15308555518/ seafile-admin-docs
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-admin-docs.git synced 2025-12-25 18:22:48 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

update 12.0 pro from binary

This commit is contained in:
Junxiang Huang 2024-12-17 17:37:39 +08:00
parent 3085e52d35
commit 30ecde5acc
4 changed files with 288 additions and 343 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
manual/setup_binary/fail2ban.md
View File

@ -1,147 +0,0 @@
# seafile-authentication-fail2ban
#### What is fail2ban ?
Fail2ban is an intrusion prevention software framework which protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.
(Definition from wikipedia - https://en.wikipedia.org/wiki/Fail2ban)
#### Why do I need to install this fail2ban's filter ?
To protect your seafile website against brute force attemps. Each time a user/computer tries to connect and fails 3 times, a new line will be write in your seafile logs (`seahub.log`).
Fail2ban will check this log file and will ban all failed authentications with a new rule in your firewall.
## Installation
#### Change to right Time Zone in seahub_settings.py
!!! danger "Without this your Fail2Ban filter will not work"
You need to add the following settings to seahub_settings.py but change it to your own time zone.
```
# TimeZone
TIME_ZONE = 'Europe/Stockholm'
```
#### Copy and edit jail.local file
!!! warning "this file may override some parameters from your `jail.conf` file"
Edit `jail.local` with :
* ports used by your seafile website (e.g. `http,https`) ;
* logpath (e.g. `/home/yourusername/logs/seahub.log`) ;
* maxretry (default to 3 is equivalent to 9 real attemps in seafile, because one line is written every 3 failed authentications into seafile logs).
#### Create the file `jail.local` in `/etc/fail2ban` with the following content:
```
# All standard jails are in the file configuration located
# /etc/fail2ban/jail.conf
# Warning you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local
# Change logpath with your file log used by seafile (e.g. seahub.log)
# Also you can change the max retry var (3 attemps = 1 line written in the
# seafile log)
# So with this maxrety to 1, the user can try 3 times before his IP is banned
[seafile]
enabled = true
port = http,https
filter = seafile-auth
logpath = /home/yourusername/logs/seahub.log
maxretry = 3
```
#### Create the fail2ban filter file `seafile-auth.conf` in `/etc/fail2ban/filter.d` with the following content:
```
# Fail2Ban filter for seafile
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = seaf-server
failregex = Login attempt limit reached.*, ip: <HOST>
ignoreregex =
# DEV Notes:
#
# pattern : 2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: <user>, ip: 1.2.3.4, attemps: 3
# 2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip: 1.2.3.4, attempts: 3
```
#### Restart fail2ban
Finally, just restart fail2ban and check your firewall (iptables for me) :
```
sudo fail2ban-client reload
sudo iptables -S
```
Fail2ban will create a new chain for this jail.
So you should see these new lines :
```
...
-N fail2ban-seafile
...
-A fail2ban-seafile -j RETURN
```
## Tests
To do a simple test (but you have to be an administrator on your seafile server) go to your seafile webserver URL and try 3 authentications with a wrong password.
Actually, when you have done that, you are banned from http and https ports in iptables, thanks to fail2ban.
To check that :
on fail2ban
```
denis@myserver:~$ sudo fail2ban-client status seafile
Status for the jail: seafile
|- filter
| |- File list: /home/<youruser>/logs/seahub.log
| |- Currently failed: 0
| `- Total failed: 1
`- action
|- Currently banned: 1
| `- IP list: 1.2.3.4
`- Total banned: 1
```
on iptables :
```
sudo iptables -S
...
-A fail2ban-seafile -s 1.2.3.4/32 -j REJECT --reject-with icmp-port-unreachable
...
```
To unban your IP address, just execute this command :
```
sudo fail2ban-client set seafile unbanip 1.2.3.4
```
!!! tip
As three (3) failed attempts to login will result in one line added in seahub.log a Fail2Ban jail with the settings maxretry = 3 is the same as nine (9) failed attempts to login.

