Bi-directional Sync: Seafile
Installing Seafile
First, as there will probably be a lot of files, increase file limit with ulimit -n 50000 (check with ulimit -a | grep open, default is 1024).
By default Seafile is using SQLite3, and they state that with less than
100 users, there is no reason to use MySQL. Also note that we’ll install
everything under new user safecloud.
sudo apt-get install -y python2.7 python-setuptools python-simplejson python-imaging python-flup sqlite3
sudo adduser --disabled-login --gecos "Seafile Cloud" safecloud
sudo su - safecloud
Download Seafile for server:
mkdir -p seafile/installed cloudstorage
cd seafile;
wget -c https://bintray.com/artifact/download/seafile-org/seafile/seafile-server_5.1.3_x86-64.tar.gz
tar -xzf seafile-server_*_x86-64.tar.gz
mv seafile-server_*_x86-64.tar.gz installed/
Start install:
cd seafile-server-*/
./setup-seafile.sh
I’ve decided to use standard these values:
Data folder: ~/cloudstorage
Server name: safecloud
Server domain: safe.etaktiker.com
Seafile fileserver: 8082
Seahub: 8000
Seahub is the web interface for seafile server.
cd ~/seafile/seafile-server-latest
./seafile.sh start
./seahub.sh start
When you start seahub for the first time, it will ask you for first user.
http://safe.etaktiker.com:8000/
Configure nginx
/* HSTS header */
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
Now, century old problem of location block for nginx:
# Seafile Cloud Storage
#
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
server_tokens off;
location ^~ /cloud/ {
rewrite ^/cloud(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
}
location ^~ /media/ {
root /home/safecloud/seafile/seafile-server-latest/seahub;
}
location ^~ /lib/ { try_files /dummy_nonexistant_file @seahub; }
location ^~ /thumbnail/ { try_files /dummy_nonexistant_file @seahub; }
location ^~ /repo/ { try_files /dummy_nonexistant_file @seahub; }
location ~ / {
try_files /dummy_nonexistant_file @seahub;
}
# Seahub Web interface
#
location @seahub {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
You need to inform Seafile about domain, so modify this line in
/home/safecloud/seafile/conf/ccnet.conf:
SERVICE_URL = https://safe.etaktiker.com
Add this line to /home/safecloud/seafile/conf/seahub_settings.py:
FILE_SERVER_ROOT = 'https://safe.etaktiker.com/cloud'
./seafile.sh start ./seahub.sh start-fastcgi
Issuing DB synchronization that fills in DBs with needed tables and superuser creation - the first user for your Seafile cloud.
cd ~/seafile/seafile-server-latest/seahub
export CCNET_CONF_DIR=/home/safecloud/seafile/ccnet
export SEAFILE_CONF_DIR=/home/safecloud/cloudstorage
INSTALLPATH=/home/safecloud/seafile/seafile-server-latest
export PYTHONPATH=${INSTALLPATH}/seafile/lib/python2.6/site-packages:${INSTALLPATH}/seafile/lib64/python2.6/site-packages:${INSTALLPATH}/seahub/thirdpart:$PYTHONPATH
python manage.py syncdb
python manage.py createsuperuser
cd /home/safecloud/seafile/seafile-server-latest
./seahub.sh start-fastcgi
There is no need to change any firewall settings on server, as we are proxying through web server. If we didn’t, we would open 2 ports, 8000 and 8082.
Prerequisites
Before continuing, we must install fastcgi module.
apt-get -y install libapache2-mod-fastcgi
We also must enable that and couple more apache modules, for various
purposes. Modules are enabled in Tools & Settings > Apache Web Server Settings.
We need obviously fastcgi module and mod_proxy - options are proxy and
fastcgi. Note that we also must activate proxy_http besides proxy or
you will get error like: proxy: No protocol handler was valid for the URL.
And at the end, we also need headers module, not directly
because of main task, but we want to set HSTS headers.
