apt update && apt install mariadb-server mariadb-client
mysql_secure_installation witch to unix_socket authentication [Y/n] n Change the root password? [Y/n] y Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] y Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y
mysql -u root -p
CREATE USER 'seafile'@'localhost' IDENTIFIED BY 'mein_Passwort';
CREATE DATABASE ccnet_server;
CREATE DATABASE seafile_server;
CREATE DATABASE seahub_server;
GRANT ALL ON seafile_server.* TO 'seafile'@'localhost';
GRANT ALL ON ccnet_server.* TO 'seafile'@'localhost';
GRANT ALL ON seahub_server.* TO 'seafile'@'localhost';
quit;
apt install python3 python3-{pip,pil,ldap,urllib3,setuptools,mysqldb,memcache,requests}
apt install ffmpeg memcached libmemcached-dev
pip3 install --upgrade pip
pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3
pip3 install --timeout=3600 django-pylibmc django-simple-captcha python3-ldap mysqlclient
cd /srv/
mkdir seafile
cd seafile
wget https://download.seadrive.org/seafile-server_8.0.7_x86-64.tar.gz
tar -zxvf seafile-server_8.0.7_x86-64.tar.gz
cd seafile-server-8.0.7
bash setup-seafile-mysql.sh
[ server name ] Seafile [ This server's ip or domain ] your_domain oder 192.168.178.x
[ default „/home/<username>/seafile/seafile-data“ ] /srv/seafile/seafile-data [ default „8082“ ]
[2] Use existing ccnet/seafile/seahub databases
[ mysql user for seafile ] seafile
[ ccnet database ] ccnet_server [ seafile database ] seafile_server [ seahub database ] seahub_server
echo "export LC_ALL=de_DE.UTF-8" >>~/.bashrc echo "export LANG=de_DE.UTF-8" >>~/.bashrc echo "export LANGUAGE=de_DE.UTF-8" >>~/.bashrc source ~/.bashrc
Configuring the Apache Web Server
In this step, you will configure the Apache web server to forward all requests to Seafile. Using Apache in this manner allows you to use a URL without a port number, enable HTTPS connections to Seafile, and make use of the caching functionality that Apache provides for better performance.
To begin forwarding requests, you will need to enable the proxy_http module in the Apache configuration. This module provides features for proxying HTTP and HTTPS requests. The following command will enable the module:
sudo a2enmod proxy_http
Note: The Apache rewrite and ssl modules are also required for this setup. You have already enabled these modules as part of configuring Let’s Encrypt in the second Apache tutorial listed in the prerequisites section.
Next, update the virtual host configuration of your_domain to forward requests to the Seafile file server and to the Seahub web interface.
Open the configuration file in a text editor:
sudo nano /etc/apache2/sites-enabled/your_domain-le-ssl.conf
The lines from ServerAdmin to SSLCertificateKeyFile are part of the initial Apache and Let’s Encrypt configuration that you set up in the prerequisite tutorials. Add the highlighted content, beginning at Alias and ending with the ProxyPassReverse directive: /etc/apache2/sites-enabled/your_domain-le-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin admin@your_email_domain
ServerName your_domain
ServerAlias www.your_domain
DocumentRoot /var/www/your_domain/html
ErrorLog ${APACHE_LOG_DIR}/your_domain-error.log
CustomLog ${APACHE_LOG_DIR}/your_domain-access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/your_domain/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your_domain/privkey.pem
Alias /media /home/<username>/seafile/seafile-server-latest/seahub/media
<Location /media>
Require all granted
</Location>
# seafile fileserver
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteEngine On
RewriteRule ^/seafhttp - [QSA,L]
# seahub web interface
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
</VirtualHost>
</IfModule>
The Alias directive maps the URL path your_domain/media to a local path in the file system that Seafile uses. The following Location directive enables access to content in this directory. The ProxyPass and ProxyPassReverse directives make Apache act as a reverse proxy for this host, forwarding requests to / and /seafhttp to the Seafile web interface and file server running on local host ports 8000 and 8082 respectively. The RewriteRule directive passes all requests to /seafhttp unchanged and stops processing further rules ([QSA,L]).
Save and exit the file.
Test if there are any syntax errors in the virtual host configuration:
sudo apache2ctl configtest
If it reports Syntax OK, then there are no issues with your configuration. Restart Apache for the changes to take effect:
sudo systemctl restart apache2
You have now configured Apache to act as a reverse proxy for the Seafile file server and Seahub. Next, you will update the URLs in Seafile’s configuration before starting the services. Step 5 — Updating Seafile’s Configuration and Starting Services
As you are now using Apache to proxy all requests to Seafile, you will need to update the URLs in Seafile’s configuration files in the conf directory using a text editor before you start the Seafile service.
Open ccnet.conf in a text editor:
nano /home/<username>/seafile/conf/ccnet.conf
Near the top of the file, within the [General] block, is the SERVICE_URL directive. It will look like this: Update /home/<username/seafile/conf/ccnet.conf
. . . SERVICE_URL=http://www.example.com:8000 . . .