88
manual/setup_binary/https_with_nginx.md
View File

@ -25,61 +25,59 @@ The setup proceeds in two steps: First, Nginx is installed. Second, a SSL certif
Install Nginx using the package repositories:
=== "Debian/Ubuntu"
```sh
sudo apt install nginx -y
```
=== "CentOS"
```bash
$ sudo yum install nginx -y
```
=== "Debian"
```sh
$ sudo apt install nginx -y
sudo yum install nginx -y
```
After the installation, start the server and enable it so that Nginx starts at system boot:
```bash
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl enable nginx
```
### Preparing Nginx
The configuration of a proxy server in Nginx differs slightly between CentOS and Debian/Ubuntu. Additionally, the restrictive default settings of SELinux's configuration on CentOS require a modification.
#### Preparing Nginx on CentOS
=== "Debian/Ubuntu"
Create a configuration file for seafile in `/etc/nginx/sites-available/`:
Switch SELinux into permissive mode and perpetuate the setting:
```bash
touch /etc/nginx/sites-available/seafile.conf
```
``` bash
$ sudo setenforce permissive
$ sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
```
Delete the default files in `/etc/nginx/sites-enabled/` and `/etc/nginx/sites-available`:
Create a configuration file for seafile in `/etc/nginx/conf.d`:
````bash
rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default
````
```bash
$ touch /etc/nginx/conf.d/seafile.conf
```
Create a symbolic link:
#### Preparing Nginx on Debian/Ubuntu
````bash
ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf
````
=== "CentOS"
Create a configuration file for seafile in `/etc/nginx/sites-available/`:
Switch SELinux into permissive mode and perpetuate the setting:
```bash
$ touch /etc/nginx/sites-available/seafile.conf
```
``` bash
sudo setenforce permissive
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config
```
Delete the default files in `/etc/nginx/sites-enabled/` and `/etc/nginx/sites-available`:
Create a configuration file for seafile in `/etc/nginx/conf.d`:
````bash
$ rm /etc/nginx/sites-enabled/default
$ rm /etc/nginx/sites-available/default
````
Create a symbolic link:
````bash
$ ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf
````
```bash
touch /etc/nginx/conf.d/seafile.conf
```
### Configuring Nginx
@ -145,8 +143,8 @@ The default value for `client_max_body_size` is 1M. Uploading larger files will
Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect:
```bash
$ nginx -t
$ nginx -s reload
nginx -t
nginx -s reload
```
@ -167,7 +165,7 @@ Second, follow the detailed instructions then shown.
We recommend that you get just a certificate and that you modify the Nginx configuration yourself:
```bash
$ sudo certbot certonly --nginx
sudo certbot certonly --nginx
```
Follow the instructions on the screen.
@ -177,6 +175,9 @@ Upon successful verification, Certbot saves the certificate files in a directory
### Modifying Nginx configuration file
!!! tip
Normally, your nginx configuration can be automatically managed by a certificate manager (e.g., CertBot) after you install the certificate. If you find that your nginx is already listening on port 443 through the certificate manager after installing the certificate, you can skip this step.
Add an server block for port 443 and a http-to-https redirect to the `seafile.conf` configuration file in `/etc/nginx`.
This is a (shortened) sample configuration for the host name seafile.example.com:
@ -257,7 +258,8 @@ The `FILE_SERVER_ROOT` in [seahub_settings.py](../config/seahub_settings_py.md)
FILE_SERVER_ROOT = 'https://seafile.example.com/seafhttp'
```
Note: The `SERVICE_URL` and `FILE_SERVER_ROOT` can also be modified in Seahub via System Admininstration > Settings. If they are configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence.
!!! tip "More convenient"
The `SERVICE_URL` and `FILE_SERVER_ROOT` can also be modified in Seahub via **System Admininstration** > **Settings**. If they are configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence.
### Modifying seafile.conf (optional)
@ -276,10 +278,10 @@ After his change, the file server only accepts requests from Nginx.
Restart the seaf-server and Seahub for the config changes to take effect:
```bash
$ su seafile
$ cd /opt/seafile/seafile-server-latest
$ ./seafile.sh restart
$ ./seahub.sh restart # or "./seahub.sh start-fastcgi" if you're using fastcgi
su seafile
cd /opt/seafile/seafile-server-latest
./seafile.sh restart
./seahub.sh restart # or "./seahub.sh start-fastcgi" if you're using fastcgi
```
## Additional modern settings for Nginx (optional)
@ -357,7 +359,7 @@ The following sample Nginx configuration file for the host name seafile.example.