Now, let’s first create also one important thing:
echo "FastCGIExternalServer /var/www/vhosts/etaktiker.com/web/seahub.fcgi -host 127.0.0.1:8000" >> /etc/apache2/apache2.conf
service apache2 restart
Finaly, in Plesk, write in non-SSL directives area:
# force HTTPS, but allow Let's Encrypt to renew
#
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/.well-known/
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,QSA]
And the important one - in HTTPS part:
# Set HSTS
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Alias /media /home/safecloud/seafile/seafile-server-latest/seahub/media
RewriteEngine On
# seafile httpserver
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
# seahub
RewriteRule ^/(media.*)$ /$1 [QSA,L,PT]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /seahub.fcgi/$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# RewriteRule ^/(seafile.*)$ /seahub.fcgi/$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Start at boot
Everything as in manual.
cat <<'EOF' > /etc/init.d/seafile-server
#!/bin/bash
# Change the value of "user" to your linux user name
user=safecloud
# Change the value of "seafile_dir" to your path of seafile installation
# usually the home directory of $user
seafile_dir=/home/safecloud/seafile
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to falst if fastcgi is not used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
#
# Write a polite log message with date and time
#
echo -e "\n \n About to perform $1 for seafile at `date -Iseconds` \n " >> ${seafile_init_log}
echo -e "\n \n About to perform $1 for seahub at `date -Iseconds` \n " >> ${seahub_init_log}
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
EOF
# Make it executable
#
chmod +x /etc/init.d/seafile-server
cat <<'EOF' > /etc/init/seafile-server.conf
start on (runlevel [2345])
stop on (runlevel [016])
pre-start script
/etc/init.d/seafile-server start
end script
post-stop script
/etc/init.d/seafile-server stop
end script
EOF
Now, you can control it with:
service seafile-server restart
Usage & debugging
Checking problems on client
Right click on system tray and select Open logs folder.
Bug on client: This is how I found out that there is a bug in client which in reality forbids to change /seafhttp value from default as it
is by error hardcoded in client.
The library is stuck at indexing files, and in debug files is message: Bad response code for GET http:/xxx:8000/seafhttp/protocol-version: 404., as stated here
Encrypted Library
File encryption/decryption is performed in the client-side when using the desktop client for file syncing. The password is not stored in the server and nobody, not even system administrator, can’t view the file contents on server without that password.
SSH/FTP: etaktiker_com / pass
Seafile Admin: v@etk.rs / pass
Encrypted library password, if ever needed: pass
https://safe.etaktiker.com/ (Let’s Encrypt SSL Certificate)
Upgrade to Pro edition with 3 free users
Migrate from Seafile Community Server · Seafile Server Manual
You don’t really need a license file to start the Seafile Professional server for up to 3 users.
sudo apt-get install python-urllib3 poppler-utils default-jre
# Download URL, after registering:
# https://download.seafile.de/server/professional/linux/
sudo su - safecloud
# Stop community version
cd ~safecloud/seafile
cd seafile-server-latest
./seafile.sh stop
./seahub.sh stop
# Download
cd ~safecloud/seafile/
wget --user=cvladan@gmail.com --password=MQ3xrOHTBeiFJh7LS https://download.seafile.de/server/professional/linux/seafile-pro-server_5.1.8_x86-64.tar.gz
tar -xzf seafile-pro-server_*_x86-64.tar.gz
mv seafile-pro-server_*_x86-64.tar.gz installed/
# Upgrade
cd ~safecloud/seafile/
cd seafile-pro-server-*/
./pro/pro.py setup --migrate
# Start pro version
cd ~safecloud/seafile/seafile-pro-server-*/
./seafile.sh start
./seahub.sh start
cd ~safecloud/seafile/seafile-server-latest; ./seafile.sh start; ./seahub.sh start;
Details about File Search · Seafile Server Manual
- The search module uses an Elasticsearch server bundled with the Seafile Professional Server.
- The search index is updated every 10 minutes by default.
- Also note that encrypted files cannot be indexed or searched.