Modify this setting to point to your domain. Be sure that the URL you provide uses the HTTPS protocol, and that it does not include any port number: Update /home/sammy/seafile/conf/ccnet.conf
. . . SERVICE_URL = https://your_domain . . .
Save and exit the file once you have added the content.
Now open seahub_settings.py in a text editor:
nano /home/sammy/seafile/conf/seahub_settings.py
Add a FILE_SERVER_ROOT setting in the file to specify the path where the file server is listening for file uploads and downloads: Update /home/sammy/seafile/conf/seahub_settings.py
# -*- coding: utf-8 -*- SECRET_KEY = „…“ FILE_SERVER_ROOT = 'https://your_domain/seafhttp' # …
Save and exit seahub_settings.py.
Now you can start the Seafile service and the Seahub interface:
cd /home/sammy/seafile/seafile-server-8.0.7 ./seafile.sh start ./seahub.sh start
As this is the first time you have started the Seahub service, it will prompt you to create an admin account. Enter a valid email address and a password for this admin user:
Output What is the email for the admin account? [ admin email ] admin@your_email_domain
What is the password for the admin account? [ admin password ] password-here
Enter the password again: [ admin password again ] password-here
Successfully created seafile admin
Seahub is started
Done.
Open https://your_domain in a web browser and log in using your Seafile admin email address and password.
Login screen of the Seafile web interface
Once logged in successfully, you can access the admin interface or create new users (<username>).
Now that you have verified the web interface is working correctly, you can enable these services to start automatically at system boot in the next step. Step 6 — Enabling the Seafile Server to Start at System Boot
To enable the file server and the web interface to start automatically at boot, you can create their respective systemd service files and activate them.
Create a systemd service file for the Seafile file server:
sudo nano /etc/systemd/system/seafile.service
Add the following content to the file: Create /etc/systemd/system/seafile.service
[Unit] Description=Seafile After=network.target mysql.service
[Service] Type=forking ExecStart=/home/<username/seafile/seafile-server-latest/seafile.sh start ExecStop=/home/<username/seafile/seafile-server-latest/seafile.sh stop User=<username> Group=<username> [Install] WantedBy=multi-user.target
Here, the ExectStart and ExecStop lines indicate the commands that run to start and stop the Seafile service. The service will run with sammy as the User and Group. The After line specifies that the Seafile service will start after the networking and MariaDB service has started.
Save seafile.service and exit.
Create a systemd service file for the Seahub web interface:
sudo nano /etc/systemd/system/seahub.service
This is similar to the Seafile service. The only difference is that the web interface is started after the Seafile service. Add the following content to this file:
Create /etc/systemd/system/seahub.service [Unit] Description=Seafile hub After=network.target seafile.service [Service] Type=forking ExecStart=/home/<username>/seafile/seafile-server-latest/seahub.sh start ExecStop=/home/<username>/seafile/seafile-server-latest/seahub.sh stop User=<username> Group=<username> [Install] WantedBy=multi-user.target
Save seahub.service and exit.
You can learn more about systemd unit files in the Understanding Systemd Units and Unit Files tutorial.
Finally, to enable both the Seafile and Seahub services to start automatically at boot, run the following commands:
sudo systemctl enable seafile.service
sudo systemctl enable seahub.service
When the server is rebooted, Seafile will start automatically.
At this point, you have completed setting up the server, and can now test each of the services.
* Testing File Syncing and Sharing Functionality *
In this step, you will test the file synchronization and sharing functionality of the server you have set up and ensure they are working correctly. To do this, you will need to install the Seafile client program on a separate computer and/or a mobile device.
Visit the download page on the Seafile website and follow the instructions to install the latest version of the client program on your computer. Seafile clients are available for the various distributions of Linux (Ubuntu, Debian, Fedora, Centos/RHEL, Arch Linux), MacOS, and Windows. Mobile clients are available for Android and iPhone/iPad devices from the respective app stores.
Once you have installed the Seafile client, you can test the file synchronization and sharing functionality.
Open the Seafile client program on your computer or device. Accept the default location for the Seafile folder and click Next.
In the next window, enter the server address, username, and password, then click Login.
At the home page, right click on My Library and click Sync this library. Accept the default value for the location on your computer or device.
Seafile client — Sync the default library
Add a file, for example a document or a photo, into the My Library folder. After some time, the file will upload to the server. The following screenshot shows the file photo.jpg copied to the My Library folder.
Add a file to the default library from the computer
Now, log in to the web interface at https://your_domain and verify that your file is present on the server.
My Library page to verify file sync
Click on Share next to the file to generate a download link for this file that you can share.
Enabling HTTPS with Apache¶
After completing the installation of Seafile Server Community Edition and Seafile Server Professional Edition, communication between the Seafile server and clients runs over (unencrypted) HTTP. While HTTP is ok for testing purposes, switching to HTTPS is imperative for production use.
