
apt update && apt install mariadb-server mariadb-client

mysql_secure_installation witch to unix_socket authentication [Y/n] n Change the root password? [Y/n] y Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] y Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y


mysql -u root -p

CREATE USER 'seafile'@'localhost' IDENTIFIED BY 'mein_Passwort';

CREATE DATABASE ccnet_server;
CREATE DATABASE seafile_server;
CREATE DATABASE seahub_server;
GRANT ALL ON seafile_server.* TO 'seafile'@'localhost';
GRANT ALL ON ccnet_server.* TO 'seafile'@'localhost';
GRANT ALL ON seahub_server.* TO 'seafile'@'localhost';
quit;


apt install python3 python3-{pip,pil,ldap,urllib3,setuptools,mysqldb,memcache,requests}
apt install ffmpeg memcached libmemcached-dev
pip3 install --upgrade pip
pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3
pip3 install --timeout=3600 django-pylibmc django-simple-captcha python3-ldap mysqlclient

cd /srv/
mkdir seafile
cd seafile

wget https://download.seadrive.org/seafile-server_8.0.7_x86-64.tar.gz

tar -zxvf seafile-server_8.0.7_x86-64.tar.gz

cd seafile-server-8.0.7

bash setup-seafile-mysql.sh

[ server name ] Seafile [ This server's ip or domain ] your_domain oder 192.168.178.x [ default "/home//seafile/seafile-data" ] /srv/seafile/seafile-data [ default "8082" ] [2] Use existing ccnet/seafile/seahub databases [ mysql user for seafile ] seafile [ ccnet database ] ccnet_server [ seafile database ] seafile_server [ seahub database ] seahub_server


echo "export LC_ALL=de_DE.UTF-8" >>~/.bashrc
echo "export LANG=de_DE.UTF-8" >>~/.bashrc
echo "export LANGUAGE=de_DE.UTF-8" >>~/.bashrc
source ~/.bashrc

Configuring the Apache Web Server In this step, you will configure the Apache web server to forward all requests to Seafile. Using Apache in this manner allows you to use a URL without a port number, enable HTTPS connections to Seafile, and make use of the caching functionality that Apache provides for better performance. To begin forwarding requests, you will need to enable the proxy_http module in the Apache configuration. This module provides features for proxying HTTP and HTTPS requests. The following command will enable the module:


    sudo a2enmod proxy_http

Note: The Apache rewrite and ssl modules are also required for this setup. You have already enabled these modules as part of configuring Let’s Encrypt in the second Apache tutorial listed in the prerequisites section. Next, update the virtual host configuration of your_domain to forward requests to the Seafile file server and to the Seahub web interface. Open the configuration file in a text editor:


    sudo nano /etc/apache2/sites-enabled/your_domain-le-ssl.conf

The lines from ServerAdmin to SSLCertificateKeyFile are part of the initial Apache and Let’s Encrypt configuration that you set up in the prerequisite tutorials. Add the highlighted content, beginning at Alias and ending with the ProxyPassReverse directive: /etc/apache2/sites-enabled/your_domain-le-ssl.conf




	ServerAdmin admin@your_email_domain
	ServerName your_domain
	ServerAlias www.your_domain
	DocumentRoot /var/www/your_domain/html
	ErrorLog ${APACHE_LOG_DIR}/your_domain-error.log
	CustomLog ${APACHE_LOG_DIR}/your_domain-access.log combined

	Include /etc/letsencrypt/options-ssl-apache.conf
	SSLCertificateFile /etc/letsencrypt/live/your_domain/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/your_domain/privkey.pem

	Alias /media  /home//seafile/seafile-server-latest/seahub/media
	
		Require all granted
	

	# seafile fileserver
	ProxyPass /seafhttp http://127.0.0.1:8082
	ProxyPassReverse /seafhttp http://127.0.0.1:8082
	RewriteEngine On
	RewriteRule ^/seafhttp - [QSA,L]

	# seahub web interface
	SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
	ProxyPass / http://127.0.0.1:8000/
	ProxyPassReverse / http://127.0.0.1:8000/

The Alias directive maps the URL path your_domain/media to a local path in the file system that Seafile uses. The following Location directive enables access to content in this directory. The ProxyPass and ProxyPassReverse directives make Apache act as a reverse proxy for this host, forwarding requests to / and /seafhttp to the Seafile web interface and file server running on local host ports 8000 and 8082 respectively. The RewriteRule directive passes all requests to /seafhttp unchanged and stops processing further rules ([QSA,L]). Save and exit the file. Test if there are any syntax errors in the virtual host configuration: sudo apache2ctl configtest If it reports Syntax OK, then there are no issues with your configuration. Restart Apache for the changes to take effect: sudo systemctl restart apache2 You have now configured Apache to act as a reverse proxy for the Seafile file server and Seahub. Next, you will update the URLs in Seafile’s configuration before starting the services. Step 5 — Updating Seafile’s Configuration and Starting Services As you are now using Apache to proxy all requests to Seafile, you will need to update the URLs in Seafile’s configuration files in the conf directory using a text editor before you start the Seafile service. Open ccnet.conf in a text editor: nano /home//seafile/conf/ccnet.conf Near the top of the file, within the [General] block, is the SERVICE_URL directive. It will look like this: Update /home/). Now that you have verified the web interface is working correctly, you can enable these services to start automatically at system boot in the next step. Step 6 — Enabling the Seafile Server to Start at System Boot To enable the file server and the web interface to start automatically at boot, you can create their respective systemd service files and activate them. Create a systemd service file for the Seafile file server: sudo nano /etc/systemd/system/seafile.service Add the following content to the file: Create /etc/systemd/system/seafile.service [Unit] Description=Seafile After=network.target mysql.service


[Service]
Type=forking
ExecStart=/home/
Group=

[Install]
WantedBy=multi-user.target

Here, the ExectStart and ExecStop lines indicate the commands that run to start and stop the Seafile service. The service will run with sammy as the User and Group. The After line specifies that the Seafile service will start after the networking and MariaDB service has started. Save seafile.service and exit. Create a systemd service file for the Seahub web interface:


    sudo nano /etc/systemd/system/seahub.service

This is similar to the Seafile service. The only difference is that the web interface is started after the Seafile service. Add the following content to this file:


Create /etc/systemd/system/seahub.service

[Unit]
Description=Seafile hub
After=network.target seafile.service

[Service]
Type=forking
ExecStart=/home//seafile/seafile-server-latest/seahub.sh start
ExecStop=/home//seafile/seafile-server-latest/seahub.sh stop
User=
Group=

[Install]
WantedBy=multi-user.target

Save seahub.service and exit. You can learn more about systemd unit files in the Understanding Systemd Units and Unit Files tutorial. Finally, to enable both the Seafile and Seahub services to start automatically at boot, run the following commands:


    sudo systemctl enable seafile.service
    sudo systemctl enable seahub.service

When the server is rebooted, Seafile will start automatically. At this point, you have completed setting up the server, and can now test each of the services. ***** Testing File Syncing and Sharing Functionality ***** In this step, you will test the file synchronization and sharing functionality of the server you have set up and ensure they are working correctly. To do this, you will need to install the Seafile client program on a separate computer and/or a mobile device. Visit the download page on the Seafile website and follow the instructions to install the latest version of the client program on your computer. Seafile clients are available for the various distributions of Linux (Ubuntu, Debian, Fedora, Centos/RHEL, Arch Linux), MacOS, and Windows. Mobile clients are available for Android and iPhone/iPad devices from the respective app stores. Once you have installed the Seafile client, you can test the file synchronization and sharing functionality. Open the Seafile client program on your computer or device. Accept the default location for the Seafile folder and click Next. In the next window, enter the server address, username, and password, then click Login. At the home page, right click on My Library and click Sync this library. Accept the default value for the location on your computer or device. Seafile client — Sync the default library Add a file, for example a document or a photo, into the My Library folder. After some time, the file will upload to the server. The following screenshot shows the file photo.jpg copied to the My Library folder. Add a file to the default library from the computer Now, log in to the web interface at https://your_domain and verify that your file is present on the server. My Library page to verify file sync Click on Share next to the file to generate a download link for this file that you can share. Enabling HTTPS with Apache¶ After completing the installation of Seafile Server Community Edition and Seafile Server Professional Edition, communication between the Seafile server and clients runs over (unencrypted) HTTP. While HTTP is ok for testing purposes, switching to HTTPS is imperative for production use. HTTPS requires a SSL certificate from a Certificate Authority (CA). Unless you already have a SSL certificate, we recommend that you get your SSL certificate from Let’s Encrypt using Certbot. If you have a SSL certificate from another CA, skip the section "Getting a Let's Encrypt certificate". A second requirement is a reverse proxy supporting SSL. Apache, a popular web server and reverse proxy, is a good option. The full documentation of Apache is available at https://httpd.apache.org/docs/. The recommended reverse proxy is Nginx. You find instructions for enabling HTTPS with Nginx here. Setup¶ The setup of Seafile using Apache as a reverse proxy with HTTPS is demonstrated using the sample host name seafile.example.com. This manual assumes the following requirements: Seafile Server Community Edition/Professional Edition was set up according to the instructions in this manual A host name points at the IP address of the server and the server is available on port 80 and 443 If your setup differs from thes requirements, adjust the following instructions accordingly. The setup proceeds in two steps: First, Apache is installed. Second, a SSL certificate is integrated in the Apache configuration. Installing Apache¶ Install and enable apache modules:


