15308555518/ seafile-admin-docs
1
0
Fork 0
mirror of https://github.com/haiwen/seafile-admin-docs.git synced 2025-12-25 18:22:48 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

feat: add tabs and notes

This commit is contained in:
Junxiang Huang 2024-10-29 15:13:29 +08:00
parent 2b59d5bf76
commit a5364ad34c
61 changed files with 1200 additions and 1149 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manual/administration/backup_recovery.md
View File

@ -79,6 +79,8 @@ mysqldump -h [mysqlhost] -u[username] -p[password] --opt seahub_db > /backup/dat
**SQLite**
!!! warning "SQLite has not supported since Seafile 11.0"
You need to stop Seafile server first before backing up SQLite database.
```
@ -136,6 +138,8 @@ mysql -u[username] -p[password] seahub_db < seahub-db.sql.2013-10-19-16-01-05
**SQLite**
!!! warning "SQLite has not supported since Seafile 11.0"
```
cd /opt/seafile
mv ccnet/PeerMgr/usermgr.db ccnet/PeerMgr/usermgr.db.old

6
manual/administration/seafile_fsck.md
View File

@ -4,7 +4,8 @@ On the server side, Seafile stores the files in the libraries in an internal for
With default installation, these internal objects are stored in the server's file system directly (such as Ext4, NTFS). But most file systems don't assure the integrity of file contents after a hard shutdown or system crash. So if new Seafile internal objects are being written when the system crashes, they can be corrupt after the system reboots. This will make part of the corresponding library not accessible.
Note: If you store the seafile-data directory in a battery-backed NAS (like EMC or NetApp), or use S3 backend available in the Pro edition, the internal objects won't be corrupt.
!!! warning
If you store the seafile-data directory in a battery-backed NAS (like EMC or NetApp), or use S3 backend available in the Pro edition, the internal objects won't be corrupt.
We provide a seaf-fsck.sh script to check the integrity of libraries. The seaf-fsck tool accepts the following arguments:
@ -67,7 +68,8 @@ Sometimes you can see output like the following:
This means the "head commit" (current state of the library) recorded in database is not consistent with the library data. In such case, fsck will try to find the last consistent state and check the integrity in that state.
Tips: **If you have many libraries, it's helpful to save the fsck output into a log file for later analysis.**
!!! tip
If you have many libraries, it's helpful to save the fsck output into a log file for later analysis.
## Repairing Corruption

10
manual/administration/seafile_gc.md
View File

@ -66,7 +66,9 @@ repo-id3
If you give specific library ids, only those libraries will be checked; otherwise all libraries will be checked.
Notice that at the end of the output there is a "repos have blocks to be removed" section. It contains the list of libraries that have garbage blocks. Later when you run GC without --dry-run option, you can use these libraris ids as input arguments to GC program.
!!! note "repos have blocks to be removed"
Notice that at the end of the output there is a "repos have blocks to be removed" section. It contains the list of libraries that have garbage blocks. Later when you run GC without --dry-run option, you can use these libraris ids as input arguments to GC program.
### Removing Garbage
@ -86,7 +88,8 @@ seaf-gc.sh -r
```
**Libraries deleted by the users are not immediately removed from the system. Instead, they're moved into a "trash" in the system admin page. Before they're cleared from the trash, their blocks won't be garbage collected.**
!!! success
Libraries deleted by the users are not immediately removed from the system. Instead, they're moved into a "trash" in the system admin page. Before they're cleared from the trash, their blocks won't be garbage collected.
### Removing FS objects
@ -97,7 +100,8 @@ seaf-gc.sh --rm-fs
```
Note: This command has bug before Pro Edition 10.0.15 and Community Edition 11.0.7. It could cause virtual libraries (e.g. shared folders) failing to merge into their parent libraries. Please avoid using this option in the affected versions. Please contact our support team if you are affected by this bug.
!!! danger "Bug reports"
This command has bug before Pro Edition 10.0.15 and Community Edition 11.0.7. It could cause virtual libraries (e.g. shared folders) failing to merge into their parent libraries. Please avoid using this option in the affected versions. Please contact our support team if you are affected by this bug.
### Using Multiple Threads in GC

3
manual/config/auth_switch.md
View File

@ -51,7 +51,8 @@ mysql> update EmailUser set passwd = '!' where email = '12ae56789f1e4c8d8e1c3141
mysql> insert into `social_auth_usersocialauth` (`username`, `provider`, `uid`, `extra_data`) values ('12ae56789f1e4c8d8e1c31415867317c@auth.local', 'authentik-oauth', 'HR12345', '');
```
__Note__: The `extra_data` field store user's information returned from the provider. For most providers, the `extra_data` field is usually an empty character. Since version 11.0.3-Pro, the default value of the `extra_data` field is `NULL`.
!!! note
The `extra_data` field store user's information returned from the provider. For most providers, the `extra_data` field is usually an empty character. Since version 11.0.3-Pro, the default value of the `extra_data` field is `NULL`.
Afterwards the databases should look like this:

6
manual/config/auto_login_seadrive.md
View File

@ -32,13 +32,15 @@ Open "Internet Options", select "Security" tab, select "Local Intranet" zone.
1. "Sites" -> "Advanced" -> "Add this website to zone". This is the place where we fill the address (e.g. http://test.seafile.com)
2. "Security level for this zone" -> "Custom level..." -> "Automatic log-on with current username and password".
Note: Above configuration requires a reboot to take effect.
!!! note
Above configuration requires a reboot to take effect.
![grafik](../images/internet-explorer.png)
Next, we shall test the auto login function on Internet Explorer: visit the website and click "Single Sign-On" link. It should be able to log in directly, otherwise the auto login is malfunctioned.
Note: The address in the test must be same as the address specified in the keytab file. Otherwise, the client machine can't get a valid ticket from Kerberos.
!!! note
The address in the test must be same as the address specified in the keytab file. Otherwise, the client machine can't get a valid ticket from Kerberos.
## Auto Login on SeaDrive

5
manual/config/ccnet-conf.md
View File

@ -1,7 +1,10 @@
# ccnet.conf
Ccnet is the internal RPC framework used by Seafile server and also manages the user database. A few useful options are in ccnet.conf. Ccnet component is merged into seaf-server in version 7.1, but the configuration file are still needed.
Ccnet is the internal RPC framework used by Seafile server and also manages the user database. A few useful options are in ccnet.conf.
!!! note
Ccnet component is merged into seaf-server in version 7.1, but the configuration file are still needed
## Changing MySQL Connection Pool Size

3
manual/config/details_about_file_search.md
View File

@ -94,7 +94,8 @@ repo_status_index_name = your-repo-status-index-name # default is `repo_head`
repo_files_index_name = your-repo-files-index-name # default is `repofiles`
```
**NOTE**: The version of the Python third-party package `elasticsearch` cannot be greater than 7.14.0, otherwise the elasticsearch service cannot be accessed: <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/samplecode.html#client-compatibility>, <https://github.com/elastic/elasticsearch-py/pull/1623>.
!!! note
The version of the Python third-party package `elasticsearch` cannot be greater than 7.14.0, otherwise the elasticsearch service cannot be accessed: <https://docs.aws.amazon.com/opensearch-service/latest/developerguide/samplecode.html#client-compatibility>, <https://github.com/elastic/elasticsearch-py/pull/1623>.
### I get no result when I search a keyword

31
manual/config/ldap_in_11.0_ce.md
View File

@ -1,6 +1,6 @@
# Configure Seafile to use LDAP
Note: This documentation is for the Community Edition. If you're using Pro Edition, please refer to [the Seafile Pro documentation](./ldap_in_11.0_pro.md).
!!! note "This documentation is for the Community Edition. If you're using Pro Edition, please refer to [the Seafile Pro documentation](./ldap_in_11.0_pro.md)"
## How does LDAP User Management work in Seafile
@ -19,7 +19,7 @@ The only requirement for Seafile to use LDAP for authentication is that there mu
- Email address: this is the most common choice. Most organizations assign unique email address for each member.
- UserPrincipalName: this is a user attribute only available in Active Directory. It's format is `user-login-name@domain-name`, e.g. `john@example.com`. It's not a real email address, but it works fine as the unique identifier.
Note, the identifier is stored in table `social_auth_usersocialauth` to map the identifier to internal user ID in Seafile. When this ID is changed in LDAP for a user, you only need to update `social_auth_usersocialauth` table.
!!! note "The identifier is stored in table `social_auth_usersocialauth` to map the identifier to internal user ID in Seafile. When this ID is changed in LDAP for a user, you only need to update `social_auth_usersocialauth` table"
### Basic configuration items
@ -44,19 +44,20 @@ LDAP_FILTER = 'memberOf=CN=testgroup,OU=test,DC=seafile,DC=ren'
Meaning of some options:
* **LDAP_SERVER_URL:** The URL of LDAP server
* **LDAP_BASE_DN:**The root node of users who can log in to Seafile in the LDAP server
* **LDAP_ADMIN_DN:** DN of the administrator used to query the LDAP server for information. For OpenLDAP, it maybe `cn=admin,dc=example,dc=com`
* **LDAP_ADMIN_PASSWORD:** Password of LDAP_ADMIN_DN
* **LDAP_PROVIDER:** Identify the source of the user, used in the table social_auth_usersocialauth, defaults by 'ldap'
* **LDAP_LOGIN_ATTR:** User's attribute used to log in to Seafile. It should be a unique identifier for the user in LDAP server. Learn more about this id from the descriptions at begining of this section.
* **LDAP_CONTACT_EMAIL_ATTR:** LDAP user's contact_email attribute
* **LDAP_USER_ROLE_ATTR:** LDAP user's role attribute
* **LDAP_USER_FIRST_NAME_ATTR**: Attribute for user's first name. It's "givenName" by default.
* **LDAP_USER_LAST_NAME_ATTR**: Attribute for user's last name. It's "sn" by default.
* **LDAP_USER_NAME_REVERSE**: In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it.
* **LDAP_FILTER:** Additioinal filter conditions. Users who meet the filter conditions can log in , otherwise they cannot log in.
| variable | description |
|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `LDAP_SERVER_URL` | The URL of LDAP server |
| `LDAP_BASE_DN` | The root node of users who can log in to Seafile in the LDAP server |
| `LDAP_ADMIN_DN` | DN of the administrator used to query the LDAP server for information. For OpenLDAP, it may be `cn=admin,dc=example,dc=com` |
| `LDAP_ADMIN_PASSWORD` | Password of `LDAP_ADMIN_DN` |
| `LDAP_PROVIDER` | Identify the source of the user, used in the table `social_auth_usersocialauth`, defaults to 'ldap' |
| `LDAP_LOGIN_ATTR` | User's attribute used to log in to Seafile. It should be a unique identifier for the user in LDAP server. Learn more about this id from the descriptions at the beginning of this section. |
| `LDAP_CONTACT_EMAIL_ATTR` | LDAP user's `contact_email` attribute |
| `LDAP_USER_ROLE_ATTR` | LDAP user's role attribute |
| `LDAP_USER_FIRST_NAME_ATTR` | Attribute for user's first name. It's `"givenName"` by default. |
| `LDAP_USER_LAST_NAME_ATTR` | Attribute for user's last name. It's `"sn"` by default. |
| `LDAP_USER_NAME_REVERSE` | In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it. |
| `LDAP_FILTER` | Additional filter conditions. Users who meet the filter conditions can log in, otherwise they cannot log in. |
Tips for choosing `LDAP_BASE_DN` and `LDAP_ADMIN_DN`:

118
manual/config/ldap_in_11.0_pro.md
View File

@ -17,7 +17,7 @@ The only requirement for Seafile to use LDAP for authentication is that there mu
- Email address: this is the most common choice. Most organizations assign unique email address for each member.
- UserPrincipalName: this is a user attribute only available in Active Directory. It's format is `user-login-name@domain-name`, e.g. `john@example.com`. It's not a real email address, but it works fine as the unique identifier.
Note, the identifier is stored in table `social_auth_usersocialauth` to map the identifier to internal user ID in Seafile. When this ID is changed in LDAP for a user, you only need to update `social_auth_usersocialauth` table.
!!! note "The identifier is stored in table `social_auth_usersocialauth` to map the identifier to internal user ID in Seafile. When this ID is changed in LDAP for a user, you only need to update `social_auth_usersocialauth` table"
### Integration Configuration
@ -41,19 +41,20 @@ LDAP_FILTER = 'memberOf=CN=testgroup,OU=test,DC=seafile,DC=ren'
Meaning of some options:
* **LDAP_SERVER_URL:** The URL of LDAP server
* **LDAP_BASE_DN:**The root node of users who can log in to Seafile in the LDAP server
* **LDAP_ADMIN_DN:** DN of the administrator used to query the LDAP server for information. For OpenLDAP, it maybe `cn=admin,dc=example,dc=com`
* **LDAP_ADMIN_PASSWORD:** Password of LDAP_ADMIN_DN
* **LDAP_PROVIDER:** Identify the source of the user, used in the table social_auth_usersocialauth, defaults by 'ldap'
* **LDAP_LOGIN_ATTR:** User's attribute used to log in to Seafile. It should be a unique identifier for the user in LDAP server. Learn more about this id from the descriptions at begining of this section.
* **LDAP_CONTACT_EMAIL_ATTR:** LDAP user's contact_email attribute. It will be stored as a user's contact email in Seafile.
* **LDAP_USER_ROLE_ATTR:** LDAP user's role attribute
* **LDAP_USER_FIRST_NAME_ATTR**: Attribute for user's first name. It's "givenName" by default.
* **LDAP_USER_LAST_NAME_ATTR**: Attribute for user's last name. It's "sn" by default.
* **LDAP_USER_NAME_REVERSE**: In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it.
* **LDAP_FILTER:** Additioinal filter conditions. Users who meet the filter conditions can log in , otherwise they cannot log in.
| variable | description |
|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `LDAP_SERVER_URL` | The URL of LDAP server |
| `LDAP_BASE_DN` | The root node of users who can log in to Seafile in the LDAP server |
| `LDAP_ADMIN_DN` | DN of the administrator used to query the LDAP server for information. For OpenLDAP, it may be `cn=admin,dc=example,dc=com` |
| `LDAP_ADMIN_PASSWORD` | Password of `LDAP_ADMIN_DN` |
| `LDAP_PROVIDER` | Identify the source of the user, used in the table `social_auth_usersocialauth`, defaults to 'ldap' |
| `LDAP_LOGIN_ATTR` | User's attribute used to log in to Seafile. It should be a unique identifier for the user in LDAP server. Learn more about this id from the descriptions at the beginning of this section. |
| `LDAP_CONTACT_EMAIL_ATTR` | LDAP user's `contact_email` attribute |
| `LDAP_USER_ROLE_ATTR` | LDAP user's role attribute |
| `LDAP_USER_FIRST_NAME_ATTR` | Attribute for user's first name. It's `"givenName"` by default. |
| `LDAP_USER_LAST_NAME_ATTR` | Attribute for user's last name. It's `"sn"` by default. |
| `LDAP_USER_NAME_REVERSE` | In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it. |
| `LDAP_FILTER` | Additional filter conditions. Users who meet the filter conditions can log in, otherwise they cannot log in. |
Tips for choosing `LDAP_BASE_DN` and `LDAP_ADMIN_DN`:
@ -99,19 +100,19 @@ ENABLE_EXTRA_USER_INFO_SYNC = True
Meaning of some options:
* **LDAP_SYNC_INTERVAL**: The interval to sync. Unit is minutes. Defaults to 60 minutes.
* **ENABLE_LDAP_USER_SYNC**: set to "true" if you want to enable ldap user synchronization
* **LDAP_USER_OBJECT_CLASS**: This is the name of the class used to search for user objects. In Active Directory, it's usually "person". The default value is "person".
* **LDAP_DEPT_ATTR**: Attribute for depatment info.
* **LDAP_UID_ATTR**: Attribute for Windows login name. If this is synchronized, users can also log in with their Windows login name. In AD, the attribute `sAMAccountName` can be used as `UID_ATTR`. The attribute will be stored as login_id in Seafile (in seahub_db.profile_profile table).
* **LDAP_AUTO_REACTIVATE_USERS**: Whether to auto activate deactivated user, default by 'true'
* **LDAP_USE_PAGED_RESULT:** Whether to use pagination extension.It is useful when you have more than 1000 users in LDAP server.
* **IMPORT_NEW_USER:** Whether to import new users when sync user.
* **ACTIVE_USER_WHEN_IMPORT:** Whether to activate the user automatically when imported.
* **DEACTIVE_USER_IF_NOTFOUND**: set to "true" if you want to deactivate a user when he/she was deleted in AD server.
* **ENABLE_EXTRA_USER_INFO_SYNC**: Enable synchronization of additional user information, including user's full name, department, and Windows login name, etc.
| Variable | Description |
| --- | ------ |
| **LDAP_SYNC_INTERVAL** | The interval to sync. Unit is minutes. Defaults to 60 minutes. |
| **ENABLE_LDAP_USER_SYNC** | set to "true" if you want to enable ldap user synchronization |
| **LDAP_USER_OBJECT_CLASS** | This is the name of the class used to search for user objects. In Active Directory, it's usually "person". The default value is "person". |
| **LDAP_DEPT_ATTR** | Attribute for department info. |
| **LDAP_UID_ATTR** | Attribute for Windows login name. If this is synchronized, users can also log in with their Windows login name. In AD, the attribute `sAMAccountName` can be used as `UID_ATTR`. The attribute will be stored as login_id in Seafile (in seahub_db.profile_profile table). |
| **LDAP_AUTO_REACTIVATE_USERS** | Whether to auto activate deactivated user, default by 'true' |
| **LDAP_USE_PAGED_RESULT** | Whether to use pagination extension. It is useful when you have more than 1000 users in LDAP server. |
| **IMPORT_NEW_USER** | Whether to import new users when sync user. |
| **ACTIVE_USER_WHEN_IMPORT** | Whether to activate the user automatically when imported. |
| **DEACTIVE_USER_IF_NOTFOUND** | set to "true" if you want to deactivate a user when he/she was deleted in AD server. |
| **ENABLE_EXTRA_USER_INFO_SYNC**| Enable synchronization of additional user information, including user's full name, department, and Windows login name, etc. |
### Importing Users without Activating Them
@ -207,24 +208,26 @@ LDAP_DEPT_NAME_ATTR = '' # Used to get the department name.
Meaning of some options:
* **ENABLE_LDAP_GROUP_SYNC:** Whether to enable group sync.
* **LDAP_GROUP_OBJECT_CLASS**: This is the name of the class used to search for group objects.
* **LDAP_GROUP_MEMBER_ATTR:** The attribute field to use when loading the group's members. For most directory servers, the attributes is "member" which is the default value.For "posixGroup", it should be set to "memberUid".
* **LDAP_USER_ATTR_IN_MEMBERUID**: The user attribute set in 'memberUid' option, which is used in "posixGroup".The default value is "uid".
* **LDAP_GROUP_UUID_ATTR**: Used to uniquely identify groups in LDAP
* **LDAP_GROUP_FILTER**: An additional filter to use when searching group objects. If it's set, the final filter used to run search is `(&(objectClass=GROUP_OBJECT_CLASS)(GROUP_FILTER))`; otherwise the final filter would be `(objectClass=GROUP_OBJECT_CLASS)`.
* **LDAP_USER_GROUP_MEMBER_RANGE_QUERY:** When a group contains too many members, AD will only return part of them. Set this option to TRUE to make LDAP sync work with large groups.
* **DEL_GROUP_IF_NOT_FOUND:** Set to "true", sync process will delete the group if not found it in LDAP server.
* **LDAP_SYNC_GROUP_AS_DEPARTMENT:** Whether to sync groups as top-level departments in Seafile. Learn more about departments in Seafile [here](https://help.seafile.com/sharing_collaboration/departments/).
* **LDAP_DEPT_NAME_ATTR:** Used to get the department name.
| variable | description |
|------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| ENABLE_LDAP_GROUP_SYNC | Whether to enable group sync. |
| LDAP_GROUP_OBJECT_CLASS | This is the name of the class used to search for group objects. |
| LDAP_GROUP_MEMBER_ATTR | The attribute field to use when loading the group's members. For most directory servers, the attribute is "member" which is the default value. For "posixGroup", it should be set to "memberUid". |
| LDAP_USER_ATTR_IN_MEMBERUID | The user attribute set in 'memberUid' option, which is used in "posixGroup". The default value is "uid". |
| LDAP_GROUP_UUID_ATTR | Used to uniquely identify groups in LDAP. |
| LDAP_GROUP_FILTER | An additional filter to use when searching group objects. If it's set, the final filter used to run search is `(&(objectClass=GROUP_OBJECT_CLASS)(GROUP_FILTER))`; otherwise the final filter would be `(objectClass=GROUP_OBJECT_CLASS)`. |
| LDAP_USER_GROUP_MEMBER_RANGE_QUERY | When a group contains too many members, AD will only return part of them. Set this option to TRUE to make LDAP sync work with large groups. |
| DEL_GROUP_IF_NOT_FOUND | Set to "true", sync process will delete the group if not found in the LDAP server. |
| LDAP_SYNC_GROUP_AS_DEPARTMENT | Whether to sync groups as top-level departments in Seafile. Learn more about departments in Seafile [here](https://help.seafile.com/sharing_collaboration/departments/). |
| LDAP_DEPT_NAME_ATTR | Used to get the department name. |
**Note**:
!!! tip
* The search base for groups is the option `LDAP_BASE_DN`.
* The search base for groups is the option `LDAP_BASE_DN`.
* Some LDAP server, such as Active Directory, allows a group to be a member of another group. This is called "group nesting". If we find a nested group B in group A, we should recursively add all the members from group B into group A. And group B should still be imported a separate group. That is, all members of group B are also members in group A.
* Some LDAP server, such as Active Directory, allows a group to be a member of another group. This is called "group nesting". If we find a nested group B in group A, we should recursively add all the members from group B into group A. And group B should still be imported a separate group. That is, all members of group B are also members in group A.
* In some LDAP server, such as OpenLDAP, it's common practice to use Posix groups to store group membership. To import Posix groups as Seafile groups, set `LDAP_GROUP_OBJECT_CLASS` option to `posixGroup`. A `posixGroup` object in LDAP usually contains a multi-value attribute for the list of member UIDs. The name of this attribute can be set with the `LDAP_GROUP_MEMBER_ATTR` option. It's `MemberUid` by default. The value of the `MemberUid` attribute is an ID that can be used to identify a user, which corresponds to an attribute in the user object. The name of this ID attribute is usually `uid`, but can be set via the `LDAP_USER_ATTR_IN_MEMBERUID` option. Note that `posixGroup` doesn't support nested groups.
* In some LDAP server, such as OpenLDAP, it's common practice to use Posix groups to store group membership. To import Posix groups as Seafile groups, set `LDAP_GROUP_OBJECT_CLASS` option to `posixGroup`. A `posixGroup` object in LDAP usually contains a multi-value attribute for the list of member UIDs. The name of this attribute can be set with the `LDAP_GROUP_MEMBER_ATTR` option. It's `MemberUid` by default. The value of the `MemberUid` attribute is an ID that can be used to identify a user, which corresponds to an attribute in the user object. The name of this ID attribute is usually `uid`, but can be set via the `LDAP_USER_ATTR_IN_MEMBERUID` option. Note that `posixGroup` doesn't support nested groups.
### Sync OU as Departments
@ -308,7 +311,7 @@ LDAP_FILTER = 'memberOf=CN=group,CN=developers,DC=example,DC=com'
The final search filter would be `(&(mail=*)(memberOf=CN=group,CN=developers,DC=example,DC=com))`
Note that the case of attribute names in the above example is significant. The `memberOf` attribute is only available in Active Directory.
!!! note "The case of attribute names in the above example is significant. The `memberOf` attribute is only available in Active Directory"
### Limiting Seafile Users to a Group in Active Directory
@ -407,30 +410,31 @@ MULTI_LDAP_1_DEPT_NAME_ATTR = ''
......
```
**Note**: There are still some shared config options are used for all LDAP servers, as follows:
!!! note:
There are still some shared config options are used for all LDAP servers, as follows:
```python
# Common user sync options
LDAP_SYNC_INTERVAL = 60
IMPORT_NEW_USER = True # Whether to import new users when sync user
ACTIVATE_USER_WHEN_IMPORT = True # Whether to activate the user when importing new user
DEACTIVE_USER_IF_NOTFOUND = False # Set to "true" if you want to deactivate a user
# when he/she was deleted in AD server.
```python
# Common user sync options
LDAP_SYNC_INTERVAL = 60
IMPORT_NEW_USER = True # Whether to import new users when sync user
ACTIVATE_USER_WHEN_IMPORT = True # Whether to activate the user when importing new user
DEACTIVE_USER_IF_NOTFOUND = False # Set to "true" if you want to deactivate a user
# when he/she was deleted in AD server.
# Common group sync options
DEL_GROUP_IF_NOT_FOUND = False # Set to "true", sync process will delete the group if not found it in LDAP server.
DEL_DEPARTMENT_IF_NOT_FOUND = False # Set to "true", sync process will deleted the department if not found it in LDAP server.
```
# Common group sync options
DEL_GROUP_IF_NOT_FOUND = False # Set to "true", sync process will delete the group if not found it in LDAP server.
DEL_DEPARTMENT_IF_NOT_FOUND = False # Set to "true", sync process will deleted the department if not found it in LDAP server.
```
### SSO and LDAP users use the same uid
If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set `SSO_LDAP_USE_SAME_UID = True`:
If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set
```python
SSO_LDAP_USE_SAME_UID = True
```
Note, here the UID means the unique user ID, in LDAP it is the attribute you use for `LDAP_LOGIN_ATTR` (not `LDAP_UID_ATTR`), in ADFS it is `uid` attribute. You need make sure you use the same attribute for the two settings.
!!! note "Here the UID means the unique user ID, in LDAP it is the attribute you use for `LDAP_LOGIN_ATTR` (not `LDAP_UID_ATTR`), in ADFS it is `uid` attribute. You need make sure you use the same attribute for the two settings"
## Importing Roles from LDAP
@ -471,6 +475,6 @@ def ldap_role_list_mapping(role_list):
return 'Manager'
```
Note: You should only define one of the two functions.
!!! tip "You should only define one of the two functions"
You can rewrite the function (in python) to make your own mapping rules. If the file or function doesn't exist, the first entry in role_list will be synced.

