# Seafile single-container image for TrueNAS SCALE Dragonfish # Base: Debian Bookworm Slim for stable apt packages (nginx, mariadb, redis) FROM debian:bookworm-slim ENV DEBIAN_FRONTEND=noninteractive \ LANG=C.UTF-8 \ LC_ALL=C.UTF-8 \ TZ=UTC \ SEAFILE_HOME=/opt/seafile \ SEAFILE_DATA_DIR=/data/seafile-data \ SEAFILE_CONF_DIR=/data/conf \ SEAHUB_MEDIA_DIR=/data/seahub-media \ LOG_DIR=/data/logs # Optional build-time args (not used to download by default; runtime entrypoint handles artifacts) ARG SEAFILE_VERSION="" ARG SEAFILE_TGZ_URL="" # Optional build-time bake of Seafile release to avoid runtime downloads (useful for air-gapped clusters) ARG BAKE_SEAFILE_VERSION="" ARG BAKE_SEAFILE_TGZ_URL="" # OS packages RUN set -eux; \ apt-get update; \ apt-get install -y --no-install-recommends \ nginx \ supervisor \ mariadb-server \ redis-server \ python3 \ python3-venv \ python3-pip \ python3-dev \ build-essential \ pkg-config \ default-libmysqlclient-dev \ curl \ ca-certificates \ tzdata \ procps \ gosu; \ rm -rf /var/lib/apt/lists/* # System users/groups (many packages create their own, we ensure 'seafile' app user) RUN set -eux; \ groupadd -r seafile; \ useradd -r -g seafile -d ${SEAFILE_HOME} -s /usr/sbin/nologin seafile || true; \ mkdir -p ${SEAFILE_HOME} ${SEAFILE_HOME}/docker \ /data/conf /data/seafile-data /data/db /data/redis /data/seahub-media /data/logs /data/ssl \ /var/log/nginx /var/run/nginx; \ chown -R seafile:seafile ${SEAFILE_HOME}; \ chown -R www-data:www-data /var/log/nginx /var/run/nginx; \ # MariaDB and Redis dirs will be owned by respective users at runtime init true # Copy runtime scripts and templates (will be rendered at container start) # Expect these files to be created in repo under docker/ COPY docker/ ${SEAFILE_HOME}/docker/ # Make scripts executable RUN set -eux; \ find ${SEAFILE_HOME}/docker -type f -name "*.sh" -exec chmod +x {} \;; \ chmod 0644 ${SEAFILE_HOME}/docker/supervisord.conf.template || true; \ chmod 0644 ${SEAFILE_HOME}/docker/nginx.conf.template || true; \ chmod 0644 ${SEAFILE_HOME}/docker/gunicorn.conf.py || true; \ chmod 0644 ${SEAFILE_HOME}/docker/seahub_settings.py.template || true # Optionally bake the Seafile server release at build time when BAKE_* args are provided. # This prevents runtime network fetch and avoids boot loops in restricted networks. RUN set -eux; \ if [ -n "${BAKE_SEAFILE_TGZ_URL}" ] || [ -n "${BAKE_SEAFILE_VERSION}" ]; then \ url="${BAKE_SEAFILE_TGZ_URL}"; \ if [ -z "${url}" ] && [ -n "${BAKE_SEAFILE_VERSION}" ]; then \ url="https://download.seadrive.org/seafile-server_${BAKE_SEAFILE_VERSION}_x86-64.tar.gz"; \ fi; \ mkdir -p ${SEAFILE_HOME}/releases; \ curl -fsSL "${url}" -o ${SEAFILE_HOME}/releases/seafile-server.tgz; \ tar -xzf ${SEAFILE_HOME}/releases/seafile-server.tgz -C ${SEAFILE_HOME}/releases; \ extracted="$(tar -tzf ${SEAFILE_HOME}/releases/seafile-server.tgz | head -1 | cut -d/ -f1)"; \ if [ -n "${extracted}" ] && [ -d "${SEAFILE_HOME}/releases/${extracted}" ]; then \ ln -s "${SEAFILE_HOME}/releases/${extracted}" "${SEAFILE_HOME}/seafile-server-latest"; \ else \ echo "Failed to determine extracted release directory from tarball"; \ exit 1; \ fi; \ fi # Environment defaults (can be overridden by TrueNAS app env) ENV SEAFILE_SERVER_HOSTNAME=localhost \ SEAFILE_SERVER_URL=http://localhost \ ADMIN_EMAIL= \ ADMIN_PASSWORD= \ DB_ROOT_PASSWORD= \ DB_NAME=seafile \ DB_USER=seafile \ DB_PASSWORD= \ DB_NAME_SEAHUB=seahub_db \ DB_NAME_SEAFILE=seafile_db \ DB_NAME_CCNET=ccnet_db \ REDIS_URL=redis://127.0.0.1:6379/0 \ TIMEZONE=UTC \ NGINX_MAX_BODY=200m \ SSL_ENABLE=false # Ports EXPOSE 80 443 # Healthcheck HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=10 CMD [ -x "${SEAFILE_HOME}/docker/healthcheck.sh" ] && ${SEAFILE_HOME}/docker/healthcheck.sh || exit 1 VOLUME ["/data"] # Entrypoint manages idempotent bootstrap then hands off to supervisord ENTRYPOINT ["/opt/seafile/docker/entrypoint.sh"] CMD ["start"]