update 12.0 s3

manual/setup/setup_ce_by_docker.md

@@ -47,9 +47,9 @@ The following fields merit particular attention:
 | `INIT_SEAFILE_MYSQL_ROOT_PASSWORD` | The `root` password of MySQL                                                                                  | (Only required on first deployment) |  
 | `SEAFILE_MYSQL_DB_USER`         | The user of MySQL (`database` - `user` can be found in `conf/seafile.conf`)                                    | `seafile`  |  
 | `SEAFILE_MYSQL_DB_PASSWORD`     | The user `seafile` password of MySQL                                                                          | (required)  |  
-| `SEAFILE_MYSQL_DB_CCNET_DB_NAME`     | The database name of ccnet | `ccnet`  |
-| `SEAFILE_MYSQL_DB_SEAFILE_DB_NAME`     | The database name of seafile | `seafile`  |
-| `SEAFILE_MYSQL_DB_SEAHUB_DB_NAME`     | The database name of seahub | `seahub`  |
+| `SEAFILE_MYSQL_DB_CCNET_DB_NAME`     | The database name of ccnet | `ccnet_db`  |
+| `SEAFILE_MYSQL_DB_SEAFILE_DB_NAME`     | The database name of seafile | `seafile_db`  |
+| `SEAFILE_MYSQL_DB_SEAHUB_DB_NAME`     | The database name of seahub | `seahub_db`  |
 | `JWT`                           | JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using `pwgen -s 40 1` | (required) |  
 | `SEAFILE_SERVER_HOSTNAME`       | Seafile server hostname or domain                                                                  | (required)  |  
 | `SEAFILE_SERVER_PROTOCOL`       | Seafile server protocol (http or https)                                                                       | `http` |  

manual/setup/setup_pro_by_docker.md

@@ -77,9 +77,9 @@ The following fields merit particular attention:
 | `INIT_SEAFILE_MYSQL_ROOT_PASSWORD` | The `root` password of MySQL                                                                                  | (Only required on first deployment) |   
 | `SEAFILE_MYSQL_DB_USER`         | The user of MySQL (`database` - `user` can be found in `conf/seafile.conf`)                                    | `seafile`  |  
 | `SEAFILE_MYSQL_DB_PASSWORD`     | The user `seafile` password of MySQL                                                                          | (required)  | 
-| `SEAFILE_MYSQL_DB_CCNET_DB_NAME`     | The database name of ccnet | `ccnet`  |
-| `SEAFILE_MYSQL_DB_SEAFILE_DB_NAME`     | The database name of seafile | `seafile`  |
-| `SEAFILE_MYSQL_DB_SEAHUB_DB_NAME`     | The database name of seahub | `seahub`  | 
+| `SEAFILE_MYSQL_DB_CCNET_DB_NAME`     | The database name of ccnet | `ccnet_db`  |
+| `SEAFILE_MYSQL_DB_SEAFILE_DB_NAME`     | The database name of seafile | `seafile_db`  |
+| `SEAFILE_MYSQL_DB_SEAHUB_DB_NAME`     | The database name of seahub | `seahub_db`  | 
 | `JWT`                           | JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using `pwgen -s 40 1` | (required) |  
 | `SEAFILE_SERVER_HOSTNAME`       | Seafile server hostname or domain                                                                  | (required)  |  
 | `SEAFILE_SERVER_PROTOCOL`       | Seafile server protocol (http or https)                                                                       | `http` |  

manual/setup/setup_with_amazon_s3.md

@@ -40,7 +40,7 @@ status: new
 
     The above modifications will generate the same configuration file as this manual and will take effect when the service is started for the first time.
 