39
manual/config/multi_institutions.md
View File

@ -6,33 +6,20 @@ Starting from version 5.1, you can add institutions into Seafile and assign user
In `seahub_settings.py`, add `MULTI_INSTITUTION = True` to enable multi-institution feature. And add
```
# for 7.1.22 or older
EXTRA_MIDDLEWARE_CLASSES += (
'seahub.institutions.middleware.InstitutionMiddleware',
)
=== "Seafile 7.1.22 or older"
```py
EXTRA_MIDDLEWARE_CLASSES += (
'seahub.institutions.middleware.InstitutionMiddleware',
)
```
=== "Seafile 8.0.0 or newer"
```py
EXTRA_MIDDLEWARE += (
'seahub.institutions.middleware.InstitutionMiddleware',
)
```
# for 8.0.0 or newer
EXTRA_MIDDLEWARE += (
'seahub.institutions.middleware.InstitutionMiddleware',
)
```
or
```
# for 7.1.22 or older
EXTRA_MIDDLEWARE_CLASSES = (
'seahub.institutions.middleware.InstitutionMiddleware',
)
# for 8.0.0 or newer
EXTRA_MIDDLEWARE = (
'seahub.institutions.middleware.InstitutionMiddleware',
)
```
if `EXTRA_MIDDLEWARE_CLASSES` or `EXTRA_MIDDLEWARE` is not defined.
!!! tip "Please replease `+=` to `=` if `EXTRA_MIDDLEWARE_CLASSES` or `EXTRA_MIDDLEWARE` is not defined"
## Add institutions and institution admins

28
manual/config/multi_tenancy.md
View File

@ -65,7 +65,7 @@ $ cd /opt/seafile/seahub-data/certs
$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout sp.key -out sp.crt
```
__Note__: The `days` option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly.
!!! tip "The `days` option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly"
**Finally**, add the following configuration to seahub_settings.py and then restart Seafile:
@ -79,23 +79,23 @@ SAML_ATTRIBUTE_MAPPING = {
}
```
__Note__: If the xmlsec1 binary is **not located in** `/usr/bin/xmlsec1`, you need to add the following configuration in seahub_settings.py:
!!! note
- If the xmlsec1 binary is **not located in** `/usr/bin/xmlsec1`, you need to add the following configuration in seahub_settings.py:
```python
SAML_XMLSEC_BINARY_PATH = '/path/to/xmlsec1'
```
```python
SAML_XMLSEC_BINARY_PATH = '/path/to/xmlsec1'
```
View where the xmlsec1 binary is located:
View where the xmlsec1 binary is located:
```
$ which xmlsec1
```
```
$ which xmlsec1
```
- If certificates are **not placed in** `/opt/seafile/seahub-data/certs`, you need to add the following configuration in seahub_settings.py:
__Note__: If certificates are **not placed in** `/opt/seafile/seahub-data/certs`, you need to add the following configuration in seahub_settings.py:
```python
SAML_CERTS_DIR = '/path/to/certs'
```
```python
SAML_CERTS_DIR = '/path/to/certs'
```
### Integration with ADFS/SAML single sign-on

