Since the beginning of this year, I have started using Seafile, and I absolutely love it as it offers simple data organization using libraries and reliable file synchronization between multiple devices with built-in encryption. Check for yourself as it is undoubtedly worth it.
Graphical user interface
Use the web-interface as the central administration interface. The desktop client uses a simple yet elegant design.
Android client provides quick access to the stored files, but the two-way synchronization functionality is not implemented.
Initial notes
Perform minimal Debian Jessie installation. Define static IP address, hostname.
I will use
private.example.org hostname and /private/seafile web-directory.Install and configure the OpenSSH server and sudo utility.
Synchronize system time using NTP protocol
Install chrony NTP implementation.
milosz@private:~$ sudo apt-get install chrony
Configure service to operates purely as an NTP client.
milosz@private:~$ sudo sed -i -e 's/^allow/#allow/' /etc/chrony/chrony.conf
Restart service.
milosz@private:~$ sudo systemctl restart chrony
Create a system user
Create seafile system user with defined /srv/seafile home directory.
milosz@private:~$ sudo useradd --system --create-home --home-dir /srv/seafile --shell /bin/bash seafile
Install application dependencies
Satisfy Seafile dependencies by installing the following packages.
milosz@private:~$ sudo apt-get install curl python2.7 libpython2.7 python-setuptools python-imaging sqlite3
Install Seafile server
Switch to seafile user.
milosz@private:~$ sudo su - seafile
Download the latest software version.
seafile@private:~$ curl -OL https://download.seafile.de/seafile-server_latest_x86-64.tar.gz
Extract downloaded archive.
seafile@private:~$ tar xvfz seafile-server_latest_x86-64.tar.gz
seafile@private:~$ ls
seafile-server-5.0.4 seafile-server_latest_x86-64.tar.gz
Change directory to the extracted one.
seafile@private:~$ cd seafile-server-5.0.4/
Start the installation process.
seafile@private:~/seafile-server-5.0.4$ bash setup-seafile.sh
Provide server name (it is a custom name), server domain (real server name), do not change other settings (data directory and recommended file-server port).
----------------------------------------------------------------- This script will guide you to config and setup your seafile server. Make sure you have read seafile server manual at https://github.com/haiwen/seafile/wiki Note: This script will guide your to setup seafile server using sqlite3, which may have problems if your disk is on a NFS/CIFS/USB. In these cases, we suggest you setup seafile server using MySQL. Press [ENTER] to continue ----------------------------------------------------------------- Checking packages needed by seafile ... Checking python on this machine ... Find python: python2.7 Checking python module: setuptools ... Done. Checking python module: python-imaging ... Done. Checking python module: python-sqlite3 ... Done. Checking for sqlite3 ... Done. Checking Done. What would you like to use as the name of this seafile server? Your seafile users will be able to see the name in their seafile client. You can use a-z, A-Z, 0-9, _ and -, and the length should be 3 ~ 15 [server name]: private What is the ip or domain of this server? For example, www.mycompany.com, or, 192.168.1.101 [This server's ip or domain]: private.example.org Where would you like to store your seafile data? Note: Please use a volume with enough free space. [default: /srv/seafile/seafile-data ] ⏎ What tcp port do you want to use for seafile fileserver? 8082 is the recommended port. [default: 8082 ] ⏎ This is your config information: server name: private server ip/domain: private.example.org seafile data dir: /srv/seafile/seafile-data fileserver port: 8082 If you are OK with the configuration, press [ENTER] to continue. Generating ccnet configuration in /srv/seafile/ccnet... done Successfully created configuration dir /srv/seafile/ccnet. Generating seafile configuration in /srv/seafile/seafile-data ... Done. ----------------------------------------------------------------- Seahub is the web interface for seafile server. Now let's setup seahub configuration. Press [ENTER] to continue ----------------------------------------------------------------- Creating seahub database now, it may take one minute, please wait... Done. creating seafile-server-latest symbolic link ... done ----------------------------------------------------------------- Your seafile server configuration has been completed successfully. ----------------------------------------------------------------- run seafile server: ./seafile.sh { start | stop | restart } run seahub server: ./seahub.sh { start <port> | stop | restart <port> } ----------------------------------------------------------------- If the server is behind a firewall, remember to open these tcp ports: ----------------------------------------------------------------- port of seafile fileserver: 8082 port of seahub: 8000 When problems occur, refer to https://github.com/haiwen/seafile/wiki for more information.
Verify the installation process
Start application services.
seafile@private:~/seafile-server-5.0.4$ ./seafile.sh start
seafile@private:~/seafile-server-5.0.4$ ./seahub.sh start
Connect to the port 8000 and verify that the installation process went fine.
Stop application services.
seafile@private:~/seafile-server-5.0.4$ ./seafile.sh stop
seafile@private:~/seafile-server-5.0.4$ ./seahub.sh stop
Install and configure the HTTP server.