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
rewrite ^/seafhttp(.*)$1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -388,7 +390,7 @@ HSTS instructs web browsers to automatically use HTTPS. That means, after the fi
Enable Diffie-Hellman (DH) key-exchange. Generate DH parameters and write them in a .pem file using the following command:
```bash
$ openssl dhparam 2048 > /etc/nginx/dhparam.pem # Generates DH parameter of length 2048 bits
openssl dhparam 2048 > /etc/nginx/dhparam.pem # Generates DH parameter of length 2048 bits
```
The generation of the the DH parameters may take some time depending on the server's processing power.

395
manual/setup_binary/installation_pro.md
View File

@ -17,112 +17,73 @@ These instructions assume that MySQL/MariaDB server and client are installed and
### Installing prerequisites
=== "Seafile 9.0.x"
=== "Ubuntu 20.04/Debian 10/Ubuntu 18.04"
```
apt-get update
apt-get install -y python3 python3-setuptools python3-pip python3-ldap libmysqlclient-dev
apt-get install -y memcached libmemcached-dev
apt-get install -y poppler-utils
!!! tip
The standard directory `/opt/seafile` is assumed for the rest of this manual. If you decide to put Seafile in another directory, some commands need to be modified accordingly
pip3 install --timeout=3600 django==3.2.* future mysqlclient pymysql Pillow pylibmc \
captcha jinja2 sqlalchemy==1.4.3 psd-tools django-pylibmc django-simple-captcha pycryptodome==3.12.0 cffi==1.14.0 lxml
```
=== "Centos 8"
=== "Debian 12"
!!! note
Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with `source python-venv/bin/activate`.
```
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv
sudo apt-get install -y memcached libmemcached-dev
```
sudo yum install python3 python3-setuptools python3-pip python3-devel mysql-devel gcc -y
sudo yum install poppler-utils -y
# create the data directory
mkdir /opt/seafile
cd /opt/seafile
sudo pip3 install --timeout=3600 django==3.2.* Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.4.3 \
django-pylibmc django-simple-captcha python3-ldap mysqlclient pycryptodome==3.12.0 cffi==1.14.0 lxml
```
=== "Seafile 10.0.x"
=== "Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10"
```
apt-get update
apt-get install -y python3 python3-setuptools python3-pip python3-ldap libmysqlclient-dev
apt-get install -y memcached libmemcached-dev
apt-get install -y poppler-utils
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
sudo pip3 install --timeout=3600 django==3.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==1.4.44 \
psd-tools django-pylibmc django_simple_captcha==0.5.20 djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml
```
=== "Seafile 11.0.x"
=== "Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10"
```
# on (on , it is almost the same)
apt-get update
apt-get install -y python3 python3-dev python3-setuptools python3-pip python3-ldap libmysqlclient-dev ldap-utils libldap2-dev dnsutils
apt-get install -y memcached libmemcached-dev
apt-get install -y poppler-utils
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
sudo pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 python-ldap==3.4.3 lxml
```
=== "Debian 12"
!!! note
Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with `source python-venv/bin/activate`.
```
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv
sudo apt-get install -y memcached libmemcached-dev
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3
```
=== "Ubuntu 24.04"
!!! note
Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with `source python-venv/bin/activate`.
mkdir /opt/seafile
cd /opt/seafile
```
# Ubuntu 24.04
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev python3.12-venv
sudo apt-get install -y memcached libmemcached-dev
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
# create the data directory
mkdir /opt/seafile
cd /opt/seafile
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3
```
=== "Ubuntu 24.04 with virtual env"
!!! note
Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with `source python-venv/bin/activate`.