231
manual/config/oauth.md
View File

@ -47,156 +47,155 @@ OAUTH_ATTRIBUTE_MAP = {
}
```
NOTE: There are some more explanations about the settings.
!!! tip "There are some more explanations about the settings"
**OAUTH_PROVIDER / OAUTH_PROVIDER_DOMAIN**
**OAUTH_PROVIDER / OAUTH_PROVIDER_DOMAIN**
`OAUTH_PROVIDER_DOMAIN` will be deprecated, and it can be replaced by `OAUTH_PROVIDER`. This variable is used in the database to identify third-party providers, either as a domain or as an easy-to-remember string less than 32 characters.
`OAUTH_PROVIDER_DOMAIN` will be deprecated, and it can be replaced by `OAUTH_PROVIDER`. This variable is used in the database to identify third-party providers, either as a domain or as an easy-to-remember string less than 32 characters.
**OAUTH_ATTRIBUTE_MAP**
**OAUTH_ATTRIBUTE_MAP**
This variables describes which claims from the response of the user info endpoint are to be filled into which attributes of the new Seafile user. The format is showing like below:
This variables describes which claims from the response of the user info endpoint are to be filled into which attributes of the new Seafile user. The format is showing like below:
```python
OAUTH_ATTRIBUTE_MAP = {
<:Attribute in the OAuth provider>: (<:Is required or not in Seafile?>, <:Attribute in Seafile >)
}
```
```python
OAUTH_ATTRIBUTE_MAP = {
<:Attribute in the OAuth provider>: (<:Is required or not in Seafile?>, <:Attribute in Seafile >)
}
```
If the remote resource server, like Github, uses email to identify an unique user too, Seafile will use Github id directorily, the OAUTH_ATTRIBUTE_MAP setting for Github should be like this:
If the remote resource server, like Github, uses email to identify an unique user too, Seafile will use Github id directorily, the OAUTH_ATTRIBUTE_MAP setting for Github should be like this:
```python
OAUTH_ATTRIBUTE_MAP = {
"id": (True, "email"), # it is deprecated
"uid / id / username": (True, "uid")
```python
OAUTH_ATTRIBUTE_MAP = {
"id": (True, "email"), # it is deprecated
"uid / id / username": (True, "uid")
# extra infos you want to update to Seafile
"name": (False, "name"),
"email": (False, "contact_email"),
}
```
# extra infos you want to update to Seafile
"name": (False, "name"),
"email": (False, "contact_email"),
}
```
The key part `id` stands for an unique identifier of user in Github, this tells Seafile which attribute remote resoure server uses to indentify its user. The value part `True` stands for if this field is mandatory by Seafile.
The key part `id` stands for an unique identifier of user in Github, this tells Seafile which attribute remote resoure server uses to indentify its user. The value part `True` stands for if this field is mandatory by Seafile.
Since 11.0 version, Seafile use `uid` as the external unique identifier of the user. It stores `uid` in table `social_auth_usersocialauth` and map it to internal unique identifier used in Seafile. Different OAuth systems have different attributes, which may be: `id` or `uid` or `username`, etc. And the id/email config `id: (True, email)` is deprecated.
Since 11.0 version, Seafile use `uid` as the external unique identifier of the user. It stores `uid` in table `social_auth_usersocialauth` and map it to internal unique identifier used in Seafile. Different OAuth systems have different attributes, which may be: `id` or `uid` or `username`, etc. And the id/email config `id: (True, email)` is deprecated.
If you upgrade from a version below 11.0, you need to have both fields configured, i.e., you configuration should be like:
If you upgrade from a version below 11.0, you need to have both fields configured, i.e., you configuration should be like:
```python
OAUTH_ATTRIBUTE_MAP = {
"id": (True, "email"),
"uid": (True, "uid") ,
"name": (False, "name"),
"email": (False, "contact_email"),
}
```
```python
OAUTH_ATTRIBUTE_MAP = {
"id": (True, "email"),
"uid": (True, "uid") ,
"name": (False, "name"),
"email": (False, "contact_email"),
}
```
In this way, when a user login, Seafile will first use "id -> email" map to find the old user and then create "uid -> uid" map for this old user. After all users login once, you can delete the configuration `"id": (True, "email")`.
In this way, when a user login, Seafile will first use "id -> email" map to find the old user and then create "uid -> uid" map for this old user. After all users login once, you can delete the configuration `"id": (True, "email")`.
If you use a newly deployed 11.0 Seafile instance, you don't need the `"id": (True, "email")` item. Your configuration should be like:
If you use a newly deployed 11.0 Seafile instance, you don't need the `"id": (True, "email")` item. Your configuration should be like:
```python
OAUTH_ATTRIBUTE_MAP = {
"uid": (True, "uid") ,
"name": (False, "name"),
"email": (False, "contact_email"),
}
```
```python
OAUTH_ATTRIBUTE_MAP = {
"uid": (True, "uid") ,
"name": (False, "name"),
"email": (False, "contact_email"),
}
```
#### Sample settings for Google
#### Sample settings
```python
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = True
=== "Google"
OAUTH_CLIENT_ID = "your-client-id"
OAUTH_CLIENT_SECRET = "your-client-secret"
OAUTH_REDIRECT_URL = 'http{s}://example.com/oauth/callback/'
```python
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = True
# The following shoud NOT be changed if you are using Google as OAuth provider.
OAUTH_PROVIDER_DOMAIN = 'google.com'
OAUTH_AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth'
OAUTH_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token'
OAUTH_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v1/userinfo'
OAUTH_SCOPE = [
"openid",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
]
OAUTH_ATTRIBUTE_MAP = {
"sub": (True, "uid"),
"name": (False, "name"),
"email": (False, "contact_email"),
}
```
OAUTH_CLIENT_ID = "your-client-id"
OAUTH_CLIENT_SECRET = "your-client-secret"
OAUTH_REDIRECT_URL = 'http{s}://example.com/oauth/callback/'
#### Sample settings for Github
# The following shoud NOT be changed if you are using Google as OAuth provider.
OAUTH_PROVIDER_DOMAIN = 'google.com'
OAUTH_AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth'
OAUTH_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token'
OAUTH_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v1/userinfo'
OAUTH_SCOPE = [
"openid",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile",
]
OAUTH_ATTRIBUTE_MAP = {
"sub": (True, "uid"),
"name": (False, "name"),
"email": (False, "contact_email"),
}
```
=== "Github"
For Github, `email` is not the unique identifier for an user, but `id` is in most cases, so we use `id` as settings example in our manual. As Seafile uses email to identify an unique user account for now, so we combine `id` and `OAUTH_PROVIDER_DOMAIN`, which is github.com in your case, to an email format string and then create this account if not exist. Change the setting as followings:
For Github, `email` is not the unique identifier for an user, but `id` is in most cases, so we use `id` as settings example in our manual. As Seafile uses email to identify an unique user account for now, so we combine `id` and `OAUTH_PROVIDER_DOMAIN`, which is github.com in your case, to an email format string and then create this account if not exist. Change the setting as followings:
```python
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = True
```python
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = True
OAUTH_CLIENT_ID = "your-client-id"
OAUTH_CLIENT_SECRET = "your-client-secret"
OAUTH_REDIRECT_URL = 'http{s}://example.com/oauth/callback/'
OAUTH_CLIENT_ID = "your-client-id"
OAUTH_CLIENT_SECRET = "your-client-secret"
OAUTH_REDIRECT_URL = 'http{s}://example.com/oauth/callback/'
OAUTH_PROVIDER_DOMAIN = 'github.com'
OAUTH_AUTHORIZATION_URL = 'https://github.com/login/oauth/authorize'
OAUTH_TOKEN_URL = 'https://github.com/login/oauth/access_token'
OAUTH_USER_INFO_URL = 'https://api.github.com/user'
OAUTH_SCOPE = ["user",]
OAUTH_ATTRIBUTE_MAP = {
"id": (True, 'uid'),
"email": (False, "contact_email"),
"name": (False, "name"),
}
```
OAUTH_PROVIDER_DOMAIN = 'github.com'
OAUTH_AUTHORIZATION_URL = 'https://github.com/login/oauth/authorize'
OAUTH_TOKEN_URL = 'https://github.com/login/oauth/access_token'
OAUTH_USER_INFO_URL = 'https://api.github.com/user'
OAUTH_SCOPE = ["user",]
OAUTH_ATTRIBUTE_MAP = {
"id": (True, 'uid'),
"email": (False, "contact_email"),
"name": (False, "name"),
}
```
=== "GitLab"
#### Sample settings for GitLab
To enable OAuth via GitLab. Create an application in GitLab (under Admin area->Applications).
To enable OAuth via GitLab. Create an application in GitLab (under Admin area->Applications).
Fill in required fields:
Fill in required fields:
- Name: a name you specify
- Name: a name you specify
- Redirect URI: The callback url see below `OAUTH_REDIRECT_URL`
- Redirect URI: The callback url see below `OAUTH_REDIRECT_URL`
- Trusted: Skip confirmation dialog page. Select this to *not* ask the user if he wants to authorize seafile to receive access to his/her account data.
- Trusted: Skip confirmation dialog page. Select this to *not* ask the user if he wants to authorize seafile to receive access to his/her account data.
- Scopes: Select `openid` and `read_user` in the scopes list.
- Scopes: Select `openid` and `read_user` in the scopes list.
Press submit and copy the client id and secret you receive on the confirmation page and use them in this template for your seahub_settings.py:
Press submit and copy the client id and secret you receive on the confirmation page and use them in this template for your seahub_settings.py:
```python
ENABLE_OAUTH = True
OAUTH_CLIENT_ID = "your-client-id"
OAUTH_CLIENT_SECRET = "your-client-secret"
OAUTH_REDIRECT_URL = "https://your-seafile/oauth/callback/"
```python
ENABLE_OAUTH = True
OAUTH_CLIENT_ID = "your-client-id"
OAUTH_CLIENT_SECRET = "your-client-secret"
OAUTH_REDIRECT_URL = "https://your-seafile/oauth/callback/"
OAUTH_PROVIDER_DOMAIN = 'your-domain'
OAUTH_AUTHORIZATION_URL = 'https://gitlab.your-domain/oauth/authorize'
OAUTH_TOKEN_URL = 'https://gitlab.your-domain/oauth/token'
OAUTH_USER_INFO_URL = 'https://gitlab.your-domain/api/v4/user'
OAUTH_SCOPE = ["openid", "read_user"]
OAUTH_ATTRIBUTE_MAP = {
"email": (True, "uid"),
"name": (False, "name")
}
```
=== "Azure Cloud"
OAUTH_PROVIDER_DOMAIN = 'your-domain'
OAUTH_AUTHORIZATION_URL = 'https://gitlab.your-domain/oauth/authorize'
OAUTH_TOKEN_URL = 'https://gitlab.your-domain/oauth/token'
OAUTH_USER_INFO_URL = 'https://gitlab.your-domain/api/v4/user'
OAUTH_SCOPE = ["openid", "read_user"]
OAUTH_ATTRIBUTE_MAP = {
"email": (True, "uid"),
"name": (False, "name")
}
```
For users of Azure Cloud, as there is no `id` field returned from Azure Cloud's user info endpoint, so we use a special configuration for `OAUTH_ATTRIBUTE_MAP` setting (others are the same as Github/Google):
#### Sample settings for Azure Cloud
```python
OAUTH_ATTRIBUTE_MAP = {
"email": (True, "uid"),
"name": (False, "name")
}
```
For users of Azure Cloud, as there is no `id` field returned from Azure Cloud's user info endpoint, so we use a special configuration for `OAUTH_ATTRIBUTE_MAP` setting (others are the same as Github/Google):
```python
OAUTH_ATTRIBUTE_MAP = {
"email": (True, "uid"),
"name": (False, "name")
}
```
Please see [this tutorial](https://forum.seafile.com/t/oauth-authentification-against-microsoft-office365-azure-cloud/7999) for the complete deployment process of OAuth against Azure Cloud.
Please see [this tutorial](https://forum.seafile.com/t/oauth-authentification-against-microsoft-office365-azure-cloud/7999) for the complete deployment process of OAuth against Azure Cloud.

64
manual/config/ocm.md
View File

@ -4,47 +4,47 @@ From 8.0.0, Seafile supports [OCM protocol](https://rawgit.com/GEANT/OCM-API/v1/
Seafile currently supports sharing between Seafile servers with version greater than 8.0, and sharing from NextCloud to Seafile since 9.0.
*Note that these two functions cannot be enabled at the same time.*
!!! warning "These two functions cannot be enabled at the same time"
## Configuration
### Sharing between Seafile servers
=== "Sharing between Seafile servers"
Add the following configuration to `seahub_settings.py`.
Add the following configuration to `seahub_settings.py`.
```python
# Enable OCM
ENABLE_OCM = True
OCM_PROVIDER_ID = '71687320-6219-47af-82f3-32012707a5ae' # the unique id of this server
OCM_REMOTE_SERVERS = [
{
"server_name": "dev",
"server_url": "https://seafile-domain-1/", # should end with '/'
},
{
"server_name": "download",
"server_url": "https://seafile-domain-2/", # should end with '/'
},
]
```
```python
# Enable OCM
ENABLE_OCM = True
OCM_PROVIDER_ID = '71687320-6219-47af-82f3-32012707a5ae' # the unique id of this server
OCM_REMOTE_SERVERS = [
{
"server_name": "dev",
"server_url": "https://seafile-domain-1/", # should end with '/'
},
{
"server_name": "download",
"server_url": "https://seafile-domain-2/", # should end with '/'
},
]
```
OCM_REMOTE_SERVERS is a list of servers that you allow your users to share libraries with.
OCM_REMOTE_SERVERS is a list of servers that you allow your users to share libraries with.
### Sharing from NextCloud to Seafile
=== "Sharing from NextCloud to Seafile"
Add the following configuration to `seahub_settings.py`.
Add the following configuration to `seahub_settings.py`.
```python
# Enable OCM
ENABLE_OCM_VIA_WEBDAV = True
OCM_PROVIDER_ID = '71687320-6219-47af-82f3-32012707a5ae' # the unique id of this server
OCM_REMOTE_SERVERS = [
{
"server_name": "nextcloud",
"server_url": "https://nextcloud-domain-1/", # should end with '/'
}
]
```
```python
# Enable OCM
ENABLE_OCM_VIA_WEBDAV = True
OCM_PROVIDER_ID = '71687320-6219-47af-82f3-32012707a5ae' # the unique id of this server
OCM_REMOTE_SERVERS = [
{
"server_name": "nextcloud",
"server_url": "https://nextcloud-domain-1/", # should end with '/'
}
]
```
## Usage

2
manual/config/remote_user.md
View File

@ -4,7 +4,7 @@ Starting from 7.0.0, Seafile can integrate with various Single Sign On systems v
After the proxy server (Apache/Nginx) is successfully authenticated, the user information is set to the request header, and Seafile creates and logs in the user based on this information.
Note: Make sure that the proxy server has a corresponding security mechanism to protect against forgery request header attacks.
!!! danger "Make sure that the proxy server has a corresponding security mechanism to protect against forgery request header attacks"
Please add the following settings to `conf/seahub_settings.py` to enable this feature.

16
manual/config/roles_permissions.md
View File

@ -4,7 +4,9 @@ You can add/edit roles and permission for users. A role is just a group of users
`role_quota` is used to set quota for a certain role of users. For example, we can set the quota of employee to 100G by adding `'role_quota': '100g'`, and leave other role of users to the default quota.
`can_add_public_repo` is to set whether a role can create a public library, default is "False". **Note:**The `can_add_public_repo` option will not take effect if you configure global `CLOUD_MODE = True`.
`can_add_public_repo` is to set whether a role can create a public library, default is "False".
!!! warning "The `can_add_public_repo` option will not take effect if you configure global `CLOUD_MODE = True`"
The `storage_ids` permission is used for assigning storage backends to users with specific role. More details can be found in [multiple storage backends](../setup/setup_with_multiple_storage_backends.md).
@ -131,13 +133,15 @@ After restarting, users who have `can_invite_guest` permission will see "Invite
Users can invite a guest user by providing his/her email address, system will email the invite link to the user.
**Tip:** If you want to block certain email addresses for the invitation, you can define a blacklist, e.g.
!!! tip
```
INVITATION_ACCEPTER_BLACKLIST = ["a@a.com", "*@a-a-a.com", r".*@(foo|bar).com", ]
```
If you want to block certain email addresses for the invitation, you can define a blacklist, e.g.
After that, email address "a@a.com", any email address ends with "@a-a-a.com" and any email address ends with "@foo.com" or "@bar.com" will not be allowed.
```
INVITATION_ACCEPTER_BLACKLIST = ["a@a.com", "*@a-a-a.com", r".*@(foo|bar).com", ]
```
After that, email address "a@a.com", any email address ends with "@a-a-a.com" and any email address ends with "@foo.com" or "@bar.com" will not be allowed.
## Add custom roles

190
manual/config/saml2_in_10.0.md
View File

@ -27,164 +27,164 @@ $ cd /opt/seafile/seahub-data/certs
$ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sp.key -out sp.crt
```
__Note__: The `days` option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly.
!!! tip "The `days` option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly"
## Integration with ADFS/SAML single sign-on
### Integration with Microsoft Azure SAML single sign-on app
=== "Microsoft Azure SAML single sign-on app"
If you use Microsoft Azure SAML app to achieve single sign-on, please follow the steps below:
If you use Microsoft Azure SAML app to achieve single sign-on, please follow the steps below:
**First**, add SAML single sign-on app and assign users, refer to: [add an Azure AD SAML application](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal), [create and assign users](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users).
**First**, add SAML single sign-on app and assign users, refer to: [add an Azure AD SAML application](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal), [create and assign users](https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users).
**Second**, setup the _Identifier_, _Reply URL_, and _Sign on URL_ of the SAML app based on your service URL, refer to: [enable single sign-on for saml app](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-setup-sso). The format of the _Identifier_, _Reply URL_, and _Sign on URL_ are: https://example.com/saml2/metadata/, https://example.com/saml2/acs/, https://example.com/, e.g.:
**Second**, setup the _Identifier_, _Reply URL_, and _Sign on URL_ of the SAML app based on your service URL, refer to: [enable single sign-on for saml app](https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-setup-sso). The format of the _Identifier_, _Reply URL_, and _Sign on URL_ are: https://example.com/saml2/metadata/, https://example.com/saml2/acs/, https://example.com/, e.g.:
![](../images/auto-upload/72c7b210-4a91-4e86-ba2e-df5ae0a4a0b0.png)
![](../images/auto-upload/72c7b210-4a91-4e86-ba2e-df5ae0a4a0b0.png)
**Next**, [edit saml attributes & claims](https://learn.microsoft.com/en-us/azure/active-directory/develop/saml-claims-customization). Keep the default attributes & claims of SAML app unchanged, the _uid_ attribute must be added, the _mail_ and _name_ attributes are optional, e.g.:
**Next**, [edit saml attributes & claims](https://learn.microsoft.com/en-us/azure/active-directory/develop/saml-claims-customization). Keep the default attributes & claims of SAML app unchanged, the _uid_ attribute must be added, the _mail_ and _name_ attributes are optional, e.g.:
![](../images/auto-upload/417d-a48a-3e10c46b98f0.png)
![](../images/auto-upload/417d-a48a-3e10c46b98f0.png)
**Next**, download the base64 format SAML app's certificate and rename to idp.crt:
**Next**, download the base64 format SAML app's certificate and rename to idp.crt:
![](../images/auto-upload/0a693563-d511-4c3c-ac30-82a26d10cfab.png)
![](../images/auto-upload/0a693563-d511-4c3c-ac30-82a26d10cfab.png)
and put it under the certs directory(`/opt/seafile/seahub-data/certs`).
and put it under the certs directory(`/opt/seafile/seahub-data/certs`).
**Next**, copy the metadata URL of the SAML app:
**Next**, copy the metadata URL of the SAML app:
![](../images/auto-upload/1426318f-0a61-462d-a514-13768ca0b18c.png)
![](../images/auto-upload/1426318f-0a61-462d-a514-13768ca0b18c.png)
and paste it into the `SAML_REMOTE_METADATA_URL` option in seahub_settings.py, e.g.:
and paste it into the `SAML_REMOTE_METADATA_URL` option in seahub_settings.py, e.g.:
```python
SAML_REMOTE_METADATA_URL = 'https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxx' # copy from SAML app
```
```python
SAML_REMOTE_METADATA_URL = 'https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxx' # copy from SAML app
```
**Next**, add `ENABLE_ADFS_LOGIN`, `LOGIN_REDIRECT_URL` and `SAML_ATTRIBUTE_MAPPING` options to seahub_settings.py, and then restart Seafile, e.g:
**Next**, add `ENABLE_ADFS_LOGIN`, `LOGIN_REDIRECT_URL` and `SAML_ATTRIBUTE_MAPPING` options to seahub_settings.py, and then restart Seafile, e.g:
```python
ENABLE_ADFS_LOGIN = True
LOGIN_REDIRECT_URL = '/saml2/complete/'
SAML_ATTRIBUTE_MAPPING = {
'name': ('display_name', ),
'mail': ('contact_email', ),
'seafile_groups': ('', ), # Optional, set this attribute if you need to synchronize groups/departments.
...
}
SAML_REMOTE_METADATA_URL = 'https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxx' # copy from SAML app
```
```python
ENABLE_ADFS_LOGIN = True
LOGIN_REDIRECT_URL = '/saml2/complete/'
SAML_ATTRIBUTE_MAPPING = {
'name': ('display_name', ),
'mail': ('contact_email', ),
'seafile_groups': ('', ), # Optional, set this attribute if you need to synchronize groups/departments.
...
}
SAML_REMOTE_METADATA_URL = 'https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxx' # copy from SAML app
```
__Note__: If the xmlsec1 binary is **not located in** `/usr/bin/xmlsec1`, you need to add the following configuration in seahub_settings.py:
!!! note
- If the xmlsec1 binary is **not located in** `/usr/bin/xmlsec1`, you need to add the following configuration in seahub_settings.py:
```python
SAML_XMLSEC_BINARY_PATH = '/path/to/xmlsec1'
```
```python
SAML_XMLSEC_BINARY_PATH = '/path/to/xmlsec1'
```
View where the xmlsec1 binary is located:
View where the xmlsec1 binary is located:
```
$ which xmlsec1
```
```
$ which xmlsec1
```
__Note__: If certificates are **not placed in** `/opt/seafile/seahub-data/certs`, you need to add the following configuration in seahub_settings.py:
- If certificates are **not placed in** `/opt/seafile/seahub-data/certs`, you need to add the following configuration in seahub_settings.py:
```python
SAML_CERTS_DIR = '/path/to/certs'
```
```python
SAML_CERTS_DIR = '/path/to/certs'
```
**Finally**, open the browser and enter the Seafile login page, click `Single Sign-On`, and use the user assigned to SAML app to perform a SAML login test.
**Finally**, open the browser and enter the Seafile login page, click `Single Sign-On`, and use the user assigned to SAML app to perform a SAML login test.
=== "On-premise ADFS"
### Integration with on-premise ADFS
If you use Microsoft ADFS to achieve single sign-on, please follow the steps below:
If you use Microsoft ADFS to achieve single sign-on, please follow the steps below:
**First**, please make sure the following preparations are done:
**First**, please make sure the following preparations are done:
1. A Windows Server with [ADFS](https://learn.microsoft.com/en-us/windows-server/identity/active-directory-federation-services) installed. For configuring and installing ADFS you can see [this article](https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm).
1. A Windows Server with [ADFS](https://learn.microsoft.com/en-us/windows-server/identity/active-directory-federation-services) installed. For configuring and installing ADFS you can see [this article](https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm).
2. A valid SSL certificate for ADFS server, and here we use `temp.adfs.com` as the domain name example.
2. A valid SSL certificate for ADFS server, and here we use `temp.adfs.com` as the domain name example.
3. A valid SSL certificate for Seafile server, and here we use `demo.seafile.com` as the domain name example.
3. A valid SSL certificate for Seafile server, and here we use `demo.seafile.com` as the domain name example.
**Second**, download the base64 format certificate and upload it:
**Second**, download the base64 format certificate and upload it:
* Navigate to the _AD FS_ management window. In the left sidebar menu, navigate to **Services** > **Certificates**.
* Navigate to the _AD FS_ management window. In the left sidebar menu, navigate to **Services** > **Certificates**.
* Locate the _Token-signing_ certificate. Right-click the certificate and select **View Certificate**.
* Locate the _Token-signing_ certificate. Right-click the certificate and select **View Certificate**.
![](../images/auto-upload/7a1eead2-272f-40ec-9768-effc1d4f3273.png)
![](../images/auto-upload/7a1eead2-272f-40ec-9768-effc1d4f3273.png)
* In the dialog box, select the **Details** tab.
* In the dialog box, select the **Details** tab.
* Click **Copy to File**.
* Click **Copy to File**.
* In the _Certificate Export Wizard_ that opens, click **Next**.
* In the _Certificate Export Wizard_ that opens, click **Next**.
* Select **Base-64 encoded X.509 (.CER)**, then click **Next**.
* Select **Base-64 encoded X.509 (.CER)**, then click **Next**.
* Named it **idp.crt**, then click **Next**.
* Named it **idp.crt**, then click **Next**.
* Click **Finish** to complete the download.
* Click **Finish** to complete the download.
* And then put it under the certs directory(`/opt/seafile/seahub-data/certs`).
* And then put it under the certs directory(`/opt/seafile/seahub-data/certs`).
**Next**, add the following configurations to seahub_settings.py and then restart Seafile:
**Next**, add the following configurations to seahub_settings.py and then restart Seafile:
```python
ENABLE_ADFS_LOGIN = True
LOGIN_REDIRECT_URL = '/saml2/complete/'
SAML_ATTRIBUTE_MAPPING = {
'name': ('display_name', ),
'mail': ('contact_email', ),
'seafile_groups': ('', ), # Optional, set this attribute if you need to synchronize groups/departments.
...
}
SAML_REMOTE_METADATA_URL = 'https://temp.adfs.com/federationmetadata/2007-06/federationmetadata.xml' # The format of the ADFS federation metadata URL is: `https://{your ADFS domain name}/federationmetadata/2007-06/federationmetadata.xml`
```python
ENABLE_ADFS_LOGIN = True
LOGIN_REDIRECT_URL = '/saml2/complete/'
SAML_ATTRIBUTE_MAPPING = {
'name': ('display_name', ),
'mail': ('contact_email', ),
'seafile_groups': ('', ), # Optional, set this attribute if you need to synchronize groups/departments.
...
}
SAML_REMOTE_METADATA_URL = 'https://temp.adfs.com/federationmetadata/2007-06/federationmetadata.xml' # The format of the ADFS federation metadata URL is: `https://{your ADFS domain name}/federationmetadata/2007-06/federationmetadata.xml`
```
```
**Next**, add [relying party trust](https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-relying-party-trust#to-create-a-claims-aware-relying-party-trust-using-federation-metadata):
**Next**, add [relying party trust](https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/create-a-relying-party-trust#to-create-a-claims-aware-relying-party-trust-using-federation-metadata):
* Log into the ADFS server and open the ADFS management.
* Log into the ADFS server and open the ADFS management.
* Under **Actions**, click **Add Relying Party Trust**.
* Under **Actions**, click **Add Relying Party Trust**.
* On the Welcome page, choose **Claims aware** and click **Start**.
* On the Welcome page, choose **Claims aware** and click **Start**.
* Select **Import data about the relying party published online or on a local network**, type your metadate url in **Federation metadata address (host name or URL)**, and then click **Next**. Your metadate url format is: `https://example.com/saml2/metadata/`, e.g.:
* Select **Import data about the relying party published online or on a local network**, type your metadate url in **Federation metadata address (host name or URL)**, and then click **Next**. Your metadate url format is: `https://example.com/saml2/metadata/`, e.g.:
![](../images/auto-upload/4d6412ee-009e-42df-b0eb-081735d873c5.png)
![](../images/auto-upload/4d6412ee-009e-42df-b0eb-081735d873c5.png)
* On the **Specify Display Name** page type a name in **Display name**, e.g. `Seafile`, under **Notes** type a description for this relying party trust, and then click **Next**.
* On the **Specify Display Name** page type a name in **Display name**, e.g. `Seafile`, under **Notes** type a description for this relying party trust, and then click **Next**.
* In the **Choose an access control policy** window, select **Permit everyone**, then click **Next**.
* In the **Choose an access control policy** window, select **Permit everyone**, then click **Next**.
* Review your settings, then click **Next**.
* Review your settings, then click **Next**.
* Click **Close**.
* Click **Close**.
**Next**, create claims rules:
**Next**, create claims rules:
* Open the ADFS management, click **Relying Party Trusts**.
* Open the ADFS management, click **Relying Party Trusts**.
* Right-click your trust, and then click **Edit Claim Issuance Policy**.
* Right-click your trust, and then click **Edit Claim Issuance Policy**.
* On the **Issuance Transform Rules** tab click **Add Rules**.
* On the **Issuance Transform Rules** tab click **Add Rules**.
* Click the **Claim rule template** dropdown menu and select **Send LDAP Attributes as Claims**, and then click **Next**.
* Click the **Claim rule template** dropdown menu and select **Send LDAP Attributes as Claims**, and then click **Next**.
* In the **Claim rule name** field, type the display name for this rule, such as **Seafile Claim rule**. Click the **Attribute store** dropdown menu and select **Active Directory**. In the **LDAP Attribute** column, click the dropdown menu and select **User-Principal-Name**. In the **Outgoing Claim Type** column, click the dropdown menu and select **UPN**. And then click **Finish**.
* In the **Claim rule name** field, type the display name for this rule, such as **Seafile Claim rule**. Click the **Attribute store** dropdown menu and select **Active Directory**. In the **LDAP Attribute** column, click the dropdown menu and select **User-Principal-Name**. In the **Outgoing Claim Type** column, click the dropdown menu and select **UPN**. And then click **Finish**.
* Click **Add Rule** again.
* Click **Add Rule** again.
* Click the **Claim rule template** dropdown menu and select **Transform an Incoming Claim**, and then click **Next**.
* Click the **Claim rule template** dropdown menu and select **Transform an Incoming Claim**, and then click **Next**.
* In the **Claim rule name** field, type the display name for this rule, such as **UPN to Name ID**. Click the **Incoming claim type** dropdown menu and select **UPN**(It must match the **Outgoing Claim Type** in rule `Seafile Claim rule`). Click the **Outgoing claim type** dropdown menu and select **Name ID**. Click the **Outgoing name ID format** dropdown menu and select **Email**. And then click **Finish**.
* In the **Claim rule name** field, type the display name for this rule, such as **UPN to Name ID**. Click the **Incoming claim type** dropdown menu and select **UPN**(It must match the **Outgoing Claim Type** in rule `Seafile Claim rule`). Click the **Outgoing claim type** dropdown menu and select **Name ID**. Click the **Outgoing name ID format** dropdown menu and select **Email**. And then click **Finish**.
* Click **OK** to add both new rules.
* Click **OK** to add both new rules.
!!! tip "When creating claims rule, you can also select other LDAP Attributes, such as E-Mail-Addresses, depending on your ADFS service"
__Note__: When creating claims rule, you can also select other LDAP Attributes, such as E-Mail-Addresses, depending on your ADFS service.
**Finally**, open the browser and enter the Seafile login page, click `Single Sign-On` to perform ADFS login test.
**Finally**, open the browser and enter the Seafile login page, click `Single Sign-On` to perform ADFS login test.