sudo a2enmod rewrite
sudo a2enmod proxy_http

Important: Due to the security advisory published by Django team, we recommend to disable GZip compression to mitigate BREACH attack. No version earlier than Apache 2.4 should be used. Configuring Apache¶ Modify Apache config file. For CentOS, this is vhost.conf. For Debian/Ubuntu, this is sites-enabled/000-default.



    ServerName seafile.example.com
    # Use "DocumentRoot /var/www/html" for CentOS
    # Use "DocumentRoot /var/www" for Debian/Ubuntu
    DocumentRoot /var/www
    Alias /media  /opt/seafile/seafile-server-latest/seahub/media

    AllowEncodedSlashes On

    RewriteEngine On

    
        Require all granted
    

    #
    # seafile fileserver
    #
    ProxyPass /seafhttp http://127.0.0.1:8082
    ProxyPassReverse /seafhttp http://127.0.0.1:8082
    RewriteRule ^/seafhttp - [QSA,L]

    #
    # seahub
    #
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000/

Getting a Let's Encrypt certificate¶ Getting a Let's Encrypt certificate is straightforward thanks to Certbot. Certbot is a free, open source software tool for requesting, receiving, and renewing Let's Encrypt certificates. First, go to the Certbot website and choose your web server and OS. Second, follow the detailed instructions then shown. We recommend that you get just a certificate and that you modify the Apache configuration yourself:


sudo certbot --apache certonly

Follow the instructions on the screen. Upon successful verification, Certbot saves the certificate files in a directory named after the host name in /etc/letsencrypt/live. For the host name seafile.example.com, the files are stored in /etc/letsencrypt/live/seafile.example.com. Adjusting Apache configuration¶ To use HTTPS, you need to enable mod_ssl:


sudo a2enmod ssl

Then modify your Apache configuration file. Here is a sample:



  ServerName seafile.example.com
  DocumentRoot /var/www

  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/seafile.example.com/fullchain.pem;    # Path to your fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/seafile.example.com/privkey.pem;  # Path to your privkey.pem

  Alias /media  /opt/seafile/seafile-server-latest/seahub/media

  
    Require all granted
  

  RewriteEngine On

  #
  # seafile fileserver
  #
  ProxyPass /seafhttp http://127.0.0.1:8082
  ProxyPassReverse /seafhttp http://127.0.0.1:8082
  RewriteRule ^/seafhttp - [QSA,L]

  #
  # seahub
  #
  SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
  ProxyPreserveHost On
  ProxyPass / http://127.0.0.1:8000/
  ProxyPassReverse / http://127.0.0.1:8000/

Finally, make sure the virtual host file does not contain syntax errors and restart Apache for the configuration changes to take effect:


sudo service apache2 restart

Modifying ccnet.conf¶ The SERVICE_URL in ccnet.conf informs Seafile about the chosen domain, protocol and port. Change the SERVICE_URLso as to account for the switch from HTTP to HTTPS and to correspond to your host name (the http://must not be removed): SERVICE_URL = https://seafile.example.com Note: TheSERVICE_URL can also be modified in Seahub via System Admininstration > Settings. If SERVICE_URL is configured via System Admin and in ccnet.conf, the value in System Admin will take precedence. Modifying seahub_settings.py¶ The FILE_SERVER_ROOT in seahub_settings.py informs Seafile about the location of and the protocol used by the file server. Change the FILE_SERVER_ROOTso as to account for the switch from HTTP to HTTPS and to correspond to your host name (the trailing /seafhttp must not be removed): FILE_SERVER_ROOT = 'https://seafile.example.com/seafhttp' Note: TheFILE_SERVER_ROOT can also be modified in Seahub via System Admininstration > Settings. If FILE_SERVER_ROOT is configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence. Modifying seafile.conf (optional)¶ To improve security, the file server should only be accessible via Apache. Add the following line in the [fileserver] block on seafile.conf in /opt/seafile/conf:


host = 127.0.0.1  ## default port 0.0.0.0

After his change, the file server only accepts requests from Apache. Starting Seafile and Seahub¶ Restart the seaf-server and Seahub for the config changes to take effect:


su seafile
cd /opt/seafile/seafile-server-latest
./seafile.sh restart
./seahub.sh restart