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
```
# Ubuntu 24.04
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev python3.12-venv
sudo apt-get install -y memcached libmemcached-dev
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.16.0 lxml python-ldap==3.4.3
```
=== "Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10"
```
# on (on , it is almost the same)
apt-get update
apt-get install -y python3 python3-dev python3-setuptools python3-pip python3-ldap libmysqlclient-dev ldap-utils libldap2-dev dnsutils
apt-get install -y memcached libmemcached-dev
apt-get install -y poppler-utils
mkdir /opt/seafile
cd /opt/seafile
# create the data directory
mkdir /opt/seafile
cd /opt/seafile
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.16.0 lxml python-ldap==3.4.3
```
### Installing Java Runtime Environment
Java Runtime Environment (JRE) is no longer needed in Seafile version 12.0.
### Creating the programm directory
The standard directory for Seafile's program files is `/opt/seafile`. Create this directory and change into it:
```
mkdir /opt/seafile
cd /opt/seafile
```
The program directory can be changed. The standard directory `/opt/seafile` is assumed for the rest of this manual. If you decide to put Seafile in another directory, some commands need to be modified accordingly.
sudo pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 python-ldap==3.4.3 lxml
```
### Creating user seafile
@ -156,9 +117,9 @@ Save the license file in Seafile's programm directory `/opt/seafile`. Make sure
The install packages for Seafile PE are available for download in the the [Seafile Customer Center](https://customer.seafile.com). To access the Customer Center, a user account is necessary. The registration is free.
Beginning with Seafile PE 7.0.17, the Seafile Customer Center provides two install packages for every version (using Seafile PE 8.0.4 as an example):
Beginning with Seafile PE 7.0.17, the Seafile Customer Center provides two install packages for every version (using Seafile PE 12.0.6 as an example):
* _seafile-pro-server_8.0.4_x86-64_Ubuntu.tar.gz_, compiled in Ubuntu environment
* _seafile-pro-server_12.0.6_x86-64_Ubuntu.tar.gz_, compiled in Ubuntu environment
The former is suitable for installation on Ubuntu/Debian servers, the latter for CentOS servers.
@ -170,7 +131,7 @@ Download the install package using wget (replace the x.x.x with the version you
wget -O 'seafile-pro-server_x.x.x_x86-64_Ubuntu.tar.gz' 'VERSION_SPECIFIC_LINK_FROM_SEAFILE_CUSTOMER_CENTER'
```
We use Seafile version 8.0.4 as an example in the remainder of these instructions.
We use Seafile version 12.0.6 as an example in the remainder of these instructions.
### Uncompressing the package
@ -180,7 +141,7 @@ Uncompress the package using tar:
```
# Debian/Ubuntu
tar xf seafile-pro-server_8.0.4_x86-64_Ubuntu.tar.gz
tar xf seafile-pro-server_12.0.6_x86-64_Ubuntu.tar.gz
```
Now you have:
@ -189,15 +150,21 @@ Now you have:
$ tree -L 2 /opt/seafile
.
├── seafile-license.txt
└── seafile-pro-server-8.0.4
│   ├── check-db-type.py
├── python-venv # this section only exists in Debian 12 and Ubuntu 24.04
│   ├── bin
│   ├── include
│   ├── lib
│   ├── lib64 -> lib
│   └── pyvenv.cfg
├── seafile-pro-server-12.0.6
│   ├── check_init_admin.py
│   ├── create-db
│   ├── index_op.py
│   ├── migrate.py
│   ├── migrate-repo.py
│   ├── migrate-repo.sh
│   ├── migrate.py
│   ├── migrate.sh
│   ├── migrate_ldapusers.py
│   ├── parse_seahub_db.py
│   ├── pro
│   ├── remove-objs.py
│   ├── remove-objs.sh
@ -211,64 +178,147 @@ $ tree -L 2 /opt/seafile
│   ├── seaf-fsck.sh
│   ├── seaf-fuse.sh
│   ├── seaf-gc.sh
│   ├── seaf-gen-key.sh
│   ├── seaf-import.sh
│   ├── seafile
│   ├── seafile-background-tasks.sh
│   ├── seafile-monitor.sh
│   ├── seafile.sh
│   ├── seaf-import.sh
│   ├── seahub
│   ├── seahub-extra
│   ├── seahub.sh
│   ├── setup-seafile-mysql.py
│   ├── setup-seafile-mysql.sh
│   ├── setup-seafile.sh
│   ├── sql
│   └── upgrade
└── seafile-pro-server_8.0.4_x86-64.tar.gz
└── seafile-pro-server_12.0.6_x86-64_Ubuntu.tar.gz
```
!!! tip
The names of the install packages differ for Seafile CE and Seafile PE. Using Seafile CE and Seafile PE 8.0.4 as an example, the names are as follows:
The names of the install packages differ for Seafile CE and Seafile PE. Using Seafile CE and Seafile PE 12.0.6 as an example, the names are as follows:
* Seafile CE: `seafile-server_8.0.4_x86-86.tar.gz`; uncompressing into folder `seafile-server-8.0.4`
* Seafile PE: `seafile-pro-server_8.0.4_x86-86.tar.gz`; uncompressing into folder `seafile-pro-server-8.0.4`
* Seafile CE: `seafile-server_12.0.6_x86-86.tar.gz`; uncompressing into folder `seafile-server-12.0.6`
* Seafile PE: `seafile-pro-server_12.0.6_x86-86.tar.gz`; uncompressing into folder `seafile-pro-server-12.0.6`
### Run the setup script
### Setting up Seafile Pro
The setup process of Seafile PE is the same as the Seafile CE. See [Installation of Seafile Server Community Edition with MySQL/MariaDB](./installation_ce.md).
The install package comes with a script that sets Seafile up for you. Specifically, the script creates the required directories and extracts all files in the right place. It can also create a MySQL user and the three databases that [Seafile's components](../introduction/components.md) require:
After the successful completition of the setup script, the directory layout of Seafile PE looks as follows (some folders only get created after the first start, e.g. `logs`):
* ccnet server
* seafile server
* seahub
**For Seafile 7.1.x and later**
!!! note "While ccnet server was merged into the seafile-server in Seafile 8.0, the corresponding database is still required for the time being"
Run the script as user seafile:
!!! note
For installations using python virtual environment, activate it if it isn't already active
```sh
source python-venv/bin/activate
```
```
$ tree -L 2 /opt/seafile
.
├── seafile-license.txt # license file
├── ccnet
├── conf # configuration files
│ └── ccnet.conf
│ └── gunicorn.conf.py
│ └── __pycache__
│ └── seafdav.conf
│ └── seafevents.conf
│ └── seafile.conf
│ └── seahub_settings.py
├── logs # log files
├── pids # process id files
├── pro-data # data specific for Seafile PE
├── seafile-data # object database
├── seafile-pro-server-8.0.4
│   ├── check-db-type.py
cd seafile-pro-server-12.0.6
./setup-seafile-mysql.sh
```
Configure your Seafile Server by specifying the following three parameters:
| Option | Description | Note |
| --------------------- | ---------------------------------------------------- | ------------------------------------------------------------ |
| server name | Name of the Seafile Server | 3-15 characters, only English letters, digits and underscore ('\_') are allowed |
| server's ip or domain | IP address or domain name used by the Seafile Server | Seafile client program will access the server using this address |
| fileserver port | TCP port used by the Seafile fileserver | Default port is 8082, it is recommended to use this port and to only change it if is used by other service |
In the next step, choose whether to create new databases for Seafile or to use existing databases. The creation of new databases requires the root password for the SQL server.
![grafik](../images/seafile-setup-database.png)
!!! note
If you don't have the root password, you need someone who has the privileges, e.g., the database admin, to create the three databases required by Seafile, as well as a MySQL user who can access the databases. For example, to create three databases `ccnet_db` / `seafile_db` / `seahub_db` for ccnet/seafile/seahub respectively, and a MySQL user "seafile" to access these databases run the following SQL queries:
```
create database `ccnet_db` character set = 'utf8';
create database `seafile_db` character set = 'utf8';
create database `seahub_db` character set = 'utf8';
create user 'seafile'@'localhost' identified by 'seafile';
GRANT ALL PRIVILEGES ON `ccnet_db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seafile_db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seahub_db`.* to `seafile`@localhost;
```
=== "\[1] Create new ccnet/seafile/seahub databases"
The script creates these databases and a MySQL user that Seafile Server will use to access them. To this effect, you need to answer these questions:
| Question | Description | Note |
| ------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
| mysql server host | Host address of the MySQL server | Default is localhost |
| mysql server port | TCP port used by the MySQL server | Default port is 3306; almost every MySQL server uses this port |
| mysql root password | Password of the MySQL root account | The root password is required to create new databases and a MySQL user |
| mysql user for Seafile | MySQL user created by the script, used by Seafile's components to access the databases | Default is seafile; the user is created unless it exists |
| mysql password for Seafile user | Password for the user above, written in Seafile's config files | Percent sign ('%') is not allowed |
| database name | Name of the database used by ccnet | Default is "ccnet_db", the database is created if it does not exist |
| seafile database name | Name of the database used by Seafile | Default is "seafile_db", the database is created if it does not exist |
| seahub database name | Name of the database used by seahub | Default is "seahub_db", the database is created if it does not exist |
=== "\[2] Use existing ccnet/seafile/seahub databases"
The prompts you need to answer:
| Question | Description | Note |
| ------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ |
| mysql server host | Host address of the MySQL server | Default is localhost |
| mysql server port | TCP port used by MySQL server | Default port is 3306; almost every MySQL server uses this port |
| mysql user for Seafile | User used by Seafile's components to access the databases | The user must exists |
| mysql password for Seafile user | Password for the user above | |
| ccnet database name | Name of the database used by ccnet, default is "ccnet_db" | The database must exist |
| seafile database name | Name of the database used by Seafile, default is "seafile_db" | The database must exist |
| seahub dabase name | Name of the database used by Seahub, default is "seahub_db" | The database must exist |
If the setup is successful, you see the following output:
![grafik](../images/seafile-setup-output.png)
The directory layout then looks as follows:
```
/opt/seafile
├── seafile-license.txt
├── ccnet
├── conf
│   ├── gunicorn.conf.py
│   ├── seafdav.conf
│   ├── seafevents.conf
│   ├── seafile.conf
│   └── seahub_settings.py
├── pro-data
├── python-venv
│   ├── bin
│   ├── include
│   ├── lib
│   ├── lib64 -> lib
│   └── pyvenv.cfg
├── seafile-data
│   └── library-template
├── seafile-pro-server-12.0.6
│   ├── check_init_admin.py
│   ├── create-db
│   ├── index_op.py
│   ├── migrate.py
│   ├── migrate-repo.py
│   ├── migrate-repo.sh
│   ├── migrate.py
│   ├── migrate.sh
│   ├── migrate_ldapusers.py
│   ├── parse_seahub_db.py
│   ├── pro
│   ├── remove-objs.py
│   ├── remove-objs.sh
│   ├── reset-admin.sh
│   ├── run_index_master.sh
│   ├── run_index_worker.sh
@ -279,24 +329,26 @@ $ tree -L 2 /opt/seafile
│   ├── seaf-fsck.sh
│   ├── seaf-fuse.sh
│   ├── seaf-gc.sh
│   ├── seaf-gen-key.sh
│   ├── seaf-import.sh
│   ├── seafile
│   ├── seafile-background-tasks.sh
│   ├── seafile-monitor.sh
│   ├── seafile.sh
│   ├── seaf-import.sh
│   ├── seahub
│   ├── seahub-extra
│   ├── seahub.sh
│   ├── setup-seafile-mysql.py
│   ├── setup-seafile-mysql.sh
│   ├── setup-seafile.sh
│   ├── sql
│   └── upgrade
├── seafile-server-latest -> seafile-pro-server-8.0.4
├── seahub-data
└── avatars # user avatars
├── seafile-pro-server_12.0.6_x86-64_Ubuntu.tar.gz
├── seafile-server-latest -> seafile-pro-server-12.0.6
└── seahub-data
└── avatars
```
The folder `seafile-server-latest` is a symbolic link to the current Seafile Server folder. When later you upgrade to a new version, the upgrade scripts update this link to point to the latest Seafile Server folder.
### Setup Memory Cache
Memory cache is mandatory for pro edition. You may use Memcached or Reids as cache server.
@ -334,29 +386,70 @@ Memory cache is mandatory for pro edition. You may use Memcached or Reids as cac
2. refer to [Django's documentation about using Redis cache](https://docs.djangoproject.com/en/4.2/topics/cache/#redis) to add Redis configurations to `seahub_settings.py`.
### Enabling HTTP/HTTPS
### Enabling HTTP/HTTPS (Optional but Recommended)
You need at least setup HTTP to make Seafile's web interface work. This manual provides instructions for enabling HTTP/HTTPS for the two most popular web servers and reverse proxies:
* [Nginx](./https_with_nginx.md)
* [Apache](./https_with_apache.md)
### Create the `.env` file in conf/ directory
!!! tip
`JWT_PRIVATE_KEY`, A random string with a length of no less than 32 characters can be generated from:
```sh
pwgen -s 40 1
```
```sh
nano /opt/seafile/conf/.env
```
```env
JWT_PRIVATE_KEY=<Your jwt private key>
SEAFILE_SERVER_PROTOCOL=https
SEAFILE_SERVER_HOSTNAME=seafile.example.com
SEAFILE_MYSQL_DB_HOST=<your database host>
SEAFILE_MYSQL_DB_PORT=3306
SEAFILE_MYSQL_DB_USER=seafile
SEAFILE_MYSQL_DB_PASSWORD=<your MySQL password>
SEAFILE_MYSQL_DB_CCNET_DB_NAME=ccnet_db
SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=seafile_db
SEAFILE_MYSQL_DB_SEAHUB_DB_NAME=seahub_db
```
## Starting Seafile Server
Run the following commands in `/opt/seafile/seafile-server-latest`:
```
# For installations using python virtual environment, activate it if it isn't already active
source python-venv/bin/activate
!!! note
For installations using python virtual environment, activate it if it isn't already active
```sh
source python-venv/bin/activate
```
```
su seafile
./seafile.sh start # Start Seafile service
./seahub.sh start # Start seahub website, port defaults to 127.0.0.1:8000
```
!!! success
The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password.
The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password, i.e.:
Now you can access Seafile via the web interface at the host address (e.g., http://1.2.3.4:80).
```
What is the email for the admin account?
[ admin email ] <please input your admin's email>
What is the password for the admin account?
[ admin password ] <please input your admin's password>
Enter the password again:
[ admin password again ] <please input your admin's password again>
```
Now you can access Seafile via the web interface at the host address (e.g., https://seafile.example.com).
## Enabling full text search
@ -370,12 +463,12 @@ Our recommendation for deploying ElasticSearch is using Docker. Detailed informa
Seafile PE 9.0 only supports ElasticSearch 7.x. Seafile PE 10.0, 11.0, 12.0 only supports ElasticSearch 8.x.
We use ElasticSearch version 7.16.2 as an example in this section. Version 7.16.2 and newer version have been successfully tested with Seafile.
We use ElasticSearch version 8.15.0 as an example in this section. Version 8.15.0 and newer version have been successfully tested with Seafile.
Pull the Docker image:
```
sudo docker pull elasticsearch:7.16.2
sudo docker pull elasticsearch:8.15.0
```
Create a folder for persistent data created by ElasticSearch and change its permission:
@ -413,15 +506,13 @@ Add the following configuration to `seafevents.conf`:
```
[INDEX FILES]
es_host = your elasticsearch server's IP # IP address of ElasticSearch host
# use 127.0.0.1 if deployed on the same server
es_port = 9200 # port of ElasticSearch host
interval = 10m # frequency of index updates in minutes
highlight = fvh # parameter for improving the search performance
es_host = <your elasticsearch server's IP, e.g., 127.0.0.1> # IP address of ElasticSearch host
es_port = 9200 # port of ElasticSearch host
```
Finally, restart Seafile:
```
su seafile
./seafile.sh restart && ./seahub.sh restart
```

1
mkdocs.yml
View File

@ -122,7 +122,6 @@ nav:
- Other deployment notes:
- Start Seafile at System Bootup: setup_binary/start_seafile_at_system_bootup.md
- Logrotate: setup_binary/using_logrotate.md
- Config fail2ban: setup_binary/fail2ban.md
- Migrate From SQLite to MySQL: setup_binary/migrate_from_sqlite_to_mysql.md
- Extensions:
- Extra Seafile components: