GhaziTriki · August 9, 2025 09:45
diff --git a/.env b/.env
 COMPOSE_FILE='seafile-server.yml,seadoc-server.yml,notification-server.yml'
 COMPOSE_PATH_SEPARATOR=','

 SEAFILE_IMAGE=seafileltd/seafile-mc:12.0-latest

 SEAFILE_VOLUME=/opt/seafile-data

 SEAFILE_MYSQL_DB_HOST=172.20.0.1
 INIT_SEAFILE_MYSQL_ROOT_PASSWORD=ROOT_PASSWORD_TO_CHANGE
 SEAFILE_MYSQL_DB_USER=seafile
 SEAFILE_MYSQL_DB_PASSWORD=SEAFILE_PASSWORD_TO_CHANGE

 TIME_ZONE=Africa/Tunis

 JWT_PRIVATE_KEY=!JWT_TOKEN_PRIVATE_KEY!CHANGE!

 SEAFILE_SERVER_HOSTNAME=cloud.sahabdrive.com
 SEAFILE_SERVER_PROTOCOL=https

 [email protected]
 INIT_SEAFILE_ADMIN_PASSWORD=SEAFILE_ADMIN_PASS

 SEADOC_IMAGE=seafileltd/sdoc-server:1.0-latest
 SEADOC_VOLUME=/opt/seadoc-data

 ENABLE_SEADOC=true

 NOTIFICATION_SERVER_IMAGE=seafileltd/notification-server:12.0-latest
 NOTIFICATION_SERVER_VOLUME=/opt/notification-data
diff --git a/notification-server.yml b/notification-server.yml
 services:

  notification-server:
    image: ${NOTIFICATION_SERVER_IMAGE:-seafileltd/notification-server:12.0-latest}
    container_name: notification-server
    restart: always
    volumes:
      - ${NOTIFICATION_SERVER_VOLUME:-/opt/notification-data}:/shared
      - ${NOTIFICATION_SERVER_VOLUME:-/opt/notification-data}/logs:/shared/logs
    # ports:
    #   - "8083:8083"
    environment:
      - SEAFILE_MYSQL_DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
      - SEAFILE_MYSQL_DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
      - SEAFILE_MYSQL_DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
      - SEAFILE_MYSQL_DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
      - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
      - NOTIFICATION_SERVER_LOG_LEVEL=${NOTIFICATION_SERVER_LOG_LEVEL:-info}
    networks:
      seafile-net:
        ipv4_address: 172.20.0.13

 networks:
  seafile-net:
    ipam:
      config:
        - subnet: 172.20.0.0/24
diff --git a/seadoc-server.yml b/seadoc-server.yml
 services:
  seadoc:
    image: ${SEADOC_IMAGE:-seafileltd/sdoc-server:1.0-latest}
    container_name: seadoc
    volumes:
      - ${SEADOC_VOLUME:-/opt/seadoc-data/}:/shared
    expose:
      - "80"  # Expose port 80 to other containers, but not to the host
    environment:
      - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
      - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
      - DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
      - DB_NAME=${SEADOC_MYSQL_DB_NAME:-seahub_db}
      - TIME_ZONE=${TIME_ZONE:-Etc/UTC}
      - NON_ROOT=${NON_ROOT:-false}
      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
      - SEAHUB_SERVICE_URL=${SEAFILE_SERVICE_URL:-${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}}
    networks:
      seafile-net:
        ipv4_address: 172.20.0.12

diff --git a/seafile-server.yml b/seafile-server.yml
 services:
  seafile:
    image: ${SEAFILE_IMAGE:-seafileltd/seafile-mc:12.0-latest}
    container_name: seafile
    expose:
      - 8000
      - 8082
    volumes:
      - ${SEAFILE_VOLUME:-/opt/seafile-data}:/shared
    environment:
      - DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
      - DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
      - DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
      - DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
      - DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
      - SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
      - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
      - SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db}
      - TIME_ZONE=${TIME_ZONE:-Etc/UTC}
      - INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:[email protected]}
      - INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret}
      - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
      - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http}
      - SITE_ROOT=${SITE_ROOT:-/}
      - NON_ROOT=${NON_ROOT:-false}
      - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
      - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
      - ENABLE_SEADOC=${ENABLE_SEADOC:-true}
      - SEADOC_SERVER_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}/sdoc-server
    networks:
      seafile-net:
        ipv4_address: 172.20.0.10