15
manual/config/seafile-conf.md
View File

@ -1,6 +1,7 @@
# Seafile.conf settings
**Important**: Every entry in this configuration file is **case-sensitive**.
!!! warning "Important"
Every entry in this configuration file is **case-sensitive**.
You need to restart seafile and seahub so that your changes take effect.
@ -171,13 +172,16 @@ New in Seafile Pro 7.1.16 and Pro 8.0.3: You can set the maximum number of files
Since Pro 8.0.4 version, you can set both options to -1, to allow unlimited size and timeout.
!!! tip
This configuration is only effective for downloading files through web page or API, but not for syncing files
```
[fileserver]
max_sync_file_count = 100000
fs_id_list_request_timeout = 300
```
If you use object storage as storage backend, when a large file is frequently downloaded, the same blocks need to be fetched from the storage backend to Seafile server. This may waste bandwith and cause high load on the internal network. Since Seafile Pro 8.0.5 version, we add block caching to improve the situation. Note that this configuration is only effective for downloading files through web page or API, but not for syncing files.
If you use object storage as storage backend, when a large file is frequently downloaded, the same blocks need to be fetched from the storage backend to Seafile server. This may waste bandwith and cause high load on the internal network. Since Seafile Pro 8.0.5 version, we add block caching to improve the situation.
* To enable this feature, set `use_block_cache` option in the `[fileserver]` group. It's not enabled by default.
* The `block_cache_size_limit` option is used to limit the size of the cache. Its default value is 10GB. The blocks are cached in `seafile-data/block-cache` directory. When the total size of cached files exceeds the limit, seaf-server will clean up older files until the size reduces to 70% of the limit. The cleanup interval is 5 minutes. You have to have a good estimate on how much space you need for the cache directory. Otherwise on frequent downloads this directory can be quickly filled up.
@ -190,7 +194,10 @@ use_block_cache = true
block_cache_size_limit = 100
block_cache_file_types = mp4;mov
```
When a large number of files are uploaded through the web page and API, it will be expensive to calculate block IDs based on the block contents. Since Seafile-pro-9.0.6, you can add the `skip_block_hash` option to use a random string as block ID. Note that this option will prevent fsck from checking block content integrity. You should specify `--shallow` option to fsck to not check content integrity.
When a large number of files are uploaded through the web page and API, it will be expensive to calculate block IDs based on the block contents. Since Seafile-pro-9.0.6, you can add the `skip_block_hash` option to use a random string as block ID.
!!! warning
This option will prevent fsck from checking block content integrity. You should specify `--shallow` option to fsck to not check content integrity.
```
[fileserver]
@ -225,7 +232,7 @@ check_virus_on_web_upload = true
The configurations of database are stored in the `[database]` section.
> From Seafile 11.0, the *SQLite* is not supported.
!!! danger "From Seafile 11.0, the *SQLite* is not supported"
```
[database]

19
manual/config/seahub_settings_py.md
View File

@ -1,6 +1,7 @@
# Seahub Settings
Note: You can also modify most of the config items via web interface. The config items are saved in database table (seahub-db/constance_config). They have a higher priority over the items in config files. If you want to disable settings via web interface, you can add `ENABLE_SETTINGS_VIA_WEB = False` to `seahub_settings.py`.
!!! tip
You can also modify most of the config items via web interface. The config items are saved in database table (seahub-db/constance_config). They have a higher priority over the items in config files. If you want to disable settings via web interface, you can add `ENABLE_SETTINGS_VIA_WEB = False` to `seahub_settings.py`.
## Sending Email Notifications on Seahub
@ -489,7 +490,7 @@ def custom_search_user(request, emails):
```
> **NOTE**, you should NOT change the name of `custom_search_user` and `seahub_custom_functions/__init__.py`
!!! danger "You should NOT change the name of `custom_search_user` and `seahub_custom_functions/__init__.py`"
Since version 6.2.5 pro, if you enable the **ENABLE_SHARE_TO_ALL_GROUPS** feather on sysadmin settings page, you can also define a custom function to return the groups a user can share library to.
@ -523,14 +524,14 @@ def custom_get_groups(request):
```
> **NOTE**, you should NOT change the name of `custom_get_groups` and `seahub_custom_functions/__init__.py`
!!! danger "You should NOT change the name of `custom_get_groups` and `seahub_custom_functions/__init__.py`"
## Note
!!! success
* You need to restart seahub so that your changes take effect.
* If your changes don't take effect, You may need to delete 'seahub_setting.pyc'. (A cache file)
* You need to restart seahub so that your changes take effect.
* If your changes don't take effect, You may need to delete 'seahub_setting.pyc'. (A cache file)
```bash
./seahub.sh restart
```bash
./seahub.sh restart
```
```

29
manual/config/sending_email.md
View File

@ -27,15 +27,16 @@ SERVER_EMAIL = EMAIL_HOST_USER
```
!!! note
**Note**: If your email service still does not work, you can checkout the log file `logs/seahub.log` to see what may cause the problem. For a complete email notification list, please refer to [email notification list](customize_email_notifications.md).
- If your email service still does not work, you can checkout the log file `logs/seahub.log` to see what may cause the problem. For a complete email notification list, please refer to [email notification list](customize_email_notifications.md).
**Note2**: If you want to use the email service without authentication leaf `EMAIL_HOST_USER` and `EMAIL_HOST_PASSWORD` **blank** (`''`). (But notice that the emails then will be sent without a `From:` address.)
- If you want to use the email service without authentication leaf `EMAIL_HOST_USER` and `EMAIL_HOST_PASSWORD` **blank** (`''`). (But notice that the emails then will be sent without a `From:` address.)
**Note3**: About using SSL connection (using port 465)
- About using SSL connection (using port 465)
Port 587 is being used to establish a connection using STARTTLS and port 465 is being used to establish an SSL connection. Starting from Django 1.8, it supports both.
If you want to use SSL on port 465, set `EMAIL_USE_SSL = True` instead of `EMAIL_USE_TLS`.
- Port 587 is being used to establish a connection using STARTTLS and port 465 is being used to establish an SSL connection. Starting from Django 1.8, it supports both.
- If you want to use SSL on port 465, set `EMAIL_USE_SSL = True` instead of `EMAIL_USE_TLS`.
## Change `reply to` of email
@ -68,13 +69,15 @@ interval = 30m
The simplest way to customize the email messages is setting the `SITE_NAME` variable in `seahub_settings.py`. If it is not enough for your case, you can customize the email templates.
**Note:** Subject line may vary between different releases, this is based on Release 5.0.0. Restart Seahub so that your changes take effect.
!!! tip
Subject line may vary between different releases, this is based on Release 5.0.0. Restart Seahub so that your changes take effect.
### The email base template
[seahub/seahub/templates/email_base.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/email_base.html)
Note: You can copy email_base.html to `seahub-data/custom/templates/email_base.html` and modify the new one. In this way, the customization will be maintained after upgrade.
!!! tip
You can copy email_base.html to `seahub-data/custom/templates/email_base.html` and modify the new one. In this way, the customization will be maintained after upgrade.
### User resets his/her password
@ -92,7 +95,8 @@ seahub/seahub/auth/forms.py line:127
[seahub/seahub/templates/registration/password_reset_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/registration/password_reset_email.html)
Note: You can copy password_reset_email.html to `seahub-data/custom/templates/registration/password_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
!!! tip
You can copy password_reset_email.html to `seahub-data/custom/templates/registration/password_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
### System admin adds new member
@ -110,7 +114,8 @@ send_html_email(_(u'Password has been reset on %s') % SITE_NAME,
[seahub/seahub/templates/sysadmin/user_add_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/sysadmin/user_add_email.html)
Note: You can copy user_add_email.html to `seahub-data/custom/templates/sysadmin/user_add_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
!!! tip
You can copy user_add_email.html to `seahub-data/custom/templates/sysadmin/user_add_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
### System admin resets user password
@ -128,7 +133,8 @@ send_html_email(_(u'Password has been reset on %s') % SITE_NAME,
[seahub/seahub/templates/sysadmin/user_reset_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/sysadmin/user_reset_email.html)
Note: You can copy user_reset_email.html to `seahub-data/custom/templates/sysadmin/user_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
!!! tip
You can copy user_reset_email.html to `seahub-data/custom/templates/sysadmin/user_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
### User sends file/folder share link
@ -160,7 +166,8 @@ try:
[seahub/seahub/templates/shared_upload_link_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/shared_upload_link_email.html)
Note: You can copy shared_link_email.html to `seahub-data/custom/templates/shared_link_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
!!! tip
You can copy shared_link_email.html to `seahub-data/custom/templates/shared_link_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
### Reminder of unread notifications

4
manual/config/shibboleth_authentication.md
View File

@ -203,7 +203,9 @@ SHIBBOLETH_ATTRIBUTE_MAP = {
```
In the above config, the hash key is Shibboleth attribute name, the second element in the hash value is Seahub's property name. You can adjust the Shibboleth attribute name for your own needs. **_Note that you may have to change attribute-map.xml in your Shibboleth SP, so that the desired attributes are passed to Seahub. And you have to make sure the IdP sends these attributes to the SP._**
In the above config, the hash key is Shibboleth attribute name, the second element in the hash value is Seahub's property name. You can adjust the Shibboleth attribute name for your own needs.
!!! tip "You may have to change attribute-map.xml in your Shibboleth SP, so that the desired attributes are passed to Seahub. And you have to make sure the IdP sends these attributes to the SP"
We also added an option `SHIB_ACTIVATE_AFTER_CREATION` (defaults to `True`) which control the user status after shibboleth connection. If this option set to `False`, user will be inactive after connection, and system admins will be notified by email to activate that account.

16
manual/develop/linux.md
View File

@ -25,17 +25,17 @@ Package names are according to Ubuntu 14.04. For other Linux distros, please fin
* python-simplejson (for seaf-cli)
* libssl-dev
```bash
sudo apt-get install autoconf automake libtool libevent-dev libcurl4-openssl-dev libgtk2.0-dev uuid-dev intltool libsqlite3-dev valac libjansson-dev cmake qtchooser qtbase5-dev libqt5webkit5-dev qttools5-dev qttools5-dev-tools libssl-dev
=== "Ubuntu"
```bash
sudo apt-get install autoconf automake libtool libevent-dev libcurl4-openssl-dev libgtk2.0-dev uuid-dev intltool libsqlite3-dev valac libjansson-dev cmake qtchooser qtbase5-dev libqt5webkit5-dev qttools5-dev qttools5-dev-tools libssl-dev
```
```
=== "Fedora 20/23"
For a fresh Fedora 20 / 23 installation, the following will install all dependencies via YUM:
```bash
$ sudo yum install wget gcc libevent-devel openssl-devel gtk2-devel libuuid-devel sqlite-devel jansson-devel intltool cmake libtool vala gcc-c++ qt5-qtbase-devel qt5-qttools-devel qt5-qtwebkit-devel libcurl-devel openssl-devel
```bash
$ sudo yum install wget gcc libevent-devel openssl-devel gtk2-devel libuuid-devel sqlite-devel jansson-devel intltool cmake libtool vala gcc-c++ qt5-qtbase-devel qt5-qttools-devel qt5-qtwebkit-devel libcurl-devel openssl-devel
```
```
#### Building

8
manual/docker/onlyoffice.yml
View File

@ -9,10 +9,10 @@ services:
restart: unless-stopped
container_name: seafile-onlyoffice
environment:
- DB_TYPE=${DB_TYPE:-mariadb}
- DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
- DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
- DB_PWD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
#- DB_TYPE=${DB_TYPE:-mariadb}
#- DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
#- DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
#- DB_PWD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
- JWT_ENABLED=true
- JWT_SECRET=${ONLYOFFICE_JWT_SECRET:?Variable is not set or empty}
volumes:

35
manual/docker/pro/seadoc.yml
View File

@ -1,35 +0,0 @@
services:
seadoc:
image: ${SEADOC_IMAGE:-seafileltd/sdoc-server:1.0-latest}
container_name: seadoc
volumes:
- ${SEADOC_VOLUME:-/opt/seadoc-data/}:/shared
# ports:
# - "80:80"
environment:
- DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db}
- DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306}
- DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile}
- DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty}
- DB_NAME=${SEADOC_MYSQL_DB_NAME:-seahub_db}
- TIME_ZONE=${TIME_ZONE:-Etc/UTC}
- JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty}
- SEAHUB_SERVICE_URL=${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
labels:
caddy: ${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty}
caddy.@ws.0_header: "Connection *Upgrade*"
caddy.@ws.1_header: "Upgrade websocket"
caddy.0_reverse_proxy: "@ws {{upstreams 80}}"
caddy.1_handle_path: "/socket.io/*"
caddy.1_handle_path.0_rewrite: "* /socket.io{uri}"
caddy.1_handle_path.1_reverse_proxy: "{{upstreams 80}}"
caddy.2_handle_path: "/sdoc-server/*"
caddy.2_handle_path.0_rewrite: "* {uri}"
caddy.2_handle_path.1_reverse_proxy: "{{upstreams 80}}"
networks:
- seafile-net
networks:
seafile-net:
name: seafile-net

0
manual/docker/ce/seadoc.yml → manual/docker/seadoc.yml
View File

10
manual/extension/fuse.md
View File

@ -6,11 +6,11 @@ However, administrators sometimes want to access the files directly on the serve
`Seaf-fuse` is an implementation of the [FUSE](http://fuse.sourceforge.net) virtual filesystem. In a word, it mounts all the seafile files to a folder (which is called the '''mount point'''), so that you can access all the files managed by seafile server, just as you access a normal folder on your server.
Note:
!!! note
* Encrypted folders can't be accessed by seaf-fuse.
* Currently the implementation is '''read-only''', which means you can't modify the files through the mounted folder.
* One debian/centos systems, you need to be in the "fuse" group to have the permission to mount a FUSE folder.
* Encrypted folders can't be accessed by seaf-fuse.
* Currently the implementation is '''read-only''', which means you can't modify the files through the mounted folder.
* One debian/centos systems, you need to be in the "fuse" group to have the permission to mount a FUSE folder.
## Use seaf-fuse in binary based deployment
@ -24,7 +24,7 @@ mkdir -p /data/seafile-fuse
##### Start seaf-fuse with the script
Note: Before start seaf-fuse, you should have started seafile server with `./seafile.sh start`.
!!! tip "Before start seaf-fuse, you should have started seafile server with `./seafile.sh start`"
```
./seaf-fuse.sh start /data/seafile-fuse

10
manual/extension/notification-server.md
View File

@ -6,7 +6,7 @@ When a directory is opened on the web interface, the lock status of the file can
The notification server uses websocket protocol and maintains a two-way communication connection with the client or the web interface. When the above changes occur, seaf-server will notify the notification server of the changes. Then the notification server can notify the client or the web interface in real time. This not only improves the real-time performance, but also reduces the performance overhead of the server.
Note, the notification server cannot work if you config Seafile server with SQLite database.
!!! danger "The notification server cannot work if you config Seafile server with SQLite database"
## Supported update reminder types
@ -78,13 +78,9 @@ Or add the configuration for Apache:
ProxyPassReverse /notification ws://127.0.0.1:8083/
```
NOTE: according to [apache ProxyPass document](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass)
> According to [apache ProxyPass document](https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass):
```
The configured ProxyPass and ProxyPassMatch rules are checked in the order of configuration. The first rule that matches wins.
So usually you should sort conflicting ProxyPass rules starting with the longest URLs first.
Otherwise, later rules for longer URLS will be hidden by any earlier rule which uses a leading substring of the URL. Note that there is some relation with worker sharing.
```
> The configured ProxyPass and ProxyPassMatch rules are checked in the order of configuration. The first rule that matches wins. So usually you should sort conflicting ProxyPass rules starting with the longest URLs first. Otherwise, later rules for longer URLS will be hidden by any earlier rule which uses a leading substring of the URL. Note that there is some relation with worker sharing.
the final configuration for Apache should be like:

7
manual/extension/office_web_app.md
View File

@ -2,7 +2,7 @@
In Seafile Professional Server Version 4.4.0 (or above), you can use Microsoft Office Online Server (formerly named Office Web Apps) to preview documents online. Office Online Server provides the best preview for all Office format files. It also support collaborative editing of Office files directly in the web browser. For organizations with Microsoft Office Volume License, it's free to use Office Online Server. For more information about Office Online Server and how to deploy it, please refer to <https://technet.microsoft.com/en-us/library/jj219455(v=office.16).aspx>.
**Notice**: Seafile only supports Office Online Server 2016 and above.
!!! tip "Seafile only supports Office Online Server 2016 and above"
To use Office Online Server for preview, please add following config option to seahub_settings.py.
@ -77,6 +77,5 @@ Understanding how the web app integration works is going to help you debugging t
Please check the Nginx log for Seahub (for step 3) and Office Online Server to see which step is wrong.
### Notes on Windows paging files
You should make sure you have configured at least a few GB of paging files in your Windows system. Otherwise the IIS worker processes may die randomly when handling Office Online requests.
!!! warning
You should make sure you have configured at least a few GB of paging files in your Windows system. Otherwise the IIS worker processes may die randomly when handling Office Online requests.

18
manual/extension/only_office.md
View File

@ -94,24 +94,6 @@ service:
For more information you can check the official documentation: <https://api.onlyoffice.com/editors/signature/> and <https://github.com/ONLYOFFICE/Docker-DocumentServer#available-configuration-parameters>
### Create a database for OnlyOffice
> By default, OnlyOffice will use the database information related to `SEAFILE_MYSQL_*` in `.env`. If you need to specify another existing database, please modify it in `onlyoffice.yml`
First, you need to make sure the database service is started, and enter the seafile-mysql container
```sh
docker compose up -d
docker exec -it seafile-mysql bash
```
In the container, you need to create the database `onlyoffice` and add corresponding permissions for the `seafile` user
```sql
create database if not exists onlyoffice charset utf8mb4;
GRANT ALL PRIVILEGES ON `onlyoffice`.* to `seafile`@`%.%.%.%`;
```
### Restart Seafile-docker instance and test that OnlyOffice is running
```shell

74
manual/extension/setup_seadoc.md
View File

@ -33,31 +33,47 @@ Here is the workflow when a user open sdoc file in browser
SeaDoc has the following deployment methods:
- [SeaDoc and Seafile docker are deployed on the same host](#seadoc-and-seafile-docker-are-deployed-on-the-same-host).
- [Deploy SeaDoc on a new host](#deploy-seadoc-on-a-new-host).
=== "SeaDoc and Seafile docker are deployed on the same host"
Download the `seadoc.yml` and integrate SeaDoc in Seafile docker.
> Seafile version 11.0 or later is required to work with SeaDoc.
```shell
wget https://manual.seafile.com/12.0/docker/seadoc.yml
```
## SeaDoc and Seafile docker are deployed on the same host
Modify `.env`, and insert `seadoc.yml` into `COMPOSE_FILE`, and enable SeaDoc server
Download the `seadoc.yml` and integrate SeaDoc in Seafile docker.
```shell
COMPOSE_FILE='seafile-server.yml,caddy.yml,seadoc.yml'
```shell
# for community edition
wget https://manual.seafile.com/12.0/docker/ce/seadoc.yml
ENABLE_SEADOC=true
SEADOC_SERVER_URL=https://example.seafile.com/sdoc-server
```
=== "Deploy SeaDoc on a new host"
# for pro edition
wget https://manual.seafile.com/12.0/docker/pro/seadoc.yml
```
Download and modify the `.env` and `seadoc.yml` files.
Modify `.env`, and insert `seadoc.yml` into `COMPOSE_FILE`, and enable SeaDoc server
```sh
wget https://manual.seafile.com/12.0/docker/seadoc/1.0/standalone/seadoc.yml
wget -o .env https://manual.seafile.com/12.0/docker/seadoc/1.0/standalone/env.yml
```
Then modify the `.env` file according to your environment. The following fields are needed to be modified:
| variable | description |
|------------------------|---------------------------------------------------------------------------------------------------------------|
| `SEADOC_VOLUME` | The volume directory of SeaDoc data |
| `SEAFILE_MYSQL_DB_HOST`| Seafile MySQL host |
| `SEAFILE_MYSQL_DB_USER`| Seafile MySQL user, default is `seafile` |
| `SEAFILE_MYSQL_DB_PASSWORD`| Seafile MySQL password |
| `TIME_ZONE` | Time zone |
| `JWT_PRIVATE_KEY` | JWT key, the same as the config in Seafile `.env` file |
| `SEAFILE_SERVER_HOSTNAME`| Seafile host name |
| `SEAFILE_SERVER_PROTOCOL`| http or https |
| `SEADOC_SERVER_URL` | SeaDoc service URL |
!!! note
Please bind SeaDoc server url and ip in the load balance(or reverse proxy) configuration after starting SeaDoc server
```shell
COMPOSE_FILE='seafile-server.yml,caddy.yml,seadoc.yml'
ENABLE_SEADOC=true
SEADOC_SERVER_URL=https://example.seafile.com/sdoc-server
```
Start SeaDoc server with the following command
@ -65,31 +81,7 @@ Start SeaDoc server with the following command
docker compose up -d
```
Now you can use SeaDoc!
## Deploy SeaDoc on a new host
Download and modify the `.env` and `seadoc.yml` files.
Download [seadoc.yml](../docker/seadoc/1.0/standalone/seadoc.yml) and [.env](../docker/seadoc/1.0/standalone/env) sample files to your host. Then modify the `.env` file according to your environment. The following fields are needed to be modified:
- `SEADOC_VOLUME`: The volume directory of SeaDoc data
- `SEAFILE_MYSQL_DB_HOST`: Seafile MySQL host
- `SEAFILE_MYSQL_DB_USER`: Seafile MySQL user, default is `seafile`
- `SEAFILE_MYSQL_DB_PASSWORD`: Seafile MySQL password
- `TIME_ZONE`: Time zone
- `JWT_PRIVATE_KEY`: JWT key, the same as the config in Seafile `.env` file
- `SEAFILE_SERVER_HOSTNAME`: Seafile host name
- `SEAFILE_SERVER_PROTOCOL`: http or https
- `SEADOC_SERVER_URL`: SeaDoc service URL
Start SeaDoc server with the following command
```sh
docker compose up -d
```
Then bind SeaDoc server url and ip in the load balance(or reverse proxy) configuration.
Now you can use SeaDoc!

3
manual/extension/virus_scan.md
View File

@ -35,7 +35,8 @@ cd seafile-server-latest
If a virus was detected, you can see scan records and delete infected files on the Virus Scan page in the admin area.
![virus-scan](../images/virus-scan.png)
**INFO**: If you directly use clamav command line tool to scan files, scanning files will takes a lot of time. If you want to speed it up, we recommend to run Clamav as a daemon. Please refer to [Run ClamAV as a Daemon](./virus_scan_with_clamav.md)
!!! note
If you directly use clamav command line tool to scan files, scanning files will takes a lot of time. If you want to speed it up, we recommend to run Clamav as a daemon. Please refer to [Run ClamAV as a Daemon](./virus_scan_with_clamav.md)
When run Clamav as a daemon, the `scan_command` should be `clamdscan` in `seafile.conf`. An example for Clamav-daemon is provided below:
```

