116 lines
4.2 KiB
Docker
116 lines
4.2 KiB
Docker
# Seafile single-container image for TrueNAS SCALE Dragonfish
|
|
# Base: Debian Bookworm Slim for stable apt packages (nginx, mariadb, redis)
|
|
FROM debian:bookworm-slim
|
|
|
|
ENV DEBIAN_FRONTEND=noninteractive \
|
|
LANG=C.UTF-8 \
|
|
LC_ALL=C.UTF-8 \
|
|
TZ=UTC \
|
|
SEAFILE_HOME=/opt/seafile \
|
|
SEAFILE_DATA_DIR=/data/seafile-data \
|
|
SEAFILE_CONF_DIR=/data/conf \
|
|
SEAHUB_MEDIA_DIR=/data/seahub-media \
|
|
LOG_DIR=/data/logs
|
|
|
|
# Optional build-time args (not used to download by default; runtime entrypoint handles artifacts)
|
|
ARG SEAFILE_VERSION=""
|
|
ARG SEAFILE_TGZ_URL=""
|
|
# Optional build-time bake of Seafile release to avoid runtime downloads (useful for air-gapped clusters)
|
|
ARG BAKE_SEAFILE_VERSION=""
|
|
ARG BAKE_SEAFILE_TGZ_URL=""
|
|
|
|
# OS packages
|
|
RUN set -eux; \
|
|
apt-get update; \
|
|
apt-get install -y --no-install-recommends \
|
|
nginx \
|
|
supervisor \
|
|
mariadb-server \
|
|
redis-server \
|
|
python3 \
|
|
python3-venv \
|
|
python3-pip \
|
|
python3-dev \
|
|
build-essential \
|
|
pkg-config \
|
|
default-libmysqlclient-dev \
|
|
curl \
|
|
ca-certificates \
|
|
tzdata \
|
|
procps \
|
|
gosu; \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
# System users/groups (many packages create their own, we ensure 'seafile' app user)
|
|
RUN set -eux; \
|
|
groupadd -r seafile; \
|
|
useradd -r -g seafile -d ${SEAFILE_HOME} -s /usr/sbin/nologin seafile || true; \
|
|
mkdir -p ${SEAFILE_HOME} ${SEAFILE_HOME}/docker \
|
|
/data/conf /data/seafile-data /data/db /data/redis /data/seahub-media /data/logs /data/ssl \
|
|
/var/log/nginx /var/run/nginx; \
|
|
chown -R seafile:seafile ${SEAFILE_HOME}; \
|
|
chown -R www-data:www-data /var/log/nginx /var/run/nginx; \
|
|
# MariaDB and Redis dirs will be owned by respective users at runtime init
|
|
true
|
|
|
|
# Copy runtime scripts and templates (will be rendered at container start)
|
|
# Expect these files to be created in repo under docker/
|
|
COPY docker/ ${SEAFILE_HOME}/docker/
|
|
|
|
# Make scripts executable
|
|
RUN set -eux; \
|
|
find ${SEAFILE_HOME}/docker -type f -name "*.sh" -exec chmod +x {} \;; \
|
|
chmod 0644 ${SEAFILE_HOME}/docker/supervisord.conf.template || true; \
|
|
chmod 0644 ${SEAFILE_HOME}/docker/nginx.conf.template || true; \
|
|
chmod 0644 ${SEAFILE_HOME}/docker/gunicorn.conf.py || true; \
|
|
chmod 0644 ${SEAFILE_HOME}/docker/seahub_settings.py.template || true
|
|
|
|
# Optionally bake the Seafile server release at build time when BAKE_* args are provided.
|
|
# This prevents runtime network fetch and avoids boot loops in restricted networks.
|
|
RUN set -eux; \
|
|
if [ -n "${BAKE_SEAFILE_TGZ_URL}" ] || [ -n "${BAKE_SEAFILE_VERSION}" ]; then \
|
|
url="${BAKE_SEAFILE_TGZ_URL}"; \
|
|
if [ -z "${url}" ] && [ -n "${BAKE_SEAFILE_VERSION}" ]; then \
|
|
url="https://download.seadrive.org/seafile-server_${BAKE_SEAFILE_VERSION}_x86-64.tar.gz"; \
|
|
fi; \
|
|
mkdir -p ${SEAFILE_HOME}/releases; \
|
|
curl -fsSL "${url}" -o ${SEAFILE_HOME}/releases/seafile-server.tgz; \
|
|
tar -xzf ${SEAFILE_HOME}/releases/seafile-server.tgz -C ${SEAFILE_HOME}/releases; \
|
|
extracted="$(tar -tzf ${SEAFILE_HOME}/releases/seafile-server.tgz | head -1 | cut -d/ -f1)"; \
|
|
if [ -n "${extracted}" ] && [ -d "${SEAFILE_HOME}/releases/${extracted}" ]; then \
|
|
ln -s "${SEAFILE_HOME}/releases/${extracted}" "${SEAFILE_HOME}/seafile-server-latest"; \
|
|
else \
|
|
echo "Failed to determine extracted release directory from tarball"; \
|
|
exit 1; \
|
|
fi; \
|
|
fi
|
|
|
|
# Environment defaults (can be overridden by TrueNAS app env)
|
|
ENV SEAFILE_SERVER_HOSTNAME=localhost \
|
|
SEAFILE_SERVER_URL=http://localhost \
|
|
ADMIN_EMAIL= \
|
|
ADMIN_PASSWORD= \
|
|
DB_ROOT_PASSWORD= \
|
|
DB_NAME=seafile \
|
|
DB_USER=seafile \
|
|
DB_PASSWORD= \
|
|
DB_NAME_SEAHUB=seahub_db \
|
|
DB_NAME_SEAFILE=seafile_db \
|
|
DB_NAME_CCNET=ccnet_db \
|
|
REDIS_URL=redis://127.0.0.1:6379/0 \
|
|
TIMEZONE=UTC \
|
|
NGINX_MAX_BODY=200m \
|
|
SSL_ENABLE=false
|
|
|
|
# Ports
|
|
EXPOSE 80 443
|
|
|
|
# Healthcheck
|
|
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=10 CMD [ -x "${SEAFILE_HOME}/docker/healthcheck.sh" ] && ${SEAFILE_HOME}/docker/healthcheck.sh || exit 1
|
|
|
|
VOLUME ["/data"]
|
|
|
|
# Entrypoint manages idempotent bootstrap then hands off to supervisord
|
|
ENTRYPOINT ["/opt/seafile/docker/entrypoint.sh"]
|
|
CMD ["start"]
|