 networks:
  seafile-net:
    ipam:
      config:
        - subnet: 172.20.0.0/24
diff --git a/seafile.nginx b/seafile.nginx
 server {
    listen 80;
    server_name sample.seafileserver.com;
    # Redirect all HTTP traffic to HTTPS
    return 301 https://$server_name$request_uri;
 }
 server {
    listen 443 ssl http2;
    server_name sample.seafileserver.com;
    # SSL configuration (add your actual certificate paths)
    ssl_certificate /etc/letsencrypt/live/sample.seafileserver.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sample.seafileserver.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    # Security headers
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Referrer-Policy "strict-origin-when-cross-origin" always;
    # Increase max body size for file uploads
    client_max_body_size 100m;
    # Proxy to SeaFile container
    location / {
        proxy_pass http://172.20.0.10:80;
        proxy_read_timeout 310s;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Connection "";
        proxy_http_version 1.1;
        
        # CORS headers
        add_header Access-Control-Allow-Origin *;
        
        # Logging
        access_log /var/log/nginx/seafile.access.log;
        error_log /var/log/nginx/seafile.error.log;
    }

    location /sdoc-server/ {
        proxy_pass         http://172.20.0.12:80/;
        proxy_redirect     off;
        proxy_set_header   Host              $host;
        proxy_set_header   X-Real-IP         $remote_addr;
        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host  $server_name;
        proxy_set_header   X-Forwarded-Proto $scheme;

        client_max_body_size 100m;
    }

    location /socket.io {
        proxy_pass http://172.20.0.12:80;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_redirect off;

        proxy_buffers 8 32k;
        proxy_buffer_size 64k;

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
    }
 }
	COMPOSE_FILE='seafile-server.yml,seadoc-server.yml,notification-server.yml'
	COMPOSE_PATH_SEPARATOR=','

	SEAFILE_IMAGE=seafileltd/seafile-mc:12.0-latest

	SEAFILE_VOLUME=/opt/seafile-data

	SEAFILE_MYSQL_DB_HOST=172.20.0.1
	INIT_SEAFILE_MYSQL_ROOT_PASSWORD=ROOT_PASSWORD_TO_CHANGE
	SEAFILE_MYSQL_DB_USER=seafile
	SEAFILE_MYSQL_DB_PASSWORD=SEAFILE_PASSWORD_TO_CHANGE

	TIME_ZONE=Africa/Tunis

	JWT_PRIVATE_KEY=!JWT_TOKEN_PRIVATE_KEY!CHANGE!

	SEAFILE_SERVER_HOSTNAME=cloud.sahabdrive.com
	SEAFILE_SERVER_PROTOCOL=https

	[email protected]
	INIT_SEAFILE_ADMIN_PASSWORD=SEAFILE_ADMIN_PASS

	SEADOC_IMAGE=seafileltd/sdoc-server:1.0-latest
	SEADOC_VOLUME=/opt/seadoc-data

	ENABLE_SEADOC=true

	NOTIFICATION_SERVER_IMAGE=seafileltd/notification-server:12.0-latest
	NOTIFICATION_SERVER_VOLUME=/opt/notification-data
	services:

	notification-server:
	image: ${NOTIFICATION_SERVER_IMAGE:-seafileltd/notification-server:12.0-latest}
	container_name: notification-server
	restart: always
	volumes:
	- ${NOTIFICATION_SERVER_VOLUME:-/opt/notification-data}:/shared
	- ${NOTIFICATION_SERVER_VOLUME:-/opt/notification-data}/logs:/shared/logs
	# ports:
	# - "8083:8083"
	environment:
	- SEAFILE_MYSQL_DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
	- SEAFILE_MYSQL_DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
	- SEAFILE_MYSQL_DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
	- SEAFILE_MYSQL_DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
	- SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
	- SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
	- JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
	- SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
	- NOTIFICATION_SERVER_LOG_LEVEL=${NOTIFICATION_SERVER_LOG_LEVEL:-info}
	networks:
	seafile-net:
	ipv4_address: 172.20.0.13

	networks:
	seafile-net:
	ipam:
	config:
	- subnet: 172.20.0.0/24
	services:
	seadoc:
	image: ${SEADOC_IMAGE:-seafileltd/sdoc-server:1.0-latest}
	container_name: seadoc
	volumes:
	- ${SEADOC_VOLUME:-/opt/seadoc-data/}:/shared
	expose:
	- "80" # Expose port 80 to other containers, but not to the host
	environment:
	- DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
	- DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
	- DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
	- DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
	- DB_NAME=${SEADOC_MYSQL_DB_NAME:-seahub_db}
	- TIME_ZONE=${TIME_ZONE:-Etc/UTC}
	- NON_ROOT=${NON_ROOT:-false}
	- JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
	- SEAHUB_SERVICE_URL=${SEAFILE_SERVICE_URL:-${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}}
	networks:
	seafile-net:
	ipv4_address: 172.20.0.12
	services:
	seafile:
	image: ${SEAFILE_IMAGE:-seafileltd/seafile-mc:12.0-latest}
	container_name: seafile
	expose:
	- 8000
	- 8082
	volumes:
	- ${SEAFILE_VOLUME:-/opt/seafile-data}:/shared
	environment:
	- DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
	- DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
	- DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
	- DB_ROOT_PASSWD=${INIT_SEAFILE_MYSQL_ROOT_PASSWORD:-}
	- DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
	- SEAFILE_MYSQL_DB_CCNET_DB_NAME=${SEAFILE_MYSQL_DB_CCNET_DB_NAME:-ccnet_db}
	- SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db}
	- SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=${SEAFILE_MYSQL_DB_SEAHUB_DB_NAME:-seahub_db}
	- TIME_ZONE=${TIME_ZONE:-Etc/UTC}
	- INIT_SEAFILE_ADMIN_EMAIL=${INIT_SEAFILE_ADMIN_EMAIL:[email protected]}
	- INIT_SEAFILE_ADMIN_PASSWORD=${INIT_SEAFILE_ADMIN_PASSWORD:-asecret}
	- SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
	- SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http}
	- SITE_ROOT=${SITE_ROOT:-/}
	- NON_ROOT=${NON_ROOT:-false}
	- JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
	- SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false}
	- ENABLE_SEADOC=${ENABLE_SEADOC:-true}
	- SEADOC_SERVER_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}/sdoc-server
	networks:
	seafile-net:
	ipv4_address: 172.20.0.10

	networks:
	seafile-net:
	ipam:
	config:
	- subnet: 172.20.0.0/24
	server {
	listen 80;
	server_name sample.seafileserver.com;
	# Redirect all HTTP traffic to HTTPS
	return 301 https://$server_name$request_uri;
	}
	server {
	listen 443 ssl http2;
	server_name sample.seafileserver.com;
	# SSL configuration (add your actual certificate paths)
	ssl_certificate /etc/letsencrypt/live/sample.seafileserver.com/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/sample.seafileserver.com/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
	# Security headers
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
	add_header X-Frame-Options "SAMEORIGIN" always;
	add_header X-Content-Type-Options "nosniff" always;
	add_header X-XSS-Protection "1; mode=block" always;
	add_header Referrer-Policy "strict-origin-when-cross-origin" always;
	# Increase max body size for file uploads
	client_max_body_size 100m;
	# Proxy to SeaFile container
	location / {
	proxy_pass http://172.20.0.10:80;
	proxy_read_timeout 310s;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $server_name;
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header Connection "";
	proxy_http_version 1.1;

	# CORS headers
	add_header Access-Control-Allow-Origin *;

	# Logging
	access_log /var/log/nginx/seafile.access.log;
	error_log /var/log/nginx/seafile.error.log;
	}

	location /sdoc-server/ {
	proxy_pass http://172.20.0.12:80/;
	proxy_redirect off;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Host $server_name;
	proxy_set_header X-Forwarded-Proto $scheme;

	client_max_body_size 100m;
	}

	location /socket.io {
	proxy_pass http://172.20.0.12:80;
	proxy_http_version 1.1;
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection 'upgrade';
	proxy_redirect off;

	proxy_buffers 8 32k;
	proxy_buffer_size 64k;

	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header Host $http_host;
	proxy_set_header X-NginX-Proxy true;
	}
	}