16
manual/extension/virus_scan_with_clamav.md
View File

@ -65,15 +65,15 @@ User root
systemctl start clamav-daemon
```
* Test the software
!!! success "Test the software"
```
$ curl https://secure.eicar.org/eicar.com.txt | clamdscan -
```
```
$ curl https://secure.eicar.org/eicar.com.txt | clamdscan -
```
The output must include:
The output must include:
```
stream: Eicar-Test-Signature FOUND
```
```
stream: Eicar-Test-Signature FOUND
```

100
manual/extension/webdav.md
View File

@ -45,47 +45,49 @@ show_repo_id=true
```
## Proxy with Nginx
## Proxy
For Seafdav, the configuration of Nginx is as follows:
=== "Nginx"
```
.....
For Seafdav, the configuration of Nginx is as follows:
location /seafdav {
rewrite ^/seafdav$ /seafdav/ permanent;
}
```
.....
location /seafdav/ {
proxy_pass http://127.0.0.1:8080/seafdav/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1200s;
client_max_body_size 0;

access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log;
}
location /seafdav {
rewrite ^/seafdav$ /seafdav/ permanent;
}
location /:dir_browser {
proxy_pass http://127.0.0.1:8080/:dir_browser;
}
```
location /seafdav/ {
proxy_pass http://127.0.0.1:8080/seafdav/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1200s;
client_max_body_size 0;

access_log /var/log/nginx/seafdav.access.log seafileformat;
error_log /var/log/nginx/seafdav.error.log;
}
### Proxy with Apache
location /:dir_browser {
proxy_pass http://127.0.0.1:8080/:dir_browser;
}
```
For Seafdav, the configuration of Apache is as follows:
=== "Apache"
```
......
<Location /seafdav>
ProxyPass "http://127.0.0.1:8080/seafdav"
</Location>
For Seafdav, the configuration of Apache is as follows:
```
```
......
<Location /seafdav>
ProxyPass "http://127.0.0.1:8080/seafdav"
</Location>
```
## Notes on Clients
@ -97,34 +99,32 @@ Please first note that, there are some known performance limitation when you map
So WebDAV is more suitable for infrequent file access. If you want better performance, please use the sync client instead.
### Windows
=== "Windows"
Windows Explorer supports HTTPS connection. But it requires a valid certificate on the server. It's generally recommended to use Windows Explorer to map a webdav server as network dirve. If you use a self-signed certificate, you have to add the certificate's CA into Windows' system CA store.
Windows Explorer supports HTTPS connection. But it requires a valid certificate on the server. It's generally recommended to use Windows Explorer to map a webdav server as network dirve. If you use a self-signed certificate, you have to add the certificate's CA into Windows' system CA store.
=== "Linux"
### Linux
On Linux you have more choices. You can use file manager such as Nautilus to connect to webdav server. Or you can use davfs2 from the command line.
On Linux you have more choices. You can use file manager such as Nautilus to connect to webdav server. Or you can use davfs2 from the command line.
To use davfs2
To use davfs2
```
sudo apt-get install davfs2
sudo mount -t davfs -o uid=<username> https://example.com/seafdav /media/seafdav/
```
sudo apt-get install davfs2
sudo mount -t davfs -o uid=<username> https://example.com/seafdav /media/seafdav/
```
```
The -o option sets the owner of the mounted directory to <username> so that it's writable for non-root users.
The -o option sets the owner of the mounted directory to <username> so that it's writable for non-root users.
It's recommended to disable LOCK operation for davfs2. You have to edit /etc/davfs2/davfs2.conf
It's recommended to disable LOCK operation for davfs2. You have to edit /etc/davfs2/davfs2.conf
```
use_locks 0
```
use_locks 0
```
=== "Mac OS X"
```
### Mac OS X
Finder's support for WebDAV is also not very stable and slow. So it is recommended to use a webdav client software such as Cyberduck.
Finder's support for WebDAV is also not very stable and slow. So it is recommended to use a webdav client software such as Cyberduck.
## Frequently Asked Questions

3
manual/introduction/components.md
View File

@ -9,4 +9,5 @@ The picture below shows how Seafile clients access files when you configure Seaf
![Seafile Sync](../images/seafile-arch-new-http.png)
- All access to the Seafile service (including Seahub and Seafile server) can be configured behind Nginx or Apache web server. This way all network traffic to the service can be encrypted with HTTPS.
!!! tip
All access to the Seafile service (including Seahub and Seafile server) can be configured behind Nginx or Apache web server. This way all network traffic to the service can be encrypted with HTTPS.

6
manual/introduction/file_permission_management.md
View File

@ -13,7 +13,7 @@ Sharing controls whether a user or group can see a library, while sub-folder per
Supposing you share a library as read-only to a group and then want specific sub-folders to be read-write for a few users, you can set read-write permissions on sub-folders for some users and groups.
Note:
!!! note
* Setting sub-folder permission for a user without sharing the folder or parent folder to that user will have no effect.
* Sharing a library read-only to a user and then sharing a sub-folder read-write to that user will lead to two shared items for that user. This is going to cause confusion. Use sub-folder permissions instead.
* Setting sub-folder permission for a user without sharing the folder or parent folder to that user will have **no effect**.
* Sharing a library read-only to a user and then sharing a sub-folder read-write to that user will lead to two shared items for that user. This is going to cause confusion. Use sub-folder permissions instead.

3
manual/setup/caddy.md
View File

@ -1,6 +1,7 @@
# HTTPS and Caddy
> From Seafile 12.0, the HTTPS in deployment from Docker is handled by [***Caddy***](https://caddyserver.com/docs/). The default caddy image used of Seafile docker is [`lucaslorentz/caddy-docker-proxy:2.9`](https://github.com/lucaslorentz/caddy-docker-proxy).
!!! note
From Seafile 12.0, the HTTPS in deployment from Docker is handled by [***Caddy***](https://caddyserver.com/docs/). The default caddy image used of Seafile docker is [`lucaslorentz/caddy-docker-proxy:2.9`](https://github.com/lucaslorentz/caddy-docker-proxy).
Caddy is a modern open source web server that mainly binds external traffic and internal services in [seafile docker](./overview.md). In addition to the advantages of traditional proxy components (e.g., *nginx*), Caddy also makes it easier for users to complete the acquisite and update of HTTPS certificates by providing simpler configurations.

14
manual/setup/cluster_deploy_with_docker.md
View File

@ -83,7 +83,9 @@ services:
```
**Note**: **CLUSTER_SERVER=true** means seafile cluster mode, **CLUSTER_MODE=frontend** means this node is seafile frontend server.
!!! note
- `CLUSTER_SERVER=true` means seafile cluster mode
- `CLUSTER_MODE=frontend` means this node is seafile frontend server
Start the seafile docker container
@ -228,7 +230,9 @@ services:
```
**Note**: **CLUSTER_SERVER=true** means seafile cluster mode, **CLUSTER_MODE=backend** means this node is seafile backend server.
!!! note
- `CLUSTER_SERVER=true` means seafile cluster mode
- `CLUSTER_MODE=backend` means this node is seafile backend server
Start the seafile docker container
@ -319,7 +323,8 @@ EOF
```
**Note**: Correctly modify the IP address (Front-End01-IP and Front-End02-IP) of the frontend server in the above configuration file.
!!! warning
Please **correctly** modify the IP address (`Front-End01-IP` and `Front-End02-IP`) of the frontend server in the above configuration file. Other wise it cannot work properly.
**Choose one of the above two servers as the master node, and the other as the slave node.**
@ -358,7 +363,8 @@ EOF
```
**Note: **Correctly configure the virtual IP address and network interface device name in the above file.
!!! warning
Please **correctly** configure the virtual IP address and network interface device name in the above file. Other wise it cannot work properly.
Perform the following operations on the standby node:

32
manual/setup/cluster_deploy_with_k8s.md
View File

@ -10,15 +10,19 @@ The two volumes for persisting data, `/opt/seafile-data` and `/opt/seafile-mysql
The two tools, **kubectl** and a **k8s control plane** tool (i.e., ***kubeadm***), are required and can be installed with [official installation guide](https://kubernetes.io/docs/tasks/tools/).
Note that if it is a multi-node deployment, k8s control plane needs to be installed on each node. After installation, you need to start the k8s control plane service on each node and refer to the k8s official manual for [creating a cluster](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/). Since this manual still uses the same image as docker deployment, we need to add the following repository to k8s:
!!! tip "Multi-node deployment"
If it is a multi-node deployment, k8s control plane needs to be installed on each node. After installation, you need to start the k8s control plane service on each node and refer to the k8s official manual for [creating a cluster](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/). Since this manual still uses the same image as docker deployment, we need to add the following repository to k8s:
```shell
kubectl create secret docker-registry regcred --docker-server=docker.seadrive.org/seafileltd --docker-username=seafile --docker-password=zjkmid6rQibdZ=uJMuWS
```
```shell
kubectl create secret docker-registry regcred --docker-server=docker.seadrive.org/seafileltd --docker-username=seafile --docker-password=zjkmid6rQibdZ=uJMuWS
```
## YAML
Seafile mainly involves three different services, namely database service, cache service and seafile service. Since these three services do not have a direct dependency relationship, we need to separate them from the entire docker-compose.yml (in this manual, we use [Seafile 12 PRO](../docker/pro/seafile-server.yml)) and divide them into three pods. For each pod, we need to define a series of YAML files for k8s to read, and we will store these YAMLs in `/opt/seafile-k8s-yaml`. This series of YAML mainly includes **Deployment** for pod management and creation, **Service** for exposing services to the external network, **PersistentVolume** for defining the location of a volume used for persistent storage on the host and **Persistentvolumeclaim** for declaring the use of persistent storage in the container. For futher configuration details, you can refer [the official documents](https://kubernetes.io/docs/tasks/configure-pod-container/).
Seafile mainly involves three different services, namely database service, cache service and seafile service. Since these three services do not have a direct dependency relationship, we need to separate them from the entire docker-compose.yml (in this manual, we use [Seafile 12 PRO](../docker/pro/seafile-server.yml)) and divide them into three pods. For each pod, we need to define a series of YAML files for k8s to read, and we will store these YAMLs in `/opt/seafile-k8s-yaml`.
!!! note
This series of YAML mainly includes **Deployment** for pod management and creation, **Service** for exposing services to the external network, **PersistentVolume** for defining the location of a volume used for persistent storage on the host and **Persistentvolumeclaim** for declaring the use of persistent storage in the container. For futher configuration details, you can refer [the official documents](https://kubernetes.io/docs/tasks/configure-pod-container/).
### mariadb
@ -58,16 +62,18 @@ spec:
claimName: mariadb-data
```
Please replease `MARIADB_ROOT_PASSWORD` to your own mariadb password. In the above Deployment configuration file, no restart policy for the pod is specified. The default restart policy is **Always**. If you need to modify it, add the following to the spec attribute:
Please replease `MARIADB_ROOT_PASSWORD` to your own mariadb password.
!!! tip
In the above Deployment configuration file, no restart policy for the pod is specified. The default restart policy is **Always**. If you need to modify it, add the following to the spec attribute:
```YAML
restartPolicy: OnFailure
```YAML
restartPolicy: OnFailure
#Note:
# Always: always restart (include normal exit)
# OnFailure: restart only with unexpected exit
# Never: do not restart
```
#Note:
# Always: always restart (include normal exit)
# OnFailure: restart only with unexpected exit
# Never: do not restart
```
#### mariadb-service.yaml

3
manual/setup/migrate_backends_data.md
View File

@ -119,7 +119,8 @@ cd ~/haiwen/seafile-server-latest
```
Please note that this script is completely reentrant. So you can stop and restart it, or run it many times. It will check whether an object exists in the destination before sending it.
!!! tip
This script is completely reentrant. So you can stop and restart it, or run it many times. It will check whether an object exists in the destination before sending it.
## Run final migration

3
manual/setup/migrate_non_docker_to_docker.md
View File

@ -10,7 +10,8 @@ The recommended steps to migrate from non-docker deployment to docker deployment
The following document assumes that the deployment path of your non-Docker version of Seafile is /opt/seafile. If you use other paths, before running the command, be careful to modify the command path.
> Note, you can also refer to the Seafile backup and recovery documentation, deploy Seafile Docker on another machine, and then copy the old configuration information, database, and seafile-data to the new machine to complete the migration. The advantage of this is that even if an error occurs during the migration process, the existing system will not be destroyed.
!!! note
You can also refer to the Seafile backup and recovery documentation, deploy Seafile Docker on another machine, and then copy the old configuration information, database, and seafile-data to the new machine to complete the migration. The advantage of this is that even if an error occurs during the migration process, the existing system will not be destroyed.
## Migrate

2
manual/setup/overview.md
View File

@ -9,3 +9,5 @@ Seafile docker based installation consist of the following components (docker im
- Caddy: Caddy server enables user to access the Seafile service (i.e., Seafile server and Sdoc server) externally and handles `SSL` configuration
![Seafile Docker Structure](../images/seafile-12.0-docker-structure.png)
!!! note "Seafile version 11.0 or later is required to work with SeaDoc"

7
manual/setup/run_seafile_as_non_root_user_inside_docker.md
View File

@ -1,6 +1,6 @@
# Run Seafile as non root user inside docker
You can use run seafile as non root user in docker. (**NOTE:** Programs such as `my_init`, Nginx are still run as `root` inside docker.)
You can use run seafile as non root user in docker.
First add the `NON_ROOT=true` to the `.env`.
@ -21,4 +21,7 @@ docker compose down
docker compose up -d
```
Now you can run Seafile as `seafile` user. (**NOTE:** Later, when doing maintenance, other scripts in docker are also required to be run as `seafile` user, e.g. `su seafile -c ./seaf-gc.sh`)
Now you can run Seafile as `seafile` user.
!!! tip
When doing maintenance, other scripts in docker are also required to be run as `seafile` user, e.g. `su seafile -c ./seaf-gc.sh`

120
manual/setup/seafile_docker_autostart.md
View File

@ -2,70 +2,72 @@
You can use one of the following methods to start Seafile container on system bootup.
## Method 1
=== "`docker-compose.service`"
1. Add docker-compose.service
1. Add `docker-compose.service`
`vim /etc/systemd/system/docker-compose.service`
`vim /etc/systemd/system/docker-compose.service`
```
[Unit]
Description=Docker Compose Application Service
Requires=docker.service
After=docker.service
[Service]
Type=forking
RemainAfterExit=yes
WorkingDirectory=/opt/
ExecStart=/usr/bin/docker compose up -d
ExecStop=/usr/bin/docker compose down
TimeoutStartSec=0
[Install]
WantedBy=multi-user.target
```
!!! note
`WorkingDirectory` is the absolute path to the `seafile-server.yml` file directory.
2. Set the `docker-compose.service` file to 644 permissions
```
chmod 644 /etc/systemd/system/docker-compose.service
```
3. Load autostart configuration
```
systemctl daemon-reload
systemctl enable docker-compose.service
```
=== "`xxx.yml`"
Add configuration `restart: unless-stopped` for each container in [components of Seafile docker](./overview.md). Take `seafile-server.yml` for example
```
[Unit]
Description=Docker Compose Application Service
Requires=docker.service
After=docker.service
services:
db:
image: mariadb:10.11
container_name: seafile-mysql-1
restart: unless-stopped
[Service]
Type=forking
RemainAfterExit=yes
WorkingDirectory=/opt/
ExecStart=/usr/bin/docker compose up -d
ExecStop=/usr/bin/docker compose down
TimeoutStartSec=0
memcached:
image: memcached:1.6.18
container_name: seafile-memcached
restart: unless-stopped
[Install]
WantedBy=multi-user.target
elasticsearch:
image: elasticsearch:8.6.2
container_name: seafile-elasticsearch
restart: unless-stopped
seafile:
image: docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest
container_name: seafile
restart: unless-stopped
```
Note: `WorkingDirectory` is the absolute path to the docker-compose.yml file directory.
2. Set the docker-compose.service file to 644 permissions
```
chmod 644 /etc/systemd/system/docker-compose.service
```
3. Load autostart configuration
```
systemctl daemon-reload
systemctl enable docker-compose.service
```
## Method 2
Add configuration `restart: unless-stopped` for each container in [components of Seafile docker](./overview.md). Take `seafile-server.yml` for example
```
services:
db:
image: mariadb:10.11
container_name: seafile-mysql-1
restart: unless-stopped
memcached:
image: memcached:1.6.18
container_name: seafile-memcached
restart: unless-stopped
elasticsearch:
image: elasticsearch:8.6.2
container_name: seafile-elasticsearch
restart: unless-stopped
seafile:
image: docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest
container_name: seafile
restart: unless-stopped
```
Note: Add `restart: unless-stopped`, and the Seafile container will automatically start when Docker starts. If the Seafile container does not exist (execute docker compose down), the container will not start automatically.
!!! tip
Add `restart: unless-stopped`, and the Seafile container will automatically start when Docker starts. If the Seafile container does not exist (execute docker compose down), the container will not start automatically.

61
manual/setup/setup_ce_by_docker.md
View File

@ -1,5 +1,9 @@
# Installation of Seafile Server Community Edition with Docker
## Requirements
Seafile Community Edition requires a minimum of 2 cores and 2GB RAM.
## Getting started
The following assumptions and conventions are used in the rest of this document:
@ -14,9 +18,7 @@ Use the [official installation guide for your OS to install Docker](https://docs
### Download and modify `.env`
From Seafile Docker 12.0, we use `.env`, `seafile-server.yml` and `caddy.yml` files for configuration.
**NOTE:** Different versions of Seafile have different compose files.
!!! tip "From Seafile Docker 12.0, we use `.env`, `seafile-server.yml` and `caddy.yml` files for configuration"
```bash
mkdir /opt/seafile
@ -32,43 +34,56 @@ nano .env
The following fields merit particular attention:
- `SEAFILE_VOLUME`: The volume directory of Seafile data, default is `/opt/seafile-data`
- `SEAFILE_MYSQL_VOLUME`: The volume directory of MySQL data, default is `/opt/seafile-mysql/db`
- `SEAFILE_CADDY_VOLUME`: The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's, default is `/opt/seafile-caddy`
- `INIT_SEAFILE_MYSQL_ROOT_PASSWORD`: The user `root` password of MySQL
- `SEAFILE_MYSQL_DB_USER`: The user of MySQL (`database` - `user` can be found in `conf/seafile.conf`)
- `SEAFILE_MYSQL_DB_PASSWORD`: The user `seafile` password of MySQL
- `JWT`: JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters, generate example: `pwgen -s 40 1`
- `SEAFILE_SERVER_HOSTNAME`: Seafile server hostname or domain
- `SEAFILE_SERVER_PROTOCOL`: Seafile server protocol (http or https)
- `TIME_ZONE`: Time zone (default UTC)
- `INIT_SEAFILE_ADMIN_EMAIL`: Admin username
- `INIT_SEAFILE_ADMIN_PASSWORD`: Admin password
| Variable | Description | Default Value |
| ------------------------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| `SEAFILE_VOLUME` | The volume directory of Seafile data | `/opt/seafile-data` |
| `SEAFILE_MYSQL_VOLUME` | The volume directory of MySQL data | `/opt/seafile-mysql/db` |
| `SEAFILE_CADDY_VOLUME` | The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's | `/opt/seafile-caddy` |
| `INIT_SEAFILE_MYSQL_ROOT_PASSWORD` | The `root` password of MySQL | (required) |
| `SEAFILE_MYSQL_DB_USER` | The user of MySQL (`database` - `user` can be found in `conf/seafile.conf`) | `seafile` |
| `SEAFILE_MYSQL_DB_PASSWORD` | The user `seafile` password of MySQL | (required) |
| `JWT` | JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using `pwgen -s 40 1` | (required) |
| `SEAFILE_SERVER_HOSTNAME` | Seafile server hostname or domain | (required) |
| `SEAFILE_SERVER_PROTOCOL` | Seafile server protocol (http or https) | `http` |
| `TIME_ZONE` | Time zone | `UTC` |
| `INIT_SEAFILE_ADMIN_EMAIL` | Admin username | `me@example.com` (Recommend modifications) |
| `INIT_SEAFILE_ADMIN_PASSWORD` | Admin password | `asecret` (Recommend modifications) |
### Start Seafile server
Start Seafile server with the following command
```bash
# if `.env` file is in current directory:
docker compose up -d
# if `.env` file is elsewhere:
docker compose -f /path/to/.env up -d
```
!!! note
You must run the above command in the directory with the `.env`. If `.env` file is elsewhere, please run
```sh
docker compose -f /path/to/.env up -d
```
Wait for a few minutes for the first time initialization, then visit `http://seafile.example.com` to open Seafile Web UI.
## Seafile directory structure
### `/opt/seafile-data`
### Path `/opt/seafile-data`
Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various log files and upload directory outside. This allows you to rebuild containers easily without losing important information.
* /opt/seafile-data/seafile: This is the directory for seafile server configuration and data.
* /opt/seafile-data/seafile/logs: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in `/opt/seafile-data/seafile/logs/seafile.log`.
* /opt/seafile-data/logs: This is the directory for operating system and Nginx logs.
* /opt/seafile-data/logs/var-log: This is the directory that would be mounted as `/var/log` inside the container. For example, you can find the nginx logs in `/opt/seafile-data/logs/var-log/nginx/`.
* /opt/seafile-data/seafile/logs: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in `/opt/seafile-data/seafile/logs/seafile.log`.
* /opt/seafile-data/logs: This is the directory for operating system.
* /opt/seafile-data/logs/var-log: This is the directory that would be mounted as `/var/log` inside the container.
!!! tip
From Seafile Docer 12.0, the Nginx's log is not accessable, as we use the ***Caddy*** to do web service proxy. If you would like to access the logs of *Caddy*, you can use following command:
```sh
docker logs seafile-caddy --follow
```
### Find logs