HTTPS requires a SSL certificate from a Certificate Authority (CA). Unless you already have a SSL certificate, we recommend that you get your SSL certificate from Let’s Encrypt using Certbot. If you have a SSL certificate from another CA, skip the section „Getting a Let's Encrypt certificate“.
A second requirement is a reverse proxy supporting SSL. Apache, a popular web server and reverse proxy, is a good option. The full documentation of Apache is available at https://httpd.apache.org/docs/.
The recommended reverse proxy is Nginx. You find instructions for enabling HTTPS with Nginx here. Setup¶
The setup of Seafile using Apache as a reverse proxy with HTTPS is demonstrated using the sample host name seafile.example.com.
This manual assumes the following requirements:
Seafile Server Community Edition/Professional Edition was set up according to the instructions in this manual A host name points at the IP address of the server and the server is available on port 80 and 443
If your setup differs from thes requirements, adjust the following instructions accordingly.
The setup proceeds in two steps: First, Apache is installed. Second, a SSL certificate is integrated in the Apache configuration. Installing Apache¶
Install and enable apache modules:
sudo a2enmod rewrite sudo a2enmod proxy_http
Important: Due to the security advisory published by Django team, we recommend to disable GZip compression to mitigate BREACH attack. No version earlier than Apache 2.4 should be used. Configuring Apache¶
Modify Apache config file. For CentOS, this is vhost.conf. For Debian/Ubuntu, this is sites-enabled/000-default.
<VirtualHost *:80>
ServerName seafile.example.com
# Use "DocumentRoot /var/www/html" for CentOS
# Use "DocumentRoot /var/www" for Debian/Ubuntu
DocumentRoot /var/www
Alias /media /opt/seafile/seafile-server-latest/seahub/media
AllowEncodedSlashes On
RewriteEngine On
<Location /media>
Require all granted
</Location>
#
# seafile fileserver
#
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
#
# seahub
#
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
</VirtualHost>
Getting a Let's Encrypt certificate¶
Getting a Let's Encrypt certificate is straightforward thanks to Certbot. Certbot is a free, open source software tool for requesting, receiving, and renewing Let's Encrypt certificates.
First, go to the Certbot website and choose your web server and OS. Second, follow the detailed instructions then shown.
We recommend that you get just a certificate and that you modify the Apache configuration yourself:
sudo certbot --apache certonly
Follow the instructions on the screen.
Upon successful verification, Certbot saves the certificate files in a directory named after the host name in /etc/letsencrypt/live. For the host name seafile.example.com, the files are stored in /etc/letsencrypt/live/seafile.example.com. Adjusting Apache configuration¶
To use HTTPS, you need to enable mod_ssl:
sudo a2enmod ssl
Then modify your Apache configuration file. Here is a sample:
<VirtualHost *:443>
ServerName seafile.example.com
DocumentRoot /var/www
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/seafile.example.com/fullchain.pem; # Path to your fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/seafile.example.com/privkey.pem; # Path to your privkey.pem
Alias /media /opt/seafile/seafile-server-latest/seahub/media
<Location /media>
Require all granted
</Location>
RewriteEngine On
#
# seafile fileserver
#
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
#
# seahub
#
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
</VirtualHost>
Finally, make sure the virtual host file does not contain syntax errors and restart Apache for the configuration changes to take effect:
sudo service apache2 restart
Modifying ccnet.conf¶
The SERVICE_URL in ccnet.conf informs Seafile about the chosen domain, protocol and port. Change the SERVICE_URLso as to account for the switch from HTTP to HTTPS and to correspond to your host name (the http://must not be removed):
SERVICE_URL = https://seafile.example.com
Note: TheSERVICE_URL can also be modified in Seahub via System Admininstration > Settings. If SERVICE_URL is configured via System Admin and in ccnet.conf, the value in System Admin will take precedence. Modifying seahub_settings.py¶
The FILE_SERVER_ROOT in seahub_settings.py informs Seafile about the location of and the protocol used by the file server. Change the FILE_SERVER_ROOTso as to account for the switch from HTTP to HTTPS and to correspond to your host name (the trailing /seafhttp must not be removed):
FILE_SERVER_ROOT = 'https://seafile.example.com/seafhttp'
Note: TheFILE_SERVER_ROOT can also be modified in Seahub via System Admininstration > Settings. If FILE_SERVER_ROOT is configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence. Modifying seafile.conf (optional)¶
To improve security, the file server should only be accessible via Apache.
Add the following line in the [fileserver] block on seafile.conf in /opt/seafile/conf:
host = 127.0.0.1 ## default port 0.0.0.0
After his change, the file server only accepts requests from Apache. Starting Seafile and Seahub¶
Restart the seaf-server and Seahub for the config changes to take effect:
su seafile cd /opt/seafile/seafile-server-latest ./seafile.sh restart ./seahub.sh restart