups,OU=Users,DC=domain,DC=local'
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = False
OAUTH_CLIENT_ID = "matt-drive-oidc"
OAUTH_CLIENT_SECRET = "deadbeefsecretlolz"
OAUTH_REDIRECT_URL = 'https://drive.domain.com/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = 'auth.domain.com'
OAUTH_AUTHORIZATION_URL = 'https://auth.domain.com/api/oidc/authorization'
OAUTH_TOKEN_URL = 'https://auth.domain.com/api/oidc/token'
OAUTH_USER_INFO_URL = 'https://auth.domain.com/api/oidc/userinfo'
OAUTH_SCOPE = [
"openid",
"profile",
"email",
]
OAUTH_ATTRIBUTE_MAP = {
"preferred_username": (True, "uid") ,
"preferred_username": (True, "email"),
"name": (False, "name"),
}
ENABLE_SEADOC = True
SEADOC_PRIVATE_KEY = 'deadbeefsecretlolz' # sdoc-server private_key
SEADOC_SERVER_URL = 'https://drive.domain.com/sdoc-server' # sdoc-server service url
# When SeaDoc and Seafile/Seafile docker are deployed on the same host, SEADOC_SERVER_URL should be 'https://seafile.example.com/sdoc-server'
FILE_CONVERTER_SERVER_URL = 'http://192.168.1.20:8888' # converter-server url
# When SeaDoc and Seafile are deployed on the same host, FILE_CONVERTER_SERVER_URL should be LAN address 'http://127.0.0.1:8888'
# When SeaDoc and Seafile docker are deployed on the same host, FILE_CONVERTER_SERVER_URL should be http://sdoc-server:8888
# M@O8VWUb81YvmtWLHGB2I_V7di5-@0p(MF*GrE!sIws23F
ENABLE_ONLYOFFICE = True
ONLYOFFICE_APIJS_URL = 'https://office.matt-cloud.com/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')
ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx','pptx','xlsx')
ONLYOFFICE_JWT_SECRET = 'deadbeefsecretlolz'
docker-compose.yaml
services:
seafile:
image: seafileltd/seafile-mc:12.0-latest
container_name: mc-drive-seafile
restart: always
ports:
- "192.168.1.8:80:80"
- "192.168.1.8:443:443"
volumes:
# On my setup, the folder /media/seafile
# maps to an 8TB volume
# as this is where the data lives
- /media/seafile/data:/shared
environment:
- DB_HOST=10.30.31.1
- DB_ROOT_PASSWD=deadbeefsecretlol
- DB_PASSWORD=deadbeefsecretlol
- TIME_ZONE=America/Los_Angeles
- SEAFILE_SERVER_HOSTNAME=drive.domain.com
- SEAFILE_SERVER_PROTOCOL=https
- SEAFILE_SERVER_LETSENCRYPT=true
- SITE_ROOT=/
- JWT_PRIVATE_KEY=deadbeefsecretlol
- ENABLE_SEADOC=true
- SEADOC_SERVER_URL=https://drive.domain.com/sdoc-server
depends_on:
- db
- memcached
networks:
- net
seadoc:
image: seafileltd/sdoc-server:1.0-latest
container_name: seadoc
volumes:
- /media/docker/seafile/seadoc-data/:/shared
# ports:
# - "80:80"
environment:
- DB_HOST=192.168.1.10
- DB_PORT=3306
- DB_USER=root
- DB_PASSWORD=deadbeefsecretlol
- DB_NAME=seahub_db
- TIME_ZONE=America/Los_Angeles
- JWT_PRIVATE_KEY=deadbeefsecretlol
- SEAHUB_SERVICE_URL=https://drive.domain.com
- SDOC_SERVER_LETSENCRYPT=true # Whether to use https or not.
- SDOC_SERVER_HOSTNAME=drive.domain.com # Specifies your host name if https is enabled.
ports:
- 192.168.1.20:7070:7070
- 192.168.1.20:8888:8888
networks:
- net
db:
image: mariadb:10.11
restart: always
container_name: mc-drive-seafile-mysql
ports:
- "192.168.1.10:3306:3306"
environment:
- MYSQL_ROOT_PASSWORD=deadbeefsecretlol
- MYSQL_LOG_CONSOLE=true
- MARIADB_AUTO_UPGRADE=1
volumes:
- /media/docker/seafile/db:/var/lib/mysql
networks:
- net
memcached:
image: memcached:1.6.29
restart: always
container_name: mc-drive-seafile-memcached
entrypoint: memcached -m 256
networks:
- net
onlyoffice:
image: onlyoffice/documentserver
container_name: office.domain.com
environment:
- JWT_ENABLED=false
- WOPI_ENABLED=false
restart: always
networks:
- net
volumes:
- log:/var/log/onlyoffice
- etc-oo:/etc/onlyoffice
- www:/var/www/onlyoffice/Data
- var-oo:/var/lib/onlyoffice
- var-db:/var/lib/postgresql
ports:
- "192.168.1.25:81:80"
volumes:
log:
driver: local
driver_opts:
type: none
device: /media/docker/seafile/onlyoffice/log
o: bind
www:
driver: local
driver_opts:
type: none
device: /media/docker/seafile/onlyoffice/www
o: bind
etc-oo:
driver: local
driver_opts:
type: none
device: /media/docker/seafile/onlyoffice/etc-oo
o: bind
var-oo:
driver: local
driver_opts:
type: none
device: /media/docker/seafile/onlyoffice/var-oo
o: bind
var-db:
driver: local
driver_opts:
type: none
device: /media/docker/308-seafile/onlyoffice/var-db
o: bind
networks:
net:
driver: bridge
ipam:
driver: default
config:
-
subnet: 10.20.1.0/24