72
manual/setup/setup_pro_by_docker.md
View File

@ -4,22 +4,26 @@ This manual explains how to deploy and run Seafile Server Professional Edition (
## Requirements
Seafile PE requires a minimum of 2 cores and 2GB RAM. If Elasticsearch is installed on the same server, the minimum requirements are 4 cores and 4 GB RAM, and make sure the [mmapfs counts](https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-store.html#mmapfs) do not cause excptions like out of memory, which can be increased by following command (see <https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html> for futher details):
Seafile PE requires a minimum of 2 cores and 2GB RAM.
```shell
sysctl -w vm.max_map_count=262144 #run as root
```
!!! note "Other requirements for Seafile PE"
If Elasticsearch is installed on the same server, the minimum requirements are 4 cores and 4 GB RAM, and make sure the [mmapfs counts](https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modules-store.html#mmapfs) do not cause excptions like out of memory, which can be increased by following command (see <https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html> for futher details):
or modify **/etc/sysctl.conf** and reboot to set this value permanently:
```shell
sysctl -w vm.max_map_count=262144 #run as root
```
```shell
nano /etc/sysctl.conf
or modify **/etc/sysctl.conf** and reboot to set this value permanently:
# modify vm.max_map_count
vm.max_map_count=262144
```
```shell
nano /etc/sysctl.conf
Seafile PE can be used without a paid license with up to three users. Licenses for more user can be purchased in the [Seafile Customer Center](https://customer.seafile.com) or contact Seafile Sales at sales@seafile.com.
# modify vm.max_map_count
vm.max_map_count=262144
```
!!! tip "About license"
Seafile PE can be used without a paid license with up to three users. Licenses for more user can be purchased in the [Seafile Customer Center](https://customer.seafile.com) or contact Seafile Sales at [sales@seafile.com](mailto:sales@seafile.com). For futher details, please refer the [license page](../setup_binary/seafile_professional_sdition_software_license_agreement.md) of Seafile PE.
## Setup
@ -44,14 +48,13 @@ docker pull docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest
When prompted, enter the username and password of the private repository. They are available on the download page in the [Customer Center](https://customer.seafile.com/downloads).
NOTE: Older Seafile PE versions are also available in the repository (back to Seafile 7.0). To pull an older version, replace '12.0-latest' tag by the desired version.
!!! note
Older Seafile PE versions are also available in the repository (back to Seafile 7.0). To pull an older version, replace '12.0-latest' tag by the desired version.
### Downloading and Modifying `.env`
From Seafile Docker 12.0, we use `.env`, `seafile-server.yml` and `caddy.yml` files for configuration.
NOTE: Different versions of Seafile have different compose files.
```bash
mkdir /opt/seafile
cd /opt/seafile
@ -66,19 +69,21 @@ nano .env
The following fields merit particular attention:
- `SEAFILE_VOLUME`: The volume directory of Seafile data, default is `/opt/seafile-data`
- `SEAFILE_MYSQL_VOLUME`: The volume directory of MySQL data, default is `/opt/seafile-mysql/db`
- `SEAFILE_CADDY_VOLUME`: The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's, default is `/opt/seafile-caddy`
- `SEAFILE_ELASTICSEARCH_VOLUME`: The volume directory of Elasticsearch data, default is `/opt/seafile-elasticsearch/data`
- `INIT_SEAFILE_MYSQL_ROOT_PASSWORD`: The `root` password of MySQL
- `SEAFILE_MYSQL_DB_USER`: The user of MySQL (`database` - `user` can be found in `conf/seafile.conf`)
- `SEAFILE_MYSQL_DB_PASSWORD`: The user `seafile` password of MySQL
- `JWT`: JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters, generate example: `pwgen -s 40 1`
- `SEAFILE_SERVER_HOSTNAME`: Seafile server hostname or domain
- `SEAFILE_SERVER_PROTOCOL`: Seafile server protocol (http or https)
- `TIME_ZONE`: Time zone (default UTC)
- `INIT_SEAFILE_ADMIN_EMAIL`: Admin username
- `INIT_SEAFILE_ADMIN_PASSWORD`: Admin password
| Variable | Description | Default Value |
| ------------------------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| `SEAFILE_VOLUME` | The volume directory of Seafile data | `/opt/seafile-data` |
| `SEAFILE_MYSQL_VOLUME` | The volume directory of MySQL data | `/opt/seafile-mysql/db` |
| `SEAFILE_CADDY_VOLUME` | The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's | `/opt/seafile-caddy` |
| `SEAFILE_ELASTICSEARCH_VOLUME` | (Only valid for Seafile PE) The volume directory of Elasticsearch data | `/opt/seafile-elasticsearch/data` |
| `INIT_SEAFILE_MYSQL_ROOT_PASSWORD` | The `root` password of MySQL | (required) |
| `SEAFILE_MYSQL_DB_USER` | The user of MySQL (`database` - `user` can be found in `conf/seafile.conf`) | `seafile` |
| `SEAFILE_MYSQL_DB_PASSWORD` | The user `seafile` password of MySQL | (required) |
| `JWT` | JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using `pwgen -s 40 1` | (required) |
| `SEAFILE_SERVER_HOSTNAME` | Seafile server hostname or domain | (required) |
| `SEAFILE_SERVER_PROTOCOL` | Seafile server protocol (http or https) | `http` |
| `TIME_ZONE` | Time zone | `UTC` |
| `INIT_SEAFILE_ADMIN_EMAIL` | Admin username | me@example.com |
| `INIT_SEAFILE_ADMIN_PASSWORD` | Admin password | asecret |
To conclude, set the directory permissions of the Elasticsearch volumne:
@ -95,9 +100,16 @@ Run docker compose in detached mode:
docker compose up -d
```
NOTE: You must run the above command in the directory with the `.env`.
!!! note
You must run the above command in the directory with the `.env`. If `.env` file is elsewhere, please run
Wait a few moment for the database to initialize. You can now access Seafile at the host name specified in the Compose file. (A 502 Bad Gateway error means that the system has not yet completed the initialization.)
```sh
docker compose -f /path/to/.env up -d
```
Wait a few moment for the database to initialize. You can now access Seafile at the host name specified in the Compose file.
!!! tip "A 502 Bad Gateway error means that the system has not yet completed the initialization"
### Find logs
@ -125,7 +137,7 @@ docker compose up -d
## Seafile directory structure
### `/opt/seafile-data`
### Path `/opt/seafile-data`
Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various log files and upload directory outside. This allows you to rebuild containers easily without losing important information.

292
manual/setup/setup_with_amazon_s3.md
View File

@ -17,180 +17,195 @@ sudo pip install boto3
The configuration options differ for different S3 storage. We'll describe the configurations in separate sections.
## AWS S3
=== "AWS S3"
AWS S3 is the original S3 storage provider.
AWS S3 is the original S3 storage provider.
Edit `seafile.conf`, add the following lines:
Edit `seafile.conf`, add the following lines:
```
[commit_object_backend]
name = s3
bucket = my-commit-objects
key_id = your-key-id
key = your-secret-key
use_v4_signature = true
aws_region = eu-central-1
```
[commit_object_backend]
name = s3
bucket = my-commit-objects
key_id = your-key-id
key = your-secret-key
use_v4_signature = true
aws_region = eu-central-1
[fs_object_backend]
name = s3
bucket = my-fs-objects
key_id = your-key-id
key = your-secret-key
use_v4_signature = true
aws_region = eu-central-1
[fs_object_backend]
name = s3
bucket = my-fs-objects
key_id = your-key-id
key = your-secret-key
use_v4_signature = true
aws_region = eu-central-1
[block_backend]
name = s3
bucket = my-block-objects
key_id = your-key-id
key = your-secret-key
use_v4_signature = true
aws_region = eu-central-1
```
[block_backend]
name = s3
bucket = my-block-objects
key_id = your-key-id
key = your-secret-key
use_v4_signature = true
aws_region = eu-central-1
```
You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only).
!!! note "You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only)"
We'll explain the configurations below:
We'll explain the configurations below:
- `bucket`: It's required to create separate buckets for commit, fs, and block objects. When creating your buckets on S3, please first read [S3 bucket naming rules][1]. Note especially not to use **UPPERCASE** letters in bucket names (don't use camel style names, such as MyCommitOjbects).
- `key_id` and `key`: The key_id and key are required to authenticate you to S3. You can find the key_id and key in the "security credentials" section on your AWS account page.
- `use_v4_signature`: There are two versions of authentication protocols that can be used with S3 storage. Version 2 is the older one, which may still be supported by some regions; version 4 is the current one used by most regions. If you don't set this option, Seafile will use v2 protocol. It's suggested to use v4 protocol.
- `aws_region`: If you use v4 protocol, set this option to the region you chose when you create the buckets. If it's not set and you're using v4 protocol, Seafile will use `us-east-1` as the default. This option will be ignored if you use v2 protocol.
| Variable | Description |
| --- | --- |
| `bucket` | It's required to create separate buckets for commit, fs, and block objects. When creating your buckets on S3, please first read [S3 bucket naming rules][1]. Note especially not to use **UPPERCASE** letters in bucket names (don't use camel style names, such as MyCommitObjects). |
| `key_id` | The `key_id` is required to authenticate you to S3. You can find the `key_id` in the "security credentials" section on your AWS account page. |
| `key` | The `key` is required to authenticate you to S3. You can find the `key` in the "security credentials" section on your AWS account page. |
| `use_v4_signature` | There are two versions of authentication protocols that can be used with S3 storage: Version 2 (older, may still be supported by some regions) and Version 4 (current, used by most regions). If you don't set this option, Seafile will use the v2 protocol. It's suggested to use the v4 protocol. |
| `aws_region` | If you use the v4 protocol, set this option to the region you chose when you create the buckets. If it's not set and you're using the v4 protocol, Seafile will use `us-east-1` as the default. This option will be ignored if you use the v2 protocol. |
[1]: <https://docs.aws.amazon.com/AmazonS3/latest/userguide/BucketRestrictions.html#bucketnamingrules> (Replace this placeholder with the actual link to the S3 bucket naming rules documentation if necessary)
For file search and webdav to work with the v4 signature mechanism, you need to add following lines to ~/.boto
!!! tip
For file search and webdav to work with the v4 signature mechanism, you need to add following lines to ~/.boto
```
[s3]
use-sigv4 = True
```
```
[s3]
use-sigv4 = True
```
### Use server-side encryption with customer-provided keys (SSE-C)
!!! note "Use server-side encryption with customer-provided keys (SSE-C)"
Since Pro 11.0, you can use SSE-C to S3. Add the following options to seafile.conf:
Since Pro 11.0, you can use SSE-C to S3. Add the following options to seafile.conf:
```
[commit_object_backend]
name = s3
......
use_v4_signature = true
use_https = true
sse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P
```
[commit_object_backend]
name = s3
......
use_v4_signature = true
use_https = true
sse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P
[fs_object_backend]
name = s3
......
use_v4_signature = true
use_https = true
sse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P
[fs_object_backend]
name = s3
......
use_v4_signature = true
use_https = true
sse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P
[block_backend]
name = s3
......
use_v4_signature = true
use_https = true
sse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P
```
[block_backend]
name = s3
......
use_v4_signature = true
use_https = true
sse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P
```
`ssk_c_key` is a 32-byte random string.
`ssk_c_key` is a 32-byte random string.
## Other Public Hosted S3 Storage
=== "Other Public Hosted S3 Storage"
There are other S3-compatible cloud storage providers in the market, such as Blackblaze and Wasabi. Configuration for those providers are just a bit different from AWS. We don't assure the following configuration works for all providers. If you have problems please contact our support.
There are other S3-compatible cloud storage providers in the market, such as Blackblaze and Wasabi. Configuration for those providers are just a bit different from AWS. We don't assure the following configuration works for all providers. If you have problems please contact our support.
Edit `seafile.conf`, add the following lines:
Edit `seafile.conf`, add the following lines:
```
[commit_object_backend]
name = s3
bucket = my-commit-objects
host = <access endpoint for storage provider>
key_id = your-key-id
key = your-secret-key
# v2 authentication protocol will be used if not set
use_v4_signature = true
# required for v4 protocol. ignored for v2 protocol.
aws_region = <region name for storage provider>
```
[commit_object_backend]
name = s3
bucket = my-commit-objects
host = <access endpoint for storage provider>
key_id = your-key-id
key = your-secret-key
# v2 authentication protocol will be used if not set
use_v4_signature = true
# required for v4 protocol. ignored for v2 protocol.
aws_region = <region name for storage provider>
[fs_object_backend]
name = s3
bucket = my-fs-objects
host = <access endpoint for storage provider>
key_id = your-key-id
key = your-secret-key
use_v4_signature = true
aws_region = <region name for storage provider>
[fs_object_backend]
name = s3
bucket = my-fs-objects
host = <access endpoint for storage provider>
key_id = your-key-id
key = your-secret-key
use_v4_signature = true
aws_region = <region name for storage provider>
[block_backend]
name = s3
bucket = my-block-objects
host = <access endpoint for storage provider>
key_id = your-key-id
key = your-secret-key
use_v4_signature = true
aws_region = <region name for storage provider>
```
[block_backend]
name = s3
bucket = my-block-objects
host = <access endpoint for storage provider>
key_id = your-key-id
key = your-secret-key
use_v4_signature = true
aws_region = <region name for storage provider>
```
You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only).
!!! note "You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only)"
We'll explain the configurations below:
We'll explain the configurations below:
- `host`: The endpoint by which you access the storage service. Usually it starts with the region name. It's required to provide the host address, otherwise Seafile will use AWS's address.
- `bucket`: It's required to create separate buckets for commit, fs, and block objects.
- `key_id` and `key`: The key_id and key are required to authenticate you to S3 storage.
- `use_v4_signature`: There are two versions of authentication protocols that can be used with S3 storage. Version 2 is the older one, which may still be supported by some cloud providers; version 4 is the current one used by Amazon S3 and is supported by most providers. If you don't set this option, Seafile will use v2 protocol. It's suggested to use v4 protocol.
- `aws_region`: If you use v4 protocol, set this option to the region you chose when you create the buckets. If it's not set and you're using v4 protocol, Seafile will use `us-east-1` as the default. This option will be ignored if you use v2 protocol.
| variable | description |
|----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `host` | The endpoint by which you access the storage service. Usually it starts with the region name. It's required to provide the host address, otherwise Seafile will use AWS's address. |
| `bucket` | It's required to create separate buckets for commit, fs, and block objects. |
| `key_id` | The key_id is required to authenticate you to S3 storage. |
| `key` | The key is required to authenticate you to S3 storage. (Note: `key_id` and `key` are typically used together for authentication.) |
| `use_v4_signature` | There are two versions of authentication protocols that can be used with S3 storage. Version 2 is the older one, which may still be supported by some cloud providers; version 4 is the current one used by Amazon S3 and is supported by most providers. If you don't set this option, Seafile will use v2 protocol. It's suggested to use v4 protocol. |
| `aws_region` | If you use v4 protocol, set this option to the region you chose when you create the buckets. If it's not set and you're using v4 protocol, Seafile will use `us-east-1` as the default. This option will be ignored if you use v2 protocol. |
For file search and webdav to work with the v4 signature mechanism, you need to add following lines to ~/.boto
!!! tip
For file search and webdav to work with the v4 signature mechanism, you need to add following lines to ~/.boto
```
[s3]
use-sigv4 = True
```
```
[s3]
use-sigv4 = True
```
## Self-hosted S3 Storage
=== "Self-hosted S3 Storage"
Many self-hosted object storage systems are now compatible with the S3 API, such as OpenStack Swift and Ceph's RADOS Gateway. You can use these S3-compatible storage systems as backend for Seafile. Here is an example config:
Many self-hosted object storage systems are now compatible with the S3 API, such as OpenStack Swift and Ceph's RADOS Gateway. You can use these S3-compatible storage systems as backend for Seafile. Here is an example config:
```
[commit_object_backend]
name = s3
bucket = my-commit-objects
key_id = your-key-id
key = your-secret-key
host = 192.168.1.123:8080
path_style_request = true
```
[commit_object_backend]
name = s3
bucket = my-commit-objects
key_id = your-key-id
key = your-secret-key
host = 192.168.1.123:8080
path_style_request = true
[fs_object_backend]
name = s3
bucket = my-fs-objects
key_id = your-key-id
key = your-secret-key
host = 192.168.1.123:8080
path_style_request = true
[fs_object_backend]
name = s3
bucket = my-fs-objects
key_id = your-key-id
key = your-secret-key
host = 192.168.1.123:8080
path_style_request = true
[block_backend]
name = s3
bucket = my-block-objects
key_id = your-key-id
key = your-secret-key
host = 192.168.1.123:8080
path_style_request = true
```
[block_backend]
name = s3
bucket = my-block-objects
key_id = your-key-id
key = your-secret-key
host = 192.168.1.123:8080
path_style_request = true
```
You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only).
!!! note "You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only)"
We'll explain the configurations below:
We'll explain the configurations below:
- `host`: It is the address and port of the S3-compatible service. You cannot prepend "http" or "https" to the `host` option. By default it'll use http connections. If you want to use https connection, please set `use_https = true` option.
- `bucket`: It's required to create separate buckets for commit, fs, and block objects.
- `key_id` and `key`: The key_id and key are required to authenticate you to S3 storage.
- `path_style_request`: This option asks Seafile to use URLs like `https://192.168.1.123:8080/bucketname/object` to access objects. In Amazon S3, the default URL format is in virtual host style, such as `https://bucketname.s3.amazonaws.com/object`. But this style relies on advanced DNS server setup. So most self-hosted storage systems only implement the path style format. So we recommend to set this option to true.
| variable | description |
|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `host` | It is the address and port of the S3-compatible service. You cannot prepend "http" or "https" to the `host` option. By default it'll use http connections. If you want to use https connection, please set `use_https = true` option. |
| `bucket` | It's required to create separate buckets for commit, fs, and block objects. |
| `key_id` | The key_id is required to authenticate you to S3 storage. |
| `key` | The key is required to authenticate you to S3 storage. (Note: `key_id` and `key` are typically used together for authentication.) |
| `path_style_request` | This option asks Seafile to use URLs like `https://192.168.1.123:8080/bucketname/object` to access objects. In Amazon S3, the default URL format is in virtual host style, such as `https://bucketname.s3.amazonaws.com/object`. But this style relies on advanced DNS server setup. So most self-hosted storage systems only implement the path style format. So we recommend to set this option to true. |
Below are a few options that are not shown in the example configuration above:
Below are a few options that are not shown in the example configuration above:
- `use_v4_signature`: There are two versions of authentication protocols that can be used with S3 storage. Version 2 is the protocol supported by most self-hosted storage; version 4 is the current protocol used by AWS S3, but may not be supported by some self-hosted storage. If you don't set this option, Seafile will use v2 protocol. We recommend to use V2 first and if it doesn't work try V4.
- `aws_region`: If you use v4 protocol, set this option to the region you chose when you create the buckets. If it's not set and you're using v4 protocol, Seafile will use `us-east-1` as the default. This option will be ignored if you use v2 protocol.
| variable | description |
|---------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `use_v4_signature` | There are two versions of authentication protocols that can be used with S3 storage. Version 2 is the protocol supported by most self-hosted storage; version 4 is the current protocol used by AWS S3, but may not be supported by some self-hosted storage. If you don't set this option, Seafile will use the v2 protocol by default. We recommend trying V2 first and switching to V4 if V2 doesn't work. |
| `aws_region` | If you use the v4 protocol, set this option to the region you chose when you created the buckets. If it's not set and you're using the v4 protocol, Seafile will use `us-east-1` as the default. This option will be ignored if you use the v2 protocol. |
## Use HTTPS connections to S3
@ -221,7 +236,8 @@ sudo cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt
sudo ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/cert.pem
```
Another important note is that you **must not use '.' in your bucket names**. Otherwise the wildcard certificate for AWS S3 cannot be resolved. This is a limitation on AWS.
!!! warning
You **must not use '.' in your bucket names**. Otherwise the wildcard certificate for AWS S3 cannot be resolved. This is a limitation on AWS.
## Run and Test ##

3
manual/setup/setup_with_an_existing_mysql_server.md
View File

@ -9,4 +9,5 @@ INIT_SEAFILE_MYSQL_ROOT_PASSWORD=ROOT_PASSWORD
SEAFILE_MYSQL_DB_PASSWORD=PASSWORD
```
NOTE: `INIT_SEAFILE_MYSQL_ROOT_PASSWORD` is needed during installation (i.e., the deployment in the first time). After Seafile is installed, the user `seafile` will be used to connect to the MySQL server (SEAFILE_MYSQL_DB_PASSWORD), then you can remove the `INIT_SEAFILE_MYSQL_ROOT_PASSWORD`.
!!! tip
`INIT_SEAFILE_MYSQL_ROOT_PASSWORD` is needed during installation (i.e., the deployment in the first time). After Seafile is installed, the user `seafile` will be used to connect to the MySQL server (SEAFILE_MYSQL_DB_PASSWORD), then you can remove the `INIT_SEAFILE_MYSQL_ROOT_PASSWORD`.

33
manual/setup/setup_with_ceph.md
View File

@ -21,27 +21,12 @@ We recommend to allocate at least 128MB memory for object cache.
File search and WebDAV functions rely on Python Ceph library installed in the system.
On Debian/Ubuntu (Seafile 7.1+):
```
```sh
sudo apt-get install python3-rados
```
On Debian/Ubuntu (Seafile 7.0 or below):
```
sudo apt-get install python-ceph
```
On RedHat/CentOS (Seafile 7.0 or below):
```
sudo yum install python-rados
```
## Edit seafile configuration
Edit `seafile.conf`, add the following lines:
@ -63,7 +48,7 @@ ceph_config = /etc/ceph/ceph.conf
pool = seafile-fs
```
You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only).
!!! note "You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only)"
It's required to create separate pools for commit, fs, and block objects.
@ -74,17 +59,17 @@ ceph-admin-node# rados mkpool seafile-fs
```
## Troubleshooting librados incompatibility issues
!!! warning "Troubleshooting librados incompatibility issues"
Since 8.0 version, Seafile bundles librados from Ceph 16. On some systems you may find Seafile fail to connect to your Ceph cluster. In such case, you can usually solve it by removing the bundled librados libraries and use the one installed in the OS.
Since 8.0 version, Seafile bundles librados from Ceph 16. On some systems you may find Seafile fail to connect to your Ceph cluster. In such case, you can usually solve it by removing the bundled librados libraries and use the one installed in the OS.
To do this, you have to remove a few bundled libraries:
To do this, you have to remove a few bundled libraries:
```
cd seafile-server-latest/seafile/lib
rm librados.so.2 libstdc++.so.6 libnspr4.so
```
cd seafile-server-latest/seafile/lib
rm librados.so.2 libstdc++.so.6 libnspr4.so
```
```
## Use arbitary Ceph user

9
manual/setup/setup_with_multiple_storage_backends.md
View File

@ -43,7 +43,7 @@ storage_classes_file = /opt/seafile_storage_classes.json
* enable_storage_classes If this is set to true, the storage class feature is enabled. You must define the storage classes in a JSON file provided in the next configuration option.
* storage_classes_fileSpecifies the path for the JSON file that contains the storage class definition.
You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only) to `seafile.conf`.
!!! note "You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only) to `seafile.conf`"
### Notes for Docker Installs
@ -67,7 +67,7 @@ enable_storage_classes = true
storage_classes_file = /shared/conf/seafile_storage_classes.json
```
You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only) to `seafile.conf`.
!!! note "You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only) to `seafile.conf`"
## Defining Storage Backends
@ -173,7 +173,7 @@ As you may have seen, the `commits`, `fs` and `blocks` information syntax is sim
If you use file system as storage for `fs`, `commits` or `blocks`, you must explicitly provide the path for the `seafile-data` directory. The objects will be stored in `storage/commits`, `storage/fs`, `storage/blocks` under this path.
_Note_: Currently file system, S3 and Swift backends are supported. Ceph/RADOS is also supported since version 7.0.14.
!!! note "Currently file system, S3 and Swift backends are supported. Ceph/RADOS is also supported since version 7.0.14"
## Library Mapping Policies
@ -246,7 +246,8 @@ ENABLED_ROLE_PERMISSIONS = {
This policy maps libraries to storage classes based on its library ID. The ID of a library is an UUID. In this way, the data in the system can be evenly distributed among the storage classes.
Note that this policy is not a designed to be a complete distributed storage solution. It doesn't handle automatic migration of library data between storage classes. If you need to add more storage classes to the configuration, existing libraries will stay in their original storage classes. New libraries can be distributed among the new storage classes (backends). You still have to plan about the total storage capacity of your system at the beginning.
!!! note
This policy is not a designed to be a complete distributed storage solution. It doesn't handle automatic migration of library data between storage classes. If you need to add more storage classes to the configuration, existing libraries will stay in their original storage classes. New libraries can be distributed among the new storage classes (backends). You still have to plan about the total storage capacity of your system at the beginning.
To use this policy, you first add following options in seahub_settings.py:

4
manual/setup/setup_with_oss.md
View File

@ -34,7 +34,7 @@ key = <your-key>
region = beijing
```
You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only).
!!! note "You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only)"
It's required to create separate buckets for commit, fs, and block objects. For performance and to save network traffic costs, you should create buckets within the region where the seafile server is running.
@ -76,7 +76,7 @@ Compared with the configuration under the classic network, the above configurati
`endpoint` is a general option, you can also set it to the OSS access address under the classic network, and it will work as well.
You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only).
!!! note "You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only)"
### Use HTTPS connections to OSS

2
manual/setup/setup_with_swift.md
View File

@ -48,7 +48,7 @@ region = yourRegion
```
You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only).
!!! note "You also need to add [memory cache configurations](../config/seafile-conf.md#cache-pro-edition-only)"
The above config is just an example. You should replace the options according to your own environment.

13
manual/setup_binary/deploy_in_a_cluster.md
View File

@ -1,6 +1,7 @@
# Deploy in a cluster
**Update**: Since Seafile Pro server 6.0.0, cluster deployment requires "sticky session" settings in the load balancer. Otherwise sometimes folder download on the web UI can't work properly. Read the "Load Balancer Setting" section below for details
!!! tip
Since Seafile Pro server 6.0.0, cluster deployment requires "sticky session" settings in the load balancer. Otherwise sometimes folder download on the web UI can't work properly. Read the "Load Balancer Setting" section below for details
## Architecture
@ -90,7 +91,7 @@ haiwen
Please follow [Download and Setup Seafile Professional Server With MySQL](./installation_pro.md) to setup a single Seafile server node.
Note: **Use the load balancer's address or domain name for the server address. Don't use the local IP address of each Seafile server machine. This assures the user will always access your service via the load balancers.**
!!! note "Use the load balancer's address or domain name for the server address. Don't use the local IP address of each Seafile server machine. This assures the user will always access your service via the load balancers"
After the setup process is done, you still have to do a few manual changes to the config files.
@ -171,7 +172,8 @@ es_host = background.seafile.com
es_port = 9200
```
Note: `enable = true` should be left unchanged. It means the file search feature is enabled.
!!! tip
`enable = true` should be left unchanged. It means the file search feature is enabled.
### Update Seahub Database
@ -196,7 +198,7 @@ You also need to add the settings for backend cloud storage systems to the confi
Nginx/Apache with HTTP need to set it up on each machine running Seafile server. This is make sure only port 80 need to be exposed to load balancer. (HTTPS should be setup at the load balancer)
Please check the following documents on how to setup HTTP with Nginx/Apache. Note, you only the HTTP setup part the the documents. (HTTPS is not needed)
Please check the following documents on how to setup HTTP with Nginx/Apache. (HTTPS is not needed)
* [Nginx](./https_with_nginx.md)
* [Apache](./https_with_apache.md)
@ -213,7 +215,8 @@ cd /data/haiwen/seafile-server-latest
```
_Note:_ The first time you start seahub, the script would prompt you to create an admin account for your Seafile server.
!!! success
The first time you start seahub, the script would prompt you to create an admin account for your Seafile server.
Open your browser, visit `http://ip-address-of-this-node:80` and login with the admin account.

8
manual/setup_binary/fail2ban.md
View File

@ -16,7 +16,7 @@ Fail2ban will check this log file and will ban all failed authentications with a
#### Change to right Time Zone in seahub_settings.py
***WARNING: Without this your Fail2Ban filter will not work.***
!!! danger "Without this your Fail2Ban filter will not work"
You need to add the following settings to seahub_settings.py but change it to your own time zone.
```
@ -27,7 +27,7 @@ You need to add the following settings to seahub_settings.py but change it to yo
#### Copy and edit jail.local file
***WARNING: this file may override some parameters from your `jail.conf` file***
!!! warning "this file may override some parameters from your `jail.conf` file"
Edit `jail.local` with :
* ports used by your seafile website (e.g. `http,https`) ;
@ -142,6 +142,6 @@ To unban your IP address, just execute this command :
sudo fail2ban-client set seafile unbanip 1.2.3.4
```
## Note
!!! tip
As three (3) failed attempts to login will result in one line added in seahub.log a Fail2Ban jail with the settings maxretry = 3 is the same as nine (9) failed attempts to login.
As three (3) failed attempts to login will result in one line added in seahub.log a Fail2Ban jail with the settings maxretry = 3 is the same as nine (9) failed attempts to login.

16
manual/setup_binary/https_with_nginx.md
View File

@ -25,18 +25,18 @@ The setup proceeds in two steps: First, Nginx is installed. Second, a SSL certif
Install Nginx using the package repositories:
```bash
# CentOS
$ sudo yum install nginx -y
# Debian/Ubuntu
$ sudo apt install nginx -y
```
=== "CentOS"
```bash
$ sudo yum install nginx -y
```
=== "Debian"
```sh
$ sudo apt install nginx -y
```
After the installation, start the server and enable it so that Nginx starts at system boot:
```bash
# CentOS/Debian/Ubuntu
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
```

197
manual/setup_binary/installation_ce.md
View File

@ -21,79 +21,80 @@ Seafile uses the mysql_native_password plugin for authentication. The versions o
### Installing prerequisites
**For Seafile 10.0.x**
=== "Seafile 10.0.x"
=== "Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10"
```
sudo apt-get update
sudo apt-get install -y python3 python3-setuptools python3-pip libmysqlclient-dev
sudo apt-get install -y memcached libmemcached-dev
```
# Ubuntu 22.04 (almost the same for Ubuntu 20.04 and Debian 11, Debian 10)
sudo apt-get update
sudo apt-get install -y python3 python3-setuptools python3-pip libmysqlclient-dev
sudo apt-get install -y memcached libmemcached-dev
sudo pip3 install --timeout=3600 django==3.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==1.4.44 \
psd-tools django-pylibmc django_simple_captcha==0.5.20 djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml
sudo pip3 install --timeout=3600 django==3.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==1.4.44 \
psd-tools django-pylibmc django_simple_captcha==0.5.20 djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml
```
=== "Seafile 11.0.x"
=== "Debian 11/Ubuntu 22.04"
```
```
# Ubuntu 22.04 (almost the same for Ubuntu 20.04 and Debian 11, Debian 10)
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev
sudo apt-get install -y memcached libmemcached-dev
**For Seafile 11.0.x (Debian 11, Ubuntu 22.04, etc.)**
sudo pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3
```
# Ubuntu 22.04 (almost the same for Ubuntu 20.04 and Debian 11, Debian 10)
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev
sudo apt-get install -y memcached libmemcached-dev
```
=== "Debian 12"
!!! note
Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with `source python-venv/bin/activate`.
sudo pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3
```
# Debian 12
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv
sudo apt-get install -y memcached libmemcached-dev
```
mkdir /opt/seafile
cd /opt/seafile
**For Seafile 11.0.x on Debian 12 and Ubuntu 24.04 with virtual env**
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with "source python-venv/bin/activate".
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
```
# Debian 12
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv
sudo apt-get install -y memcached libmemcached-dev
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3
```
=== "Ubuntu 24.04 with virtual env"
!!! note
Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with `source python-venv/bin/activate`.
mkdir /opt/seafile
cd /opt/seafile
```
# Ubuntu 24.04
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev python3.12-venv
sudo apt-get install -y memcached libmemcached-dev
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
mkdir /opt/seafile
cd /opt/seafile
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3
```
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
```
# Ubuntu 24.04
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev python3.12-venv
sudo apt-get install -y memcached libmemcached-dev
mkdir /opt/seafile
cd /opt/seafile
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.16.0 lxml python-ldap==3.4.3
```
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.16.0 lxml python-ldap==3.4.3
```
### Creating the program directory
@ -104,7 +105,8 @@ sudo mkdir /opt/seafile
cd /opt/seafile
```
The program directory can be changed. The standard directory `/opt/seafile` is assumed for the rest of this manual. If you decide to put Seafile in another directory, modify the commands accordingly.
!!! tip
The program directory can be changed. The standard directory `/opt/seafile` is assumed for the rest of this manual. If you decide to put Seafile in another directory, modify the commands accordingly.
### Creating user seafile
@ -179,7 +181,7 @@ The install package comes with a script that sets Seafile up for you. Specifical
* seafile server
* seahub
Note: While ccnet server was merged into the seafile-server in Seafile 8.0, the corresponding database is still required for the time being.
!!! note "While ccnet server was merged into the seafile-server in Seafile 8.0, the corresponding database is still required for the time being"
Run the script as user seafile:
@ -273,56 +275,57 @@ The folder `seafile-server-latest` is a symbolic link to the current Seafile Ser
Note: If you don't have the root password, you need someone who has the privileges, e.g., the database admin, to create the three databases required by Seafile, as well as a MySQL user who can access the databases. For example, to create three databases `ccnet_db` / `seafile_db` / `seahub_db` for ccnet/seafile/seahub respectively, and a MySQL user "seafile" to access these databases run the following SQL queries:
!!! note
If you don't have the root password, you need someone who has the privileges, e.g., the database admin, to create the three databases required by Seafile, as well as a MySQL user who can access the databases. For example, to create three databases `ccnet_db` / `seafile_db` / `seahub_db` for ccnet/seafile/seahub respectively, and a MySQL user "seafile" to access these databases run the following SQL queries:
```
create database `ccnet_db` character set = 'utf8';
create database `seafile_db` character set = 'utf8';
create database `seahub_db` character set = 'utf8';
```
create database `ccnet_db` character set = 'utf8';
create database `seafile_db` character set = 'utf8';
create database `seahub_db` character set = 'utf8';
create user 'seafile'@'localhost' identified by 'seafile';
create user 'seafile'@'localhost' identified by 'seafile';
GRANT ALL PRIVILEGES ON `ccnet_db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seafile_db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seahub_db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `ccnet_db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seafile_db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seahub_db`.* to `seafile`@localhost;
```
```
### Setup Memory Cache
Seahub caches items(avatars, profiles, etc) on file system by default(/tmp/seahub_cache/). You can replace with Memcached or Redis.
#### Use Memcached
=== "Memcached"
Use the following commands to install memcached and corresponding libraies on your system:
Use the following commands to install memcached and corresponding libraies on your system:
```
# on Debian/Ubuntu 18.04+
apt-get install memcached libmemcached-dev -y
pip3 install --timeout=3600 pylibmc django-pylibmc
```
# on Debian/Ubuntu 18.04+
apt-get install memcached libmemcached-dev -y
pip3 install --timeout=3600 pylibmc django-pylibmc
systemctl enable --now memcached
```
systemctl enable --now memcached
```
Add the following configuration to `seahub_settings.py`.
Add the following configuration to `seahub_settings.py`.
```
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '127.0.0.1:11211',
},
}
```
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '127.0.0.1:11211',
},
}
```
```
#### Use Redis
=== "Redis"
Redis is supported since version 11.0.
Redis is supported since version 11.0.
First, install Redis with package installers in your OS.
First, install Redis with package installers in your OS.
Then refer to [Django's documentation about using Redis cache](https://docs.djangoproject.com/en/4.2/topics/cache/#redis) to add Redis configurations to `seahub_settings.py`.
Then refer to [Django's documentation about using Redis cache](https://docs.djangoproject.com/en/4.2/topics/cache/#redis) to add Redis configurations to `seahub_settings.py`.
### Tweaking conf files
@ -331,9 +334,9 @@ Seafile's config files as created by the setup script are prepared for Seafile r
To access Seafile's web interface and to create working sharing links without a reverse proxy, you need to modify two configuration files in `/opt/seafile/conf`:
* seahub_settings.py (if you use 9.0.x): Add port 8000 to the `SERVICE_URL` (i.e., SERVICE_URL = 'http://1.2.3.4:8000/').
* ccnet.conf (if you use 8.0.x or 7.1.x): Add port 8000 to the `SERVICE_URL` (i.e., SERVICE_URL = http://1.2.3.4:8000/).
* gunicorn.conf.py: Change the bind to "0.0.0.0:8000" (i.e., bind = "0.0.0.0:8000")
- `seahub_settings.py` (if you use 9.0.x): Add port 8000 to the `SERVICE_URL` (i.e., SERVICE_URL = 'http://1.2.3.4:8000/').
* `ccnet.conf` (if you use 8.0.x or 7.1.x): Add port 8000 to the `SERVICE_URL` (i.e., SERVICE_URL = http://1.2.3.4:8000/).
* `gunicorn.conf.py`: Change the bind to "0.0.0.0:8000" (i.e., bind = "0.0.0.0:8000")
## Starting Seafile Server
@ -348,11 +351,13 @@ source python-venv/bin/activate
```
The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password.
!!! success
The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password.
Now you can access Seafile via the web interface at the host address and port 8000 (e.g., http://1.2.3.4:8000)
Note: On CentOS, the firewall blocks traffic on port 8000 by default.
!!! warning
On CentOS, the firewall blocks traffic on port 8000 by default.
### Troubleshooting