Install nginx server.
milosz@private:~$ sudo apt-get install nginx
Configure the HTTP server.
milosz@private:~$ cat << EOF | sudo tee /etc/nginx/sites-enabled/default
server {
listen 443 ssl;
server_name private.example.org
ssl on;
ssl_certificate certs/private.pem;
ssl_certificate_key certs/private.key;
ssl_dhparam dhparams.pem;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
deny all;
}
location /private/seafile {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
fastcgi_read_timeout 36000;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /private/seafile-media/ {
alias /srv/seafile/seafile-server-latest/seahub/media/;
}
}
Notice that you need an SSL certificate and
DH parameters file.Update Seafile configuration
Modify seafile configuration to take into account /private/seafile web-directory.
seafile@private:~$ sed 's|SERVICE_URL .*|SERVICE_URL = https://private.example.org/private/seafile|' conf/ccnet.conf
seafile@private:~$ cat << EOF | tee -a conf/seahub_settings.py FILE_SERVER_ROOT = 'https://private.example.org/seafhttp' SERVE_STATIC = False MEDIA_URL = '/private/seafile-media/' COMPRESS_URL = MEDIA_URL STATIC_URL = MEDIA_URL + 'assets/' SITE_ROOT = '/private/seafile/' LOGIN_URL = '/private/seafile/accounts/login/' # NOTE: since version 5.0.4 EOF
Configure service startup
Configure seafile service.
milosz@private:~$ cat << EOF | sudo tee /etc/systemd/system/seafile.service [Unit] Description=Seafile server After=network.target [Service] Type=oneshot ExecStart=/srv/seafile/seafile-server-latest/seafile.sh start ExecStop=/srv/seafile/seafile-server-latest/seafile.sh stop RemainAfterExit=yes User=seafile Group=nogroup [Install] WantedBy=multi-user.target EOF
Enable seafile service.
milosz@private:~$ sudo systemctl enable seafile
Configure seahub service.
milosz@private:~$ cat << EOF | sudo tee /etc/systemd/system/seahub.service [Unit] Description=Seafile hub After=network.target seafile.service Requires=seafile.service [Service] Type=oneshot ExecStart=/srv/seafile/seafile-server-latest/seahub.sh start-fastcgi ExecStop=/srv/seafile/seafile-server-latest/seahub.sh stop User=seafile Group=nogroup RemainAfterExit=yes [Install] WantedBy=multi-user.target EOF
Enable seahub service.
milosz@private:~$ sudo systemctl enable seahub
Start both of the services.
milosz@private:~$ sudo systemctl start seahub
Install and configure the firewall
Install the Shorewall firewall configuration tool.
milosz@private:~$ sudo apt-get install shorewall
Configure firewall.
I won’t delve into details. The basic configuration is quite simple, so just inspect the mentioned manual pages.
milosz@private:~$ cat << EOF | sudo tee /etc/shorewall/zones # # Shorewall version 4 - Zones File # # For information about this file, type "man shorewall-zones" # # The manpage is also online at # http://www.shorewall.net/manpages/shorewall-zones.html # ############################################################################### #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall net ip EOF
milosz@private:~$ cat << EOF | sudo tee /etc/shorewall/interfaces # # Shorewall version 4 - Interfaces File # # For information about entries in this file, type "man shorewall-interfaces" # # The manpage is also online at # http://www.shorewall.net/manpages/shorewall-interfaces.html # ############################################################################### FORMAT 2 ############################################################################### #ZONE INTERFACE OPTIONS - lo ignore net all physical=+,optional EOF
milosz@private:~$ cat << EOF | sudo tee /etc/shorewall/policy # # Shorewall version 4 - Policy File # # For information about entries in this file, type "man shorewall-policy" # # The manpage is also online at # http://www.shorewall.net/manpages/shorewall-policy.html # ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK \$FW net ACCEPT net all DROP EOF
milosz@private:~$ cat << EOF | sudo tee /etc/shorewall/rules # # Shorewall version 4 - Rules File # # For information on the settings in this file, type "man shorewall-rules" # # The manpage is also online at # http://www.shorewall.net/manpages/shorewall-rules.html # ################################################################################################################################################################################### #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL RATE USER/ MARK CONNLIMIT TIME HEADERS SWITCH # PORT PORT(S) DEST LIMIT GROUP #SECTION ALL #SECTION ESTABLISHED #SECTION RELATED ?SECTION NEW SSH(ACCEPT) net \$FW - - - - s:ssh:3/min:5 Ping(ACCEPT) net \$FW HTTPS(ACCEPT) net \$FW EOF
milosz@private:~$ cat << EOF | tee /etc/shorewall/policy # # Shorewall version 4 - Policy File # # For information about entries in this file, type "man shorewall-policy" # # The manpage is also online at # http://www.shorewall.net/manpages/shorewall-policy.html # ############################################################################### #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK \$FW net ACCEPT net all DROP EOF
Allow shorewall to start.
milosz@private:~$ sudo sed -i "s/startup=0/startup=1/" /etc/default/shorewall
Enable shorewall service.
milosz@private:~$ sudo systemctl enable shorewall
Start shorewall service.
milosz@private:~$ sudo systemctl start shorewall
Additional notes
These are introductory installation notes. Further steps should include configuration of Monit, logrotate, sshguard/fail2ban, and memcached.
References
Script collection to setup production-ready Seafile server installations with HTTPS