-## Format
+## How to configurate S3 in Seafile
 Seafile configures S3 storage by adding or modifying the following section in `seafile.conf`:
 
 ```conf
@@ -63,10 +63,10 @@ You have to create at least **3** buckets for Seafile, corresponding to the sect
 | `key` | The `key` is required to authenticate you to S3. You can find the `key` in the "security credentials" section on your AWS account page. |  
 | `use_v4_signature` | There are two versions of authentication protocols that can be used with S3 storage: Version 2 (older, may still be supported by some regions) and Version 4 (current, used by most regions). If you don't set this option, Seafile will use the v2 protocol. It's suggested to use the v4 protocol. |  
 | `use_https` | Use https to connect to S3. It's recommended to use https. |
-| `aws_region` | (Optional) If you use the v4 protocol and AWS S3, set this option to the region you chose when you create the buckets. If it's not set and you're using the v4 protocol, Seafile will use `us-east-1` as the default. This option will be ignored if you use the v2 protocol. |
-| `host` | (Optional) The endpoint by which you access the storage service. Usually it starts with the region name. It's required to provide the host address, *otherwise Seafile will use AWS's address* (i.e., `s3.us-east-1.amazonaws.com`).|
-| `sse_c_key` | (Optional) A string of 32 characters can be generated by `openssl rand -base64 24`.  It's required to use V4 authentication protocol and https if you enable SSE-C. |
-| `path_style_request` | (Optional) This option asks Seafile to use URLs like `https://192.168.1.123:8080/bucketname/object` to access objects. In Amazon S3, the default URL format is in virtual host style, such as `https://bucketname.s3.amazonaws.com/object`. But this style relies on advanced DNS server setup. So most self-hosted storage systems only implement the path style format. So we recommend to set this option to true. |
+| `aws_region` | (**Optional**) If you use the v4 protocol and AWS S3, set this option to the region you chose when you create the buckets. If it's not set and you're using the v4 protocol, Seafile will use `us-east-1` as the default. This option will be ignored if you use the v2 protocol. |
+| `host` | (**Optional**) The endpoint by which you access the storage service. Usually it starts with the region name. It's required to provide the host address, *otherwise Seafile will use AWS's address* (i.e., `s3.us-east-1.amazonaws.com`).|
+| `sse_c_key` | (**Optional**) A string of 32 characters can be generated by `openssl rand -base64 24`.  It's required to use V4 authentication protocol and https if you enable SSE-C. |
+| `path_style_request` | (**Optional**) This option asks Seafile to use URLs like `https://192.168.1.123:8080/bucketname/object` to access objects. In Amazon S3, the default URL format is in virtual host style, such as `https://bucketname.s3.amazonaws.com/object`. But this style relies on advanced DNS server setup. So most self-hosted storage systems only implement the path style format. So we recommend to set this option to true. |
 
 [1]: <https://docs.aws.amazon.com/AmazonS3/latest/userguide/BucketRestrictions.html#bucketnamingrules> (Replace this placeholder with the actual link to the S3 bucket naming rules documentation if necessary)
 
@@ -87,6 +87,45 @@ You have to create at least **3** buckets for Seafile, corresponding to the sect
         - seafile block object
 
 
+### Use server-side encryption with customer-provided keys (SSE-C) in Seafile
+
+Since Pro 11.0, you can use SSE-C to S3. Add the following `sse_c_key` to seafile.conf (as shown in the above variables table):
+
+```conf
+[commit_object_backend]
+name = s3
+......
+use_v4_signature = true
+use_https = true
+sse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P
+
+[fs_object_backend]
+name = s3
+......
+use_v4_signature = true
+use_https = true
+sse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P
+
+[block_backend]
+name = s3
+......
+use_v4_signature = true
+use_https = true
+sse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P
+```
+
+`sse_c_key` is a string of 32 characters.
+
+You can generate sse_c_key with the following command：
+
+```
+openssl rand -base64 24
+```
+
+!!! warning
+
+    If you have existing data in your S3 storage bucket, turning on the above configuration will make your data inaccessible. That's because Seafile server doesn't support encrypted and non-encrypted objects mixed in the same bucket. You have to create a new bucket, and migrate your data to it by following [storage backend migration documentation](./migrate_backends_data.md#migrating-to-sse-c-encrypted-s3-storage).
+
 ## Example
 
 === "AWS"

manual/upgrade/upgrade_docker.md

@@ -65,9 +65,9 @@ Download [.env](../docker/ce/env), [seafile-server.yml](../docker/ce/seafile-ser
     | `INIT_SEAFILE_MYSQL_ROOT_PASSWORD` | The `root` password of MySQL                                                                                  | (Only required on first deployment) |  
     | `SEAFILE_MYSQL_DB_USER`         | The user of MySQL (`database` - `user` can be found in `conf/seafile.conf`)                                    | `seafile`  |  
     | `SEAFILE_MYSQL_DB_PASSWORD`     | The user `seafile` password of MySQL                                                                          | (required)  |  
-    | `SEAFILE_MYSQL_DB_CCNET_DB_NAME`     | The database name of ccnet | `ccnet`  |
-    | `SEAFILE_MYSQL_DB_SEAFILE_DB_NAME`     | The database name of seafile | `seafile`  |
-    | `SEAFILE_MYSQL_DB_SEAHUB_DB_NAME`     | The database name of seahub | `seahub`  |
+    | `SEAFILE_MYSQL_DB_CCNET_DB_NAME`     | The database name of ccnet | `ccnet_db`  |
+    | `SEAFILE_MYSQL_DB_SEAFILE_DB_NAME`     | The database name of seafile | `seafile_db`  |
+    | `SEAFILE_MYSQL_DB_SEAHUB_DB_NAME`     | The database name of seahub | `seahub_db`  |
     | `JWT`                           | JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using `pwgen -s 40 1` | (required) |  
     | `SEAFILE_SERVER_HOSTNAME`       | Seafile server hostname or domain                                                                  | (required)  |  
     | `SEAFILE_SERVER_PROTOCOL`       | Seafile server protocol (http or https)                                                                       | `http` |