215
manual/setup_binary/installation_pro.md
View File

@ -7,7 +7,7 @@ This manual explains how to deploy and run Seafile Server Professional Edition (
Seafile PE requires a minimum of 2 cores and 2GB RAM. If elasticsearch is installed on the same server, the minimum requirements are 4 cores and 4 GB RAM.
Seafile PE can be used without a paid license with up to three users. Licenses for more user can be purchased in the [Seafile Customer Center](https://customer.seafile.com) or contact Seafile Sales at sales@seafile.com or one of [our partners](https://www.seafile.com/en/partner/).
Seafile PE can be used without a paid license with up to three users. Licenses for more user can be purchased in the [Seafile Customer Center](https://customer.seafile.com) or contact Seafile Sales at [sales@seafile.com](mailto:sales@seafile.com) or one of [our partners](https://www.seafile.com/en/partner/).
## Setup
@ -17,103 +17,97 @@ These instructions assume that MySQL/MariaDB server and client are installed and
### Installing prerequisites
**For Seafile 9.0.x**
=== "Seafile 9.0.x"
=== "Ubuntu 20.04/Debian 10/Ubuntu 18.04"
```
apt-get update
apt-get install -y python3 python3-setuptools python3-pip python3-ldap libmysqlclient-dev
apt-get install -y memcached libmemcached-dev
apt-get install -y poppler-utils
```
# on Ubuntu 20.04 (on Debian 10/Ubuntu 18.04, it is almost the same)
apt-get update
apt-get install -y python3 python3-setuptools python3-pip python3-ldap libmysqlclient-dev
apt-get install -y memcached libmemcached-dev
apt-get install -y poppler-utils
pip3 install --timeout=3600 django==3.2.* future mysqlclient pymysql Pillow pylibmc \
captcha jinja2 sqlalchemy==1.4.3 psd-tools django-pylibmc django-simple-captcha pycryptodome==3.12.0 cffi==1.14.0 lxml
```
=== "Centos 8"
pip3 install --timeout=3600 django==3.2.* future mysqlclient pymysql Pillow pylibmc \
captcha jinja2 sqlalchemy==1.4.3 psd-tools django-pylibmc django-simple-captcha pycryptodome==3.12.0 cffi==1.14.0 lxml
```
```
sudo yum install python3 python3-setuptools python3-pip python3-devel mysql-devel gcc -y
sudo yum install poppler-utils -y
```
# CentOS 8
sudo yum install python3 python3-setuptools python3-pip python3-devel mysql-devel gcc -y
sudo yum install poppler-utils -y
sudo pip3 install --timeout=3600 django==3.2.* Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.4.3 \
django-pylibmc django-simple-captcha python3-ldap mysqlclient pycryptodome==3.12.0 cffi==1.14.0 lxml
```
=== "Seafile 10.0.x"
=== "Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10"
```
apt-get update
apt-get install -y python3 python3-setuptools python3-pip python3-ldap libmysqlclient-dev
apt-get install -y memcached libmemcached-dev
apt-get install -y poppler-utils
sudo pip3 install --timeout=3600 django==3.2.* Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.4.3 \
django-pylibmc django-simple-captcha python3-ldap mysqlclient pycryptodome==3.12.0 cffi==1.14.0 lxml
```
sudo pip3 install --timeout=3600 django==3.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==1.4.44 \
psd-tools django-pylibmc django_simple_captcha==0.5.20 djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml
```
=== "Seafile 11.0.x"
=== "Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10"
```
# on (on , it is almost the same)
apt-get update
apt-get install -y python3 python3-dev python3-setuptools python3-pip python3-ldap libmysqlclient-dev ldap-utils libldap2-dev dnsutils
apt-get install -y memcached libmemcached-dev
apt-get install -y poppler-utils
**For Seafile 10.0.x**
sudo pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 python-ldap==3.4.3 lxml
```
=== "Debian 12"
!!! note
Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with `source python-venv/bin/activate`.
```
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv
sudo apt-get install -y memcached libmemcached-dev
```
# on Ubuntu 22.04 (on Ubuntu 20.04/Debian 11/Debian 10, it is almost the same)
apt-get update
apt-get install -y python3 python3-setuptools python3-pip python3-ldap libmysqlclient-dev
apt-get install -y memcached libmemcached-dev
apt-get install -y poppler-utils
mkdir /opt/seafile
cd /opt/seafile
sudo pip3 install --timeout=3600 django==3.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==1.4.44 \
psd-tools django-pylibmc django_simple_captcha==0.5.20 djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml
```
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
**For Seafile 11.0.x (Debian 11, Ubuntu 22.04, Centos 8, etc.)**
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3
```
=== "Ubuntu 24.04 with virtual env"
!!! note
Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with `source python-venv/bin/activate`.
```
# on Ubuntu 22.04 (on Ubuntu 20.04/Debian 11/Debian 10, it is almost the same)
apt-get update
apt-get install -y python3 python3-dev python3-setuptools python3-pip python3-ldap libmysqlclient-dev ldap-utils libldap2-dev dnsutils
apt-get install -y memcached libmemcached-dev
apt-get install -y poppler-utils
```
# Ubuntu 24.04
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev python3.12-venv
sudo apt-get install -y memcached libmemcached-dev
sudo pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 python-ldap==3.4.3 lxml
```
mkdir /opt/seafile
cd /opt/seafile
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
**For Seafile 11.0.x on Debian 12 and Ubuntu 24.04 with virtual env**
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with "source python-venv/bin/activate".
```
# Debian 12
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv
sudo apt-get install -y memcached libmemcached-dev
mkdir /opt/seafile
cd /opt/seafile
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3
```
```
# Ubuntu 24.04
sudo apt-get update
sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev python3.12-venv
sudo apt-get install -y memcached libmemcached-dev
mkdir /opt/seafile
cd /opt/seafile
# create the vitual environment in the python-venv directory
python3 -m venv python-venv
# activate the venv
source python-venv/bin/activate
# Notice that this will usually change your prompt so you know the venv is active
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.16.0 lxml python-ldap==3.4.3
```
# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).
pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \
psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.16.0 lxml python-ldap==3.4.3
```
### Installing Java Runtime Environment
@ -234,10 +228,11 @@ $ tree -L 2 /opt/seafile
```
**Note**: The names of the install packages differ for Seafile CE and Seafile PE. Using Seafile CE and Seafile PE 8.0.4 as an example, the names are as follows:
!!! tip
The names of the install packages differ for Seafile CE and Seafile PE. Using Seafile CE and Seafile PE 8.0.4 as an example, the names are as follows:
* Seafile CE: `seafile-server_8.0.4_x86-86.tar.gz`; uncompressing into folder `seafile-server-8.0.4`
* Seafile PE: `seafile-pro-server_8.0.4_x86-86.tar.gz`; uncompressing into folder `seafile-pro-server-8.0.4`
* Seafile CE: `seafile-server_8.0.4_x86-86.tar.gz`; uncompressing into folder `seafile-server-8.0.4`
* Seafile PE: `seafile-pro-server_8.0.4_x86-86.tar.gz`; uncompressing into folder `seafile-pro-server-8.0.4`
### Run the setup script
@ -306,38 +301,37 @@ $ tree -L 2 /opt/seafile
Memory cache is mandatory for pro edition. You may use Memcached or Reids as cache server.
#### Use Memcached
=== "Memcached"
Use the following commands to install memcached and corresponding libraies on your system:
Use the following commands to install memcached and corresponding libraies on your system:
```
# on Debian/Ubuntu 18.04+
apt-get install memcached libmemcached-dev -y
pip3 install --timeout=3600 pylibmc django-pylibmc
```
# on Debian/Ubuntu 18.04+
apt-get install memcached libmemcached-dev -y
pip3 install --timeout=3600 pylibmc django-pylibmc
systemctl enable --now memcached
```
systemctl enable --now memcached
```
Add the following configuration to `seahub_settings.py`.
Add the following configuration to `seahub_settings.py`.
```
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '127.0.0.1:11211',
},
}
```
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '127.0.0.1:11211',
},
}
```
```
=== "Redis"
#### Use Redis
Redis is supported since version 11.0.
Redis is supported since version 11.0.
First, install Redis with package installers in your OS.
First, install Redis with package installers in your OS.
Then refer to [Django's documentation about using Redis cache](https://docs.djangoproject.com/en/4.2/topics/cache/#redis) to add Redis configurations to `seahub_settings.py`.
Then refer to [Django's documentation about using Redis cache](https://docs.djangoproject.com/en/4.2/topics/cache/#redis) to add Redis configurations to `seahub_settings.py`.
### Enabling HTTP/HTTPS
@ -359,7 +353,8 @@ source python-venv/bin/activate
./seahub.sh start # Start seahub website, port defaults to 127.0.0.1:8000
```
The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password.
!!! success
The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password.
Now you can access Seafile via the web interface at the host address (e.g., http://1.2.3.4:80).

9
manual/setup_binary/memcached_mariadb_cluster.md
View File

@ -30,7 +30,7 @@ vi /etc/memcached.conf
service memcached restart
```
**NOTE: Please configure memcached to start on system startup.**
!!! tip "Please configure memcached to start on system startup"
Install and configure Keepalived.
@ -124,7 +124,7 @@ vrrp_instance VI_1 {
}
```
**NOTE: Please adjust the network device names accordingly. virtual_ipaddress is the floating IP address in use.**
!!! tip "Please adjust the network device names accordingly. virtual_ipaddress is the floating IP address in use"
## Setup MariaDB Cluster
@ -138,4 +138,7 @@ You can choose between two different setups:
We refer to the documentation from MariaDB team:
- [Setting up MariaDB cluster on CentOS 7](https://mariadb.com/resources/blog/setting-mariadb-enterprise-cluster-part-2-how-set-mariadb-cluster)
- [Setting up HAProxy for MariaDB Galera Cluster](https://mariadb.com/resources/blog/setup-mariadb-enterprise-cluster-part-3-setup-ha-proxy-load-balancer-read-and-write-pools). Note that Seafile doesn't use read/write isolation techniques. So you don't need to setup read and write pools.
- [Setting up HAProxy for MariaDB Galera Cluster](https://mariadb.com/resources/blog/setup-mariadb-enterprise-cluster-part-3-setup-ha-proxy-load-balancer-read-and-write-pools).
!!! tip
Seafile doesn't use read/write isolation techniques. So you don't need to setup read and write pools.

17
manual/setup_binary/migrate_from_sqlite_to_mysql.md
View File

@ -1,6 +1,7 @@
# Migrate From SQLite to MySQL
**NOTE**: The tutorial is only related to Seafile CE edition.
!!! note
The tutorial is only related to Seafile CE edition.
First make sure the python module for MySQL is installed. On Ubuntu/Debian, use `sudo apt-get install python-mysqldb` or `sudo apt-get install python3-mysqldb` to install it.
@ -61,7 +62,7 @@ DB=ccnet_db
CONNECTION_CHARSET=utf8
```
Note: Use `127.0.0.1`, don't use `localhost`.
!!! warning "Use `127.0.0.1`, don't use `localhost`"
Replace the database section in `seafile.conf` with following lines:
@ -98,14 +99,14 @@ DATABASES = {
Restart seafile and seahub
**NOTE**
!!! note
User notifications will be cleared during migration due to the slight difference between MySQL and SQLite, if you only see the busy icon when click the notitfications button beside your avatar, please remove `user_notitfications` table manually by:
User notifications will be cleared during migration due to the slight difference between MySQL and SQLite, if you only see the busy icon when click the notitfications button beside your avatar, please remove `user_notitfications` table manually by:
```
use seahub_db;
delete from notifications_usernotification;
```
```
use seahub_db;
delete from notifications_usernotification;
```
## FAQ

5
manual/setup_binary/outline_ce.md
View File

@ -1,6 +1,9 @@
# Deploying Seafile
We provide two ways to deploy Seafile services. **Docker is the recommended way**. Since version 12.0, binary based deployment for community edition is deprecated and will not be supported in a future release.
We provide two ways to deploy Seafile services. **Docker is the recommended way**.
!!! warning
Since version 12.0, binary based deployment for community edition is deprecated and will not be supported in a future release.
* Using [Docker](../setup/setup_ce_by_docker.md)
* Manually installing Seafile and setting up database, memcached and Nginx/Apache. See the following section.

5
manual/setup_binary/start_seafile_at_system_bootup.md
View File

@ -2,7 +2,8 @@
## For systems running systemd and python virtual environments
* For example Debian 12
> For example Debian 12
Create systemd service files, change **${seafile_dir}** to your
**seafile** installation location and **seafile** to user, who runs
**seafile** (if appropriate). Then you need to reload systemd's daemons:
@ -90,7 +91,7 @@ WantedBy=multi-user.target
## For systems running systemd without python virtual environment
* For example Debian 8 through Debian 11, Linux Ubuntu 15.04 and newer
> For example Debian 8 through Debian 11, Linux Ubuntu 15.04 and newer
Create systemd service files, change **${seafile_dir}** to your
**seafile** installation location and **seafile** to user, who runs

73
manual/upgrade/upgrade_docker.md
View File

@ -19,36 +19,56 @@ mv docker-compose.yml docker-compose.yml.bak
Then download [.env](../docker/ce/env), [seafile-server.yml](../docker/ce/seafile-server.yml) and [caddy.yml](../docker/ce/caddy.yml), and modify .env file according to the old configuration in `docker-compose.yml.bak`
For community edition:
=== "Seafile community edition"
```sh
wget -O .env https://manual.seafile.com/12.0/docker/ce/env
wget https://manual.seafile.com/12.0/docker/ce/seafile-server.yml
wget https://manual.seafile.com/12.0/docker/ce/caddy.yml
```
```sh
wget -O .env https://manual.seafile.com/12.0/docker/ce/env
wget https://manual.seafile.com/12.0/docker/ce/seafile-server.yml
wget https://manual.seafile.com/12.0/docker/ce/caddy.yml
```
The following fields merit particular attention:
For pro edition:
| Variable | Description | Default Value |
| ------------------------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| `SEAFILE_VOLUME` | The volume directory of Seafile data | `/opt/seafile-data` |
| `SEAFILE_MYSQL_VOLUME` | The volume directory of MySQL data | `/opt/seafile-mysql/db` |
| `SEAFILE_CADDY_VOLUME` | The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's | `/opt/seafile-caddy` |
| `INIT_SEAFILE_MYSQL_ROOT_PASSWORD` | The `root` password of MySQL | (required) |
| `SEAFILE_MYSQL_DB_USER` | The user of MySQL (`database` - `user` can be found in `conf/seafile.conf`) | `seafile` |
| `SEAFILE_MYSQL_DB_PASSWORD` | The user `seafile` password of MySQL | (required) |
| `JWT` | JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using `pwgen -s 40 1` | (required) |
| `SEAFILE_SERVER_HOSTNAME` | Seafile server hostname or domain | (required) |
| `SEAFILE_SERVER_PROTOCOL` | Seafile server protocol (http or https) | `http` |
| `TIME_ZONE` | Time zone | `UTC` |
| `INIT_SEAFILE_ADMIN_EMAIL` | Admin username | `me@example.com` (Recommend modifications) |
| `INIT_SEAFILE_ADMIN_PASSWORD` | Admin password | `asecret` (Recommend modifications) |
=== "Seafile pro edition"
```sh
wget -O .env https://manual.seafile.com/12.0/docker/pro/env
wget https://manual.seafile.com/12.0/docker/pro/seafile-server.yml
wget https://manual.seafile.com/12.0/docker/pro/caddy.yml
```
```sh
wget -O .env https://manual.seafile.com/12.0/docker/pro/env
wget https://manual.seafile.com/12.0/docker/pro/seafile-server.yml
wget https://manual.seafile.com/12.0/docker/pro/caddy.yml
```
The following fields merit particular attention:
The following fields merit particular attention:
| Variable | Description | Default Value |
| ------------------------------- | ------------------------------------------------------------------------------------------------------------- | ------------------------------- |
| `SEAFILE_VOLUME` | The volume directory of Seafile data | `/opt/seafile-data` |
| `SEAFILE_MYSQL_VOLUME` | The volume directory of MySQL data | `/opt/seafile-mysql/db` |
| `SEAFILE_CADDY_VOLUME` | The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's | `/opt/seafile-caddy` |
| `SEAFILE_ELASTICSEARCH_VOLUME` | (Only valid for Seafile PE) The volume directory of Elasticsearch data | `/opt/seafile-elasticsearch/data` |
| `INIT_SEAFILE_MYSQL_ROOT_PASSWORD` | The `root` password of MySQL | (required) |
| `SEAFILE_MYSQL_DB_USER` | The user of MySQL (`database` - `user` can be found in `conf/seafile.conf`) | `seafile` |
| `SEAFILE_MYSQL_DB_PASSWORD` | The user `seafile` password of MySQL | (required) |
| `JWT` | JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using `pwgen -s 40 1` | (required) |
| `SEAFILE_SERVER_HOSTNAME` | Seafile server hostname or domain | (required) |
| `SEAFILE_SERVER_PROTOCOL` | Seafile server protocol (http or https) | `http` |
| `TIME_ZONE` | Time zone | `UTC` |
| `INIT_SEAFILE_ADMIN_EMAIL` | Admin username | me@example.com |
| `INIT_SEAFILE_ADMIN_PASSWORD` | Admin password | asecret |
- `SEAFILE_VOLUME`: The volume directory of Seafile data, default is `/opt/seafile-data`
- `SEAFILE_MYSQL_VOLUME`: The volume directory of MySQL data, default is `/opt/seafile-mysql/db`
- `SEAFILE_CADDY_VOLUME`: The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's, default is `/opt/seafile-caddy`
- `SEAFILE_ELASTICSEARCH_VOLUME`: The volume directory of Elasticsearch data
- `SEAFILE_MYSQL_DB_HOST`: The host of MySQL, you should check the current value you used in seafile.conf, and copy it here.
- `SEAFILE_MYSQL_DB_USER`: The user of MySQL, default is `seafile`, you should check the current value you used in seafile.conf
- `SEAFILE_MYSQL_DB_PASSWORD`: The user `seafile` password of MySQL, you should check the current value you used in seafile.conf
- `JWT`: JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters, generate example: `pwgen -s 40 1`
- `SEAFILE_SERVER_HOSTNAME`: Seafile server hostname or domain
- `SEAFILE_SERVER_PROTOCOL`: Seafile server protocol (http or https)
SSL is now handled by the [caddy server](../setup/caddy.md). If you have used SSL before, you will also need modify the seafile.nginx.conf. Change server listen 443 to 80.
!!! tip
SSL is now handled by the [caddy server](../setup/caddy.md). If you have used SSL before, you will also need modify the seafile.nginx.conf. Change server listen 443 to 80.
Backup the original seafile.nginx.conf file:
@ -101,7 +121,8 @@ If you have deployed SeaDoc v0.8 with Seafile v11.0, you can upgrade it to 1.0 u
2. Remove SeaDoc configs in seafile.nginx.conf file.
3. Re-deploy SeaDoc server. In other words, delete the old SeaDoc deployment and deploy a new SeaDoc server on a separate machine.
Note, deploying SeaDoc and **Seafile binary package** on the same server is no longer supported. If you really want to deploying SeaDoc and Seafile server on the same machine, you should deploy Seafile server with Docker.
!!! warning
Deploying SeaDoc and **Seafile binary package** on the same server is no longer supported. If you really want to deploying SeaDoc and Seafile server on the same machine, you should deploy Seafile server with Docker.
#### Delete sdoc_db

2
mkdocs.yml
View File

@ -70,6 +70,8 @@ markdown_extensions:
- name: mermaid
class: mermaid
format: !!python/name:pymdownx.superfences.fence_code_format
- pymdownx.tabbed: # provides a syntax to easily add tabbed Markdown content
alternate_style: true
# Page tree
nav: