diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 00000000..e728aa48 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,16 @@ +name: Deploy CI + +on: + [pull_request, push] + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/setup-python@v2 + with: + python-version: 3.x + - run: pip install mkdocs-material mkdocs-awesome-pages-plugin mkdocs-material-extensions + - run: cd $GITHUB_WORKSPACE + - run: mkdocs gh-deploy --force diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..b25c15b8 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*~ diff --git a/LICENSE.txt b/LICENSE.txt new file mode 100644 index 00000000..3776cc67 --- /dev/null +++ b/LICENSE.txt @@ -0,0 +1,13 @@ +Copyright (c) 2016 Seafile Ltd. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/README.md b/README.md index 0dc00000..e9592dc5 100644 --- a/README.md +++ b/README.md @@ -1 +1,5 @@ -# seafile-admin-docs \ No newline at end of file +# Seafile Admin Docs + +Manual for Seafile server + +The web site: https://haiwen.github.io/seafile-admin-docs/ diff --git a/manual/README.md b/manual/README.md new file mode 100644 index 00000000..fe66becb --- /dev/null +++ b/manual/README.md @@ -0,0 +1,22 @@ +# Introduction + +Seafile is an open source cloud storage system with file encryption and group sharing. + +Collections of files are called libraries, and each library can be synced separately. A library can be encrypted with a user chosen password. This password is not stored on the server, so even the server admin cannot view a file's contents. + +Seafile allows users to create groups with file syncing, a wiki and discussions to enable easy collaboration around documents within a team. + +## LICENSE + +The different components of Seafile project are released under different licenses: + +* Seafile iOS client: Apache License v2 +* Seafile Android client: GPLv3 +* Desktop syncing client: GPLv2 +* Seafile Server core: AGPLv3 +* Seahub (Seafile server Web UI): Apache License v2 + +## Contact information + +* Twitter: @seafile +* Forum: diff --git a/manual/build_seafile/README.md b/manual/build_seafile/README.md new file mode 100644 index 00000000..027e53df --- /dev/null +++ b/manual/build_seafile/README.md @@ -0,0 +1,12 @@ +# How to Build Seafile + +You can build Seafile from our source code package or from the Github repo directly. + +Client + +* [Linux](linux.md) +* [Max OS X](osx.md) + +Server + +* [Build Seafile server](server.md) diff --git a/manual/build_seafile/freebsd.md b/manual/build_seafile/freebsd.md new file mode 100644 index 00000000..01e2ac9d --- /dev/null +++ b/manual/build_seafile/freebsd.md @@ -0,0 +1,156 @@ +# FreeBSD + +#### Preparation + +**support for FreeBSD** is still under construction. + +The following list is what you need to install on your development machine. **You should install all of them before you build seafile**. + +Package names are according to FreeBSD Ports. You might install your ports +manually or via `pkgng`. + +* devel/autoconf +* devel/automake +* textproc/intltool +* textproc/gsed +* devel/libtool +* devel/libevent2 +* ftp/curl +* devel/glib20 +* misc/ossp-uuid +* databases/sqlite3 +* devel/jansson +* lang/vala +* devel/cmake +* archivers/libarchive +* devel/py-simplejson (removed in furture release) + +GUI + +* devel/qt4 + +```bash +#portmaster devel/autoconf devel/automake textproc/intltool textproc/gsed \ +devel/libtool devel/libevent2 ftp/curl devel/glib20 misc/ossp-uuid databases/sqlite3 \ +devel/jansson lang/vala devel/cmake devel/py-simplejson archivers/libarchive + +``` + +For a fresh PkgNG users, + +```bash +#pkg install autoconf automake intltool gsed libtool libevent2 curl \ + glib20 ossp-uuid sqlite3 jansson vala cmake py-simplejson libarchive + +``` + +#### Building + +First you should get the latest source of libsearpc/ccnet/seafile/seafile-client: + +Download the source tarball of the latest tag from + +* (use v3.0-latest) +* +* +* + +For example, if the latest released seafile client is 3.1.0, then just use the **v3.1.0** tags of the four projects. You should get four tarballs: + +* libsearpc-v3.0-latest.tar.gz +* ccnet-3.1.0.tar.gz +* seafile-3.1.0.tar.gz +* seafile-client-3.1.0.tar.gz + +```sh +export version=3.1.0 +alias wget='wget --content-disposition -nc' +wget https://github.com/haiwen/libsearpc/archive/v3.0-latest.tar.gz +wget https://github.com/haiwen/ccnet/archive/v${version}.tar.gz +wget https://github.com/haiwen/seafile/archive/v${version}.tar.gz +wget https://github.com/haiwen/seafile-client/archive/v${version}.tar.gz + +``` + +Now uncompress them: + +```sh +tar xf libsearpc-v3.0-latest.tar.gz +tar xf ccnet-${version}.tar.gz +tar xf seafile-${version}.tar.gz +tar xf seafile-client-${version}.tar.gz + +``` + +To build Seafile client, you need first build **libsearpc** and **ccnet**, **seafile**. + +##### set paths + +```bash +ln -sfh ../libdata/pkgconfig /usr/local/lib/pkgconfig + +``` + +##### libsearpc + +```bash +cd libsearpc-${version} +./autogen.sh +./configure --prefix=$PREFIX +make +sudo make install + +``` + +##### ccnet + +```bash +export CFLAGS="-I/usr/local/include/ossp/uuid -I/usr/local/include/event2" +export LDFLAGS="-L/usr/local/lib -L/usr/local/lib/event2" +cd ccnet-${version} +./autogen.sh +./configure --prefix=$PREFIX +make +sudo make install + +``` + +##### seafile + +```bash +cd seafile-${version}/ +./autogen.sh +./configure --prefix=$PREFIX +make +sudo make install + +``` + +#### seafile-client + +```bash +cd seafile-client-${version} +cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=$PREFIX . +make +sudo make install + +``` + +#### custom prefix + +when installing to a custom `$PREFIX`, i.e. `/opt`, you may need a script to set the path variables correctly + +```bash +cat >$PREFIX/bin/seafile-applet.sh <$PREFIX/bin/seaf-cli.sh < (use v3.1-latest) +* (NOTE: from 6.2 version on, ccnet is no longer needed) +* +* + +For example, if the latest released seafile client is 5.0.7, then just use the **v5.0.7** tags of the four projects. You should get four tarballs: + +* libsearpc-v3.0-latest.tar.gz +* ccnet-5.0.7.tar.gz (NOTE: from 6.2 version on, ccnet is no longer needed) +* seafile-5.0.7.tar.gz +* seafile-client-5.0.7.tar.gz + +```sh +# without alias wget= might not work +shopt -s expand_aliases + +export version=5.0.7 +alias wget='wget --content-disposition -nc' +wget https://github.com/haiwen/libsearpc/archive/v3.0-latest.tar.gz +# NOTE: from 6.2 version on, ccnet is no longer needed +wget https://github.com/haiwen/ccnet/archive/v${version}.tar.gz +wget https://github.com/haiwen/seafile/archive/v${version}.tar.gz +wget https://github.com/haiwen/seafile-client/archive/v${version}.tar.gz + +``` + +Now uncompress them: + +```sh +tar xf libsearpc-3.0-latest.tar.gz +# NOTE: from 6.2 version on, ccnet is no longer needed +tar xf ccnet-${version}.tar.gz +tar xf seafile-${version}.tar.gz +tar xf seafile-client-${version}.tar.gz + +``` + +To build Seafile client, you need first build **libsearpc** and **ccnet**, **seafile**. + +##### set paths + +```bash +export PREFIX=/usr +export PKG_CONFIG_PATH="$PREFIX/lib/pkgconfig:$PKG_CONFIG_PATH" +export PATH="$PREFIX/bin:$PATH" + +``` + +##### libsearpc + +```bash +cd libsearpc-3.0-latest +./autogen.sh +./configure --prefix=$PREFIX +make +sudo make install +cd .. + +``` + +##### ccnet + +NOTE: from 6.2 version on, ccnet is no longer needed + +```bash +cd ccnet-${version} +./autogen.sh +./configure --prefix=$PREFIX +make +sudo make install +cd .. + +``` + +##### seafile + +```bash +cd seafile-${version}/ +./autogen.sh +./configure --prefix=$PREFIX --disable-fuse +make +sudo make install +cd .. + +``` + +#### seafile-client + +```bash +cd seafile-client-${version} +cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=$PREFIX . +make +sudo make install +cd .. + +``` + +#### custom prefix + +when installing to a custom `$PREFIX`, i.e. `/opt`, you may need a script to set the path variables correctly + +```bash +cat >$PREFIX/bin/seafile-applet.sh <$PREFIX/bin/seaf-cli.sh < +* Double click the downloaded dmg file to start the installer, and install it to its default location. + +## Install Macports + +\###Setup macports environment + +1. Install xcode + +* Download Xcode from [website](https://developer.apple.com/xcode/downloads/) or + [App Store](http://itunes.apple.com/us/app/xcode/id497799835?ls=1&mt=12) + +1. Install macports + +* Quick start + +> visit for more + +1. Install following libraries and tools using `port` + + ``` + sudo port install autoconf automake pkgconfig libtool glib2 \ + libevent vala openssl git jansson cmake + + ``` + +2. Install python + + ``` + sudo port install python27 + sudo port select --set python python27 + + sudo port install py27-pip + sudo port select --set pip pip27 + + ``` + +3. Set pkg config environment + + ``` + export PKG_CONFIG_PATH=/opt/local/lib/pkgconfig:/usr/local/lib/pkgconfig + export LIBTOOL=glibtool + export LIBTOOLIZE=glibtoolize + export CPPFLAGS="-I/opt/local/include" + export LDFLAGS="-L/opt/local/lib -L/usr/local/lib -Wl,-headerpad_max_install_names" + + QT_BASE=$HOME/Qt5.6.2/5.6/clang_64 + export PATH=$QT_BASE/bin:$PATH + export PKG_CONFIG_PATH=$QT_BASE/lib/pkgconfig:$PKG_CONFIG_PATH + + ``` + +## Compiling libsearpc + +Download [libsearpc](https://github.com/haiwen/libsearpc), then: + +``` + ./autogen.sh + ./configure + make + sudo make install + +``` + +## Compiling ccnet + +Download [ccnet](https://github.com/haiwen/ccnet), then: + +``` + ./autogen.sh + ./configure + make + sudo make install + +``` + +## Compiling seafile + +1. Download [seafile](https://github.com/haiwen/seafile) +2. Compile + + ``` + ./autogen.sh + ./configure + make + sudo make install + + ``` + +## Compiling seafile-client + +1. Download [seafile-client](https://github.com/haiwen/seafile-client) +2. Compile + + ``` + cmake . + make + + ``` + +3. Run the seafile client executable + + ``` + ./seafile-applet + + ``` diff --git a/manual/build_seafile/rpi.md b/manual/build_seafile/rpi.md new file mode 100644 index 00000000..5eeb19a6 --- /dev/null +++ b/manual/build_seafile/rpi.md @@ -0,0 +1,259 @@ +# How to Build Seafile Server Release Package for Raspberry Pi + +_Table of contents_: + +* [Setup the build environment](#wiki-setup-build-env) + * [Install packages](#wiki-install-packages) + * [Compile development libraries](#wiki-compile-dev-libs) + * [Install Python libraries](#wiki-install-python-libs) +* [Prepare source code](#wiki-prepare-seafile-source-code) + * [Fetch git tags and prepare source tarballs](#wiki-fetch-tags-and-prepare-tarballs) + * [Run the packaging script](#wiki-run-pkg-script) +* [Test the built package](#wiki-test-built-pkg) + * [Test a fresh install](#wiki-test-fresh-install) + * [Test upgrading](#wiki-test-upgrading) + +## Setup the build environment + +Requirements: + +* A raspberry pi with raspian distribution installed. + +### Install packages + +``` +sudo apt-get install build-essential +sudo apt-get install libevent-dev libcurl4-openssl-dev libglib2.0-dev uuid-dev intltool libsqlite3-dev libmysqlclient-dev libarchive-dev libtool libjansson-dev valac libfuse-dev re2c flex python-setuptools cmake + +``` + +### Compile development libraries + +#### libevhtp + +libevhtp is a http server libary on top of libevent. It's used in seafile file server. + +``` +git clone https://www.github.com/haiwen/libevhtp.git +cd libevhtp +cmake -DEVHTP_DISABLE_SSL=ON -DEVHTP_BUILD_SHARED=OFF . +make +sudo make install + +``` + +After compiling all the libraries, run `ldconfig` to update the system libraries cache: + +``` +sudo ldconfig + +``` + +### Install python libraries + +Create a new directory `/home/pi/dev/seahub_thirdpart`: + +``` +mkdir -p ~/dev/seahub_thirdpart + +``` + +Download these tarballs to `/tmp/`: + +* [pytz](https://pypi.python.org/packages/source/p/pytz/pytz-2016.1.tar.gz) +* [Django](https://www.djangoproject.com/m/releases/1.8/Django-1.8.18.tar.gz) +* [django-statici18n](https://pypi.python.org/packages/source/d/django-statici18n/django-statici18n-1.1.3.tar.gz) +* [djangorestframework](https://pypi.python.org/packages/source/d/djangorestframework/djangorestframework-3.3.2.tar.gz) +* [django_compressor](https://pypi.python.org/packages/source/d/django_compressor/django_compressor-1.4.tar.gz) +* [jsonfield](https://pypi.python.org/packages/source/j/jsonfield/jsonfield-1.0.3.tar.gz) +* [django-post_office](https://pypi.python.org/packages/source/d/django-post_office/django-post_office-2.0.6.tar.gz) +* [gunicorn](http://pypi.python.org/packages/source/g/gunicorn/gunicorn-19.4.5.tar.gz) +* [flup](http://pypi.python.org/packages/source/f/flup/flup-1.0.2.tar.gz) +* [chardet](https://pypi.python.org/packages/source/c/chardet/chardet-2.3.0.tar.gz) +* [python-dateutil](https://labix.org/download/python-dateutil/python-dateutil-1.5.tar.gz) +* [six](https://pypi.python.org/packages/source/s/six/six-1.9.0.tar.gz) +* [django-picklefield](https://pypi.python.org/packages/source/d/django-picklefield/django-picklefield-0.3.2.tar.gz) +* [django-constance](https://github.com/haiwen/django-constance/archive/bde7f7c.zip) +* [jdcal](https://pypi.python.org/packages/source/j/jdcal/jdcal-1.2.tar.gz) +* [et_xmlfile](https://pypi.python.org/packages/source/e/et_xmlfile/et_xmlfile-1.0.1.tar.gz) +* [openpyxl](https://pypi.python.org/packages/source/o/openpyxl/openpyxl-2.3.0.tar.gz) +* [futures](https://pypi.python.org/packages/cc/26/b61e3a4eb50653e8a7339d84eeaa46d1e93b92951978873c220ae64d0733/futures-3.1.1.tar.gz) +* [django-formtools](https://pypi.python.org/packages/a8/07/947dfe63dff1f2be5f84eb7f0ff5f712bb1dc730a6499b0aa0be5c8f194e/django-formtools-2.0.tar.gz) +* [qrcode](https://pypi.python.org/packages/87/16/99038537dc58c87b136779c0e06d46887ff5104eb8c64989aac1ec8cba81/qrcode-5.3.tar.gz) + +Install all these libaries to `/home/pi/dev/seahub_thirdpart`: + +``` +cd ~/dev/seahub_thirdpart +export PYTHONPATH=. +easy_install -d . /tmp/pytz-2016.1.tar.gz +easy_install -d . /tmp/Django-1.8.10.tar.gz +easy_install -d . /tmp/django-statici18n-1.1.3.tar.gz +easy_install -d . /tmp/djangorestframework-3.3.2.tar.gz +easy_install -d . /tmp/django_compressor-1.4.tar.gz +easy_install -d . /tmp/jsonfield-1.0.3.tar.gz +easy_install -d . /tmp/django-post_office-2.0.6.tar.gz +easy_install -d . /tmp/gunicorn-19.4.5.tar.gz +easy_install -d . /tmp/flup-1.0.2.tar.gz +easy_install -d . /tmp/chardet-2.3.0.tar.gz +easy_install -d . /tmp/python-dateutil-1.5.tar.gz +easy_install -d . /tmp/six-1.9.0.tar.gz +easy_install -d . /tmp/django-picklefield-0.3.2.tar.gz +wget -O /tmp/django_constance.zip https://github.com/haiwen/django-constance/archive/bde7f7c.zip +easy_install -d . /tmp/django_constance.zip +easy_install -d . /tmp/jdcal-1.2.tar.gz +easy_install -d . /tmp/et_xmlfile-1.0.1.tar.gz +easy_install -d . /tmp/openpyxl-2.3.0.tar.gz + +``` + +## Prepare seafile source code + +To build seafile server, there are four sub projects involved: + +* [libsearpc](https://github.com/haiwen/libsearpc) +* [ccnet-server](https://github.com/haiwen/ccnet-server) +* [seafile-server](https://github.com/haiwen/seafile-server) +* [seahub](https://github.com/haiwen/seahub) + +The build process has two steps: + +* First, fetch the tags of each projects, and make a soruce tarball for each of them. +* Then run a `build-server.py` script to build the server package from the source tarballs. + +### Fetch git tags and prepare source tarballs + +Seafile manages the releases in tags on github. + +Assume we are packaging for seafile server 6.0.1, then the tags are: + +* ccnet-server, seafile-server, and seahub would all have a `v6.0.1-sever` tag. +* libsearpc would have the `v3.0-latest` tag (libsearpc has been quite stable and basically has no further development, so the tag is always `v3.0-latest`) + +First setup the `PKG_CONFIG_PATH` enviroment variable (So we don't need to make and make install libsearpc/ccnet/seafile into the system): + +``` +export PKG_CONFIG_PATH=/home/pi/dev/seafile/lib:$PKG_CONFIG_PATH +export PKG_CONFIG_PATH=/home/pi/dev/libsearpc:$PKG_CONFIG_PATH +export PKG_CONFIG_PATH=/home/pi/dev/ccnet:$PKG_CONFIG_PATH + +``` + +### libsearpc + +``` +cd ~/dev +git clone https://github.com/haiwen/libsearpc.git +cd libsearpc +git reset --hard v3.0-latest +./autogen.sh +./configure +make dist + +``` + +### ccnet + +``` +cd ~/dev +git clone https://github.com/haiwen/ccnet-server.git +cd ccnet +git reset --hard v6.0.1-server +./autogen.sh +./configure +make dist + +``` + +### seafile + +``` +cd ~/dev +git clone https://github.com/haiwen/seafile-server.git +cd seafile +git reset --hard v6.0.1-server +./autogen.sh +./configure +make dist + +``` + +### seahub + +``` +cd ~/dev +git clone https://github.com/haiwen/seahub.git +cd seahub +git reset --hard v6.0.1-server +./tools/gen-tarball.py --version=6.0.1 --branch=HEAD + +``` + +### seafobj + +``` +cd ~/dev +git clone https://github.com/haiwen/seafobj.git +cd seafobj +git reset --hard v6.0.1-server +make dist + +``` + +### seafdav + +``` +cd ~/dev +git clone https://github.com/haiwen/seafdav.git +cd seafdav +git reset --hard v6.0.1-server +make + +``` + +### Copy the source tar balls to the same folder + +``` +mkdir ~/seafile-sources +cp ~/dev/libsearpc/libsearpc--tar.gz ~/seafile-sources +cp ~/dev/ccnet/ccnet--tar.gz ~/seafile-sources +cp ~/dev/seafile/seafile--tar.gz ~/seafile-sources +cp ~/dev/seahub/seahub--tar.gz ~/seafile-sources + +cp ~/dev/seafobj/seafobj.tar.gz ~/seafile-sources +cp ~/dev/seafdav/seafdav.tar.gz ~/seafile-sources + +``` + +### Run the packaging script + +Now we have all the tarballs prepared, we can run the `build-server.py` script to build the server package. + +``` +mkdir ~/seafile-server-pkgs +~/dev/seafile/scripts/build-server.py --libsearpc_version= --ccnet_version= --seafile_version= --seahub_version= --srcdir= --thirdpartdir=/home/pi/dev/seahub_thirdpart --srcdir=/home/pi/seafile-sources --outputdir=/home/pi/seafile-server-pkgs + +``` + +After the script finisheds, we would get a `seafile-server_6.0.1_pi.tar.gz` in `~/seafile-server-pkgs` folder. + +## Test the built package + +### Test a fresh install + +Use the built seafile server package to go over the steps of [Deploying Seafile with SQLite](http://manual.seafile.com/deploy/using_sqlite.html). + +The test should cover these steps at least: + +* The setup process is ok +* After `seafile.sh start` and `seahub.sh start`, you can login from a browser. +* Uploading/Downloading files through a web browser works correctly. +* Seafile [WebDAV](http://manual.seafile.com/extension/webdav.html) server works correctly + +### Test upgrading from a previous version + +* Download the package of the previous version seafile server, and setup it. +* Upgrading according to [the manual](http://manual.seafile.com/deploy/upgrade.html) +* After the upgrade, check the functionality is ok: + * Uploading/Downloading files through a web browser works correctly. + * Seafile [WebDAV](http://manual.seafile.com/extension/webdav.html) server works correctly diff --git a/manual/build_seafile/server.md b/manual/build_seafile/server.md new file mode 100644 index 00000000..fa6ff610 --- /dev/null +++ b/manual/build_seafile/server.md @@ -0,0 +1,393 @@ +# Server + +## Preparation + +The following list is all the libraries you need to install on your machine. **You should install all of them before you build seafile**. + +Package names are according to Ubuntu 12.04. For other Linux distros, please find their corresponding names yourself. + +* libevent-dev (2.0 or later ) +* libcurl4-openssl-dev (1.0.0 or later) +* libglib2.0-dev (2.28 or later) +* uuid-dev +* intltool (0.40 or later) +* libsqlite3-dev (3.8 or later) +* libmysqlclient-dev (5.5 or later) +* libarchive-dev +* libtool +* libjansson-dev +* valac +* libfuse-dev + +Also, python 2.7 is required since seafile server 5.1.0. + +The following libraries need to be compiled from source. + +### Notes about MySQL client library + +You can also use MariaDB's LGPL Connector/C library. Download the latest stable version of the library on then compile and install the library. + +``` +cmake . +make +sudo make install + +``` + +By default the library will be installed under `/usr/local/lib/mariadb`. Add this path to your `LD_LIBRARY_PATH` environment variable so the loader can find this library. + +``` +export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib/mariadb + +``` + +### libevhtp + +* Download [libevhtp](https://github.com/ellzey/libevhtp/archive/1.1.6.tar.gz). +* Build libevhtp by: + + +``` +cmake -DEVHTP_DISABLE_SSL=ON -DEVHTP_BUILD_SHARED=OFF . +make +sudo make install + +``` + +### Seahub dependencies + +**Seahub** is the web front end of Seafile. It's written in the [django](http://djangoproject.com) framework. Seahub requires Python 2.6(or 2.7) installed on your server, and it needs the following python libraries: + +* Django 1.8 +* pytz +* django-statici18n +* djangorestframework +* django_compressor +* django-post_office +* [django-constance](https://github.com/haiwen/django-constance/) (install it by `pip install https://github.com/haiwen/django-constance/archive/bde7f7c.zip`) +* gunicorn +* flup +* chardet +* python-dateutil +* six +* openpyxl + +Before continue, make sure you have all the above libraries available in your system. + +### Prepare the directory layout + +In the following sections, you'll be guided to build and setup the seafile server step by step. Seafile server is consisted of several components. In order for them to function correctly, you must: + +* Follow our instructions step by step +* Make sure your directory layout is exactly the same with the guide in each step. + +First create the top level directory. In the following sections, we'll use "/data/haiwen" as the top level directory. + +``` +mkdir /data/haiwen/ +cd /data/haiwen/ +mkdir seafile-server +cd seafile-server + +``` + +The currently layout is: + +``` +haiwen/ +└── seafile-server + +``` + +### Get the source + +First you should get the latest source of libsearpc/ccnet-server/seafile-server/seahub + +Download the source tarball of the latest tag from + +* +* +* +* + +For example, if the latest released seafile server is 6.0.1, then just use the **v6.0.1-server** tags of the projects (except for libsearpc, which uses the **v3.0-latest** tag). You should get four tarballs: + +* libsearpc-3.0-latest.tar.gz +* ccnet-server-6.0.1-server.tar.gz +* seafile-server-6.0.1-server.tar.gz +* seahub-6.0.1-server.tar.gz + +Create a folder `haiwen/src`, and uncompress libsearpc/ccnet/seafile source to it. + +``` +cd haiwen/seafile-server +mkdir src +cd src +tar xf /path/to/libsearpc-3.0-latest.tar.gz +tar xf /path/to/ccnet-server-6.0.1-server.tar.gz +tar xf /path/to/seafile-server-6.0.1-server.tar.gz + +``` + +And uncompress seahub tarball to `haiwen/seafile-server`: + +``` +cd haiwen/seafile-server +tar xf /path/to/seahub-6.0.1-server.tar.gz +mv seahub-6.0.1-server seahub + +``` + +So far, The current directory layout is: + +``` +haiwen/ +└── seafile-server + └── seahub + └── src + ├── libsearpc-6.0.1-server + ├── ccnet-server-6.0.1-server + ├── seafile-server-6.0.1-server + ├── ... (other files) + +``` + +### Building + +To build seafile server, you need first build **libsearpc** and **ccnet-server**. + +##### libsearpc + +``` +cd libsearpc-${version} +./autogen.sh +./configure +make +make install + +``` + +##### ccnet-server + +``` +cd ccnet-server-${version} +./autogen.sh +./configure # `export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig` if libsearpc is not found +make +make install + +``` + +By default, `configure` tries to find MySQL and Postgresql client libraries in the system. If you do not want to support MySQL or Postgresql, use the following configure options: + +``` +./configure --without-mysql --without-postgresql + +``` + +If you want to use MariaDB Connector/C library, use the following configure option: + +``` +./configure --with-mysql=/usr/local/bin/mariadb_config + +``` + +##### seafile-server + +``` +cd seafile-${version} +./autogen.sh +./configure +make +make install + +``` + +You can use the same options as ccnet-server to configure MySQL and Postgresql client libraries. + +_Note_: You need to run `sudo ldconfig` to refresh the system libraries cache after you compiles all the components. + +## Deploy Seafile Server + +### Components of the Seafile Server + +The seafile server consists of the following components: + +![server architecture](../images/server-arch.png "server architecture") + +* **ccnet** stores its configuration and metadata is a directory named `ccnet`. +* **seaf-server** store its configuration and data in a directory, normally named `seafile-data`. +* **seahub** is written in Django. If you have any experience with Django, you should know the `syncdb` command must be run to create all the database tables. +* An **admin account** has to be created, so that you, the admin, can login with this account to manage the server. + +These are the essential steps to create the configuration: + +* ensure seafile is already installed and all the python libraries seahub needs are installed. +* create the ccnet configuration with the **ccnet-init** program +* create the seafile configuration with **seaf-server-init** program +* run Django **syncdb** command for seahub +* create an admin account for the seafile server + +To create the configurations, you can either: + +* use the seafile-admin script(see below) +* \[\[create server configuration by hand]] + +### Create Configurations with the seafile-admin script + +`seafile-admin` should have been installed to system path after you have built and installed Seafile from source. + +``` +usage: seafile-admin [-h] {setup,start,stop,reset-admin} ... + +optional arguments: + -h, --help show this help message and exit + +subcommands: + + {setup,start,stop,reset-admin} + setup setup the seafile server + start start the seafile server + stop stop the seafile server + reset-admin reset seafile admin account + +``` + +Go to the top level directory(in this guide it's **/data/haiwen/**), and run **seafile-admin setup** to create all the configuration: + +``` +cd /data/haiwen +export PYTHONPATH=/data/haiwen/seafile-server/seahub/thirdpart +seafile-admin setup + +``` + +The script would ask you a series of questions, and create all the configuration for you. + +This is a screenshot of the **seafile-admin setup** command: +![admin setup running](../images/seafile-admin-1.png) + +And a screenshot after setup is finished successfully: +![admin setup finished](../images/seafile-admin-2.png) + +At this time, the directory layout would be like this: + +``` +haiwen/ +└── ccnet # ccnet config directory + └── ccnet.conf # ccnet config file +└── seafile-data # seafile configuration and data + └── seafile.conf # seafile config file +└── seahub-data/ # seahub data +└── seahub.db # seahub sqlite3 database +└── seahub_settings.py # custom settings for seahub +└── seafile-server + └── seahub/ + └── seafile-{VERSION} # seafile source code + +``` + +### Start the Seafile Server + +After configuration successfully created, run **seafile-admin start** in the top directory to start the all components of Seafile. ( **You should always run the seafile-admin script in the top directory** ). + +``` +cd /data/haiwen # go to the top level directory +seafile-admin start + +``` + +At this moment, all the components should be running and seahub can be visited at + +**Note** You may want to deploy seahub with nginx or apache. In this case, follow the instructions on Deploy Seafile Web With [Nginx](../deploy/deploy_with_nginx.md)/[Apache](../deploy/deploy_with_apache.md). + +### Stop the Seafile Server + +To stop seafile server, run **seafile-admin stop**. + +``` +cd /data/haiwen # go to the top level directory +seafile-admin stop + +``` + +## Upgrade the Seafile Server + +When you want to upgrade to a new vesrion of seafile server, you need to: + +* Stop the seafile server if it's running + + +``` +cd /data/haiwen +seafile-admin stop + +``` + +* Get and latest source code and build libsearpc/ccnet/seafile, just as what you do in a fresh setup. +* Run the upgrade script. The upgrade script mainly updates database used by seafile for you. For example, create a new database table that is used in the latest seafile server but not in the previous version. + +### Get and compile the latest libsearpc/ccnet/seafile + +See the **Building** section above. + +### Get the new seahub tarball and uncompress it + +``` +cd haiwen/seafile-server +mv seahub/ seahub-old # move away the old seahub folder +tar xf /path/to/new/seahub-x.x.x-server.tar.gz +mv seahub-x.x.x-server seahub + +``` + +### Do the upgrade + +* copy the scripts/upgrade/ subdir outside + +The upgrade scripts is distributed in the `scripts/upgrade` subdir of seafile source code, we need to copy it to **seafile-server** directory before run the scripts. + +``` +cd /data/haiwen/seafile-server +cp -rf seafile-{version}/scripts/upgrade . + +``` + +#### Continuous Upgrade (like from 1.1 to 1.2) + +Continuous upgrade means to upgrade from one version of seafile server to the next version. For example, upgrading from 1.1.0 to 1.2.0 is a continuous upgrade. + +**Note:** Minor upgrade, like upgrade from 1.3.0 to 1.3.1, is documented in a separate section below. + +Say you are upgrading from 1.1.0 to 1.2.0, you should run the script **upgrade_1.1_1.2.sh** in `seafile-server` directory. + +``` +cd /data/haiwen/seafile-server +./upgrade/upgrade_1.1_1.2.sh + +``` + +#### Non-continous version upgrade(like from 1.1 to 1.3) + +If you upgrade a few versions at once, e.g. from 1.1.0 to 1.3.0. The procedure is: + +* upgrade from 1.1.0 to 1.2.0 +* upgrade from 1.2.0 to 1.3.0 + +Just run the upgrade scripts in sequence. + +#### Minor Upgrade (like from 1.3.0 to 1.3.1) + +Minor upgrade Minor upgrade is like an upgrade from 1.3.0 to 1.3.1. For this type of upgrade, you only need to update the avatar link: + +``` +cd /data/haiwen/seafile-server/seahub/media +cp -rf avatars/* ../../../seahub-data/avatars/ +rm -rf avatars +ln -s ../../../seahub-data/avatars + +``` + +## Problems Report + +If you encounter any problem when building/deploying Seafile, please leave us a message or [open an issue](https://github.com/haiwen/seafile/issues). diff --git a/manual/changelog.md b/manual/changelog.md new file mode 100644 index 00000000..b9424d52 --- /dev/null +++ b/manual/changelog.md @@ -0,0 +1,10 @@ +# Changelog + +### Changelogs + +- [Seafile Community Edition](changelog/server-changelog.md) +- [Seafile Professional Edition](changelog/changelog-for-seafile-professional-server.md) +- [Seafile Client](changelog/client-changelog.md) +- [Drive Client ChangeLog](changelog/drive-client-changelog.md) +- [Seafile Android Client (Seadroid)](https://github.com/haiwen/seadroid/releases) +- [Seafile iOS Client](https://github.com/haiwen/seafile-iOS/releases) diff --git a/manual/changelog/changelog-for-seafile-professional-server-old.md b/manual/changelog/changelog-for-seafile-professional-server-old.md new file mode 100644 index 00000000..8599fb6a --- /dev/null +++ b/manual/changelog/changelog-for-seafile-professional-server-old.md @@ -0,0 +1,772 @@ +# Seafile Professional Server Changelog (old) + +## 4.4 + +Note: Two new options are added in version 4.4, both are in seahub_settings.py + +* SHOW_TRAFFIC: default is True, set to False if you what to hide public link traffic in profile +* SHARE_LINK_PASSWORD_MIN_LENGTH: default is 8 + +This version contains no database table change. + +### 4.4.9 (2016.02.29) + +* \[fix] Show “out of quota” instead of “DERP” in the case of out of quota when uploading files via web interface + +### 4.4.8 (2015.12.17) + +* \[security] Fix password check for visiting a file in folder sharing link + +### 4.4.7 (2015.11.20) + +* \[fix] Fix viewing PDF files via Office Web App +* \[fix, virus scan] Do not scanning deleted libraries in virus scan +* \[fix, virus scan] Fix showing the virus scan page when libraries containing scanned items are deleted +* \[virus scan] Add more debug information for virus scan +* \[fix] Clean cache when set users' name from web API +* \[fix] Fix a performance problem for generating picture thumbnails from folder sharing link + +### 4.4.6 (2015.11.09) + +* \[security] Fix a XSS problem in raw sharing link +* \[fix] Delete sharing links when deleting a library +* \[fix] Clean Seafile tables when deleting a library +* \[fix] Add tag to the link in upload folder email notification +* \[fix] Fix a bug in creating a library (after submit a wrong password, the submit button is no longer clickable) +* \[fix, pro] Fix a bug in listing FileUpdate audit log +* \[security, pro] Don't online preview for office files in encrypted libraries + +### 4.4.5 (2015.10.30) + +* \[fix] Fix a bug in deleting sharing link in sharing dialog. + +### 4.4.4 (2015.10.29) + +* \[fix] Fix support for syncing old formatted libraries +* Remove commit and fs objects in GC for deleted libraries +* Add "transfer" operation to library list in "admin panel->a single user" +* \[fix] Fix the showing of the folder name for upload link generated from the root of a library +* \[fix] Add access log for online file preview +* \[fix] Fix permission settings for a sub-folder of a shared sub-folder + +LDAP improvements and fixes + +* Only import LDAP users to Seafile internal database upon login +* Only list imported LDAP users in "organization->members" +* Add option to not import users via LDAP Sync (Only update information for already imported users). The option name is IMPORT_NEW_USER. See document + +### 4.4.3 (2015.10.20) + +* \[fix] Remove regenerate secret key in update script + +### 4.4.2 (2015.10.19) + +* \[security] Check validity of file object id to avoid a potential attack +* \[fix] Check the validity of system default library template, if it is broken, recreate a new one. +* \[fix] After transfer a library, remove original sharing information +* \[security] Fix possibility to bypass Captcha check +* \[security] More security fixes. +* \[pro] Enable syncing a sub-sub-folder of a shared sub-folder (For example, if you share library-A/sub-folder-B to a group, other group members can selectively sync sub-folder-B/sub-sub-folder-C) +* \[fix, office preview] Handle the case that "/tmp/seafile-office-output"is removed by operating system + +### 4.4.1 beta (2015.09.24) + +* \[fix] Fix a bug in setting an user's language +* \[fix] Show detailed failed information when sharing libraries failed +* \[api] Add API to list folders in a folder recursively +* \[api] Add API to list only folders in a folder + +### 4.4.0 beta (2015.09.21) + +New features: + +* Allow group names with spaces +* Enable generating random password when adding an user +* Add option SHARE_LINK_PASSWORD_MIN_LENGTH +* Add sorting in share link management page +* Other UI improvements + +Pro only: + +* Integrate Office Web Apps server +* Integrate virus scan +* Support resumable upload (turn off by default) +* Add option to hide public link traffic in profile (SHOW_TRAFFIC) + +Fixes: + +* \[fix] Fix a bug that causing duplications in table LDAPImport +* set locale when Seahub start to avoid can't start Seahub problem in a few environments. + +## 4.3 + +Note: this version contains no database table change from v4.2. But the old search index will be deleted and regenerated. + +Note when upgrading from v4.2 and using cluster, a new option `COMPRESS_CACHE_BACKEND = 'locmem://'` should be added to seahub_settings.py + +### 4.3.4 (2015.09.14) + +* \[fix] Fix a bug in file locking +* \[fix] Fix sub-folder permission check for file rename/move +* \[fix] Fix a bug in active number of users checking +* Show total/active number of users in admin panel +* Counts all downloads into traffic statistics +* \[security] Use POST request to handle password reset request to avoid CSRF attack +* Don't show password reset link for LDAP users +* \[ui] Small improvements + +### 4.3.3 (2015.08.21) + +* \[fix, important] Bug-fix and improvements for seaf-fsck +* \[fix, important] Improve I/O error handling for file operations on web interface +* Update shared information when a sub-folder is renamed +* \[fix] Fix bug of list file revisions +* \[fix] Fix syncing sub-folder of encrypted library +* Update translations +* \[ui] Small improvements +* \[fix] Fix modification operations for system default library by admin + +### 4.3.2 (2015.08.12) + +* Update translations +* \[fix] Fix bug in showing German translation +* \[fix] Fix bug when remove shared link at library settings page +* \[fix] Fix api error in opCopy/opMove +* Old library page (used by admin in admin panel): removed 'thumbnail' & 'preview' for image files + +### 4.3.1 (2015.07.31) + +* \[fix] Fix generating image thumbnail +* \[ui] Improve UI for sharing link page, login page, file upload link page +* \[security] Clean web sessions when reset an user's password +* Delete the user's libraries when deleting an user +* Show link expiring date in sharing link management page +* \[admin] In a user's admin page, showing libraries' size and last modify time +* \[fix, api] Fix star file API +* \[pro, beta] Add "Open via Client" to enable calling local program to open a file at the web + +About "Open via Client": The web interface will call Seafile desktop client via "seafile://" protocol to use local program to open a file. If the file is already synced, the local file will be opened. Otherwise it is downloaded and uploaded after modification. Need client version 4.3.0+ + +### 4.3.0 (2015.07.25) + +Usability improvements + +* \[ui] Improve ui for file view page +* \[ui] Improve ui for sorting files and libraries +* Redesign sharing dialog +* Enable generating random password for sharing link +* Remove direct file sharing between users (You can use sharing link instead) + +Pro only features: + +* Add file locking +* \[fix] Fix file name search for Chinese and other Asia language +* \[fix] Support special password for MySQL database in seafevents + +Others + +* \[security] Improve permission check in image thumbnail +* \[security] Regenerate Seahub secret key, the old secret key lack enough randomness +* Remove the support of ".seaf" format +* \[api] Add API for generating sharing link with password and expiration +* \[api] Add API for generating uploading link +* \[api] Add API for link files in sharing link +* Don't listen on 10001 and 12001 by default. +* Change the setting of THUMBNAIL_DEFAULT_SIZE from string to number, i.e., use `THUMBNAIL_DEFAULT_SIZE = 24`, instead of `THUMBNAIL_DEFAULT_SIZE = '24'` + +## 4.2 + +Note: because Seafile has changed the way how office preview work in version 4.2.2, +you need to clean the old generated files using the command: + +``` +rm -rf /tmp/seafile-office-output/html/ + +``` + +### 4.2.4 (2015.07.08) + +* More fix on showing share link management page +* Fix a bug on doc/ppt preview +* Fix a bug in reading last login time + +### 4.2.3 (2015.07.07) + +* Fix translation problem for German and other language +* Remove "open locally" feature. It needs more testing +* Fix a problem in showing share link management page + +### 4.2.2 (2015.07.03) + +* \[fix] Fix file uploading link +* Add LDAP user sync +* Improve preview for office files (doc/docx/ppt/pptx) + +In the old way, the whole file is converted to HTML5 before returning to the client. By converting an office file to HTML5 page by page, the first page will be displayed faster. By displaying each page in a separate frame, the quality for some files is improved too. + +### 4.2.1 (2015.06.30) + +Improved account management + +* Add global address book and remove the contacts module (You can disable it if you use CLOUD_MODE by adding ENABLE_GLOBAL_ADDRESSBOOK = False in seahub_settings.py) +* List users imported from LDAP +* \[guest] Enable guest user by default +* \[guest] Guest user can't generate share link +* Don't count inactive users as licensed users + +Important + +* \[fix] Fix viewing sub-folders for password protected sharing +* \[fix] Fix viewing starred files +* \[fix] Fix support of uploading multiple files in clients' cloud file browser +* Improve security of password resetting link +* Remove user private message feature + +New features + +* Enable syncing any folder for an encrypted library +* Add open file locally (open file via desktop client) + +Others + +* \[fix] Fix permission checking for sub-folder permissions +* Change "quit" to "Leave group" +* Clean inline CSS +* Use image gallery module in sharing link for folders containing images +* \[api] Update file details api, fix error +* Enable share link file download token available for multiple downloads +* \[fix] Fix visiting share link whose original path is deleted +* Hide enable sub-library option since it is not meaningless for Pro edition + +### 4.2.0 (2015.05.29) + +Pro only updates + +* \[new] Support set permission on every sub-folder +* \[search] Support partial match like "com" matching "communication" in file name +* \[search] The search result page is much clean + +Usability + +* Add direct file download link +* Remove showing of library description +* Don't require library description +* Keep left navigation bar when navigate into a library +* Generate share link for the root of a library +* Add loading tip in picture preview page + +Security Improvement + +* Remove access tokens (all clients will log out) when a users password changed +* Temporary file access tokens can only be used once +* sudo mode: confirm password before doing sysadmin work + +Platform + +* Use HTTP/HTTPS sync only, no longer use TCP sync protocol +* Support byte-range requests +* Automatically clean of trashed libraries +* \[ldap] Save user information into local DB after login via LDAP + +## 4.1 + +### 4.1.2 (2015.05.07) + +* \[fix] Fix bug in syncing LDAP groups +* \[fix] Fix bug in viewing PDF/Doc +* \[fix] Fix crash bug when memcache is full + +### 4.1.1 (2015.04.16) + +* \[fix] Fix Webdav's port can't be changed to non default port (8082) +* \[fix, searching] Fix handling invalid path name when indexing +* \[fix] Fix seaf-fsck for swift/s3/ceph backend +* Do not show "this type of file can't be viewed online" +* \[fix] Fix showing of activity feed in mobile device +* \[fix] Fix viewing sharing link for deleted directories +* Log email sending in background task to seahub_email_sender.log +* Improve shibboleth login by supporting "next" parameter in URL + +### 4.1.0 (2015.04.01) + +Pro only updates + +* Support syncing any sub-folder in the desktop client +* Add audit log, see . This feature is turned off by default. To turn it on, see +* Syncing LDAP groups +* Add permission setting for a sub-folder (beta) + +Updates in community edition too + +* \[fix] Fix image thumbnail in sharing link +* Show detailed time when mouse over a relative time +* Add trashed libraries (deleted libraries will first be put into trashed libraries where system admin can restore) +* Improve seaf-gc.sh +* Redesign fsck. +* Add API to support logout/login an account in the desktop client +* Add API to generate thumbnails for images files +* Clean syncing tokens after deleting an account +* Change permission of seahub_settings.py, ccnet.conf, seafile.conf to 0600 +* Update Django to v1.5.12 + +## 4.0 + +### 4.0.6 (2015.03.06) + +* \[fix] Fix the seafevents not shutdown by seafile.sh problem +* Improved shibboleth support +* \[fix] Fix uploading a directory if the top directory only contains sub-folders (no files) +* Improve thumbnail API + +### 4.0.5 (2015.02.13) + +* \[fix] Fix a crash problem when a client tries to upload corrupted data +* Add image thumbnails + +### 4.0.4 (2015.02.05) + +Important + +* \[fix] Fix transfer library error in sysadmin page +* \[fix] Fix showing of space used in sysadmin page for LDAP users +* \[fix] Fix preview office files in file share links and private share +* Improved trash listing performance + +Small + +* \[webdav] list organisation public libraries +* Disable non-shibboleth login for shibboleth users +* \[fix] Fix wrong timestamp in file view page for files in sub-library +* Add Web API for thumbnail +* Add languages for Thai and Turkish, update a few translations +* \[ldap] Following referrals + +### 4.0.3 (2015.01.15) + +* \[fix] Fix memory leak in HTTP syncing +* Repo owner can restore folders/files from library snapshot +* Update translations +* \[ldap] Make the "page result" support turn off by default to be compatible with community edition. +* Only repo owner can restore a library to a snapshot +* \[fix] Remote redundant logs in seaf-server +* \[fix] Raise 404 when visiting an non-existing folder +* \[fix] Enable add admin when LDAP is enabled +* Add API to get server features information (what features are supported by this server) +* \[fix] Fix throttle for /api2/ping + +### 4.0.2 (2015.01.06) + +* \[fix] Fix syncing sub-library with HTTP protocol + +### 4.0.1 (2014.12.29) + +* Add Shibboleth support (beta) +* Improve libraries page loading speed by adding cache for library +* \[fix] Fix performance problem of FUSE when using ceph/swift backend +* \[fix] Fix folder upload by drap&drop +* \[fix] Fix version check for pro edition +* \[fix] Fix performance problem in listing files API +* \[fix] Fix listing files of a large folder +* \[fix] Fix folder sharing link with password protection +* \[fix] Fix deleting broken libraries in the system admin panel + +### 4.0.0 (2014.12.13) + +* Add HTTP syncing support +* Merge FileServer into seaf-server +* \[web] New upload file dialog +* \[search] Improve the speed of search by removing in-efficient code in calculating file modification time in the search result page. + +## 3.1 + +### 3.1.13 (2014.11.25) + +* Add WMV video file preview on web +* Support office documents online preview in cluster deployment +* \[fix] Fix file private sharing bug when file name contains & + +### 3.1.12 (2014.11.17) + +* Update ElasticSearch to v1.4 +* Limit content search of txt file to 100KB. +* Fix "out of memory" problem. + +### 3.1.11 (2014.11.03) + +* \[fix] Fixed ./seaf-gc.sh to run online GC +* \[fix] Fixed showing libraries with same name in WebDAV extension in some specific Python version +* \[fix] Fixed event timestamp for library creation and library deleting events +* \[fix] Don't allow setting an encrypted library as default library +* \[fix] Don't list unregistered contacts in sharing dialog +* Don't list inactive users in "organization->members" +* \[multi-tenancy] Add webdav support +* Autoupload files when added in web interface + +### 3.1.10 (2014.10.27) + +* Online GC: you don't need to shutdown Seafile server to perform GC +* \[fix] Fixed performance problem in WebDAV extension +* \[fix] Fixed quota check in WebDAV extension +* \[fix] Fixed showing libraries with same name in WebDAV extension +* Add "clear" button in a library's trash +* \[fix] Fix small errors when upload files via Web interface +* \[fix] Fix moving/coping files when the select all file checkbox is checked +* \[multi-tenancy] Listing libraries of an organization +* \[multi-tenancy] Enable rename an organization +* \[multi-tenancy] Prevent the deleting of creator account of an organisation + +### 3.1.9 (2014.10.13) + +* \[ldap] split LDAP and Database in organization -> pubuser +* \[ldap] Support pagination for loading users from LDAP +* \[multi-tenancy] fix quota related bugs +* \[office preview] Fix seafevents not start bug when using Python v2.6 + +### 3.1.7, 3.1.8 + +* Add support for multi-tenancy + +### 3.1.6 (2014.09.16) + +* Add access.log for file download +* \[fix, api] Fix bug in group creation + +### 3.1.5 (2014.09.13) + +* Add multi-tenancy support + +### 3.1.4 (2014.09.11) + +* \[fix] Fix bug in uploading >1GB files via Web +* \[fix] Remove assert in Ccnet to avoid denial-of-service attack +* \[fix] Add the missing ./seaf-gc.sh +* Support two modes of license, life-time and subscription + +### 3.1.3 (2014.08.29) + +* \[fix] Fix multi-file upload in upload link and library page +* \[fix] Fix libreoffice file online view +* Add 'back to top' for pdf file view. +* \[fix] Fix "create sub-library" button under some language +* \[fix popup] Fix bug in set single notice as read. +* Add message content to notification email + +### 3.1.2 (2014.08.27) + +* \[fix] Fix support for guest account +* \[fix, security] Fix permission check for PDF full screen view +* \[fix] Fix copy/move multiple files in web +* Improve UI for group reply notification +* Improve seaf-fsck, seaf-fsck now can fix commit missing problem +* \[security improve] Access token generated by FileServer can only be used once. + +### 3.1.1 (2014.08.18) + +* \[fix] Fix memory leak +* \[fix] Fix a memory not initialized problem which may cause sync problem under heavy load. +* \[fix, search] Closing database connection first before indexing + +### 3.1.0 (2014.08.15) + +Pro edition only: + +* \[search] Enable searching directories +* \[search] Enable search groups in organization tab +* \[search] Enable encrypted libraries (filename only) +* \[search, fix] Fix a bug when indexing a large library +* \[preview,fix] Fix document preview for Excel files in sharing links +* \[user] Enable add users as guests. Guests are only able to use libraries shared to him/her. +* \[user] Enable set users password strength requirement +* \[sharing link] Enable set expiring time for sharing links +* \[sharing link] Library owner can manage all share links from this library + +Syncing + +* Improve performance: easily syncing 10k+ files in a library. +* Don't need to download files if they are moved to another directory. + +Platform + +* Rename HttpServer to FileServer to remove confusing. +* Support log rotate +* Use unix domain socket in ccnet to listen for local connections. This isolates the access to ccnet daemon for different users. +* Delete old PID files when stop Seafile +* Remove simplejson dependency +* \[fix] fix listing libraries when some libraries are broken +* Add a bash wrapper for seafile-gc + +Web + +* Enable deleting of personal messages +* Improved notification +* Upgrade pdf.js +* Password protection for sharing links +* \[admin] Create multi-users by uploading a CSV file +* Sort libraries by name/date +* Enable users to put an additional message when sending a sharing link +* Expiring time for sharing links +* \[fix] Send notification to all users participating a group discussion +* Redesigned file viewing page +* Remove simplejson dependency +* Disable the ability to make a group public by default (admin can turn it on in settings) +* Add "Back to Top" button in file view page +* Improve page refreshing after uploading files + +## 3.0 + +### 3.0.7 + +* Add support for logrotate +* \[fix] Fix script for migrating from community edition + +### 3.0.6 + +* Fix seahub failing to start problem when Ceph backend is used + +### 3.0.5 + +* Add option to enable highlight search keyword in the file view +* \[fix] Fix "Save to My Library" in file sharing +* \[fix] Fix API for renaming files containing non-ASCII characters from mobile clients + +### 3.0.4 + +* Add support for MariaDB Cluster + +### 3.0.3 + +Web + +* Show a notice when one tries to reset/change the password of a LDAP user +* Improve the initial size of pdf/office documents online preview +* Handle languages more gracefully in search +* Highlight the keywords in the search results +* \[fix] Fixed a web page display problem for French language + +Platform + +* Improve the speed when saving objects to disks +* Show error messages when seahub.sh script failed to start + +### 3.0.2 + +* Added Ceph storage backend support +* Use random ID as avatar file name instead of the file name uploaded by the user + +### 3.0.1 + +* \[fix] Fix an UI bug in selecting multiple contacts in sending message +* Library browser page: Loading contacts asynchronously to improve initial loading speed + +### 3.0.0 + +Web + +* Redesigned UI +* \[admin] Add login log +* \[admin] Add share link traffic statistics +* \[fix] Handle loading avatar exceptions to avoid 500 error +* Fixed a few api errors +* Improve page loading speed +* \[fix] Fix UI problem when selecting contacts in personal message send form +* \[fix] Add nickname check and escape nickname to prevent XSS attack +* \[fix] Check validity of library name (only allow a valid directory name). + +Platform + +* Separate the storage of libraries +* Record files' last modification time directly +* Keep file timestamp during syncing +* Allow changing password of an encrypted library +* Allow config httpserver bind address +* Improved device (desktop and mobile clients) management + +Misc + +* \[fix] Fix API for uploading files from iOS in an encrypted library. +* \[fix] Fix API for getting groups messages containing multiple file attachments +* \[fix] Fix bug in HttpServer when file block is missing +* \[fix] Fix login error for some kind of Android + +## 2.2 + +### 2.2.1 + +* Add more checking for the validity of users' Email +* Use random salt and PBKDF2 algorithm to store users' password. + +## 2.1 + +### 2.1.5 + +* Add correct mime types for mp4 files when downloading +* \[important] set correct file mode bit after uploading a file from web. +* Show meaningful message instead of "auto merged by system" for file merges +* Improve file history calculation for files which were renamed + +WebDAV + +* Return last modified time of files + +### 2.1.4-1 + +* \[fix] fixed the `pro.py search --clear` command +* \[fix] fixed full text search for office/pdf files + +### 2.1.4 + +* Improved Microsoft Excel files online preview +* \[fix] Fixed file share link download issue on some browsers. +* \[wiki] Enable create index for wiki. +* Hide email address in avatar. +* Show "create library" button on Organization page. +* \[fix] Further improve markdown filter to avoid XSS attack. + +### 2.1.3 + +* Fixed a problem of Seafile WebDAV server + +### 2.1.2 + +* Fixed a problem of requiring python boto library even if it's not needed. + +### 2.1.1 + +Platform + +* Added FUSE support, currently read-only +* Added WebDAV support +* A default library would be created for new users on first login to seahub +* Upgrade scripts support MySQL databases now + +Web + +* Redesigned Web UI +* Redesigned notification module +* Uploadable share links +* \[login] Added captcha to prevent brute force attack +* \[login] Allow the user to choose the expiration of the session when login +* \[login] Change default session expiration age to 1 day +* \[fix] Fixed a bug of "trembling" when scrolling file lists +* \[sub-library] User can choose whether to enable sub-library +* Improved error messages when upload fails +* Set default browser file upload size limit to unlimited + +Web for Admin + +* Improved admin UI +* More flexible customization options +* Support specify the width of height of custom LOGO +* Online help is now bundled within Seahub + +## 2.0 + +### 2.0.5 + +* Support S3-compatible storage backends like Swift +* Support use existing elasticsearch server + +### 2.0.4 + +* \[fix] set the utf8 charset when connecting to database +* Use users from both database and LDAP +* \[admin] List database and LDAP users in sysadmin + +### 2.0.3 + +* \[fix] Speed up file syncing when there are lots of small files + +### 2.0.1 + +* \[fix] Elasticsearch now would not be started if search is not enabled +* \[fix] Fix CIFS support. +* \[fix] Support special characters like '@' in MySQL password +* \[fix] Fix create library from desktop client when deploy Seafile with Apache. +* \[fix] Fix sql syntax error in ccnet.log, issue #400 (). +* \[fix] Return organization libraries to the client. +* Update French, German and Portuguese (Brazil) languages. + +### 2.0.0 + +Platform + +* New crypto scheme for encrypted libraries +* A fsck utility for checking data integrity + +Web + +* Change owner of a library/group +* Move/delete/copy multiple files +* Automatically save draft during online editing +* Add "clear format" to .seaf file online editing +* Support user delete its own account +* Hide Wiki module by default +* Remove the concept of sub-library + +Web for Admin + +* Change owner of a library +* Search user/library + +API + +* Add list/add/delete user API + +## 1.8 + +### 1.8.3 + +* Improve seahub.sh +* Improve license checking + +### 1.8.2 + +* fixed 'cannot enter space' bug for .seaf file online edit +* add paginating for repo files list +* fixed a bug for empty repo + +### 1.8.1 + +* Remove redundant log messages + +### 1.8.0 + +Web + +* Improve online file browsing and uploading + * Redesigned interface + * Use ajax for file operations + * Support selecting of multiple files in uploading + * Support drag/drop in uploading +* Improve file syncing and sharing + * Syncing and sharing a sub-directory of an existing library. + * Directly sharing files between two users (instead of generating public links) + * User can save shared files to one's own library +* \[wiki] Add frame and max-width to images +* Use 127.0.0.1 to read files (markdown, txt, pdf) in file preview +* \[bugfix] Fix pagination in library snapshot page +* Set the max length of message reply from 128 characters to 2000 characters. + +API + +* Add creating/deleting library API + +Platform + +* Improve HTTPS support, now HTTPS reverse proxy is the recommend way. +* Add LDAP filter and multiple DN +* Case insensitive login +* Move log files to a single directory +* \[security] Add salt when saving user's password +* \[bugfix] Fix a bug in handling client connection +* Add a script to automate setup seafile with MySQL + +## 1.7 + +### 1.7.0.4 + +* Fixed a bug in file activities module + +### 1.7.0 + +* First release of Seafile Professional Server diff --git a/manual/changelog/changelog-for-seafile-professional-server.md b/manual/changelog/changelog-for-seafile-professional-server.md new file mode 100644 index 00000000..30514bc7 --- /dev/null +++ b/manual/changelog/changelog-for-seafile-professional-server.md @@ -0,0 +1,1278 @@ +# Seafile Professional Server Changelog + +> You can check Seafile release table to find the lifetime of each release and current supported OS: + +## 7.1 + +**Upgrade** + +Please check our document for how to upgrade to 7.1: + +### 7.1.8 (2020/10/12) + +* \[fix] Fix user name encoding for Shibboleth SSO +* \[fix] Add back the remote wipe feature when deleting a linked devices in admin panel +* \[fix] Fix sorting problem in some tables in admin panel +* \[fix] Fix auto-reactive user when a user deleted from LDAP and then added back +* \[fix] Fix a few bugs in organization admin panel in multi-tenancy mode +* \[fix] Fix libraries unsynced in a client if database crash at the server side + +### 7.1.7 (2020/08/28) + +* \[fix] Fix a bug in returned group library permission for SeaDrive client +* Support pagination when listing libraries in a group +* Update wsgidav used in WebDAV +* Remove redundent logs in seafile.log +* \[fix] Fix "save to..." in share link +* Add an option to show a user's email in sharing dialog (ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER) +* \[fix] Fix virus scan results page can't be opened in system admin panel + +### 7.1.6 (2020/07/28) + +* Add database connection pool to reduce database connection usage +* \[fix] Fix WebDAV error if a file is moved immediately after uploading +* Enable generating internal links for files in an encrypted library + +### 7.1.5 (2020/06/30) + +* Indexing LibreOffice files in file search +* Support setting the expire date time of a share link to a specific date time +* GC add --id-prefix option to scan a specific range of libraries +* fsck add an option to not check block integrity to speed up scanning +* \[fix] ccnet no longer listen on port 10001 +* \[fix] Fix virus scan via upload link not work +* \[fix] Fix WebDAV failed login via WebDAV secret +* \[fix] Fix some bugs in LDAP sync +* \[fix] Fix term and condition feature +* \[fix] Fix support for institution feature +* Other UI fixes + +### 7.1.4 (2020/05/14) + +* \[fix] Fix listing LDAP imported users when number of users is greater than 500 +* \[fix] Fix visiting folder share links with password and default path +* Use preview-and-download as default permission when generating share links +* Support selecting and downloading multiple files in a sharing link +* Show share link expiration time in system admin +* \[multi-tenancy] Support sorting for users and libraries in organization admin panel +* FUSE extension now support multiple storage backends +* \[fix] Fix file download links in public libraries +* \[fix] fix seaf-backup-cmd.sh +* Other UI improvements and fixes + +### 7.1.3 (2020/04/08) + +* A library admin can see all the shared links for a library +* Sort libraries and users in admin panel +* Delete all the users and libraries in an organization when deleting that organization +* \[fix] Fix some bugs in multiple storage backend feature +* Other UI fixes + +### 7.1.1 Beta (2020/02/27) + +* Fix full text search +* Fix office file preview in cluster mode + +### 7.1.0 Beta (2020/02/19) + +* Rewrite the system admin pages with React +* Upgrade to Python3 +* Add library API Token, you can now generate API tokens for a library and use them in third party programs. +* Add a feature abuse report for reporting abuse for download links. +* Improved guest invitation: you can now invite a guest and share a library to the guest in one step. + +## 7.0 + +Since seafile-pro 7.0.0, we have upgraded Elasticsearch to 5.6. As Elasticsearch 5.6 relies on the Java 8 environment and can't run with root, you need to run Seafile with a non-root user and upgrade the Java version. + +Please check our document for how to upgrade to 7.0: + +### 7.0.19 (2020/09/07) + +* Fix translation + +### 7.0.18 (2020/05/21) + +* Fix a bug in adding tag for files using context menu +* Add missing translations for French language + +### 7.0.17 (2020/04/28) + +* Fix bug for EXTRA_ABOUT_DIALOG_LINKS +* Modify the default permission to "Download and preview" for share links + +### 7.0.16 (2020/04/01) + +* Add progress dialog when moving files across libraries +* Add more customization options (EXTRA_SHARE_DIALOG_NOTE, EXTRA_APP_BOTTOM_LINKS, EXTRA_ABOUT_DIALOG_LINKS) +* \[fix] Fix a bug with domain-name that contains "file" when previewing markdown file via share link +* \[fix] Do not show download link for a preview-only share link +* \[fix] Fix searching files in a public library for login users +* Some UI improvements + +### 7.0.15 (Deprecated) + +### 7.0.14 (2020/03/06) + +* \[fix] Fix seaf-server crash problem when calculating library size for a corrupted library +* \[fix] Fix a bug when sending file update notice +* Write virus scan log to file virus_scan.log + +### 7.0.13 (2020/01/16) + +* Fix Shibboleth login bug (added in 7.0.12) + +### 7.0.12 (2020/01/10) + +* Fix department support in multi-tenancy mode +* Fix a performance problem when deleting cache files for resume file upload + +### 7.0.11 (2019/11/15) + +* set jvm.options in ElasticSearch to `-Xms1g -Xmx1g` +* \[fix] Fix revert library button missing in multi-tenancy mode +* \[fix] Remove redundant log OnlineOffice file lock is expired +* \[fix] Fix S3 support in multiple storage backend feature +* \[LDAP Sync] Support setting default permission for automatically created library for department +* \[LDAP Sync] Support get department name from a configured attribute +* \[fix] Fix support for Shibboleth single log out +* \[fix] Fix support for sharing a sub-folder in a department library + +### 7.0.10 (2019/10/22) + +* \[fix] Fix showing NaN when uploading a file with 0 size. +* \[fix] Fix email notifications for file changes not sent +* \[fix] Remove two redundant logs in seafile.log +* \[fix] Fix opening a shared library with special characters +* \[fix] Fix duplicated two-scrollbars when browsing a published library in Windows using Firefox +* \[fix] Users can now create sharing links for files with permission "online-preview only" and "online-read-write". +* \[fix] Fix links in email notification for a shared folder +* \[fix] Fix the path shown for public share links of folders +* \[fix] Fix a bug in loading a file's history +* \[fix] Fix a case when using SAML login with LDAP configured +* \[fix] Fix a bug that a broken library can't be deleted via web UI + +### 7.0.9 (2019/09/20) + +* \[fix] Add institution admin back +* \[fix] Fix '\\n' in system wide notification will lead to blank page +* \[fix] Remove all metadata in docx template +* \[fix] Fix redirection after login +* \[fix] Fix group order is not alphabetic +* \[fix] Fix download button in sharing link +* Mobile UI Improvement (Now all major pages can be used in Mobile smoothly) + +### 7.0.8 (2019/08/26) + +* Inviter can cancel invitation after the user has accepted the invitation. The user will be set as inactive. +* Improve organization admin panel in multi-tenancy mode +* Add notification when a user try to leave a page during file transfer +* Add UI waiting notification when resetting a user's password in admin panel +* Add generating internal link (smart-link) for folders +* Add command line tool for admin to export reports +* \[fix] Fix file drag and drop in IE and Firefox +* \[fix] Add back the feature of letting user to select storage backend +* Improve UI for file uploading, support re-upload after error +* \[fix] Fix devices login via Shibboleth not show in devices list +* \[fix] Fix support of OnlyOffice force-save option +* \[fix] Fix zip download when user selecting a long list of files +* Other UI fixes + +### 7.0.7 (2019/07/29) + +* \[fix] Fix a bug in multiple storage backend support +* Fix avatar problem when deployed under non-root domain +* Add get internal link in share dialog +* Fix newly created DOCX files are not empty and have a Chinese font set as default font +* Fix system does not send email to new user when adding new user in system admin +* Fix thumbnail for TIFF files +* Fix direct download link for sharing links +* Fix report in statictics module has no file extension when downloading in Firefox +* Fix "Preview-only" share link +* Fix file comment +* Other UI fixes + +### 7.0.6 (2019/07/22) + +* \[fix] Fix a memcache bug when using S3 backend + +### 7.0.5 (2019/07/16) + +* \[fix] Fix Zip download multiple files +* \[fix] Fix a bug in "System Admin -> Logs -> File Update -> details" +* \[fix] Fix there is an extra history item for newly created docs/pptx +* \[fix] Fix a bug in traffic statistics +* \[fix] Fix file modification report email are not sent out +* Support show department libraries in fuse +* Add expiring date for upload link +* Add search feature in pubished libraries for anonymous users + +### 7.0.4 (2019/07/05) + +* UI Improvement and fixes +* Fix file upload button with Safari, IE edge +* Support setting history and cleaning trash for department libraries +* Fix compatibility with "Open library in web" from the old version desktop client +* Support "." in group name +* Add back "can edit" permission for sharing links for office file +* Add back "send link" for upload links +* Add back grid view for folder sharing links +* Support creating encrypted libraries for department libraries +* Fix preview for PSD, TIFF files +* Fix deleting of favorate items when they are shared items but the sharing are revoked +* Fix avatar broken problem when using a non-stardard port +* Fix resumable file uploading + +### 7.0.3 (2019/06/13) + +* UI fixes +* Support index.md in published library +* Add sub-folder permission for deparment libraries +* Enable new file history by default +* Make published library feature turned on by default +* Fix IE Edge support +* Fix LDAP group sync + +### 7.0.2 beta (2019/05/17) + +* UI fixes +* Support using different salt for each encrypted libraries +* Add back sub-folder permission feature +* Improved user's settings page and file search page +* Support transfer personal library to department +* Add pubishing library to role permission +* \[wopi] Pass last modified time to WOPI +* Improve image resizing in Markdown + +### 7.0.1 beta (2019/04/18) + +* Improved Markdown editor +* Add columns view mode (Wiki view mode) +* Add context menu +* Realtime search +* Support search libraries +* Record file history to database for Markdown, Text and Docx, xlsx, pptx files +* Redesigned activities page +* Add preview-edit-on-cloud, preview-on-cloud permissions +* Redesigned file tags +* Support editing share link permission after creating a link + +## 6.3 + +In version 6.3, Django is upgraded to version 1.11. Django 1.8, which is used in version 6.2, is deprecated in 2018 April. + +With this upgrade, the fast-cgi mode is no longer supported. You need to config Seafile behind Nginx/Apache in WSGI mode. + +The way to run Seahub in another port is also changed. You need to modify the configuration file `conf/gunicorn.conf` instead of running `./seahub.sh start `. + +Version 6.3 also changed the database table for file comments, if you have used this feature, you need migrate old file comments using the following commends after upgrading to 6.3: + +``` +./seahub.sh python-env seahub/manage.py migrate_file_comment + +``` + +> Note, this command should be run while Seafile server is running. + +Version 6.3 changed '/shib-login' to '/sso'. If you use Shibboleth, you need to to update your Apache/Nginx config. Please check the updated document: + +Version 6.3 add a new option for file search (`seafevents.conf`): + +``` +[INDEX FILES] +... +highlight = fvh +... + +``` + +This option will make search speed improved significantly (10x) when the search result contains large pdf/doc files. But you need to rebuild search index if you want to add this option. + +### 6.3.14 (2019/05/21) + +* \[fix] Fix a bug in LDAP group sync + +### 6.3.13 (2019/03/20) + +* \[fix] Fix some bugs in accessing S3 for some special configurations +* \[fix] Fix OnlyOffice integration when OnlyOffice using invalid CA +* \[fix] Fix sometimes users can't login into WebDAV +* \[fix] Fix a crash bug in realtime backup server +* \[fix] Fix the last modified time is not updated for shared sub-folders +* \[fix] Keep last modified time when moving or copying files from on library to another +* \[fix] Fix can't sync a sub-folder of a shared sub-folder +* \[fix] Fix URL in email notification for sub-folder shared event + +### 6.3.12 (2019/02/21) + +* \[fix] Fix using WebDAV with Single Sign On +* \[fix] Fix a bug in importing users via excel file +* Redirect users to home page after setting up 2FA +* \[fix] Fix can't send email when non-ascii symbols in filename in virus scan +* \[fix] Fix a bug in syncing LDAP when a user belong to multiple groups +* Add slow log for accessing object storage for debugging purpose +* \[fix] Fix a SQL bug in multi-tenancy mode +* Set the chunk size to 8MB during uploading files via chunk to speed up file transfer + +### 6.3.11 (2019/01/15) + +* \[fix] Fix support for two-factor authentication using SMS +* \[fix] Fix support for traffic statistics +* \[fix] Improve performance for getting group library list +* \[fix] Fix file access audit log +* Remove file count and size count for directories as it will lead to performance problem + +### 6.3.10 (2019/01/02) + +* \[fix] Fix folder upload problem +* \[fix] Fix file audit page can't be load +* \[fix] Fix MIME type for .xls +* Add RPC slow log +* Add admin API for manage organizations in multi-tenancy mode +* Add warning when close page during file uploading + +### 6.3.9 (2018/12/13) + +* Fix a seaf-server crash problem + +### 6.3.8 (2018/12/10) + +* Improve online PDF view for large PDF files (In the old version, a large PDF file consumes a lot of memory) +* Admin can force a user to use two-factor authentication +* Improve performance of upgdating a library's size and file numbers +* Don't print a lot of "Repo size compute queue is 0" +* Enable using WebDAV with Single Sign On (A new option ENABLE_WEBDAV_SECRET) +* Enable login to WebDAV via contact email +* \[fix] A shared empty folder name will be updated if the folder's name is changed +* Support preview for PSD and AI files +* \[fix] Fix license information display problem +* \[fix] Fix video preview for shared link on mobile browsers +* Redirect old wiki URL to new wiki URL +* Hide save as button for files viewed by Office Online Server +* When a library be transfer to another user, don't clear the syncing tokens +* Support syncing both department and groups at the same time in LDAP sync (deprecating old config options for department sync) +* Set default quota for department synced from LDAP +* Allow more independent LDAP configurations for multi-LDAP server sync +* \[fix] Fix problems when downloading large list of files via Zip download +* \[fix] Fix a performance problem when get the list of all groups +* \[fix] Can change history settings for library in admin area even if the change of history settings is disable for normal users +* Make multi-threads mode as default for Seahub + +### 6.3.7 (2018/10/16) + +* \[fix] Fix a bug of lock by online office +* Anyone that can write a file can unlock the file if it is locked by online office +* \[fix] Fix a bug in sending mails in background node +* \[fix] Remove forcesave option in OnlyOffice since it have a bug +* \[fix] Fix a bug that wiki page can't be loaded +* Add traffic statistics +* \[fix] Remove unnecessary logs in virus scan + +### 6.3.6 (2018/09/21) + +* \[fix] Fix a bug in user defined role +* \[fix] Editable share link can be edited by anonymous user + +### 6.3.5 (2018/09/18) + +* \[fix, security] Fix a security issue in Shibboleth authentication +* \[fix] Fix sometimes Web UI will not autoload a >100 item directory view +* \[fix] Fix sending notification emails in backend node +* Showing user's name instead of email in web interface +* \[fix] Fix desktop client can't login if using ADFS + +New features + +* Add a new sharing link permission "can edit" for docx/excel. Any login users can edit the file via share link. +* \[multi-tenancy] Support department and department owned library +* Add system traffic statistics (showing the daily web download/web upload/sync traffic) + +### 6.3.4 (2018/08/16) + +* \[fix] Fix a bug in creating group-owned library + +### 6.3.3 (2018/08/15) + +* \[fix] Fix some bugs in sharing group-owned libraries +* \[fix] Fix a bug in setting folder permission +* Update Django to 1.11.11 +* Support login via contact email +* Support sharing a sub-folder in a group-owned library + +### 6.3.2 (2018/07/30) + +* \[fix] Fix sometimes get group listing will cause ccnet-server crash +* \[fix] Fix built in office file preview can't works +* Redirect '/shib-login' to '/sso' +* Other small fixes + +### 6.3.1 (2018/07/25) + +* Add generating of internal links +* Lock office files when editing via online office suite +* Support setting organization quota, delete an organization via Web API +* Support Swift storage backend Identity v3.0 API +* Improve markdown editor +* Several fixes + +### 6.3.0 Beta (2018/06/28) + +* Support nested group and group-owned libraries +* Keep sharing link when file or folder moved or renamed +* Update Django to 1.11, remove fast-cgi support +* Update jQuery to version 3.3.1 +* Update pdf.js, use pdf.js for preview pdf files +* Docx files are converted to PDFs and preview via pdf.js in builtin preview +* Support multiple storage backend to be used in a single server +* \[fix] Fix some bugs with OnlyOffice and CollaboraOffice +* \[fix] Use mobile version of OnlyOffice if viewed via mobile devices +* Shared sub-folders can be searched +* Show terms and condition link if terms and condition is enabled +* Remove login log after delete a user +* \[admin] Support customize site title, site name, CSS via Web UI +* \[fix] Fix a bug that causing seaf-fsck crash +* \[fix] Cancel Zip download task at the server side when user close zip download dialog +* \[fix] Fix crash when seaf-fsck, seaf-gc receive wrong arguments +* \[fix] Fix a few bugs in realtime backup server +* \[beta] Wiki, users can create public wikis +* Some other UI improvements + +## 6.2 + +From 6.2, It is recommended to use proxy mode for communication between Seahub and Nginx/Apache. Two steps are needed if you'd like to switch to WSGI mode: + +1. Change the config file of Nginx/Apache. +2. Restart Seahub with `./seahub.sh start` instead of `./seahub.sh start-fastcgi` + +The configuration of Nginx is as following: + +``` +location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_read_timeout 1200s; + + # used for view/edit office file via Office Online Server + client_max_body_size 0; + + access_log /var/log/nginx/seahub.access.log; + error_log /var/log/nginx/seahub.error.log; + } + +``` + +The configuration of Apache is as following: + +``` + # seahub + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + ProxyPass / http://127.0.0.1:8000/ + ProxyPassReverse / http://127.0.0.1:8000/ + +``` + +### 6.2.13 (2018.5.18) + +* \[new] Support only return files or folders when search file via api. +* \[fix] Fix notification display behavior bug on some page. +* \[fix] Recreate folder when failed because of `file already exists` error for the first time. +* \[fix] Fix bug of saving file via onlyoffice. +* \[fix] Fix bug when set user’s reference id to ‘’ via admin api. +* \[fix] Fix bug of group info page display in organization admin panel. +* \[improve] Disable full email search if current user is a guest user. +* \[improve] Return library type when search file via api. +* \[improve] Add user auth info to cookie when login via OAuth. +* \[improve] Return timestamp instead of time string when get user clean up library trash event via api. +* \[improve] Check quota when copy/move file/folder. +* \[improve] Distinguish file or folder when send library/folder share notice/email. +* \[improve] Sort by parent folder’s name when get file/folder recursively. +* \[improve] Remove unused Python imports in ADFS module. +* \[improve] Optimizate library udpate event. +* \[improve] Remove seahub gunicorn access log. + +### 6.2.12 (2018.4.20) + +* \[fix] Fix a bug in seafevents + +### 6.2.11 (2018.4.19) + +* Update multi storage backend feature, add STORAGE_CLASS_MAPPING_POLICY setting. +* \[fix] Fix bug when search file by path. +* \[fix] A user that can't create a library can sync a sub-folder of a library now. +* Add title when view file via OOS. +* Check if enable LIBRARY_TEMPLATES feature when creating library. +* \[api] Enable return all files recursively under a folder. +* Preserve share links when admin transfer a library from a user to another user. +* Add setting to disable user change password. +* Add setting to disable group dissussion. +* Add setting to disable file comment. +* Restart both ccnet-server and seaf-server if seaf-server is down. +* Fix a bug that some cases elasticsearch be started repeatly. +* Don’t start seafile if failed to mount http-temp dir. +* Don’t deactive user if failed to get users from ldap server. +* \[fix] Fix online preview can't work in background node caused by wrong Python path. + +### 6.2.10 (2018.3.20) + +* Improve performance of file search +* \[fix] Fix a bug in daily active user statistics +* \[fix] Fix copy files larger than 2GB via seaf-fuse +* Show 403 error when visit share link if share link creator no longer has access permission to library. +* \[api] Add api for uploading file via upload share link. +* \[api] Support search file/folder in a specific library and folder via api. +* \[fix] Fix bug in folder renaming operation list on activities page. +* \[fix] Fix bug when creating personal/group wiki. +* \[fix] Fix bug when searching specific extension file. +* \[fix] Fix a bug in Two-Factor Authentication. +* \[fix] Fix bug when getting encrypted library history. +* \[fix] Fix UI bug of "New Library" and "More" buttons. +* \[fix] Fix bug of using truncated image file as avatar. +* Change value of `per_page` parameter to 10 when search file via api. +* Support indexing files in background after file uploading via API +* Add user clean library trash event to activities +* Use inner fileserver url to save file when edit office via OOS. + +### 6.2.9 (2018.02.10) + +* \[fix] Support setting region for Swift backend +* \[fix] Notify the admin when an invited people registered +* \[new, api] Add API for cleaning trash +* \[fix, api] Fix permission check in search API +* \[fix] Remove redundant warning message in seahub.log +* \[fix] Add API for upload files via upload link +* \[fix] Fix inconsistency in showing user's space usage in multi-tenancy mode +* \[new] Add online preview for SVG files + +### 6.2.8 (2018.02.02) + +* \[fix] Fix command pro/pro.py --test +* All logs that went to seahub_django_request.log go to seahub.log +* Print gunicorn error to runtime/error.log +* \[fix] Don't allow to generate share links via API for encrypted libraries +* \[new] Support online preview for tiff and eps files +* \[new, api] Add api to allow admin to copy files between libraries +* \[new] Allow system admin to share a library as "admin" to another user in admin panel +* Other UI fixes and improvements + +### 6.2.7 (2018.01.22) + +* \[fix, important] Fix a performance bug in search index +* \[fix, important] Fix a memory leak in listing folder with locked files +* \[fix] Fix creating of demo account +* \[new] Notify the inviter when a guest register +* \[new] Add the feature "remember this device" after two-factor authentication +* \[new] Don't allow to move, delete or rename a file when a file is locked +* \[new] Add option to notify the admin after new user registration (NOTIFY_ADMIN_AFTER_REGISTRATION) +* \[new, ui] Support inviting multiple guests at once +* \[new] Support customize the list of groups that a user can see when sharing a library +* \[new, api] Support search files in my libraries, shared libraries, shared to all libraries +* \[fix] Fix OAuth bug +* \[fix] Fix a bug that file preview can't work in Debian 9 +* \[fix, multi-tenancy] Fix permission of a shared sub-folder can't be changed +* \[fix] Fix a bug in modify permission for a shared sub-folder +* \[fix] Improve performance in checking folder permission and file lock +* \[fix] Improve the performance of returning a user's all group libraries +* \[fix] Fix support for uploading 500+ files via web interface (caused by API rate throttle) +* \[fix] Fix API get_shared_repo_by_path() +* \[fix] Add more log when failed to zip a file +* Don't use memcache when read object in the Python part +* Update license file check +* \[multi-tenancy, api] Return origin_repo_name when listing libraries +* Add cancel zip download API +* \[fix] Fix some configuration bugs in seafevents module + +### 6.2.5, 6.2.6 (deprecated) + +### 6.2.4 (2017.12.20) + +* \[fix] Fix a bug in file search index clearing command + +### 6.2.3 (2017.12.19) + +* \[fix] Fix a bug in file search indexing. +* \[fix, admin] Fix a bug of statistic module in a cluster. +* \[new, admin] Support search share link. +* \[improve, ui] Add transition to show/hide of feedback messages. +* Other small UI improvements. + +### 6.2.2 (2017.12.12) + +* \[improve] Improve performance of file history page. +* \[improve] show be shared folders when copy/move file/folder to “Other Libraries”. +* \[improve] Remove the white edge of webpage when previewing file via OnlyOffice. +* \[improve] Show two file history records at least. +* \[multi-tenancy] fix bug when listing libraries/folders shared to group. +* \[multi-tenancy] fix bug when deleting an organization. +* \[fix] fix bug when previewing excel file with “&” character in its name. +* \[fix] Don’t check if user exists when deleting a group memeber in admin panel. +* \[oauth] Don’t overwrite public registration settings when login an unexisted user. +* \[audit] Recording file access/update log when preview/edit a file via OnlyOffice. + +### 6.2.1 beta (2017.11.22) + +* \[new] Support OAuth. +* \[new] Support Swift v1 protocol. +* \[new, admin] Add option to turn on statistic module +* \[new] Enable publish library update events to message queue (like Redis) +* \[improve, ui] Add "click to select" feature for download/upload links. +* \[improve, ui] improved accessibility for some form elements, such as login inputs, and etc. +* \[improve, api] Add `repo_owner` field to library search web api. +* \[improve, admin] Show/edit contact email in admin panel. +* \[improve, admin] Show upload links in admin panel. +* \[improve, admin] Improve license display. +* \[improve, admin] Share with admin permission recorded in audit log. +* \[improve, admin] Add permission audit log when remove library from group. +* \[improve, search] Set timeout for extracting contents from doc/pdf. +* \[improve, search] Search indexing no longer depend on Seafile service. It reads information from database directly. +* \[fix] Fix Shibboleth login redirection issue, see +* \[fix] In some case failed to unshare a folder. +* \[fix] LDAP search issue. +* \[fix] Fix Safari downloaded file names are encoded like 'test-%2F%4B.doc' if it contains special characters. +* \[fix] Disable client encrypt library creation when creating encrypt library is disabled on server. +* \[fix] Failed to get snapshot labels when libraries are deleted. + +### 6.2.0 beta (2017.10.16) + +* Add report charts for daily active users, daily file operations, and usage space +* Add "admin" permision when sharing a library to another user/group +* Redesign login page, adding a background image. +* Clean the list of languages +* Add the ability of tagging a snapshot of a library (Use `ENABLE_REPO_SNAPSHOT_LABEL = True` to turn the feature on) +* \[admin] Add an option to enable users to share a library to any groups in the system. +* Use WSGI as the default mode for deploying Seahub. +* Add a field Reference ID to support changing users primary ID in Shibboleth or LDAP +* Improved performance of loading library list +* Use multi-threads in search indexing +* \[fix] Fix a bug when indexing a PDF larger than 10MB +* Support adding a custom user search function + () +* Other small UI improvements +* \[fix] Fix ADFS support + +## 6.1 + +You can follow the document on minor upgrade (). + +### 6.1.9 (2017.09.28) + +* \[fix] Fix some bugs in realtime backup server +* Add option to set up Seafile HTTP server thread number +* \[fix] Fix create new file API when create a file with a same name with exist file +* \[fix] Fix a bug in permission check in file syncing +* Add more detailed log information when permission check error +* \[fix] Add log to the size of queue of library size calculation +* \[fix] Use customized logo when sending email notifications + +### 6.1.8 (2017.08.18) + +* \[fix] Fix license checking + +### 6.1.7 (2017.08.17) + +* \[fix] Fix a bug when concurrent uploading/creating files (in the old version, when a user uploading/deleting multiple files in cloud file browser, it had a high chance to get “internal server error” message) +* \[fix] Fix thumbnails for some images that 90 degrees rotated +* \[fix] Fix support for resumable file upload +* \[fix] Fix MySQL connection pool in Ccnet +* \[fix] Use original GIF file when view GIF files +* \[fix, api] Check if name is valid when creating folder/file +* Remove deleted libraries in search index +* Use 30MB as the default value of THUMBNAIL_IMAGE_SIZE_LIMIT +* \[api] Improve performance when move or copy multiple files/folders +* \[admin] Support syncing user role from AD/LDAP attribute () +* \[admin] Support deleting all outdated invitations at once +* \[admin] Improve access log +* \[admin] Support upload seafile-license.txt via web interface (only for single machine deployment) +* \[admin] Admin can cancel two-factor authentication of a user +* \[admin, role] Show user’s role in LDAP(Imported) table +* \[admin, role] Add wildcard support in role mapping for Shibboleth login +* \[admin] Improve performance in getting total file number, used space and total number of devices +* \[admin] Admin can add users to an institution via Web UI +* \[admin] Admin can choose a user’s role when creating a user + +### 6.1.4 (2017.07.11) + +* \[api] Improve performance of getting unread notifications. +* Delete deleted libraries in search index +* Use user's languange as lang setting for OnlyOffice + +### 6.1.3 (2017.07.06) + +* Add context menu "details" to libraries and folders, so you can get how many files in a library or a folder. +* Improve search result accuracy +* \[fix] Fix a bug in zip downloading an empty folder +* Improve performance of multiple file copy and move +* Admin can delete out-dated guest invitations +* \[fix] Fix a bug in seafile-gc "dry run" option +* Users can restore deleted libraries by their own +* Change default block size for files uploaded via web browser to 8MB. + +### 6.1.2 (deprecated) + +### 6.1.1 (2017.06.19) + +* Add "online preview only" option to share links +* Enable setting favicon and logo via admin panel + +### 6.1.0 beta (2017.06.06) + +Web UI Improvement: + +1. Add thumbnail for video files (turn off by default) +2. Improved image file view, using thumbnail to view pictures +3. Move items by drap & drop +4. Add create docx/xlsx/pptx in web interface +5. Add OnlyOffice integration +6. Show which client modify a file in history, this will help to find which client accidentally modified a file or deleted a file. + +Improvement for admins: + +1. Admin can set default quota for each role +2. Admin can set user’s quote, delete users in bulk in admin panel +3. Support using admin panel in mobile platform +4. Add translation for settings page +5. Add admin operation logs +6. Admin can change users' login_id in web interface +7. Admin can create libraries in admin panel +8. Admin can set logo and favicon in admin panel + +System changes: + +1. Remove wiki by default (to turn it on, set `ENABLE_WIKI = True` in seahub_settings.py) +2. Upgrade Django to 1.8.18 +3. Clean Ajax API +4. Increase share link token length to 20 characters +5. Upgrade jstree to latest version +6. Update ElasticSearch to 2.4.5 + +## 6.0 + +You can follow the document on minor upgrade (). + +Special note for upgrading a cluster: + +In version 6.0, the folder download mechanism has been updated. This requires that, in a cluster deployment, seafile-data/httptemp folder must be in an NFS share. You can make this folder a symlink to the NFS share. + +``` +cd /data/haiwen/ +ln -s /nfs-share/seafile-httptemp seafile-data/httptemp + +``` + +The httptemp folder only contains temp files for downloading/uploading file on web UI. So there is no reliability requirement for the NFS share. You can export it from any node in the cluster. + +### 6.0.13 (2017.05.08) + +* \[fix] Fix in file moving/copying dialog, self-owned libraries are not listed +* \[fix] Fix files in self-owned libraries are not listed when searching files in all libraries +* Update timestamp in about dialog + +### 6.0.12 (2017.04.17) + +* Improve performance when checking group shared library permission +* \[fix] Fix image popup in favourite page +* \[fix] Fix generating sharing link with expiring time in file detailed view page +* \[fix] Don't allow to create library with '/' in name +* \[fix] Fix two-factor authentication +* Add script to migrate between different storage backend + +### 6.0.11 (Deprecated) + +### 6.0.10 (2017.04.07) + +* \[fix] Fix a bug in listing libraries in admin panel + +### 6.0.9 (2017.04.01) + +* Show user' name instead of user's email in notifications sent out by email +* Add config items for setting favicon, disable wiki feature +* Add css id to easily hide user password reset and delete account button +* \[fix] Fix UI bug in restoring a file from snapshot +* \[fix] Fix after renaming a file, the old versions before file rename can't be downloaded +* \[security] Fix XSS problem of the "go back" button in history page and snapshot view page +* \[fix] Fix crash problem of seaf-import +* Add API to create/delete/modify an account in Org +* \[ad/ldap sync] Support import posix group +* \[fix] Fix Office Web App co-authoring problems when opening file in a shared sub-folder +* \[fix] Fix "IE 9 not supported" popup message not showing + +### 6.0.8 (2017.02.23) + +Improvement for admin + +* Admin can add/delete group members +* Admin can create group in admin panel +* Force users to change password if imported via csv +* Support set user's quota, name when import user via csv +* Set user's quota in user list page +* Add search group by group name +* Use ajax when deleting a user's library in admin panel +* Support logrotate for controller.log +* Add a log when a user can't be find in LDAP during login, so that the system admin can know whether it is caused by password error or the user can't be find +* Delete shared libraries information when deleting a user +* Add admin API to create default library for a user +* \[ldap-sync] Support syncing users from AD/LDAP as inactive user + +Other + +* \[fix] Fix user search when global address book is disabled in CLOUD_MODE +* \[fix] Avoid timeout in some cases when showing a library trash +* Show "the account is inactive" when an inactive account try to login +* \[security] Remove viewer.js to show open document files (ods, odt) because viewer.js is not actively maintained and may have potential security bugs +* \[fix] Exclude virtual libraries from storage size statistics +* \[fix] Fix mysql gone away problem in seafevents +* Add region config option for Swift storage backend +* \[anti-virus] Send notification to the library owner if a virus is found + +### 6.0.7 (2017.01.18) + +* Set users role from Shibboleth affiliation attribute (, search "Affiliation and user role") +* \[fix] Uploading files with special names lets seaf-server crash +* \[fix] Fix reading database connection pool setting from ccnet.conf and seafile.conf +* \[fix] Fix total storage integer overflow, which is shown at the info page of admin panel) +* \[fix] Fix the password reset email gets send to the primary account email instead of the contact email of the profile. +* \[fix] Do not check path existence when delete user/group folder permission +* Support ADFS +* \[fix] Invitation email subject does not get translated + +### 6.0.6 (2017.01.11) + +* Guest invitation: Prevent the same address can be invited multiple times by the same inviter and by multiple inviters +* Guest invitation: Add an regex to prevent certain email addresses be invited (see ) +* Office online: support co-authoring +* Admin can set users' department and name when creating users +* Show total number of files and storage in admin info page +* Show total number of devices and recently connected devices in admin info page +* Delete shared libraries information when deleting a user +* Upgrade Django to 1.8.17 +* Admin can create group in admin panel +* \[fix] Fix quota check: users can't upload a file if the quota will be exceeded after uploading the file +* \[fix] Fix quota check when copy file from one library to another +* Add `# -*- coding: utf-8 -*-` to seahub_settings.py, so that admin can use non-ascii characters in the file. +* \[fix] Prevent admin from access group's wiki +* \[fix] Prevent transfering libraries to guest account +* \[fix] Prevent guest accout to create share link via API v2 +* Add a log when a user can't be find in LDAP during login, so that the system admin can know whether it is caused by password error or the user can't be find +* Ingore white space character in the end of lines in ccnet.conf + +### 6.0.5 (2016.12.19) + +* \[fix] Fix generating of password protected link in file view page +* \[fix] Fix .jpg/.JPG image display in IE10 +* Export quota usage in export Excel in user list admin page +* \[fix] Fix admin can't delete broken libraries +* Add "back to previous page" link in trash page, history page +* \[fix] Fix file encoding for text file editing online +* \[fix] Don't show operation buttons for broken libraries in normal users page +* \[fix] Support both `[Audit]` and `[AUDIT]` in seafevent.conf +* \[fix] Support utf-8 characters in filename when preview in MSOffice WebApp +* Support Collabora Online 2.0 + +### 6.0.4 (2016.11.29) + +* \[fix] Fix list_inner_pub_repos error in cloud mode +* \[fix] Improve logo show in About dialog +* \[fix] Fix file/folder upload in Firefox 50 +* \[fix] Fix groups not shown in admin panel when there are more than 100 groups + +### 6.0.3 (2016.11.17) + +* \[fix] Fix the shared folder link in the notification message when a user share a folder to another user +* \[fix] Update Django version from 1.8.10 to 1.8.16 +* \[fix] Fix the shared folder name is not changed after removing the old share, renaming the folder and re-sharing the folder +* \[fix] Fix sub-folder accidentially show the files in parent folder when the parent folder contains more than 100 files +* \[fix] Fix image preview navigation when there are more than 100 entries in a folder +* \[fix] Fix jpeg image display in IE10 +* \[fix] Fix bug when admin searching unexisting user +* Add support for online view of mov video files +* Make web access token expiring time configurable +* Add an option on server to control block size for web upload files +* \[fix] Failed to cache (set/get) WOPI_ACCESS_TOKEN_EXPIRATION due to memcached key length limit +* \[fix] Not allow user to set the permissions onto unshared folder. Because it is useless. +* \[fix] Fix condition check when display share icon for guest user +* Support full-text search and audit log by default +* \[fix] Fix permission dialog bug when the corresponding user/group deleted + +### 6.0.2 (2016.10.20) + +* \[fix] Virus scan fails when the keystone token has expired +* \[fix] If you share a sub-folder to a group, the sub-folder will appear as a library in that group page. Don't show "permission" menu item for such a shared sub-folder on the group page, because setting permissions on this shared sub-folder not work. The user should set permissions on the original library directly. +* \[fix] Fix API for uploading file by blocks (Used by iOS client when uploading a large file) +* \[fix] Fix a database connection problem in ccnet-server +* \[fix] Fix moved files are still present in local folder until refresh +* \[fix] Fix admin panel can't show deleted libraries + +### 6.0.1 beta + +* Enable create a library from a template +* Enable office preview by default in installation script +* \[fix] Fix not able to move files via WebDAV interface +* Check whether the quota will exceed before saving the uploaded file to Seafile via Web UI or API +* \[fix] Fix owner can't restore a deleted file or folder in snapshot +* \[fix] Fix UI of personal profile page +* \[fix] Fix in some cases mobile devices can't be unlinked +* \[fix] Fix connection problem for the latest MariaDB in initialisation script +* Make maxNumberOfFiles configurable +* \[fix] Remember the sorting of libraries +* Add Finnish translation +* Video + audio no longer be limited by max preview size + +### 6.0.0 beta + +* Add full screen Web UI +* Add file comment +* Improve zip downloading by adding zip progress +* Change of navigation labels +* Support Seafile Drive client +* \[admin] Add group transfer function in admin panel +* \[admin] Admin can set library permissions in admin panel +* Improve checking the user running Seafile must be the owner of seafile-data. If seafile-data is symbolic link, check the destination folder instead of the symbolic link. +* \[ui] Improve rename operation +* Show name/contact email in admin panel and enable search user by name/contact email +* Add printing style for markdown and doc/pdf +* The “Seafile” in "Welcome to Seafile" message can be customised by SITE_NAME +* Improve sorting of files with numbers +* \[api] Add admin API to only return LDAP imported user list +* Code clean and update Web APIs +* Remove number of synced libraries in devices page for simplify the interface and concept +* Update help pages +* \[online preview] The online preview size limit setting FILE_PREVIEW_MAX_SIZE will not affect videos and audio files. So videos and audio with any size can be previewed online. +* \[online preview] Add printing style for markdown + +Pro only features + +* Support LibreOffice online/Collabora Office online +* Add two-factor authentication +* Remote wipe (need desktop client 6.0.0) +* \[anti-virus] Support parallel scan +* \[anti-virus] Add option to only scan a file with size less than xx MB +* \[anti-virus] Add option to specific which file types to scan +* \[anti-virus] Add scanning virus instantly when user upload files via upload link +* \[online preivew] Add printing style for doc/pdf +* \[online preivew] Warn user if online preview only show 50 pages for doc/pdf with more than 50 pages +* \[fix] Fix search only work on the first page of search result pages +* Users can invite guests +* Add role based permission control +* Add term and conditions: admin can write a document of term and conditions. The user must accept it before using Seafile. + +## 5.1 + +You can follow the document on minor upgrade (). + +Warning: when upgrade from 5.1.7 or lower version to 5.1.8+, you need to install python-urllib3 (or python2-urllib3 for Arch Linux) manually: + +``` +# for Ubuntu +sudo apt-get install python-urllib3 +# for CentOS +sudo yum install python-urllib3 + +``` + +### 5.1.11 (2016.08.29) + +* \[fix, security] Fix a bug in permission checking when searching a single library +* Add search user by name and contact email +* Show licensed to information in web UI + +### 5.1.10 (2016.07.12) + +* \[fix] Fix a bug in showing license file information +* \[multi-institution] Enable institution admin to activate/inactive an user +* \[fix] Showing contact email in user auto-completion +* \[fix, multi-tenancy] Fix syncing sub-folder of a shared library +* \[fix, multi-tenancy] Fix file audit page broken when a group corresponding to an item is deleted +* \[fix] Fix seaf-fsck.sh --export fails without database +* \[fix] Fix users with Umlauts in their display name breaks group management and api2/account/info on some special Linux distribution +* Remove user from groups when a user is deleted. +* File lock only valid for 12 hours +* \[fix] Fix can't generate shared link for read-only shared library +* \[fix] Fix can still view file history after library history is set to "no history". +* \[fix] Fix after moving or deleting multiple selected items in the webinterface, the buttons are lost until reloading +* Check user before start seafile. The user must be the owner of seafile-data directory +* Don't allow emails with very special characters that may containing XSS string to register +* \[fix] Fix migrate from community edition to pro edition + +### 5.1.9 (deprecated) + +### 5.1.8 (2016.06.14) + +* \[fix] Fix "page unavailable" when anonymous user visiting a share link when there are organization libraries +* \[fix] Remove bundled python-urllib3 that may cause problems in some systems. In CentOS 7 and ubuntu 16.04 you will need to install python-urllib3 manully. +* \[fix] During downloading multiple files/folders, show "Total size exceeds limits" instead of "internal server error" when selected items exceeds limits. +* \[fix] When delete a share, only check whether the be-shared user exist or not. This is to avoid the situation that share to a user can't be deleted after the user be deleted. +* Add a notificition to a user if he/she is added to a group +* \[multi-institution] Add a page to show the admins of an institution +* \[multi-institution] Add the function to search a user in an institution + +### 5.1.7 (2016.06.08) + +* \[fix] Fix file locking for files with space in name when editing office files via Office Web App +* Improve UI for password change page when forcing password change after admin reset a user's password +* \[ldap sync] Don't deactivate users by default if a user is removed from LDAP server. (DEACTIVE_USER_IF_NOTFOUND = True to turn it on) +* The profile popup dialog show the contact email if it is set +* \[fix] Fix duplicated files show in Firefox if the folder name contains single quote ' +* Add OFFICE_WEB_APP_SERVER_CA setting item to enable visiting OWA server with a self-signed certificate + +### 5.1.6 (2016.05.30) + +* \[security] Fix permission checking for generating share links +* Add an option (ENABLE_SETTINGS_VIA_WEB) to ignore settings via Web UI (system admin->settings) +* \[fix] Fix rendering of some pdf files in Chrome via adding `font-variant-ligatures: no-common-ligatures` +* \[fix] Making user search (used in auto-completion) case insensitive + +### 5.1.5 (2016.05.24) + +* \[fix] Fix page error in display file audit log when the corresponding library is deleted for a log entry and the path is the root of the library +* \[fix] Fix clicking avatar not show profile popup in admin page +* Remove the traffic statistic link (to seafile.com) in profile popup +* \[fix] Fix delayed activation of Shibboleth users +* \[fix] Fix logging the user's email in audit log for share link when the link is a root of a library +* \[owa] Support visiting OWA server with a client side SSL certificate file + +### 5.1.4 (2016.05.17) + +* Download multiple files from Seahub as a ZIP-file +* \[fix] Bug that caused groups cannot be transfered is fixed +* \[fix, admin] Fix page error in display file audit log when the corresponding library is deleted for a log entry +* \[fix] fixed raw downloads not being count towards traffic quota. +* Show a notification in the client and Seahub when a new library is shared to a group. +* Use seafile-data/http-temp to store zip files when downloading a directory or folder +* \[accessibility] Improve accessiblity of library history page by making links for operations selectable by tab. +* \[accessibility] Improve accessiblity of dialogs, add missing "labelledby" properties for the whole dialog. +* Support at most 10 LDAP/AD servers +* Add deactivation of an account on the seafile database user if a number of failed login is attemped. +* \[admin] The share link list in system admin now can be sorted by time +* For un-login users, ask to providing an email before visiting download/upload links, and log the user's email in audit log. This is feature can be turn on by adding `ENABLE_SHARE_LINK_AUDIT` in seahub_settings.py + +### 5.1.3 (2016.04.27) + +* \[fix] Fix group rename +* \[ui] Remember the expanded status of groups +* \[accessibility] Improve accessiblity of library trash page +* \[accessibility] Improve file/folder upload menu +* list all devices in admin panel +* list device syncing errors in admin panel +* Support server side file content encryption +* Support xlsx/pptx editing via OWA +* Add syslog support for seafile.log + +### 5.1.2 (2016.04.21) + +* \[fix] Fix saving avatar to database +* \[fix] A few UI fixes + +Accessiblity improvement + +* Use standard checkbox instead of styled checkbox based on image +* Make library/folder/file operation icons visible on focus +* Make operation icons focusable +* Add aria-label to operation icons +* Make library/folder sort operations focusable +* Add role (navigation, banner, main) to regions +* Make dropdown menu items focusable + +### 5.1.1 beta (2016.04.13) + +* \[fix] Fix file link in search result +* \[fix] Fix setting of "require strong password" via web interface +* API: Add API to get audit log +* Sending email when import users from a CSV file + +### 5.1.0 beta (2016.04.08) + +Dependency update: + +* Upgrade to django 1.8 +* Update jquery to v1.11 +* \[ceph] Update librados to 0.9.4 + +Web + +* Redesign navigation +* Rewrite group management +* Improve sorting for large folder +* Remember the sorting option for folder +* Improve devices page +* Update icons for libraries and files +* Remove library settings page, re-implement them with dialogs +* Remove group avatar +* Don't show share menu in top bar when multiple item selected +* Auto-focus on username field when loading the login page +* Remove self-introduction in user profile +* Force the user to change password if adding by admin or password reset by admin +* disable add non-existing user to a group +* Add an option for disable forcing users to change password (FORCE_PASSWORD_CHANGE, default is True) +* Support new Shibboleth users be created as inactive and activated via Admin later (SHIB_ACTIVATE_AFTER_CREATION , default is True) + +Pro only + +* Support automatic file locking for office files +* Realtime backup (see ) +* Sending emails in backend when importing users via CSV files +* Support Swift API +* seaf-gc support running in multi-thread mode +* \[fix] Fix crash problem when visit S3/Swift via HTTPS +* \[fix] Fix handling special characters in LDAP group sync + +## 5.0 + +You can follow the document on major upgrade () + +In Seafile 5.0, we have moved all config files to folder `conf`, including: + +* seahub_settings.py -> conf/seahub_settings.py +* ccnet/ccnet.conf -> conf/ccnet.conf +* seafile-data/seafile.conf -> conf/seafile.conf +* \[pro only] pro-data/seafevents.conf -> conf/seafevents.conf + +If you want to downgrade from v5.0 to v4.4, you should manually copy these files back to the original place, then run minor_upgrade.sh to upgrade symbolic links back to version 4.4. + +The 5.0 server is compatible with v4.4 and v4.3 desktop clients. + +### 5.0.7 (2016.03.10) + +* \[security] Backport Django's fix for CVE-2016-2512 +* \[security] Improve randomness in password reset: using get_random_string from django.utils.crypto to replace Python's random library +* \[ui] Restore file from Trash using Ajax +* \[api] Add API to send share link via emails +* \[api] Add API to get Office Web App link + +### 5.0.6 (2016.03.02) + +* Add ENABLE_USER_CREATE_ORG_REPO to enable/disable organization repo creation. +* Change the Chinese translation of "organization" +* Use GB/MB/KB instead of GiB/MiB/KiB in quota calculation and quota setting (1GB = 1000MB = 1,000,000KB) +* Show detailed message if sharing a library failed. +* \[shibboleth] Support set user's name in Seafile from givenname and surname in Shibboleth. +* \[fix] Fix JPG Preview in IE11 +* \[fix] Fix empty nickname during shibboleth login. +* \[fix] Fix default repo re-creation bug when web login after desktop. +* \[fix] Don't show sub-libraries at choose default library page, seafadmin page and save shared file to library page +* \[fix] Seafile server daemon: write PID file before connecting to database to avoid a problem when the database connection is slow +* \[fix] Don't redirect to old library page when restoring a folder in snapshot page +* \[fix] Fix a bug in showing virus scan page +* \[fix] Fix background notification email sending. +* \[fix, cluster] Fix handling memcached server failover + +### 5.0.5 (2016.01.29) + +* Change the Chinese translation of "organization" +* \[fix] Show "out of quota" instead of "DERP" in the case of out of quota when uploading files via web interface +* Get name, institution, contact_email field from Shibboleth +* \[webdav] Don't show sub-libraries + +### 5.0.4 (2016.01.20) + +* Read/write fs objects with multiple threads when Ceph/S3 back end is used +* Support HTTPS connections to S3 back end. +* \[fix] Fix unable to set a library to keep full history when the globally default keep_days is set. +* \[fix] Improve the performance of showing library trash +* \[fix] Fix downloading a file from a shared link when its path contain special characters +* \[fix] Improve share icon +* Stop logging into logs/stats-logs +* Don's show "Access Log" for a file in the dropdown menu if audit log is not turned on. + +### 5.0.3 (2015.12.28) + +* Search user by name in case insensitive way +* Show broken libraries in user's library page (so they can contact admin for help) +* \[fix] Fix LDAP sync problem +* \[fix] Fix support for SQLite backend +* \[fix] Fix PDFs under special folder name can't be viewed online +* \[fix] Fix cache for thumbnail in sharing link +* \[fix] Fix script for online GC +* \[fix] Enable copy files from read-only shared libraries to other libraries +* \[fix] Open image gallery popup in grid view when clicking the thumbnail image +* \[fix] Fix issues in multi-tenancy mode +* \[api] Add listing share upload links +* \[api] Delete be-shared libraries + +### 5.0.2 (2015.12.18) + +* \[ui] Improve UI of all groups page +* Don't allow sharing library to a non-existing user +* \[fix, admin] Fix deleting a library when the owner does not exist anymore +* \[fix] Keep file last modified time when copy files between libraries +* Enable login via username in API +* \[ui] Improve markdown editor + +Cluster + +* \[fix] Fix a read/write consistency bug in reading library latest commit from database + +Improve seaf-fsck + +* Do not set "repaired" mark +* Clean syncing tokens for repaired libraries so the user are forced to resync the library +* Record broken file paths in the modification message + +Sharing link + +* Remember the "password has been checked" information in session instead of memcached +* \[security] Fix password check for visiting a file in password protected sharing link. +* Show file last modified time +* \[fix] Fix image thumbnail in grid view +* \[ui] Improve UI of grid view mode + +### 5.0.1 (2015.12.07) + +New features + +* \[admin] Show the list of groups an user joined in user detail page +* \[admin] Add exporting user/group statistics into Excel file +* \[admin] Admin can see the file number of a library +* \[admin] Admin can disable the creation of encrypted library +* \[admin] Admin can visit all non-encrypted libraries via Web UI (need to turn on `ENABLE_SYS_ADMIN_VIEW_REPO = True` in seahub_settings.py) +* \[admin] Add license expiration notification +* \[admin] A tool to debug LDAP/AD settings +* \[admin] Use a new algorithm to run GC online, reducing database locking time. +* \[admin] Enabling exporting audit logs to Excel file +* Enable searching inside a library +* User can see the access log of a file +* Showing libraries list in "All Groups" page +* Add importing group members from CSV file +* Add grid view for folder sharing link +* A trash for every folder, showing deleted items in the folder and sub-folders. + +Account management improvement: + +* Admin can set username (internally it is called login_id) for an user and enable login by username. (see the [LDAP user sync document](http://manual.seafile.com/deploy/ldap_user_sync.html) for how to sync user ID into login_id) +* Admin can set contact_email for users + + +``` +Seafile uses email to uniquely identify an user. With these two features, you can sync LDAP username into login_id, sync LDAP email to contact_email, store username@domain-name to Seafile's email field. With this config: + * Users will be able to login via username + * Email will be send to the contact email address + * Seafile uses username@domain-name to uniquely identify an user. + +``` + +UI changes: + +* Change most png icons to icon font +* UI change of file history page +* UI change of library history page +* UI change of trash page +* UI change of sharing link page +* UI change of rename operation +* Don't open a new page when click the settings, trash and history icons in the library page +* Update Markdown editor and viewer +* other small UI improvements + +Config changes: + +* Move all config files to folder `conf` +* Add web UI to config the server. The config items are saved in database table (seahub-dab/constance_config). They have a higher priority over the items in config files. + +Fixes + +* \[fix, admin] Fix searching libraries by name when some libraries are broken +* \[security] Change most GET requests to POST to increase security +* \[fix] Fix problem in deleting tmp files in virus scan +* \[fix] Fix seaf-gc when seafile-data is stored in non-default location + +### 5.0.0 (deprecated) diff --git a/manual/changelog/client-changelog.md b/manual/changelog/client-changelog.md new file mode 100644 index 00000000..9e158a80 --- /dev/null +++ b/manual/changelog/client-changelog.md @@ -0,0 +1,993 @@ +# Seafile Client Changelog + +## 8.0 + +### 8.0.0 beta (2020/11/28) + +* \[Win] Build with Visual Studio 2019 instead of MinGW +* \[Win/Mac] Upgrade Qt version to 5.15.1 (which supports TLS 1.3) +* Add V4 encryption library support, which will be available in server 8.0 + +## 7.0 + +### 7.0.10 (2020/10/16) + +* Fix sync error when downloading duplicated files from a library +* Fix crash bug when downloading files with very long names + +### 7.0.9 (2020/07/30) + +* Avoid downloading existing blocks during sync download +* Fix crash when cancel syncing before a library is synced +* Fix incorrect error message in some error situations + +### 7.0.8 (2020/06/03) + +* Fix GUI crash on start +* Avoid redundant notification when downloading updates from a read-only library + +### 7.0.7 (2020/04/03) + +* Use new API to copy/move files from one library to another in cloud file browser +* \[fix] Fix SSO problem after logout and login again +* \[mac] Ignore files start with `._` +* \[fix] Fix deleting of multiple sync error logs + +### 7.0.6 (2020/02/14) + +* Enable to config block size at the client side +* Do not refresh explorer when restart +* Can clean sync error records in sync errors dialog +* \[fix] Do not popup the sync errors dialog when click a sync notification popup + +### 7.0.5 (2020/01/14) + +* Fix some right click menu do not work +* Fix "View on cloud" function +* Fix sign in file name break "view file history" +* Support get upload link for folders +* \[mac] Fix SSO in MacOS 10.15 + +### 7.0.4 (2019/11/20) + +* Fix showing syncing error "!" in the system tray icon after restarting the client +* Don't clean modified files in cloud file browser +* Improve seaf-cli +* \[mac] Add support for MacOS 10.15 +* \[mac] Drop support for MacOS 10.12, 10.11 and 10.10 + +### 7.0.3 (2019/10/31) + +* Official repo for CentOS or RHEL is ready. Currently only CentOS/RHEL 7 is supported. +* Seaf-cli now support both Python2 and Python3. +* Re-enable the old style seafile internal links (seafile://openfile?repo_id=…) +* Improve error message display +* Fix a bug that local added files are deleted if the folder is removed or renamed by another user simultaneously. +* Improve progress percentage display during syncing downloading. +* Users can check who locked a file now + +### 7.0.2 (2019/08/12) + +* Improve notifications when user editing files in read-only libraries +* \[fix] Fix seaf-cli syncing problem + +### 7.0.1 (2019/07/11) + +* Fix a bug that causing GUI to crash when seaf-daemon dead +* Fix a bug that cloud file browser does not show file status correctly +* Do not show lots of "Failed to index file" messages + +### 7.0.0 (2019/06/04) + +* Improve error notifications +* Support new version of encrypted libraries if server version is 7.0.0+ +* Starred items support libraries and folders +* Support new version of file activities +* Fix the error of "Failed to remove local repos sync token" during client shutdown +* Add menu to repair Windows Explorer extension + +## 6.2 + +### 6.2.10 (2019/01/15) + +* \[fix] Fix support for Windows user name containting non-ascii characters +* Remove seacloud.cc from the default server list +* Remove description from library detail dialog + +### 6.2.9 (2018/12/10) + +* \[fix] Fix background index when upload files via cloud file browser +* Don't call ping and account-info every 5 minutes + +### 6.2.8 (2018/12/05) + +* \[fix] Don't refresh activity list automatically +* \[fix] Fix view on Web link for starred items + +### 6.2.7 (2018/11/22) + +* Handle library permission change for synced libraries +* Don't retry forever when error occur during first time downloading +* \[mac] Fix dark mode support on Mac Mojave +* Show user's name instead of email in account switching popup + +### 6.2.5 (2018/09/14) + +* More robust deleting folder locally if it is deleted on the server +* Show file modifier in cloud file browser +* \[fix, win] Fix avatar with jpg format can't be displayed problem +* Support getting internal link +* \[fix, win] Fix support for some SSL CA + +### 6.2.4 (2018/08/03) + +* \[fix] Fix a bug that causing Windows Explorer crash + +### 6.2.3 (2018/07/30) + +* Prevent multiple seaf-daemon running +* \[fix] Support preconfigured Shibboleth Url +* Restart seaf-daemon automatically if it is dead + +### 6.2.2 6.2.1 Beta (2018/07/13) + +* \[fix] Fix initialization problem in first time launching +* Improve file syncing notification message + +### 6.2.0 Beta (2018/07/03) + +* \[mac] Add automatical locking support for Office files +* \[mac] Don't update local office file if it is editing locally while simultaneously edited remotely +* \[win] Enable using both syncing client and drive client while keep the Explorer file status icon work for both +* \[win] Remove ccnet component to make running multiple-instances on a single machine possible +* Don't send unneccesary "api2/events" requests +* \[cloud file browser] Fix uploading retrying +* \[fix] Fix .eml files can't be deleted + +## 6.1 + +### 6.1.8 (2018/05/08) + +* \[fix] Fix display of library search box + +### 6.1.7 (2018/03/29) + +* \[fix] Fix file searching +* \[cloud file browser] Support showing indexing progress after uploading a large file + +### 6.1.6 (2018/03/13) + +* \[fix] Fix crash during login +* \[cloud file browser] Only show search button when the server is pro edition +* Show detailed path when a library can't be synced because a file is locked +* \[fix] Fix a crash during file syncing caused by files with illegal file name +* \[fix] Fix a bug that causing crash during loading libraries + +### 6.1.5 (2018/02/06) + +* Add "trust this device" function to two-step authentication +* Add search files inside a library +* Some UI improvements + +### 6.1.4 (2017/12/20) + +cloud file browser + +* Don't use resumable upload feature when updating a file +* Show an icon to indicate that a file is cached +* Show a warning icon when a file failed to upload to the server after changing +* User can re-upload a local modified file that failed to upload +* Add a command to open local cache folder +* Improve error messages when uploading a file or a folder +* \[mac] Fix a bug that a doc/xls file uploaded automatically after downloading +* Some ui fixes and improvements + +others + +* Don't show the connection status of 127.0.0.1 +* Disable editing of local syncing path, users can only choose a path +* Some ui fixes and improvements + +### 6.1.3 (2017/11/03) + +* \[fix] Fix system tray icon +* Change "Shibbeloth Login" to "Single Sign On" +* \[fix] Fix MacOS client using discrete GPU +* \[cloud file browser] Improve file uploading after modification +* \[cloud file browser, fix] Don't show quota exceeded when server return 502 error +* \[cloud file browser] Show number of files in current folder + +### 6.1.2 (2017/10/28) + +* \[win] Update system tray icon +* Return error if repo name contains invalid characters when syncing a library +* Update local folder name when repo name is changed. +* Leave a shared library +* \[fix] Fix open cloud file browser from activity view +* \[fix] Fix loading more events in activity tab +* \[fix, cloud file browser] Always watching local cached files after uploading failed when file changed +* \[fix, cloud file browser] Use local cached version if it is changed locally + +### 6.1.1 (2017/09/20) + +* Improve support for syncing EML files (Don't sync EML files if only timestamp changed) +* Improve support for Copy/Paste files in cloud file browser +* \[mac] Fix opening file history from Mac +* \[fix] Fix memory leak in Windows extension handler +* \[fix] Fix re-login with Shibboleth +* UI/UX improvements for cloud file browser +* \[fix, windows] Fix a bug in detecting whether there is an old instance of Seafile running + +### 6.1.0 (2017/08/02) + +* \[fix] Fix a bug that library name will be changed back when it is changed in the server +* \[fix] Fix a bug that uploading progress exceeding 100%. +* \[fix] Fix selectively synced subfolder disappear after logout and login again +* Use new library icons +* \[fix] Fix showing of avatars +* \[fix] Improve UI in Windows with high DPI screens +* Only allow https for Shibboleth login +* Clean unused logs in applet.log +* Remove the function of map a library to a network drive +* \[fix] Fix an issue when uploading a deep empty folder like "A/B/C" +* Change default block size to 8MB +* \[fix, mac] Popup a notification after user clicking the "Check new version" button in about dialog if the current version is the latest version + +## 6.0 + +### 6.0.7 (2017/06/23) + +* \[fix] Fix auto-completion in sharing dialog +* Show contact avatars in auto-completion of sharing dialog +* \[fix] Fix mis-leading error message when uploading a file to a read-only library via cloud file browser +* Add highlight background color when drag and drop a file/folder to a library +* \[fix] Fix connection error in libcurl +* \[fix] Fix sorting by time in cloud file browser +* \[fix] Fix sorting by name case sensitive in cloud file browser +* \[fix] Fix drag more than one folder to cloud file browser +* Add loading more in activity tab and search tab +* "View sync error" can only be clicked when there are sync errors +* Move seafile.log, applet.log to seafile.log.old, applet.log.old if they become too large +* Remove the "?" icon in creating new folder dialog title bar + +### 6.0.6 (2017/05/08) + +* Sort files by numbers if numbers contained in the file name, so "1, 10, 2, 11, 3" will be sorted as "1, 2, 3, 10, 11". +* Use native system window for Seafile main windown and cloud file browser window. +* Fix progress overflow when uploading large file using cloud file browser +* Improve the tip when removing an account in the client +* Don't show download button when select folders in cloud file browser +* Clean cache data of cloud file browser when logout an account or restart the client +* \[fix] Fix display problem for high screen Windows in win10 +* \[fix] Fix libssl compatibility problem in Debain Stretch +* Add auto-update check + +### 6.0.4 (2017/02/21) + +* \[fix] Fix Shibboleth login support +* Improve network connection check +* Don't log "read pipe error" into log file +* \[fix] Fix the link for help page +* Improve library sharing dialog (pro edition only feature) + +### 6.0.3 (2017/02/11) + +* Add a dialog to list all sync errors +* Don't popup file is locked by other users error message +* Make sync error message more accurate +* \[win] Support intermediate CA +* \[cloud file browser] Show correct error message when quota is exceeded during file upload +* Show the server address during Shibboleth login +* Support pre-config Shibboleth server address in seafile.ini +* \[fix] Show the recent shared user in sharing dialog +* "open folder" changed to "open local folder" + +### 6.0.2 (deprecated) + +This version has a few bugs. We will fix it soon. + +### 6.0.1 (2016/12/07) + +* Don't generate case conflict file/folder +* \[fix] Fix popup style for Mac Sierra +* Show image thumbnail in cloud file browser +* Change label "organization" to "shared with all", "private shares" to "shared with me" + +### 6.0.0 (2016/10/14) + +* \[fix] Fix a conflict problem with ESET anti-virus program +* Fix client name and add client version in modification history +* Add remote wipe support +* \[fix] Fix sub-folder permission support + +## 5.1 + +### 5.1.4 (2016/07/29) + +* \[fix] Fix seaf-daemon crash if root dir is corrupted +* \[fix, pro] Fix auto-completion in sharing a folder to a user if the user name contains a space + +### 5.1.3 (2016/06/27) + +* Support syncing any sub-folder with a community server +* \[fix, win] Fix automatically unlocking office files +* \[fix, pro] Fix auto-completion in sharing a folder to a user +* auto-login for open file history in web +* Prevent generating too many "case conflict" files + +### 5.1.2 (2016/06/07) + +* Add context menu to view file history in web +* \[fix, pro] Fix user auto-completion in folder sharing dialog +* \[linux] Fix tray icon not shown in KDE 5 +* \[win 10, fix] Fix explorer context menu has no right arrow +* \[win, fix] Can't create new files/folders in "My Library" Shortcut +* \[win, fix] Fix on Windows 10 sometimes the seafile client main window exceeds the height of the screen. + +### 5.1.1 (2016/05/04) + +* Add “Groups” category in the client’s library view +* Click notification pop up now open the exact folder containing the modified file. +* Change "Get Seafile Share Link" to "Get Seafile Download Link" +* \[fix] Use case-insensitive sorting in cloud file browser +* \[fix] Don't sync a folder in Windows if it contains invalid characters instead of creating an empty folder with invalid name +* \[fix] Fix a rare bug where sometimes files are synced as zero length files. This happens when another software doesn't change the file timestamp after changing the content of the file. + +### 5.1.0 (2016/04/11) + +Note: Seafile client now support HiDPI under Windows, you should remove QT_DEVICE_PIXEL_RATIO settings if you had set one previous. + +* Update to QT5.6 +* Add HiDPI support +* Remove corrupted local metadata when unsync or resync a library + +## 5.0 + +### 5.0.7 (2016/03/29) + +* \[fix, mac] Enable multi-users running Seafile on Mac +* \[win, pro] auto-lock office files (doc/ppt/excel) when open, require Seafile pro edition v5.1.0+ +* Enable using system proxy setting +* Auto login when viewing unread notifications +* Record device name to modification history + +### 5.0.6 (2016/03/08) + +* \[fix, mac] Fix deleted folder get re-uploaded if with .DS_Store inside +* \[fix] Fix loading proxy configuration during start-up +* \[fix] Fix a crash bug when using libcurl with multiplt https connection +* \[fix] Fix sync problem when the network connection is slow +* Use GB/MB/KB instead of GiB/MiB/KiB (1GB = 1000MB = 1,000,000KB) +* \[fix] Fix disappear of synced sub-folder from the main window +* Small UI improvements + +### 5.0.5 (2016/02/20) + +* \[fix] Fix a crash bug in multi-threaded file download/upload + +### 5.0.4 (2016/01/26) + +* Add crash report support +* \[win] Add mapping a synced library as a network drive + +### 5.0.3 (2016/01/13) + +* \[fix] Fix German translation + +### 5.0.2 (2016/01/11) + +* \[fix] Fix compatibility issue with F-Secure +* Add setting sync interval for a library +* Showing progress when downloading file list during the first-time syncing + +### 5.0.1 (2015/12/21) + +* \[fix] Fix a memory leak +* Show user name instead of email in the profile area +* \[pro] For pro users, you can manage the library sharing from the client now. + +### 5.0.0 (2015/11/25) + +* Show storage usage +* Support login via username +* Set current tab icon color to orange +* Send notifications when sync error happens for some files +* Improve file locking for Microsoft Office files +* \[fix] Fix preventing syncing with any folder if it is prevented by the server +* \[windows] Set TCP send buffer size and TCP_NODELAY options +* \[fix] Keep ignore files when deleting a folder () + +## 4.4 + +### 4.4.2 (2015/10/20) + +* \[fix] Fix showing data transfer percentage in syncing. +* Add open containing folder in search result + +### 4.4.1 (2015/10/14) + +* \[fix, win] Fix a rare bug in file sync on Windows related to multi-thread downloading + +### 4.4.0 (2015/09/18) + +* Fix bugs in file ignore feature +* Fix popup two password input dialogs when visit an encrypted library +* Popup a tip when file conflicts happen +* Don't send the password to server when creating an encrypted library +* \[mac] Fix support for TLS 1.2 +* \[win, extension] Add context menu "get internal link" +* Enable uploading of an empty folder in cloud file browser +* \[pro] Enable customization of app name and logo for the main window (See ) +* A few small UI improvements + +## 4.3 + +### 4.3.4 (2015/09/14) + +* Fix a bug in refresh file locking status icon +* Use 3 threads instead of 10 threads when syncing files to reduce load on server + +### 4.3.3 (2015/08/25) + +* Fix one more syncing issues introduced in v4.3.0 +* Improve the file lock icon +* Improve cloud file browser +* Fix icon overlay problem in win10 +* Add back sync with existing folder + +### 4.3.2 (2015/08/19) + +* Fix more syncing issues introduced in v4.3.0 +* Update translation +* Fix ignore feature +* Add HiDPI icons for cloud file browser + +### 4.3.1 (2015/08/11) + +* Fix syncing issues. + +### 4.3.0 beta (2015/08/03) + +* \[fix, windows] Fix a bug that causes freeze of Seafile UI +* \[sync] Improve index performance after a file is modified +* \[sync] Use multi-threads to upload/download file blocks +* \[admin] Enable config Seafile via seafile.rc in Mac/Linux or seafile.ini in Windows () +* \[admin] Enable uninstall Seafile without popup "deleting config files" dialog +* Add file lock +* \[mac, extension] Add getting Seafile internal link +* \[mac, extension] Improve performance of showing sync status + +## 4.2 + +### 4.2.8 (2015/07/11) + +* \[win] Another fix on the explorer extension +* Improve the ui for downloading the encrypted library +* filebrowser: fix a crash when closed while context menu pop up +* explorer extension: show read-only badge when a file is read-only + +### 4.2.7 (2015/07/08) + +* \[win] Fixed another bug that will cause crash of explorer extension +* \[win] Add executable file version information for the client +* \[mac] Use OS X native notification when possible (OS X >= 10.8) +* \[mac] Implement sync status improvement for every files +* filebrowser: fix uploading failures in the folders with permission set +* filebrowser: support "save as" multiple files simultaneously +* filebrowser: fix the sorting of folders +* filebrowser: implement get seafile internal link +* shibboleth: popup ShiLoginDialog when doing relogin +* \[ui] disable the inputablity of computer name when doing login + +### 4.2.6 (2015/06/25) + +* \[win] Fixed more memory problem that will cause crash of explorer extension + +### 4.2.5 (2015/06/24) + +* \[win] Fixed a possible memory corruption in explorer extension +* \[win] Add icon for readonly state in explorer extension +* \[win] unconfigured clients now can hide the configuration wizard +* \[win] ui: improve set password dialog +* \[win] fix broken local DNS resolve +* \[mac] add "seafile://" protocol support +* \[ui] tweak search tab item padding +* Add a menu item to open seafile folder +* \[ui] don't change current account after logout +* \[ui] fix some bugs on account-view +* \[ui] improve account management +* filebrowser: support readonly directories +* \[fix] Fix creating subfolder for password-protected repo +* \[fix] Fix file size integer overflow in search results + +### 4.2.4 (2015/06/11) + +* \[win] add workarounds with auto update bugs in cloud browser +* \[win] add the missing support for ipv6 (curl) +* \[pro] add new tab to searching files +* \[osx] fix the regularly disappearance tray icon (Qt5.4.2) +* \[osx] fix broken network connection sometimes after resume (Qt5.4.2) +* add an option to syncing with an existing folder with a different name +* avoid race condition when quiting +* fix a bug with opening password-protected repo in cloud browser +* ui: tweak paddings in the event activities +* filebrowser: show file type correctly along with icons +* ui: improve repo item category +* ui: show download link in share link dialog +* ui: enhance event details + +### 4.2.3 (2015/05/29) + +* Improve self-signed CA support +* Auto login when click "view on cloud" +* \[fix] Fix bugs with open directory from modification details dialog (pro) +* \[fix] Fix incorrect transfer rates for each sync task +* \[fix] Fix auto uploaded modified files in cloud file browser for some office files + +### 4.2.2 (2015/05/26) + +* \[win] Use Openssl to handle HTTPS connection +* \[mac] Load trusted CA certificates from Keychain +* \[fix] Fix logout/login issue (libraries stay at waiting for sync) +* \[fix] Fix a file deletion problem in Mac client +* Ignore the others of ssl errors if we have dealt with one +* Expand env variable in preconfigure seafile directory +* Hide explorer extension option on other platforms than windows +* Cloud file browser: fix broken title bar when minimized on windows +* Remove unused option in setting dialog + +### 4.2.1 (2015/05/14) + +* \[fix] Fix "Waiting for synchronization" problem +* \[win] Fixed encoding problem in the explorer extension +* \[win] Prefer home for seafile data dir when it is on the largest drive +* \[win] Adopt preconfigure directory for initialization if any +* \[win] Adopt preconfigure server addr for adding accounts if any +* \[win] Open current repo worktree when clicking ballon message +* \[mac] Fix some memory leaks +* Description is no longer required when creating repositories +* \[fix] Fix webview url for server version >= 4.2.0 +* redesign the event list in activity tab (pro) +* \[fix] Fix window focus when creating repository from drag and drop +* \[fix] filebrowser: fix sorting column kind for non-English users +* network: disable weak ciphers explicitly +* \[fix] Fix a issue synced subfolders are not shown when client starts +* \[fix] Remember the used server addresses for convenience +* \[fix] Fix the ssl handshake errors with custom CA seafile servers + +### 4.2.0 (2015/05/07) + +* \[win] Support overlay icons for files based on the sync status +* Use http syncing only +* Auto detect existing folders and prompt "syncing with existing folder" in first time syncing +* \[win] Open desktop icon popup the main window if Seafile is already running +* Respect umask on Linux +* \[fix] Fix main window stay outside screens problem +* \[fix] Fix a few small syncing issues. +* \[osx] Allow sharing root directory from finder extension +* Auto login from the client when click the server URL (need v4.2 server) +* Auto logout when the authorization is expired (require server supports) +* Auto detect existing folders in first time syncing +* Save server info persistently +* More miscellaneous fixes + +## 4.1 + +### 4.1.6 (2015/04/21) + +* \[win] add overlay icon to show sync status at the library level +* \[win] add an option to enable/disable explorer extension support +* \[mac] add finder sync extension (need OSX 10.10.x) +* \[mac] fix the broken hide-the-dock option in some cases +* \[linux] fix the bug that we have two title bar for some desktop environment +* Update shibboleth support +* \[cloud file browser] Pop notifications when new versions of cached files uploaded +* \[cloud file browser] Add a save_as action +* \[cloud file browser] Improve file browser's UI +* \[fix] Fix a rare case of login failure by using complex password, a regression from 4.1.0 +* \[fix] Fix a rare case of program crash when changing accounts +* Update avatars automatically +* More miscellaneous fixes + +### 4.1.5 (2015/04/09) + +* Add Shibboleth login support +* Reset local modified files to the state in Server when resyncing a read-only library. +* \[fix] Fix unable to unsync a library when it is in the state of uploading files +* \[fix, win] handle file/directory locking more gracefully +* Add http user agent for better logging in Apache/Nginx +* \[fix] Fix timeout problem in first time syncing for large libraries + +### 4.1.4 (2015/03/27) + +* \[fix, win] Fix Windows explore crash by seafile extension when right clicking on "Libraries->Documents" at the right side + +### 4.1.3 (2015/03/23) + +* \[fix] Fix unable to sync bug (permission denial) if the Windows system user name contains space like "test 123" introduced in v4.1.2 +* \[win] Update version of OpenSSL to 1.0.2a + +### 4.1.2 (2015/03/19) (deprecated) + +* Add logout/login support (need server 4.1.0+) +* fix proxy password disappearance after restarting issue +* mask proxy password in the setting dialog +* \[fix] fix unexpected disconnection with proxy servers +* \[fix] fix a conflicting case when we have read-only sharing repository to a group +* update translations +* support darkmode (OS X) +* and other minor fixes + +### 4.1.1 (2015/03/03) + +* Add network proxy support for HTTP sync +* \[mac] Add more complete support for retina screen +* Improve UI +* Add option for killing old Seafile instance when starting a new one +* Add experimental support for HiDPI screen on Windows and Linux +* Showing shared from for private shared libraries +* Use API token v2 for shibbloeth login +* \[fix] Fix some bugs in uploading file from cloud file browser +* fix a bug of uploading directory from cloud file browser (pro version) + +### 4.1.0 beta (2015/01/29) + +* Add support for HDPI screen by using QT5 +* \[win] Add context menu for generating share link +* Enable changing of interface language +* Make http syncing the default option (will fall back to non-http sync automatically if the server does not support it) +* \[fix] Fix a problem in handling long path in Windows + +## 4.0 + +### 4.0.7 (2015/01/22) + +* \[win] support for file path greater than 260 characters. + +In the old version, you will sometimes see strange directory such as "Documents~1" synced to the server, this because the old version did not handle long path correctly. + +### 4.0.6 (2015/01/09) + +* \[fix] Fix a timeout problem during file syncing (Which also cause program crash sometimes). + +### 4.0.5 (2014/12/24) + +* \[mac] More on fixing mac syncing problem +* \[linux, mac] Do not ignore files with invalid name in Windows +* \[fix] Fix "sync now" +* \[fix] Handle network problems during first time sync +* \[file browser] Support create folders +* \[file browser] Improve interface +* \[file browser] Support multiple file selection and operation + +### 4.0.4 (2014/12/15) + +* \[mac] Fix a syncing problem when library name contains "è" characters +* \[windows] Gracefully handle file lock issue. + +In the previous version, when you open an office file in Windows, it is locked by the operating system. If another person modify this file in another computer, the syncing will be stopped until you close the locked file. In this new version, the syncing process will continue. The locked file will not be synced to local computer, but other files will not be affected. + +### 4.0.3 (2014/12/03) + +* \[mac] Fix a syncing problem when library name contains "è" characters +* \[fix] Fix another bug in syncing with HTTP protocol + +### 4.0.2 (2014/11/29) + +* \[fix] Fix bugs in syncing with HTTP protocol + +### 4.0.1 (2014/11/18) + +* \[fix] Fix crash problem + +### 4.0.0 (2014/11/10) + +* Add http syncing support +* Add cloud file browser + +## 3.1 + +### 3.1.12 (2014/12/01) + +* \[fix] Fix a syncing problem for files larger than 100MB. + +### 3.1.11 (2014/11/15) + +* \[fix] Fix "sometimes deleted folder reappearing problem" on Windows. + +You have to update all the clients in all the PCs. If one PC does not use the v3.1.11, when the "deleting folder" information synced to this PC, it will fail to delete the folder completely. And the folder will be synced back to other PCs. So other PCs will see the folder reappear again. + +### 3.1.10 (2014/11/13) + +* \[fix] Fix conflict problem when rename the case of a folder +* \[fix] Improve the deleted folder reappearing problem if it contains ignored files +* \[fix] Add "resync" action + +### 3.1.8 (2014/10/28) + +* Better support read-only sync. Now local changes will be ignored. +* \[mac,fix] Fix detection of local changes. + +### 3.1.7 (2014/09/28) + +* \[fix] Fix another not sync problem when adding a big file (>100M) and several other files. + +### 3.1.6 (2014/09/19) + +* Add option to sync MSOffice/Libreoffice template files +* Add back choosing the "Seafile" directory when install Seafile client. +* Add option to change the address of a server +* Add menu item for open logs directory +* \[mac] Add option for hide dock icon +* Show read-only icon for read-only libraries +* Show detailed information if SSL certification is not valid +* Do not show "Seafile was closed unexpectedly" message when turning down of Windows +* Don't refresh libraries/starred files when the window is not visible +* Move local file to conflict file when syncing with existing folder +* Add more log information when file conflicts happen +* \[fix] Fix sync error when deleting all files in a library +* \[fix] Fix not sync problem when adding a big file (>100M) and several small files together. +* \[fix] Fix Windows client doesn't save advanced settings + +### 3.1.5 (2014/08/14) + +* Do not ignore libreoffice lock files +* \[fix] Fix possible crash when network condition is not good. +* \[fix] Fix problem in syncing a large library with an existing folder +* Add option "do not unsync a library even it is deleted in the server" +* \[mac] upgrade bundled openssl to 1.0.1i +* \[mac] remove unused ossp-uuid dependency +* \[mac] fix code sign issue under OSX 10.10 + +### 3.1.4 (2014/08/05) + +* \[fix, mac] Fix case conflict problem under Mac + +### 3.1.3 (2014/08/04) + +* \[fix] Fix showing bubble +* \[mac] More UI improvements +* Do not ignore 'TMP', 'tmp' files + +### 3.1.2 (2014/08/01) + +* Do not show rotate icon when checking update for a library +* Do not show activity tab if server not supported +* \[mac] show unread messages tray icon on Mac +* \[mac] Improve UI for Mac +* \[fix] Support rename files from upper case to lower case or vice versa. + +### 3.1.1 (2014/07/28) + +* \[win] Fix crash problems +* \[win] Fix interface freeze problem when restoring the window from the minimized state +* Remove the need of selecting Seafile directory + +### 3.1.0 (2014/07/24) + +* Add starred files and activity history +* Notification on unread messages +* Improve icons for Retina screen +* Load and show avatar from server +* Use new and better icons + +## 3.0 + +### 3.0.4 + +* \[fix] Fix a syncing bug + +### 3.0.3 + +* \[fix] Fix syncing problem when update from version 2.x +* \[fix] Fix UI when syncing an encrypted library + +### 3.0.2 + +* \[fix] Fix a syncing issue. + +### 3.0.1 + +* Improved ssl check +* Imporved ui of sync library dialog +* Send device name to the server +* \[fix] Fixed system shutdown problem +* \[fix] Fixed duplicate entries in recently updated libraries list +* Remove ongoing library download tasks when removing an account +* Updated translation +* \[fix] Fix file ID calculation + +### 3.0.0 + +* Adjust settings dialog hint text size +* Improved login dialog + +## 2.2 + +### 2.2.0 + +* Add check for the validity of servers' SSL Certification + +## 2.1 + +### 2.1.2 + +* Show proper error message when failed to login +* Show an error message in the main window when failed to get libraries list +* Open seahub in browser when clicking the account url +* Add an option "Do not automatically unsync a library" +* Improve sync status icons for libraries +* Show correct repo sync status icon even if global auto sync is turned off +* Show more useful notification than "Auto merge by system" when conflicts were merged + +### 2.1.1 + +* Make the main window resizable +* \[windows] Improved tray icons +* Show detailed network error when login failed +* Show sub-libraries +* \[windows] Use the name of the default library as the name of the virtual disk + +### 2.1.0 + +* Redesigned the UI of the main window +* \[windows] Download the default library, and creates a virtual disk for it in "My Computer" +* Support drag and drop a folder to sync +* Automatically check for new version on startup +* Support of file syncing from both inside and outside the LAN +* \[fix] Fix a bug of clicking the tray icon during initialization +* \[fix] fixed a few bugs in merge and handling of empty folders +* \[mac] Fixed the alignment in settings dialog + +## 2.0 + +### 2.0.8 + +* \[fix] Fix UI freeze problem during file syncing +* Improve syncing speed (More improvements will be carried out in our next version) + +### 2.0.7 (Don't use it) + +Note: This version contains a bug that you can't login into your private servers. + +* \[fix] Fix a bug which may lead to crash when exiting client +* show library download progress in the library list +* add official server addresses to the login dialog +* improve library sync status icons +* \[windows] use the same tray icon for all windows version later than Vista +* translate the bubble notification details to Chinese + +### 2.0.6 + +* \[windows] Fix handling daylight saving time +* Improve library details dialog +* \[fix] Fix a bug in api request +* Improve the handling of "Organization" libraries +* \[fix] Fix the settings of upload/download rate limit +* \[fix] Update French/German translations +* \[cli] Support the new encryption scheme + +### 2.0.5 + +* Improve UI +* Fix a bug in French translation + +### 2.0.4 + +* Improve memory usage during syncing +* \[windows] Change system tray icons +* \[windows] Hide seafile-data under Seafile folder +* \[fix] Fix remember main window's location +* Improve the dialog for adding account +* Add setting for showing main windows on seafile start up +* Open local folder when double click on a library +* Show warning dialog when login to a server with untrusted ssl certification + +### 2.0.3 + +* sync empty folder +* support seafile crypto v2 +* show warning in system tray when some servers not connected +* add German/French/Hungarian translations +* change system tray icons for Windows +* show "recent updated libraries" +* reduce cpu usage +* \[fix] fixed a bug when login with password containing characters like "+" "#" +* ask the user about untrusted ssl certs when login +* add Edit->Settings and "view online help" menu item + +### 2.0.2 + +* \[fix] Fix compatibility with server v1.8 +* \[fix] the bug of closing the settings dialog +* Add Chinese translation +* Show error detail when login failed +* Remember main window position and size +* Improve library detail dialog +* Add unsync a library + +### 2.0.0 + +* Re-implement GUI with Qt + +## 1.8 + +1.8.1 + +* \[bugfix] Fix a bug in indexing files + + 1.8.0 + +* \[bugfix] Skip chunking error +* Improve local web interface +* Remove link to official Seafile server +* Ignore all temporary files created by Microsoft Office +* Add French and Slovak translation + +## 1.7 + +1.7.3 + +* \[bugfix] Fix a small syncing bug. + + 1.7.2 + +* \[bugfix] Fix a bug in un-syncing library. + + 1.7.1 + +* \[win] Fix selecting of Seafile directory + + 1.7.0 + +* \[win] Enable selecting of Seafile directory +* Enable setting of upload/download speed +* Use encrypted transfer by default +* Support ignore certain files by seafile-ignore.txt + +## 1.6 + +1.6.2 + +* \[bugfix,mac] Fix a bug in supporting directory names with accents + + 1.6.1 + +* \[bugfix] Prevent running of multiple seaf-daemon instance +* Improve the efficiency of start-up GC for libraries in merge stage +* \[mac,win] Handle case-conflict files by renaming + + 1.6.0 + +* \[linux,mac] Support symbolic links +* \[seaf-cli] clean logs +* Do not re-download file blocks when restart Seafile during file syncing +* \[bugfix] Fix treating files as deleted when failed to create it due to reasons like disk full. +* \[bugfix] Fix several bugs when shutdown Seafile during some syncing operation. + +## 1.5 + +1.5.3 + +* Log the version of seafile client when start-up. +* \[bugfix] Fix a bug when simultaneously creating an empty folder with same name in server and client. +* \[bugfix] Always use IPv4 address to connect a server. + + 1.5.2 + +* \[bug] Fix a memory-access bug when showing "Auto merge by seafile system" in bubble + + 1.5.1 + +* \[seaf-cli] Fix a bug in initializing the config dir. +* \[bugfix] Improve the robustness of DNS looking-up. + Use standard DNS looking-up instead of libevent's non-blocking version. + + 1.5.0 + +* Add Seaf-cli +* Check the correctness of password in the beginning of downloading a encrypted library. +* Show detailed information in bubble +* Enable change the server's address in the client +* \[linux] Do not popup the browser when start up +* Remove seafile-web.log diff --git a/manual/changelog/drive-client-changelog.md b/manual/changelog/drive-client-changelog.md new file mode 100644 index 00000000..2bc68f17 --- /dev/null +++ b/manual/changelog/drive-client-changelog.md @@ -0,0 +1,317 @@ +# SeaDrive Client Changelog + +### 2.0.9 (2020/11/20) + +* \[Mac] Fix failure to load kernel extension on macOS 11 Big Sur + +### 2.0.8 (2020/11/14) + +* \[Mac] Support macOS 11 +* \[Win] Fix moving multiple files/folders across different folders + +### 2.0.7 (2020/10/31) + +* \[Win] Avoid unintended file deletions when removing seafile account +* \[Mac] Fix some application compatibility issues caused by extended file attributes handling + +### 2.0.6 (2020/09/24) + +* \[Win] Remove invalid characters from sync root folder name +* \[Win] Increase request timeout for rename library, delete library, create library, move folders +* \[Win] Avoid creating redundant sync root folders on restart +* \[Win] Support pre-configuration registry keys + +### 1.0.12 (2020/08/25) + +* Fix occasional "permission denied" error when syncing a library + +### 2.0.5 (2020/07/30) + +* Fix occasional "permission denied" error when syncing a library +* \[Win] Remove explorer shortcut when uninstall SeaDrive or change cache folder location + +### 2.0.4 (2020/07/13) + +* \[Win] Use username for cache folder name instead of a hash value +* \[Win] Retry download files when pinning a folder +* \[Win] Retry rename category folder when switching language +* \[Win] Only allow install on Windows 10 1709 or later +* \[Mac] Disable "search in Finder" option +* Fix tray icon sync error status + +### 2.0.3 (2020/06/17) + +* \[Win] Fix crash on Windows 10 1709 - 1803 +* \[Win] Show SeaDrive shortcut when opening files in 32-bit applications (e.g. Word) +* \[Win] Avoid creating unnecessary conflict files +* \[Win] Improve error message of opening placeholder files when SeaDrive is not running +* \[Win] Support removing account information when uninstall + +### 2.0.2 (2020/05/23) + +* \[Mac] Support syncing encrypted libraries +* \[Win] Support change cache location +* \[Win] Improve account switching behaviors +* \[Win] Other bug fixes + +### 2.0.1 for Windows (2020/04/13) + +* Fix issues when switching languages +* Fix issues for legacy Windows "8.3 format" paths +* Improve speed of creating placeholders +* Don't add SeaDrive cache folder to Windows search index +* Use short hash instead of "servername_account" for cache folder name +* Prevent the old Explorer extension from calling new SeaDrive (avoiding high CPU usage) +* Fix small issues in encrypted library support +* Change installation location from "Seafile Ltd" to "Seafile" +* Add SeaDrive entry to Windows start menu +* Change "seadrive" to "SeaDrive" in Explorer navigation pane +* Fix SSO re-login failure + +### 2.0.0 for Windows (2020/03/20) + +* Use Windows 10 native API to implement the virtual drive +* Support syncing encrypted libraries + +### 1.0.11 (2020/02/07) + +* Fix a bug that logout and login will lead to file deletion +* \[mac] Fix a bug in SSO + +### 1.0.10 (2019/12/23) + +* Fix a bug that sometimes SeaDrive is empty when network unavailable +* Fix generating too many tokens when library downloading failed +* Fix sometimes files should be ignored are uploaded +* Automatically re-sync a library if local metadata is broken +* \[mac] Add support for MacOS 10.15 +* \[mac] Drop support for MacOS 10.12 + +### 1.0.8 (2019/11/05) + +* Support French and Germany language for top level folder name +* Fix a compatible issue with Excel +* Fix a problem in cleaning local cache +* Support delete library in category My Libraries +* Ignore .fuse_hidden file in Mac +* Rotate seadrive.log + +### 1.0.7 (2019/08/21) + +* \[mac] Improve finder extension + +### 1.0.6 (2019/07/01) + +* \[fix, win] Fix a problem when uninstall or upgrade the drive client when the client is running. +* \[fix] Fix a crash problem when file path containing invalid character + +### 1.0.5 (2019/06/11) + +* \[fix] Fix lots of "Creating partial commit after adding" in the log +* \[fix] Fix permission at the client is wrong when a library shared to different groups with different permissions +* \[fix] Don't show libraries with online preview or online read-write permission +* \[mac] Add Mac Finder preview plugin to prevent automatically downloading of files + +### 1.0.4 (2019/04/23) + +* \[fix] Fix file locking +* \[fix] Fix support of detecting pro edition when first time login +* Support Kerberos authentication + +### 1.0.3 (2019/03/18) + +* \[fix] Fix copy folders with properties into SeaDrive +* \[fix] Fix a possible crash bug when listing libraries + +### 1.0.1 (2019/01/14) + +* Update included Dokany drive +* Improve notification when user try to delete a library in the client +* \[fix] Fix getting internal link for folders +* \[fix] Fix problem after changing the cache directory +* \[fix] Fix support for guest users that have no storage capacity +* \[fix] Fix timeout when loading a library with a lot of files + +### 1.0.0 (2018/11/19) + +* \[fix] Allow a guest user to copy files into shared library +* Support pause sync +* \[win] Add option to only allow current user to view the virtual disk +* \[win] Don't let the Windows to search into the internal cache folder +* \[win] Install the explorer extension to system path to allow multiple users to use the extension +* \[mac] Add option to allow search in Finder (disabled by default) +* \[mac] Update kernel drive to support Mac Mojave +* \[mac] Support office file automatically lock + +### 0.9.5 (2018/09/10) + +* \[fix, win] Fix support for some SSL CA +* Redirect to https if user accidentally input server's address with http but the server is actually use http +* \[fix, win] Show a tooltip that the Windows system maybe rebooted during upgrading drive client +* \[fix, mac] Fix permission problems during installation on Mac 10.13+ + +### 0.9.4 (2018/08/18) + +* \[win] No longer depends on .Net framework +* \[mac] Support file search in Finder +* \[win] Fix loading of HTTPS certifications + +### 0.9.3 (2018/06/19) + +* \[win] Show syncing status at the top level folders +* \[fix] Fix sometimes logout/login lead to empty drive folder +* Support change cache folder +* Add "open file/open folder" in search window +* Set automatically login to true in SSO mode +* \[mac] Fix compatibility with AirDrop + +### 0.9.2 (2018/05/05) + +* Fix a bug that causing SeaDrive crash + +### 0.9.1 (2018/04/24) + +* Fix a bug that causing crash when file search menu is clicked + +### 0.9.0 (2018/04/24) + +* Libraries are displayed under three folders "My Libraries", "Group Libraries", "Shared libraries" +* \[fix] Fix a bug in cleaning cache +* \[win] Update the kernel drive +* Improve syncing notification messages +* \[mac] Include the kernel drive with the SeaDrive package +* \[mac] Add Finder sidebar shortcut +* Add file search + +### 0.8.6 (2018/03/19) + +* \[fix] Fix compatibility with Visio and other applications by implementing a missing system API + +### 0.8.5 (2018/01/03) + +* \[fix] Fix SeaDrive over RDP in Windows 10/7 +* \[fix] Fix SeaDrive shell extension memory leak +* \[fix] Fix duplicated folder/files shown in Finder.app (macOS) +* \[fix] Fix file cache status icon for MacOS + +### 0.8.4 (2017/12/01) + +* \[fix] Fix Word/Excel files can't be saved in Windows 10 +* Add "download" context menu to explicitly download a file +* Change "Shibboleth" to "Single Sign On" + +### 0.8.3 (2017/11/24) + +* \[fix] Fix deleted folder recreated issue +* Improve UI of downloading/uploading list dialog + +### 0.8.1 (2017/11/03) + +* Use "REMOVABLE" when mount the drive disk +* Prevent creating "System Volume Information" +* Some UI fixes + +### 0.8.0 (2017/09/16) + +* \[fix] Reuse old drive letter after SeaDrive crash +* \[fix] Fix rename library back to old name when it is changed in the server +* \[fix] Fix sometimes network can not reconnected after network down +* Change default block size to 8MB +* Make auto-login as default +* Remount SeaDrive when it is unmounted after Windows hibernate + +### 0.7.1 (2017/06/23) + +* \[fix] Fix a bug that causing client crash + +### 0.7.0 (2017/06/07) + +* Add support for multi-users using SeaDrive on a single desktop. But different users must choose different drive letters. +* Improve write performance +* \[fix] When a non-cached file is locked in the server, the "lock" icon will be shown instead of the "cloud" icon. +* Add "automatically login" option in login dialog +* Add file transfer status dialog. + +### 0.6.2 (2017/04/22) + +* \[fix] Fix after moving a file to a newly created sub folder, the file reappear when logout and login +* Refresh current folder and the destination folder after moving files from one library to another library +* \[fix] Fix file locking not work +* \[fix] Fix sometimes files can't be saved + +### 0.6.1 (2017/03/27) + +* \[fix] Don't show a popup notification to state that a file can't be created in `S:` because a few programs will automatically try to create files in `S:` + +### 0.6.0 (2017/03/25) + +* Improve syncing status icons +* Show error in the interface when there are syncing errors +* Don't show rorate icon when downloading/uploading metadata +* \[fix] Don't download files when the network is not connected + +### 0.5.2 (2017/03/09) + +* \[fix] Rename a non-cached folder or file will lead to sync error. + +### 0.5.1 (2017/02/16) + +* \[fix] Fix copying exe files to SeaDrive on Win 7 will freeze the explorer +* The mounted drive is only visible to the current user +* Add popup notification when syncing is done +* \[fix] Fix any change in the settings leads to a drive letter change + +### 0.5.0 (2017/01/18) + +* Improve stability +* Support file locking +* Support sub-folder permission +* \[fix] Fix 1TB limitation +* User can choose disk letter in settings dialog +* Support remote wipe +* \[fix] Use proxy server when login +* Click system tray icon open SeaDrive folder +* Support application auto-upgrade + +### 0.4.2 (2016/12/16) + +* \[fix] Fix SeaDrive initialization error during Windows startup + +### 0.4.1 (2016/11/07) + +* \[fix] Fix a bug that lead to empty S: drive after installation. + +### 0.4.0 (2016/11/05) + +* \[fix] Fix a bug that leads to generation of conflict files when editing +* Add translations +* Update included Dokany library to 1.0 +* Don't show encrypted libraries even in command line +* Show permission error when copy a file to the root +* Show permission error when try to modify a read-only folder +* Show permission error when try to delete a folder in the root folder + +### 0.3.1 (2016/10/22) + +* Fix link for license terms +* Use new system tray icon +* Add notification for cross-libraries file move + +### 0.3.0 (2016/10/14) + +* Support selecting Drive letter +* Don't create folders like msiS50.tmp on Windows +* \[fix] Fix cache size limit settings +* Correctly show the storage space if the space is unlimited on the server side. + +### 0.2.0 (2016/09/15) + +* Add shibboleth support +* Show a dialog notify the client is downloading file list from the server during initialisation +* Show transfer rate +* \[fix] Fix a bug that lead to the file modification time to be empty +* \[fix] Fix a bug that lead to files not be uploaded + +### 0.1.0 (2016/09/02) + +* Initial release diff --git a/manual/changelog/server-changelog-old.md b/manual/changelog/server-changelog-old.md new file mode 100644 index 00000000..48e08b44 --- /dev/null +++ b/manual/changelog/server-changelog-old.md @@ -0,0 +1,839 @@ +# Seafile Server Changelog (old) + +## 5.0 + +**Note when upgrade to 5.0 from 4.4** + +You can follow the document on major upgrade () + +In Seafile 5.0, we have moved all config files to folder `conf`, including: + +* seahub_settings.py -> conf/seahub_settings.py +* ccnet/ccnet.conf -> conf/ccnet.conf +* seafile-data/seafile.conf -> conf/seafile.conf +* \[pro only] pro-data/seafevents.conf -> conf/seafevents.conf + +If you want to downgrade from v5.0 to v4.4, you should manually copy these files back to the original place, then run minor_upgrade.sh to upgrade symbolic links back to version 4.4. + +The 5.0 server is compatible with v4.4 and v4.3 desktop clients. + +Common issues (solved) when upgrading to v5.0: + +* DatabaseError after Upgrade to 5.0 + +### 5.0.5 (2016.03.02) + +* Get name, institution, contact_email field from Shibboleth +* \[webdav] Don't show sub-libraries +* Enable LOGIN_URL to be configured, user need to add LOGIN_URL to seahub_settings.py explicitly if deploy at non-root domain, e.g. LOGIN_URL = '//accounts/login/'. +* Add ENABLE_USER_CREATE_ORG_REPO to enable/disable organization repo creation. +* Change the Chinese translation of "organization" +* Use GB/MB/KB instead of GiB/MiB/KiB in quota calculation and quota setting (1GB = 1000MB = 1,000,000KB) +* Show detailed message if sharing a library failed. +* \[fix] Fix JPG Preview in IE11 +* \[fix] Show "out of quota" instead of "DERP" in the case of out of quota when uploading files via web interface +* \[fix] Fix empty nickname during shibboleth login. +* \[fix] Fix default repo re-creation bug when web login after desktop. +* \[fix] Don't show sub-libraries at choose default library page, seafadmin page and save shared file to library page +* \[fix] Seafile server daemon: write PID file before connecting to database to avoid a problem when the database connection is slow +* \[fix] Don't redirect to old library page when restoring a folder in snapshot page + +### 5.0.4 (2016.01.13) + +* \[fix] Fix unable to set a library to keep full history when the globally default keep_days is set. +* \[fix] Improve the performance of showing library trash +* \[fix] Improve share icon +* Search user by name in case insensitive way +* Show broken libraries in user's library page (so they can contact admin for help) +* \[fix] Fix cache for thumbnail in sharing link +* \[fix] Enable copy files from read-only shared libraries to other libraries +* \[fix] Open image gallery popup in grid view when clicking the thumbnail image + +### 5.0.3 (2015.12.17) + +* \[ui] Improve UI of all groups page +* Don't allow sharing library to a non-existing user +* \[fix, admin] Fix deleting a library when the owner does not exist anymore +* \[fix] Keep file last modified time when copy files between libraries +* Enable login via username in API +* \[ui] Improve markdown editor + +Improve seaf-fsck + +* Do not set "repaired" mark +* Clean syncing tokens for repaired libraries so the user are forced to resync the library +* Record broken file paths in the modification message + +Sharing link + +* Remember the "password has been checked" information in session instead of memcached +* \[security] Fix password check for visiting a file in password protected sharing link. +* Show file last modified time +* \[fix] Fix image thumbnail in grid view +* \[ui] Improve UI of grid view mode + +### 5.0.2 (2015.12.04) + +* \[admin] Show the list of groups an user joined in user detail page +* \[admin] Add exporting user/group statistics into Excel file +* Showing libraries list in "All Groups" page +* Add importing group members from CSV file +* \[fix] Fix the performance problem in showing thumbnails in folder sharing link page +* \[fix] Clear cache when set user name via API +* \[fix, admin] Fix searching libraries by name when some libraries are broken + +### 5.0.1 beta (2015.11.12) + +* \[fix] Fix start up parameters for seaf-fuse, seaf-server, seaf-fsck +* Update Markdown editor and viewer. The update of the markdown editor and parser removed support for the Seafile-specific wiki syntax: Linking to other wikipages isn't possible anymore using `[[ Pagename]]`. +* Add tooltip in admin panel->library->Trash: "libraries deleted 30 days before will be cleaned automatically" +* Include fixes in v4.4.6 + +### 5.0.0 beta (2015.11.03) + +UI changes: + +* change most png icons to icon font +* UI change of file history page +* UI change of library history page +* UI change of trash page +* UI change of sharing link page +* UI change of rename operation +* Add grid view for folder sharing link +* Don't open a new page when click the settings, trash and history icons in the library page +* other small UI improvements + +Config changes: + +* Move all config files to folder `conf` +* Add web UI to config the server. The config items are saved in database table (seahub-dab/constance_config). They have a higher priority over the items in config files. + +Trash: + +* A trash for every folder, showing deleted items in the folder and sub-folders. + Others changes + +Admin: + +* Admin can see the file numbers of a library +* Admin can disable the creation of encrypted library + +Security: + +* Change most GET requests to POST to increase security + +## 4.4 + +### 4.4.6 (2015.11.09) + +* \[security] Fix a XSS problem in raw sharing link +* \[fix] Delete sharing links when deleting a library +* \[fix] Clean Seafile tables when deleting a library +* \[fix] Add tag to the link in upload folder email notification +* \[fix] Fix a bug in creating a library (after submit a wrong password, the submit button is no longer clickable) + +### 4.4.5 (2015.10.31) + +* \[fix] Fix a bug in deleting sharing link in sharing dialog. + +### 4.4.4 (2015.10.27) + +* \[fix] Fix support for syncing old formatted libraries +* Only import LDAP users to Seafile internal database upon login +* Only list imported LDAP users in "organization->members" +* Remove commit and fs objects in GC for deleted libraries +* Improve error log for LDAP +* Add "transfer" operation to library list in "admin panel->a single user" +* \[fix] Fix the showing of the folder name for upload link generated from the root of a library + +### 4.4.3 (2015.10.15) + +* \[security] Check validity of file object id to avoid a potential attack +* \[fix] Check the validity of system default library template, if it is broken, recreate a new one. +* \[fix] After transfer a library, remove original sharing information +* \[security] Fix possibility to bypass Captcha check +* \[security] More security fixes. + +### 4.4.2 (2015.10.12) + +* \[fix] Fix sometimes a revision is missing from a file's version history +* \[security] Use HTTP POST instead of GET to remove libraries +* \[fix] Fix a problem that sharing dialog not popup in IE10 +* A few other small UI improvements + +### 4.4.1 (2015.09.24) + +* \[fix] Fix a bug in setting an user's language +* \[fix] Show detailed failed information when sharing libraries failed +* Update translations +* \[api] Add API to list folders in a folder recursively +* \[api] Add API to list only folders in a folder + +### 4.4.0 (2015.09.16) + +New features: + +* Allow group names with spaces +* Enable generating random password when adding an user +* Add option SHARE_LINK_PASSWORD_MIN_LENGTH +* Add sorting in share link management page +* Show total/active number of users in admin panel +* Other UI improvements + +Fixes: + +* \[fix] Fix a bug that causing duplications in table LDAPImport +* \[security] Use POST request to handle password reset request to avoid CSRF attack +* Don't show password reset link for LDAP users +* set locale when Seahub start to avoid can't start Seahub problem in a few environments. + +## 4.3 + +### 4.3.2 (2015.08.20) + +* \[fix, important] Bug-fix and improvements for seaf-fsck +* \[fix, important] Improve I/O error handling for file operations on web interface +* Update shared information when a sub-folder is renamed +* \[fix] Fix bug of list file revisions +* Update translations +* \[ui] Small improvements +* \[fix] Fix api error in opCopy/opMove +* Old library page (used by admin in admin panel): removed 'thumbnail' & 'preview' for image files +* \[fix] Fix modification operations for system default library by admin + +### 4.3.1 (2015.07.29) + +* \[fix] Fix generating image thumbnail +* \[ui] Improve UI for sharing link page, login page, file upload link page +* \[security] Clean web sessions when reset an user's password +* Delete the user's libraries when deleting an user +* Show link expiring date in sharing link management page +* \[admin] In a user's admin page, showing libraries' size and last modify time + +### 4.3.0 (2015.07.21) + +Usability Improvement + +* \[ui] Improve ui for file view page +* \[ui] Improve ui for sorting files and libraries +* Redesign sharing dialog +* Enable generating random password for sharing link +* Remove private message module +* Remove direct _single_ file sharing between users (You can still sharing folders) +* Change "Quit" to "Leave group" in group members page + +Others + +* Improve user management for LDAP +* \[fix] Fix a bug that client can't detect a library has been deleted in the server +* \[security] Improve permission check in image thumbnail +* \[security] Regenerate Seahub secret key, the old secret key lack enough randomness +* Remove the support of ".seaf" format +* \[api] Add API for generating sharing link with password and expiration +* \[api] Add API for generating uploading link +* \[api] Add API for link files in sharing link +* Don't listen in 10001 and 12001 by default. +* Add an option to disable sync with any folder feature in clients +* Change the setting of THUMBNAIL_DEFAULT_SIZE from string to number, i.e., use `THUMBNAIL_DEFAULT_SIZE = 24`, instead of `THUMBNAIL_DEFAULT_SIZE = '24'` + +## 4.2 + +Note when upgrade to 4.2 from 4.1: + +If you deploy Seafile in a non-root domain, you need to add the following extra settings in seahub_settings.py: + +``` +COMPRESS_URL = MEDIA_URL +STATIC_URL = MEDIA_URL + '/assets/' + +``` + +### 4.2.3 (2015.06.18) + +* Add global address book and remove the contacts module (You can disable it if you use CLOUD_MODE by adding ENABLE_GLOBAL_ADDRESSBOOK = False in seahub_settings.py) +* Use image gallery module in sharing link for folders containing images +* \[fix] Fix missing library names (show as none) in 32bit version +* \[fix] Fix viewing sub-folders for password protected sharing +* \[fix] Fix viewing starred files +* \[fix] Fix supporting of uploading multi-files in clients' cloud file browser +* Improve security of password resetting link + +### 4.2.2 (2015.05.29) + +* \[fix] Fix picture preview in sharing link of folders +* Improve add library button in organization tab + +### 4.2.1 (2015.05.27) + +* Add direct file download link +* \[fix] Fix group library creation bug +* \[fix] Fix library transfer bug +* \[fix] Fix markdown file/wiki bug +* Don't show generating sharing link for encrypted libraries +* Don't show the list of sub-libraries if user do not enable sub-library +* Enable adding existing libraries to organization +* Add loading tip in picture preview page + +### 4.2.0 beta (2015.05.13) + +Usability + +* Remove showing of library description +* Don't require library description +* Keep left navigation bar when navigate into a library +* Generate share link for the root of a library + +Security Improvement + +* Remove access tokens (all clients will log out) when a users password changed +* Temporary file access tokens can only be used once +* sudo mode: confirm password before doing sysadmin work + +Platform + +* Use HTTP/HTTPS sync only, no longer use TCP sync protocol +* read/write permission on sub-folders (Pro) +* Support byte-range requests +* Automatically clean of trashed libraries +* \[ldap] Save user information into local DB after login via LDAP + +## 4.1 + +### 4.1.2 (2015.03.31) + +* \[fix] Fix several packaging related bugs (missing some python libraries) +* \[fix] Fix webdav issue +* \[fix] Fix image thumbnail in sharing link +* \[fix] Fix permission mode of seaf-gc.sh +* Show detailed time when mouse over a relative time + +### 4.1.1 (2015.03.25) + +* Add trashed libraries (deleted libraries will first be put into trashed libraries where system admin can restore) +* \[fix] Fix upgrade script for SQLite +* Improve seaf-gc.sh +* Do not support running on CentOS 5. + +### 4.1.0 beta (2015.03.18) + +* Shibboleth authentication support. +* Redesign fsck. +* Add image thumbnail in folder sharing link +* Add API to support logout/login an account in the desktop client +* Add API to generate thumbnails for images files +* Clean syncing tokens after deleting an account +* Change permission of seahub_settings.py, ccnet.conf, seafile.conf to 0600 +* Update Django to v1.5.12 + +## 4.0 + +### 4.0.6 (2015.02.04) + +Important + +* \[fix] Fix transfer library error in sysadmin page +* \[fix] Fix showing of space used in sysadmin page for LDAP users +* Improved trash listing performance + +Small + +* \[webdav] list organisation public libraries +* Disable non-shibboleth login for shibboleth users +* \[fix] Fix wrong timestamp in file view page for files in sub-library +* Add Web API for thumbnail +* Add languages for Thai and Turkish, update a few translations + +### 4.0.5 (2015.01.14) + +Important + +* \[fix] Fix memory leak in HTTP syncing +* Repo owner can restore folders/files from library snapshot +* Update translations +* Only repo owner can restore a library to a snapshot + +Small improvements + +* \[fix] Remote redundant logs in seaf-server +* \[fix] Raise 404 when visiting an non-existing folder +* \[fix] Enable add admin when LDAP is enabled +* Add API to get server features information (what features are supported by this server) +* \[fix] Fix throttle for /api2/ping + +### 4.0.4 (2015.01.06) + +* \[fix] Fix syncing sub-library with HTTP protocol +* \[fix] Fix a bug in setup-seafile-mysql.sh + +### 4.0.3 (2014.12.30) + +* \[fix] Fix unable to share library to another user + +### 4.0.2 (2014.12.26) + +* Add image thumbnail +* Add Shibboleth support (beta) +* \[fix] Fix performance problem in listing files API +* \[fix] Fix listing files of a large folder +* \[fix] Fix folder sharing link with password protection +* \[fix] Fix deleting broken libraries in the system admin panel + +### 4.0.1 (2014.11.29) + +* \[fix] Fix bugs in syncing with HTTP protocol +* Add upgrading script (from v3.1 to v4.0) + +### 4.0.0 (2014.11.10) + +* Add HTTP syncing support +* Merge FileServer into seaf-server + +## 3.1 + +### 3.1.7 (2014.10.20) + +* \[fix] Fixed performance problem in WebDAV extension +* \[fix] Fixed quota check in WebDAV extension +* \[fix] Fixed showing libraries with same name in WebDAV extension +* Add "clear" button in a library's trash +* Support upload a folder in web interface when using Chrome +* \[fix] Improve small errors when upload files via Web interface +* \[fix] Fix moving/coping files when the select all file checkbox is checked + +### 3.1.6 (2014.09.11) + +* \[fix] Fix bug in uploading >1GB files via Web +* \[fix] Remove assert in Ccnet to avoid denial-of-service attack +* Revert the work "access token generated by FileServer can only be used once" because this leads to several problems + +### 3.1.5 (2014.08.29) + +* \[fix] Fix multi-file upload in upload link and library page +* \[fix] Fix libreoffice file online view +* Add 'back to top' for pdf file view. +* \[fix] Fix "create sub-library" button under some language +* \[fix popup] Fix bug in set single notice as read. + +### 3.1.4 (2014.08.26) + +* \[fix, security] Fix permission check for PDF full screen view +* \[fix] Fix copy/move multiple files in web +* Improve UI for group reply notification +* Improve seaf-fsck, seaf-fsck now can fix commit missing problem +* \[security improve] Access token generated by FileServer can only be used once. + +### 3.1.3 (2014.08.18) + +* \[fix] fix memory leak +* \[fix] fix a memory not initialized problem which may cause sync problem under heavy load. +* \[fix] fix creating personal wiki + +### 3.1.2 (2014.08.07) + +* Use unix domain socket in ccnet to listen for local connections. This isolates the access to ccnet daemon for different users. Thanks to Kimmo Huoman and Henri Salo for reporting this issue. + +### 3.1.1 (2014.08.01) + +* Add a bash wrapper for seafile-gc +* \[fix] fix listing libraries when some libraries are broken +* Remove simplejson dependency +* Update translations +* Add "Back to Top" button in file view page +* Improve page refreshing after uploading files + +### 3.1.0 (2014.07.24) + +Syncing + +* Improve performance: easily syncing 10k+ files in a library. +* Don't need to download files if they are moved to another directory. + +Platform + +* Rename HttpServer to FileServer to remove confusing. +* Support log rotate +* Delete old PID files when stop Seafile + +Web + +* Enable deleting of personal messages +* Improved notification +* Upgrade pdf.js +* Password protection for sharing links +* \[admin] Create multi-users by uploading a CSV file +* Sort libraries by name/date +* Enable users to put an additional message when sending a sharing link +* Expiring time for sharing links +* \[fix] Send notification to all users participating a group discussion +* Redesigned file viewing page +* Remove simplejson dependency +* Disable the ability to make a group public by default (admin can turn it on in settings) + +## 3.0 + +### 3.0.4 (2014.06.07) + +* \[api] Add replace if exist into upload-api +* Show detailed error message when Gunicorn failed to start +* Improve object and block writting performance +* Add retry when failed getting database connection +* \[fix] Use hash value for avatar file names to avoid invalid file name +* \[fix] Add cache for repo_crypto.js to improve page speed +* \[fix] Show error message when change/reset password of LDAP users +* \[fix] Fix "save to my library" when viewing a shared file +* \[fix, api] Fix rename file names with non-ascii characters + +### 3.0.3 + +* \[fix] Fix an UI bug in selecting multiple contacts in sending message +* Library browser page: Loading contacts asynchronously to improve initial loading speed + +### 3.0.2 + +* \[fix] Fix a bug in writing file metadata to disk, which causing "file information missing error" in clients. +* \[fix] Fix API for uploading files from iOS in an encrypted library. +* \[fix] Fix WebDAV +* \[fix] Fix API for getting groups messages containing multiple file attachments +* \[fix] Fix bug in HttpServer when file block is missing +* \[fix] Fix login error for some kind of Android + +### 3.0.1 + +* \[fix] Fix showing bold/italic text in .seaf format +* \[fix] Fix UI problem when selecting contacts in personal message send form +* \[fix] Add nickname check and escape nickname to prevent XSS attack +* \[fix] Check validity of library name (only allow a valid directory name). + +### 3.0.0 + +Web + +* Lots of small improvements in UI +* Translations +* \[fix] Handle loading avatar exceptions to avoid 500 error + +Platform + +* Use random salt and PBKDF2 algorithm to store users' password. (You need to manually upgrade the database if you using 3.0.0 beta2 with MySQL backend.) + +### 3.0.0 beta2 + +Web + +* Handle 413 error of file upload +* Support cross library files copy/move +* Fixed a few api errors + +Platform + +* Allow config httpserver bind address +* \[fix] Fix file ID calculation +* Improved device (desktop and mobile clients) management +* Add back webdav support +* Add upgrade script + +### 3.0.0 beta + +Platform + +* Separate the storage of libraries +* Record files' last modification time directly +* Keep file timestamp during syncing +* Allow changing password of an encrypted library + +Web + +* Redesigned UI +* Improve page loading speed + +## 2.2 + +### 2.2.1 + +* \[fix] Fixed creation of admin account + +### 2.2.0 + +* Add more checking for the validity of users' Email +* Use random salt and PBKDF2 algorithm to store users' password. + +## 2.1 + +### 2.1.5 + +* Add correct mime types for mp4 files when downloading +* \[important] set correct file mode bit after uploading a file from web. +* Show meaningful message instead of "auto merged by system" for file merges +* Improve file history calculation for files which were renamed + +WebDAV + +* Return last modified time of files + +### 2.1.4 + +* \[fix] Fix file share link download issue on some browsers. +* \[wiki] Enable create index for wiki. +* Hide email address in avatar. +* Show "create library" button on Organization page. +* \[fix] Further improve markdown filter to avoid XSS attack. + +### 2.1.3 + +* \[api] Add more web APIs +* Incorporate Viewer.js to display opendocument formats +* \[fix] Add user email validation to avoid SQL injection +* \[fix] Only allow `, , ` and a few other html elements in markdown to avoid XSS attack. +* Return sub-libraries to the client when the feature is enabled. + +### 2.1.2 + +* \[fix] Fixed a bug in update script + +### 2.1.1 + +* Allow the user to choose the expiration of the session when login +* Change default session expiration age to 1 day +* \[fix] Fixed a bug of copying/moving files on web browsers +* \[fix] Don't allow script in markdown files to avoid XSS attacks +* Disable online preview of SVG files to avoid potential XSS attacks +* \[custom] Support specify the width of height of custom LOGO +* Upgrade scripts support MySQL databases now + +### 2.1.0 + +Platform + +* Added FUSE support, currently read-only +* Added WebDAV support +* A default library would be created for new users on first login to seahub + +Web + +* Redesigned Web UI +* Redesigned notification module +* Uploadable share links +* \[login] Added captcha to prevent brute force attack +* \[fix] Fixed a bug of "trembling" when scrolling file lists +* \[sub-library] User can choose whether to enable sub-library +* Improved error messages when upload fails +* Set default browser file upload size limit to unlimited + +Web for Admin + +* Improved admin UI +* More flexible customization options +* Online help is now bundled within Seahub + +## 2.0 + +### 2.0.4 + +* \[fix] set the utf8 charset when connecting to database +* Getting users from both database and LDAP +* \[web] List all contacts when sharing libraries +* \[admin] List database and LDAP users in sysadmin + +### 2.0.3 + +* \[fix] Speed up file syncing when there are lots of small files + +### 2.0.2 + +* \[fix] Fix CIFS support. +* \[fix] Support special characters like '@' in MySQL password +* \[fix] Fix create library from desktop client when deploy Seafile with Apache. +* \[fix] Fix sql syntax error in ccnet.log, issue #400 (). +* \[fix] Return organization libraries to the client. +* Update French, German and Portuguese (Brazil) languages. + +### 2.0.1 + +* \[fix] Fix a bug in sqlite3 upgrade script +* Add Chinese translation + +### 2.0.0 + +Platform + +* New crypto scheme for encrypted libraries +* A fsck utility for checking data integrity + +Web + +* Change owner of a library/group +* Move/delete/copy multiple files +* Automatically save draft during online editing +* Add "clear format" to .seaf file online editing +* Support user delete its own account +* Hide Wiki module by default +* Remove the concept of sub-library + +Web for Admin + +* Change owner of a library +* Search user/library + +API + +* Add list/add/delete user API + +## 1.8 + +### 1.8.5 + +* \[bugfix] Fix "can't input space" bug in .seaf files +* Add pagination for online file browsing + +### 1.8.3 + +* \[bugfix] Fix bug in setup-seafile-mysql.sh +* Make reset-admin script work for MySQL +* Remove redundant log messages +* Fixed bugs in web API + +### 1.8.2 + +* Add script for setting up MySQL +* \[bugfix] Fixed a bug when sharing a library to another user without sending HTTP_REFERER + +### 1.8.1 + +* \[bugfix] Fixed a bug when generating shared link + +### 1.8.0 + +Web + +* Improve online file browsing and uploading + * Redesigned interface + * Use ajax for file operations + * Support selecting of multiple files in uploading + * Support drag/drop in uploading +* Improve file syncing and sharing + * Syncing and sharing a sub-directory of an existing library. + * Directly sharing files between two users (instead of generating public links) + * User can save shared files to one's own library +* \[wiki] Add frame and max-width to images +* Use 127.0.0.1 to read files (markdown, txt, pdf) in file preview +* \[bugfix] Fix pagination in library snapshot page +* Set the max length of message reply from 128 characters to 2000 characters. +* Improved performance for home page and group page +* \[admin] Add administration of public links + +API + +* Add creating/deleting library API + +Platform + +* Improve HTTPS support, now HTTPS reverse proxy is the recommend way. +* Add LDAP filter and multiple DN +* Case insensitive login +* Move log files to a single directory +* \[security] Add salt when saving user's password +* \[bugfix] Fix a bug in handling client connection + +## 1.7 + +### 1.7.0.2 for Linux 32 bit + +* \[bugfix] Fix "Page Unavailable" when view doc/docx/ppt. + +### 1.7.0.1 for Linux 32 bit + +* \[bugfix] Fix PostgreSQL support. + +### 1.7.0 + +Web + +* Upgrade to Django 1.5 +* Add personal messaging +* Support cloud_mode to hide the "organization" tab +* Support listing/revoking syncing clients +* \[bugfix] Fix a bug in Markdown undo/redo +* \[pro-edition] Searching in a library +* \[pro-edition] Redesign file activities +* \[pro-edition] Redesign doc/ppt/pdf preview with pdf2htmlEX + +Daemon + +* Support PostgreSQL +* \[bugfix] fix bugs in GC + +## 1.6 + +### 1.6.1 + +Web + +* \[bugfix] Fix showing personal Wiki under French translation +* \[bugfix] Fix showing markdown tables in Wiki +* \[bugfix] Fixed wiki link parsing bug when page alias contains dot. +* Disable sharing link for encrypted libraries +* \[admin] improved user-add, set/revoke admin, user-delete + +Daemon + +* \[controller] Add monitor for httpserver + +### 1.6.0 + +Web + +* Separate group functions into Library/Discuss/Wiki tabs +* Redesign Discussion module +* Add Wiki module +* Improve icons +* Can make a group public +* \[editing] Add toolbar and help page for Markdown files +* \[editing] A stable rich document editor for .seaf files +* \[bugfix] Keep encryption property when change library name/desc. + +For Admin + +* Add --dry-run option to seafserv-gc. +* Support customize seafile-data location in seafile-admin +* Do not echo the admin password when setting up Seafile server +* seahub/seafile no longer check each other in start/stop scripts + +API + +* Show file modification time +* Add update file API + +## 1.5 + +### 1.5.2 + +* \[daemon] Fix problem in DNS lookup for LDAP server + +### 1.5.1 + +* \[web] Fix password reset bug in Seafile Web +* \[daemon] Fix memory leaks in Seafile server + +### 1.5.0 + +Seafile Web + +* Video/Audio playback with MediaElement.js (Contributed by Phillip Thelen) +* Edit library title/description +* Public Info & Public Library page are combined into one +* Support selection of file encoding when viewing online +* Improved online picture view (Switch to prev/next picture with keyboard) +* Fixed a bug when doing diff for a newly created file. +* Sort starred files by last-modification time. + +Seafile Daemon + +* Fixed bugs for using httpserver under https +* Fixed performance bug when checking client's credential during sync. +* LDAP support +* Enable setting of the size of the thread pool. + +API + +* Add listing of shared libraries +* Add unsharing of a library. diff --git a/manual/changelog/server-changelog.md b/manual/changelog/server-changelog.md new file mode 100644 index 00000000..aeae7174 --- /dev/null +++ b/manual/changelog/server-changelog.md @@ -0,0 +1,619 @@ +# Seafile Server Changelog + +> You can check Seafile release table to find the lifetime of each release and current supported OS: + +## 8.0 + +Please check our document for how to upgrade to 8.0: + +### 8.0.0 beta (2020/11/27) + +* Support searching file in a library +* Rewrite upload link page to use React technology +* Improve GC performance +* Upgrade Django to 2.2 version +* Remove ccnet-server component +* Update help page +* Release v4 encrypted library format to enhance security for v3 encrypted format + +## 7.1 + +**Feature changes** + +Progresql support is dropped as we have rewritten the database access code to remove copyright issue. + +**Upgrade** + +Please check our document for how to upgrade to 7.1: + +### 7.1.5 (2020/09/22) + +* \[fix] Fix a bug in returned group library permission for SeaDrive client +* \[fix] Fix files preview using OnlyOffice in public shared links +* Support pagination when listing libraries in a group +* Update wsgidav used in WebDAV +* \[fix] Fix WebDAV failed login via WebDAV secret +* \[fix] Fix WebDAV error if a file is moved immediately after uploading +* Remove redundent logs in seafile.log +* \[fix] Fix "save to..." in share link +* Add an option to show a user's email in sharing dialog (ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER) +* Add database connection pool to reduce database connection usage +* Enable generating internal links for files in an encrypted library +* Support setting the expire date time of a share link to a specific date time +* GC add --id-prefix option to scan a specific range of libraries +* fsck add an option to not check block integrity to speed up scanning +* \[fix] ccnet no longer listen on port 10001 + +### 7.1.4 (2020/05/19) + +* \[fix] Fix page error in "System Admin-> Users -> A User -> Groups" +* \[fix] Fix listing LDAP imported users when number of users is greater than 500 +* Support selecting and downloading multiple files in a sharing link +* Show share link expiration time in system admin +* \[fix] Fix file download links in public libraries +* Other UI fixes + +### 7.1.3 (2020/03/26) + +* Support sort libraries by size and number of files in admin panel +* Support sort users by used storage in admin panel +* \[fix] Fix Markdown print for markdown with more than 1 page +* Other UI fixes + +### 7.1.2 beta (2020/03/05) + +* \[fix] Fix HTTP/2 support +* Markdown page can now be printed using browser's "Print..." +* Add zoom buttons for PDF page +* Add sort function to directory share link page +* Add support for JSON web tokens in OnlyOffice integration +* UI improvements for pages in admin panel + +### 7.1.1 beta (2019/12/23) + +* \[fix] Fix Gunicorn warning +* \[fix] Fix SQLite upgrade script +* \[fix] Fix Seahub can't started problem on Debian 10 +* \[fix] For for Excel and PPT, the default fonts are Chinese font sets. +* Some other UI fixes and improvements + +### 7.1.0 beta (2019/12/05) + +* Rewrite the system admin pages with React +* Upgrade to Python3 +* Add library API Token, you can now generate API tokens for a library and use them in third party programs. +* Add a feature abuse report for reporting abuse for download links. + +## 7.0 + +**Feature changes** + +In version 6.3, users can create public or private Wikis. In version 7.0, private Wikis is replaced by column mode view. Every library has a column mode view. So users don't need to explicitly create private Wikis. + +Public Wikis are now renamed to published libraries. + +**Upgrade** + +Just follow our document on major version upgrade. No special steps are needed. + +### 7.0.5 (2019/09/23) + +* \[fix] Fix '\\n' in system wide notification will lead to blank page +* \[fix] Remove all metadata in docx template +* \[fix] Fix redirection after login +* \[fix] Fix group order is not alphabetic +* \[fix] Fix download button in sharing link +* Mobile UI Improvement (Now all major pages can be used in Mobile smoothly) +* Add notification when a user try to leave a page during file transfer +* Add UI waiting notification when resetting a user's password in admin panel +* Add generating internal link (smart-link) for folders +* \[fix] Fix file drag and drop in IE and Firefox +* Improve UI for file uploading, support re-upload after error +* \[fix] Fix devices login via Shibboleth not show in devices list +* Support of OnlyOffice auto-save option +* \[fix] Fix zip download when user selecting a long list of files +* Other UI fixes + +### 7.0.4 (2019/07/26) + +* Fix avatar problem when deployed under non-root domain +* Add get internal link in share dialog +* Fix newly created DOCX files are not empty and have a Chinese font set as default font +* Fix system does not send email to new user when adding new user in system admin +* Fix thumbnail for TIFF files +* Fix direct download link for sharing links + +### 7.0.3 (2019/07/05) + +* UI Improvements and fixes +* Fix file upload button with Safari, IE edge +* Fix compatibility with "Open library in web" from the old version desktop client +* Support "." in group name +* Add back "send link" for upload links +* Add back grid view for folder sharing links +* Fix preview for PSD, TIFF files +* Fix deleting of favorate items when they are shared items but the sharing are revoked +* Fix avatar broken problem when using a non-stardard port +* Fix resumable file uploading + +### 7.0.2 (2019/06/13) + +* UI fixes +* Support index.md in published library +* Fix IE Edge support + +### 7.0.1 beta (2019/05/31) + +* \[fix] Fix database upgrade problem +* \[fix] Fix WebDAV can't be started +* \[fix] Some UI fixes + +### 7.0.0 beta (2019/05/23) + +* Upgraded Web UI with React framework. The look and feel of the new UI is much better. +* Improved Markdown editor +* Add columns view mode (tree view like in the Windows Explorer) +* Add context menu to manipulate files +* Move files via drag and drop +* Redesigned file tags +* Support editing share link permission after creating a link + +## 6.3 + +In version 6.3, Django is upgraded to version 1.11. Django 1.8, which is used in version 6.2, is deprecated in 2018 April. + +With this upgrade, the fast-cgi mode is no longer supported. You need to config Seafile behind Nginx/Apache in WSGI mode. + +The way to run Seahub in another port is also changed. You need to modify the configuration file `conf/gunicorn.conf` instead of running `./seahub.sh start `. + +Version 6.3 also changed the database table for file comments, if you have used this feature, you need migrate old file comments using the following commends after upgrading to 6.3: + +``` +./seahub.sh python-env seahub/manage.py migrate_file_comment + +``` + +> Note, this command should be run while Seafile server is running. + +### 6.3.4 (2018/09/15) + +* \[fix] Fix a security issue in Shibboleth authentication +* \[fix] Fix sometimes Web UI will not autoload a >100 item directory view + +### 6.3.3 (2018/09/07) + +* Add generating of internal links +* Support copy a file to its own parent folder, creating a file with a suffix like test-1.docx +* Support setting the language list +* Redirect '/shib-login' to '/sso' +* Change "Unknown error" to "network error" when uploading failed caused by network error +* \[fix] Fix groups not shown in system admin panel +* Support files be manually saved in OnlyOffice +* Improve performance when getting users quota usage +* Improve Markdown editor +* The new Wiki feature is ready +* Update Django to 1.11.11 + +### 6.3.2 (2018/07/09) + +* \[fix] Fix error when public wiki be viewed by anonymous users +* Remove department field in users' profile page +* \[fix] Print warning instead of exit when there are errors in database table upgrade +* \[fix] Send notification to the upload link creator after there are files uploaded +* \[fix] Fix customize css via "custom/custom.css" +* \[api] return the last modifier in file detail API +* \[fix] Fix ZIP download can't work in some languages + +### 6.3.1 (2018/06/24) + +* Allow fullscreen presentation when view ppt(x) file via CollaboraOffice. +* Support mobile UI style when view file via OnlyOffice. +* Some UI improvement. +* Show terms and condition link if terms and condition is enabled +* \[fix] Update OnlyOffice callback func (save file when status is 6). +* \[fix] Show library’s first commit’s desc on library history page. +* \[fix] Check if is an deleted library when admin restore a deleted library. +* \[fix] Removed dead 'quota doc' link on user info popup. +* \[fix] Fix bug of OnlyOffice file co-authoring. +* \[api] Add starred field to file detail api. +* Use ID instead of email on sysadmin user page. +* \[fix] Fix database upgrade problems +* \[fix] Fix support for sqlite3 +* \[fix] Fix crash when seaf-fsck, seaf-gc receive wrong arguments + +### 6.3.0 beta (2018/05/26) + +* UI Improvements: moving buttons to top bar, improve scrolling in file/library list +* Update Django to 1.11, remove fast-cgi support +* Update jQuery to version 3.3.1 +* Update pdf.js +* Add invite people link to share dialog if the feature is enabled +* Remove login log after delete a user +* \[admin] Support customize site title, site name, CSS via Web UI +* \[beta] Wiki, users can create public wikis +* Add an option to define the listening address for WSGI mode +* \[fix] Fix a bug that causing seaf-fsck crash +* \[fix] Fix support for uploading folder via ‘Cloud file browser’ +* \[fix] Cancel Zip download task at the server side when user close zip download dialog +* Other fixes + +## 6.2 + +From 6.2, It is recommended to use WSGI mode for communication between Seahub and Nginx/Apache. Two steps are needed if you'd like to switch to WSGI mode: + +1. Change the config file of Nginx/Apache. +2. Restart Seahub with `./seahub.sh start` instead of `./seahub.sh start-fastcgi` + +The configuration of Nginx is as following: + +``` +location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_read_timeout 1200s; + + # used for view/edit office file via Office Online Server + client_max_body_size 0; + + access_log /var/log/nginx/seahub.access.log; + error_log /var/log/nginx/seahub.error.log; + } + +``` + +The configuration of Apache is as following: + +``` + # seahub + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + ProxyPass / http://127.0.0.1:8000/ + ProxyPassReverse / http://127.0.0.1:8000/ + +``` + +### 6.2.5 (2018/01/23) + +* \[fix] Fix OAuth bug +* \[fix] Improve the performance of returning a user's all group libraries +* \[new] Support customize the list of groups that a user can see when sharing a library + +### 6.2.4 (2018/01/16) + +* \[new] Add the feature "remember this device" after two-factor authentication +* \[new] Add option to notify the admin after new user registration (NOTIFY_ADMIN_AFTER_REGISTRATION) +* \[fix] Fix a bug in modify permission for a a shared sub-folder +* \[fix] Fix support for PostgreSQL +* \[fix] Fix a bug in SQLite database support +* \[fix] Fix support for uploading 500+ files via web interface (caused by API rate throttle) +* \[improve, ui] Add transition to show/hide of feedback messages. +* \[improve] Improve performance of file history page. +* \[improve] Show two file history records at least. +* \[fix] show shared sub-folders when copy/move file/folder to “Other Libraries”. +* \[fix] Remove the white edge of webpage when previewing file via OnlyOffice. +* \[fix] Don’t check if user exists when deleting a group member in admin panel. +* \[fix, oauth] Don’t overwrite public registration settings when login a nonexistent user. +* Other UI improvements. + +### 6.2.3 (2017/11/15) + +* Support OAuth. +* WSGI uses 5 processors by default instead of 3 processors each with 5 threads +* \[share] Add "click to select" feature for download/upload links. +* \[admin] Show/edit contact email in admin panel. +* \[admin] Show upload links in admin panel. +* \[fix] Fix Shibboleth login redirection issue, see +* \[fix] In some case failed to unshare a folder. +* \[fix] LDAP search issue. +* \[fix] Fix Safari downloaded file names are encoded like 'test-%2F%4B.doc' if it contains special characters. +* \[fix] Disable client encrypt library creation when creating encrypt library is disabled on server. + +### 6.2.2 (2017/09/25) + +* \[fix] Fix register button can't be clicked in login page +* \[fix] Fix login_success field not exist in sysadmin_extra_userloginlog + +### 6.2.1 (2017/09/22) + +* \[fix] Fix upgrade script for SQLite database +* Add Czech language +* \[ui] Move password setting to a separate section +* \[ui] Add divider to file operation menu +* \[ui] Use high DPI icon in favorites page +* \[ui] Focus on password fields by default +* \[ui] Show feedback message when restore a library to a snapshot +* \[fix] Don't import settings in seafile.conf to database + +### 6.2.0 beta (2017/09/14) + +* Redesign login page, adding a background image. +* Add two factor authentication +* Clean the list of languages +* Add the ability of tagging a snapshot of a library (Use `ENABLE_REPO_SNAPSHOT_LABEL = True` to turn the feature on) +* \[admin] Add an option to enable users to share a library to any groups in the system. +* Use WSGI as the default mode for deploying Seahub. +* Add a field Reference ID to support changing users primary ID in Shibboleth or LDAP +* Improved performance of loading library list +* Support adding a custom user search function () +* Other small UI improvements + +## 6.1 + +If you upgrade from 6.0 and you'd like to use the feature video thumbnail, you need to install ffmpeg package: + +``` +# for ubuntu 16.04 +apt-get install ffmpeg +pip install pillow moviepy + +# for Centos 7 +yum -y install epel-release +rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro +yum -y install ffmpeg ffmpeg-devel +pip install pillow moviepy + +``` + +### 6.1.2 (2017.08.15) + +* Use user's language as lang setting for OnlyOffice +* Improve performance for getting user’s unread messages +* Fix error when uploading files to system default library template +* Users can restore their own deleted libraries +* Improve performance when move or copy multiple files/folders +* Add “details” for libraries, folders and files to show information like how many files in a library/folder +* \[fix] Fix a bug in seaf-gc +* \[fix, api] Fix a bug in creating folder API +* \[admin] Improve performance in getting total file number, used space and total number of devices +* \[fix] Fix MySQL connection pool in Ccnet + +### 6.1.1 (2017.06.15) + +* Disable thumbnail for video files in default +* Enable fixing the email for share link to be fixed in certain language (option SHARE_LINK_EMAIL_LANGUAGE in seahub_setting.py). So admin can force the language for a email of a share link to be always in English, regardless of what language the sender is using. +* The language of the interface of CollaboraOffice/OnlyOffice will be determined by the language of the current user. +* Display the correct image thumbnails in favorites instead of the generic one +* Enable set favicon and logo via admin panel +* Admin can add libraries in admin panel + +### 6.1.0 beta (2017.05.11) + +Web UI Improvement: + +1. Add thumbnail for video files +2. Improved image file view, using thumbnail to view pictures +3. Improve pdf preview in community edition +4. Move items by drap & drop +5. Add create docx/xlsx/pptx in web interface +6. Add OnlyOffice integration +7. Add Collabora integration +8. Support folder upload in community edition +9. Show which client modify a file in history, this will help to find which client accidentally modified a file or deleted a file. + +Improvement for admins: + +1. Admin can set user’s quote, delete users in bulk +2. Support using admin panel in mobile platform +3. Add translation for settings page + +System changes: + +1. Remove wiki by default +2. Upgrade Django to 1.8.18 +3. Clean Ajax API +4. Increase share link token length to 20 characters +5. Upgrade jstree to latest version + +## 6.0 + +Note: If you ever used 6.0.0 or 6.0.1 or 6.0.2 with SQLite as database and encoutered a problem with desktop/mobile client login, follow to fix the problem. + +### 6.0.9 (2017.03.30) + +* Show user' name instead of user's email in notifications sent out by email +* Add config items for setting favicon, disable wiki feature +* Add css id to easily hide user password reset and delete account button +* \[fix] Fix UI bug in restoring a file from snapshot +* \[fix] Fix after renaming a file, the old versions before file rename can't be downloaded +* \[security] Fix XSS problem of the "go back" button in history page and snapshot view page + +### 6.0.8 (2017.02.16) + +Improvement for admin + +* Admin can add/delete group members +* Admin can create group in admin panel +* Show total storage, total number of files, total number of connected devices in the info page of admin panel +* Force users to change password if imported via csv +* Support set user's quota, name when import user via csv +* Set user's quota in user list page +* Add search group by group name +* Use ajax when deleting a user's library in admin panel +* Support logrotate for controller.log +* Add `# -*- coding: utf-8 -*-` to seahub_settings.py, so that admin can use non-ascii characters in the file. +* Ingore white space character in the end of lines in ccnet.conf +* Add a log when a user can't be find in LDAP during login, so that the system admin can know whether it is caused by password error or the user can't be find +* Delete shared libraries information when deleting a user + +Other + +* \[fix] Uploading files with special names lets seaf-server crash +* \[fix] Fix user search when global address book is disabled in CLOUD_MODE +* \[fix] Avoid timeout in some cases when showing a library trash +* Show "the account is inactive" when an inactive account try to login +* \[security] Remove viewer.js to show open document files (ods, odt) because viewer.js is not actively maintained and may have potential security bugs (Thanks to Lukas Reschke from Nextcloud GmbH to report the issue) +* \[fix] Fix PostgreSQL support +* Update Django to 1.8.17 +* Change time_zone to UTC as default +* \[fix] Fix quota check: users can't upload a file if the quota will be exceeded after uploading the file +* \[fix] Fix quota check when copy file from one library to another +* \[fix] Prevent admin from access group's wiki +* \[fix] Fix a bug when download folder in grid view + +### 6.0.7 (2016.12.16) + +* \[fix] Fix generating of password protected link in file view page +* \[fix] Fix .jpg/.JPG image display in IE10 +* Export quota usage in export Excel in user list admin page +* \[fix] Fix admin can't delete broken libraries +* Add "back to previous page" link in trash page, history page +* \[fix] Improve logo show in About page +* \[fix] Fix file encoding for text file editing online +* \[fix] Don't show operation buttons for broken libraries in normal users page + +### 6.0.6 (2016.11.16) + +* \[fix] Fix the shared folder link in the notification message when a user share a folder to another user +* \[fix] Update Django version from 1.8.10 to 1.8.16 +* \[fix] Fix support for PostgreSQL +* \[fix] Fix SQLite database locking problem +* \[fix] Fix the shared folder name is not changed after removing the old share, renaming the folder and re-sharing the folder +* \[fix] Fix sub-folder accidentially show the files in parent folder when the parent folder contains more than 100 files +* \[fix] Fix image preview navigation when there are more than 100 entries in a folder +* \[fix] Fix bug when admin searching unexisting user +* \[fix] Fix jpeg image display in IE10 +* Add support for online view of mov video files +* Make web access token expiring time configurable +* Add an option on server to control block size for web upload files + +### 6.0.5 (2016.10.17) + +* \[fix] Fix API for uploading file by blocks (Used by iOS client when uploading a large file) +* \[fix] Fix a database connection problem in ccnet-server +* \[fix] Fix moved files are still present in local folder until refresh +* \[fix] Fix admin panel can't show deleted libraries + +### 6.0.4 (2016.09.22) + +* \[fix] Fix not able to move files via WebDAV interface +* Check whether the quota will exceed before saving the uploaded file to Seafile via Web UI or API +* \[fix] Fix owner can't restore a deleted file or folder in snapshot +* \[fix] Fix UI of personal profile page +* \[fix] Fix in some cases mobile devices can't be unlinked +* \[fix] Fix connection problem for the latest MariaDB in initialisation script +* \[fix] PNG Thumbnail creation broken in 6.0.3 (getexif failes) +* Make maxNumberOfFiles configurable +* \[fix] Remember the sorting of libraries +* Add Finnish translation +* Video + audio no longer be limited by max preview size + +### 6.0.3 (2016.09.03) + +* \[fix] Fix a bug in sqlite database upgrade script +* \[fix] Fix a bug in database connection pool +* \[fix] Fix a bug in file comment + +### 6.0.2 (2016.09.02) + +* \[fix] Fix a bug in sqlite database table locking +* Update translations +* Support create libraries for Seafile Drive client + +### 6.0.1 beta (2016.08.22) + +* \[fix] Fix default value of created_at in table api2_tokenv2. This bug leads to login problems for desktop and mobile clients. +* \[fix] Fix a bug in generating a password protected share link +* Improve checking the user running Seafile must be the owner of seafile-data. If seafile-data is symbolic link, check the destination folder instead of the symbolic link. +* \[ui] Improve rename operation +* Admin can set library permissions in admin panel +* Show name/contact email in admin panel and enable search user by name/contact email +* Add printing style for markdown +* The “Seafile” in "Welcome to Seafile" message can be customised by SITE_NAME +* Improve sorting of files with numbers +* \[fix] Fix can't view more than 100 files +* \[api] Add admin API to only return LDAP imported user list + +### 6.0.0 beta (2016.08.02) + +* Add full screen Web UI +* Code clean and update Web APIs +* Add file comment +* Improve zip downloading by adding zip progress +* Change of navigation labels +* \[admin] Add group transfer function in admin panel +* Remove number of synced libraries in devices page for simplify the interface and concept +* Update help pages + +## 5.1 + +Warning: + +* The concept of sub-library is removed in version 5.1. You can do selective sync with the latest desktop client +* The group message **reply** function is removed, and the old reply messages will not be shown with the new UI + +Note: when upgrade from 5.1.3 or lower version to 5.1.4+, you need to install python-urllib3 (or python2-urllib3 for Arch Linux) manually: + +``` +# for Ubuntu +sudo apt-get install python-urllib3 +# for CentOS +sudo yum install python-urllib3 + +``` + +### 5.1.4 (2016.07.23) + +* \[fix] Fix seaf-fsck.sh --export fails without database +* \[fix] Fix users with Umlauts in their display name breaks group management and api2/account/info on some special Linux distribution +* Remove user from groups when a user is deleted. +* \[fix] Fix can't generate shared link for read-only shared library +* \[fix] Fix can still view file history after library history is set to "no history". +* \[fix] Fix after moving or deleting multiple selected items in the webinterface, the buttons are lost until reloading +* Check user before start seafile. The user must be the owner of seafile-data directory +* Don't allow emails with very special characters that may containing XSS string to register +* \[fix] During downloading multiple files/folders, show "Total size exceeds limits" instead of "internal server error" when selected items exceeds limits. +* \[fix] When delete a share, only check whether the be-shared user exist or not. This is to avoid the situation that share to a user can't be deleted after the user be deleted. +* Add a notificition to a user if he/she is added to a group +* Improve UI for password change page when forcing password change after admin reset a user's password +* \[fix] Fix duplicated files show in Firefox if the folder name contains single quote ' + +### 5.1.3 (2016.05.30) + +* \[security] Fix permission checking for generating share links +* Add an option (ENABLE_SETTINGS_VIA_WEB) to ignore settings via Web UI (system admin->settings) +* \[fix] Making user search (used in auto-completion) case insensitive + +### 5.1.2 (2016.05.13) + +* \[fix] Fix group rename +* \[fix] Fix group transfer +* Send notifications to members when a new library is shared to a group +* Download multiple selected files from Seahub as a ZIP-file +* Use seafile-data/http-temp to store zip file when downloading a dir +* \[ui] Remember the expanded status of groups in the left hand nav bar +* \[accessibility] Improve accessiblity of library trash/history page by making links for operations selectable by tab. +* \[accessibility] Improve accessiblity of dialogs, add missing labelledby properties for the whole dialog. +* \[accessibility] Improve file/folder upload menu +* list all devices in admin panel +* Add syslog support for seafile.log + +### 5.1.1 (2016.04.08) + +Note: downloading multiple files at once will be added in the next release. + +* A few UI Improvement and fixes +* Add group-discussion (warning: the group message reply function is removed, and the old reply messages will not be shown with the new UI) +* Add an option for disable forcing users to change password (FORCE_PASSWORD_CHANGE, default is True) +* Support new Shibboleth users be created as inactive and activated via Admin later (SHIB_ACTIVATE_AFTER_CREATION , default is True) +* Update jquery to v1.11 + +### 5.1.0 beta (2016.03.22) + +Note: in this version, the group discussion is not re-implement yet. It will be available when the stable verison is released. + +* Redesign navigation +* Rewrite group management +* Improve sorting for large folder +* Remember the sorting option for folder +* Improve devices page +* Update icons for libraries and files +* Remove library settings page, re-implement them with dialogs +* Remove group avatar +* Don't show share menu in top bar when multiple item selected +* Auto-focus on username field when loading the login page +* Remove self-introduction in user profile +* Upgrade to django 1.8 +* Force the user to change password if adding by admin or password reset by admin +* disable add non-existing user to a group diff --git a/manual/client/client.md b/manual/client/client.md new file mode 100644 index 00000000..c9463e51 --- /dev/null +++ b/manual/client/client.md @@ -0,0 +1,30 @@ +# Client + +This manual explains how to setup and run Seafile client from a pre-built package. + +## Components + +Seafile client v3.0 consists of three components: + +* ccnet-daemon: for networking +* seafile-daemon: for file syncing +* seafile-applet: GUI Client + +## Platform Support + +* GUI Client (seafile-applet) + * Availabe on Ubuntu 12.04 or above + * Availabe on Windows XP/Vista/7/8 + * Availabe on Mac OS X 10.6 or above + * Availabe on Android + * Availabe on iOS (App Store) +* Terminal Client (ccnet-daemon, and seafile-applet) + * Runs on Generic Linux + * Runs on Windows XP/Vista/7/8 + * Runs on Mac OS X 10.6 or above + +## Download + +Visit [our download page](http://www.seafile.com/en/download), download the latest client package. + +Changelog: diff --git a/manual/client/seafile_cli.md b/manual/client/seafile_cli.md new file mode 100644 index 00000000..971dc5f5 --- /dev/null +++ b/manual/client/seafile_cli.md @@ -0,0 +1,121 @@ +# Seafile CLI + +## init + +Initialize config file + +usage: seaf-cli -c -o init + +## start + +Start seafile-applet to run a seafile client + +usage: seaf-cli -c -o start + +## start-ccnet + +Start ccnet daemon + +usage: seaf-cli -c -o start-ccnet + +## start-seafile + +Start seafile daemon + +usage: seaf-cli -c \[-w \] -o start-seafile + +## clone + +Clone a repo from seafile server + +A repo id and a url need to be give because this program need to use seafile web +API v2 to fetch repo information. + +usage: seaf-cli -c -r -u \[-w \] -o clone + +## sync + +Try to synchronize a repo + +usage: seaf-cli -c -r -o clone + +## remove + +Try to desynchronize a repo + +usage: seaf-cli -c -r -o remove + +## Usage + +Subcommands: + +``` +init: create config files for seafile client +start: start and run seafile client as daemon +stop: stop seafile client +list: list local liraries +status: show syncing status +download: download a library from seafile server +sync: synchronize an existing folder with a library in + seafile server +desync: desynchronize a library with seafile server + +``` + +\##More details + +Seafile client stores all its configure information in a config dir. The default location is `~/.ccnet`. All the commands below accept an option `-c `. + +## init + +Initialize seafile client. This command initializes the config dir. It also creates sub-directories `seafile-data` and `seafile` under `parent-dir`. `seafile-data` is used to store internal data, while `seafile` is used as the default location put downloaded libraries. + +``` +seaf-cli init [-c ] -d + +``` + +## start + +Start seafile client. This command start `ccnet` and `seaf-daemon`, `ccnet` is the network part of seafile client, `seaf-daemon` manages the files. + +``` +seaf-cli start [-c ] + +``` + +## stop + +Stop seafile client. + +``` +seaf-cli stop [-c ] + +``` + +## Download + +Download a library from seafile server + +``` +seaf-cli download -l -s -d -u [-p ] + +``` + +## sync + +Synchronize a library with an existing folder. + +``` +seaf-cli sync -l -s -d -u [-p ] + +``` + +## desync + +Desynchronize a library from seafile server + +``` +seaf-cli desync -d + +``` diff --git a/manual/config/README.md b/manual/config/README.md new file mode 100644 index 00000000..9f983bc2 --- /dev/null +++ b/manual/config/README.md @@ -0,0 +1,26 @@ +# Server Configuration and Customization + +## Config Files + +**Important**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md). + +There are three config files in the community edition: + +* [ccnet.conf](ccnet-conf.md): contains the LDAP settings +* [seafile.conf](seafile-conf.md): contains settings for seafile daemon and fileserver. +* [seahub_settings.py](seahub_settings_py.md): contains settings for Seahub + +There is one additional config file in the pro edition: + +* [seafevents.conf](seafevents-conf.md): contains settings for search and documents preview + +Note: Since version 5.0.0, you can also modify most of the config items via web interface.The config items are saved in database table (seahub-db/constance_config). They have a higher priority over the items in config files. + +![Seafile Config via Web](../images/seafile-server-config.png) + +## Common Customization Tasks + +* [Options for sending email](sending_email.md) +* [Customize web inferface](seahub_customization.md) +* User Management Options: refer to [seahub_settings.py](seahub_settings_py.md) +* Quota and Download/Upload Limits: refer to [seafile.conf](seafile-conf.md) diff --git a/manual/config/ccnet-conf.md b/manual/config/ccnet-conf.md new file mode 100644 index 00000000..27f1a5a5 --- /dev/null +++ b/manual/config/ccnet-conf.md @@ -0,0 +1,78 @@ +# ccnet.conf + +**Note**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md). + +Ccnet is the internal RPC framework used by Seafile server and also manages the user database. A few useful options are in ccnet.conf. + +``` +[General] + +# Used internally. Don't delete. +ID=eb812fd276432eff33bcdde7506f896eb4769da0 + +# Used internally. Don't delete. +NAME=example + +# This is outside URL for Seahub(Seafile Web). +# The domain part (i.e., www.example.com) will be used in generating share links and download/upload file via web. +# Note: Outside URL means "if you use Nginx, it should be the Nginx's address" +SERVICE_URL=http://www.example.com:8000 + + +[Network] +# Not used anymore +PORT=10001 + +[Client] +# Not used anymore +PORT=13419 + +``` + +## Enabled Slow Log + +Since Seafile-pro-6.3.10, you can enable ccnet-server's RPC slow log to do performance analysis. The slow log is enabled by default. + +If you want to configure related options, add the options to ccnet.conf: + +``` +[Slow_log] +# default to true +ENABLE_SLOW_LOG = true +# the unit of all slow log thresholds is millisecond. +# default to 5000 milliseconds, only RPC queries processed for longer than 5000 milliseconds will be logged. +RPC_SLOW_THRESHOLD = 5000 + +``` + +You can find `ccnet_slow_rpc.log` in `logs/slow_logs`. You can also use [log-rotate](../deploy/using_logrotate.md) to rotate the log files. You just need to send `SIGUSR2` to `ccnet-server` process. The slow log file will be closed and reopened. + +**Note**: You should restart seafile so that your changes take effect. + +``` +cd seafile-server +./seafile.sh restart + +``` + +## Changing MySQL Connection Pool Size + +When you configure ccnet to use MySQL, the default connection pool size is 100, which should be enough for most use cases. You can change this value by adding following options to ccnet.conf: + +``` +[Database] +...... +# Use larger connection pool +MAX_CONNECTIONS = 200 + +``` + +## Changing name of table 'Group' + +There is a table named 'Group' in ccnet database, however, 'Group' is the key word in some of databases, you can configure this table name to avoid conflicts if necessary: + +``` +[GROUP] +TABLE_NAME=new_group_name + +``` diff --git a/manual/config/customize_email_notifications.md b/manual/config/customize_email_notifications.md new file mode 100644 index 00000000..cf91933a --- /dev/null +++ b/manual/config/customize_email_notifications.md @@ -0,0 +1,49 @@ +# Customize Email Notifications + +**Note:** Subject line may vary between different releases, this is based on Release 2.0.1. Restart Seahub so that your changes take effect. + +## User reset his/her password + +**Subject** + +seahub/seahub/auth/forms.py line:103 + +**Body** + +seahub/seahub/templates/registration/password_reset_email.html + +Note: You can copy password_reset_email.html to `seahub-data/custom/templates/registration/password_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade. + +## System admin add new member + +**Subject** + +seahub/seahub/views/sysadmin.py line:424 + +**Body** + +seahub/seahub/templates/sysadmin/user_add_email.html + +Note: You can copy user_add_email.html to `seahub-data/custom/templates/sysadmin/user_add_email.html` and modify the new one. In this way, the customization will be maintained after upgrade. + +## System admin reset user password + +**Subject** + +seahub/seahub/views/sysadmin.py line:368 + +**Body** + +seahub/seahub/templates/sysadmin/user_reset_email.html + +Note: You can copy user_reset_email.html to `seahub-data/custom/templates/sysadmin/user_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade. + +## User send file/folder share link + +**Subject** + +seahub/seahub/share/views.py line:668 + +**Body** + +seahub/seahub/templates/shared_link_email.html diff --git a/manual/config/seafevents-conf.md b/manual/config/seafevents-conf.md new file mode 100644 index 00000000..448344db --- /dev/null +++ b/manual/config/seafevents-conf.md @@ -0,0 +1,88 @@ +# Configurable Options + +**Note**: Since Seafile Server 5.0.0, all config files have been moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md). + +In the file `seafevents.conf`: + +``` +[FILE HISTORY] +enabled = true +threshold = 5 +suffix = md,txt,... + +## From seafile 7.0.0 +## Recording file history to database for fast access is enabled by default for 'Markdown, .txt, ppt, pptx, doc, docx, xls, xlsx'. +## After enable the feature, the old histories version for markdown, doc, docx files will not be list in the history page. +## (Only new histories that stored in database will be listed) But the users can still access the old versions in the library snapshots. +## For file types not listed in the suffix , histories version will be scanned from the library history as before. +## The feature default is enable. You can set the 'enabled = false' to disable the feature. + +## The 'threshold' is the time threshold for recording the historical version of a file, in minutes, the default is 5 minutes. +## This means that if the interval between two adjacent file saves is less than 5 minutes, the two file changes will be merged and recorded as a historical version. +## When set to 0, there is no time limit, which means that each save will generate a separate historical version. + +## If you need to modify the file list format, you can add 'suffix = md, txt, ...' configuration items to achieve. + +[AUDIT] +## Audit log is disabled default. +## Leads to additional SQL tables being filled up, make sure your SQL server is able to handle it. +enabled = true + +[STATISTICS] +## must be "true" to enable statistics +enabled = false + +[INDEX FILES] +## must be "true" to enable search +enabled = true + +## The interval the search index is updated. Can be s(seconds), m(minutes), h(hours), d(days) +interval=10m + +## From Seafile 6.3.0 pro, in order to speed up the full-text search speed, you should setup +highlight = fvh + +## If true, indexes the contents of office/pdf files while updating search index +## Note: If you change this option from "false" to "true", then you need to clear the search index and update the index again. +## Refer to file search manual for details. +index_office_pdf=false + +## The default size limit for doc, docx, ppt, pptx, xls, xlsx and pdf files. Files larger than this will not be indexed. +## Since version 6.2.0 +## Unit: MB +office_file_size_limit = 10 + +[SEAHUB EMAIL] + +## must be "true" to enable user email notifications when there are new unread notifications +enabled = true + +## interval of sending Seahub email. Can be s(seconds), m(minutes), h(hours), d(days) +interval = 30m + + +[OFFICE CONVERTER] + +## must be "true" to enable office/pdf online preview +enabled = true + +## how many libreoffice worker processes should run concurrenlty +workers = 1 + +## where to store the converted office/pdf files. Deafult is /tmp/. +outputdir = /tmp/ + +[EVENTS PUBLISH] +## must be "true" to enable publish events messages +enabled = false +## message format: repo-update\t{{repo_id}}}\t{{commit_id}} +## Currently only support redis message queue +mq_type = redis + +[REDIS] +## redis use the 0 database and "repo_update" channel +server = 192.168.1.1 +port = 6379 +password = q!1w@#123 + +``` diff --git a/manual/config/seafile-conf.md b/manual/config/seafile-conf.md new file mode 100644 index 00000000..28a315fe --- /dev/null +++ b/manual/config/seafile-conf.md @@ -0,0 +1,183 @@ +# Seafile.conf settings + +**Note**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md). + +**Important**: Every entry in this configuration file is **case-sensitive**. + +You need to restart seafile and seahub so that your changes take effect. + +``` +./seahub.sh restart +./seafile.sh restart + +``` + +## Storage Quota Setting + +You may set a default quota (e.g. 2GB) for all users. To do this, just add the following lines to `seafile.conf` file + +``` +[quota] +# default user quota in GB, integer only +default = 2 + +``` + +This setting applies to all users. If you want to set quota for a specific user, you may log in to seahub website as administrator, then set it in "System Admin" page. + +## Default history length limit + +If you don't want to keep all file revision history, you may set a default history length limit for all libraries. + +``` +[history] +keep_days = days of history to keep + +``` + +## Default trash expiration time + +The default time for automatic cleanup of the libraries trash is 30 days.You can modify this time by adding the following configuration: + +``` +[library_trash] +expire_days = 60 + +``` + +## System Trash + +Seafile uses a system trash, where deleted libraries will be moved to. In this way, accidentally deleted libraries can be recovered by system admin. + +## Seafile fileserver configuration + +The configuration of seafile fileserver is in the `[fileserver]` section of the file `seafile.conf` + +``` +[fileserver] +# bind address for fileserver +# default to 0.0.0.0, if deployed without proxy: no access restriction +# set to 127.0.0.1, if used with local proxy: only access by local +host = 127.0.0.1 +# tcp port for fileserver +port = 8082 + +``` + +Since Community Edition 6.2 and Pro Edition 6.1.9, you can set the number of worker threads to server http requests. Default value is 10, which is a good value for most use cases. + +``` +[fileserver] +worker_threads = 15 + +``` + +Change upload/download settings. + +``` +[fileserver] +# Set maximum upload file size to 200M. +# If not configured, there is no file size limit for uploading. +max_upload_size=200 + +# Set maximum download directory size to 200M. +# Default is 100M. +max_download_dir_size=200 + +``` + +After a file is uploaded via the web interface, or the cloud file browser in the client, it needs to be divided into fixed size blocks and stored into storage backend. We call this procedure "indexing". By default, the file server uses 1 thread to sequentially index the file and store the blocks one by one. This is suitable for most cases. But if you're using S3/Ceph/Swift backends, you may have more bandwidth in the storage backend for storing multiple blocks in parallel. We provide an option to define the number of concurrent threads in indexing: + +``` +[fileserver] +max_indexing_threads = 10 + +``` + +When users upload files in the web interface (seahub), file server divides the file into fixed size blocks. Default blocks size for web uploaded files is 1MB. The block size can be set here. + +``` +[fileserver] +#Set block size to 2MB +fixed_block_size=2 + +``` + +When users upload files in the web interface, file server assigns an token to authorize the upload operation. This token is valid for 1 hour by default. When uploading a large file via WAN, the upload time can be longer than 1 hour. You can change the token expire time to a larger value. + +``` +[fileserver] +#Set uploading time limit to 3600s +web_token_expire_time=3600 + +``` + +You can download a folder as a zip archive from seahub, but some zip software +on windows doesn't support UTF-8, in which case you can use the "windows_encoding" +settings to solve it. + +``` +[zip] +# The file name encoding of the downloaded zip file. +windows_encoding = iso-8859-1 + +``` + +The "httptemp" directory contains temporary files created during file upload and zip download. In some cases the temporary files are not cleaned up after the file transfer was interrupted. Starting from 7.1.5 version, file server will regularly scan the "httptemp" directory to remove files created long time ago. + +``` +[fileserver] +# After how much time a temp file will be removed. The unit is in seconds. Default to 3 days. +http_temp_file_ttl = x +# File scan interval. The unit is in seconds. Default to 1 hour. +http_temp_scan_interval = x + +``` + +## Database configuration + +The whole database configuration is stored in the `[database]` section of the configuration file, whether you use SQLite, MySQL or PostgreSQL. + +``` +[database] +type=mysql +host=127.0.0.1 +user=root +password=root +db_name=seafile_db +connection_charset=utf8 +max_connections=100 + +``` + +When you configure seafile server to use MySQL, the default connection pool size is 100, which should be enough for most use cases. + +## Change File Lock Auto Expire time (Pro edition only) + +The Seafile Pro server auto expires file locks after some time, to prevent a locked file being locked for too long. The expire time can be tune in seafile.conf file. + +``` +[file_lock] +default_expire_hours = 6 + +``` + +The default is 12 hours. + +## Enabled Slow Log + +Since Seafile-pro-6.3.10, you can enable seaf-server's RPC slow log to do performance analysis.The slow log is enabled by default. + +If you want to configure related options, add the options to seafile.conf: + +``` +[slow_log] +# default to true +enable_slow_log = true +# the unit of all slow log thresholds is millisecond. +# default to 5000 milliseconds, only RPC queries processed for longer than 5000 milliseconds will be logged. +rpc_slow_threshold = 5000 + +``` + +You can find `seafile_slow_rpc.log` in `logs/slow_logs`. You can also use [log-rotate](../deploy/using_logrotate.md) to rotate the log files. You just need to send `SIGUSR2` to `seaf-server` process. The slow log file will be closed and reopened. diff --git a/manual/config/seahub_customization.md b/manual/config/seahub_customization.md new file mode 100644 index 00000000..fca6f4da --- /dev/null +++ b/manual/config/seahub_customization.md @@ -0,0 +1,141 @@ +# Seahub customization + +## Customize Seahub Logo and CSS + +Create a folder `/seahub-data/custom`. Create a symbolic link in `seafile-server-latest/seahub/media` by `ln -s ../../../seahub-data/custom custom`. + +During upgrading, Seafile upgrade script will create symbolic link automatically to preserve your customization. + +### Customize Logo + +1. Add your logo file to `custom/` +2. Overwrite `LOGO_PATH` in `seahub_settings.py` + + ```python + LOGO_PATH = 'custom/mylogo.png' + + ``` + +3. Default width and height for logo is 149px and 32px, you may need to change that according to yours. + + ```python + LOGO_WIDTH = 149 + LOGO_HEIGHT = 32 + + ``` + +### Customize Favicon + +1. Add your favicon file to `custom/` +2. Overwrite `FAVICON_PATH` in `seahub_settings.py` + +```python +FAVICON_PATH = 'custom/favicon.png' + +``` + +### Customize Seahub CSS + +1. Add your css file to `custom/`, for example, `custom.css` +2. Overwrite `BRANDING_CSS` in `seahub_settings.py` + + ```python + BRANDING_CSS = 'custom/custom.css' + + ``` + +You can find a good example of customized css file here: + +## Customize help page + +**Note:** Since version 2.1. + +First go to the custom folder + +``` +cd /seahub-data/custom + +``` + +then run the following commands + +``` +mkdir templates +mkdir templates/help +cp ../../seafile-server-latest/seahub/seahub/help/templates/help/install.html templates/help/ + +``` + +Modify the `templates/help/install.html` file and save it. You will see the new help page. + +## Add an extra note in sharing dialog + +You can add an extra note in sharing dialog in seahub_settings.py + +``` +ADDITIONAL_SHARE_DIALOG_NOTE = { + 'title': 'Attention! Read before shareing files:', + 'content': 'Do not share personal or confidential official data with **.' + } + +``` + +Result: + + + +## Add custom navigation items + +Since Pro 7.0.9, Seafile supports adding some custom navigation entries to the home page for quick access. This requires you to add the following configuration information to the `conf/seahub_settings.py` configuration file: + +``` +CUSTOM_NAV_ITEMS = [ + {'icon': 'sf2-icon-star', + 'desc': 'Custom navigation 1', + 'link': 'https://www.seafile.com' + }, + {'icon': 'sf2-icon-wiki-view', + 'desc': 'Custom navigation 2', + 'link': 'https://download.seafile.com/published/seafile-manual/home.md' + }, + {'icon': 'sf2-icon-wrench', + 'desc': 'Custom navigation 3', + 'link': 'http://www.example.com' + }, +] + +``` + +**Note: The **`icon` **field currently only supports icons in Seafile that begin with **`sf2-icon`**. You can find the list of icons here: ** + +Then restart the Seahub service to take effect. + +Once you log in to the Seafile system homepage again, you will see the new navigation entry under the `Tools` navigation bar on the left. + +## Add more links to the bottom bar + +``` +ADDITIONAL_APP_BOTTOM_LINKS = { + 'seafile': 'https://example.seahub.com/seahub', + 'dtable-web': 'https://example.seahub.com/web' +} + +``` + +Result: + + + +## Add more links to about dialog + +``` +ADDITIONAL_ABOUT_DIALOG_LINKS = { + 'seafile': 'https://example.seahub.com/seahub', + 'dtable-web': 'https://example.seahub.com/dtable-web' +} + +``` + +Result: + + diff --git a/manual/config/seahub_settings_py.md b/manual/config/seahub_settings_py.md new file mode 100644 index 00000000..bb97ecac --- /dev/null +++ b/manual/config/seahub_settings_py.md @@ -0,0 +1,471 @@ +# Seahub Settings + +Note: You can also modify most of the config items via web interface. The config items are saved in database table (seahub-db/constance_config). They have a higher priority over the items in config files. If you want to disable settings via web interface, you can add `ENABLE_SETTINGS_VIA_WEB = False` to `seahub_settings.py`. + +## Sending Email Notifications on Seahub + +Refer to [email sending documentation](sending_email.md). + +## Memcached + +Seahub caches items(avatars, profiles, etc) on file system by default(/tmp/seahub_cache/). You can replace with Memcached. + +Refer to ["add memcached"](../deploy/add_memcached.md). + +## Security settings + +```python +# For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com']. +# Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details. +ALLOWED_HOSTS = ['.myseafile.com'] + +``` + +## User management options + +The following options affect user registration, password and session. + +```python +# Enalbe or disalbe registration on web. Default is `False`. +ENABLE_SIGNUP = False + +# Activate or deactivate user when registration complete. Default is `True`. +# If set to `False`, new users need to be activated by admin in admin panel. +ACTIVATE_AFTER_REGISTRATION = False + +# Whether to send email when a system admin adding a new member. Default is `True`. +SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True + +# Whether to send email when a system admin resetting a user's password. Default is `True`. +SEND_EMAIL_ON_RESETTING_USER_PASSWD = True + +# Send system admin notify email when user registration is complete. Default is `False`. +NOTIFY_ADMIN_AFTER_REGISTRATION = True + +# Remember days for login. Default is 7 +LOGIN_REMEMBER_DAYS = 7 + +# Attempt limit before showing a captcha when login. +LOGIN_ATTEMPT_LIMIT = 3 + +# deactivate user account when login attempts exceed limit +# Since version 5.1.2 or pro 5.1.3 +FREEZE_USER_ON_LOGIN_FAILED = False + +# mininum length for user's password +USER_PASSWORD_MIN_LENGTH = 6 + +# LEVEL based on four types of input: +# num, upper letter, lower letter, other symbols +# '3' means password must have at least 3 types of the above. +USER_PASSWORD_STRENGTH_LEVEL = 3 + +# default False, only check USER_PASSWORD_MIN_LENGTH +# when True, check password strength level, STRONG(or above) is allowed +USER_STRONG_PASSWORD_REQUIRED = False + +# Force user to change password when admin add/reset a user. +# Added in 5.1.1, deafults to True. +FORCE_PASSWORD_CHANGE = True + +# Age of cookie, in seconds (default: 2 weeks). +SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 + +# Whether a user's session cookie expires when the Web browser is closed. +SESSION_EXPIRE_AT_BROWSER_CLOSE = False + +# Whether to save the session data on every request. Default is `False` +SESSION_SAVE_EVERY_REQUEST = False + +# Whether enable the feature "published library". Default is `False` +# Since 6.1.0 CE +ENABLE_WIKI = True + +# In old version, if you use Single Sign On, the password is not saved in Seafile. +# Users can't use WebDAV because Seafile can't check whether the password is correct. +# Since version 6.3.8, you can enable this option to let user's to specific a password for WebDAV login. +# Users login via SSO can use this password to login in WebDAV. +# Enable the feature. pycryptodome should be installed first. +# sudo pip install pycryptodome==3.7.2 +ENABLE_WEBDAV_SECRET = True + +# Since version 7.0.9, you can force a full user to log in with a two factor authentication. +# The prerequisite is that the administrator should 'enable two factor authentication' in the 'System Admin -> Settings' page. +# Then you can add the following configuration information to the configuration file. +ENABLE_FORCE_2FA_TO_ALL_USERS = True + +``` + +## Library snapshot label feature + +``` +# Turn on this option to let users to add a label to a library snapshot. Default is `False` +ENABLE_REPO_SNAPSHOT_LABEL = False + +``` + +## Library options + +Options for libraries: + +```python +# if enable create encrypted library +ENABLE_ENCRYPTED_LIBRARY = True + +# version for encrypted library +# should only be `2` or `4`. +# version 3 is insecure (using AES128 encryption) so it's not recommended any more. +ENCRYPTED_LIBRARY_VERSION = 2 + +# mininum length for password of encrypted library +REPO_PASSWORD_MIN_LENGTH = 8 + +# mininum length for password for share link (since version 4.4) +SHARE_LINK_PASSWORD_MIN_LENGTH = 8 + +# Default expire days for share link (since version 6.3.8) +# Once this value is configured, the user can no longer generate an share link with no expiration time. +# If the expiration value is not set when the share link is generated, the value configured here will be used. +SHARE_LINK_EXPIRE_DAYS_DEFAULT = 5 + +# minimum expire days for share link (since version 6.3.6) +# SHARE_LINK_EXPIRE_DAYS_MIN should be less than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set). +SHARE_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit. + +# maximum expire days for share link (since version 6.3.6) +# SHARE_LINK_EXPIRE_DAYS_MIN should be greater than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set). +SHARE_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit. + +# Default expire days for upload link (since version 7.1.6) +# Once this value is configured, the user can no longer generate an upload link with no expiration time. +# If the expiration value is not set when the upload link is generated, the value configured here will be used. +UPLOAD_LINK_EXPIRE_DAYS_DEFAULT = 5 + +# minimum expire days for upload link (since version 7.1.6) +# UPLOAD_LINK_EXPIRE_DAYS_MIN should be less than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set). +UPLOAD_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit. + +# maximum expire days for upload link (since version 7.1.6) +# UPLOAD_LINK_EXPIRE_DAYS_MAX should be greater than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set). +UPLOAD_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit. + +# force user login when view file/folder share link (since version 6.3.6) +SHARE_LINK_LOGIN_REQUIRED = True + +# enable water mark when view(not edit) file in web browser (since version 6.3.6) +ENABLE_WATERMARK = True + +# Disable sync with any folder. Default is `False` +# NOTE: since version 4.2.4 +DISABLE_SYNC_WITH_ANY_FOLDER = True + +# Enable or disable library history setting +ENABLE_REPO_HISTORY_SETTING = True + +# Enable or disable normal user to create organization libraries +# Since version 5.0.5 +ENABLE_USER_CREATE_ORG_REPO = True + +# Enable or disable user share library to any group +# Since version 6.2.0 +ENABLE_SHARE_TO_ALL_GROUPS = True + +# Enable or disable user to clean trash (default is True) +# Since version 6.3.6 +ENABLE_USER_CLEAN_TRASH = True + +# Add a report abuse button on download links. (since version 7.1.0) +# Users can report abuse on the share link page, fill in the report type, contact information, and description. +# Default is false. +ENABLE_SHARE_LINK_REPORT_ABUSE = True + +``` + +Options for online file preview: + +```python +# Whether to use pdf.js to view pdf files online. Default is `True`, you can turn it off. +# NOTE: since version 1.4. +USE_PDFJS = True + +# Online preview maximum file size, defaults to 30M. +FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024 + +# Extensions of previewed text files. +# NOTE: since version 6.1.1 +TEXT_PREVIEW_EXT = """ac, am, bat, c, cc, cmake, cpp, cs, css, diff, el, h, html, +htm, java, js, json, less, make, org, php, pl, properties, py, rb, +scala, script, sh, sql, txt, text, tex, vi, vim, xhtml, xml, log, csv, +groovy, rst, patch, go""" + +# Enable or disable thumbnails +# NOTE: since version 4.0.2 +ENABLE_THUMBNAIL = True + +# Seafile only generates thumbnails for images smaller than the following size. +# Since version 6.3.8 pro, suport the psd online preview. +THUMBNAIL_IMAGE_SIZE_LIMIT = 30 # MB + +# Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first. +# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html +# NOTE: this option is deprecated in version 7.1 +ENABLE_VIDEO_THUMBNAIL = False + +# Use the frame at 5 second as thumbnail +# NOTE: this option is deprecated in version 7.1 +THUMBNAIL_VIDEO_FRAME_TIME = 5 + +# Absolute filesystem path to the directory that will hold thumbnail files. +THUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/' + +# Default size for picture preview. Enlarge this size can improve the preview quality. +# NOTE: since version 6.1.1 +THUMBNAIL_SIZE_FOR_ORIGINAL = 1024 + +``` + +## Cloud Mode + +You should enable cloud mode if you use Seafile with an unknown user base. It disables the organization tab in Seahub's website to ensure that users can't access the user list. Cloud mode provides some nice features like sharing content with unregistered users and sending invitations to them. Therefore you also want to enable user registration. Through the global address book (since version 4.2.3) you can do a search for every user account. So you probably want to disable it. + +```python +# Enable cloude mode and hide `Organization` tab. +CLOUD_MODE = True + +# Disable global address book +ENABLE_GLOBAL_ADDRESSBOOK = False + +``` + +## External authentication + +```python +# Enable authentication with ADFS +# Default is False +# Since 6.0.9 +ENABLE_ADFS_LOGIN = True + +# Enable authentication wit Kerberos +# Default is False +ENABLE_KRB5_LOGIN = True + +# Enable authentication with Shibboleth +# Default is False +ENABLE_SHIBBOLETH_LOGIN = True + +``` + +## Other options + +```python +# Disable settings via Web interface in system admin->settings +# Default is True +# Since 5.1.3 +ENABLE_SETTINGS_VIA_WEB = False + +# Choices can be found here: +# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name +# although not all choices may be available on all operating systems. +# If running in a Windows environment this must be set to the same as your +# system time zone. +TIME_ZONE = 'UTC' + +# Language code for this installation. All choices can be found here: +# http://www.i18nguy.com/unicode/language-identifiers.html +# Default language for sending emails. +LANGUAGE_CODE = 'en' + +# Custom language code choice. +LANGUAGES = ( + ('en', 'English'), + ('zh-cn', '简体中文'), + ('zh-tw', '繁體中文'), +) + +# Set this to your website/company's name. This is contained in email notifications and welcome message when user login for the first time. +SITE_NAME = 'Seafile' + +# Browser tab's title +SITE_TITLE = 'Private Seafile' + +# If you don't want to run seahub website on your site's root path, set this option to your preferred path. +# e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/. +SITE_ROOT = '/' + +# Max number of files when user upload file/folder. +# Since version 6.0.4 +MAX_NUMBER_OF_FILES_FOR_FILEUPLOAD = 500 + +# Control the language that send email. Default to user's current language. +# Since version 6.1.1 +SHARE_LINK_EMAIL_LANGUAGE = '' + +# Interval for browser requests unread notifications +# Since PRO 6.1.4 or CE 6.1.2 +UNREAD_NOTIFICATIONS_REQUEST_INTERVAL = 3 * 60 # seconds + +# Whether to allow user to delete account, change login password or update basic user +# info on profile page. +# Since PRO 6.3.10 +ENABLE_DELETE_ACCOUNT = False +ENABLE_UPDATE_USER_INFO = False +ENABLE_CHANGE_PASSWORD = False + +``` + +## Pro edition only options + +```python +# Whether to show the used traffic in user's profile popup dialog. Default is True +SHOW_TRAFFIC = True + +# Allow administrator to view user's file in UNENCRYPTED libraries +# through Libraries page in System Admin. Default is False. +ENABLE_SYS_ADMIN_VIEW_REPO = True + +# For un-login users, providing an email before downloading or uploading on shared link page. +# Since version 5.1.4 +ENABLE_SHARE_LINK_AUDIT = True + +# Check virus after upload files to shared upload links. Defaults to `False`. +# Since version 6.0 +ENABLE_UPLOAD_LINK_VIRUS_CHECK = True + +# Enable system admin add T&C, all users need to accept terms before using. Defaults to `False`. +# Since version 6.0 +ENABLE_TERMS_AND_CONDITIONS = True + +# Enable two factor authentication for accounts. Defaults to `False`. +# Since version 6.0 +ENABLE_TWO_FACTOR_AUTH = True + +# Enable user select a template when he/she creates library. +# When user select a template, Seafile will create folders releated to the pattern automaticly. +# Since version 6.0 +LIBRARY_TEMPLATES = { + 'Technology': ['/Develop/Python', '/Test'], + 'Finance': ['/Current assets', '/Fixed assets/Computer'] +} + +# Send email to these email addresses when a virus is detected. +# This list can be any valid email address, not necessarily the emails of Seafile user. +# Since version 6.0.8 +VIRUS_SCAN_NOTIFY_LIST = ['user_a@seafile.com', 'user_b@seafile.com'] + +# Enable a user to change password in 'settings' page. Default to `True` +# Since version 6.2.11 +ENABLE_CHANGE_PASSWORD = True + +# Enable file comments. Default to `True` +# Since version 6.2.11 +ENABLE_FILE_COMMENT = True + +# If show contact email when search user. +ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER = True + +``` + +## RESTful API + +``` +# API throttling related settings. Enlarger the rates if you got 429 response code during API calls. +REST_FRAMEWORK = { + 'DEFAULT_THROTTLE_RATES': { + 'ping': '600/minute', + 'anon': '5/minute', + 'user': '300/minute', + }, + 'UNICODE_JSON': False, +} + +# Throtting whitelist used to disable throttle for certain IPs. +# e.g. REST_FRAMEWORK_THROTTING_WHITELIST = ['127.0.0.1', '192.168.1.1'] +# Please make sure `REMOTE_ADDR` header is configured in Nginx conf according to https://manual.seafile.com/deploy/deploy_with_nginx.html. +REST_FRAMEWORK_THROTTING_WHITELIST = [] + +``` + +## Seahub Custom Functions + +Since version 6.2, you can define a custom function to modify the result of user search function. + +For example, if you want to limit user only search users in the same institution, you can define `custom_search_user` function in `{seafile install path}/conf/seahub_custom_functions/__init__.py` + +Code example: + +``` +import os +import sys + +current_path = os.path.dirname(os.path.abspath(__file__)) +seahub_dir = os.path.join(current_path, \ + '../../seafile-server-latest/seahub/seahub') +sys.path.append(seahub_dir) + +from seahub.profile.models import Profile +def custom_search_user(request, emails): + + institution_name = '' + + username = request.user.username + profile = Profile.objects.get_profile_by_user(username) + if profile: + institution_name = profile.institution + + inst_users = [p.user for p in + Profile.objects.filter(institution=institution_name)] + + filtered_emails = [] + for email in emails: + if email in inst_users: + filtered_emails.append(email) + + return filtered_emails + +``` + +> **NOTE**, you should NOT change the name of `custom_search_user` and `seahub_custom_functions/__init__.py` + +Since version 6.2.5 pro, if you enable the **ENABLE_SHARE_TO_ALL_GROUPS** feather on sysadmin settings page, you can also define a custom function to return the groups a user can share library to. + +For example, if you want to let a user to share library to both its groups and the groups of user `test@test.com`, you can define a `custom_get_groups` function in `{seafile install path}/conf/seahub_custom_functions/__init__.py` + +Code example: + +``` +import os +import sys + +current_path = os.path.dirname(os.path.abspath(__file__)) +seaserv_dir = os.path.join(current_path, \ + '../../seafile-server-latest/seafile/lib64/python2.7/site-packages') +sys.path.append(seaserv_dir) + +def custom_get_groups(request): + + from seaserv import ccnet_api + + groups = [] + username = request.user.username + + # for current user + groups += ccnet_api.get_groups(username) + + # for 'test@test.com' user + groups += ccnet_api.get_groups('test@test.com') + + return groups + +``` + +> **NOTE**, you should NOT change the name of `custom_get_groups` and `seahub_custom_functions/__init__.py` + +## Note + +* You need to restart seahub so that your changes take effect. +* If your changes don't take effect, You may need to delete 'seahub_setting.pyc'. (A cache file) + +```bash +./seahub.sh restart + +``` diff --git a/manual/config/sending_email.md b/manual/config/sending_email.md new file mode 100644 index 00000000..7f7f088d --- /dev/null +++ b/manual/config/sending_email.md @@ -0,0 +1,191 @@ +# Sending Email Notifications on Seahub + +## Types of Email Sending in Seafile + +There are currently five types of emails sent in Seafile: + +* User reset his/her password +* System admin add new member +* System admin reset user password +* User send file/folder share link and upload link +* \[pro] Reminder of unread notifications (It is sent by a background task which is pro edition only) + +The first four types of email are sent immediately. The last type is sent by a background task running periodically. + +## Options of Email Sending + +Please add the following lines to seahub_settings.py to enable email sending. + +```python +EMAIL_USE_TLS = False +EMAIL_HOST = 'smtp.example.com' # smpt server +EMAIL_HOST_USER = 'username@example.com' # username and domain +EMAIL_HOST_PASSWORD = 'password' # password +EMAIL_PORT = 25 +DEFAULT_FROM_EMAIL = EMAIL_HOST_USER +SERVER_EMAIL = EMAIL_HOST_USER + +``` + +If you are using Gmail as email server, use following lines: + +```python +EMAIL_USE_TLS = True +EMAIL_HOST = 'smtp.gmail.com' +EMAIL_HOST_USER = 'username@gmail.com' +EMAIL_HOST_PASSWORD = 'password' +EMAIL_PORT = 587 +DEFAULT_FROM_EMAIL = EMAIL_HOST_USER +SERVER_EMAIL = EMAIL_HOST_USER + +``` + +**Note**: If your email service still does not work, you can checkout the log file `logs/seahub.log` to see what may cause the problem. For a complete email notification list, please refer to [email notification list](customize_email_notifications.md). + +**Note2**: If you want to use the email service without authentication leaf `EMAIL_HOST_USER` and `EMAIL_HOST_PASSWORD` **blank** (`''`). (But notice that the emails then will be sent without a `From:` address.) + +**Note3**: About using SSL connection (using port 465) + +Port 587 is being used to establish a TLS connection and port 465 is being used to establish an SSL connection. Starting from Django 1.8, it supports both. Until version 5.1 Seafile only supported Django 1.5, which only supports TLS connections. If your email server only supports SSL connections and you are using a Seafile Server version below 5.1, you can find a workaround here: [django-smtp-ssl](https://github.com/bancek/django-smtp-ssl). + +## Change the `sender` and `reply to` of email + +You can change the sender and reply to field of email by add the following settings to seahub_settings.py. This only affects email sending for file share link. + +```python +# Replace default from email with user's email or not, defaults to ``False`` +REPLACE_FROM_EMAIL = True + +# Set reply-to header to user's email or not, defaults to ``False``. For details, +# please refer to http://www.w3.org/Protocols/rfc822/ +ADD_REPLY_TO_HEADER = True + +``` + +## Config background email sending task (Pro Edition Only) + +The background task will run periodically to check whether an user have new unread notifications. If there are any, it will send a reminder email to that user. The background email sending task is controlled by `seafevents.conf`. + +``` +[SEAHUB EMAIL] + +## must be "true" to enable user email notifications when there are new unread notifications +enabled = true + +## interval of sending seahub email. Can be s(seconds), m(minutes), h(hours), d(days) +interval = 30m + +``` + +## Customize email messages + +The simplest way to customize the email message is setting the `SITE_NAME` variable in seahub_settings.py. If it is not enough for your case, you can customize the email templates. + +**Note:** Subject line may vary between different releases, this is based on Release 5.0.0. Restart Seahub so that your changes take effect. + +### The email base template + +[seahub/seahub/templates/email_base.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/email_base.html) + +Note: You can copy email_base.html to `seahub-data/custom/templates/email_base.html` and modify the new one. In this way, the customization will be maintained after upgrade. + +### User reset his/her password + +**Subject** + +seahub/seahub/auth/forms.py line:127 + +```python + send_html_email(_("Reset Password on %s") % site_name, + email_template_name, c, None, [user.username]) + +``` + +**Body** + +[seahub/seahub/templates/registration/password_reset_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/registration/password_reset_email.html) + +Note: You can copy password_reset_email.html to `seahub-data/custom/templates/registration/password_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade. + +### System admin add new member + +**Subject** + +seahub/seahub/views/sysadmin.py line:424 + +``` +send_html_email(_(u'Password has been reset on %s') % SITE_NAME, + 'sysadmin/user_reset_email.html', c, None, [email]) + +``` + +**Body** + +[seahub/seahub/templates/sysadmin/user_add_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/sysadmin/user_add_email.html) + +Note: You can copy user_add_email.html to `seahub-data/custom/templates/sysadmin/user_add_email.html` and modify the new one. In this way, the customization will be maintained after upgrade. + +### System admin reset user password + +**Subject** + +seahub/seahub/views/sysadmin.py line:1224 + +```python +send_html_email(_(u'Password has been reset on %s') % SITE_NAME, + 'sysadmin/user_reset_email.html', c, None, [email]) + +``` + +**Body** + +[seahub/seahub/templates/sysadmin/user_reset_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/sysadmin/user_reset_email.html) + +Note: You can copy user_reset_email.html to `seahub-data/custom/templates/sysadmin/user_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade. + +### User send file/folder share link + +**Subject** + +seahub/seahub/share/views.py line:913 + +```python +try: + if file_shared_type == 'f': + c['file_shared_type'] = _(u"file") + send_html_email(_(u'A file is shared to you on %s') % SITE_NAME, + 'shared_link_email.html', + c, from_email, [to_email], + reply_to=reply_to + ) + else: + c['file_shared_type'] = _(u"directory") + send_html_email(_(u'A directory is shared to you on %s') % SITE_NAME, + 'shared_link_email.html', + c, from_email, [to_email], + reply_to=reply_to) + +``` + +**Body** + +[seahub/seahub/templates/shared_link_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/shared_link_email.html) + +[seahub/seahub/templates/shared_upload_link_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/shared_upload_link_email.html) + +Note: You can copy shared_link_email.html to `seahub-data/custom/templates/shared_link_email.html` and modify the new one. In this way, the customization will be maintained after upgrade. + +### Reminder of unread notifications + +**Subject** + +```python +send_html_email(_('New notice on %s') % settings.SITE_NAME, + 'notifications/notice_email.html', c, + None, [to_user]) + +``` + +**Body** + +[seahub/seahub/notifications/templates/notifications/notice_email.html](https://github.com/haiwen/seahub/blob/master/seahub/notifications/templates/notifications/notice_email.html) diff --git a/manual/contribution.md b/manual/contribution.md new file mode 100644 index 00000000..84fabed6 --- /dev/null +++ b/manual/contribution.md @@ -0,0 +1,26 @@ +# Contribution + +## Licensing + +The different components of Seafile project are released under different licenses: + +* [Seafile iOS client](https://github.com/haiwen/seafile-iOS): Apache License v2 +* [Seafile Android client](https://github.com/haiwen/seadroid): GPLv3 +* Desktop syncing client: GPLv2 +* [Seafile Server core](https://github.com/haiwen/seafile-server): AGPLv3 +* Seahub (Seafile server Web UI): Apache License v2 + +## Discussion + +Forum: + +Follow us @seafile + +## Report a Bug + +* Please report a bug in our forum, this is a preferred way. +* You can also report a bug in GitHub + +## Code Style + + The source code of seafile is ISO/IEC 9899:1999 (E) (a.k.a. C99) compatible. Take a look at [code standard](develop/code_standard.md). diff --git a/manual/cover.jpg b/manual/cover.jpg new file mode 100644 index 00000000..56b791a9 Binary files /dev/null and b/manual/cover.jpg differ diff --git a/manual/cover_small.jpg b/manual/cover_small.jpg new file mode 100644 index 00000000..dfd39bd5 Binary files /dev/null and b/manual/cover_small.jpg differ diff --git a/manual/deploy/README.md b/manual/deploy/README.md new file mode 100644 index 00000000..603cc545 --- /dev/null +++ b/manual/deploy/README.md @@ -0,0 +1,55 @@ +# Deploying Seafile under Linux + +Here we describe how to deploy Seafile from prebuild binary packages. + +## Deploy Seafile in Home/Personal Environment + +* [Deploying Seafile with SQLite](using_sqlite.md) + +## Deploy Seafile in Production/Enterprise Environment + +In production environment we recommend using MySQL as the database and config Seafile web behing Nginx or Apache. For those who are not familiar with Nginx and Apache. We recommend Nginx, since it is easier to config than Apache. + +We provide three ways to deploy Seafile services: + +* Using [Docker](deploy_with_docker.md) +* Using [installation script](https://github.com/haiwen/seafile-server-installer) +* Manually installing Seafile and setting up database, memcached and Nginx/Apache. See the following section. + +### Install Seafile manually + +* [Deploying Seafile with MySQL](using_mysql.md) +* [Config Seahub with Nginx](deploy_with_nginx.md) +* [Enabling Https with Nginx](https_with_nginx.md) +* [Config Seahub with Apache](deploy_with_apache.md) +* [Enabling Https with Apache](https_with_apache.md) +* [Add Memcached](add_memcached.md), adding memcached is very important if you have more than 50 users. +* [Start Seafile at System Bootup](start_seafile_at_system_bootup.md) +* [Firewall settings](using_firewall.md) +* [Logrotate](using_logrotate.md) + +### LDAP and AD integration + +[LDAP/AD Integration](using_ldap.md) + +### Single Sign On + +Seafile supports a few Single Sign On authentication protocols. See [Single Sign On](single_sign_on.md) for a summary. + +### Other Deployment Issues + +* [Deploy Seafile behind NAT](deploy_seafile_behind_nat.md) +* [Deploy Seahub at Non-root domain](deploy_seahub_at_non-root_domain.md) +* [Migrate From SQLite to MySQL](migrate_from_sqlite_to_mysql.md) + +Check [configuration options](../config/README.md) for server config options like enabling user registration. + +### Trouble shooting + +1. Read [Seafile Server Components Overview](../overview/components.md) to understand how Seafile server works. This will save you a lot of time. +2. [Common Problems for Setting up Server](common_problems_for_setting_up_server.md) +3. Go to our [forum](https://forum.seafile.com/) for help. + +### Upgrade Seafile Server + +* [Upgrade Seafile server](upgrade.md) diff --git a/manual/deploy/add_memcached.md b/manual/deploy/add_memcached.md new file mode 100644 index 00000000..9f42674a --- /dev/null +++ b/manual/deploy/add_memcached.md @@ -0,0 +1,85 @@ +# Add memcached + +Seahub caches items (avatars, profiles, etc) on the file system in /tmp/seahub_cache/ by default. You can use memcached instead to improve the performance. + +First, make sure `libmemcached` library and development headers are installed on your system. + +**For Seafile 7.0.x** + +``` +# on Debian/Ubuntu 16.04 +apt-get install memcached libmemcached-dev -y + +systemctl enable --now memcached + +``` + +``` +# on CentOS 7 +yum install memcached libffi-devel -y + +systemctl enable --now memcached + +``` + +**For Seafile 7.1.x** + +``` +# on Debian/Ubuntu 18.04 +apt-get install memcached libmemcached-dev -y +pip3 install --timeout=3600 pylibmc django-pylibmc + +systemctl enable --now memcached + +``` + +``` +# on CentOS 8 +yum install memcached libmemcached -y +pip3 install --timeout=3600 pylibmc django-pylibmc + +systemctl enable --now memcached + +``` + +Add the following configuration to `seahub_settings.py`. + +``` +CACHES = { + 'default': { + 'BACKEND': 'django_pylibmc.memcached.PyLibMCCache', + 'LOCATION': '127.0.0.1:11211', + }, +} + +``` + +If you use a memcached cluster, your configuration depends on your Seafile server version. You can find how to setup memcached cluster [here](../deploy_pro/memcached_mariadb_cluster.md). + +## Seafile server before 6.2.11 + +Please replace the `CACHES` variable with the following. This configuration uses consistent hashing to distribute the keys in memcached. More information can be found on [pylibmc documentation](http://sendapatch.se/projects/pylibmc/behaviors.html) and [django-pylibmc documentation](https://github.com/django-pylibmc/django-pylibmc). Supposed your memcached server addresses are 192.168.1.13\[4-6]. + +``` +CACHES = { + 'default': { + 'BACKEND': 'django_pylibmc.memcached.PyLibMCCache', + 'LOCATION': ['192.168.1.134:11211', '192.168.1.135:11211', '192.168.1.136:11211',], + 'OPTIONS': { + 'ketama': True, + 'remove_failed': 1, + 'retry_timeout': 3600, + 'dead_timeout': 3600 + } + }, + 'locmem': { + 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', + }, +} +COMPRESS_CACHE_BACKEND = 'locmem' + +``` + +## Seafile Server 6.2.11 or newer + +The configuration is the same as single node memcached server. Just replace the IP address with the floating IP. diff --git a/manual/deploy/ce_ccnet_db.sql b/manual/deploy/ce_ccnet_db.sql new file mode 100644 index 00000000..88dfea13 --- /dev/null +++ b/manual/deploy/ce_ccnet_db.sql @@ -0,0 +1,191 @@ +-- MySQL dump 10.13 Distrib 5.5.53, for debian-linux-gnu (x86_64) +-- +-- Host: localhost Database: ccnet_db +-- ------------------------------------------------------ +-- Server version 5.5.53-0ubuntu0.14.04.1 + +/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; +/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; +/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; +/*!40101 SET NAMES utf8 */; +/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; +/*!40103 SET TIME_ZONE='+00:00' */; +/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; +/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; +/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; +/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; + +-- +-- Table structure for table `Binding` +-- + +DROP TABLE IF EXISTS `Binding`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `Binding` ( + `email` varchar(255) DEFAULT NULL, + `peer_id` char(41) DEFAULT NULL, + UNIQUE KEY `peer_id` (`peer_id`), + KEY `email` (`email`(20)) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `EmailUser` +-- + +DROP TABLE IF EXISTS `EmailUser`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `EmailUser` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `email` varchar(255) DEFAULT NULL, + `passwd` varchar(256) DEFAULT NULL, + `is_staff` tinyint(1) NOT NULL, + `is_active` tinyint(1) NOT NULL, + `ctime` bigint(20) DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `email` (`email`) +) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `Group` +-- + +DROP TABLE IF EXISTS `Group`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `Group` ( + `group_id` int(11) NOT NULL AUTO_INCREMENT, + `group_name` varchar(255) DEFAULT NULL, + `creator_name` varchar(255) DEFAULT NULL, + `timestamp` bigint(20) DEFAULT NULL, + `type` varchar(32) DEFAULT NULL, + PRIMARY KEY (`group_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `GroupDNPair` +-- + +DROP TABLE IF EXISTS `GroupDNPair`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `GroupDNPair` ( + `group_id` int(11) DEFAULT NULL, + `dn` varchar(255) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `GroupUser` +-- + +DROP TABLE IF EXISTS `GroupUser`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `GroupUser` ( + `group_id` int(11) NOT NULL DEFAULT '0', + `user_name` varchar(255) NOT NULL DEFAULT '', + `is_staff` tinyint(4) DEFAULT NULL, + PRIMARY KEY (`group_id`,`user_name`), + KEY `user_name` (`user_name`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `LDAPUsers` +-- + +DROP TABLE IF EXISTS `LDAPUsers`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `LDAPUsers` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `email` varchar(255) NOT NULL, + `password` varchar(255) NOT NULL, + `is_staff` tinyint(1) NOT NULL, + `is_active` tinyint(1) NOT NULL, + `extra_attrs` text, + PRIMARY KEY (`id`), + UNIQUE KEY `email` (`email`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `OrgGroup` +-- + +DROP TABLE IF EXISTS `OrgGroup`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `OrgGroup` ( + `org_id` int(11) NOT NULL DEFAULT '0', + `group_id` int(11) NOT NULL DEFAULT '0', + PRIMARY KEY (`org_id`,`group_id`), + KEY `group_id` (`group_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `OrgUser` +-- + +DROP TABLE IF EXISTS `OrgUser`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `OrgUser` ( + `org_id` int(11) NOT NULL DEFAULT '0', + `email` varchar(255) NOT NULL DEFAULT '', + `is_staff` tinyint(1) NOT NULL, + PRIMARY KEY (`org_id`,`email`), + KEY `email` (`email`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `Organization` +-- + +DROP TABLE IF EXISTS `Organization`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `Organization` ( + `org_id` int(11) NOT NULL AUTO_INCREMENT, + `org_name` varchar(255) DEFAULT NULL, + `url_prefix` varchar(255) DEFAULT NULL, + `creator` varchar(255) DEFAULT NULL, + `ctime` bigint(20) DEFAULT NULL, + PRIMARY KEY (`org_id`), + UNIQUE KEY `url_prefix` (`url_prefix`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `UserRole` +-- + +DROP TABLE IF EXISTS `UserRole`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `UserRole` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `email` varchar(255) DEFAULT NULL, + `role` varchar(255) DEFAULT NULL, + PRIMARY KEY (`id`), + UNIQUE KEY `email` (`email`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; +/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; + +/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; +/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; +/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; +/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; +/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; +/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; +/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; + +-- Dump completed on 2016-11-21 21:34:06 diff --git a/manual/deploy/ce_seafile_db.sql b/manual/deploy/ce_seafile_db.sql new file mode 100644 index 00000000..b10d6c7e --- /dev/null +++ b/manual/deploy/ce_seafile_db.sql @@ -0,0 +1,362 @@ +-- MySQL dump 10.13 Distrib 5.5.53, for debian-linux-gnu (x86_64) +-- +-- Host: localhost Database: seafile_db +-- ------------------------------------------------------ +-- Server version 5.5.53-0ubuntu0.14.04.1 + +/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */; +/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */; +/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */; +/*!40101 SET NAMES utf8 */; +/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */; +/*!40103 SET TIME_ZONE='+00:00' */; +/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */; +/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */; +/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */; +/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */; + +-- +-- Table structure for table `Branch` +-- + +DROP TABLE IF EXISTS `Branch`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `Branch` ( + `name` varchar(10) NOT NULL DEFAULT '', + `repo_id` char(41) NOT NULL DEFAULT '', + `commit_id` char(41) DEFAULT NULL, + PRIMARY KEY (`repo_id`,`name`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `GarbageRepos` +-- + +DROP TABLE IF EXISTS `GarbageRepos`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `GarbageRepos` ( + `repo_id` char(36) NOT NULL, + PRIMARY KEY (`repo_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `InnerPubRepo` +-- + +DROP TABLE IF EXISTS `InnerPubRepo`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `InnerPubRepo` ( + `repo_id` char(37) NOT NULL, + `permission` char(15) DEFAULT NULL, + PRIMARY KEY (`repo_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `OrgQuota` +-- + +DROP TABLE IF EXISTS `OrgQuota`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `OrgQuota` ( + `org_id` int(11) NOT NULL, + `quota` bigint(20) DEFAULT NULL, + PRIMARY KEY (`org_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `OrgUserQuota` +-- + +DROP TABLE IF EXISTS `OrgUserQuota`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `OrgUserQuota` ( + `org_id` int(11) NOT NULL DEFAULT '0', + `user` varchar(255) NOT NULL DEFAULT '', + `quota` bigint(20) DEFAULT NULL, + PRIMARY KEY (`org_id`,`user`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `Repo` +-- + +DROP TABLE IF EXISTS `Repo`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `Repo` ( + `repo_id` char(37) NOT NULL, + PRIMARY KEY (`repo_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `RepoFileCount` +-- + +DROP TABLE IF EXISTS `RepoFileCount`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `RepoFileCount` ( + `repo_id` char(36) NOT NULL, + `file_count` bigint(20) unsigned DEFAULT NULL, + PRIMARY KEY (`repo_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `RepoGroup` +-- + +DROP TABLE IF EXISTS `RepoGroup`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `RepoGroup` ( + `repo_id` char(37) DEFAULT NULL, + `group_id` int(11) DEFAULT NULL, + `user_name` varchar(255) DEFAULT NULL, + `permission` char(15) DEFAULT NULL, + UNIQUE KEY `group_id` (`group_id`,`repo_id`), + KEY `repo_id` (`repo_id`), + KEY `user_name` (`user_name`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `RepoHead` +-- + +DROP TABLE IF EXISTS `RepoHead`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `RepoHead` ( + `repo_id` char(37) NOT NULL, + `branch_name` varchar(10) DEFAULT NULL, + PRIMARY KEY (`repo_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `RepoHistoryLimit` +-- + +DROP TABLE IF EXISTS `RepoHistoryLimit`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `RepoHistoryLimit` ( + `repo_id` char(37) NOT NULL, + `days` int(11) DEFAULT NULL, + PRIMARY KEY (`repo_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `RepoOwner` +-- + +DROP TABLE IF EXISTS `RepoOwner`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `RepoOwner` ( + `repo_id` char(37) NOT NULL, + `owner_id` varchar(255) DEFAULT NULL, + PRIMARY KEY (`repo_id`), + KEY `owner_id` (`owner_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `RepoSize` +-- + +DROP TABLE IF EXISTS `RepoSize`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `RepoSize` ( + `repo_id` char(37) NOT NULL, + `size` bigint(20) unsigned DEFAULT NULL, + `head_id` char(41) DEFAULT NULL, + PRIMARY KEY (`repo_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `RepoTokenPeerInfo` +-- + +DROP TABLE IF EXISTS `RepoTokenPeerInfo`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `RepoTokenPeerInfo` ( + `token` char(41) NOT NULL, + `peer_id` char(41) DEFAULT NULL, + `peer_ip` varchar(41) DEFAULT NULL, + `peer_name` varchar(255) DEFAULT NULL, + `sync_time` bigint(20) DEFAULT NULL, + `client_ver` varchar(20) DEFAULT NULL, + PRIMARY KEY (`token`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `RepoTrash` +-- + +DROP TABLE IF EXISTS `RepoTrash`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `RepoTrash` ( + `repo_id` char(36) NOT NULL, + `repo_name` varchar(255) DEFAULT NULL, + `head_id` char(40) DEFAULT NULL, + `owner_id` varchar(255) DEFAULT NULL, + `size` bigint(20) DEFAULT NULL, + `org_id` int(11) DEFAULT NULL, + `del_time` bigint(20) DEFAULT NULL, + PRIMARY KEY (`repo_id`), + KEY `owner_id` (`owner_id`), + KEY `org_id` (`org_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `RepoUserToken` +-- + +DROP TABLE IF EXISTS `RepoUserToken`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `RepoUserToken` ( + `repo_id` char(37) DEFAULT NULL, + `email` varchar(255) DEFAULT NULL, + `token` char(41) DEFAULT NULL, + UNIQUE KEY `repo_id` (`repo_id`,`token`), + KEY `email` (`email`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `RepoValidSince` +-- + +DROP TABLE IF EXISTS `RepoValidSince`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `RepoValidSince` ( + `repo_id` char(37) NOT NULL, + `timestamp` bigint(20) DEFAULT NULL, + PRIMARY KEY (`repo_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `SharedRepo` +-- + +DROP TABLE IF EXISTS `SharedRepo`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `SharedRepo` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `repo_id` char(37) DEFAULT NULL, + `from_email` varchar(255) DEFAULT NULL, + `to_email` varchar(255) DEFAULT NULL, + `permission` char(15) DEFAULT NULL, + PRIMARY KEY (`id`), + KEY `repo_id` (`repo_id`), + KEY `from_email` (`from_email`), + KEY `to_email` (`to_email`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `SystemInfo` +-- + +DROP TABLE IF EXISTS `SystemInfo`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `SystemInfo` ( + `info_key` varchar(256) DEFAULT NULL, + `info_value` varchar(1024) DEFAULT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `UserQuota` +-- + +DROP TABLE IF EXISTS `UserQuota`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `UserQuota` ( + `user` varchar(255) NOT NULL, + `quota` bigint(20) DEFAULT NULL, + PRIMARY KEY (`user`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `UserShareQuota` +-- + +DROP TABLE IF EXISTS `UserShareQuota`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `UserShareQuota` ( + `user` varchar(255) NOT NULL, + `quota` bigint(20) DEFAULT NULL, + PRIMARY KEY (`user`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `VirtualRepo` +-- + +DROP TABLE IF EXISTS `VirtualRepo`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `VirtualRepo` ( + `repo_id` char(36) NOT NULL, + `origin_repo` char(36) DEFAULT NULL, + `path` text, + `base_commit` char(40) DEFAULT NULL, + PRIMARY KEY (`repo_id`), + KEY `origin_repo` (`origin_repo`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; + +-- +-- Table structure for table `WebAP` +-- + +DROP TABLE IF EXISTS `WebAP`; +/*!40101 SET @saved_cs_client = @@character_set_client */; +/*!40101 SET character_set_client = utf8 */; +CREATE TABLE `WebAP` ( + `repo_id` char(37) NOT NULL, + `access_property` char(10) DEFAULT NULL, + PRIMARY KEY (`repo_id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; +/*!40101 SET character_set_client = @saved_cs_client */; +/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */; + +/*!40101 SET SQL_MODE=@OLD_SQL_MODE */; +/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */; +/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */; +/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; +/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; +/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; +/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; + +-- Dump completed on 2016-11-21 21:33:50 diff --git a/manual/deploy/common_problems_for_setting_up_server.md b/manual/deploy/common_problems_for_setting_up_server.md new file mode 100644 index 00000000..352da749 --- /dev/null +++ b/manual/deploy/common_problems_for_setting_up_server.md @@ -0,0 +1,43 @@ +# Common Problems for Setting up Server + +#### "Error when calling the metaclass bases" during Seafile initialization + +Seafile uses Django 1.5, which requires Python 2.6.5+. Make sure your Python version is 2.7. + +#### Seahub.sh can't start, the error message contains: "Could not import settings 'seahub.settings', libpython2.7.so.1.0: can not open shared object file" + +You probably encounter this problem in Ubuntu 14.04. Seafile pro edition requires libpython2.7. Install it by: + +``` +sudo apt-get install libpython2.7 +``` + +#### Failed to upload/download file online + +* Check your SERVICE_URL setting in ccnet.conf and FILE_SERVER_ROOT setting in seahub_settings.py +* Make sure you firewall for seafile fileserver is opened. +* Using chrome/firefox debug mode to find which link is given when click download button and what's wrong with this link + + +#### Error on Apache log: "File does not exist: /var/www/seahub.fcgi" + +Make sure you use "FastCGIExternalServer /var/www/seahub.fcgi -host 127.0.0.1:8000" in httpd.conf or apache2.conf, especially the "/var/www/seahub.fcgi" part. + +#### Error on Apache log: "FastCGI: comm with server "/var/www/seahub.fcgi" aborted: idle timeout (30 sec)" + +When accessing file history in huge libraries you get HTTP 500 Error. + +Solution: + +Change in in httpd.conf or apache2.conf from "FastCGIExternalServer /var/www/seahub.fcgi -host 127.0.0.1:8000" +to "FastCGIExternalServer /var/www/seahub.fcgi -host 127.0.0.1:8000 -idle-timeout 60" + +#### Seafile with Apache / HTTPS has text only (no CSS formatting / images) + +The media folder (Alias location identified in /etc/apache2/sites-enabled/000-default (Ubuntu) has inappropriate permissions + +Solutions: + +1. Run installation script as non-root user +2. Copy /media folder to var/www/ and edit the Alias location in /etc/apache2/sites-enabled/000-default + diff --git a/manual/deploy/deploy_http_sync.md b/manual/deploy/deploy_http_sync.md new file mode 100644 index 00000000..513f71cb --- /dev/null +++ b/manual/deploy/deploy_http_sync.md @@ -0,0 +1,84 @@ +# Configure Syncing via HTTP Protocol + +Starting from version 4.0.0, Seafile supports file syncing via HTTP protocol. The server configuration depends on which version of Seafile client do you use. + +Client version >= 4.2 use http syncing protocol exclusively, the cases are + +* If you're not using https, you don't have to configure Nginx or Apache to use http sync. The client can talk directly with the file server on port 8082. +* If you're using https, you have to configure Nginx or Apahce. + +If you'are using clients version < 4.2, + +* If you want to use http(s) sync, you have to configure Nginx or Apache. +* If you don't configure Nginx or Apache, the client falls back to use non-http syncing protocol (using port 10001 and 12001). + +Servers >= 4.0 are compatible with all syncing protocols, any version of client should work with the server. + +## Nginx + +Follow [this guide](deploy_with_nginx.md) to configure Nginx without HTTPS, or [this guide](https_with_nginx.md) to configure Nginx with HTTPS. + +The section in Nginx config file related to HTTP sync is + +``` + location /seafhttp { + rewrite ^/seafhttp(.*)$ $1 break; + proxy_pass http://127.0.0.1:8082; + client_max_body_size 0; + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + } +``` + +there are two things to note: + +* You must use the path "/seafhttp" for http syncing. This is hard coded in the client. +* You should add the "client_max_body_size" configuration. The value should be set to 0 (means no limit) or 100M (suffice for most cases). + +## Apache + +Follow [this guide](deploy_with_apache.md) to configure Apache without HTTPS, or [this guide](https_with_apache.md) to configure Nginx with HTTPS. + +The section in Apache config file related to HTTP sync is + +``` + # + # seafile fileserver + # + ProxyPass /seafhttp http://127.0.0.1:8082 + ProxyPassReverse /seafhttp http://127.0.0.1:8082 + RewriteRule ^/seafhttp - [QSA,L] +``` + +Note that you must use the path "/seafhttp" for http syncing. This is hard coded in the client. + +## Client Side Configuration for HTTPS + +If you buy a valid SSL certificate, the syncing should work out of the box. If you use self-signed certificate, when you first add an account on the client, it'll pop up a window for you to confirm the server's certificate. If you choose to accept the certificate, the client will use that for https connection. + +The client loads trusted CA list from the system trusted CA store on start. It then combines those CA list with the user accepted certificates. The combined list is then used for certificate verification. + +If you follow certificate generation instruction in [this guide](https_with_nginx.md) to generate your self-signed certificate, the syncing should work after confirmation. + +There may be cases when you can't establish https connection to the server. You can try two work-arounds: + +1. Add your self-signed certificate to system trusted CA store. +2. Open the client "settings" window, in "advanced" tab, check "Do not verifiy server certificate in HTTPS sync". + +## FAQ and Trouble Shooting + +### My Client Doesn't Sync after Upgrading to 4.2.x + +Older clients fall back to non-http sync protocol if http sync fails. So you may get the false sense that the old client works with http sync. But actually it doesn't. Client 4.2 use http sync exclusively, so it doesn't sync any more. You have to correctly configure the server for http sync. + +### Choosing Ciphers on Nginx/Apache + +You should choose strong ciphers on the server side. The following Nginx cipher list is tested to be working fine: + +``` +ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; +``` + +You may fine tune the list to meet your needs. + + diff --git a/manual/deploy/deploy_seafile_behind_nat.md b/manual/deploy/deploy_seafile_behind_nat.md new file mode 100644 index 00000000..4ff5eacd --- /dev/null +++ b/manual/deploy/deploy_seafile_behind_nat.md @@ -0,0 +1,110 @@ +# Deploy Seafile behind NAT + +A lot of people want to deploy a seafile server in their LAN, and access it from the WAN. + +To achieve this, you need: + +- A router which supports port forwarding +- Use a dynamic DNS Service +- Modify your seafile server configuration + +### Table of Contents + +- [Setup the server](#setup-the-server) +- [Setup port forwarding in your router](#setup-port-forwarding-in-your-router) +- [Use a dynamic dns serivce](#use-a-dynamic-dns-serivce) +- [Modify your seafile configuration](#modify-your-seafile-configuration) + + +## Setup the server + +First, you should follow the guide on [Download and Setup Seafile Server](using_sqlite.md) to setup your Seafile server. + +Before you continue, make sure: + +- You can visit your seahub website +- You can download/sync a library through your seafile client + +## Setup Port Forwarding in Your Router + +### Ensure Your Router Supports Port Forwarding + +First, ensure your router supports port forwarding. + +- Login to the web adminstration page of your router. If you don't know how to do this, you should find the instructions on the manual of the router. If you have no maunal, just google **"XXX router administration page"** where `XXX` is your router's brand. + +- Navigate around in the adminstration page, and check if there is a tag which contains a word such as "forward", "advanced". If your router supports it, chances are that you can find the port forwarding related settings there. + +### Setup Port Forwarding Rules + +Seafile server is composed of several components. If you deployed Seafile behind Apache/Nginx you need to configure port forward for all the components listed below. + +component | default port | protocol +-------------------|--------------|---------- +webserver (http) | 80 | TCP +webserver (https) | 433 | TCP + +If you do not deployed Seafile behind Apache/Nginx you need to configure port forward for all the components listed below. (**not recomended!**) + +component | default port | protocol +-----------|--------------|--------- +fileserver | 8082 | TCP +seahub | 8000 | TCP + +* If you're not using the default ports, you should adjust the table accroding to your own customiztion. + +### How to test if your port forwarding is working + +After you have set the port forwarding rules on your router, you can check whether it works by: + +- Open a command line prompt +- Get your WAN IP. A convenient way to get your WAN ip is to visit `http://who.is`, which would show you your WAN IP. +- Try to connect your seahub server + +```bash +telnet 8000 +``` + +If your port forwarding is working, the command above should succeed. Otherwise, you may get a message saying something like *connection refused* or *connection timeout*. + +If your port forwarding is not working, the reasons may be: + +- You have configured a wrong port forwarding +- Your router may need a restart +- You network may be down + +### Set SERVICE_URL + +"SERVICE_URL" in `ccnet.conf` is used to generate the download/upload link for files when you browse files online. Set it using your WAN IP. + +```python +SERVICE_URL = http://:8000 +``` + +Most routers support NAT loopback. When your access Seafile web from intranet, file download/upload still works even when external IP is used. + +## Use a Dynamic DNS Serivce + +### Why use a Dynamic DNS(DDNS) Service? + +Having done all the steps above, you should be able to visit your seahub server outside your LAN by your WAN IP. But for most people, the WAN IP address is likey to change regularly by their ISP(Internet Serice Provider), which makes this approach impratical. + +You can use a dynamic DNS(DDNS) Service to overcome this problem. By using a dynamic DNS service, you can visit your seahub by domain name (instead of by IP), and the domain name will always be mapped to your WAN IP address, even if it changes regularly. + +There are a dozen of dynmaic DNS service providers on the internet. If you don't know what service to choose We recommend using [www.noip.com](http://www.noip.com) since it performs well in our testing. + +The detailed process is beyond the scope of this wiki. But basically, you should: + +1. Choose a DDNS service provider +2. Register an account on the DDNS service provider's website +3. Download a client from your DDNS service provider to keep your domain name always mapped to your WAN IP + +## Modify your seafile configuration + +After you have setup your DDNS service, you need to modify the `ccnet.conf`: + +```python +SERVICE_URL = http://:8000 +``` + +Restart your seafile server after this. diff --git a/manual/deploy/deploy_seahub_at_non-root_domain.md b/manual/deploy/deploy_seahub_at_non-root_domain.md new file mode 100644 index 00000000..b3e9ca7f --- /dev/null +++ b/manual/deploy/deploy_seahub_at_non-root_domain.md @@ -0,0 +1,155 @@ +# Deploy Seahub at Non-root domain + +This documentation will talk about how to deploy Seafile Web using Apache/Nginx at Non-root directory of the website(e.g., www.example.com/seafile/). Please note that the file server path will still be e.g. www.example.com/seafhttp (rather than www.example.com/seafile/seafhttp) because this path is hardcoded in the clients. + +**Note:** We assume you have read [Deploy Seafile with nginx](deploy_with_nginx.md) or [Deploy Seafile with apache](deploy_with_apache.md). + +## Configure Seahub + +First, we need to overwrite some variables in seahub_settings.py: + +``` +SERVE_STATIC = False +MEDIA_URL = '/seafmedia/' +COMPRESS_URL = MEDIA_URL +STATIC_URL = MEDIA_URL + 'assets/' +SITE_ROOT = '/seafile/' +LOGIN_URL = '/seafile/accounts/login/' # NOTE: since version 5.0.4 + +``` + +The webserver will serve static files (js, css, etc), so we just disable `SERVE_STATIC`. + +`MEDIA_URL` can be anything you like, just make sure a trailing slash is appended at the end. + +We deploy Seafile at `/seafile/` directory instead of root directory, so we set `SITE_ROOT` to `/seafile/`. + +## Modify ccnet.conf and seahub_setting.py + +### Modify ccnet.conf + +You need to modify the value of `SERVICE_URL` in [ccnet.conf](../config/ccnet-conf.md) +to let Seafile know the domain you choose. + +``` +SERVICE_URL = http://www.myseafile.com/seafile + +``` + +Note: If you later change the domain assigned to seahub, you also need to change the value of `SERVICE_URL`. + +### Modify seahub_settings.py + +You need to add a line in `seahub_settings.py` to set the value of `FILE_SERVER_ROOT` + +```python +FILE_SERVER_ROOT = 'http://www.myseafile.com/seafhttp' + +``` + +**Note:** The file server path MUST be `/seafhttp` because this path is hardcoded in the clients. + +## Webserver configuration + +### Deploy with Nginx + +Then, we need to configure the Nginx: + +``` +server { + listen 80; + server_name www.example.com; + + proxy_set_header X-Forwarded-For $remote_addr; + + location /seafile { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 1200s; + + # used for view/edit office file via Office Online Server + client_max_body_size 0; + + access_log /var/log/nginx/seahub.access.log; + error_log /var/log/nginx/seahub.error.log; + } + + location /seafhttp { + rewrite ^/seafhttp(.*)$ $1 break; + proxy_pass http://127.0.0.1:8082; + client_max_body_size 0; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + } + + location /seafmedia { + rewrite ^/seafmedia(.*)$ /media$1 break; + root /home/user/haiwen/seafile-server-latest/seahub; + } +} + +``` + +## Deploy with Apache + +Here is the sample configuration: + +``` + + ServerName www.example.com + DocumentRoot /var/www + Alias /seafmedia /home/user/haiwen/seafile-server-latest/seahub/media + + + ProxyPass ! + Require all granted + + + RewriteEngine On + + # + # seafile fileserver + # + ProxyPass /seafhttp http://127.0.0.1:8082 + ProxyPassReverse /seafhttp http://127.0.0.1:8082 + RewriteRule ^/seafhttp - [QSA,L] + + # + # seahub + # + SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + ProxyPreserveHost On + ProxyPass /seafile http://127.0.0.1:8000/seafile + ProxyPassReverse /seafile http://127.0.0.1:8000/seafile + + +``` + +We use Alias to let Apache serve static files, please change the second argument to your path. + +## Clear the cache + +By default, Seahub caches some data like the link to the avatar icon in `/tmp/seahub_cache/` (unless memcache is used). We suggest to clear the cache after seafile has been stopped: + +``` +rm -rf /tmp/seahub_cache/ + +``` + +For memcache users, please purge the cache there instead by restarting your memcached server. + +## Start Seafile and Seahub + +``` +./seafile.sh start +./seahub.sh start + +``` + + diff --git a/manual/deploy/deploy_with_apache.md b/manual/deploy/deploy_with_apache.md new file mode 100644 index 00000000..7fed1e54 --- /dev/null +++ b/manual/deploy/deploy_with_apache.md @@ -0,0 +1,101 @@ +# Config Seahub with Apache + +## Important + +According to the [security advisory](https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/) published by Django team, we recommend disable [GZip compression](http://httpd.apache.org/docs/2.2/mod/mod_deflate.html) to mitigate [BREACH attack](http://breachattack.com/). + +This tutorial assumes you run at least Apache 2.4. + +## Prepare + +Install and enable apache modules + +On Ubuntu you can use: + +```bash +sudo a2enmod rewrite +sudo a2enmod proxy_http +``` + + + +## Deploy Seahub/FileServer With Apache + +Seahub is the web interface of Seafile server. FileServer is used to handle raw file uploading/downloading through browsers. By default, it listens on port 8082 for HTTP request. + +Here we deploy Seahub and FileServer with reverse proxy. We assume you are running Seahub using domain '''www.myseafile.com'''. + +Modify Apache config file: +(`sites-enabled/000-default`) for ubuntu/debian, (`vhost.conf`) for centos/fedora + +```apache + + ServerName www.myseafile.com + # Use "DocumentRoot /var/www/html" for Centos/Fedora + # Use "DocumentRoot /var/www" for Ubuntu/Debian + DocumentRoot /var/www + Alias /media /home/user/haiwen/seafile-server-latest/seahub/media + + RewriteEngine On + + + Require all granted + + + # + # seafile fileserver + # + ProxyPass /seafhttp http://127.0.0.1:8082 + ProxyPassReverse /seafhttp http://127.0.0.1:8082 + RewriteRule ^/seafhttp - [QSA,L] + + # + # seahub + # + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + ProxyPreserveHost On + ProxyPass / http://127.0.0.1:8000/ + ProxyPassReverse / http://127.0.0.1:8000/ + +``` + +## Modify ccnet.conf and seahub_setting.py + +### Modify ccnet.conf + +You need to modify the value of `SERVICE_URL` in [ccnet.conf](../config/ccnet-conf.md) +to let Seafile know the domain you choose. You can also modify SERVICE_URL via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.) + +```python +SERVICE_URL = http://www.myseafile.com +``` + +Note: If you later change the domain assigned to seahub, you also need to change the value of `SERVICE_URL`. + +### Modify seahub_settings.py + +You need to add a line in `seahub_settings.py` to set the value of `FILE_SERVER_ROOT`. You can also modify `FILE_SERVER_ROOT` via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.) + +```python +FILE_SERVER_ROOT = 'http://www.myseafile.com/seafhttp' +``` + +## Start Seafile and Seahub + +```bash +sudo service apache2 restart +./seafile.sh start +./seahub.sh start +``` + +## Troubleshooting + +### Problems with paths and files containing spaces + +If there are problems with paths or files containing spaces, make sure to have at least Apache 2.4.12. + +References + * https://github.com/haiwen/seafile/issues/1258#issuecomment-188866740 + * https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1284641 + * https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1284641/comments/5 + * https://svn.apache.org/viewvc/httpd/httpd/tags/2.4.12/CHANGES?view=markup#l45 diff --git a/manual/deploy/deploy_with_docker.md b/manual/deploy/deploy_with_docker.md new file mode 100644 index 00000000..2383a8db --- /dev/null +++ b/manual/deploy/deploy_with_docker.md @@ -0,0 +1,244 @@ +## About + +* [Docker](https://docker.com/) is an open source project to pack, ship and run any Linux application in a lighter weight, faster container than a traditional virtual machine. +* Docker makes it much easier to deploy [a Seafile server](https://github.com/haiwen/seafile) on your servers and keep it updated. +* The base image configures Seafile with the Seafile team's recommended optimal defaults. + +If you are not familiar with docker commands, please refer to [docker documentation](https://docs.docker.com/engine/reference/commandline/cli/). + +**Note**: If you want to deploy the Seafile Pro Edition with docker, refor to the [Deploying Seafile-pro with Docker](../deploy_pro/deploy_with_docker.md) + +## For seafile 7.x.x + +Starting with 7.0, we have adjusted seafile-docker image to use multiple containers. The old image runs MariaDB-Server and Memcached in the same container with Seafile server. Now, we strip the MariaDB-Server and Memcached services from the Seafile image and run them in their respective containers. + +If you plan to deploy seafile 7.0, you should refer to the [Deploy Documentation](<../docker/deploy seafile with docker.md>). + +If you plan to upgrade 6.3 to 7.0, you can refer to the [Upgrade Documentation](<../docker/6.3 upgrade to 7.0.md>). + +## For seafile 6.x.x + +### Getting started + +To run the seafile server container: + +```sh +docker run -d --name seafile \ + -e SEAFILE_SERVER_HOSTNAME=seafile.example.com \ + -v /opt/seafile-data:/shared \ + -p 80:80 \ + seafileltd/seafile:latest + +``` + +Wait for a few minutes for the first time initialization, then visit `http://seafile.example.com` to open Seafile Web UI. + +This command will mount folder `/opt/seafile-data` at the local server to the docker instance. You can find logs and other data under this folder. + +### More configuration options + +#### Custom admin username and password + +The default admin account is `me@example.com` and the password is `asecret`. You can use a different password by setting the container's environment variables: +e.g. + +```sh +docker run -d --name seafile \ + -e SEAFILE_SERVER_HOSTNAME=seafile.example.com \ + -e SEAFILE_ADMIN_EMAIL=me@example.com \ + -e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \ + -v /opt/seafile-data:/shared \ + -p 80:80 \ + seafileltd/seafile:latest + +``` + +If you forget the admin password, you can add a new admin account and then go to the sysadmin panel to reset user password. + +#### Let's encrypt SSL certificate + +If you set `SEAFILE_SERVER_LETSENCRYPT` to `true`, the container would request a letsencrypt-signed SSL certificate for you automatically. + +e.g. + +``` +docker run -d --name seafile \ + -e SEAFILE_SERVER_LETSENCRYPT=true \ + -e SEAFILE_SERVER_HOSTNAME=seafile.example.com \ + -e SEAFILE_ADMIN_EMAIL=me@example.com \ + -e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \ + -v /opt/seafile-data:/shared \ + -p 80:80 \ + -p 443:443 \ + seafileltd/seafile:latest + +``` + +If you want to use your own SSL certificate: + +* create a folder `/opt/seafile-data/ssl`, and put your certificate and private key under the ssl directory. +* Assume your site name is `seafile.example.com`, then your certificate must have the name `seafile.example.com.crt`, and the private key must have the name `seafile.example.com.key`. + +#### Modify seafile server configurations + +The config files are under `shared/seafile/conf`. You can modify the configurations according to[ Seafile manual](https://download.seafile.com/published/seafile-manual/home.md) + +After modification, you need to restart the container: + +``` +docker restart seafile + +``` + +#### Find logs + +The seafile logs are under `shared/logs/seafile` in the docker, or `/opt/seafile-data/logs/seafile` in the server that run the docker. + +The system logs are under `shared/logs/var-log`, or `/opt/seafile-data/logs/var-log` in the server that run the docker. + +#### Add a new admin + +Ensure the container is running, then enter this command: + +``` +docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh + +``` + +Enter the username and password according to the prompts. You now have a new admin account. + +### Directory structure + +#### `/shared` + +Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various logfiles and upload directory outside. This allows you to rebuild containers easily without losing important information. + +* /shared/db: This is the data directory for mysql server +* /shared/seafile: This is the directory for seafile server configuration and data. +* /shared/logs: This is the directory for logs. + * /shared/logs/var-log: This is the directory that would be mounted as `/var/log` inside the container. For example, you can find the nginx logs in `shared/logs/var-log/nginx/`. + * /shared/logs/seafile: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in `shared/logs/seafile/seafile.log`. +* /shared/ssl: This is directory for certificate, which does not exist by default. +* /shared/bootstrap.conf: This file does not exist by default. You can create it by your self, and write the configuration of files similar to the `samples` folder. + +### Upgrading seafile server + +If you plan to upgrade 6.3 to 7.0, you can refer to the [Upgrade Documentation](<../docker/6.3 upgrade to 7.0.md>). + +To upgrade to the latest version of seafile 6.3: + +```sh +docker pull seafileltd/seafile:latest +docker rm -f seafile +docker run -d --name seafile \ + -e SEAFILE_SERVER_LETSENCRYPT=true \ + -e SEAFILE_SERVER_HOSTNAME=seafile.example.com \ + -e SEAFILE_ADMIN_EMAIL=me@example.com \ + -e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \ + -v /opt/seafile-data:/shared \ + -p 80:80 \ + -p 443:443 \ + seafileltd/seafile:latest + +``` + +If you are one of the early users who use the `launcher` script, you should refer to [upgrade from old format](https://github.com/haiwen/seafile-docker/blob/master/upgrade_from_old_format.md) document. + +### Backup and recovery + +#### Struct + +We assume your seafile volumns path is in `/shared`. And you want to backup to `/backup` directory. +You can create a layout similar to the following in /backup directory: + +```struct +/backup +---- databases/ contains database backup files +---- data/ contains backups of the data directory + +``` + +The data files to be backed up: + +```struct +/shared/seafile/conf # configuration files +/shared/seafile/pro-data # data of es +/shared/seafile/seafile-data # data of seafile +/shared/seafile/seahub-data # data of seahub + +``` + +#### Backup + +Steps: + +1. Backup the databases; +2. Backup the seafile data directory; + +[Backup Order: Database First or Data Directory First](../maintain/backup_recovery.md) + +* backing up Database: + + ```bash + # It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week. + cd /backup/databases + docker exec -it seafile mysqldump -uroot --opt ccnet_db > ccnet_db.sql + docker exec -it seafile mysqldump -uroot --opt seafile_db > seafile_db.sql + docker exec -it seafile mysqldump -uroot --opt seahub_db > seahub_db.sql + + ``` + +* Backing up Seafile library data: + * To directly copy the whole data directory + + ```bash + cp -R /shared/seafile /backup/data/ + cd /backup/data && rm -rf ccnet + + ``` + + * Use rsync to do incremental backup + + ```bash + rsync -az /shared/seafile /backup/data/ + cd /backup/data && rm -rf ccnet + + ``` + +### Recovery + +* Restore the databases: + + ```bash + cp /backup/data/ccnet_db.sql /shared/ccnet_db.sql + cp /backup/data/seafile_db.sql /shared/seafile_db.sql + cp /backup/data/seahub_db.sql /shared/seahub_db.sql + docker exec -it seafile /bin/sh -c "mysql -uroot ccnet_db < /shared/ccnet_db.sql" + docker exec -it seafile /bin/sh -c "mysql -uroot seafile_db < /shared/seafile_db.sql" + docker exec -it seafile /bin/sh -c "mysql -uroot seahub_db < /shared/seahub_db.sql" + + ``` + +* Restore the seafile data: + + ```bash + cp -R /backup/data/* /shared/seafile/ + + ``` + +### Garbage collection + +When files are deleted, the blocks comprising those files are not immediately removed as there may be other files that reference those blocks (due to the magic of deduplication). To remove them, Seafile requires a '[garbage collection](../maintain/seafile_gc.md)' process to be run, which detects which blocks no longer used and purges them. (NOTE: for technical reasons, the GC process does not guarantee that _every single_ orphan block will be deleted.) + +The required scripts can be found in the `/scripts` folder of the docker container. To perform garbage collection, simply run `docker exec seafile /scripts/gc.sh`. For the community edition, this process will stop the seafile server, but it is a relatively quick process and the seafile server will start automatically once the process has finished. The Professional supports an online garbage collection. + +### Troubleshooting + +You can run docker commands like "docker exec" to find errors. + +```sh +docker exec -it seafile bash + +``` + + diff --git a/manual/deploy/deploy_with_nginx.md b/manual/deploy/deploy_with_nginx.md new file mode 100644 index 00000000..0bcc94ca --- /dev/null +++ b/manual/deploy/deploy_with_nginx.md @@ -0,0 +1,127 @@ +# Config Seahub with Nginx + +## Deploy Seahub/FileServer with Nginx + +Seahub is the web interface of Seafile server. FileServer is used to handle raw file uploading/downloading through browsers. By default, it listens on port 8082 for HTTP requests. + +Here we deploy Seahub and FileServer with reverse proxy. We assume you are running Seahub using domain `seafile.example.com`. + +This is a sample Nginx config file. + +In Ubuntu 16.04, you can add the config file as follows: + +1. create file `/etc/nginx/sites-available/seafile.conf` +2. Delete `/etc/nginx/sites-enabled/default`: `rm /etc/nginx/sites-enabled/default` +3. Create symbolic link: `ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf` + +```nginx + +log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time'; + +server { + listen 80; + server_name seafile.example.com; + + proxy_set_header X-Forwarded-For $remote_addr; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_read_timeout 1200s; + + # used for view/edit office file via Office Online Server + client_max_body_size 0; + + access_log /var/log/nginx/seahub.access.log seafileformat; + error_log /var/log/nginx/seahub.error.log; + } + +# If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI), +# which is not recommended, you should use the following config for location `/`. +# +# location / { +# fastcgi_pass 127.0.0.1:8000; +# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +# fastcgi_param PATH_INFO $fastcgi_script_name; +# +# fastcgi_param SERVER_PROTOCOL $server_protocol; +# fastcgi_param QUERY_STRING $query_string; +# fastcgi_param REQUEST_METHOD $request_method; +# fastcgi_param CONTENT_TYPE $content_type; +# fastcgi_param CONTENT_LENGTH $content_length; +# fastcgi_param SERVER_ADDR $server_addr; +# fastcgi_param SERVER_PORT $server_port; +# fastcgi_param SERVER_NAME $server_name; +# fastcgi_param REMOTE_ADDR $remote_addr; +# fastcgi_read_timeout 36000; +# +# client_max_body_size 0; +# +# access_log /var/log/nginx/seahub.access.log; +# error_log /var/log/nginx/seahub.error.log; +# } + + location /seafhttp { + rewrite ^/seafhttp(.*)$ $1 break; + proxy_pass http://127.0.0.1:8082; + client_max_body_size 0; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + proxy_send_timeout 36000s; + + send_timeout 36000s; + + access_log /var/log/nginx/seafhttp.access.log seafileformat; + error_log /var/log/nginx/seafhttp.error.log; + } + location /media { + root /home/user/haiwen/seafile-server-latest/seahub; + } +} +``` + +Nginx settings `client_max_body_size` is by default 1M. Uploading a file bigger than this limit will give you an error message HTTP error code 413 ("Request Entity Too Large"). + +You should use 0 to disable this feature or write the same value than for the parameter `max_upload_size` in section `[fileserver]` of [seafile.conf](../config/seafile-conf.md). Client uploads are only partly effected by this limit. With a limit of 100 MiB they can safely upload files of any size. + +Tip for uploading very large files (> 4GB): By default Nginx will buffer large request bodies in temp files. After the body is completely received, Nginx will send the body to the upstream server (seaf-server in our case). But it seems when the file size is very large, the buffering mechanism dosen't work well. It may stop proxying the body in the middle. So if you want to support file uploads larger than 4GB, we suggest to install Nginx version >= 1.8.0 and add the following options to Nginx config file: + +```nginx + location /seafhttp { + ... ... + proxy_request_buffering off; + } +``` + +## Modify ccnet.conf and seahub_setting.py + +### Modify ccnet.conf + +You need to modify the value of `SERVICE_URL` in [ccnet.conf](../config/ccnet-conf.md) to let Seafile know the domain, protocol and port you choose. You can also modify `SERVICE_URL` via web UI in "System Admin->Settings". (**Warning**: If you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.) + +```python +SERVICE_URL = http://seafile.example.com +``` + +Note: If you later change the domain assigned to Seahub, you also need to change the value of `SERVICE_URL`. + +### Modify seahub_settings.py + +You need to add a line in `seahub_settings.py` to set the value of `FILE_SERVER_ROOT`. You can also modify `FILE_SERVER_ROOT` via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.) + + +```python +FILE_SERVER_ROOT = 'http://seafile.example.com/seafhttp' +``` + +## Start Seafile and Seahub + +```bash +./seafile.sh start +./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi +``` diff --git a/manual/deploy/https_with_apache.md b/manual/deploy/https_with_apache.md new file mode 100644 index 00000000..51be2aca --- /dev/null +++ b/manual/deploy/https_with_apache.md @@ -0,0 +1,108 @@ +# Enabling Https with Apache + +Here we suggest you use [Let’s Encrypt](https://letsencrypt.org/getting-started/) to get a certificate from a Certificate Authority (CA). If you use a paid ssl certificate from some authority, just skip the first step. + +### Generate SSL certificate + +For users who use Let’s Encrypt, you can obtain a valid certificate via [Certbot ACME client](https://certbot.eff.org/) + +On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages. + +```bash +sudo apt-get update +sudo apt-get install software-properties-common +sudo add-apt-repository ppa:certbot/certbot +sudo apt-get update +sudo apt-get install python-certbot-apache +``` + +Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs: + +```bash +sudo certbot --apache +``` + +Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand: + +```bash +sudo certbot --apache certonly +``` + +To learn more about how to use Certbot you can read threir [documentation](https://certbot.eff.org/docs/). + +> If you're using a custom CA to sign your SSL certificate, you have to enable certificate revocation list (CRL) in your certificate. Otherwise http syncing on Windows client may not work. See [this thread](https://forum.seafile-server.org/t/https-syncing-on-windows-machine-using-custom-ca/898) for more information. + +## Enable https on Seahub + +Assume you have configured Apache as [Deploy Seafile with +Apache](deploy_with_apache.md). To use https, you need to enable mod_ssl + +```bash + sudo a2enmod ssl +``` + +On Windows, you have to add ssl module to httpd.conf +```apache +LoadModule ssl_module modules/mod_ssl.so +``` + +Then modify your Apache configuration file. Here is a sample: + +```apache + + ServerName www.myseafile.com + DocumentRoot /var/www + + SSLEngine On + SSLCertificateFile /path/to/cacert.pem + SSLCertificateKeyFile /path/to/privkey.pem + + Alias /media /home/user/haiwen/seafile-server-latest/seahub/media + + + Require all granted + + + RewriteEngine On + + # + # seafile fileserver + # + ProxyPass /seafhttp http://127.0.0.1:8082 + ProxyPassReverse /seafhttp http://127.0.0.1:8082 + RewriteRule ^/seafhttp - [QSA,L] + + # + # seahub + # + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + ProxyPreserveHost On + ProxyPass / http://127.0.0.1:8000/ + ProxyPassReverse / http://127.0.0.1:8000/ + +``` + +## Modify settings to use https + +### ccnet conf + +Since you change from http to https, you need to modify the value of "SERVICE_URL" in [ccnet.conf](../config/ccnet-conf.md). You can also modify SERVICE_URL via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.) + +```python +SERVICE_URL = https://www.myseafile.com +``` + +### seahub_settings.py + +You need to add a line in seahub_settings.py to set the value of `FILE_SERVER_ROOT`. You can also modify `FILE_SERVER_ROOT` via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.) + +```python +FILE_SERVER_ROOT = 'https://www.myseafile.com/seafhttp' +``` + +## Start Seafile and Seahub + +```bash +./seafile.sh start +./seahub.sh start +``` diff --git a/manual/deploy/https_with_nginx.md b/manual/deploy/https_with_nginx.md new file mode 100644 index 00000000..9b1c713e --- /dev/null +++ b/manual/deploy/https_with_nginx.md @@ -0,0 +1,275 @@ +# Enabling Https with Nginx + +Here we suggest you use [Let’s Encrypt](https://letsencrypt.org/getting-started/) to get a certificate from a Certificate Authority (CA). If you use a paid ssl certificate from some authority, just skip the first step. + +### Generate SSL certificate + +For users who use Let’s Encrypt, you can obtain a valid certificate via [Certbot ACME client](https://certbot.eff.org/) + +On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages. + +```bash +sudo apt-get update +sudo apt-get install software-properties-common +sudo add-apt-repository ppa:certbot/certbot +sudo apt-get update +sudo apt-get install python-certbot-nginx +``` + +Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs: + +```bash +sudo certbot --nginx +``` + +Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand: + +```bash +sudo certbot --nginx certonly +``` + +To learn more about how to use Certbot you can read threir [documentation](https://certbot.eff.org/docs/). + +> If you're using a custom CA to sign your SSL certificate, you have to enable certificate revocation list (CRL) in your certificate. Otherwise http syncing on Windows client may not work. See [this thread](https://forum.seafile-server.org/t/https-syncing-on-windows-machine-using-custom-ca/898) for more information. + +### Enable SSL module of Nginx (optional) + +If your Nginx does not support SSL, you need to recompile it, the commands are as follows: + +```bash + ./configure --with-http_stub_status_module --with-http_ssl_module + make && make install +``` + +### Modify Nginx configuration file + +Assume you have configured nginx as [Deploy-Seafile-with-nginx](deploy_with_nginx.md). To use https, you need to modify your nginx configuration file. + +```nginx +server { + listen 80; + server_name seafile.example.com; + rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https + + # Enables or disables emitting nginx version on error pages and in the "Server" response header field. + server_tokens off; +} + +server { + listen 443; + ssl on; + ssl_certificate /etc/ssl/cacert.pem; # path to your cacert.pem + ssl_certificate_key /etc/ssl/privkey.pem; # path to your privkey.pem + server_name seafile.example.com; + server_tokens off; + # ...... + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto https; + + proxy_read_timeout 1200s; +} +``` + +### Sample configuration file + +#### Generate DH params +(this takes some time) +```bash + openssl dhparam 2048 > /etc/nginx/dhparam.pem +``` + +Here is the sample configuration file: + +```nginx + server { + listen 80; + server_name seafile.example.com; + rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https + server_tokens off; + } + server { + listen 443; + ssl on; + ssl_certificate /etc/ssl/cacert.pem; # path to your cacert.pem + ssl_certificate_key /etc/ssl/privkey.pem; # path to your privkey.pem + server_name seafile.example.com; + ssl_session_timeout 5m; + ssl_session_cache shared:SSL:5m; + + # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits + ssl_dhparam /etc/nginx/dhparam.pem; + + # secure settings (A+ at SSL Labs ssltest at time of writing) + # see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS'; + ssl_prefer_server_ciphers on; + + proxy_set_header X-Forwarded-For $remote_addr; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + server_tokens off; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto https; + + access_log /var/log/nginx/seahub.access.log; + error_log /var/log/nginx/seahub.error.log; + + proxy_read_timeout 1200s; + + client_max_body_size 0; + } +# If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI), +# which is not recommended, you should use the following config for location `/`. +# +# location / { +# fastcgi_pass 127.0.0.1:8000; +# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +# fastcgi_param PATH_INFO $fastcgi_script_name; +# +# fastcgi_param SERVER_PROTOCOL $server_protocol; +# fastcgi_param QUERY_STRING $query_string; +# fastcgi_param REQUEST_METHOD $request_method; +# fastcgi_param CONTENT_TYPE $content_type; +# fastcgi_param CONTENT_LENGTH $content_length; +# fastcgi_param SERVER_ADDR $server_addr; +# fastcgi_param SERVER_PORT $server_port; +# fastcgi_param SERVER_NAME $server_name; +# fastcgi_param REMOTE_ADDR $remote_addr; +# fastcgi_read_timeout 36000; +# +# client_max_body_size 0; +# +# access_log /var/log/nginx/seahub.access.log; +# error_log /var/log/nginx/seahub.error.log; +# } + + location /seafhttp { + rewrite ^/seafhttp(.*)$ $1 break; + proxy_pass http://127.0.0.1:8082; + client_max_body_size 0; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + proxy_send_timeout 36000s; + send_timeout 36000s; + } + location /media { + root /home/user/haiwen/seafile-server-latest/seahub; + } + } +``` + +### Large file uploads + +Tip for uploading very large files (> 4GB): By default Nginx will buffer large request body in temp file. After the body is completely received, Nginx will send the body to the upstream server (seaf-server in our case). But it seems when file size is very large, the buffering mechanism dosen't work well. It may stop proxying the body in the middle. So if you want to support file upload larger for 4GB, we suggest you install Nginx version >= 1.8.0 and add the following options to Nginx config file: + +```nginx + location /seafhttp { + ... ... + proxy_request_buffering off; + } + +``` + +If you have WebDAV enabled it is recommended to add the same: + +```nginx + location /seafdav { + ... ... + proxy_request_buffering off; + } +``` + +### Reload Nginx +```bash + nginx -s reload +``` + +## Modify settings to use https + +### ccnet conf + +Since you changed from http to https, you need to modify the value of `SERVICE_URL` in [ccnet.conf](../config/ccnet-conf.md). You can also modify `SERVICE_URL` via web UI in "System Admin->Settings". (**Warning**: If you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.) + +```bash +SERVICE_URL = https://seafile.example.com +``` + +### seahub_settings.py + +You need to add a line in seahub_settings.py to set the value of `FILE_SERVER_ROOT`. You can also modify `FILE_SERVER_ROOT` via web UI in "System Admin->Settings". (**Warning**: If you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.) + +```python +FILE_SERVER_ROOT = 'https://seafile.example.com/seafhttp' +``` + +### Change Seafile config + +Update the [configuration](../config/seafile-conf.md#seafile-fileserver-configuration +) of seafile fileserver is in the `[fileserver]` section of the file `seafile.conf` to local ip `127.0.0.1` + +``` +[fileserver] +# bind address for fileserver +# default to 0.0.0.0, if deployed without proxy: no access restriction +# set to 127.0.0.1, if used with local proxy: only access by local +host = 127.0.0.1 +``` + +## Start Seafile and Seahub + +```bash +./seafile.sh start +./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi +``` + +## Additional modern settings for nginx (optional) + +### Activate IPv6 + +Require IPv6 on server otherwise the server will not start! Also the AAAA dns record is required for IPv6 usage. + +```nginx +listen 443; +listen [::]:443; +``` + +### Activate HTTP2 + +Activate HTTP2 for more performance. Only available for SSL and nginx version>=1.9.5. Simply add `http2`. +```nginx +listen 443 http2; +listen [::]:443 http2; +``` + +## Additional security settings for nginx (optional) + +### Force https on next visit + +Add the HSTS header. If you already visited the https version the next time your browser will directly visit the https site and not the http one. Prevent man-in-the-middle-attacks: +```nginx +add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; +``` + +### Obfuscate nginx version + +Disable exact server version in header. Prevent scans for vulnerable server. +**This should be added to every server block, as it shall obfuscate the version of nginx.** +```nginx +server_tokens off; +``` + +## Test your server + +To check your configuration you can use the service from ssllabs: https://www.ssllabs.com/ssltest/index.html . diff --git a/manual/deploy/kerberos_config.md b/manual/deploy/kerberos_config.md new file mode 100644 index 00000000..8bced5dc --- /dev/null +++ b/manual/deploy/kerberos_config.md @@ -0,0 +1,68 @@ +## Kerberos + +NOTE: Since version 7.0, this documenation is deprecated. Users should use Apache as a proxy server for Kerberos authentication. Then configure Seahub by the instructions in [Remote User Authentication](remote_user.md). + +[Kerberos](https://web.mit.edu/kerberos/) is a widely used single sign on (SSO) protocol. Seafile server supports authentication via Kerberos. It allows users to log in to Seafile without entering credentials again if they have a kerberos ticket. + +In this documentation, we assume the reader is familiar with Kerberos installation and configuration. + +Seahub provides a special URL to handle Kerberos login. The URL is `https://your-server/krb5-login`. Only this URL needs to be configured under Kerberos protection. All other URLs don't go through the Kerberos module. The overall workflow for a user to login with Kerberos is as follows: + +1. In the Seafile login page, there is a separate "Kerberos" login button. When the user clicks the button, it will be redirected to `https://your-server/krb5-login`. +2. Since that URL is controlled by Kerberos, the apache module will try to get a Ticket from the Kerberos server. +3. Seahub reads the user information from the request and brings the user to its home page. +4. Further requests to Seahub will not pass through the Kerberos module. Since Seahub keeps session information internally, the user doesn't need to login again until the session expires. + +The configuration includes three steps: + +1. Get a keytab for Apache from Kerberos +2. Configure Apache +3. Configure Seahub + +## Get keytab for Apache + +Store the keytab under the name defined below and make it accessible only to the apache user (e.g. httpd or www-data and chmod 600). + +## Apache Configuration + +You should create a new location in your virtual host configuration for Kerberos. + +``` + + + ServerName seafile.example.com + DocumentRoot /var/www +... + + SSLRequireSSL + AuthType Kerberos + AuthName "Kerberos EXAMPLE.ORG" + KrbMethodNegotiate On + KrbMethodK5Passwd On + Krb5KeyTab /etc/apache2/conf.d/http.keytab + #ErrorDocument 401 'Kerberos authentication did not pass.' + Require valid-user + +... + + + +``` + +After restarting Apache, you should see in the Apache logs that user@REALM is used when accessing https://seafile.example.com/krb5-login/. + +## Configure Seahub + +Seahub extracts the username from the `REMOTE_USER` environment variable. + +Now we have to tell Seahub what to do with the authentication information passed in by Kerberos. + +Add the following option to seahub_settings.py. + +``` +ENABLE_KRB5_LOGIN = True +``` + +## Verify + +After restarting Apache and Seafile services, you can test the Kerberos login workflow. diff --git a/manual/deploy/libreoffice_online.md b/manual/deploy/libreoffice_online.md new file mode 100644 index 00000000..5e2743d9 --- /dev/null +++ b/manual/deploy/libreoffice_online.md @@ -0,0 +1,114 @@ +# Integrate Seafile with Collabora Online (LibreOffice Online) + +Since Seafile Professional edition 6.0.0, you can integrate Seafile with Collabora Online to preview office files. + +## Setup LibreOffice Online + +1. Prepare an Ubuntu 16.04 64bit server with [docker](http://www.docker.com/) installed; + +1. Assign a domain name to this server, we use *collabora-online.seafile.com* here. + +1. Obtain and install valid TLS/SSL certificates for this server, we use [Let’s Encrypt](https://letsencrypt.org/). + +1. Use Nginx to serve collabora online, config file example: + + ``` +server { + listen 443 ssl; + server_name collabora-online.seafile.com; + + ssl_certificate /etc/letsencrypt/live/collabora-online.seafile.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/collabora-online.seafile.com/privkey.pem; + + # static files + location ^~ /loleaflet { + proxy_pass https://localhost:9980; + proxy_set_header Host $http_host; + } + + # WOPI discovery URL + location ^~ /hosting/discovery { + proxy_pass https://localhost:9980; + proxy_set_header Host $http_host; + } + + # websockets, download, presentation and image upload + location ^~ /lool { + proxy_pass https://localhost:9980; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $http_host; + } +} +``` + +1. then use the following command to setup/start Collabora Online: + + ``` +docker pull collabora/code +docker run -t -p 9980:9980 -e "domain=" --restart always --cap-add MKNOD collabora/code +``` + + **NOTE:** the `domain` args is the domain name of your Seafile server, if your +Seafile server's domain name is *demo.seafile.com*, the command should be: + + ``` +docker run -t -p 9980:9980 -e "domain=demo\.seafile\.com" --restart always --cap-add MKNOD collabora/code +``` + +For more information about Collabora Online and how to deploy it, please refer to https://www.collaboraoffice.com + +## Config Seafile + +**NOTE:** You must [enable https](../deploy/https_with_nginx.md) with valid TLS/SSL certificates (we use [Let’s Encrypt](https://letsencrypt.org/)) to Seafile to use Collabora Online. + +Add following config option to seahub_settings.py: + +``` python +# From 6.1.0 CE version on, Seafile support viewing/editing **doc**, **ppt**, **xls** files via LibreOffice +# Add this setting to view/edit **doc**, **ppt**, **xls** files +OFFICE_SERVER_TYPE = 'CollaboraOffice' + +# Enable LibreOffice Online +ENABLE_OFFICE_WEB_APP = True + +# Url of LibreOffice Online's discovery page +# The discovery page tells Seafile how to interact with LibreOffice Online when view file online +# You should change `https://collabora-online.seafile.com/hosting/discovery` to your actual LibreOffice Online server address +OFFICE_WEB_APP_BASE_URL = 'https://collabora-online.seafile.com/hosting/discovery' + +# Expiration of WOPI access token +# WOPI access token is a string used by Seafile to determine the file's +# identity and permissions when use LibreOffice Online view it online +# And for security reason, this token should expire after a set time period +WOPI_ACCESS_TOKEN_EXPIRATION = 30 * 60 # seconds + +# List of file formats that you want to view through LibreOffice Online +# You can change this value according to your preferences +# And of course you should make sure your LibreOffice Online supports to preview +# the files with the specified extensions +OFFICE_WEB_APP_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx') + +# Enable edit files through LibreOffice Online +ENABLE_OFFICE_WEB_APP_EDIT = True + +# types of files should be editable through LibreOffice Online +OFFICE_WEB_APP_EDIT_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx') +``` + +Then restart Seafile. + +Click an office file in Seafile web interface, you will see the online preview rendered by LibreOffice online. Here is an example: + +![LibreOffice-online](../images/libreoffice-online.png) + +## Trouble shooting + +Understanding how theintegration work will help you debug the problem. When a user visits a file page: + +1. (seahub->browser) Seahub will generate a page containing an iframe and send it to the browser +2. (browser->LibreOffice Online) With the iframe, the browser will try to load the file preview page from the LibreOffice Online +3. (LibreOffice Online->seahub) LibreOffice Online receives the request and sends a request to Seahub to get the file content +4. (LibreOffice Online->browser) LibreOffice Online sends the file preview page to the browser. + +If you have a problem, please check the Nginx log for Seahub (for step 3) and Collabora Online to see which step is wrong. diff --git a/manual/deploy/migrate_from_sqlite_to_mysql.md b/manual/deploy/migrate_from_sqlite_to_mysql.md new file mode 100644 index 00000000..93203609 --- /dev/null +++ b/manual/deploy/migrate_from_sqlite_to_mysql.md @@ -0,0 +1,105 @@ +# Migrate From SQLite to MySQL + +**NOTE**: The tutorial is only available for Seafile CE version. + +First make sure the python module for MySQL is installed. On Ubuntu, use `sudo apt-get install python-mysqldb` to install it. + +Steps to migrate Seafile from SQLite to MySQL: + +1. Stop Seafile and Seahub. + +2. Download [sqlite2mysql.sh](https://raw.githubusercontent.com/haiwen/seafile-server/master/scripts/sqlite2mysql.sh) and [sqlite2mysql.py](https://raw.githubusercontent.com/haiwen/seafile-server/master/scripts/sqlite2mysql.py) to the top directory of your Seafile installation path. For example, `/opt/seafile`. + +3. Run `sqlite2mysql.sh`: + + ``` +chmod +x sqlite2mysql.sh +./sqlite2mysql.sh +``` +This script will produce three files: `ccnet-db.sql`, `seafile-db.sql`, `seahub-db.sql`. + +4. Create 3 databases ccnet_db, seafile_db, seahub_db and seafile user. + + ``` +mysql> create database ccnet_db character set = 'utf8'; +mysql> create database seafile_db character set = 'utf8'; +mysql> create database seahub_db character set = 'utf8'; +``` + +5. Import ccnet data to MySql. + + ``` +mysql> use ccnet_db; +mysql> source ccnet-db.sql; +``` + +6. Import seafile data to MySql. + + ``` +mysql> use seafile_db; +mysql> source seafile-db.sql; +``` + +7. Import seahub data to MySql. + + ``` +mysql> use seahub_db; +mysql> source seahub-db.sql; +``` + +8. Modify configure files. + +Append following lines to [ccnet.conf](../config/ccnet-conf.md): + + ``` +[Database] +ENGINE=mysql +HOST=127.0.0.1 +USER=root +PASSWD=root +DB=ccnet_db +CONNECTION_CHARSET=utf8 +``` +Note: Use `127.0.0.1`, don't use `localhost`. + +Replace the database section in `seafile.conf` with following lines: + + ``` +[database] +type=mysql +host=127.0.0.1 +user=root +password=root +db_name=seafile_db +connection_charset=utf8 +``` + +Append following lines to `seahub_settings.py`: + + ``` +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.mysql', + 'USER' : 'root', + 'PASSWORD' : 'root', + 'NAME' : 'seahub_db', + 'HOST' : '127.0.0.1', + # This is only needed for MySQL older than 5.5.5. + # For MySQL newer than 5.5.5 INNODB is the default already. + 'OPTIONS': { + "init_command": "SET storage_engine=INNODB", + } + } +} +``` + +9. Restart seafile and seahub + +**NOTE** + +User notifications will be cleared during migration due to the slight difference between MySQL and SQLite, if you only see the busy icon when click the notitfications button beside your avatar, please remove `user_notitfications` table manually by: + + ``` +use seahub_db; +delete from notifications_usernotification; +``` \ No newline at end of file diff --git a/manual/deploy/new_directory_layout_5_0_0.md b/manual/deploy/new_directory_layout_5_0_0.md new file mode 100644 index 00000000..f8cd4ceb --- /dev/null +++ b/manual/deploy/new_directory_layout_5_0_0.md @@ -0,0 +1,36 @@ +# Config files location change in Seafile Server 5.0.0 + +Seafile server has various components, each of them has its own config files. These files used to be in different directories, which is inconvenient to manage. + +This is the layout before Seafile Server 5.0.0: + +```sh +└── seahub_settings.py +└── ccnet/ + └── ccnet.conf +└── seafile/ + └── seafile.conf +└── conf/ + └── seafdav.conf +└── pro-data/ + └── seafevents.conf # (professional edition only) +└── seafile-server-latest/ +``` + +Since Seafile Server 5.0.0, all config files are moved to the **conf** folder: + +```sh +└── conf/ + └── ccnet.conf + └── seafile.conf + └── seafdav.conf + └── seahub_settings.py + └── seafevents.conf # (professional edition only) +└── ccnet/ +└── seafile/ +└── pro-data/ +``` + +This way, it's much easier to manage the configurations since all files can be found in the same place. + +When you upgrading to seafile 5.0.0, the upgrade script would move these files to the central **conf/** folder for you. diff --git a/manual/deploy/oauth.md b/manual/deploy/oauth.md new file mode 100644 index 00000000..67fd102d --- /dev/null +++ b/manual/deploy/oauth.md @@ -0,0 +1,133 @@ +## OAuth + +Since CE version 6.2.3, Seafile supports user login via [OAuth](https://oauth.net/). + +Before using OAuth, Seafile administrator should first register an OAuth2 client application on your authorization server, then add some configurations to seahub_settings.py. + +And don't forget install thirdparty requirement. + +``` +sudo pip install requests_oauthlib +``` + +#### Register an OAuth2 client application + +Here we use Github as an example. First you should register an OAuth2 client application on Github, [official document from Github](https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/registering-oauth-apps/) is very detailed. + +#### Configuration + +Add the folllowing configurations to seahub_settings.py: + +``` +ENABLE_OAUTH = True + +# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error. +OAUTH_ENABLE_INSECURE_TRANSPORT = True + +# Client id/secret generated by authorization server when you register your client application. +OAUTH_CLIENT_ID = "your-client-id" +OAUTH_CLIENT_SECRET = "your-client-secret" + +# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value. +OAUTH_REDIRECT_URL = 'http{s}://your-domain.com/oauth/callback/' + +# The following should NOT be changed if you are using Github as OAuth provider. +OAUTH_PROVIDER_DOMAIN = 'github.com' +OAUTH_AUTHORIZATION_URL = 'https://github.com/login/oauth/authorize' +OAUTH_TOKEN_URL = 'https://github.com/login/oauth/access_token' +OAUTH_USER_INFO_URL = 'https://api.github.com/user' +OAUTH_SCOPE = ["user",] +OAUTH_ATTRIBUTE_MAP = { + "id": (True, "email"), + "name": (False, "name"), + "email": (False, "contact_email"), +} +``` + +###### Sample settings for Google: + +``` +ENABLE_OAUTH = True +OAUTH_ENABLE_INSECURE_TRANSPORT = True + +OAUTH_CLIENT_ID = "your-client-id" +OAUTH_CLIENT_SECRET = "your-client-secret" +OAUTH_REDIRECT_URL = 'http{s}://your-domain.com/oauth/callback/' + +# The following shoud NOT be changed if you are using Google as OAuth provider. +OAUTH_PROVIDER_DOMAIN = 'google.com' +OAUTH_AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth' +OAUTH_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token' +OAUTH_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v1/userinfo' +OAUTH_SCOPE = [ + "https://www.googleapis.com/auth/userinfo.email", +] +OAUTH_ATTRIBUTE_MAP = { + "id": (True, "email"), + "name": (False, "name"), + "email": (False, "contact_email"), +} +``` + +For some system, like Github, `email` is not the unique identifier for an user, but `id` is in most cases, so we use `id` as settings example in our manual. As Seafile uses email to identify an unique user account for now, so we combine `id` and OAUTH_PROVIDER_DOMAIN, which is google.com in your case, to an email format string and then create this account if not exist. If you want to use `email` info from Google, just change the setting as followings: +``` +ENABLE_OAUTH = True +OAUTH_ENABLE_INSECURE_TRANSPORT = True + +OAUTH_CLIENT_ID = "your-client-id" +OAUTH_CLIENT_SECRET = "your-client-secret" +OAUTH_REDIRECT_URL = 'http{s}://your-domain.com/oauth/callback/' + +# The following shoud NOT be changed if you are using Google as OAuth provider. +OAUTH_PROVIDER_DOMAIN = 'google.com' +OAUTH_AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth' +OAUTH_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token' +OAUTH_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v1/userinfo' +OAUTH_SCOPE = [ + "https://www.googleapis.com/auth/userinfo.email", +] +OAUTH_ATTRIBUTE_MAP = { + "email": (True, "email"), + "name": (False, "name"), +} +``` + +To enable OAuth via GitLab. Create an application in GitLab (under Admin area->Applications). + +Fill in required fields: + +- Name: a name you specify +- Redirect URI: The callback url see below `OAUTH_REDIRECT_URL` +- Trusted: Skip confirmation dialog page. Select this to *not* ask the user if he wants to authorize seafile to receive access to his/her account data. +- Scopes: Select `openid` and `read_user` in the scopes list. + +Press submit and copy the client id and secret you receive on the confirmation page and use them in this template for your seahub_settings.py: + +``` +ENABLE_OAUTH = True +OAUTH_CLIENT_ID = "your-client-id" +OAUTH_CLIENT_SECRET = "your-client-secret" +OAUTH_REDIRECT_URL = "https://your-seafile/oauth/callback/" + +OAUTH_PROVIDER_DOMAIN = 'your-domain' +OAUTH_AUTHORIZATION_URL = 'https://gitlab.your-domain/oauth/authorize' +OAUTH_TOKEN_URL = 'https://gitlab.your-domain/oauth/token' +OAUTH_USER_INFO_URL = 'https://gitlab.your-domain/api/v4/user' +OAUTH_SCOPE = ["openid", "read_user"] +OAUTH_ATTRIBUTE_MAP = { + "email": (True, "email"), + "name": (False, "name") +} +``` + +For users of Azure Cloud, as there is no `id` field returned from Azure Cloud's user info endpoint, so we use a special configuration for `OAUTH_ATTRIBUTE_MAP` setting (others are the same as Github/Google): + +``` +OAUTH_ATTRIBUTE_MAP = { + "email": (True, "email"), + "id": (False, "not used"), + "name": (False, "name") +} +``` + +Please see [this tutorial](https://forum.seafile.com/t/oauth-authentification-against-microsoft-office365-azure-cloud/7999) for the complete deployment process of OAuth against Azure Cloud. diff --git a/manual/deploy/only_office.md b/manual/deploy/only_office.md new file mode 100644 index 00000000..ab6fe25c --- /dev/null +++ b/manual/deploy/only_office.md @@ -0,0 +1,500 @@ +# OnlyOffice + +From version 6.1.0+ on (including CE), Seafile supports [OnlyOffice](https://www.onlyoffice.com/) to view/edit office files online. In order to use OnlyOffice, you must first deploy an OnlyOffice server. + +You can deploy OnlyOffice and Seafile in the same machine with same domain or using two separate machines with two different domains. + +In a cluster setup we recommend a dedicated DocumentServer host or a DocumentServer Cluster on a different subdomain. + +## Deployment of OnlyOffice + +For a quick and easy installation, we suggest you use [ONLYOFFICE/Docker-DocumentServer](https://github.com/ONLYOFFICE/Docker-DocumentServer). + +### Test that OnlyOffice is running + +After the installation process is finished, visit this page to make sure you have deployed OnlyOffice successfully: `http{s}://{your OnlyOffice server's domain or IP}/welcome`, you will get **Document Server is running** info at this page. + +### Configure OnlyOffice to automatically save + +When open file with OnlyOffice, OnlyOffice will only send a file save request to Seafile after the user closes the page. If the user does not close the page for a long time, the user's changes to the file will not be saved on the Seafile. + +You can now set up automatic save by changing the configuration of OnlyOffice. + +1. Go to the container of onlyoffice/documentserver. +2. Open the OnlyOffice configuration file: `/etc/onlyoffice/documentserver/local.json` +3. Add this configuration: + + ``` + { + "services": { + "CoAuthoring": { + "autoAssembly": { + "enable": true, + "interval": "5m" + } + } + } + } + + ``` + +4. Restart OnlyOffice: `supervisorctl restart all` + +You can get more info in OnlyOffice's official document: https\://api.onlyoffice.com/editors/save + +### Configure OnlyOffice to use JWT Secret + +JWT secret can be used to secure your OnlyOffice server so other people will not be able to use it.(Since 7.1.2) + +To enable this feature, you should: + +1. Install a python moduel. + + ``` + pip install pyjwt + + ``` + +2. Config seahub_settings.py: + + ``` + ONLYOFFICE_JWT_SECRET = 'your secret string' + + ``` + +3. Configure OnlyOffice Document server, add your secret string to `/etc/onlyoffice/documentserver/local.json` + + ``` + ... + { + "services": { + "CoAuthoring": { + ... + "secret": { + "inbox": { + "string": "your secret string" + }, + "outbox": { + "string": "your secret string" + }, + }, + "token": { + "enable": { + "browser": true, + "request": { + "inbox": true, + "outbox": true + } + } + } + ... + } + } + } + ... + + ``` + + For more information you can check the official documentation: + +4. Restart OnlyOffice: `supervisorctl restart all` + +**NOTE**:To avoid the problem of having to change the configuration file every time the _documentserver_ container is restarted, you can create a locally persistent configuration file `local-production-linux.json` and mount it into _documentserver_ container : + +``` +-v /local/path/to/local-production-linux.json:/etc/onlyoffice/documentserver/local-production-linux.json + +``` + +## Configure Seafile Server + +> For OnlyOffice is deployed in a separate machine with a different domain. + +Add the following config option to `seahub_settings.py`. + +```python +# Enable Only Office +ENABLE_ONLYOFFICE = True +VERIFY_ONLYOFFICE_CERTIFICATE = False +ONLYOFFICE_APIJS_URL = 'http{s}://{your OnlyOffice server's domain or IP}/web-apps/apps/api/documents/api.js' +ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods') +ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx') + +``` + +Then restart the Seafile Server + +``` +./seafile.sh restart +./seahub.sh restart + +# or +service seafile-server restart + +``` + +When you click on a document you should see the new preview page. + +## Config Seafile and OnlyOffice in the same machine + +When you want to deploy OnlyOffice and Seafile on the same server, Seafile should be deployed at the root URL while OnlyOffice should be deployed using a subfolder URL. + +URL example for OnlyOffice: + +**Do NOT CHANGE the SUBFOLDER if not absolutely required for some reason!** + +**The subfolder page is only important for communication between Seafile and the DocumentServer, there is nothing except the welcome page (e.g. no overview or settings). Users will need access to it though for the OnlyOffice document server editor to work properly.** + +**`/onlyoffice/`****\*\***\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* cannot be used as subfolder as this path is used for communication between Seafile and Document Server !\*\* + +### Configure Webserver + +#### Configure Nginx + +**Variable mapping** + +Add the following configuration to your seafile nginx conf file (e.g. `/etc/ngnix/conf.d/seafile.conf`) out of the `server` directive. These variables are to be defined for the DocumentServer to work in a subfolder. + +``` +# Required for only office document server +map $http_x_forwarded_proto $the_scheme { + default $http_x_forwarded_proto; + "" $scheme; + } + +map $http_x_forwarded_host $the_host { + default $http_x_forwarded_host; + "" $host; + } + +map $http_upgrade $proxy_connection { + default upgrade; + "" close; + } + +``` + +**Proxy server settings subfolder** + +Add the following configuration to your seafile nginx .conf file (e.g. `/etc/ngnix/conf.d/seafile.conf`) within the `server` directive. + +``` +... +location /onlyofficeds/ { + + # THIS ONE IS IMPORTANT ! - Trailing slash ! + proxy_pass http://{your Seafile server's domain or IP}:88/; + + proxy_http_version 1.1; + client_max_body_size 100M; # Limit Document size to 100MB + proxy_read_timeout 3600s; + proxy_connect_timeout 3600s; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $proxy_connection; + + # THIS ONE IS IMPORTANT ! - Subfolder and NO trailing slash ! + proxy_set_header X-Forwarded-Host $the_host/onlyofficeds; + + proxy_set_header X-Forwarded-Proto $the_scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +... + +``` + +#### Configure Apache + +_BETA - Requires further testing!_ + +Add the following configuration to your seafile apache config file (e.g. `sites-enabled/seafile.conf`) **outside** the `` directive. + +``` +... + +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule proxy_module modules/mod_proxy.so +LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so +LoadModule headers_module modules/mod_headers.so +LoadModule setenvif_module modules/mod_setenvif.so + + + User daemon + Group daemon + + +... + +``` + +Add the following configuration to your seafile apache config file (e.g. `sites-enabled/seafile.conf`) **inside** the `` directive at the end. + +``` +... + +Define VPATH /onlyofficeds +Define DS_ADDRESS {your Seafile server's domain or IP}:88 + +... + + + Require all granted + SetEnvIf Host "^(.*)$" THE_HOST=$1 + RequestHeader setifempty X-Forwarded-Proto http + RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e + RequestHeader edit X-Forwarded-Host (.*) $1${VPATH} + ProxyAddHeaders Off + ProxyPass "http://${DS_ADDRESS}/" + ProxyPassReverse "http://${DS_ADDRESS}/" + + +... + +``` + +### Test that DocumentServer is running via SUBFOLDER + +After the installation process is finished, visit this page to make sure you have deployed OnlyOffice successfully: `http{s}://{your Seafile Server's domain or IP}/{your subdolder}/welcome`, you will get **Document Server is running** info at this page. + +### Configure Seafile Server for SUBFOLDER + +Add the following config option to `seahub_settings.py`: + +```python +# Enable Only Office +ENABLE_ONLYOFFICE = True +VERIFY_ONLYOFFICE_CERTIFICATE = True +ONLYOFFICE_APIJS_URL = 'http{s}://{your Seafile server's domain or IP}/{your subdolder}/web-apps/apps/api/documents/api.js' +ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods') +ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx') + +``` + +Then restart the Seafile Server + +``` +./seafile.sh restart +./seahub.sh restart + +# or +service seafile-server restart + +``` + +When you click on a document you should see the new preview page. + +### Complete Nginx config EXAMPLE + +Complete nginx config file (e.g. `/etc/nginx/conf.d/seafile.conf`) based on Seafile Server V6.1 including OnlyOffice DocumentServer via subfolder. + +``` +# Required for OnlyOffice DocumentServer +map $http_x_forwarded_proto $the_scheme { + default $http_x_forwarded_proto; + "" $scheme; +} + +map $http_x_forwarded_host $the_host { + default $http_x_forwarded_host; + "" $host; +} + +map $http_upgrade $proxy_connection { + default upgrade; + "" close; +} + +server { + listen 80; + server_name seafile.domain.com; + rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https + server_tokens off; +} + +server { + listen 443 http2; + ssl on; + ssl_certificate /etc/ssl/cacert.pem; # path to your cacert.pem + ssl_certificate_key /etc/ssl/privkey.pem; # path to your privkey.pem + server_name seafile.domain.com; + proxy_set_header X-Forwarded-For $remote_addr; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + server_tokens off; + + # + # seahub + # + location / { + fastcgi_pass 127.0.0.1:8000; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_script_name; + + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + fastcgi_param REMOTE_ADDR $remote_addr; + fastcgi_param HTTPS on; + fastcgi_param HTTP_SCHEME https; + + access_log /var/log/nginx/seahub.access.log; + error_log /var/log/nginx/seahub.error.log; + fastcgi_read_timeout 36000; + client_max_body_size 0; + } + + # + # seafile + # + location /seafhttp { + rewrite ^/seafhttp(.*)$ $1 break; + proxy_pass http://127.0.0.1:8082; + client_max_body_size 0; + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + proxy_send_timeout 36000s; + send_timeout 36000s; + } + + location /media { + root /home/user/haiwen/seafile-server-latest/seahub; + } + + # + # seafdav (webdav) + # + location /seafdav { + fastcgi_pass 127.0.0.1:8080; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_script_name; + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + fastcgi_param HTTPS on; + client_max_body_size 0; + access_log /var/log/nginx/seafdav.access.log; + error_log /var/log/nginx/seafdav.error.log; + } + + # + # onlyofficeds + # + location /onlyofficeds/ { + # IMPORTANT ! - Trailing slash ! + proxy_pass http://127.0.0.1:88/; + + proxy_http_version 1.1; + client_max_body_size 100M; # Limit Document size to 100MB + proxy_read_timeout 3600s; + proxy_connect_timeout 3600s; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $proxy_connection; + + # IMPORTANT ! - Subfolder and NO trailing slash ! + proxy_set_header X-Forwarded-Host $the_host/onlyofficeds; + + proxy_set_header X-Forwarded-Proto $the_scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + +``` + +### Complete Apache config EXAMPLE + +_BETA - Requires further testing!_ + +``` +LoadModule authn_core_module modules/mod_authn_core.so +LoadModule authz_core_module modules/mod_authz_core.so +LoadModule unixd_module modules/mod_unixd.so +LoadModule proxy_module modules/mod_proxy.so +LoadModule proxy_http_module modules/mod_proxy_http.so +LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so +LoadModule headers_module modules/mod_headers.so +LoadModule setenvif_module modules/mod_setenvif.so +LoadModule ssl_module modules/mod_ssl.so + + + User daemon + Group daemon + + + + ServerName seafile.domain.com + ServerAlias domain.com + Redirect permanent / https://seafile.domain.com + + + + ServerName seafile.domain.com + DocumentRoot /var/www + + SSLEngine On + SSLCertificateFile /etc/ssl/cacert.pem + SSLCertificateKeyFile /etc/ssl/privkey.pem + + ## Strong SSL Security + ## https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html + + SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 + SSLProtocol All -SSLv2 -SSLv3 + SSLCompression off + SSLHonorCipherOrder on + + Alias /media /home/user/haiwen/seafile-server-latest/seahub/media + + + Require all granted + + + RewriteEngine On + + # + # seafile fileserver + # + ProxyPass /seafhttp http://127.0.0.1:8082 + ProxyPassReverse /seafhttp http://127.0.0.1:8082 + RewriteRule ^/seafhttp - [QSA,L] + + # + # seahub + # + SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + ProxyPreserveHost On + ProxyPass / fcgi://127.0.0.1:8000/ + + # + # onlyofficeds + # + Define VPATH /onlyofficeds + Define DS_ADDRESS {your Seafile server's domain or IP}:88 + + + Require all granted + SetEnvIf Host "^(.*)$" THE_HOST=$1 + RequestHeader setifempty X-Forwarded-Proto http + RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e + RequestHeader edit X-Forwarded-Host (.*) $1${VPATH} + ProxyAddHeaders Off + ProxyPass "http://${DS_ADDRESS}/" + ProxyPassReverse "http://${DS_ADDRESS}/" + + + + +``` + + diff --git a/manual/deploy/remote_user.md b/manual/deploy/remote_user.md new file mode 100644 index 00000000..0a909f58 --- /dev/null +++ b/manual/deploy/remote_user.md @@ -0,0 +1,63 @@ +# SSO using Remote User + +Starting from 7.0.0, Seafile can integrate with various Single Sign On systems via a proxy server. Examples include Apache as Shibboleth proxy, or LemonLdap as a proxy to LDAP servers, or Apache as Kerberos proxy. Seafile can retrieve user information from special request headers (HTTP_REMOTE_USER, HTTP_X_AUTH_USER, etc.) set by the proxy servers. + +After the proxy server (Apache/Nginx) is successfully authenticated, the user information is set to the request header, and Seafile creates and logs in the user based on this information. + +Note: Make sure that the proxy server has a corresponding security mechanism to protect against forgery request header attacks. + +Please add the following settings to `conf/seahub_settings.py` to enable this feature. + +``` +ENABLE_REMOTE_USER_AUTHENTICATION = True + +# Optional, HTTP header, which is configured in your web server conf file, +# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'. +REMOTE_USER_HEADER = 'HTTP_REMOTE_USER' + +# Optional, when the value of HTTP_REMOTE_USER is not a valid email address, +# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER' +# and this domain, e.g. user1@example.com. +REMOTE_USER_DOMAIN = 'example.com' + +# Optional, whether to create new user in Seafile system, default value is True. +# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login. +# The admin has to first import the users from external systems like LDAP. +REMOTE_USER_CREATE_UNKNOWN_USER = True + +# Optional, whether to activate new user in Seafile system, default value is True. +# If this setting is disabled, user will be unable to login by default. +# the administrator needs to manually activate this user. +REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True + +# Optional, map user attribute in HTTP header and Seafile's user attribute. +REMOTE_USER_ATTRIBUTE_MAP = { + 'HTTP_DISPLAYNAME': 'name', + 'HTTP_MAIL': 'contact_email', + + # for user info + "HTTP_GIVENNAME": 'givenname', + "HTTP_SN": 'surname', + "HTTP_ORGANIZATION": 'institution', + + # for user role + 'HTTP_Shibboleth-affiliation': 'affiliation', +} + +# Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP, +# it is not restricted to Shibboleth +SHIBBOLETH_AFFILIATION_ROLE_MAP = { + 'employee@uni-mainz.de': 'staff', + 'member@uni-mainz.de': 'staff', + 'student@uni-mainz.de': 'student', + 'employee@hu-berlin.de': 'guest', + 'patterns': ( + ('*@hu-berlin.de', 'guest1'), + ('*@*.de', 'guest2'), + ('*', 'guest'), + ), +} + +``` + +Then restart Seafile. diff --git a/manual/deploy/server.md b/manual/deploy/server.md new file mode 100644 index 00000000..b2817fbc --- /dev/null +++ b/manual/deploy/server.md @@ -0,0 +1,259 @@ +# Seafile +## Server + +This manual explains how to setup and run Seafile server from a pre-built package. + +## Platform Support + +- Generic Linux + - including Raspberry Pi +- Windows + +## Download + +Visit [our download page](http://www.seafile.com/en/download), download the latest server package. + +``` +#check if your system is x86 (32bit) or x86_64 (64 bit) +uname -m +``` + + +## Deploying and Directory Layout + +NOTE: If you place the Seafile data directory in external storage, such as NFS, CIFS mount, you should not use SQLite as the database, but use MySQL instead. Please follow [https://github.com/haiwen/seafile/wiki/Download-and-Setup-Seafile-Server-with-MySQL this manual] to setup Seafile server. + +Supposed your organization's name is "haiwen", and you've downloaded seafile-server_1.4.0_* into your home directory. +We suggest you to layout your deployment as follows : + +``` +mkdir haiwen +mv seafile-server_* haiwen +cd haiwen +# after moving seafile-server_* to this directory +tar -xzf seafile-server_* +mkdir installed +mv seafile-server_* installed +``` + +Now you should have the following directory layout +``` +# tree . -L 2 +. +├── installed +│   └── seafile-server_1.4.0_x86-64.tar.gz +└── seafile-server-1.4.0 + ├── reset-admin.sh + ├── runtime + ├── seafile + ├── seafile.sh + ├── seahub + ├── seahub.sh + ├── setup-seafile.sh + └── upgrade +``` + +'''The benefit of this layout is that''' + +* We can place all the config files for Seafile server inside "haiwen" directory, making it easier to manage. +* When you upgrade to a new version of Seafile, you can simply untar the latest package into "haiwen" directory. ''In this way you can reuse the existing config files in "haiwen" directory and don't need to configure again''. + +## Setting Up Seafile Server + +#### Prerequisites + +The Seafile server package requires the following packages have been installed in your system + +* python 2.6.5+ or 2.7 +* python-setuptools +* python-simplejson +* sqlite3 + +``` +#on Debian +apt-get update +apt-get install python2.7 python-setuptools python-simplejson sqlite3 +pip install Pillow==4.3.0 +``` + +#### Setup + +``` +cd seafile-server-* +./setup-seafile.sh #run the setup script & answer prompted questions +``` + +If some of the prerequisites are not installed, the seafile initialization script will ask you to install them. + +[[images/server-setup.png|You'll see these outputs when you run the setup script]] + +The script will guide you through the settings of various configuration options. + + +{| border="1" cellspacing="0" cellpadding="5" align="center" +|+ Seafile configuration options +! Option +! Description +! Note +|- +| server name +| Name of this seafile server +| 3-15 characters, only English letters, digits and underscore ('_') are allowed +|- +| server ip or domain +| The IP address or domain name used by this server +| Seafile client program will access the server with this address +|- +| ccnet server port +| The TCP port used by ccnet, the underlying networking service of Seafile +| Default is 10001. If it's been used by other service, you can set it to another port. +|- +| seafile data dir +| Seafile stores your data in this directory. By default it'll be placed in the current directory. +| The size of this directory will increase as you put more and more data into Seafile. Please select a disk partition with enough free space. +|- +| seafile server port +| The TCP port used by Seafile to transfer data +| Default is 12001. If it's been used by other service, you can set it to another port. +|- +| fileserver port +| The TCP port used by Seafile fileserver +| Default is 8082. If it's been used by other service, you can set it to another port. +|- +|} + + +If the setup is successful, you'll see the following output + +[[images/server-setup-successfully.png]] + +Now you should have the following directory layout : +``` +#tree haiwen -L 2 +haiwen +├── ccnet # configuration files +│   ├── ccnet.conf +│   ├── mykey.peer +│   ├── PeerMgr +│   └── seafile.ini +├── installed +│   └── seafile-server_1.4.0_x86-64.tar.gz +├── seafile-data +│   └── seafile.conf +├── seafile-server-1.4.0 # active version +│   ├── reset-admin.sh +│   ├── runtime +│   ├── seafile +│   ├── seafile.sh +│   ├── seahub +│   ├── seahub.sh +│   ├── setup-seafile.sh +│   └── upgrade +├── seafile-server-latest # symbolic link to seafile-server-1.4.0 +├── seahub-data +│   └── avatars +├── seahub.db +├── seahub_settings.py # optional config file +└── seahub_settings.pyc +``` + +The folder `seafile-server-latest` is a symbolic link to the current seafile server folder. When later you upgrade to a new version, the upgrade scripts would update this link to keep it always point to the latest seafile server folder. + + +## Running Seafile Server + +#### Before Running + +Since Seafile uses persistent connection between client and server, if you have '''a large number of clients ''', you should increase Linux file descriptors by ulimit before start seafile, like: + +``` +ulimit -n 30000 +``` + +#### Starting Seafile Server and Seahub Website + +Under seafile-server-1.4.0 directory, run the following commands + +* Start seafile: + +``` +./seafile.sh start # Start seafile service +``` + +* Start seahub + +``` +./seahub.sh start # Start seahub website, port defaults to 8000 +``` + +'''Note:''' The first time you start seahub, the script would prompt you to create an admin account for your seafile server. + +After starting the services, you may open a web browser and types +``` +http://192.168.1.111:8000/ +``` +you will be redirected to the Login page. Enter the username and password you were provided during the Seafile setup. You will then be returned to the `Myhome` page where you can create libraries. + +'''Congratulations!''' Now you have successfully setup your private Seafile server. + +#### Run Seahub on another port + +If you want to run seahub in a port other than the default 8000, say 8001, you must: + +* stop the seafile server +``` +./seahub.sh stop +./seafile.sh stop +``` + +* modify the value of `SERVICE_URL` in the file [ccnet.conf](../config/ccnet-conf.md), like this: (assume your ip or domain is `192.168.1.100`) +``` +SERVICE_URL = http://192.168.1.100:8001 +``` + +* restart seafile server +``` +./seafile.sh start +./seahub.sh start 8001 +``` + +see [[Seafile server configuration options]] for more details about `ccnet.conf`. + +## Stopping and Restarting Seafile and Seahub + +#### Stopping + +``` +./seahub.sh stop # stop seahub website +./seafile.sh stop # stop seafile processes +``` + +#### Restarting + +``` +./seafile.sh restart +./seahub.sh restart +``` + +#### When the Scripts Fail + +Most of the time, seafile.sh and seahub.sh work fine. But if they fail, you may + +* Use '''pgrep''' command to check if seafile/seahub processes are still running + +``` +pgrep -f seafile-controller # check seafile processes +pgrep -f "manage.py run_gunicorn" # check seahub process +``` + +* Use '''pkill''' to kill the processes + +``` +pkill -f seafile-controller +pkill -f "manage.py run_gunicorn" +``` + +## That's it! +That's it! Now you may want read more about seafile. + +* [[Seafile-server-management|How to manage the server]]. diff --git a/manual/deploy/server_configuration.md b/manual/deploy/server_configuration.md new file mode 100644 index 00000000..64211953 --- /dev/null +++ b/manual/deploy/server_configuration.md @@ -0,0 +1,192 @@ +# Server Configuration and Customization + +**Note**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md). + +This manual explains how to change various config options for Seafile server. + +There are three config files in the community edition: + +- [ccnet.conf](../config/ccnet-conf.md): contains the network settings +- [seafile.conf](../config/seafile-conf.md): contains settings for seafile daemon and FileServer. +- [seahub_settings.py](../config/seahub_settings_py.md): contains settings for Seahub + +There is one additional config file in the pro edition: + +- `seafevents.conf`: contains settings for ccnet/ccnet.search and documents preview + + + + +## Storage Quota Setting (seafile.conf) + +You may set a default quota (e.g. 2GB) for all users. To do this, just add the following lines to `seafile.conf` file + +``` +[quota] +# default user quota in GB, integer only +default = 2 +``` + +This setting applies to all users. If you want to set quota for a specific user, you may log in to seahub website as administrator, then set it in "System Admin" page. + +## Default history length limit (seafile.conf) + +If you don't want to keep all file revision history, you may set a default history length limit for all libraries. + +``` +[history] +keep_days = days of history to keep +``` + +## Seafile fileserver configuration (seafile.conf) + +The configuration of seafile fileserver is in the `[fileserver]` section of the file `seafile.conf` + +``` +[fileserver] +# binding host for fileserver +host = 0.0.0.0 +# tcp port for fileserver +port = 8082 +``` + +Change upload/download settings. + +``` +[fileserver] +# Set maximum upload file size to 200M. +max_upload_size=200 + +# Set maximum download directory size to 200M. +max_download_dir_size=200 +``` + +**Note**: You need to restart seafile and seahub so that your changes take effect. +``` +./seahub.sh restart +./seafile.sh restart +``` + +## Seahub Configurations (seahub_settings.py) + +#### Sending Email Notifications on Seahub + +A few features work better if it can send email notifications, such as notifying users about new messages. +If you want to setup email notifications, please add the following lines to seahub_settings.py (and set your email server). +See [Django email documentation](https://docs.djangoproject.com/en/1.10/topics/email/) for the full description of these variables. + +``` +EMAIL_USE_TLS = False +EMAIL_HOST = 'smtp.example.com' # smpt server +EMAIL_HOST_USER = 'username@example.com' # smtp authentication username +EMAIL_HOST_PASSWORD = 'password' # smtp authentication password +EMAIL_PORT = '25' +DEFAULT_FROM_EMAIL = EMAIL_HOST_USER # value of email's From: field +SERVER_EMAIL = EMAIL_HOST_USER # error-reporting emails' From: field +``` + +If you are using Gmail as email server, use following lines: + +``` +EMAIL_USE_TLS = True +EMAIL_HOST = 'smtp.gmail.com' +EMAIL_HOST_USER = 'username@gmail.com' +EMAIL_HOST_PASSWORD = 'password' +EMAIL_PORT = 587 +DEFAULT_FROM_EMAIL = EMAIL_HOST_USER +SERVER_EMAIL = EMAIL_HOST_USER +``` + +**Note**: If your Email service still can not work, you may checkout the log file `logs/seahub.log` to see what may cause the problem. For complete email notification list, please refer to [Email notification list](../config/customize_email_notifications.md). + +**Note2**: If you want to use the Email service without authentication leaf `EMAIL_HOST_USER` and `EMAIL_HOST_PASSWORD` **blank** (`''`). (But notice that the emails then will be sent without a `From:` address.) + +#### Cache + +Seahub caches items(avatars, profiles, etc) on file system by default(/tmp/seahub_cache/). You can replace with Memcached (you have to install python-memcache first). + +``` +CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': '127.0.0.1:11211', + } +} +``` + +#### Seahub Settings + +You may change seahub website's settings by adding variables in `seahub_settings.py`. + +``` + +# Choices can be found here: +# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name +# although not all choices may be available on all operating systems. +# If running in a Windows environment this must be set to the same as your +# system time zone. +TIME_ZONE = 'UTC' + +# Set this to seahub website's URL. This URL is contained in email notifications. +SITE_BASE = 'http://www.example.com/' + +# Set this to your website's name. This is contained in email notifications. +SITE_NAME = 'example.com' + +# Set seahub website's title +SITE_TITLE = 'Seafile' + +# If you don't want to run seahub website on your site's root path, set this option to your preferred path. +# e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/. +SITE_ROOT = '/' + +# Whether to use pdf.js to view pdf files online. Default is `True`, you can turn it off. +# NOTE: since version 1.4. +USE_PDFJS = True + +# Enalbe or disalbe registration on web. Default is `False`. +# NOTE: since version 1.4. +ENABLE_SIGNUP = False + +# Activate or deactivate user when registration complete. Default is `True`. +# If set to `False`, new users need to be activated by admin in admin panel. +# NOTE: since version 1.8 +ACTIVATE_AFTER_REGISTRATION = False + +# Whether to send email when a system admin adding a new member. Default is `True`. +# NOTE: since version 1.4. +SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True + + # Whether to send email when a system admin resetting a user's password. Default is `True`. +# NOTE: since version 1.4. +SEND_EMAIL_ON_RESETTING_USER_PASSWD = True + +# Hide `Organization` tab. +# If you want your private seafile behave exactly like https://cloud.seafile.com/, you can set this flag. +CLOUD_MODE = True + +# Online preview maximum file size, defaults to 30M. +FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024 + +# Age of cookie, in seconds (default: 2 weeks). +SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2 + +# Whether to save the session data on every request. +SESSION_SAVE_EVERY_REQUEST = False + +# Whether a user's session cookie expires when the Web browser is closed. +SESSION_EXPIRE_AT_BROWSER_CLOSE = False + +# Using server side crypto by default, otherwise, let user choose crypto method. +FORCE_SERVER_CRYPTO = True + +``` + +**Note**: + +* You need to restart seahub so that your changes take effect. +* If your changes don't take effect, You may need to delete 'seahub_setting.pyc'. (A cache file) + +``` +./seahub.sh restart +``` diff --git a/manual/deploy/shibboleth_config.md b/manual/deploy/shibboleth_config.md new file mode 100644 index 00000000..50f66ab4 --- /dev/null +++ b/manual/deploy/shibboleth_config.md @@ -0,0 +1,201 @@ + + +> This document is for Seafile Server version lower than 6.3, if the server version is 6.3 or above, please refer to [this document](https://manual.seafile.com/deploy/shibboleth_config_v6.3.html). + +## Overview + +[Shibboleth](https://shibboleth.net/) is a widely used single sign on (SSO) protocol. Seafile server (Community Edition >= 4.1.0, Pro Edition >= 4.0.6) supports authentication via Shibboleth. It allows users from another organization to log in to Seafile without registering an account on the service provider. + +In this documentation, we assume the reader is familiar with Shibboleth installation and configuration. For introduction to Shibboleth concepts, please refer to . + +Shibboleth Service Provider (SP) should be installed on the same server as the Seafile server. The official SP from is implemented as an Apache module. The module handles all Shibboleth authentication details. Seafile server receives authentication information (username) from fastcgi. The username then can be used as login name for the user. + +Seahub provides a special URL to handle Shibboleth login. The URL is `https://your-server/shib-login`. Only this URL needs to be configured under Shibboleth protection. All other URLs don't go through the Shibboleth module. The overall workflow for a user to login with Shibboleth is as follows: + +1. In the Seafile login page, there is a separate "Shibboleth" login button. When the user clicks the button, she/he will be redirected to `https://your-server/shib-login`. +2. Since that URL is controlled by Shibboleth, the user will be redirected to IdP for login. After the user logs in, she/he will be redirected back to `https://your-server/shib-login`. +3. This time the Shibboleth module passes the request to Seahub. Seahub reads the user information from the request and brings the user to her/his home page. +4. All later access to Seahub will not pass through the Shibboleth module. Since Seahub keeps session information internally, the user doesn't need to login again until the session expires. + +Since Shibboleth support requires Apache, if you want to use Nginx, you need two servers, one for non-Shibboleth access, another configured with Apache to allow Shibboleth login. In a cluster environment, you can configure your load balancer to direct traffic to different server according to URL. Only the URL `https://your-server/shib-login` needs to be directed to Apache. + +The configuration includes 3 steps: + +1. Install and configure Shibboleth Service Provider; +2. Configure Apache; +3. Configure Seahub. + +## Install and Configure Shibboleth Service Provider + +Installation and configuration of Shibboleth is out of the scope of this documentation. Here are a few references: + +* For RedHat and SUSE: +* For Ubuntu: + +Please note that you don't have to follow the Apache configurations in the above links. Just use the Apache config we provide in the next section. + +## Apache Configuration + +You should create a new virtual host configuration for Shibboleth. + +``` + + + ServerName seafile.example.com + DocumentRoot /var/www + #Alias /seafmedia /home/ubuntu/dev/seahub/media + Alias /media /home/user/seafile-server-latest/seahub/media + + ErrorLog ${APACHE_LOG_DIR}/seahub.error.log + CustomLog ${APACHE_LOG_DIR}/seahub.access.log combined + + SSLEngine on + SSLCertificateFile /path/to/ssl-cert.pem + SSLCertificateKeyFile /path/to/ssl-key.pem + + + SetHandler shib + + + + AuthType None + Require all granted + Allow from all + satisfy any + + + RewriteEngine On + + Require all granted + + + + AuthType shibboleth + ShibRequestSetting requireSession true + Require valid-user + + + # + # seafile fileserver + # + ProxyPass /seafhttp http://127.0.0.1:8082 + ProxyPassReverse /seafhttp http://127.0.0.1:8082 + RewriteRule ^/seafhttp - [QSA,L] + + # + # seahub + # + RewriteRule ^/(media.*)$ /$1 [QSA,L,PT] + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_URI} !^/Shibboleth.sso + ProxyPreserveHost On + RewriteRule ^(.*)$ /seahub.fcgi$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] + + + + +``` + +After restarting Apache, you should be able to get the Service Provider metadata by accessing . This metadata should be uploaded to the Identity Provider (IdP) server. + +## Configure Seahub + +Seahub extracts the username from the `REMOTE_USER` environment variable. So you should modify your SP's shibboleth2.xml (/etc/shibboleth/shibboleth2.xml on Ubuntu) config file, so that Shibboleth translates your desired attribute into `REMOTE_USER` environment variable. + +``` + + +``` + +In Seafile, only one of the following two attributes can be used for username: `eppn`, and `mail`. `eppn` stands for "Edu Person Principal Name". It is usually the UserPrincipalName attribute in Active Directory. It's not necessarily a valid email address. `mail` is the user's email address. You should set `REMOTE_USER` to either one of these attributes. + +Now we have to tell Seahub how to do with the authentication information passed in by Shibboleth. + +Add the following configuration to seahub_settings.py. + +``` +EXTRA_AUTHENTICATION_BACKENDS = ( + 'shibboleth.backends.ShibbolethRemoteUserBackend', +) +EXTRA_MIDDLEWARE_CLASSES = ( + 'shibboleth.middleware.ShibbolethRemoteUserMiddleware', +) + +ENABLE_SHIB_LOGIN = True + +SHIBBOLETH_ATTRIBUTE_MAP = { + # Change eppn to mail if you use mail attribute for REMOTE_USER + "eppn": (False, "username"), +} + +``` + +Since version 5.0, Seahub can process additional user attributes from Shibboleth. These attributes are saved into Seahub's database, as user's properties. They're all not mandatory. The internal user properties Seahub now supports are: + +* givenname +* surname +* contact_email: used for sending notification email to user if username is not a valid email address (like eppn). +* institution: used to identify user's institution + +You can specify the mapping between Shibboleth attributes and Seahub's user properties in seahub_settings.py: + +``` +SHIBBOLETH_ATTRIBUTE_MAP = { + "eppn": (False, "username"), + "givenname": (False, "givenname"), + "sn": (False, "surname"), + "mail": (False, "contact_email"), + "organization": (False, "institution"), +} + +``` + +In the above config, the hash key is Shibboleth attribute name, the second element in the hash value is Seahub's property name. You can adjust the Shibboleth attribute name for your own needs. **_Note that you may have to change attribute-map.xml in your Shibboleth SP, so that the desired attributes are passed to Seahub. And you have to make sure the IdP sends these attributes to the SP._** + +Since version 5.1.1, we added an option `SHIB_ACTIVATE_AFTER_CREATION` (defaults to `True`) which control the user status after shibboleth connection. If this option set to `False`, user will be inactive after connection, and system admins will be notified by email to activate that account. + +### Affiliation and user role + +Shibboleth has a field called affiliation. It is a list like: `employee@uni-mainz.de;member@uni-mainz.de;faculty@uni-mainz.de;staff@uni-mainz.de.` + +Since version 6.0.7 pro, we are able to set user role from Shibboleth. Details about user role, please refer to + + +To enable this, modify `SHIBBOLETH_ATTRIBUTE_MAP` above and add `Shibboleth-affiliation` field, you may need to change `Shibboleth-affiliation` according to your Shibboleth SP attributes. + +``` +SHIBBOLETH_ATTRIBUTE_MAP = { + "eppn": (False, "username"), + "givenname": (False, "givenname"), + "sn": (False, "surname"), + "mail": (False, "contact_email"), + "organization": (False, "institution"), + "Shibboleth-affiliation": (False, "affiliation"), +} + +``` + +Then add new config to define affiliation role map, + +``` +SHIBBOLETH_AFFILIATION_ROLE_MAP = { + 'employee@uni-mainz.de': 'staff', + 'member@uni-mainz.de': 'staff', + 'student@uni-mainz.de': 'student', + 'employee@hu-berlin.de': 'guest', + # Since 6.1.7 pro, we support wildcards matching. + 'patterns': ( + ('*@hu-berlin.de', 'guest1'), + ('*@*.de', 'guest2'), + ('*', 'guest'), + ), +} + +``` + +After Shibboleth login, Seafile should calcualte user's role from affiliation and SHIBBOLETH_AFFILIATION_ROLE_MAP. + +## Verify + +After restarting Apache and Seafile services, you can then test the shibboleth login workflow. diff --git a/manual/deploy/shibboleth_config_v6.3.md b/manual/deploy/shibboleth_config_v6.3.md new file mode 100644 index 00000000..638893d4 --- /dev/null +++ b/manual/deploy/shibboleth_config_v6.3.md @@ -0,0 +1,312 @@ + + +> This document is for Seafile Server version 6.3 or above, if the server version is lower than 6.3, please refer to [this document](https://manual.seafile.com/deploy/shibboleth_config.html). + +## Overview + +[Shibboleth](https://shibboleth.net/) is a widely used single sign on (SSO) protocol. Seafile supports authentication via Shibboleth. It allows users from another organization to log in to Seafile without registering an account on the service provider. + +In this documentation, we assume the reader is familiar with Shibboleth installation and configuration. For introduction to Shibboleth concepts, please refer to . + +Shibboleth Service Provider (SP) should be installed on the same server as the Seafile server. The official SP from is implemented as an Apache module. The module handles all Shibboleth authentication details. Seafile server receives authentication information (username) from HTTP request. The username then can be used as login name for the user. + +Seahub provides a special URL to handle Shibboleth login. The URL is `https://your-seafile-domain/sso`. Only this URL needs to be configured under Shibboleth protection. All other URLs don't go through the Shibboleth module. The overall workflow for a user to login with Shibboleth is as follows: + +1. In the Seafile login page, there is a separate "Single Sign-On" login button. When the user clicks the button, she/he will be redirected to `https://your-seafile-domain/sso`. +2. Since that URL is controlled by Shibboleth, the user will be redirected to IdP for login. After the user logs in, she/he will be redirected back to `https://your-seafile-domain/sso`. +3. This time the Shibboleth module passes the request to Seahub. Seahub reads the user information from the request(`HTTP_REMOTE_USER` header) and brings the user to her/his home page. +4. All later access to Seahub will not pass through the Shibboleth module. Since Seahub keeps session information internally, the user doesn't need to login again until the session expires. + +Since Shibboleth support requires Apache, if you want to use Nginx, you need two servers, one for non-Shibboleth access, another configured with Apache to allow Shibboleth login. In a cluster environment, you can configure your load balancer to direct traffic to different server according to URL. Only the URL `https://your-seafile-domain/sso` needs to be directed to Apache. + +The configuration includes 3 steps: + +1. Install and configure Shibboleth Service Provider; +2. Configure Apache; +3. Configure Seahub. + +## Install and Configure Shibboleth Service Provider + +We use CentOS 7 as example. + +#### Configure Apache + +You should create a new virtual host configuration for Shibboleth. And then restart Apache. + +``` + + + ServerName your-seafile-domain + DocumentRoot /var/www + Alias /media /opt/seafile/seafile-server-latest/seahub/media + + ErrorLog ${APACHE_LOG_DIR}/seahub.error.log + CustomLog ${APACHE_LOG_DIR}/seahub.access.log combined + + SSLEngine on + SSLCertificateFile /path/to/ssl-cert.pem + SSLCertificateKeyFile /path/to/ssl-key.pem + + + SetHandler shib + AuthType shibboleth + ShibRequestSetting requireSession 1 + Require valid-user + + + + SetHandler shib + AuthType shibboleth + ShibUseHeaders On + ShibRequestSetting requireSession 1 + Require valid-user + + + RewriteEngine On + + Require all granted + + + # seafile fileserver + ProxyPass /seafhttp http://127.0.0.1:8082 + ProxyPassReverse /seafhttp http://127.0.0.1:8082 + RewriteRule ^/seafhttp - [QSA,L] + + # seahub + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + ProxyPass / http://127.0.0.1:8000/ + ProxyPassReverse / http://127.0.0.1:8000/ + + # for http + # RequestHeader set REMOTE_USER %{REMOTE_USER}e + # for https + RequestHeader set REMOTE_USER %{REMOTE_USER}s + + + +``` + +#### Install and Configure Shibboleth + +Installation and configuration of Shibboleth is out of the scope of this documentation. Here are a few references: + +* For RedHat, CentOS-7 and SUSE: + +#### Configure Shibboleth(SP) + +##### shibboleth2.xml + +Open `/etc/shibboleth/shibboleth2.xml` and change some property. After you have done all the followings, don't forget to restart Shibboleth(SP) + +###### `ApplicationDefaults` element + +Change `entityID` and [`REMOTE_USER`](https://wiki.shibboleth.net/confluence/display/SP3/ApplicationDefaults) property: + +``` + + + +``` + +Seahub extracts the username from the `REMOTE_USER` environment variable. So you should modify your SP's shibboleth2.xml config file, so that Shibboleth translates your desired attribute into `REMOTE_USER` environment variable. + +In Seafile, only one of the following two attributes can be used for username: `eppn`, and `mail`. `eppn` stands for "Edu Person Principal Name". It is usually the UserPrincipalName attribute in Active Directory. It's not necessarily a valid email address. `mail` is the user's email address. You should set `REMOTE_USER` to either one of these attributes. + +###### `SSO` element + +Change `entityID` property: + +``` + + + + SAML2 + + +``` + +###### `MetadataProvider` element + +Change `url` and `backingFilePath` property: + +``` + + + + + +``` + +##### attribute-map.xml + +Open `/etc/shibboleth/attribute-map.xml` and change some property. After you have done all the followings, don't forget to restart Shibboleth(SP) + +###### `Attribute` element + +Uncomment attribute elements for getting more user info: + +``` + + + + + + + +``` + +#### Upload Shibboleth(SP)'s metadata + +After restarting Apache, you should be able to get the Service Provider metadata by accessing . This metadata should be uploaded to the Identity Provider (IdP) server. + +## Configure Seahub + +Add the following configuration to seahub_settings.py. + +``` +ENABLE_SHIB_LOGIN = True +SHIBBOLETH_USER_HEADER = 'HTTP_REMOTE_USER' +# basic user attributes +SHIBBOLETH_ATTRIBUTE_MAP = { + "HTTP_DISPLAYNAME": (False, "display_name"), + "HTTP_MAIL": (False, "contact_email"), +} +EXTRA_MIDDLEWARE_CLASSES = ( + 'shibboleth.middleware.ShibbolethRemoteUserMiddleware', +) +EXTRA_AUTHENTICATION_BACKENDS = ( + 'shibboleth.backends.ShibbolethRemoteUserBackend', +) + +``` + +Seahub can process additional user attributes from Shibboleth. These attributes are saved into Seahub's database, as user's properties. They're all not mandatory. The internal user properties Seahub now supports are: + +* givenname +* surname +* contact_email: used for sending notification email to user if username is not a valid email address (like eppn). +* institution: used to identify user's institution + +You can specify the mapping between Shibboleth attributes and Seahub's user properties in seahub_settings.py: + +``` +SHIBBOLETH_ATTRIBUTE_MAP = { + "HTTP_EPPN": (False, "username"), + "HTTP_GIVENNAME": (False, "givenname"), + "HTTP_SN": (False, "surname"), + "HTTP_MAIL": (False, "contact_email"), + "HTTP_ORGANIZATION": (False, "institution"), +} + +``` + +In the above config, the hash key is Shibboleth attribute name, the second element in the hash value is Seahub's property name. You can adjust the Shibboleth attribute name for your own needs. **_Note that you may have to change attribute-map.xml in your Shibboleth SP, so that the desired attributes are passed to Seahub. And you have to make sure the IdP sends these attributes to the SP._** + +We also added an option `SHIB_ACTIVATE_AFTER_CREATION` (defaults to `True`) which control the user status after shibboleth connection. If this option set to `False`, user will be inactive after connection, and system admins will be notified by email to activate that account. + +#### Affiliation and user role + +Shibboleth has a field called affiliation. It is a list like: `employee@uni-mainz.de;member@uni-mainz.de;faculty@uni-mainz.de;staff@uni-mainz.de.` + +We are able to set user role from Shibboleth. Details about user role, please refer to + + +To enable this, modify `SHIBBOLETH_ATTRIBUTE_MAP` above and add `Shibboleth-affiliation` field, you may need to change `Shibboleth-affiliation` according to your Shibboleth SP attributes. + +``` +SHIBBOLETH_ATTRIBUTE_MAP = { + "HTTP_EPPN": (False, "username"), + "HTTP_GIVENNAME": (False, "givenname"), + "HTTP_SN": (False, "surname"), + "HTTP_MAIL": (False, "contact_email"), + "HTTP_ORGANIZATION": (False, "institution"), + "HTTP_Shibboleth-affiliation": (False, "affiliation"), +} + +``` + +Then add new config to define affiliation role map, + +``` +SHIBBOLETH_AFFILIATION_ROLE_MAP = { + 'employee@uni-mainz.de': 'staff', + 'member@uni-mainz.de': 'staff', + 'student@uni-mainz.de': 'student', + 'employee@hu-berlin.de': 'guest', + 'patterns': ( + ('*@hu-berlin.de', 'guest1'), + ('*@*.de', 'guest2'), + ('*', 'guest'), + ), +} + +``` + +After Shibboleth login, Seafile should calcualte user's role from affiliation and SHIBBOLETH_AFFILIATION_ROLE_MAP. + +## Verify + +After restarting Apache and Seahub service (`./seahub.sh restart`), you can then test the shibboleth login workflow. + +## Debug + +If you encountered problems when login, follow these steps to get debug info (for Seafile pro 6.3.13). + +#### Add this setting to `seahub_settings.py` + +``` +DEBUG = True + +``` + +#### Change Seafile's code + +Open `seafile-server-latest/seahub/thirdpart/shibboleth/middleware.py` + +Insert the following code in line 59 + +``` + assert False + +``` + +Insert the following code in line 65 + +``` +if not username: + assert False + +``` + +The complete code after these changes is as follows: + +``` +#Locate the remote user header. +# import pprint; pprint.pprint(request.META) +try: + username = request.META[SHIB_USER_HEADER] +except KeyError: + assert False + # If specified header doesn't exist then return (leaving + # request.user set to AnonymousUser by the + # AuthenticationMiddleware). + return + +if not username: + assert False + +p_id = ccnet_api.get_primary_id(username) +if p_id is not None: + username = p_id + +``` + +Then restart Seafile and relogin, you will see debug info in web page. diff --git a/manual/deploy/single_sign_on.md b/manual/deploy/single_sign_on.md new file mode 100644 index 00000000..d39ee84f --- /dev/null +++ b/manual/deploy/single_sign_on.md @@ -0,0 +1,16 @@ +# Single Sign On support in Seafile + +Seafile supports most of the popular single-sign-on authentication protocols. Some are included in Community Edition, some are only in Pro Edition. + +In the Community Edition: + +* [Shibboleth](./shibboleth_config_v6.3.md) +* [OAuth](./oauth.md) +* [Remote User (Proxy Server)](./remote_user.md) + +Kerberos authentication can be integrated by using Apache as a proxy server and follow the instructions in [Remote User Authentication](./remote_user.md). + +In Pro Edition: + +* [ADFS or SAML 2.0](../deploy_pro/adfs.md) +* [CAS](../deploy_pro/cas.md) diff --git a/manual/deploy/sqlite_to_mysql.sh b/manual/deploy/sqlite_to_mysql.sh new file mode 100644 index 00000000..5b20d41e --- /dev/null +++ b/manual/deploy/sqlite_to_mysql.sh @@ -0,0 +1,118 @@ +#!/bin/sh +# +# This shell script uses sqlite3 commands to export data only(no schema) from seafile sqlite3 installation +# +# Setup: +# +# 1. Move this file to the top directory of your Seafile +# installation path (e.g. /data/haiwen). +# 2. Run: ./sqlite_to_mysql.sh +# 3. Three files(ccnet_db_data.sql, seafile_db_data.sql, seahub_db_data.sql) are created. +# 4. Loads these files to MySQL after you load schema +# example: (mysql> source ccnet_db_data.sql) +# + +#Function that generates INSERT statements for all data in given database +#Parameter1 = database_path + +Sqlite2MysqlData () { + echo "SET FOREIGN_KEY_CHECKS=0;" + for TABLE in $(sqlite3 $1 .tables) + do + #get columns and insert ``, around every one + COLS=$(sqlite3 $1 "PRAGMA table_info('${TABLE}');" | cut -d'|' -f2 | sed 's/^/`/' | sed 's/$/`, /' ) + + #remove comma from last one + COLS_PURE=$(echo $COLS | sed 's/.$//') + + #generate insertstatemets (via echoMultipleCommands support by sqlite3), does not include column names + echo ".mode insert\nselect * from '${TABLE}';" | sqlite3 $1 | + + #replace 3rd word with columns from above: TableName(`col1`, `col2`, `col3`, ...) + sed "s/[^ ]*[^ ]/${TABLE}(${COLS_PURE})/3" + done + echo "SET FOREIGN_KEY_CHECKS=1;" +} + +CCNET_DB='ccnet_db_data.sql' +SEAFILE_DB='seafile_db_data.sql' +SEAHUB_DB='seahub_db_data.sql' + +########## ccnet + +seafile_path=$(pwd) + +if [ -d "${seafile_path}/ccnet" ]; then + USER_MGR_DB=${seafile_path}/ccnet/PeerMgr/usermgr.db + GRP_MGR_DB=${seafile_path}/ccnet/GroupMgr/groupmgr.db +else + echo "${seafile_path}/ccnet does not exists." + read -p "Please provide your ccnet folder path(e.g. /data/haiwen/ccnet): " ccnet_path + if [ -d ${ccnet_path} ]; then + USER_MGR_DB=$(dirname "${ccnet_path}")/PeerMgr/usermgr.db + GRP_MGR_DB=$(dirname "${ccnet_path}")/GroupMgr/groupmgr.db + else + echo "${ccnet_path} does not exists, quit." + exit 1 + fi +fi + +rm -rf ${CCNET_DB} + +echo "Start export ccnet data from user" +Sqlite2MysqlData ${USER_MGR_DB} > ${CCNET_DB} + +echo "Start export ccnet data from group" +Sqlite2MysqlData ${GRP_MGR_DB} >> ${CCNET_DB} + +echo "Done export ccnet data" + +########## seafile + +if [ -f "${seafile_path}/seafile-data/seafile.db" ]; then + SEAFILE_SQLITE_DB=${seafile_path}/seafile-data/seafile.db +else + echo "${seafile_path}/seafile-data/seafile.db does not exists." + read -p "Please provide your seafile.db path(e.g. /data/haiwen/seafile-data/seafile.db): " seafile_db_path + if [ -f ${seafile_db_path} ];then + SEAFILE_SQLITE_DB=${seafile_db_path} + else + echo "${seafile_db_path} does not exists, quit." + exit 1 + fi +fi + +rm -rf ${SEAFILE_DB} + +echo "Start export seafile data" +Sqlite2MysqlData ${SEAFILE_SQLITE_DB} > ${SEAFILE_DB} + +echo "Done export seafile data" + +########## seahub + +if [ -f "${seafile_path}/seahub.db" ]; then + SEAHUB_SQLITE_DB=${seafile_path}/seahub.db +else + echo "${seafile_path}/seahub.db does not exists." + read -p "Please prove your seahub.db path(e.g. /data/haiwen/seahub.db): " seahub_db_path + if [ -f ${seahub_db_path} ]; then + SEAHUB_SQLITE_DB=${seahub_db_path} + else + echo "${seahub_db_path} does not exists, quit." + exit 1 + fi +fi + +rm -rf ${SEAHUB_DB} + +#delete existed data from `django_content_type`: +echo "DELETE FROM \`django_content_type\`;" > ${SEAHUB_DB} + +#delete existed data from `django_migrations`: +echo "DELETE FROM \`django_migrations\`;" >> ${SEAHUB_DB} + +echo "Start export seahub data" +Sqlite2MysqlData ${SEAHUB_SQLITE_DB} >> ${SEAHUB_DB} + +echo "Done export seahub data" diff --git a/manual/deploy/start_seafile_at_system_bootup.md b/manual/deploy/start_seafile_at_system_bootup.md new file mode 100644 index 00000000..9c2d1c6f --- /dev/null +++ b/manual/deploy/start_seafile_at_system_bootup.md @@ -0,0 +1,564 @@ +# Start Seafile at System Bootup + +## For systems running systemd + +* For example Debian 8 and newer, Linux Ubuntu 15.04 and newer + +Create systemd service files, change **${seafile_dir}** to your +**seafile** installation location and **seafile** to user, who runs +**seafile** (if appropriate). Then you need to reload systemd's daemons: +**systemctl daemon-reload**. + +### Create systemd service file /etc/systemd/system/seafile.service + +``` +sudo vim /etc/systemd/system/seafile.service + +``` + +The content of the file is: + +``` +[Unit] +Description=Seafile +# add mysql.service or postgresql.service depending on your database to the line below +After=network.target + +[Service] +Type=forking +ExecStart=${seafile_dir}/seafile-server-latest/seafile.sh start +ExecStop=${seafile_dir}/seafile-server-latest/seafile.sh stop +LimitNOFILE=infinity +User=seafile +Group=seafile + +[Install] +WantedBy=multi-user.target + +``` + +### Create systemd service file /etc/systemd/system/seahub.service + +``` +sudo vim /etc/systemd/system/seahub.service + +``` + +The content of the file is (please dont forget to change it if you want to run fastcgi): + +``` +[Unit] +Description=Seafile hub +After=network.target seafile.service + +[Service] +Type=forking +# change start to start-fastcgi if you want to run fastcgi +ExecStart=${seafile_dir}/seafile-server-latest/seahub.sh start +ExecStop=${seafile_dir}/seafile-server-latest/seahub.sh stop +User=seafile +Group=seafile + +[Install] +WantedBy=multi-user.target + +``` + +### Create systemd service file /etc/systemd/system/seafile-client.service (optional) + +You need to create this service file only if you have **seafile** +console client and you want to run it on system boot. + +``` +sudo vim /etc/systemd/system/seafile-client.service + +``` + +The content of the file is: + +``` +[Unit] +Description=Seafile client +# Uncomment the next line you are running seafile client on the same computer as server +# After=seafile.service +# Or the next one in other case +# After=network.target + +[Service] +Type=oneshot +ExecStart=/usr/bin/seaf-cli start +ExecStop=/usr/bin/seaf-cli stop +RemainAfterExit=yes +User=seafile +Group=seafile + +[Install] +WantedBy=multi-user.target + +``` + +### Enable service start on system boot + +``` +sudo systemctl enable seafile.service +sudo systemctl enable seahub.service +sudo systemctl enable seafile-client.service # optional + +``` + +## For systems using another init system than systemd + +## Ubuntu 14.10 and older + +On Ubuntu without systemd we make use of the +[/etc/init.d/](https://help.ubuntu.com/community/UbuntuBootupHowto) +scripts to start seafile/seahub at system boot. + +### Create a script **/etc/init.d/seafile-server** + +``` +sudo vim /etc/init.d/seafile-server + +``` + +The content of this script is: (You need to modify the value of **user** +and **seafile_dir** accordingly) + +``` +#!/bin/bash +### BEGIN INIT INFO +# Provides: seafile-server +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Seafile server +# Description: Start Seafile server +### END INIT INFO + +# Change the value of "user" to your linux user name +user=haiwen + +# Change the value of "seafile_dir" to your path of seafile installation +# usually the home directory of $user +seafile_dir=/data/haiwen +script_path=${seafile_dir}/seafile-server-latest +seafile_init_log=${seafile_dir}/logs/seafile.init.log +seahub_init_log=${seafile_dir}/logs/seahub.init.log + +# Change the value of fastcgi to false if fastcgi is not used +fastcgi=true +# Set the port of fastcgi, default is 8000. Change it if you need different. +fastcgi_port=8000 +# +# Write a polite log message with date and time +# +echo -e "\n \n About to perform $1 for seafile at `date -Iseconds` \n " >> ${seafile_init_log} +echo -e "\n \n About to perform $1 for seahub at `date -Iseconds` \n " >> ${seahub_init_log} +case "$1" in + start) + sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log} + if [ $fastcgi = true ]; + then + sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log} + else + sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log} + fi + ;; + restart) + sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log} + if [ $fastcgi = true ]; + then + sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log} + else + sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log} + fi + ;; + stop) + sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log} + sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log} + ;; + *) + echo "Usage: /etc/init.d/seafile-server {start|stop|restart}" + exit 1 + ;; +esac + +``` + +**Note:** If you are using local mysql server, please replace `# Required-Start: $remote_fs $syslog` with `# Required-Start: $remote_fs $syslog mysql`. + +### Make the seafile-sever script executable + +``` +sudo chmod +x /etc/init.d/seafile-server + +``` + +### Add seafile-server to rc.d + +``` +sudo update-rc.d seafile-server defaults + +``` + +**Note:** Don't forget to update the value of **script_path** later if you update +your seafile server. + +## Other Debian based Distributions + +### Create a script **/etc/init.d/seafile-server** + +``` +sudo vim /etc/init.d/seafile-server + +``` + +The content of this script is: (You need to modify the value of **user** +and **seafile_dir** accordingly) + +``` +#!/bin/sh + +### BEGIN INIT INFO +# Provides: seafile-server +# Required-Start: $local_fs $remote_fs $network +# Required-Stop: $local_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Starts Seafile Server +# Description: starts Seafile Server +### END INIT INFO + +# Change the value of "user" to linux user name who runs seafile +user=haiwen + +# Change the value of "seafile_dir" to your path of seafile installation +# usually the home directory of $user +seafile_dir=/data/haiwen +script_path=${seafile_dir}/seafile-server-latest +seafile_init_log=${seafile_dir}/logs/seafile.init.log +seahub_init_log=${seafile_dir}/logs/seahub.init.log + +# Change the value of fastcgi to true if fastcgi is to be used +fastcgi=false +# Set the port of fastcgi, default is 8000. Change it if you need different. +fastcgi_port=8000 + +# +# Write a polite log message with date and time +# +echo -e "\n \n About to perform $1 for seafile at `date -Iseconds` \n " >> ${seafile_init_log} +echo -e "\n \n About to perform $1 for seahub at `date -Iseconds` \n " >> ${seahub_init_log} + +case "$1" in + start) + sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log} + if [ $fastcgi = true ]; + then + sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log} + else + sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log} + fi + ;; + restart) + sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log} + if [ $fastcgi = true ]; + then + sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log} + else + sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log} + fi + ;; + stop) + sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log} + sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log} + ;; + *) + echo "Usage: /etc/init.d/seafile-server {start|stop|restart}" + exit 1 + ;; +esac + +``` + +**Note**: + +1. If you want to start seahub in fastcgi, just change the **fastcgi** + variable to **true** +2. If you deployed Seafile with MySQL, append "mysql" to the + Required-Start line: + + +``` +# Required-Start: $local_fs $remote_fs $network mysql + +``` + +### Add Directory for Logfiles + +``` + mkdir /path/to/seafile/dir/logs + +``` + +### Make the seafile-sever script executable + +``` +sudo chmod +x /etc/init.d/seafile-server + +``` + +### Add seafile-server to rc.d + +``` +sudo update-rc.d seafile-server defaults + +``` + +### Done + +Don't forget to update the value of **seafile_dir** later if you update +your seafile server. + +## RHEL/CentOS + +On RHEL/CentOS, the script +[/etc/rc.local](http://www.centos.org/docs/5/html/Installation_Guide-en-US/s1-boot-init-shutdown-run-boot.html) +is executed by the system at bootup, so we start seafile/seahub there. + +* Locate your python executable (python 2.6 or 2.7) + + +``` +which python2.6 # or "which python2.7" + +``` + +* In /etc/rc.local, add the directory of python2.6(2.7) to **PATH**, + and add the seafile/seahub start command + + +``` +` +# Assume the python 2.6(2.7) executable is in "/usr/local/bin" +PATH=$PATH:/usr/local/bin/ + +# Change the value of "user" to your linux user name +user=haiwen + +# Change the value of "seafile_dir" to your path of seafile installation +# usually the home directory of $user +seafile_dir=/data/haiwen +script_path=${seafile_dir}/seafile-server-latest + +sudo -u ${user} ${script_path}/seafile.sh start > /tmp/seafile.init.log 2>&1 +sudo -u ${user} ${script_path}/seahub.sh start > /tmp/seahub.init.log 2>&1 + +``` + +**Note**: If you want to start seahub in fastcgi, just change the +**"seahub.sh start"** in the last line above to **"seahub.sh +start-fastcgi"** + +* Done. Don't forget to update the value of **seafile_dir** later if + you update your seafile server. + +## RHEL/CentOS (run as service) + +On RHEL/CentOS we make use of the /etc/init.d/ scripts to start +seafile/seahub at system boot as service. + +### Create a file **/etc/sysconfig/seafile** + +``` +# Change the value of "user" to your linux user name +user=haiwen + +# Change the value of "seafile_dir" to your path of seafile installation +# usually the home directory of $user +seafile_dir=/data/haiwen +script_path=${seafile_dir}/seafile-server-latest +seafile_init_log=${seafile_dir}/logs/seafile.init.log +seahub_init_log=${seafile_dir}/logs/seahub.init.log + +# Change the value of fastcgi to true if fastcgi is to be used +fastcgi=false + +# Set the port of fastcgi, default is 8000. Change it if you need different. +fastcgi_port=8000 + +``` + +### Create a script **/etc/init.d/seafile** + +``` +#!/bin/bash +# +# seafile + +# +# chkconfig: - 68 32 +# description: seafile + +# Source function library. +. /etc/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +if [ -f /etc/sysconfig/seafile ];then + . /etc/sysconfig/seafile + else + echo "Config file /etc/sysconfig/seafile not found! Bye." + exit 200 + fi + +RETVAL=0 + +start() { + # Start daemons. + echo -n $"Starting seafile: " + ulimit -n 30000 + su - ${user} -c"${script_path}/seafile.sh start >> ${seafile_init_log} 2>&1" + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/seafile + return $RETVAL +} + +stop() { + echo -n $"Shutting down seafile: " + su - ${user} -c"${script_path}/seafile.sh stop >> ${seafile_init_log} 2>&1" + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/seafile + return $RETVAL +} + +# +# Write a polite log message with date and time +# +echo -e "\n \n About to perform $1 for seafile at `date -Iseconds` \n " >> ${seafile_init_log} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|reload) + stop + start + RETVAL=$? + ;; + *) + echo $"Usage: $0 {start|stop|restart}" + RETVAL=3 +esac + +exit $RETVAL + +``` + +### Create a script **/etc/init.d/seahub** + +``` +#!/bin/bash +# +# seahub + +# +# chkconfig: - 69 31 +# description: seahub + +# Source function library. +. /etc/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +if [ -f /etc/sysconfig/seafile ];then + . /etc/sysconfig/seafile + else + echo "Config file /etc/sysconfig/seafile not found! Bye." + exit 200 + fi + +RETVAL=0 + +start() { + # Start daemons. + echo -n $"Starting seahub: " + ulimit -n 30000 + if [ $fastcgi = true ]; + then + su - ${user} -c"${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log} 2>&1" + else + su - ${user} -c"${script_path}/seahub.sh start >> ${seahub_init_log} 2>&1" + fi + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/seahub + return $RETVAL +} + +stop() { + echo -n $"Shutting down seahub: " + su - ${user} -c"${script_path}/seahub.sh stop >> ${seahub_init_log} 2>&1" + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/seahub + return $RETVAL +} + +# +# Write a polite log message with date and time +# +echo -e "\n \n About to perform $1 for seahub at `date -Iseconds` \n " >> ${seahub_init_log} + +# See how we were called. +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart|reload) + stop + start + RETVAL=$? + ;; + *) + echo $"Usage: $0 {start|stop|restart}" + RETVAL=3 +esac + +exit $RETVAL + +``` + +Next, enable services: + +``` +chmod 550 /etc/init.d/seafile +chmod 550 /etc/init.d/seahub +chkconfig --add seafile +chkconfig --add seahub +chkconfig seahub on +chkconfig seafile on + +``` + +and run: + +``` +service seafile start +service seahub start + +``` + + diff --git a/manual/deploy/upgrade.md b/manual/deploy/upgrade.md new file mode 100644 index 00000000..d3ea5f6c --- /dev/null +++ b/manual/deploy/upgrade.md @@ -0,0 +1,165 @@ +# Upgrade manual + +This page is for users who use the pre-compiled seafile server package. +- If you [build seafile server from source](../build_seafile/server.md), please read the **Upgrading Seafile Server** section on that page, instead of this one. +- After upgrading, you may need to clean [seahub cache](add_memcached.md) if it doesn't behave as expect. +- If you are running a **cluster**, please read [upgrade a Seafile cluster](../deploy_pro/upgrade_a_cluster.md). + +## Upgrade notes +Please check the [upgrade notes](upgrade_notes.md) for any special configuration or changes before/while upgrading. + +--- + +## Major version upgrade (e.g. from 4.x.x to 5.y.y) + + +Suppose you are using version 4.3.0 and like to upgrade to version 5.0.0. First download and extract the new version. You should have a directory layout similar to this: + +``` +haiwen + -- seafile-server-4.3.0 + -- seafile-server-5.0.0 + -- ccnet + -- seafile-data +``` + + +Now upgrade to version 5.0.0. + +1. Shutdown Seafile server if it's running + + ```sh + cd haiwen/seafile-server-4.3.0 + ./seahub.sh stop + ./seafile.sh stop + # or via service + /etc/init.d/seafile-server stop + ``` +2. Check the upgrade scripts in seafile-server-5.0.0 directory. + + ```sh + cd haiwen/seafile-server-5.0.0 + ls upgrade/upgrade_* + ``` + + You will get a list of upgrade files: + + ``` + ... + upgrade/upgrade_4.0_4.1.sh + upgrade/upgrade_4.1_4.2.sh + upgrade/upgrade_4.2_4.3.sh + upgrade/upgrade_4.3_4.4.sh + upgrade/upgrade_4.4_5.0.sh + ``` + +3. Start from your current version, run the script(s one by one) + + ``` + upgrade/upgrade_4.3_4.4.sh + upgrade/upgrade_4.4_5.0.sh + ``` + +4. Start Seafile server + + ```sh + cd haiwen/seafile-server-5.0.0/ + ./seafile.sh start + ./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi + # or via service + /etc/init.d/seafile-server start + ``` + +5. If the new version works fine, the old version can be removed + + ```sh + rm -rf seafile-server-4.3.0/ + ``` + +## Minor version upgrade (e.g. from 5.0.x to 5.1.y) + +Suppose you are using version 5.0.0 and like to upgrade to version 5.1.0. First download and extract the new version. You should have a directory layout similar to this: + +``` +haiwen + -- seafile-server-5.0.0 + -- seafile-server-5.1.0 + -- ccnet + -- seafile-data +``` + + +Now upgrade to version 5.1.0. + +1. Shutdown Seafile server if it's running + + ```sh + cd haiwen/seafile-server-5.0.0 + ./seahub.sh stop + ./seafile.sh stop + # or via service + /etc/init.d/seafile-server stop + ``` + +2. Check the upgrade scripts in seafile-server-5.1.0 directory. + + ```sh + cd haiwen/seafile-server-5.1.0 + ls upgrade/upgrade_* + ``` + + You will get a list of upgrade files: + + ``` + ... + upgrade/upgrade_4.0_4.1.sh + upgrade/upgrade_4.1_4.2.sh + upgrade/upgrade_4.2_4.3.sh + upgrade/upgrade_4.3_4.4.sh + upgrade/upgrade_4.4_5.0.sh + upgrade/upgrade_5.0_5.1.sh + ``` + +3. Start from your current version, run the script(s one by one) + + ``` + upgrade/upgrade_5.0_5.1.sh + ``` + +4. Start Seafile server + + ```sh + cd haiwen/seafile-server-5.1.0/ + ./seafile.sh start + ./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi + # or via service + /etc/init.d/seafile-server start + ``` + +5. If the new version works, the old version can be removed + + ```sh + rm -rf seafile-server-5.0.0/ + ``` + +## Maintenance version upgrade (e.g. from 5.1.2 to 5.1.3) + +A maintenance upgrade is for example an upgrade from 5.1.2 to 5.1.3. + +1. Shutdown Seafile server if it's running + +2. For this type of upgrade, you only need to update the symbolic links (for avatar and a few other folders). +A script to perform a minor upgrade is provided with Seafile server (for history reasons, the script is called `minor-upgrade.sh`): + + ```sh + cd seafile-server-5.1.3 + upgrade/minor-upgrade.sh + ``` + +3. Start Seafile + +4. If the new version works, the old version can be removed + + ```sh + rm -rf seafile-server-5.1.2/ + ``` diff --git a/manual/deploy/upgrade_notes.md b/manual/deploy/upgrade_notes.md new file mode 100644 index 00000000..eaaa5a08 --- /dev/null +++ b/manual/deploy/upgrade_notes.md @@ -0,0 +1,153 @@ +# Upgrade notes + +These notes give additional information about changes. +Please always follow the [main upgrade guide](./upgrade.md). + +## Summary + +* [Upgrade notes for V6.x.x](#upgrade-notes-v6.x.x) +* [Upgrade notes for V5.x.x](#upgrade-notes-v5.x.x) +* [Upgrade notes for V4.x.x](#upgrade-notes-v4.x.x) + +*This documentation is just done from V4 + !* + +------ + +# Upgrade Notes V6.x.x + +## Important release changes + +From this version, the Wiki module is hidden by default. Users will not be able to turn it on. For compatibility with older versions, it can be turned on by adding the following line to `seahub_settings.py`: + +```python +ENABLE_WIKI = True +``` + +--- + +## V6.1.0 + +### Video Thumbnails + +Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first. +For details, please refer to the [manual](./video_thumbnails.md). + +### OnlyOffice +The system requires some minor changes to support the OnlyOffice document server. +Please follow the instructions [here](./only_office.md). + +### Pip Pillow upgrade + +``` +# for Ubuntu 16.04 +sudo apt-get install libjpeg-dev +pip install --upgrade Pillow +# If the pillow installation fails you may install +# "build-dep python-imaging" instead of just "libjpeg-dev" + +# for Debian 8 +apt-get install libjpeg-dev +pip install --upgrade Pillow + +# If the pillow installation fails you may install +# "build-dep python-imaging" instead of just "libjpeg-dev" + +# for Centos 7 +sudo yum install libjpeg-dev +pip install --upgrade Pillow +``` + +### Seahub does not start + +In case Seahub does not start after the upgrade, install python-requests. + +```bash +sudo apt-get install python-requests +``` + +--- + +## V6.0.0 - V6.0.9 + +There are no other special instructions. + +--- + +# Upgrade Notes V5.x.x + +## Important release changes + +__In Seafile 5.0, we moved all config files to the folder ```/seafile-root/conf```, including:__ + +- seahub_settings.py -> conf/seahub_settings.py +- ccnet/ccnet.conf -> conf/ccnet.conf +- seafile-data/seafile.conf -> conf/seafile.conf +- [pro only] pro-data/seafevents.conf -> conf/seafevents.conf + +------ + +## V5.1.4 + +**Python upgrade** +If you upgrade to 5.1.4+, you need to install the python 3 libs: + +``` +# for Ubuntu 16.04 +sudo apt-get install python-urllib3 + +# for Debian 8 +apt-get install python-urllib3 + +# for Centos 7 +sudo yum install python-urllib3 + +# for Arch Linux +pacman -Sy python2-urllib3 +``` + +--- + +## V5.0.0 - V5.1.3 + +Nothing to be installed/changed. + +------ + +# Upgrade Notes V4.x.x +These notes just give additional information about changes within each major version. +Please always follow the [main installation guide](./upgrade.md). + +## Important release changes + +- [Thumbnail string to number](##V4.3.0) + +--- + +## V4.3.1 - V4.4.6 + +There are no other special instructions. + +--- + +## V4.3.0 + +Change the setting of THUMBNAIL_DEFAULT_SIZE from string to number in ```seahub_settings.py```: + +Use ```THUMBNAIL_DEFAULT_SIZE = 24```, instead of ```THUMBNAIL_DEFAULT_SIZE = '24'```. + +--- + +## V4.2.0 - V4.2.3 + +**Note when upgrading to 4.2:** +If you deploy Seafile in a non-root domain, you need to add the following extra settings in ```seahub_settings.py```: +``` +COMPRESS_URL = MEDIA_URL +STATIC_URL = MEDIA_URL + '/assets/' +``` + +--- + +## V4.0.0 - V4.1.2 + +There are no other special instructions. diff --git a/manual/deploy/upgrade_with_mysql_or_postgresql.md b/manual/deploy/upgrade_with_mysql_or_postgresql.md new file mode 100644 index 00000000..6be912d7 --- /dev/null +++ b/manual/deploy/upgrade_with_mysql_or_postgresql.md @@ -0,0 +1,167 @@ +#Seafile +## Upgrade with MySQL or PostgreSQL + +First, download the new version, for example seafile-server_1.6.0_x86-64.tar.gz, and extract it to the directory where you put all Seafile related staff. You should have a directory layout similar to this: + +``` +haiwen + -- seafile-server-1.5.0 + -- seafile-server-1.6.0 + -- ccnet + -- seafile-data +``` + +## Major Continuous Upgrade (like from 1.5 to 1.6) + +Major continuous upgrade including upgrading from 1.5.0 to 1.6.0 or upgrading from 1.5.0 to 1.6.1. It involves four steps: + +1. Stop Seafile/Seahub +2. Update avatars folder and database tables +3. Update Nginx/Apache configs +4. Restart Seafile/Seahub + +### 2. Update avatars folder and database tables (After Seafile Server 2.1.1 for MySQL) + +Since seafile server 2.1.1, You can upgrade the the avatars folder and the databases using the upgrade scripts. The script's name is like `upgrade_X.X_Y.Y.sh`. For example, assume you are upgrading from seafile server 2.0.0 to seafile server 2.1.1, the you should run the `upgrade_2.0_2.1.sh` script. + +```sh +cd seafile-server-2.1.1/ +./upgrade/upgrade_2.0_2.1.sh +``` + +The script would update the avatars folder and the database tables for you. + +### 2. Update avatars folder and database tables (For PostgreSQL and before Seafile Server 2.1.1) + +Before Seafile Server 2.1.1 or if you are using PostgreSQL, you have to manually: + +- update the avatars folder symbolic link +- update and the database tables + +#### Update avatars symbolic link + +Assume your top level directory is `/data/haiwen/`, and you are upgrading to seafile server version 1.6.0: + +``` +cd /data/haiwen +cp -a seafile-server-1.6.0/seahub/media/avatars/* seahub-data/avatars/ +rm -rf seafile-server-1.6.0/seahub/media/avatars +#the new server avatars' folder will be linked to the updated avatars folder +ln -s -t seafile-server-1.6.0/seahub/media/ ../../../seahub-data/avatars/ +``` + +#### Update database tables + +When a new version of seafile server is released, there may be changes to the database of seafile/seahub/ccnet. We provide the sql statements to update the databases: + +- `upgrade/sql//mysql/seahub.sql`, for changes to seahub database +- `upgrade/sql//mysql/seafile.sql`, for changes to seafile database +- `upgrade/sql//mysql/ccnet.sql`, for changes to ccnet database + +To apply the changes, just execute the sqls in the correspondent database. If any of the sql files above do not exist, it means the new version does not bring changes to the correspondent database. + +```sh +seafile-server-1.6.0 +├── seafile +├── seahub +├── upgrade + ├── sql + ├── 1.6.0 + ├── mysql + ├── seahub.mysql + ├── seafile.mysql + ├── ccnet.mysql +``` + + +### 3. Update Nginx/Apache Config + +For Nginx: + +``` + location /media { + root /data/haiwen/seafile-server-1.6.0/seahub; + } +``` + +For Apache: + +``` +Alias /media /data/haiwen/seafile-server-1.6.0/seahub/media +``` + +**Tip:** +You can create a symbolic link `seafile-server-latest`, and make it point to your current seafile server folder (Since seafile server 2.1.0, the `setup-seafile.sh` script will do this for your). Then, each time you run a upgrade script, it would update the `seafile-server-latest` symbolic link to keep it always point to the latest version seafile server folder. + +In this case, you can write: + +``` + location /media { + root /data/haiwen/seafile-server-latest/seahub; + } +``` + +or For Apache: + +``` +Alias /media /data/haiwen/seafile-server-latest/seahub/media +``` + +This way, you no longer need to update the nginx/apache config file each time you upgrade your seafile server. + + +### 4. Restart Seafile/Seahub/Nginx/Apache + +After done above updating, now restart Seafile/Seahub/Nginx/Apache to see the new version at work! + +## Noncontinuous Upgrade (like from 1.1 to 1.3) + +You may also upgrade a few versions at once, e.g. from 1.1.0 to 1.3.0. +The procedure is: + +1. upgrade from 1.1.0 to 1.2.0; +2. upgrade from 1.2.0 to 1.3.0. + + +## Minor upgrade (like from 1.5.0 to 1.5.1) + +Minor upgrade is like an upgrade from 1.5.0 to 1.5.1. + +Here is our dir strutcutre + +``` +haiwen + -- seafile-server-1.5.0 + -- seafile-server-1.5.1 + -- ccnet + -- seafile-data +``` + +### Update the avatar link + +We provide a script for you, just run it: + +```sh +cd seafile-server-1.5.1 +upgrade/minor-upgrade.sh +``` + +### Update Nginx/Apache Config + +For Nginx: + +``` + location /media { + root /data/haiwen/seafile-server-1.5.1/seahub; + } +``` + +For Apache: + +``` +Alias /media /data/haiwen/seafile-server-1.5.1/seahub/media +``` + +### Restart Seafile/Seahub/Nginx/Apache + +After done above updating, now restart Seafile/Seahub/Nginx/Apache to see the new version at work! diff --git a/manual/deploy/using_firewall.md b/manual/deploy/using_firewall.md new file mode 100644 index 00000000..852fc630 --- /dev/null +++ b/manual/deploy/using_firewall.md @@ -0,0 +1,5 @@ +# Firewall settings + +By default the ports `8000` and `8082` need to be opened in the firewall for incoming TCP connections. + +If you run Seafile behind Nginx/Apache with HTTPS, you only need to open port 443 TCP. diff --git a/manual/deploy/using_fuse.md b/manual/deploy/using_fuse.md new file mode 100644 index 00000000..06ebdb06 --- /dev/null +++ b/manual/deploy/using_fuse.md @@ -0,0 +1,89 @@ +# Seafile +## Using Fuse + +Files in the seafile system are split to blocks, which means what are stored on your seafile server are not complete files, but blocks. This design faciliates effective data deduplication. + +However, administrators sometimes want to access the files directly on the server. You can use seaf-fuse to do this. + +`Seaf-fuse` is an implementation of the [http://fuse.sourceforge.net FUSE] virtual filesystem. In a word, it mounts all the seafile files to a folder (which is called the '''mount point'''), so that you can access all the files managed by seafile server, just as you access a normal folder on your server. + +Seaf-fuse is added since Seafile Server '''2.1.0'''. + +'''Note:''' +* Encrypted folders can't be accessed by seaf-fuse. +* Currently the implementation is '''read-only''', which means you can't modify the files through the mounted folder. +* One debian/centos systems, you need to be in the "fuse" group to have the permission to mount a FUSE folder. + +## How to start seaf-fuse + +Assume we want to mount to `/data/seafile-fuse`. + +#### Create the folder as the mount point + +``` +mkdir -p /data/seafile-fuse +``` + +#### Start seaf-fuse with the script + +'''Note:''' Before start seaf-fuse, you should have started seafile server with `./seafile.sh start`. + +``` +./seaf-fuse.sh start /data/seafile-fuse +``` + +#### Stop seaf-fuse + +``` +./seaf-fuse.sh stop +``` + +## Contents of the mounted folder + +#### The top level folder + +Now you can list the content of `/data/seafile-fuse`. + +``` +$ ls -lhp /data/seafile-fuse + +drwxr-xr-x 2 root root 4.0K Jan 1 1970 abc@abc.com/ +drwxr-xr-x 2 root root 4.0K Jan 1 1970 foo@foo.com/ +drwxr-xr-x 2 root root 4.0K Jan 1 1970 plus@plus.com/ +drwxr-xr-x 2 root root 4.0K Jan 1 1970 sharp@sharp.com/ +drwxr-xr-x 2 root root 4.0K Jan 1 1970 test@test.com/ +``` + +* The top level folder contains many subfolders, each of which corresponds to a user +* The time stamp of files and folders is not preserved. + +#### The folder for each user + +``` +$ ls -lhp /data/seafile-fuse/abc@abc.com + +drwxr-xr-x 2 root root 924 Jan 1 1970 5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/ +drwxr-xr-x 2 root root 1.6K Jan 1 1970 a09ab9fc-7bd0-49f1-929d-6abeb8491397_My Notes/ +``` + +From the above list you can see, under the folder of a user there are subfolders, each of which represents a library of that user, and has a name of this format: '''{library_id}-{library-name}'''. + +#### The folder for a library + +``` +$ ls -lhp /data/seafile-fuse/abc@abc.com/5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/ + +-rw-r--r-- 1 root root 501K Jan 1 1970 image.png +-rw-r--r-- 1 root root 501K Jan 1 1970 sample.jpng +``` + +#### If you get a "Permission denied" error + +If you get an error message saying "Permission denied" when running `./seaf-fuse.sh start`, most likely you are not in the "fuse group". You should: + +* Add yourself to the fuse group +``` +sudo usermod -a -G fuse +``` +* Logout your shell and login again +* Now try `./seaf-fuse.sh start ` again. diff --git a/manual/deploy/using_ldap.md b/manual/deploy/using_ldap.md new file mode 100644 index 00000000..31bea55c --- /dev/null +++ b/manual/deploy/using_ldap.md @@ -0,0 +1,135 @@ +# Configure Seafile to use LDAP + +Note: This documentation is for the Community Edition. If you're using Pro Edition, please refer to [the Seafile Pro documentation](../deploy_pro/using_ldap_pro.md). + +## How does LDAP User Management work in Seafile + +When Seafile is integrated with LDAP/AD, users in the system can be divided into two tiers: + +- Users within Seafile's internal user database. Some attributes are attached to these users, such as whether it's a system admin user, whether it's activated. This tier includes two types of users: + * Native users: these users are created by the admin on Seafile's system admin interface. These users are stored in the `EmailUser` table of the `ccnet` database. + * Users imported from LDAP/AD server: When a user in LDAP/AD logs into Seafile, its information will be imported from LDAP/AD server into Seafile's database. These users are stored in the `LDAPUsers` table of the `ccnet` database. +- Users in LDAP/AD server. These are all the intended users of Seafile inside the LDAP server. Seafile doesn't manipulate these users directly. It has to import them into its internal database before setting attributes on them. + +When Seafile counts the number of users in the system, it only counts the **activated** users in its internal database. + +When Seafile is integrated with LDAP/AD, it'll look up users from both the internal database and LDAP server. As long as the user exists in one of these two sources, they can log into the system. + +## Basic LDAP/AD Integration + +The only requirement for Seafile to use LDAP/AD for authentication is that there must be a unique identifier for each user in the LDAP/AD server. Seafile can only use email-address-format user identifiers. So there are usually only two options for this unique identifier: + +- Email address: this is the most common choice. Most organizations assign unique email address for each member. +- UserPrincipalName: this is a user attribute only available in Active Directory. It's format is `user-login-name@domain-name`, e.g. `john@example.com`. It's not a real email address, but it works fine as the unique identifier. + +### Connecting to Active Directory + +To use AD to authenticate user, please add the following lines to ccnet.conf. + +If you choose email address as unique identifier: + + [LDAP] + HOST = ldap://192.168.1.123/ + BASE = cn=users,dc=example,dc=com + USER_DN = administrator@example.local + PASSWORD = secret + LOGIN_ATTR = mail + +If you choose UserPrincipalName as unique identifier: + + [LDAP] + HOST = ldap://192.168.1.123/ + BASE = cn=users,dc=example,dc=com + USER_DN = administrator@example.local + PASSWORD = secret + LOGIN_ATTR = userPrincipalName + +Meaning of each config options: + +* HOST: LDAP URL for the host. ldap://, ldaps:// and ldapi:// are supported. You can also include a port number in the URL, like ldap://ldap.example.com:389. To use TLS, you should configure the LDAP server to listen on LDAPS port and specify ldaps:// here. More details about TLS will be covered below. +* BASE: The root distinguished name (DN) to use when running queries against the directory server. **You cannot use the root DN (e.g. dc=example,dc=com) as BASE**. +* USER_DN: The distinguished name of the user that Seafile will use when connecting to the directory server. This user should have sufficient privilege to access all the nodes under BASE. It's recommended to use a user in the administrator group. +* PASSWORD: Password of the above user. +* LOGIN_ATTR: The attribute used for user's unique identifier. Use `mail` or `userPrincipalName`. + +Tips for choosing BASE and USER_DN: + +* To determine the BASE, you first have to navigate your organization hierachy on the domain controller GUI. + * If you want to allow all users to use Seafile, you can use 'cn=users,dc=yourdomain,dc=com' as BASE (with proper adjustment for your own needs). + * If you want to limit users to a certain OU (Organization Unit), you run `dsquery` command on the domain controller to find out the DN for this OU. For example, if the OU is 'staffs', you can run 'dsquery ou -name staff'. More information can be found [here](https://technet.microsoft.com/en-us/library/cc770509.aspx). +* AD supports 'user@domain.name' format for the USER_DN option. For example you can use administrator@example.com for USER_DN. Sometime the domain controller doesn't recognize this format. You can still use `dsquery` command to find out user's DN. For example, if the user name is 'seafileuser', run `dsquery user -name seafileuser`. More information [here](https://technet.microsoft.com/en-us/library/cc725702.aspx). + +### Connecting to other LDAP servers + +Please add the following options to ccnet.conf: + + [LDAP] + HOST = ldap://192.168.1.123/ + BASE = ou=users,dc=example,dc=com + USER_DN = cn=admin,dc=example,dc=com + PASSWORD = secret + LOGIN_ATTR = mail + +The meaning of the options are the same as described in the previous section. With other LDAP servers, you can only use `mail` attribute as user's unique identifier. + +## Advanced LDAP/AD Integration Options + +### Multiple BASE + +Multiple base DN is useful when your company has more than one OUs to use Seafile. You can specify a list of base DN in the "BASE" config. The DNs are separated by ";", e.g. `ou=developers,dc=example,dc=com;ou=marketing,dc=example,dc=com` + +### Additional Search Filter + +Search filter is very useful when you have a large organization but only a portion of people want to use Seafile. The filter can be given by setting "FILTER" config. The value of this option follows standard LDAP search filter syntax (https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx). + +The final filter used for searching for users is `(&($LOGIN_ATTR=*)($FILTER))`. `$LOGIN_ATTR` and `$FILTER` will be replaced by your option values. + +For example, add the following line to LDAP config: + +``` +FILTER = memberOf=CN=group,CN=developers,DC=example,DC=com +``` + +The final search filter would be `(&(mail=*)(memberOf=CN=group,CN=developers,DC=example,DC=com))` + +Note that the case of attribute names in the above example is significant. The `memberOf` attribute is only available in Active Directory. + +### Limiting Seafile Users to a Group in Active Directory + +You can use the FILTER option to limit user scope to a certain AD group. + +1. First, you should find out the DN for the group. Again, we'll use the `dsquery` command on the domain controller. For example, if group name is 'seafilegroup', run `dsquery group -name seafilegroup`. +2. Add the following line to LDAP config: + +``` +FILTER = memberOf={output of dsquery command} +``` + +### Using TLS connection to LDAP/AD server + +To use a TLS connection to the directory server, you should install a valid SSL certificate on the directory server. + +The current version of Seafile Linux server package is compiled on CentOS. We include the ldap client library in the package to maintain compatibility with older Linux distributions. But since different Linux distributions have different path or configuration for OpenSSL library, sometimes Seafile is unable to connect to the directory server with TLS. + +The ldap library (libldap) bundled in the Seafile package is of version 2.4. If your Linux distribution is new enough (like CentOS 6, Debian 7 or Ubuntu 12.04 or above), you can use system's libldap instead. + +On Ubuntu 14.04 and Debian 7/8, moving the bundled ldap related libraries out of the library path should make TLS connection work. + +``` +cd ${SEAFILE_INSTALLATION_DIR}/seafile-server-latest/seafile/lib +mkdir disabled_libs_use_local_ones_instead +mv liblber-2.4.so.2 libldap-2.4.so.2 libsasl2.so.2 libldap_r-2.4.so.2 disabled_libs_use_local_ones_instead/ +``` + +On CentOS 6, you have to move the libnssutil library: + +``` +cd ${SEAFILE_INSTALLATION_DIR}/seafile-server-latest/seafile/lib +mkdir disabled_libs_use_local_ones_instead +mv libnssutil3.so disabled_libs_use_local_ones_instead/ +``` + +This effectively removes the bundled libraries from the library search path. +When the server starts, it'll instead find and use the system libraries (if they are installed). +This change has to be repeated after each update of the Seafile installation. + diff --git a/manual/deploy/using_logrotate.md b/manual/deploy/using_logrotate.md new file mode 100644 index 00000000..e1ee94d6 --- /dev/null +++ b/manual/deploy/using_logrotate.md @@ -0,0 +1,67 @@ +# Set up logrotate for server + +## How it works + +seaf-server, ccnet-server (since version 3.1) and seafile-controller (since version 6.0.8) support reopenning +logfiles by receiving a `SIGUR1` signal. + +This feature is very useful when you need cut logfiles while you don't want +to shutdown the server. All you need to do now is cutting the logfile on the fly. + +## Default logrotate configuration directory + +For debian, the default directory for logrotate should be `/etc/logrotate.d/` + +## Sample configuration + +Assuming your ccnet-server's logfile is `/home/haiwen/logs/ccnet.log` and your +ccnet-server's pidfile for ccnet-server is `/home/haiwen/pids/ccnet.pid`. + +Assuming your seaf-server's logfile is setup to `/home/haiwen/logs/seafile.log` and your +seaf-server's pidfile for seaf-server is setup to `/home/haiwen/pids/seaf-server.pid`: + +The configuration for logrotate could be like this: + +``` +/home/haiwen/logs/seafile.log +{ + daily + missingok + rotate 15 + compress + delaycompress + notifempty + sharedscripts + postrotate + [ ! -f /home/haiwen/pids/seaf-server.pid ] || kill -USR1 `cat /home/haiwen/pids/seaf-server.pid` + endscript +} + +/home/haiwen/logs/ccnet.log +{ + daily + missingok + rotate 15 + compress + delaycompress + notifempty + sharedscripts + postrotate + [ ! -f /home/haiwen/pids/ccnet.pid ] || kill -USR1 `cat /home/haiwen/pids/ccnet.pid` + endscript +} + +/home/haiwen/logs/index.log +{ + monthly + missingok + rotate 15 + compress + delaycompress + notifempty + sharedscripts +} + +``` + +You can save this file, in debian for example, at `/etc/logrotate.d/seafile`. diff --git a/manual/deploy/using_mysql.md b/manual/deploy/using_mysql.md new file mode 100644 index 00000000..90ab235c --- /dev/null +++ b/manual/deploy/using_mysql.md @@ -0,0 +1,361 @@ +# Deploying Seafile with MySQL + +This manual explains how to setup and run Seafile server from a pre-built package with MySQL. + +**Tip:** If you are deploying the Seafile service for the first time, we recommend that you use an [automatic installation script](https://github.com/haiwen/seafile-server-installer) to quickly deploy a Seafile service. + +## Download + +[Download](https://www.seafile.com/en/download) the latest server package. + +## Deploying and Directory Layout + +Supposed you have downloaded `seafile-server_*` into `/opt/seafile/`. We suggest you to use the following layout for your deployment: + +``` +mkdir /opt/seafile +mv seafile-server_* /opt/seafile +cd /opt/seafile +# after moving seafile-server_* to this directory +tar -xzf seafile-server_* +mkdir installed +mv seafile-server_* installed + +``` + +Now you should have the following directory layout + +``` +#tree seafile -L 2 +seafile +├── installed +│   └── seafile-server_7.0.0_x86-64.tar.gz +└── seafile-server-7.0.0 + ├── reset-admin.sh + ├── runtime + ├── seafile + ├── seafile.sh + ├── seahub + ├── seahub.sh + ├── setup-seafile-mysql.sh + └── upgrade + +``` + +The benefit of this layout is that: + +* We can place all the config files for Seafile server inside `/opt/seafile/conf` directory, making it easier to manage. +* When you upgrade to a new version of Seafile, you can simply untar the latest package into `/opt/seafile` directory. In this way you can reuse the existing config files in `/opt/seafile` directory and don't need to configure again. + +## Prepare MySQL Databases + +Three components of Seafile Server need their own databases: + +* ccnet server +* seafile server +* seahub + +See [Seafile Server Components Overview](../overview/components.md) if you want to know more about the Seafile server components. + +There are two ways to intialize the databases: + +* let the `setup-seafile-mysql.sh` script create the databases for you. +* create the databases by yourself, or someone else (the database admin, for example) + +We recommend the first way. The script would ask you for the root password of the mysql server, and it will create: + +* database for ccnet/seafile/seahub. +* a new user to access these databases + +However, sometimes you have to use the second way. If you don't have the root password, you need someone who has the privileges, e.g., the database admin, to create the three databases, as well as a mysql user who can access the three databases for you. For example, to create three databases: `ccnet_db` / `seafile_db` / `seahub_db` for ccnet/seafile/seahub respectively, and a mysql user "seafile" to access these databases run the following SQL queries: + +``` +create database `ccnet_db` character set = 'utf8'; +create database `seafile_db` character set = 'utf8'; +create database `seahub_db` character set = 'utf8'; + +create user 'seafile'@'localhost' identified by 'seafile'; + +GRANT ALL PRIVILEGES ON `ccnet_db`.* to `seafile`@localhost; +GRANT ALL PRIVILEGES ON `seafile_db`.* to `seafile`@localhost; +GRANT ALL PRIVILEGES ON `seahub_db`.* to `seafile`@localhost; + +``` + +## Setting Up Seafile Server + +### Prerequisites + +The Seafile server package requires the following packages to be installed on your system: + +**For Seafile 7.0.x** + +``` +# on Ubuntu 16.04 +apt-get update +apt-get install python2.7 python-setuptools python-mysqldb python-urllib3 python-ldap -y + +``` + +``` +# on CentOS 7 +yum install python python-setuptools MySQL-python python-urllib3 python-ldap -y + +``` + +**For Seafile 7.1.x** + +``` +# on Debian 10/Ubuntu 18.04 +apt-get update +apt-get install python3 python3-setuptools python3-pip -y + +pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \ + django-pylibmc django-simple-captcha python3-ldap + +``` + +``` +# on CentOS 8 +yum install python3 python3-setuptools python3-pip -y + +pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \ + django-pylibmc django-simple-captcha python3-ldap + +``` + +### Setup + +``` +cd seafile-server-* +./setup-seafile-mysql.sh # run the setup script & answer prompted questions + +``` + +If some of the prerequisites are not installed, the Seafile initialization script will ask you to install them. + +The script will guide you through the settings of various configuration options. + +** Seafile configuration options ** + +| Option | Description | Note | +| ------------------- | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | +| server name | Name of this seafile server | 3-15 characters, only English letters, digits and underscore ('\_') are allowed | +| server ip or domain | The IP address or domain name used by this server | Seafile client program will access the server with this address | +| seafile data dir | Seafile stores your data in this directory. By default it'll be placed in the current directory. | The size of this directory will increase as you put more and more data into Seafile. Please select a disk partition with enough free space. | +| fileserver port | The TCP port used by Seafile fileserver | Default is 8082. If it's been used by other service, you can set it to another port. | + +At this moment, you will be asked to choose a way to initialize Seafile databases: + +```sh +------------------------------------------------------- +Please choose a way to initialize Seafile databases: +------------------------------------------------------- + +[1] Create new ccnet/seafile/seahub databases +[2] Use existing ccnet/seafile/seahub databases + +``` + +Which one to choose depends on if you have the root password. + +* If you choose "1", you need to provide the root password. The script would create the databases and a new user to access the databases +* If you choose "2", the ccnet/seafile/seahub databases must have already been created, either by you, or someone else. + +If you choose "\[1] Create new ccnet/seafile/seahub databases", you would be asked these questions: + +| Question | Description | Note | +| ------------------------------- | ----------------------------------------------------------------- | -------------------------------------------------------------------- | +| mysql server host | the host address of the mysql server | the default is localhost | +| mysql server port | the port of the mysql server | the default is 3306. Almost every mysql server uses this port. | +| root password | the password of mysql root account | the root password is required to create new databases and a new user | +| mysql user for Seafile | the username for Seafile programs to use to access MySQL server | if the user does not exist, it would be created | +| password for Seafile mysql user | the password for the user above | | +| ccnet dabase name | the name of the database used by ccnet, default is "ccnet_db" | the database would be created if not existing | +| seafile dabase name | the name of the database used by Seafile, default is "seafile_db" | the database would be created if not existing | +| seahub dabase name | the name of the database used by seahub, default is "seahub_db" | the database would be created if not existing | + +If you choose "\[2] Use existing ccnet/seafile/seahub databases", you would be asked these questions: + +** related questions for "Use existing ccnet/seafile/seahub databases" ** + +| Question | Description | Note | +| ------------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------------- | +| mysql server host | the host address of the mysql server | the default is localhost | +| mysql server port | the port of the mysql server | the default is 3306. Almost every mysql server uses this port | +| mysql user for Seafile | the user for Seafile programs to use to access MySQL server | the user must already exists | +| password for Seafile mysql user | the password for the user above | | +| ccnet dabase name | the name of the database used by ccnet, default is "ccnet-db" | this database must already exist | +| seafile dabase name | the name of the database used by Seafile, default is "seafile-db" | this database must already exist | +| seahub dabase name | the name of the database used by Seahub, default is "seahub-db" | this database must already exist | + +If the setup is successful, you'll see the following output + +![server-setup-succesfully](../images/Server-setup-successfully.png) + +Now you should have the following directory layout : + +```sh +#tree seafile -L 2 +seafile +├── ccnet # configuration files +│   ├── mykey.peer +│   ├── PeerMgr +│   └── seafile.ini +├── conf +│ └── ccnet.conf +│ └── seafile.conf +│ └── seahub_settings.py +│ └── gunicorn.conf +├── installed +│   └── seafile-server_7.0.0_x86-64.tar.gz +├── seafile-data +├── seafile-server-7.0.0 # active version +│   ├── reset-admin.sh +│   ├── runtime +│   ├── seafile +│   ├── seafile.sh +│   ├── seahub +│   ├── seahub.sh +│   ├── setup-seafile-mysql.sh +│   └── upgrade +├── seafile-server-latest # symbolic link to seafile-server-7.0.0 +├── seahub-data +│   └── avatars + +``` + +The folder `seafile-server-latest` is a symbolic link to the current Seafile server folder. When later you upgrade to a new version, the upgrade scripts update this link to point to the latest Seafile Server folder. + +## Running Seafile Server + +### Starting Seafile Server and Seahub Website + +Under seafile-server-latest directory, run the following commands + +``` +./seafile.sh start # Start Seafile service +./seahub.sh start # Start seahub website, port defaults to 127.0.0.1:8000 + +``` + +The first time you start Seahub, the script would prompt you to create an admin account for your Seafile Server. + +**Note:** The Seahub service listens on `127.0.0.1:8000` by default. So we recommend that you deploy a reverse proxy service so that other users can access the Seahub service. + +### Deploy a reverse proxy service + +You can choose [Apache](deploy_with_apache.md) or [Nginx](deploy_with_nginx.md) as the reverse proxy service. + +After deployed the reverse proxy service, you may open a web browser and visit Seafile web interface at (assume your server IP is 192.168.1.111): + +``` +http://192.168.1.111/ + +``` + +Congratulations! Now you have successfully setup your private Seafile Server. + +### Run Seahub on another port + +If you want to run Seahub on a port other than the default 8000, say 8001, you must modify the `conf/gunicorn.conf`: + +``` +# default localhost:8000 +bind = "0.0.0.0:8001" + +``` + +Then restart Seafile service: + +``` +./seafile.sh restart +./seahub.sh restart + +``` + +## Stopping and Restarting Seafile and Seahub + +### Stopping + +``` +./seahub.sh stop # stop Seahub website +./seafile.sh stop # stop Seafile processes + +``` + +### Restarting + +``` +./seafile.sh restart +./seahub.sh restart + +``` + +### When the Scripts Fail + +Most of the time, seafile.sh and seahub.sh work fine. But if they fail, you may + +* Use `pgrep` command to check if seafile/seahub processes are still running + + +``` +pgrep -f seafile-controller # check seafile processes +pgrep -f "seahub" # check seahub process + +``` + +* Use `pkill` to kill the processes + + +``` +pkill -f seafile-controller +pkill -f "seahub" + +``` + +## Performance turning + +If you have more than 50 users, we highly recommand you to [add memcached](../deploy/add_memcached.md). This is going to greatly speed up Seahub (the web frontend). + +## Setup in non-interactive way + +Since Seafile Pro Edition version 5.1.4, `setup-seafile-mysql.sh` supports auto mode. You can run the setup script in non-interactive by supplying the needed parameters via script parameters or environment variables. + +```sh +cd seafile-server-* +./setup-seafile-mysql.sh auto [param1] [param2]... + +``` + +Related parameters as follow: + +| Option | Script parameter | Environment variable | Default value | +| ------------------------------- | ---------------- | -------------------- | --------------------------------------------------------------------------------- | +| server name | \-n | SERVER_NAME | hostname -s(short host name) | +| server ip or domain | \-i | SERVER_IP | hostname -i(address for the host name) | +| fileserver port | \-p | FILESERVER_PORT | 8082 | +| seafile data dir | \-d | SEAFILE_DIR | current directory | +| use existing db | \-e | USE_EXISTING_DB | 0(create new db) | +| mysql server host | \-o | MYSQL_HOST | 127.0.0.1 | +| mysql server port | \-t | MYSQL_PORT | 3306 | +| mysql root password | \-r | MYSQL_ROOT_PASSWD | no default value(must be set when create new db) | +| mysql user for seafile | \-u | MYSQL_USER | no default value(must be set) | +| password for seafile mysql user | \-w | MYSQL_USER_PASSWD | no default value(must be set) | +| mysql user host | \-q | MYSQL_USER_HOST | no default value(must be set when create new db and using non local mysql server) | +| ccnet dabase name | \-c | CCNET_DB | ccnet-db | +| seafile dabase name | \-s | SEAFILE_DB | seafile-db | +| seahub dabase name | \-b | SEAHUB_DB | seahub-db | + +**Note: If both script parameter and environment variable assigned, script parameter has higher priority. If neither script parameter nor environment variable assigned, default value will be used.** + +## That's it! + +That's it! Now you may want read more about Seafile. + +* [Deploy Seafile with Nginx](deploy_with_nginx.md) / [Deploy Seafile with Apache](deploy_with_apache.md) +* [Enable Https on Seafile Web with Nginx](https_with_nginx.md) / [Enable Https on Seafile Web with Apache](https_with_apache.md) +* [Configure Seafile to use LDAP](using_ldap.md) +* [How to manage the server](../maintain/README.md) + + diff --git a/manual/deploy/using_sqlite.md b/manual/deploy/using_sqlite.md new file mode 100644 index 00000000..7812c9c8 --- /dev/null +++ b/manual/deploy/using_sqlite.md @@ -0,0 +1,286 @@ +# Deploying Seafile with SQLite + +## Download binary package + +Visit our [download page](http://www.seafile.com/en/download/#server), download the latest server package. + +Choose one of: +- Generic Linux +- Windows +- Server for Raspberry Pi + +``` +#check if your system is x86 (32bit) or x86_64 (64 bit) +uname -m +``` +Click the tarball link and save it. + + +## Deploying and Directory Layout + +NOTE: If you place the Seafile data directory in external storage, such as NFS, CIFS mount, you should not use SQLite as the database, but use MySQL instead. + +Supposed your organization's name is "haiwen", and you've downloaded seafile-server_1.4.0_* into your home directory. We suggest you to use the following layout for your deployment: +```sh +mkdir haiwen +mv seafile-server_* haiwen +cd haiwen +# after moving seafile-server_* to this directory +tar -xzf seafile-server_* +mkdir installed +mv seafile-server_* installed +``` + +Now you should have the following directory layout +```sh +# tree . -L 2 +. +├── installed +│ └── seafile-server_1.4.0_x86-64.tar.gz +└── seafile-server-1.4.0 + ├── reset-admin.sh + ├── runtime + ├── seafile + ├── seafile.sh + ├── seahub + ├── seahub.sh + ├── setup-seafile.sh + └── upgrade +``` + +Benefits of this layout are + + - We can place all the config files for Seafile server inside "haiwen" directory, making it easier to manage. + - When you upgrade to a new version of Seafile, you can simply untar the latest package into "haiwen" directory. In this way you can reuse the existing config files in "haiwen" directory and don't need to configure again. + + +## Setting Up Seafile Server +#### Prerequisites + +The Seafile server package requires the following packages have been installed in your system + +- python 2.7 +- python-setuptools +- python-ldap +- python-urllib3 +- python-requests +- sqlite3 + +``` +#on Debian/Ubuntu 14.04 server +apt-get update +apt-get install python2.7 libpython2.7 python-setuptools python-ldap python-urllib3 sqlite3 python-requests +``` + +``` +# on Ubuntu 16.04 server +# As the default python binary on Ubuntu 16.04 server is python 3, we need to install python (python 2) first. +apt-get update +apt-get install python +apt-get install python2.7 libpython2.7 python-setuptools python-ldap python-urllib3 ffmpeg python-pip sqlite3 python-requests +pip install Pillow==4.3.0 +pip install moviepy # used in movie file thumbnails +``` + +``` +# on CentOS 7 +yum -y install epel-release +rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro +yum -y install MySQL-python python-memcached python-ldap python-urllib3 ffmpeg ffmpeg-devel python-requests +pip install Pillow==4.3.0 +pip install moviepy # used in movie file thumbnails +``` + +#### Setup + +```sh +cd seafile-server-* +./setup-seafile.sh #run the setup script & answer prompted questions +``` + +If some of the prerequisites are not installed, the Seafile initialization script will ask you to install them. + +The script will guide you through the settings of various configuration options. + +**Seafile configuration options** + +| Option | Description | Note | +| -- | -- | ---- | +| server name | Name of this Seafile server | 3-15 characters, only English letters, digits and underscore ('_') are allowed | +| server ip or domain | The IP address or domain name used by this server | Seafile client program will access the server with this address | +| Seafile data dir | Seafile stores your data in this directory. By default it'll be placed in the current directory. | The size of this directory will increase as you put more and more data into Seafile. Please select a disk partition with enough free space. | +| fileserver port | The TCP port used by Seafile fileserver | Default is 8082. If it's been used by other service, you can set it to another port. | + + +Now you should have the following directory layout: + +```sh +#tree haiwen -L 2 +haiwen +├── ccnet # configuration files +│ ├── mykey.peer +│ ├── PeerMgr +│ └── seafile.ini +├── conf +│ └── ccnet.conf +│ └── seafile.conf +│ └── seahub_settings.py +├── installed +│ └── seafile-server_1.4.0_x86-64.tar.gz +├── seafile-data +├── seafile-server-1.4.0 # active version +│ ├── reset-admin.sh +│ ├── runtime +│ ├── seafile +│ ├── seafile.sh +│ ├── seahub +│ ├── seahub.sh +│ ├── setup-seafile.sh +│ └── upgrade +├── seafile-server-latest # symbolic link to seafile-server-1.4.0 +├── seahub-data +│ └── avatars +├── seahub.db +``` + +The folder seafile-server-latest is a symbolic link to the current Seafile server folder. When later you upgrade to a new version, the upgrade scripts would update this link to keep it always point to the latest Seafile server folder. + +## Running Seafile Server + +#### Before Running + +Since Seafile uses persistent connections between client and server, you should increase Linux file descriptors by ulimit if you have a large number of clients before start Seafile, like: + +``ulimit -n 30000`` + +#### Starting Seafile Server and Seahub Website + +- Start Seafile: +``` +./seafile.sh start # Start Seafile service +``` + +- Start Seahub: +``` +./seahub.sh start # Start Seahub website, port defaults to 8000 +``` + +**Note**: The first time you start Seahub, the script is going to prompt you to create an admin account for your Seafile server. + +After starting the services, you may open a web browser and type in + +``http://192.168.1.111:8000`` + +you will be redirected to the Login page. Just enter the admin username and password. + +**Congratulations!** Now you have successfully setup your private Seafile server. + +#### Run Seahub on another port + +If you want to run Seahub on a port other than the default 8000, say 8001, you must: + +**Seafile 6.2.x and previous versions** + +- stop the Seafile server +``` +./seahub.sh stop +./seafile.sh stop +``` + +- modify the value of SERVICE_URL in the file [ccnet.conf](../config/ccnet-conf.md), like this: (assume your ip or domain is 192.168.1.100). You can also modify SERVICE_URL via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.) + +``` +SERVICE_URL = http://192.168.1.100:8001 +``` + +- restart Seafile server +``` +./seafile.sh start +./seahub.sh start 8001 +``` + +See Seafile [Server Configuration Manual](../config/ccnet-conf.md) for more details about ``ccnet.conf``. + +**Seafile 6.3.x and above versions** + +You can assign the port of Seahub by setting the `conf/gunicorn.conf`. + +- stop the Seafile server +``` +./seahub.sh stop +./seafile.sh stop +``` + +- modify the value of SERVICE_URL in the file [ccnet.conf](../config/ccnet-conf.md), like this: (assume your ip or domain is 192.168.1.100). You can also modify SERVICE_URL via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.) + +``` +SERVICE_URL = http://192.168.1.100:8001 +``` + +- **modify the conf/gunicorn.conf** + +``` +# default localhost:8000 +bind = "0.0.0.0:8001" +``` + +- restart Seafile server +``` +./seafile.sh start +./seahub.sh start +``` + +See Seafile [Server Configuration Manual](../config/ccnet-conf.md) for more details about ``ccnet.conf``. + +## Manage Seafile and Seahub +#### Stopping +``` +./seahub.sh stop # stop seahub website +./seafile.sh stop # stop seafile processes +``` +#### Restarting +``` +./seafile.sh restart +./seahub.sh restart +``` +#### When the Scripts Fail + +Most of the time, `seafile.sh` and `seahub.sh` work fine. But if they fail, you might want to + +- Use pgrep command to check if Seafile/Seahub processes are still running +``` +pgrep -f seafile-controller # check Seafile processes +pgrep -f "seahub" # check Seahub process +``` + +- Use pkill to kill the processes +``` +pkill -f seafile-controller +pkill -f "seahub" +``` + +## Setup in non-interactive way + +Since Seafile version 5.1.4, `setup-seafile.sh` supports auto mode. You can run the setup script in non-interactive by supply the needed parameters via script parameters or environment variables. + +```sh +cd seafile-server-* +./setup-seafile.sh auto [param1] [param2]... +``` + +Related parameters as follow: + +Option | Script parameter | Environment variable | Default value +--------|--------|--------|-------- +server name | -n | SERVER_NAME | hostname -s(short host name) +server ip or domain | -i |SERVER_IP | hostname -i(address for the host name) +fileserver port | -p | FILESERVER_PORT | 8082 +seafile data dir | -d | SEAFILE_DIR | current directory + +**Note: If both script parameter and environment variable assigned, script parameter has higher priority. If neither script parameter nor environment variable assigned, default value will be used.** + +## That's it! +For a production server we highly recommend to setup with Nginx/Apache and enable SSL/TLS. + +That's it! Now you might want read more about Seafile. +- [Administration](../maintain/README.md) diff --git a/manual/deploy/using_syslog.md b/manual/deploy/using_syslog.md new file mode 100644 index 00000000..1e741b3b --- /dev/null +++ b/manual/deploy/using_syslog.md @@ -0,0 +1,94 @@ +## Configure Seafile to Use Syslog + +Since community edition 5.1.2 and professional edition 5.1.4, Seafile support using Syslog. + +### Configure Syslog for Seafile Controller and Server + +Add following configuration to `general` section in `seafile.conf`: +``` +[general] +enable_syslog = true +``` + +Restart seafile server, you will find follow logs in `/var/log/syslog`: +``` +May 10 23:45:19 ubuntu seafile-controller[16385]: seafile-controller.c(154): starting ccnet-server ... +May 10 23:45:19 ubuntu seafile-controller[16385]: seafile-controller.c(73): spawn_process: ccnet-server -F /home/plt/haiwen/conf -c /home/plt/haiwen/ccnet -f /home/plt/haiwen/logs/ccnet.log -d -P /home/plt/haiwen/pids/ccnet.pid +``` +``` +May 12 01:00:51 ubuntu seaf-server[21552]: ../common/mq-mgr.c(60): [mq client] mq cilent is started +May 12 01:00:51 ubuntu seaf-server[21552]: ../common/mq-mgr.c(106): [mq mgr] publish to hearbeat mq: seaf_server.heartbeat +``` + +### Configure Syslog For Seafevents (Professional Edition only) + +Add following configuration to `seafevents.conf`: +``` +[Syslog] +enabled = true +``` + +Restart seafile server, you will find follow logs in `/var/log/syslog` +``` +May 12 01:00:52 ubuntu seafevents[21542]: [seafevents] database: mysql, name: seahub-pro +May 12 01:00:52 ubuntu seafevents[21542]: seafes enabled: True +May 12 01:00:52 ubuntu seafevents[21542]: seafes dir: /home/plt/pro-haiwen/seafile-pro-server-5.1.4/pro/python/seafes +``` + +### Configure Syslog For Seahub + +Add following configurations to `seahub_settings.py`: + +``` +LOGGING = { + 'version': 1, + 'disable_existing_loggers': True, + 'formatters': { + 'verbose': { + 'format': '%(process)-5d %(thread)d %(name)-50s %(levelname)-8s %(message)s' + }, + 'standard': { + 'format': '%(asctime)s [%(levelname)s] %(name)s:%(lineno)s %(funcName)s %(message)s' + }, + 'simple': { + 'format': '[%(asctime)s] %(name)s %(levelname)s %(message)s', + 'datefmt': '%d/%b/%Y %H:%M:%S' + }, + }, + 'filters': { + 'require_debug_false': { + '()': 'django.utils.log.RequireDebugFalse', + }, + 'require_debug_true': { + '()': 'django.utils.log.RequireDebugTrue', + }, + }, + 'handlers': { + 'console': { + 'filters': ['require_debug_true'], + 'class': 'logging.StreamHandler', + 'formatter': 'simple' + }, + 'syslog': { + 'class': 'logging.handlers.SysLogHandler', + 'address': '/dev/log', + 'formatter': 'standard' + }, + }, + 'loggers': { + # root logger +        # All logs printed by Seahub and any third party libraries will be handled by this logger. +        '': { + 'handlers': ['console', 'syslog'], + 'level': 'INFO', # Logs when log level is higher than info. Level can be any one of DEBUG, INFO, WARNING, ERROR, CRITICAL. + 'disabled': False + }, + # This logger recorded logs printed by Django Framework. For example, when you see 5xx page error, you should check the logs recorded by this logger. + 'django.request': { + 'handlers': ['console', 'syslog'], + 'level': 'INFO', + 'propagate': False, + }, + }, +} +``` diff --git a/manual/deploy/video_thumbnails.md b/manual/deploy/video_thumbnails.md new file mode 100644 index 00000000..92e04a1c --- /dev/null +++ b/manual/deploy/video_thumbnails.md @@ -0,0 +1,59 @@ +# Video thumbnails + +### Install ffmpeg package + +You need to install ffmpeg package to let the video thumbnail work correctly: + +**Ubuntu 16.04** +``` +# Install ffmpeg +apt-get install ffmpeg + +# Now we need to install some modules +pip install pillow moviepy +``` + +**Centos 7** +``` +# We need to activate the epel repos +yum -y install epel-release +rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro + +# Then update the repo and install ffmpeg +yum -y install ffmpeg ffmpeg-devel + +# Now we need to install some modules +pip install pillow moviepy +``` + +**Debian Jessie** +```python +# Add backports repo to /etc/apt/sources.list +# e.g. the following repo works (June 2017) +deb http://httpredir.debian.org/debian jessie-backports main non-free +deb-src http://httpredir.debian.org/debian jessie-backports main non-free + +# Then update the repo and install ffmpeg +apt-get update +apt-get install ffmpeg + +# Now we need to install some modules +pip install pillow moviepy +``` + +### Configure Seafile to create thumbnails + +Now configure accordingly in `seahub_settings.py` + +```python +# Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first. +# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html +# NOTE: since version 6.1 +ENABLE_VIDEO_THUMBNAIL = True + +# Use the frame at 5 second as thumbnail +THUMBNAIL_VIDEO_FRAME_TIME = 5 + +# Absolute filesystem path to the directory that will hold thumbnail files. +THUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/' +``` diff --git a/manual/deploy_pro/README.md b/manual/deploy_pro/README.md new file mode 100644 index 00000000..dda6e3a3 --- /dev/null +++ b/manual/deploy_pro/README.md @@ -0,0 +1,68 @@ +# Deploy Seafile Pro Edition + + +Install Seafile Pro Edition + +- Method 1: [Deploy Seafile with Docker](deploy_with_docker.md) +- Method 2 (For Debian and CentOS 7): [Deploy Seafile with an installation script](https://github.com/haiwen/seafile-server-installer#auto-install-seafile-server-ce-and-pro). The installer offer a quick and easy way to set up a production ready Seafile Server using MariaDB, Memcached and NGINX as a reverse proxy in under 5 minutes. +- Method 3: [Download and Setup Seafile Professional Server Step by Step](download_and_setup_seafile_professional_server.md) + +## LDAP/AD Integration for Pro + +- [Configure LDAP in Seafile Pro](using_ldap_pro.md) +- [Syncing Groups from LDAP/AD](ldap_group_sync.md) +- [Syncing Roles from LDAP/AD](ldap_role_sync.md) + +## Migration and Upgrading + +- [Migrate from Seafile Community Server](migrate_from_seafile_community_server.md) +- [Upgrade Seafile Professional Server](upgrading_seafile_professional_server.md) + +## S3/OpenSwift/Ceph Storage Backends + +- [Setup Seafile Professional Server With Amazon S3](setup_with_amazon_s3.md) +- [Setup Seafile Professional Server With OpenStack Swift](setup_with_swift.md) +- [Setup Seafile Professional Server With Ceph](setup_with_ceph.md) +- [Migrate from File System to Ceph](migrate_to_ceph.md) +- [Storage Backend Encryption](seaf_encrypt.md) +- [Data migration between different backends](migrate.md) + +## Search + +- [Details about File Search](details_about_file_search.md) + +## Online File Preview and Editing + +- [Enable Office/PDF Documents Online Preview](office_documents_preview.md) +- [Integrating with Office Online Server](office_web_app.md) + +## Virus Scan + +- [Virus Scan](virus_scan.md) +- [Virus Scan With Kav4fs](virus_scan_with_kav4fs.md) + +## Cluster + +- [Deploy seafile servers in a cluster](deploy_in_a_cluster.md) +- [Enable search and background tasks in a cluster](enable_search_and_background_tasks_in_a_cluster.md) +- [Setup Seafile cluster with NFS](setup_seafile_cluster_with_nfs.md) +- [Upgrade a cluster](upgrade_a_cluster.md) + +## Advanced User Management + +- [Multi-Institutions Support](multi_institutions.md) +- [Roles and Permissions](roles_permissions.md) + +## Advanced Authentication + +- [Two-factor Authentication](two_factor_authentication.md) +- [ADFS or SAML 2.0](adfs.md) +- [CAS](cas.md) + +## Backup + +- [Real-time Backup Server](real_time_backup.md) + +## Admin Tools + +- [Import Directory to Seafile](seaf_import.md) diff --git a/manual/deploy_pro/adfs.md b/manual/deploy_pro/adfs.md new file mode 100644 index 00000000..622a0056 --- /dev/null +++ b/manual/deploy_pro/adfs.md @@ -0,0 +1,228 @@ +# AD Federation Service or SAML 2.0 Integration + +This documentation describes how to integrate to ADFS with SAML 2.0 protocol. The procedure can also be used to integrate with other SAML 2.0 compliant service with minimal change. + +## Requirements + +To use ADFS to log in to your Seafile, you need the following components: + +1. A Winodws Server with [ADFS](https://technet.microsoft.com/en-us/library/hh831502.aspx) installed. For configuring and installing ADFS you can see [this article](https://msdn.microsoft.com/en-us/library/gg188612.aspx). +2. A valid SSL certificate for ADFS server, and here we use **adfs-server.adfs.com** as the domain name example. +3. A valid SSL certificate for Seafile server, and here we use **demo.seafile.com** as the domain name example. + +## Prepare Certs File + +1、x.509 certs for SP (Service Provider) + +You can generate them by: + +``` +openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout sp.key -out sp.crt + +``` + +These x.509 certs are used to sign and encrypt elements like NameID and Metadata for SAML. + +**Note: Do not use some special characters when generating a certificate** + +2、Then copy these two files to `/seahub-data/certs`. (if the certs folder not exists, create it.) + +1. x.509 cert from IdP (Identity Provider) +2. Log into the ADFS server and open the ADFS management. +3. Double click **Service** and choose **Certificates**. +4. Export the **Token-Signing** certificate: + 1. Right-click the certificate and select **View Certificate**. + 2. Select the **Details** tab. + 3. Click **Copy to File** (select **DER encoded binary X.509**). +5. Convert this certificate to PEM format, rename it to **idp.crt** +6. Then copy it to `/seahub-data/certs`. + +## Prepare IdP Metadata File + +1. Open +2. Save this xml file, rename it to **idp_federation_metadata.xml** +3. Copy it to `/seahub-data/certs`. + +## Install Requirements on Seafile Server + +* For Ubuntu 16.04 + + +``` +sudo apt install libxmlsec1 xmlsec1 +sudo pip install cryptography djangosaml2==0.15.0 + +``` + +## Config Seafile + +Add the following lines to **seahub_settings.py** + +``` +from os import path +import saml2 +import saml2.saml + +CERTS_DIR = '/seahub-data/certs' +SP_SERVICE_URL = 'https://demo.seafile.com' +XMLSEC_BINARY = '/usr/bin/xmlsec1' +ATTRIBUTE_MAP_DIR = '/seafile-server-latest/seahub-extra/seahub_extra/adfs_auth/attribute-maps' +SAML_ATTRIBUTE_MAPPING = { + 'DisplayName': ('display_name', ), + 'ContactEmail': ('contact_email', ), + 'Department': ('department', ), + 'Telephone': ('telephone', ), +} + +ENABLE_ADFS_LOGIN = True +EXTRA_AUTHENTICATION_BACKENDS = ( + 'seahub_extra.adfs_auth.backends.Saml2Backend', +) +SAML_USE_NAME_ID_AS_USERNAME = True +LOGIN_REDIRECT_URL = '/saml2/complete/' +SAML_CONFIG = { + # full path to the xmlsec1 binary programm + 'xmlsec_binary': XMLSEC_BINARY, + + 'allow_unknown_attributes': True, + + # your entity id, usually your subdomain plus the url to the metadata view + 'entityid': SP_SERVICE_URL + '/saml2/metadata/', + + # directory with attribute mapping + 'attribute_map_dir': ATTRIBUTE_MAP_DIR, + + # this block states what services we provide + 'service': { + # we are just a lonely SP + 'sp' : { + "allow_unsolicited": True, + 'name': 'Federated Seafile Service', + 'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS, + 'endpoints': { + # url and binding to the assetion consumer service view + # do not change the binding or service name + 'assertion_consumer_service': [ + (SP_SERVICE_URL + '/saml2/acs/', + saml2.BINDING_HTTP_POST), + ], + # url and binding to the single logout service view + # do not change the binding or service name + 'single_logout_service': [ + (SP_SERVICE_URL + '/saml2/ls/', + saml2.BINDING_HTTP_REDIRECT), + (SP_SERVICE_URL + '/saml2/ls/post', + saml2.BINDING_HTTP_POST), + ], + }, + + # attributes that this project need to identify a user + 'required_attributes': ["uid"], + + # attributes that may be useful to have but not required + 'optional_attributes': ['eduPersonAffiliation', ], + + # in this section the list of IdPs we talk to are defined + 'idp': { + # we do not need a WAYF service since there is + # only an IdP defined here. This IdP should be + # present in our metadata + + # the keys of this dictionary are entity ids + 'https://adfs-server.adfs.com/federationmetadata/2007-06/federationmetadata.xml': { + 'single_sign_on_service': { + saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/idpinitiatedsignon.aspx', + }, + 'single_logout_service': { + saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/?wa=wsignout1.0', + }, + }, + }, + }, + }, + + # where the remote metadata is stored + 'metadata': { + 'local': [path.join(CERTS_DIR, 'idp_federation_metadata.xml')], + }, + + # set to 1 to output debugging information + 'debug': 1, + + # Signing + 'key_file': '', + 'cert_file': path.join(CERTS_DIR, 'idp.crt'), # from IdP + + # Encryption + 'encryption_keypairs': [{ + 'key_file': path.join(CERTS_DIR, 'sp.key'), # private part + 'cert_file': path.join(CERTS_DIR, 'sp.crt'), # public part + }], + + 'valid_for': 24, # how long is our metadata valid +} + +``` + +**Note: Users running the Seafile program should have permission to read all files under **`seahub-data/certs`**.** + +## **Role Map for ADFS** + +Since Pro 7.0.9, you are able to set user role with ADFS as with [Shibboleth](https://download.seafile.com/published/seafile-manual/deploy/shibboleth_config.md#user-content-Affiliation%20and%20user%20role). Details about user role, please refer to [role permissions](https://download.seafile.com/published/seafile-manual/deploy_pro/roles_permissions.md). + +To enable this, add the following configuration information to `seahub_settings.py` to define the role mapping: + +``` +SHIBBOLETH_AFFILIATION_ROLE_MAP = { + 'role@lian-adfs.local': 'can_generate_upload_link_false', + 'role1@lian-adfs.local': 'guest', + 'patterns': ( + ('*@lian-adfs.local', 'guest1'), + ('*@*.local', 'guest2'), + ('*', 'guest3'), + ), +} + +``` + +## Config ADFS Server + +1. Add **Relying Party Trust** + + Relying Party Trust is the connection between Seafile and ADFS. + +1. Log into the ADFS server and open the ADFS management. +2. Double click **Trust Relationships**, then right click **Relying Party Trusts**, select **Add Relying Party Trust…**. +3. Select **Import data about the relying party published online or one a local network**, input `https://demo.seafile.com/saml2/metadata/` in the **Federation metadata address**. +4. Then **Next** until **Finish**. +5. Add **Relying Party Claim Rules** + + Relying Party Claim Rules is used for attribute communication between Seafile and users in Windows Domain. + + **Important**: Users in Windows domain must have the **E-mail** value setted. + +1. Right-click on the relying party trust and select **Edit Claim Rules...** +2. On the Issuance Transform Rules tab select **Add Rules...** +3. Select **Send LDAP Attribute as Claims** as the claim rule template to use. +4. Give the claim a name such as LDAP Attributes. +5. Set the Attribute Store to **Active Directory**, the LDAP Attribute to **E-Mail-Addresses**, and the Outgoing Claim Type to **E-mail Address**. +6. Select **Finish**. +7. Click **Add Rule...** again. +8. Select **Transform an Incoming Claim**. +9. Give it a name such as **Email to Name ID**. +10. Incoming claim type should be **E-mail Address** (it must match the Outgoing Claim Type in rule #1). +11. The Outgoing claim type is **Name ID** (this is requested in Seafile settings policy `'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS`). +12. the Outgoing name ID format is **Email**. +13. **Pass through all claim values** and click **Finish**. + +## Test + +After re-starting the services, you may open a web browser and type in `https://demo.seafile.com`, there should be a `ADFS` button in login dialog, click that button will redirect you to the ADFS server (adfs-server.adfs.com), if username and password are correct, you will be redirect back to Seafile home page. + +For descktop client, simply click "Shibboleth Login" in "Add a new account" window, type in `https://demo.seafile.com`, click OK button will open a new window display ADFS server login page, if username and password are correct, the window will be closed and show Seafile libraries panel. + +* +* +* + + diff --git a/manual/deploy_pro/admin_roles_permissions.md b/manual/deploy_pro/admin_roles_permissions.md new file mode 100644 index 00000000..0b220137 --- /dev/null +++ b/manual/deploy_pro/admin_roles_permissions.md @@ -0,0 +1,46 @@ +# Roles and Permissions Support + +Starting from version 6.2.2, you can add/edit roles and permission for administrators. Seafile has four build-in admin roles: + + 1. default_admin, has all permissions. + + 1. system_admin, can only view system info and config system. + + 1. daily_admin, can only view system info, view statistic, manage library/user/group, view user log. + + 1. audit_admin, can only view system info and admin log. + +All administrators will have `default_admin` role with all permissions by default. If you set an administrator to some other admin role, the administrator will **only have the permissions you configured to `True`**. + +Seafile supports eight permissions for now, its configuration is very like common user role, you can custom it by adding the following settings to `seahub_settings.py`. + +``` +ENABLED_ADMIN_ROLE_PERMISSIONS = { + 'system_admin': { + 'can_view_system_info': True, + 'can_config_system': True, + }, + 'daily_admin': { + 'can_view_system_info': True, + 'can_view_statistic': True, + 'can_manage_library': True, + 'can_manage_user': True, + 'can_manage_group': True, + 'can_view_user_log': True, + }, + 'audit_admin': { + 'can_view_system_info': True, + 'can_view_admin_log': True, + }, + 'custom_admin': { + 'can_view_system_info': True, + 'can_config_system': True, + 'can_view_statistic': True, + 'can_manage_library': True, + 'can_manage_user': True, + 'can_manage_group': True, + 'can_view_user_log': True, + 'can_view_admin_log': True, + }, +} +``` diff --git a/manual/deploy_pro/cas.md b/manual/deploy_pro/cas.md new file mode 100644 index 00000000..328a10c1 --- /dev/null +++ b/manual/deploy_pro/cas.md @@ -0,0 +1,35 @@ +# Log In By CAS (Deprecated) + +> New in 2019: CAS is not recommend way for SSO. The third party Python library is not well maintained. SAML2 is much better. + +Since Seafile-pro 6.3.0, Seafile supports CAS single-sign-on protocol. + +NOTE: The support for CAS protocol is deprecated due to low maintenance of third-party library. Please use OAuth or SAML protocol. + +## Requirements + +Supposed you have a usable CAS service, and the service can be accessed by the `https://:/cas/`. + +## configure seahub_settings.py + +* Add the following lines in `conf/seahub_settings.py` + + +``` +ENABLE_CAS = True +CAS_SERVER_URL = 'https://192.168.99.100:8443/cas/' +CAS_LOGOUT_COMPLETELY = True +# Uncomment following line if CAS server is using self-signed certificate +#CAS_SERVER_CERT_VERIFY = False + +``` + +* Restart the seahub + + +``` +./seahub.sh restart + +``` + +Now, you can login to Seafile web interface with CAS authentication. Please click the "Single Sign-on" on the Seafile's login page. diff --git a/manual/deploy_pro/change_default_java.md b/manual/deploy_pro/change_default_java.md new file mode 100644 index 00000000..60104b6f --- /dev/null +++ b/manual/deploy_pro/change_default_java.md @@ -0,0 +1,25 @@ + +When you have both Java 6 and Java 7 installed, the default Java may not be Java 7. + +Do this by typing `java -version`, and check the output. + +- If the output is like **"java version "1.7.0_xx"**, then the default Java is Java 7, which is good. +- If the output is like **"java version "1.6.0_xx"**, then the default Java is Java 6, we need to configure default Java to Java 7. + +If the default Java is Java 6, then do + +On Debian/Ubuntu: +``` +sudo update-alternatives --config java +``` + +On CentOS/RHEL: +``` +sudo alternatives --config java +``` + +The above command will ask you to choose one of the installed Java versions as default. You should choose Java 7 here. + +After that, re-run `java -version` to make sure the change has taken effect. + +[Reference link](http://unix.stackexchange.com/questions/35185/installing-openjdk-7-jdk-does-not-update-java-which-is-still-version-1-6) diff --git a/manual/deploy_pro/config_seafile_with_ADFS.md b/manual/deploy_pro/config_seafile_with_ADFS.md new file mode 100644 index 00000000..8d8cce58 --- /dev/null +++ b/manual/deploy_pro/config_seafile_with_ADFS.md @@ -0,0 +1,221 @@ +### Requirements + +To use ADFS to log in to your Seafile, you need the following components: + +1. A Winodws Server with [ADFS](https://technet.microsoft.com/en-us/library/hh831502.aspx) installed. For configuring and installing ADFS you can see [this article](https://msdn.microsoft.com/en-us/library/gg188612.aspx). + +1. A valid SSL certificate for ADFS server, and here we use **adfs-server.adfs.com** as the domain name example. + +1. A valid SSL certificate for Seafile server, and here we use **demo.seafile.com** as the domain name example. + +### Prepare Certs File + +1. x.509 certs for SP (Service Provider) + + You can generate them by: + + ``` +openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout sp.key -out sp.crt +``` + + These x.509 certs are used to sign and encrypt elements like NameID and Metadata for SAML. + + Then copy these two files to **/seahub-data/certs**. (if the certs folder not exists, create it.) + +2. x.509 cert from IdP (Identity Provider) + + 1. Log into the ADFS server and open the ADFS management. + + 1. Double click **Service** and choose **Certificates**. + + 1. Export the **Token-Signing** certificate: + + 1. Right-click the certificate and select **View Certificate**. + 1. Select the **Details** tab. + 1. Click **Copy to File** (select **DER encoded binary X.509**). + + 1. Convert this certificate to PEM format, rename it to **idp.crt** + + 1. Then copy it to **/seahub-data/certs**. + +### Prepare IdP Metadata File + +1. Open https://adfs-server.adfs.com/federationmetadata/2007-06/federationmetadata.xml + +1. Save this xml file, rename it to **idp_federation_metadata.xml** + +1. Copy it to **/seahub-data/certs**. + +### Install Requirements on Seafile Server + +- For Ubuntu 16.04 +``` +sudo apt install xmlsec1 +sudo pip install cryptography djangosaml2==0.15.0 +``` + +### Config Seafile + +Add the following lines to **seahub_settings.py** + +``` +from os import path +import saml2 +import saml2.saml + +# update following lines according to your situation +CERTS_DIR = '/seahub-data/certs' +SP_SERVICE_URL = 'https://demo.seafile.com' +XMLSEC_BINARY = '/usr/local/bin/xmlsec1' +ATTRIBUTE_MAP_DIR = '/seafile-server-latest/seahub-extra/seahub_extra/adfs_auth/attribute-maps' +SAML_ATTRIBUTE_MAPPING = { + 'DisplayName': ('display_name', ), + 'ContactEmail': ('contact_email', ), + 'Deparment': ('department', ), + 'Telephone': ('telephone', ), +} + +# update the 'idp' section in SAMPL_CONFIG according to your situation, and leave others as default +ENABLE_ADFS_LOGIN = True +EXTRA_AUTHENTICATION_BACKENDS = ( + 'seahub_extra.adfs_auth.backends.Saml2Backend', +) +SAML_USE_NAME_ID_AS_USERNAME = True +LOGIN_REDIRECT_URL = '/saml2/complete/' +SAML_CONFIG = { + # full path to the xmlsec1 binary programm + 'xmlsec_binary': XMLSEC_BINARY, + + 'allow_unknown_attributes': True, + + # your entity id, usually your subdomain plus the url to the metadata view + 'entityid': SP_SERVICE_URL + '/saml2/metadata/', + + # directory with attribute mapping + 'attribute_map_dir': ATTRIBUTE_MAP_DIR, + + # this block states what services we provide + 'service': { + # we are just a lonely SP + 'sp' : { + "allow_unsolicited": True, + 'name': 'Federated Seafile Service', + 'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS, + 'endpoints': { + # url and binding to the assetion consumer service view + # do not change the binding or service name + 'assertion_consumer_service': [ + (SP_SERVICE_URL + '/saml2/acs/', + saml2.BINDING_HTTP_POST), + ], + # url and binding to the single logout service view + # do not change the binding or service name + 'single_logout_service': [ + (SP_SERVICE_URL + '/saml2/ls/', + saml2.BINDING_HTTP_REDIRECT), + (SP_SERVICE_URL + '/saml2/ls/post', + saml2.BINDING_HTTP_POST), + ], + }, + + # attributes that this project need to identify a user + 'required_attributes': ["uid"], + + # attributes that may be useful to have but not required + 'optional_attributes': ['eduPersonAffiliation', ], + + # in this section the list of IdPs we talk to are defined + 'idp': { + # we do not need a WAYF service since there is + # only an IdP defined here. This IdP should be + # present in our metadata + + # the keys of this dictionary are entity ids + 'https://adfs-server.adfs.com/federationmetadata/2007-06/federationmetadata.xml': { + 'single_sign_on_service': { + saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/idpinitiatedsignon.aspx', + }, + 'single_logout_service': { + saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/?wa=wsignout1.0', + }, + }, + }, + }, + }, + + # where the remote metadata is stored + 'metadata': { + 'local': [path.join(CERTS_DIR, 'idp_federation_metadata.xml')], + }, + + # set to 1 to output debugging information + 'debug': 1, + + # Signing + 'key_file': '', + 'cert_file': path.join(CERTS_DIR, 'idp.crt'), # from IdP + + # Encryption + 'encryption_keypairs': [{ + 'key_file': path.join(CERTS_DIR, 'sp.key'), # private part + 'cert_file': path.join(CERTS_DIR, 'sp.crt'), # public part + }], + + 'valid_for': 24, # how long is our metadata valid +} + +``` + +### Config ADFS Server + +1. Add **Relying Party Trust** + + Relying Party Trust is the connection between Seafile and ADFS. + + 1. Log into the ADFS server and open the ADFS management. + + 1. Double click **Trust Relationships**, then right click **Relying Party Trusts**, select **Add Relying Party Trust…**. + + 1. Select **Import data about the relying party published online or one a local network**, input `https://demo.seafile.com/saml2/metadata/ ` in the **Federation metadata address**. + + 1. Then **Next** until **Finish**. + +1. Add **Relying Party Claim Rules** + + Relying Party Claim Rules is used for attribute communication between Seafile and users in Windows Domain. + + **Important**: Users in Windows domain must have the **E-mail** value setted. + + 1. Right-click on the relying party trust and select **Edit Claim Rules...** + + 1. On the Issuance Transform Rules tab select **Add Rules...** + + 1. Select **Send LDAP Attribute as Claims** as the claim rule template to use. + + 1. Give the claim a name such as LDAP Attributes. + + 1. Set the Attribute Store to **Active Directory**, the LDAP Attribute to **E-Mail-Addresses**, and the Outgoing Claim Type to **E-mail Address**. + + 1. Select **Finish**. + + 1. Click **Add Rule...** again. + + 1. Select **Transform an Incoming Claim**. + + 1. Give it a name such as **Email to Name ID**. + + 1. Incoming claim type should be **E-mail Address** (it must match the Outgoing Claim Type in rule #1). + + 1. The Outgoing claim type is **Name ID** (this is requested in Seafile settings policy ` 'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS`). + + 1. the Outgoing name ID format is **Email**. + + 1. **Pass through all claim values** and click **Finish**. + +---- + +- https://support.zendesk.com/hc/en-us/articles/203663886-Setting-up-single-sign-on-using-Active-Directory-with-ADFS-and-SAML-Plus-and-Enterprise- + +- http://wiki.servicenow.com/?title=Configuring_ADFS_2.0_to_Communicate_with_SAML_2.0#gsc.tab=0 + +- https://github.com/rohe/pysaml2/blob/master/src/saml2/saml.py diff --git a/manual/deploy_pro/deploy_clamav_as_daemon.md b/manual/deploy_pro/deploy_clamav_as_daemon.md new file mode 100644 index 00000000..03604402 --- /dev/null +++ b/manual/deploy_pro/deploy_clamav_as_daemon.md @@ -0,0 +1,148 @@ +# Run ClamAV as a Daemon + +## For Ubuntu 16.04 + +### Install clamav-daemon & clamav-freshclam + +``` +apt-get install clamav-daemon clamav-freshclam +``` + +You should run Clamd with a root permission to scan any files. +Edit the conf `/etc/clamav/clamd.conf`,change the following line: + +``` +LocalSocketGroup root +User root +``` + +### Start the clamav-daemon + +``` +systemctl start clamav-daemon +``` + +* Test the software + +``` +$ curl https://www.eicar.org/download/eicar.com.txt | clamdscan - +``` + +The output must include: + +``` +stream: Eicar-Test-Signature FOUND +``` + +## For CentOS 7 + +### Install Clamd + +``` +yum install epel-release +yum install clamav-server clamav-data clamav-filesystem clamav-lib clamav-update clamav clamav-devel +``` + +### Run freshclam + +* Configure the freshclam to updating database + +``` +cp /etc/freshclam.conf /etc/freshclam.conf.bak +sed -i '/^Example/d' /etc/freshclam.conf +``` + +* Create the init script + +``` +cat > /usr/lib/systemd/system/clam-freshclam.service << 'EOF' +# Run the freshclam as daemon +[Unit] +Description = freshclam scanner +After = network.target + +[Service] +Type = forking +ExecStart = /usr/bin/freshclam -d -c 4 +Restart = on-failure +PrivateTmp = true + +[Install] +WantedBy=multi-user.target + +EOF +``` + +* Boot up + +``` +systemctl enable clam-freshclam.service +systemctl start clam-freshclam.service +``` + +### Configure Clamd + +``` +cp /usr/share/clamav/template/clamd.conf /etc/clamd.conf +sed -i '/^Example/d' /etc/clamd.conf +``` + +You should run Clamd with a root permission to scan any files. +Edit the `/etc/clamd.conf`,change the following line: + +``` +User root +... +LocalSocket /var/run/clamd.sock +``` + +### Run Clamd + +* Create the init script + +``` +cat > /etc/init.d/clamd << 'EOF' +case "$1" in + start) + echo -n "Starting Clam AntiVirus Daemon... " + /usr/sbin/clamd + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && touch /var/lock/subsys/clamd + ;; + stop) + echo -n "Stopping Clam AntiVirus Daemon... " + pkill clamd + rm -f /var/run/clamav/clamd.sock + rm -f /var/run/clamav/clamd.pid + RETVAL=$? + echo + [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/clamd + ;; +esac + +EOF +``` + +``` +chmod +x /etc/init.d/clamd +``` + +* Boot up + +``` +chkconfig clamd on +service clamd start +``` + +* Test the software + +``` +$ curl https://www.eicar.org/download/eicar.com.txt | clamdscan - +``` + +The output must include: + +``` +stream: Eicar-Test-Signature FOUND +``` \ No newline at end of file diff --git a/manual/deploy_pro/deploy_in_a_cluster.md b/manual/deploy_pro/deploy_in_a_cluster.md new file mode 100644 index 00000000..f862ee89 --- /dev/null +++ b/manual/deploy_pro/deploy_in_a_cluster.md @@ -0,0 +1,397 @@ +# Deploy in a cluster + +**Update**: Since Seafile Pro server 6.0.0, cluster deployment requires "sticky session" settings in the load balancer. Otherwise sometimes folder download on the web UI can't work properly. Read the "Load Balancer Setting" section below for details + +## Architecture + +The Seafile cluster solution employs a 3-tier architecture: + +* Load balancer tier: Distribute incoming traffic to Seafile servers. HA can be achieved by deploying multiple load balancer instances. +* Seafile server cluster: a cluster of Seafile server instances. If one instance fails, the load balancer will stop handing traffic to it. So HA is achieved. +* Backend storage: Distributed storage cluster, e.g. S3, Openstack Swift or Ceph. + +This architecture scales horizontally. That means, you can handle more traffic by adding more machines. The architecture is visualized in the following picture. + +![seafile-cluster](../images/seafile-cluster-arch.png) + +There are two main components on the Seafile server node: web server (Nginx/Apache) and Seafile app server. The web server passes requests from the clients to Seafile app server. The Seafile app servers work independently. They don't know about each other's state. That means each app server can fail independently without affecting other app server instances. The load balancer is responsible for detecting failure and re-routing requests. + +Even though Seafile app servers work independently, they still have to share some session information. All shared session information is stored in memcached. Thus, all Seafile app servers have to connect to the same memcached server (cluster). More details about memcached configuration is available later. + +The background server is the workhorse for various background tasks, including full-text indexing, office file preview, virus scanning, LDAP syncing. It should usually be run on a dedicated server for better performance. Currently only one background task server can be running in the entire cluster. If more than one background servers are running, they may conflict with each others when doing some tasks. If you need HA for background task server, you can consider using [Keepalived](http://www.keepalived.org/) to build a hot backup for it. More details can be found in [background server setup](enable_search_and_background_tasks_in_a_cluster.md). + +All Seafile app servers access the same set of user data. The user data has two parts: One in the MySQL database and the other one in the backend storage cluster (S3, Ceph etc.). All app servers serve the data equally to the clients. + +All app servers have to connect to the same database or database cluster. We recommend to use MariaDB Galera Cluster if you need a database cluster. + +There are a few steps to deploy a Seafile cluster: + +1. Prepare hardware, operating systems, memcached and database +2. Setup a single Seafile server node +3. Copy the deployment to other Seafile nodes +4. Setup Nginx/Apache and firewall rules +5. Setup load balancer +6. [Setup backgroup task node](enable_search_and_background_tasks_in_a_cluster.md) + +## Preparation + +### Hardware, Database, Memcached + +At least 3 Linux server with at least 4 cores, 8GB RAM. Two servers work as frontend servers, while one server works as background task server. Virtual machines are sufficient for most cases. + +In small cluster, you can re-use the 3 Seafile servers to run memcached cluster and MariaDB cluster. For larger clusters, you can have 3 more dedicated server to run memcached cluster and MariaDB cluster. Because the load on these two clusters are not high, they can share the hardware to save cost. Documentation about how to setup memcached cluster and MariaDB cluster can be found [here](memcached_mariadb_cluster.md) + +### Install Python libraries + +On each mode, you need to install some python libraries. + +First make sure your have installed Python 2.7, then: + +``` +sudo easy_install pip +sudo pip install boto + +``` + +If you receive an error stating "Wheel installs require setuptools >= ...", run this between the pip and boto lines above + +``` +sudo pip install setuptools --no-use-wheel --upgrade + +``` + +## Configure a Single Node + +You should make sure the config files on every Seafile server are consistent. + +### Get the license + +Put the license you get under the top level diretory. In our wiki, we use the diretory `/data/haiwen/` as the top level directory. + +### Download/Uncompress Seafile Professional Server + +``` +tar xf seafile-pro-server_6.1.3_x86-64.tar.gz + +``` + +Now you have: + +``` +haiwen +├── seafile-license.txt +└── seafile-pro-server-6.1.3/ + +``` + +### Setup Seafile + +Please follow [Download and Setup Seafile Professional Server With MySQL](download_and_setup_seafile_professional_server.md) to setup a single Seafile server node. + +Note: **Use the load balancer's address or domain name for the server address. Don't use the local IP address of each Seafile server machine. This assures the user will always access your service via the load balancers.** + +After the setup process is done, you still have to do a few manual changes to the config files. + +#### seafile.conf + +If you use a single memcached server, you have to add the following configuration to `seafile.conf` + +``` +[cluster] +enabled = true +memcached_options = --SERVER=192.168.1.134 --POOL-MIN=10 --POOL-MAX=100 + +``` + +If you use memcached cluster, the way you setup the memcached cluster and the way to configure it in seafile.conf depend on your Seafile server version. The recommended way to setup memcached clusters can be found [here](memcached_mariadb_cluster.md). + +**Memcached Configuration before Seafile Pro 6.2.11** + +For Seafile server older than 6.2.11, you need to specify all the memcached server addresses in seafile.conf. The format is + +``` +[cluster] +enabled = true +memcached_options = --SERVER=192.168.1.134 --SERVER=192.168.1.135 --SERVER=192.168.1.136 --POOL-MIN=10 --POOL-MAX=100 --RETRY-TIMEOUT=3600 + +``` + +Notice that there is a `--RETRY-TIMEOUT=3600` option in the above config. This option is important for dealing with memcached server failures. After a memcached server in the cluster fails, Seafile server will stop trying to use it for "RETRY-TIMEOUT" (in seconds). You should set this timeout to relatively long time, to prevent Seafile from retrying the failed server frequently, which may lead to frequent request errors for the clients. + +**Memcached Configuration after Seafile Pro 6.2.11** + +Since version 6.2.11, the recommended way to setup memcached cluster has been changed. You'll setup two memcached server, in active/standby mode. A floating IP address will be assigned to the current active memcached node. So you have to configure the address in seafile.conf accordingly. + +``` +[cluster] +enabled = true +memcached_options = --SERVER= --POOL-MIN=10 --POOL-MAX=100 + +``` + +(Optional) The Seafile server also opens a port for the load balancers to run health checks. Seafile by default uses port 11001. You can change this by adding the following config option to `seafile.conf` + +``` +[cluster] +health_check_port = 12345 + +``` + +#### seahub_settings.py + +You must setup and use memcached when deploying Seafile cluster. Refer to ["add memcached"](../deploy/add_memcached.md) to use memcached in Seahub. + +Also add following options to seahub_setting.py. These settings tell Seahub to store avatar in database and cache avatar in memcached, and store css CACHE to local memory. + +``` +AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage' + +``` + +#### seafevents.conf + +Add following to `seafevents.conf` to disable file indexing service on the local server. The file indexing service should be started on a dedicated background server. + +``` +[INDEX FILES] +external_es_server = true + +``` + +Here is an example `[INDEX FILES]` section: + +``` +[INDEX FILES] +enabled = true +interval = 10m +highlight = fvh # This configuration is only available for Seafile 6.3.0 pro and above. +index_office_pdf = true +external_es_server = true +es_host = background.seafile.com +es_port = 9200 + +``` + +Note: `enable = true` should be left unchanged. For versions older than 6.1, `es_port` was 9500. + +### Update Seahub Database + +In cluster environment, we have to store avatars in the database instead of in a local disk. + +``` +CREATE TABLE `avatar_uploaded` (`filename` TEXT NOT NULL, `filename_md5` CHAR(32) NOT NULL PRIMARY KEY, `data` MEDIUMTEXT NOT NULL, `size` INTEGER NOT NULL, `mtime` datetime NOT NULL); + +``` + +### Backend Storage Settings + +You also need to add the settings for backend cloud storage systems to the config files. + +* For NFS: [Setup Seafile cluster with NFS](setup_seafile_cluster_with_nfs.md) +* For S3: [Setup With Amazon S3](setup_with_amazon_s3.md) +* For OpenStack Swift: [Setup With OpenStackSwift](setup_with_openstackswift.md) +* For Ceph: [Setup With Ceph](setup_with_ceph.md) + +### Run and Test the Single Node + +Once you have finished configuring this single node, start it to test if it runs properly: + +``` +cd /data/haiwen/seafile-server-latest +./seafile.sh start +./seahub.sh start + +``` + +_Note:_ The first time you start seahub, the script would prompt you to create an admin account for your Seafile server. + +Open your browser, visit and login with the admin account. + +## Configure other nodes + +Now you have one node working fine, let's continue to configure more nodes. + +### Copy the config to all Seafile servers + +Supposed your Seafile installation directory is `/data/haiwen`, compress this whole directory into a tarball and copy the tarball to all other Seafile server machines. You can simply uncompress the tarball and use it. + +On each node, run `./seafile.sh` and `./seahub.sh` to start Seafile server. + +## Setup Nginx/Apache and Https + +You'll usually want to use Nginx/Apache and https for web access. You need to set it up on each machine running Seafile server. **Make sure the certificate on all the servers are the same.** + +* For Nginx: + * [Config Seahub with Nginx](../deploy/deploy_with_nginx.md) + * [Enabling Https with Nginx](../deploy/https_with_nginx.md) +* For Apache: + * [Config Seahub with Apache](../deploy/deploy_with_apache.md) + * [Enabling Https with Apache](../deploy/https_with_apache.md) + +## Start Seafile Service on boot + +It would be convenient to setup Seafile service to start on system boot. Follow [this documentation](../deploy/start_seafile_at_system_bootup.md) to set it up on **all nodes**. + +## Firewall Settings + +Beside [standard ports of a seafile server](../deploy/using_firewall.md), there are 2 firewall rule changes for Seafile cluster: + +* On each Seafile server machine, you should open the health check port (default 11001); +* On the memcached server, you should open the port 11211. For security resons only the Seafile servers should be allowed to access this port. + +## Load Balancer Setting + +Now that your cluster is already running, fire up the load balancer and welcome your users. Since version 6.0.0, Seafile Pro requires "sticky session" settings in the load balancer. You should refer to the manual of your load balancer for how to set up sticky sessions. + +### AWS Elastic Load Balancer (ELB) + +In the AWS ELB management console, after you've added the Seafile server instances to the instance list, you should do two more configurations. + +First you should setup HTTP(S) listeners. Ports 443 and 80 of ELB should be forwarded to the ports 80 or 443 of the Seafile servers. + +Then you setup health check + +![elb-health-check](../images/elb-health-check.png) + +Refer to [AWS documentation](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html) about how to setup sticky sessions. + +### HAProxy + +This is a sample `/etc/haproxy/haproxy.cfg`: + +(Assume your health check port is `11001`) + +``` +global + log 127.0.0.1 local1 notice + maxconn 4096 + user haproxy + group haproxy + +defaults + log global + mode http + retries 3 + maxconn 2000 + timeout connect 10000 + timeout client 300000 + timeout server 300000 + +listen seafile 0.0.0.0:80 + mode http + option httplog + option dontlognull + option forwardfor + cookie SERVERID insert indirect nocache + server seafileserver01 192.168.1.165:80 check port 11001 cookie seafileserver01 + server seafileserver02 192.168.1.200:80 check port 11001 cookie seafileserver02 + +``` + +## See how it runs + +Now you should be able to test your cluster. Open in your browser and enjoy. You can also synchronize files with Seafile clients. + +If the above works, the next step would be [Enable search and background tasks in a cluster](enable_search_and_background_tasks_in_a_cluster.md). + +## The final configuration of the front-end nodes + +Here is the summary of configurations at the front-end node that related to cluster setup. + +### 7.0 or older versions + +For **seafile.conf**: + +``` +[cluster] +enabled = true +memcached_options = --SERVER= --POOL-MIN=10 --POOL-MAX=100 + +``` + +The `enabled` option will prevent the start of background tasks by `./seafile.sh start` in the front-end node. The tasks should be explicitly started by `./seafile-background-tasks.sh start` at the back-end node. + +For **seahub_settings.py**: + +``` +AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage' + +OFFICE_CONVERTOR_ROOT = 'http://' + +``` + +For **seafevents.conf**: + +``` +[INDEX FILES] +enabled = true +interval = 10m +highlight = fvh # This configuration is only available for Seafile 6.3.0 pro and above. +external_es_server = true +es_host = +es_port = 9200 + +[OFFICE CONVERTER] +enabled = true +workers = 1 +## how many pages are allowed to be previewed online. Default is 50 pages +max-pages = 50 +## the max size of documents allowed to be previewed online, in MB. Default is 10 MB +## Previewing a large file (for example >30M) online is likely going to freeze the browser. +max-size = 10 + +``` + +The `[INDEX FILES]` section is needed to let the front-end node know the file search feature is enabled. The `external_es_server = true` is to tell the front-end node not to start the ElasticSearch but to use the ElasticSearch server at the back-end node. + +The `[OFFICE CONVERTER]` section is needed to let the front-end node know the office preview feature is enabled. + +### 7.1+ + +For **seafile.conf**: + +``` +[cluster] +enabled = true +memcached_options = --SERVER= --POOL-MIN=10 --POOL-MAX=100 + +``` + +The `enabled` option will prevent the start of background tasks by `./seafile.sh start` in the front-end node. The tasks should be explicitly started by `./seafile-background-tasks.sh start` at the back-end node. + +For **seahub_settings.py**: + +``` +AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage' + +OFFICE_CONVERTOR_ROOT = 'http://:6000' + +``` + +For **seafevents.conf**: + +``` +[INDEX FILES] +enabled = true +interval = 10m +highlight = fvh # This configuration is for improving searching speed +external_es_server = true +es_host = +es_port = 9200 + +[OFFICE CONVERTER] +enabled = true +workers = 1 +## the max size of documents allowed to be previewed online, in MB. Default is 10 MB +## Previewing a large file (for example >30M) online is likely going to freeze the browser. +max-size = 10 +host = +port = 6000 + +``` + +The `[INDEX FILES]` section is needed to let the front-end node know the file search feature is enabled. The `external_es_server = true` is to tell the front-end node not to start the ElasticSearch but to use the ElasticSearch server at the back-end node. + +The `[OFFICE CONVERTER]` section is needed to let the front-end node know the office preview feature is enabled. + + diff --git a/manual/deploy_pro/deploy_with_docker.md b/manual/deploy_pro/deploy_with_docker.md new file mode 100644 index 00000000..edee27c9 --- /dev/null +++ b/manual/deploy_pro/deploy_with_docker.md @@ -0,0 +1,261 @@ +## About + +* [Docker](https://docker.com/) is an open source project to pack, ship and run any Linux application in a lighter weight, faster container than a traditional virtual machine. +* Docker makes it much easier to deploy [a Seafile server](https://github.com/haiwen/seafile) on your servers and keep it updated. +* The base image configures Seafile with the Seafile team's recommended optimal defaults. + +If you are not familiar with docker commands, please refer to [docker documentation](https://docs.docker.com/engine/reference/commandline/cli/). + +## For seafile 7.x.x + +Starting with 7.0, we have adjusted seafile-docker image to use multiple containers. The old image runs MariaDB-Server、Memcached and Elasticsearch in the same container with Seafile server. Now, we strip the MariaDB-Server、Memcached and Elasticsearch from the Seafile image and run them in their respective containers. + +If you plan to deploy seafile 7.0, you should refer to the [Deploy Documentation](<../docker/pro-edition/Deploy Seafile-pro with Docker.md>). + +If you plan to upgrade 6.3 to 7.0, you can refer to the [Upgrade Documentation](<../docker/pro-edition/6.3 upgrade to 7.0.md>). + +## For seafile 6.x.x + +### Getting Started + +Login the Seafile private registry: + +```sh +docker login {host} + +``` + +You can find the private registry information on the [customer center download page](https://customer.seafile.com/downloads/) + +To run the seafile server container: + +```sh +docker run -d --name seafile \ + -e SEAFILE_SERVER_HOSTNAME=seafile.example.com \ + -v /opt/seafile-data:/shared \ + -p 80:80 \ + {host}/seafileltd/seafile-pro:latest + +``` + +Wait for a few minutes for the first time initialization, then visit `http://seafile.example.com` to open Seafile Web UI. + +This command will mount folder `/opt/seafile-data` at the local server to the docker instance. You can find logs and other data under this folder. + +### Put your licence file + +If you have a `seafile-license.txt` licence file, simply put it in the folder `/opt/seafile-data/seafile/`. In your host machine: + +```sh +mkdir -p /opt/seafile-data/seafile/ +cp /path/to/seafile-license.txt /opt/seafile-data/seafile/ + +``` + +Then restart the container. + +```sh +docker restart seafile + +``` + +### More configuration Options + +#### Custom Admin Username and Password + +The default admin account is `me@example.com` and the password is `asecret`. You can use a different password by setting the container's environment variables: +e.g. + +```sh +docker run -d --name seafile \ + -e SEAFILE_SERVER_HOSTNAME=seafile.example.com \ + -e SEAFILE_ADMIN_EMAIL=me@example.com \ + -e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \ + -v /opt/seafile-data:/shared \ + -p 80:80 \ + {host}/seafileltd/seafile-pro:latest + +``` + +If you forget the admin password, you can add a new admin account and then go to the sysadmin panel to reset user password. + +#### Let's encrypt SSL certificate + +If you set `SEAFILE_SERVER_LETSENCRYPT` to `true`, the container would request a letsencrypt-signed SSL certificate for you automatically. + +e.g. + +```sh +docker run -d --name seafile \ + -e SEAFILE_SERVER_LETSENCRYPT=true \ + -e SEAFILE_SERVER_HOSTNAME=seafile.example.com \ + -e SEAFILE_ADMIN_EMAIL=me@example.com \ + -e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \ + -v /opt/seafile-data:/shared \ + -p 80:80 \ + -p 443:443 \ + {host}/seafileltd/seafile-pro:latest + +``` + +If you want to use your own SSL certificate: + +* create a folder `/opt/seafile-data/ssl`, and put your certificate and private key under the ssl directory. +* Assume your site name is `seafile.example.com`, then your certificate must have the name `seafile.example.com.crt`, and the private key must have the name `seafile.example.com.key`. + +#### Modify Seafile Server Configurations + +The config files are under `shared/seafile/conf`. You can modify the configurations according to [Seafile manual](https://download.seafile.com/published/seafile-manual/home.md) + +After modification, you need to restart the container: + +```sh +docker restart seafile + +``` + +#### Find logs + +The seafile logs are under `/shared/logs/seafile` in the docker, or `/opt/seafile-data/logs/seafile` in the server that run the docker. + +The system logs are under `/shared/logs/var-log`, or `/opt/seafile-data/logs/var-log` in the server that run the docker. + +#### Add a new Admin + +Ensure the container is running, then enter this command: + +```sh +docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh + +``` + +Enter the username and password according to the prompts. You now have a new admin account. + +### Directory Structure + +#### `/shared` + +Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various logfiles and upload directory outside. This allows you to rebuild containers easily without losing important information. + +* /shared/db: This is the data directory for mysql server +* /shared/seafile: This is the directory for seafile server configuration and data. +* /shared/logs: This is the directory for logs. + * /shared/logs/var-log: This is the directory that would be mounted as `/var/log` inside the container. For example, you can find the nginx logs in `shared/logs/var-log/nginx/`. + * /shared/logs/seafile: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in `shared/logs/seafile/seafile.log`. +* /shared/ssl: This is directory for certificate, which does not exist by default. + +### Upgrading Seafile Server + +If you plan to upgrade 6.3 to 7.0, you can refer to the [Upgrade Documentation](<../docker/pro-edition/6.3 upgrade to 7.0.md>). + +To upgrade to the latest version of seafile 6.3: + +```sh +docker pull {host}/seafileltd/seafile-pro:latest +docker rm -f seafile +docker run -d --name seafile \ + -e SEAFILE_SERVER_LETSENCRYPT=true \ + -e SEAFILE_SERVER_HOSTNAME=seafile.example.com \ + -e SEAFILE_ADMIN_EMAIL=me@example.com \ + -e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \ + -v /opt/seafile-data:/shared \ + -p 80:80 \ + -p 443:443 \ + {host}/seafileltd/seafile-pro:latest + +``` + +If you are one of the early users who use the `launcher` script, you should refer to [upgrade from old format](https://github.com/haiwen/seafile-docker/blob/master/upgrade_from_old_format.md) document. + +### Backup and Recovery + +#### Struct + +We assume your seafile volumns path is in `/shared`. And you want to backup to `/backup` directory. +You can create a layout similar to the following in /backup directory: + +```struct +/backup +---- databases/ contains database backup files +---- data/ contains backups of the data directory + +``` + +The data files to be backed up: + +```struct +/shared/seafile/conf # configuration files +/shared/seafile/pro-data # data of es +/shared/seafile/seafile-data # data of seafile +/shared/seafile/seahub-data # data of seahub + +``` + +#### Backup + +Steps: + +1. Backup the databases; +2. Backup the seafile data directory; + +[Backup Order: Database First or Data Directory First](../maintain/backup_recovery.md) + +* backing up Database: + + ```bash + # It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week. + cd /backup/databases + docker exec -it seafile mysqldump -uroot --opt ccnet_db > ccnet_db.sql + docker exec -it seafile mysqldump -uroot --opt seafile_db > seafile_db.sql + docker exec -it seafile mysqldump -uroot --opt seahub_db > seahub_db.sql + + ``` + +* Backing up Seafile library data: + * To directly copy the whole data directory + + ```bash + cp -R /shared/seafile /backup/data/ + cd /backup/data && rm -rf ccnet + + ``` + + * Use rsync to do incremental backup + + ```bash + rsync -az /shared/seafile /backup/data/ + cd /backup/data && rm -rf ccnet + + ``` + +#### Recovery + +* Restore the databases: + + ```bash + cp /backup/data/ccnet_db.sql /shared/ccnet_db.sql + cp /backup/data/seafile_db.sql /shared/seafile_db.sql + cp /backup/data/seahub_db.sql /shared/seahub_db.sql + docker exec -it seafile /bin/sh -c "mysql -uroot ccnet_db < /shared/ccnet_db.sql" + docker exec -it seafile /bin/sh -c "mysql -uroot seafile_db < /shared/seafile_db.sql" + docker exec -it seafile /bin/sh -c "mysql -uroot seahub_db < /shared/seahub_db.sql" + + ``` + +* Restore the seafile data: + + ```bash + cp -R /backup/data/* /shared/seafile/ + + ``` + +### Troubleshooting + +You can run docker commands like "docker exec" to find errors. + +```sh +docker exec -it seafile /bin/bash + +``` + + diff --git a/manual/deploy_pro/details_about_file_search.md b/manual/deploy_pro/details_about_file_search.md new file mode 100644 index 00000000..77e8d3c8 --- /dev/null +++ b/manual/deploy_pro/details_about_file_search.md @@ -0,0 +1,127 @@ +# Details about File Search + +**Note**: Since Seafile Professional Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md). + +## Search Options + +The following options can be set in **seafevents.conf** to control the behaviors of file search. You need to restart seafile and seahub to make them take effect. + +``` +[INDEX FILES] +## must be "true" to enable search +enabled = true + +## The interval the search index is updated. Can be s(seconds), m(minutes), h(hours), d(days) +interval=10m + +## If true, indexes the contents of office/pdf files while updating search index +## Note: If you change this option from "false" to "true", then you need to clear the search index and update the index again. +index_office_pdf=false + +``` + +## Enable full text search for Office/PDF files + +Full text search is not enabled by default to save system resources. If you want to enable it, you need to follow the instructions below. + +First you have to set the value of `index_office_pdf` option in `seafevents.conf` to `true`. + +Then restart seafile server + +``` + cd /data/haiwen/seafile-pro-server-1.7.0/ + ./seafile.sh restart + +``` + +You need to delete the existing search index and recreate it. + +``` + ./pro/pro.py search --clear + ./pro/pro.py search --update + +``` + +## Use existing ElasticSearch server + +The search module uses an Elasticsearch server bundled with the Seafile Professional Server. However, you may have an existing Elasticsearch server or cluster running in your company. In this situation, you can change the config file to use your existing ES server or cluster. + +This feature was added in Seafile Professional Server 2.0.5. + +### Modify the config file + +* Edit `seafevents.conf`, add settings in the section **\[index files]** to specify your ES server host and port: + + +``` +[INDEX FILES] +... +external_es_server = true +es_host = 192.168.1.101 +es_port = 9200 + +``` + +* `external_es_server`: set to `true` so seafile would not start its own elasticsearch server +* `es_host`: The ip address of your ES server +* `es_port`: The listening port of ES server RESTful API. By default it should be `9200` + +## Common problems + +### How to rebuild the index if something went wrong + +You can rebuild search index by running: + +``` +./pro/pro.py search --clear +./pro/pro.py search --update + +``` + +If this does not work, you can try the following steps: + +1. Stop Seafile +2. Remove the old search index `rm -rf pro-data/search` +3. Restart Seafile +4. Wait one minute then run `./pro/pro.py search --update` + +### I get no result when I search a keyword + +The search index is updated every 10 minutes by default. So before the first index update is performed, you get nothing no matter what you search. + + To be able to search immediately, + +* Make sure you have started Seafile Server +* Update the search index manually: + + +``` +cd haiwen/seafile-pro-server-2.0.4 +./pro/pro.py search --update + +``` + +### Encrypted files cannot be searched + +This is because the server cannot index encrypted files, since they are encrypted. + +### Increase the heap size for the java search process + +The search functionality is based on Elasticsearch, which is a java process. You can modify the memory size by modifying the jvm configuration file. For example, modify to 2G memory. Modify the following configuration in the `seafile-server-latest/pro/elasticsearch/config/jvm.options` file: + +```sh +-Xms2g # Minimum available memory +-Xmx2g # Maximum available memory +### It is recommended to set the values of the above two configurations to the same size. + +``` + +Restart the seafile service to make the above changes take effect: + +``` +./seafile.sh restart +./seahub.sh restart + +``` + + diff --git a/manual/deploy_pro/download_and_setup_seafile_professional_server.md b/manual/deploy_pro/download_and_setup_seafile_professional_server.md new file mode 100644 index 00000000..17b44da1 --- /dev/null +++ b/manual/deploy_pro/download_and_setup_seafile_professional_server.md @@ -0,0 +1,201 @@ +# Download and Setup Seafile Professional Server + +## Preparation + +Now when we release a new version, we will always provide 2 compressed files, for example: + +* _seafile-pro-server_7.1.3_x86-64_Ubuntu.tar.gz_, is compiled in Ubuntu 18.04 enviroment. +* _seafile-pro-server_7.1.3_x86-64_CentOS.tar.gz_, is compiled in CentOS 7 enviroment. + +If you are using Ubuntu/Debian server, please use _seafile-pro-server_7.1.3_x86-64_Ubuntu.tar.gz_, for CentOS please use _seafile-pro-server_7.1.3_x86-64.tar.gz_. + +### Install thirdpart Requirements + +The Seafile server package requires the following packages to be installed on your system: + +**For Seafile 7.0.x** + +``` +# on Ubuntu 16.04 +apt-get update +apt-get install python2.7 python-setuptools python-mysqldb python-urllib3 python-ldap -y + +``` + +``` +# on CentOS 7 +yum install python python-setuptools MySQL-python python-urllib3 python-ldap -y + +``` + +**For Seafile 7.1.x** + +``` +# on Debian 10/Ubuntu 18.04 +apt-get update +apt-get install python3 python3-setuptools python3-pip -y + +pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \ + django-pylibmc django-simple-captcha python3-ldap + +``` + +``` +# on CentOS 8 +yum install python3 python3-setuptools python3-pip -y + +pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \ + django-pylibmc django-simple-captcha python3-ldap + +``` + +For more information please see bellow. + +### Minimum System Requirements + +* A Linux server with 2GB RAM + +### Install Java Runtime Environment (JRE) + +On Debian: + +``` +sudo apt-get install openjdk-8-jre + +``` + +On Ubuntu 16.04: + +``` +sudo apt-get install openjdk-8-jre +sudo ln -sf /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java /usr/bin/ + +``` + +On CentOS/Red Hat: + +``` +sudo yum install java-1.8.0-openjdk + +``` + +### Install poppler-utils + +The package poppler-utils is required for full text search of pdf files. + +On Ubuntu/Debian: + +``` +sudo apt-get install poppler-utils + +``` + +On CentOS/Red Hat: + +``` +sudo yum install poppler-utils + +``` + +### Install Python libraries + +First make sure your have installed Python 2.7 + +``` +sudo easy_install pip +sudo pip install boto + +``` + +If you receive an error about "Wheel installs require setuptools >= ...", run this between the pip and boto lines above + +``` +sudo pip install setuptools --no-use-wheel --upgrade + +``` + +### Install all libraries required by the Community Edition + +See [Download and Setup Seafile Server With MySQL](../deploy/using_mysql.md). + +## Download and Setup Seafile Professional Server + +### Get the license + +Put the license you got under the top level diretory. In our wiki, we use the diretory `/data/haiwen/` as the top level directory. If you're using the free Pro Edition with three users you don't need a license file. + +### Download & uncompress Seafile Professional Server + +``` +tar xf seafile-pro-server_7.0.7_x86-64.tar.gz + +``` + +Now you have: + +``` +haiwen +├── seafile-license.txt +└── seafile-pro-server-7.0.7/ + +``` + +--- + +You should notice the difference between the names of the Community Server and Professional Server. Take the 7.0.7 64bit version as an example: + +* Seafile Community Server tarball is `seafile-server_7.0.7_x86-86.tar.gz`; After uncompressing, the folder is `seafile-server-7.0.7` +* Seafile Professional Server tarball is `seafile-pro-server_7.0.7_x86-86.tar.gz`; After uncompressing, the folder is `seafile-pro-server-7.0.7` + +### Setup + +The setup process of Seafile Professional Server is the same as the Seafile Community Server. See [Download and Setup Seafile Server With MySQL](../deploy/using_mysql.md). + +If you have any problem with setting up the service, please check [Common problems in setting up Seafile server](../deploy/common_problems_for_setting_up_server.md). + +After you have succesfully setup Seafile Professional Server, you have a directory layout like this: + +``` +#tree haiwen -L 2 +haiwen +├── seafile-license.txt # license file +├── ccnet # configuration files +│ ├── mykey.peer +│ ├── PeerMgr +│ └── seafile.ini +├── conf +│ └── ccnet.conf +│ └── seafile.conf +│ └── seahub_settings.py +│ └── seafevents.conf +├── pro-data # data specific for professional version +├── seafile-data +├── seafile-pro-server-7.0.7 +│ ├── reset-admin.sh +│ ├── runtime +│ ├── seafile +│ ├── seafile.sh +│ ├── seahub +│ ├── seahub-extra +│ ├── seahub.sh +│ ├── setup-seafile.sh +│ ├── setup-seafile-mysql.py +│ ├── setup-seafile-mysql.sh +│ └── upgrade +├── seahub-data +│ └── avatars # for user avatars +├── seahub.db + +``` + +## Performance tuning + +If you have more than 50 Seafile users, we highly recommend to [add memcached](../deploy/add_memcached.md). This is going to speedup Seahub (the web front end) significantly. + +## Done + +At this point, the basic setup of Seafile Professional Server is done. + +You may want to read more about Seafile Professional Server: + +* [FAQ For Seafile Professional Server](faq_for_seafile_pro_server.md) diff --git a/manual/deploy_pro/enable_search_and_background_tasks_in_a_cluster.md b/manual/deploy_pro/enable_search_and_background_tasks_in_a_cluster.md new file mode 100644 index 00000000..7bd5fe0a --- /dev/null +++ b/manual/deploy_pro/enable_search_and_background_tasks_in_a_cluster.md @@ -0,0 +1,341 @@ +_Note:_ Before you try to deploy file search office documents preview, make sure other parts of your seafile cluster are already working, e.g upload/download files in a web browser. Make sure memcached is configured as described in ["Deploy in a cluster"](./deploy_in_a_cluster.md). + +# Enable search and background tasks in a cluster + +In the seafile cluster, only one server should run the background tasks, including: + +* indexing files for search +* email notification +* office documents converts service +* LDAP sync +* virus scan + +Let's assume you have three nodes in your cluster: A, B, and C. + +* Node A is backend node that run background tasks. +* Node B and C are frontend nodes that serving requests from clients. + +![cluster-nodes](../images/cluster-nodes.png) + +## 7.0 or before + +### Configuring Node A (the backend node) + +If you following the steps on settings up a cluster, node B and node C should have already be configed as frontend node. You can copy the configuration of node B as a base for node A. Then do the following steps: + +#### Install Dependencies (Java, LibreOffice, poppler) + +On Ubuntu/Debian: + +```shell +sudo apt-get install openjdk-8-jre libreoffice poppler-utils python-uno # or python3-uno for ubuntu 16.04+ + +``` + +On CentOS/Red Hat: + +```shell +sudo yum install java-1.8.0-openjdk +sudo yum install libreoffice libreoffice-headless libreoffice-pyuno +sudo yum install poppler-utils + +``` + +Edit **seafevents.conf** and ensure this line does NOT exist: + +``` +external_es_server = true + +``` + +Edit **seahub_settings.py** and add a line: + +```python +OFFICE_CONVERTOR_NODE = True + +``` + +Edit **seafile.conf** to enable virus scan according to [virus scan document](virus_scan.md) + +#### Edit the firewall rules + +In your firewall rules for node A, you should open the port 9200 (for search requests). For versions older than 6.1, `es_port` was 9500. + +### Configure Other Nodes + +On nodes B and C, you need to: + +* Edit `seafevents.conf`, add the following lines: + + +``` +[INDEX FILES] +external_es_server = true +es_host = +es_port = 9200 + +``` + +Edit **seahub_settings.py** and add a line: + +```python +OFFICE_CONVERTOR_ROOT = 'http://' + +``` + +Make sure requests to http\:// is also handled by Seahub. For example, you may need to add this Nginx configuration in the background node: + +``` +server { + listen 80; + server_name ; + location / { + proxy_pass http://127.0.0.1:8000; + ... + } + +``` + +As a simple test, you can use this command to test if you set it up correctly. + +```shell +curl -v http:///office-convert/internal/status/ + +``` + +It should say "400 Bad Request" when you have Nginx config updated. + +### Start the background node + +Type the following commands to start the background node (Note, one additional command `seafile-background-tasks.sh` is needed) + +```shell +./seafile.sh start +./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi +./seafile-background-tasks.sh start + +``` + +To stop the background node, type: + +```shell +./seafile-background-tasks.sh stop +./seafile.sh stop +./seahub.sh stop + +``` + +You should also configure Seafile background tasks to start on system bootup. For systemd based OS, you can add `/etc/systemd/system/seafile-background-tasks.service`: + +``` +[Unit] +Description=Seafile Background Tasks Server +After=network.target seahub.service + +[Service] +Type=forking +ExecStart=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh start +ExecStop=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh stop +User=root +Group=root + +[Install] +WantedBy=multi-user.target + +``` + +Then enable this task in systemd: + +``` +systemctl enable seafile-background-tasks.service + +``` + +### The final configuration of the background node + +Here is the summary of configurations at the background node that related to clustering setup. + +For **seafile.conf**: + +``` +[cluster] +enabled = true +memcached_options = --SERVER= --POOL-MIN=10 --POOL-MAX=100 + +``` + +For **seahub_settings.py**: + +``` +OFFICE_CONVERTOR_NODE = True + +AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage' +COMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache' + +``` + +For **seafevents.conf**: + +``` +[INDEX FILES] +enabled = true +interval = 10m + +[OFFICE CONVERTER] +enabled = true +workers = 1 +## the max size of documents allowed to be previewed online, in MB. Default is 10 MB +## Previewing a large file (for example >30M) online is likely going to freeze the browser. +max-size = 10 + +``` + +## 7.1+ + +### Configuring Node A (the backend node) + +If you following the steps on settings up a cluster, node B and node C should have already be configed as frontend node. You can copy the configuration of node B as a base for node A. Then do the following steps: + +#### Install Dependencies (Java, LibreOffice) + +On Ubuntu/Debian: + +```shell +sudo apt-get install openjdk-8-jre libreoffice python-uno # or python3-uno for ubuntu 16.04+ + +``` + +On CentOS/Red Hat: + +```shell +sudo yum install java-1.8.0-openjdk +sudo yum install libreoffice libreoffice-headless libreoffice-pyuno + +``` + +Edit **seafevents.conf** and ensure this line does NOT exist: + +``` +external_es_server = true + +``` + +Edit **seafevents.conf**, adding the following configuration: + +``` +[OFFICE CONVERTER] +enabled = true +host = +port = 6000 + +``` + +host is the IP address of background node, make sure the front end nodes can access the background node via IP:6000 . + +Edit **seafile.conf** to enable virus scan according to [virus scan document](virus_scan.md) + +#### Edit the firewall rules + +In your firewall rules for node A, you should open the port 9200 (for search requests) and port 6000 for office converter. For versions older than 6.1, `es_port` was 9500. + + + +### Configure Other Nodes + +On nodes B and C, you need to: + +Edit `seafevents.conf`, add the following lines: + +``` +[INDEX FILES] +external_es_server = true +es_host = +es_port = 9200 + +[OFFICE CONVERTER] +enabled = true +host = +port = 6000 + +``` + +Edit **seahub_settings.py** and add a line: + +```python +OFFICE_CONVERTOR_ROOT = 'http://:6000' + +``` + +### Start the background node + +Type the following commands to start the background node (Note, one additional command `seafile-background-tasks.sh` is needed) + +```shell +./seafile.sh start +./seafile-background-tasks.sh start + +``` + +To stop the background node, type: + +```shell +./seafile-background-tasks.sh stop +./seafile.sh stop + +``` + +You should also configure Seafile background tasks to start on system bootup. For systemd based OS, you can add `/etc/systemd/system/seafile-background-tasks.service`: + +``` +[Unit] +Description=Seafile Background Tasks Server +After=network.target seahub.service + +[Service] +Type=forking +ExecStart=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh start +ExecStop=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh stop +User=root +Group=root + +[Install] +WantedBy=multi-user.target + +``` + +Then enable this task in systemd: + +``` +systemctl enable seafile-background-tasks.service + +``` + +### The final configuration of the background node + +Here is the summary of configurations at the background node that related to clustering setup. + +For **seafile.conf**: + +``` +[cluster] +enabled = true +memcached_options = --SERVER= --POOL-MIN=10 --POOL-MAX=100 + +``` + +For **seafevents.conf**: + +``` +[INDEX FILES] +enabled = true +interval = 10m +highlight = fvh # this is for improving the search speed + +[OFFICE CONVERTER] +enabled = true +host = +port = 6000 + +``` + + diff --git a/manual/deploy_pro/ldap_group_sync.md b/manual/deploy_pro/ldap_group_sync.md new file mode 100644 index 00000000..6b640cd0 --- /dev/null +++ b/manual/deploy_pro/ldap_group_sync.md @@ -0,0 +1,148 @@ +# Importing Groups from LDAP/AD + +Since version 4.1.0, the Pro Edition supports importing (syncing) groups from LDAP or Active Directory. + +## How It Works + +The importing or syncing process maps groups from LDAP directory server to groups in Seafile's internal database. This process is one-way. + +* Any changes to groups in the database won't propagate back to LDAP; +* Any changes to groups in the database, except for "setting a member as group admin", will be overwritten in the next LDAP sync operation. If you want to add or delete members, you can only do that on LDAP server. +* The creator of imported groups will be set to the system admin. + +There are two modes of operation: + +* Periodical: the syncing process will be executed in a fixed interval +* Manual: there is a script you can run to trigger the syncing once + +## Prerequisite + +You have to install python-ldap library in your system. + +For Debian or Ubuntu + +``` +sudo apt-get install python-ldap + +``` + +For CentOS or RedHat + +``` +sudo yum install python-ldap + +``` + +## Syncing Groups + +### Configuration + +Before enabling LDAP group sync, you should have configured LDAP authentication. See [Configure Seafile to use LDAP](using_ldap_pro.md) for details. + +The following are LDAP group sync related options. They're in the "\[ldap_sync]" section of [ccnet.conf](../config/ccnet-conf.md). + +Below are summary of options for syncing groups: + +* **ENABLE_GROUP_SYNC**: set to "true" if you want to enable ldap group syncing +* **GROUP_OBJECT_CLASS**: This is the name of the class used to search for group objects. In Active Directory, it's usually "group"; in OpenLDAP or others, you may use "groupOfNames","groupOfUniqueNames" or "posixGroup", depends on your LDAP server. The default value is "group". +* **SYNC_INTERVAL**: The interval to sync. Unit is minutes. You can set it to 60, which means that data is synchronized from the LDAP/AD server every 60 minutes. +* **GROUP_FILTER**: An additional filter to use when searching group objects. If it's set, the final filter used to run search is "(&(objectClass=GROUP_OBJECT_CLASS)(GROUP_FILTER))"; otherwise the final filter would be "(objectClass=GROUP_OBJECT_CLASS)". +* **GROUP_MEMBER_ATTR**: The attribute field to use when loading the group's members. For most directory servers, the attributes is "member", which is the default value.For "posixGroup", it should be set to "memberUid". +* **USER_ATTR_IN_MEMBERUID**: The user attribute set in 'memberUid' option, which is used in "posixGroup".The default value is "uid". +* **DEL_GROUP_IF_NOT_FOUND**: set to "true", will deleted the groups if not found it in LDAP/AD server; need Seafile-pro-6.3.0 and above version +* **SYNC_GROUP_AS_DEPARTMENT**: In 6.3.8 version, a new option SYNC_GROUP_AS_DEPARTMENT is added. If this option is set to "true", the groups will be synced as top-level departments in Seafile, instead of simple groups. Learn more about departments in Seafile [here](https://help.seafile.com/en/sharing_collaboration/departments.html). +* **CREATE_DEPARTMENT_LIBRARY**: If you decide to sync the group as a department, you can set this option to "true". In this way, when the group is synchronized for the first time, a library is automatically created for the department, and the library's name is the department's name. +* **DEFAULT_DEPARTMENT_QUOTA**: If you decide to sync the group as a department, you can set a default space quota for each department when you synchronize a group for the first time. The quota is set to unlimited if this option is not set. Unit is MB. +* **DEPT_NAME_ATTR**: Get the department name. You can set this configuration item to an AD field that represents the "department" name, such as "description". The name of the department created by Seafile will be the department name set in the AD field instead of the OU name. Requires Seafile-pro-7.0.11 and above. +* **DEPT_REPO_PERM: **Set the permissions of the department repo. The default permission is 'rw'. Set permissions for the department repo created during AD synchronization. Requires Seafile-pro-7.0.11 and above. + +The search base for groups is the "BASE_DN" set in "\[ldap]" section of ccnet.conf. + +Some LDAP server, such as Active Directory, allows a group to be a member of another group. This is called "group nesting". If we find a nested group B in group A, we should recursively add all the members from group B into group A. And group B should still be imported a separate group. That is, all members of group B are also members in group A. + +In some LDAP server, such as OpenLDAP, it's common practice to use Posix groups to store group membership. To import Posix groups as Seafile groups, set GROUP_OBJECT_CLASS option to posixGroup . A posixGroup object in LDAP usually contains a multi-value attribute for the list of member UIDs. The name of this attribute can be set with the GROUP_MEMBER_ATTR option. It's MemberUid by default. The value of the MemberUid attribute is an ID that can be used to identify a user, which corresponds to an attribute in the user object. The name of this ID attribute is usually uid , but can be set via the USER_ATTR_IN_MEMBERUID option. Note that posixGroup doesn't support nested groups. + +### Example Configurations + +Here is an example configuration for syncing nested groups in Active Directory: + +``` +[LDAP] +HOST = ldap://192.168.1.123/ +BASE = cn=users,dc=example,dc=com +USER_DN = administrator@example.local +PASSWORD = secret +LOGIN_ATTR = mail + +[LDAP_SYNC] +ENABLE_GROUP_SYNC = true +SYNC_INTERVAL = 60 + +``` + +For AD, you usually don't need to configure other options except for "ENABLE_GROUP_SYNC". That's because the default values for other options are the usual values for AD. If you have special settings in your LDAP server, just set the corresponding options. + +Here is an example configuration for syncing nested groups (but not PosixGroups) in OpenLDAP: + +``` +[LDAP] +HOST = ldap://192.168.1.123/ +BASE = ou=users,dc=example,dc=com +USER_DN = cn=admin,dc=example,dc=com +PASSWORD = secret +LOGIN_ATTR = mail + +[LDAP_SYNC] +ENABLE_GROUP_SYNC = true +SYNC_INTERVAL = 60 +GROUP_OBJECT_CLASS = groupOfNames + +``` + +## Sync OU as Departments + +A department in Seafile is a special group. In addition to what you can do with a group, there are two key new features for departments: + +* Department supports hierarchy. A department can have any levels of sub-departments. +* Department can have storage quota. + +Seafile supports syncing OU (Organizational Units) from AD/LDAP to departments. The sync process keeps the hierarchical structure of the OUs. + +Options for syncing departments from OU: + +* **SYNC_DEPARTMENT_FROM_OU**: set to "true" to enable syncing departments from OU. +* **SYNC_INTERVAL**: The interval to sync. Unit is minutes. You can set it to 60, which means that data is synchronized from the LDAP/AD server every 60 minutes. +* **DEL_DEPARTMENT_IF_NOT_FOUND**: If set to "true", sync process will delete a department if the corresponding OU is not found in AD/LDAP server. +* **CREATE_DEPARTMENT_LIBRARY**: set to "true", if you want to automatically create a department library with the OU name. +* **DEFAULT_DEPARTMENT_QUOTA**: default quota for the imported departments in MB. The quota is set to unlimited if this option is not set. +* **DEPT_NAME_ATTR**: Get the department name. You can set this configuration item to an AD field that represents the "department" name, such as "description". The name of the department created by Seafile will be the department name set in the AD field instead of the OU name. Requires Seafile-pro-7.0.11 and above. +* **DEPT_REPO_PERM: **Set the permissions of the department repo. The default permission is 'rw'. Set permissions for the department repo created during AD synchronization. Requires Seafile-pro-7.0.11 and above. + +**NOTE**: Before 6.3.8, an old configuration syntax is used for syncing OU as departments. That syntax is no long supported. The old syntax cannot support syncing both groups and OU from AD/LDAP at the same time. However this is necessary for many situations. With the new syntax, you can sync both. + +## Periodical and Manual Sync + +Periodical sync won't happen immediately after you restart seafile server. It gets scheduled after the first sync interval. For example if you set sync interval to 30 minutes, the first auto sync will happen after 30 minutes you restarts. To sync immediately, you need to manually trigger it. + +After the sync is run, you should see log messages like the following in logs/seafevents.log. And you should be able to see the groups in system admin page. + +``` +[2015-03-30 18:15:05,109] [DEBUG] create group 1, and add dn pair CN=DnsUpdateProxy,CN=Users,DC=Seafile,DC=local<->1 success. +[2015-03-30 18:15:05,145] [DEBUG] create group 2, and add dn pair CN=Domain Computers,CN=Users,DC=Seafile,DC=local<->2 success. +[2015-03-30 18:15:05,154] [DEBUG] create group 3, and add dn pair CN=Domain Users,CN=Users,DC=Seafile,DC=local<->3 success. +[2015-03-30 18:15:05,164] [DEBUG] create group 4, and add dn pair CN=Domain Admins,CN=Users,DC=Seafile,DC=local<->4 success. +[2015-03-30 18:15:05,176] [DEBUG] create group 5, and add dn pair CN=RAS and IAS Servers,CN=Users,DC=Seafile,DC=local<->5 success. +[2015-03-30 18:15:05,186] [DEBUG] create group 6, and add dn pair CN=Enterprise Admins,CN=Users,DC=Seafile,DC=local<->6 success. +[2015-03-30 18:15:05,197] [DEBUG] create group 7, and add dn pair CN=dev,CN=Users,DC=Seafile,DC=local<->7 success. + +``` + +To trigger LDAP sync manually, + +``` +cd seafile-server-lastest +./pro/pro.py ldapsync + +``` + + diff --git a/manual/deploy_pro/ldap_role_sync.md b/manual/deploy_pro/ldap_role_sync.md new file mode 100644 index 00000000..677f38c6 --- /dev/null +++ b/manual/deploy_pro/ldap_role_sync.md @@ -0,0 +1,45 @@ +# Importing Roles from LDAP/AD + +Since version 6.1.5, the Pro Edition supports syncing roles from LDAP or Active Directory. + +To enable this feature, add config option `ROLE_NAME_ATTR` to ccnet.conf + +``` +[LDAP_SYNC] +ROLE_NAME_ATTR = title + +``` + +`ROLE_NAME_ATTR` is the attribute field to configure roles in LDAP . +We provide a user-defined function to map the role:Create `custom_functions.py` under conf/ and edit it like: + +``` +#coding=utf-8 +import sys +reload(sys) +sys.setdefaultencoding('utf8') + +def ldap_role_mapping(role): + if 'staff' in role: + return 'Staff' + if 'guest' in role: + return 'Guest' + if 'manager' in role: + return 'Manager' + +``` + +you can rewrite this function (in python) to make your own mapping rules. If the file or function doesn't exist, all roles in `ROLE_NAME_ATTR` will be synced. + +** NOTE: **Make sure that ccnet-server keeps running while doing LDAP role sync. + +Note: If you are using 7.1 version or later, and with Python 3, you should remove the following code from \`custom_functions.py\`: + +``` +import sys +reload(sys) +sys.setdefaultencoding('utf8') + +``` + + diff --git a/manual/deploy_pro/memcached_mariadb_cluster.md b/manual/deploy_pro/memcached_mariadb_cluster.md new file mode 100644 index 00000000..b37f6b61 --- /dev/null +++ b/manual/deploy_pro/memcached_mariadb_cluster.md @@ -0,0 +1,172 @@ +# Setup Memcached Cluster and MariaDB Galera Cluster + +For high availability, it is recommended to set up a memcached cluster and MariaDB Galera cluster for Seafile cluster. This documentation will provide information on how to do this with 3 servers. You can either use 3 dedicated servers or use the 3 Seafile server nodes. + +## Setup Memcached Cluster + +Seafile servers share session information within memcached. So when you set up a Seafile cluster, there needs to be a memcached server (cluster) running. + +The simplest way is to use a single-node memcached server. But when this server fails, some functions in the web UI of Seafile cannot work. So for HA, it's usually desirable to have more than one memcached servers. + +### For Seafile Server bofore 6.2.11 version + +For Seafile servers before 6.2.11 version, we recommend to use an architecture in which the cache items are distributed across all memcached nodes. + +Unlike other cluster architecture, when you create a memcached cluster with multiple nodes, the key distribution in memcached cluster is controlled by the memcached clients. So there is no special configuration on the memcached server for building a cluster. But there are a few things to take care when building a memcached cluster: + +- Make sure all the seafile server nodes connects to all the memcached nodes. The memcached servers should be listed in the same order in Seafile's config files. +- After one memcached server gets shut down and restarted, sometimes the Seafile servers' views on the memcached cluster will become inconsistent. This is due to limitation of the memcached cluster architecture. You may notice some errors in the web UI functionalities. You have to restart the Seafile server processes to make their views consistent again. Typical error messages you can find in seafile.log are: + * `SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY` + * `SERVER IS MARKED DEAD` + +Seafile servers, work as memcached clients, are designed to automatically migrate keys to living memcached nodes when a memcached node fails. But there are some tricky cases when the Seafile servers cannot automatically recover from errors of memcahced servers. That's why we change the recommended architecture since 6.3 version. + +### Seafile server 6.2.11 or newer + +In this new recommended architecture, you setup two independent memcached servers, in active/standby mode. A floating IP address (or Virtual IP address in some context) is assigned to the current active node. When the active node goes down, Keepalived will migrate the virtual IP to the standby node. So you actually use a single node memcahced, but use Keepalived (or other alternatives) to provide high availability. + +After installing memcahced on each server, you need to make some modification to the memcached config file. + +``` +# Under Ubuntu +vi /etc/memcached.conf + +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +# -m 64 +-m 256 + +# Specify which IP address to listen on. The default is to listen on all IP addresses +# This parameter is one of the only security measures that memcached has, so make sure +# it's listening on a firewalled interface. +-l 0.0.0.0 + +service memcached restart +``` + +``` +# Under CentOS 7 +vim /etc/sysconfig/memcached + +PORT="11211" +USER="memcached" +MAXCONN="1024" +CACHESIZE="64" +OPTIONS="-l 0.0.0.0 -m 256" + +systemctl restart memcached +systemctl enable memcached +``` + +**NOTE: Please configure memcached to start on system startup.** + +Install and configure Keepalived. + +``` +# For Ubuntu +sudo apt-get install keepalived -y + +# For CentOS +sudo yum install keepalived -y +``` + +Modify keepalived config file `/etc/keepalived/keepalived.conf`. + +On active node +``` +cat /etc/keepalived/keepalived.conf + +! Configuration File for keepalived + +global_defs { + notification_email { + root@localhost + } + notification_email_from keepalived@localhost + smtp_server 127.0.0.1 + smtp_connect_timeout 30 + router_id node1 + vrrp_mcast_group4 224.0.100.19 +} +vrrp_script chk_memcached { + script "killall -0 memcached && exit 0 || exit 1" + interval 1 + weight -5 +} + +vrrp_instance VI_1 { + state MASTER + interface ens33 + virtual_router_id 51 + priority 100 + advert_int 1 + authentication { + auth_type PASS + auth_pass hello123 + } + virtual_ipaddress { + 192.168.1.113/24 dev ens33 + } + track_script { + chk_memcached + } +} +``` + +On standby node +``` +cat /etc/keepalived/keepalived.conf + +! Configuration File for keepalived + +global_defs { + notification_email { + root@localhost + } + notification_email_from keepalived@localhost + smtp_server 127.0.0.1 + smtp_connect_timeout 30 + router_id node2 + vrrp_mcast_group4 224.0.100.19 +} +vrrp_script chk_memcached { + script "killall -0 memcached && exit 0 || exit 1" + interval 1 + weight -5 +} + +vrrp_instance VI_1 { + state BACKUP + interface ens33 + virtual_router_id 51 + priority 98 + advert_int 1 + authentication { + auth_type PASS + auth_pass hello123 + } + virtual_ipaddress { + 192.168.1.113/24 dev ens33 + } + track_script { + chk_memcached + } +} +``` + +**NOTE: Please adjust the network device names accordingly. virtual_ipaddress is the floating IP address in use.** + +### Setup MariaDB Cluster + +MariaDB cluster helps you to remove single point of failure from the cluster architecture. Every update in the database cluster is synchronously replicated to all instances. + +You can choose between two different setups: + +- For a small cluster with 3 nodes, you can run MariaDB cluster directly on the Seafile server nodes. Each Seafile server access its local instance of MariaDB. +- For larger clusters, it's preferable to have 3 dedicated MariaDB nodes to form a cluster. You have to set up a HAProxy in front of the MariaDB cluster. Seafile will access database via HAProxy. + +We refer to the documentation from MariaDB team: + +- [Setting up MariaDB cluster on CentOS 7](https://mariadb.com/resources/blog/setting-mariadb-enterprise-cluster-part-2-how-set-mariadb-cluster) +- [Setting up HAProxy for MariaDB Galera Cluster](https://mariadb.com/resources/blog/setup-mariadb-enterprise-cluster-part-3-setup-ha-proxy-load-balancer-read-and-write-pools). Note that Seafile doesn't use read/write isolation techniques. So you don't need to setup read and write pools. diff --git a/manual/deploy_pro/migrate.md b/manual/deploy_pro/migrate.md new file mode 100644 index 00000000..b1dacf1c --- /dev/null +++ b/manual/deploy_pro/migrate.md @@ -0,0 +1,112 @@ +# Migrate data between different backends + +Seafile supports data migration between filesystem, s3, ceph, swift and Alibaba oss (migrating from swift is not supported yet, this support will be added in the future). If you enabled storage backend encryption feature, migration is not supported at the moment. + +Data migration takes 3 steps: + +1. Create a new temporary seafile.conf +2. Run migrate.sh to initially migrate objects +3. Run final migration +4. Replace the original seafile.conf + +## Create a new temporary seafile.conf + +We need to add new backend configurations to this file (including `[block_backend]`, `[commit_object_backend]`, `[fs_object_backend]` options) and save it under a readable path. +Let's assume that we are migrating data to S3 and create temporary seafile.conf under `/opt` + +``` +cat > seafile.conf << EOF +[commit_object_backend] +name = s3 +bucket = seacomm +key_id = ****** +key = ****** + +[fs_object_backend] +name = s3 +bucket = seafs +key_id = ****** +key = ****** + +[block_backend] +name = s3 +bucket = seablk +key_id = ****** +key = ****** +EOF + +mv seafile.conf /opt + +``` + +Repalce the configurations with your own choice. + +## Migrating large number of objects + +If you have millions of objects in the storage (especially fs objects), it may take quite long time to migrate all objects. More than half of the time is spent on checking whether an object exists in the destination storage. **Since Pro edition 7.0.8**, a feature is added to speed-up the checking. + +Before running the migration script, please set this env variable: + +``` +export OBJECT_LIST_FILE_PATH=/path/to/object/list/file + +``` + +3 files will be created: `/path/to/object/list/file.commit`,`/path/to/object/list/file.fs`, `/path/to/object/list/file.blocks`. + +When you run the script for the first time, the object list file will be filled with existing objects in the destination. Then, when you run the script for the second time, it will load the existing object list from the file, instead of querying the destination. And newly migrated objects will also be added to the file. During migration, the migration process checks whether an object exists by checking the pre-loaded object list, instead of asking the destination, which will greatly speed-up the migration process. + +It's suggested that you don't interrupt the script during the "fetch object list" stage when you run it for the first time. Otherwise the object list in the file will be incomplete. + +Another trick to speed-up the migration is to increase the number of worker threads and size of task queue in the migration script. You can modify the `nworker` and `maxsize` variables in the following code: + +``` +class ThreadPool(object): + +def __init__(self, do_work, nworker=20): + self.do_work = do_work + self.nworker = nworker + self.task_queue = Queue.Queue(maxsize = 2000) + +``` + +The number of workers can be set to relatively large values, since they're mostly waiting for I/O operations to finished. + +## Run migrate.sh to initially migrate objects + +This step will migrate **most of** objects from the source storage to the destination storage. You don't need to stop Seafile service at this stage as it may take quite long time to finish. Since the service is not stopped, some new objects may be added to the source storage during migration. Those objects will be handled in the next step. + +We assume you have installed seafile pro server under `~/haiwen`, enter `~/haiwen/seafile-server-latest` and run migrate.sh with parent path of temporary seafile.conf as parameter, here is `/opt`. + +``` +cd ~/haiwen/seafile-server-latest +./migrate.sh /opt + +``` + +Please note that this script is completely reentrant. So you can stop and restart it, or run it many times. It will check whether an object exists in the destination before sending it. + +## Run final migration + +New objects added during the last migration step will be migrated in this step. To prevent new objects being added, you have to stop Seafile service during the final migration operation. This usually take short time. If you have large number of objects, please following the optimization instruction in previous section. + +You just have to stop Seafile and Seahub service, then run the migration script again. + +``` +cd ~/haiwen/seafile-server-latest +./migrate.sh /opt + +``` + +## Replace the original seafile.conf + +After running the script, we need replace the original seafile.conf with new one: + +``` +mv /opt/seafile.conf ~/haiwen/conf + +``` + +now we only have configurations about backend, more config options, e.g. memcache and quota, can then be copied from the original seafile.conf file. + +After replacing seafile.conf, you can restart seafile server and access the data on the new backend. diff --git a/manual/deploy_pro/migrate_from_seafile_community_server.md b/manual/deploy_pro/migrate_from_seafile_community_server.md new file mode 100644 index 00000000..9d5fcd80 --- /dev/null +++ b/manual/deploy_pro/migrate_from_seafile_community_server.md @@ -0,0 +1,196 @@ +# Migrate from Seafile Community Server + +## Restriction + +It's quite likely you have deployed the Seafile Community Server and want to switch to the [Professional Server](http://seafile.com/en/product/private_server/), or vice versa. But there are some restrictions: + +* You can only switch between Community Server and Professional Server of the same minor version. + +That means, if you are using Community Server version 1.6, and want to switch to the Professional Server 1.7, you must first upgrade to Community Server version 1.7, and then follow the guides below to switch to the Professional Server 1.7. (The last tiny version number in 1.7.x is not important.) + +## Preparation + +### Install Java Runtime Environment (JRE) + +Java 8 or higher is required. + +On Ubuntu/Debian: + +``` +sudo apt-get install openjdk-8-jre + +``` + +On CentOS/Red Hat: + +``` +sudo yum install java-1.8.0-openjdk + +``` + +_Note_: Since version 7.0.0, java 1.8 is required, please check your java version by `java -version`. + +### Install poppler-utils + +The package poppler-utils is required for full text search of pdf files. + +On Ubuntu/Debian: + +``` +sudo apt-get install poppler-utils + +``` + +On CentOS/Red Hat: + +``` +sudo yum install poppler-utils + +``` + +## Do the migration + +We assume you already have deployed Seafile Community Server 1.8.0 under `/data/haiwen/seafile-server-1.8.0`. + +### Get the license + +Put the license file you get under the top level directory of your Seafile installation. In our example, it is `/data/haiwen/`. + +### Download & uncompress Seafile Professional Server + +You should uncompress the tarball to the top level directory of your installation, in our example it is `/data/haiwen`. + +``` +tar xf seafile-pro-server_1.8.0_x86-64.tar.gz + +``` + +Now you have: + +``` +haiwen +├── seafile-license.txt +├── seafile-pro-server-1.8.0/ +├── seafile-server-1.8.0/ +├── ccnet/ +├── seafile-data/ +├── seahub-data/ +├── seahub.db +└── seahub_settings.py + +``` + +--- + +You should notice the difference between the names of the Community Server and Professional Server. Take the 1.8.0 64bit version as an example: + +* Seafile Community Server tarball is `seafile-server_1.8.0_x86-86.tar.gz`; After uncompressing, the folder is `seafile-server-1.8.0` +* Seafile Professional Server tarball is `seafile-pro-server_1.8.0_x86-86.tar.gz`; After uncompressing, the folder is `seafile-pro-server-1.8.0` + + +### Do the migration + +* Stop Seafile Community Server if it's running + + +``` +cd haiwen/seafile-server-1.8.0 +./seafile.sh stop +./seahub.sh stop + +``` + +* Run the migration script + + +``` +cd haiwen/seafile-pro-server-1.8.0/ +./pro/pro.py setup --migrate + +``` + +The migration script is going to do the following for you: + +* ensure your have all the prerequisites met +* create necessary extra configurations +* update the avatar directory +* create extra database tables + +Now you have: + +``` +haiwen +├── seafile-license.txt +├── seafile-pro-server-1.8.0/ +├── seafile-server-1.8.0/ +├── ccnet/ +├── seafile-data/ +├── seahub-data/ +├── seahub.db +├── seahub_settings.py +└── pro-data/ + +``` + +> **!Note:** If you upgraded from CE 6.3 to CE 7.0 first, then migrated to Pro 7.0. You also need to log in to MySQL server and create the following data tables in `seafile-db` . + +``` +FileLockTimestamp +FileLocks +FolderGroupPerm +FolderPermTimestamp +FolderUserPerm +GCID +LastGCID +OrgGroupRepo +OrgInnerPubRepo +OrgRepo +OrgSharedRepo +RepoStorageId +RoleQuota + +``` + +For the table statement, please check [table statement](./seafile-sql.md). + +### Start Seafile Professional Server + +``` +cd haiwen/seafile-pro-server-1.8.0 +./seafile.sh start +./seahub.sh start + +``` + +## Switch Back to Community Server + +* Stop Seafile Professional Server if it's running + + +``` +cd haiwen/seafile-pro-server-1.8.0/ +./seafile.sh stop +./seahub.sh stop + +``` + +* Update the avatar directory link just like in [Minor Upgrade](https://github.com/haiwen/seafile/wiki/Upgrading-Seafile-Server#minor-upgrade-like-from-150-to-151) + + +``` +cd haiwen/seafile-server-1.8.0/ +./upgrade/minor-upgrade.sh + +``` + +* Start Seafile Community Server + + +``` +cd haiwen/seafile-server-1.8.0/ +./seafile.sh start +./seahub.sh start + +``` + + diff --git a/manual/deploy_pro/migrate_to_ceph.md b/manual/deploy_pro/migrate_to_ceph.md new file mode 100644 index 00000000..7407d6ff --- /dev/null +++ b/manual/deploy_pro/migrate_to_ceph.md @@ -0,0 +1,191 @@ +# Migrate from File System Backend to Ceph + +Ceph is a scalable distributed storage system. Seafile can use Ceph's RADOS object storage layer for storage backend. + +By default, a typical Seafile server deployment uses file system as storage backend (e.g. Ext4). Later you may want to switch to more scalable storage solution like Ceph. This documentation shows you how to migrate your existing date from file system to Ceph and connect to Ceph. If you're deploying a fresh install with Ceph backend, please refer to [setup with Ceph](setup_with_ceph.md). + +## Copy ceph conf file and client keyring + +Seafile acts as a client to Ceph/RADOS, so it needs to access ceph cluster's conf file and keyring. You have to copy these files from a ceph admin node's /etc/ceph directory to the seafile machine. + +``` +seafile-machine# sudo scp user@ceph-admin-node:/etc/ceph/ /etc +``` + +## Install and enable memcached + +For best performance, Seafile requires install memcached and enable memcache for objects. + +We recommend to allocate 128MB memory for memcached. Edit /etc/memcached.conf + +``` +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +# -m 64 +-m 128 +``` + +## Install Python Ceph Library + +File search and WebDAV functions rely on Python Ceph library installed in the system. + +On Debian/Ubuntu: + +``` +sudo apt-get install python-ceph +``` + +On RedHat/CentOS: + +``` +sudo yum install python-rados +``` + +## Create Pools for Seafile in Ceph + +It's recommended to create separate pools for commit, fs, and block objects. + +``` +ceph-admin-node# rados mkpool seafile-blocks +ceph-admin-node# rados mkpool seafile-commits +ceph-admin-node# rados mkpool seafile-fs +``` + +## Migrate Existing Data to Ceph + +The migration process involves 3 steps: + +1. Create a Seafile config folder for Ceph +2. Run the migration script +3. Update seafile.conf + +### Create a Seafile Config Folder for Ceph + +In the Seafile installation folder (e.g. `haiwen`), + +``` +cd haiwen +mkdir ceph-conf +cp conf/seafile.conf ceph-conf +``` + +Edit `ceph-conf/seafile.conf`, add the following lines: + +``` +[block_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +pool = seafile-blocks +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[commit_object_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +pool = seafile-commits +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[fs_object_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +pool = seafile-fs +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 +``` + +Now there are two seafile.conf files, one under `conf` folder and the other under `ceph-conf` folder. + +### Run Migration Script + +From Pro edition 6.0.0 on, the migration scripts are included in the package. For older versions, you have to download the two scripts into `seafile-server-latest` folder: + +- https://github.com/haiwen/seafile-server/blob/master/scripts/seafobj_migrate.py +- https://github.com/haiwen/seafile-server/blob/master/scripts/migrate-to-ceph.sh + +You can run the migration script when your Seafile server is still running. + +``` +cd haiwen/seafile-server-latest +./migrate-to-ceph.sh ../ceph-conf +``` + +If there is any error in the migration process, the script will stop. After you check and fix the errors, you can run the script again. The script is designed to be idempotent to multiple runs. It only copies non-existing objects to Ceph. The script won't delete any objects from the file system backend. + +***After the initial migration completes successfully, you need to shutdown the Seafile server and run the script again to migrate the data that's added when you run the initial migration.*** Since the script won't migrate objects that have been migrated, this phase should finish in a short time. + +### Update seafile.conf + +After migration is done. You need to update `conf/seafile.conf` to make Seafile server use Ceph as backend in the future. + +``` +cp -R conf conf-backup +cp ceph-conf/seafile.conf conf/seafile.conf +``` + +After restart, Seafile server will use Ceph as backend. + +### Using memcached cluster + +In a cluster environment, you may want to use a memcached cluster. In the above configuration, you have to specify all the memcached server node addresses in seafile.conf + +``` +memcached_options = --SERVER=192.168.1.134 --SERVER=192.168.1.135 --SERVER=192.168.1.136 --POOL-MIN=10 --POOL-MAX=100 --RETRY-TIMEOUT=3600 +``` + +Notice that there is a `--RETRY-TIMEOUT=3600` option in the above config. This option is important for dealing with memcached server failures. After a memcached server in the cluster fails, Seafile server will stop trying to use it for "RETRY-TIMEOUT" (in seconds). You should set this timeout to relatively long time, to prevent Seafile from retrying the failed server frequently, which may lead to frequent request errors for the clients. + +## Notes for Ubuntu 16.04 + +Since version 5.1.0 version, we upgraded the bundled Ceph rados library to 0.94.6. On Ubuntu 16.04, this causes some incompatibility. To work around this issue, you have to install librados 0.94.6 in the Ubuntu system (from Ceph's official repositories) and let Seafile use the library from system. To do this, you have to remove a few bundled libraries: + +``` +cd seafile-server-latest/seafile/lib +rm librados.so.2 libstdc++.so.6 libnspr4.so +``` + +## Use arbitary Ceph user + +The above configuration will use the default (client.admin) user to connect to Ceph. +You may want to use some other Ceph user to connect. This is supported in Seafile. +To specify the Ceph user, you have to add a `ceph_client_id` option to seafile.conf, as the following: + +``` +[block_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +# Sepcify Ceph user for Seafile here +ceph_client_id = seafile +pool = seafile-blocks +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[commit_object_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +# Sepcify Ceph user for Seafile here +ceph_client_id = seafile +pool = seafile-commits +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[fs_object_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +# Sepcify Ceph user for Seafile here +ceph_client_id = seafile +pool = seafile-fs +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 +``` + +You can create a ceph user for seafile on your ceph cluster like this: + +``` +ceph auth add client.seafile \ + mds 'allow' \ + mon 'allow r' \ + osd 'allow rwx pool=seafile-blocks, allow rwx pool=seafile-commits, allow rwx pool=seafile-fs' +``` + +You also have to add this user's keyring path to /etc/ceph/ceph.conf: + +``` +[client.seafile] +keyring = +``` diff --git a/manual/deploy_pro/multi_institutions.md b/manual/deploy_pro/multi_institutions.md new file mode 100644 index 00000000..4c7584ac --- /dev/null +++ b/manual/deploy_pro/multi_institutions.md @@ -0,0 +1,40 @@ +# Multiple Organization/Institution User Management + +Starting from version 5.1, you can add institutions into Seafile and assign users into institutions. Each institution can have one or more administrators. This feature is to ease user administration when multiple organizations (universities) share a single Seafile instance. Unlike multi-tenancy, the users are not-isolated. A user from one institution can share files with another institution. + +## Turn on the feature + +In `seahub_settings.py`, add `MULTI_INSTITUTION = True` to enable multi-institution feature. And add + +``` +EXTRA_MIDDLEWARE_CLASSES += ( + 'seahub.institutions.middleware.InstitutionMiddleware', +) +``` + +or + +``` +EXTRA_MIDDLEWARE_CLASSES = ( + 'seahub.institutions.middleware.InstitutionMiddleware', +) +``` + +if `EXTRA_MIDDLEWARE_CLASSES` is not defined. + +## Add institutions and institution admins + +After restarting Seafile, a system admin can add institutions by adding institution name in admin panel. He can also click into an institution, which will list all users whose `profile.institution` match the name. + +## Assign users to institutions + +If you are using Shibboleth, you can map a Shibboleth attribute into institution. For example, the following configuration maps organization attribute to institution. + +``` +SHIBBOLETH_ATTRIBUTE_MAP = { + "givenname": (False, "givenname"), + "sn": (False, "surname"), + "mail": (False, "contact_email"), + "organization": (False, "institution"), +} +``` diff --git a/manual/deploy_pro/multi_tenancy.md b/manual/deploy_pro/multi_tenancy.md new file mode 100644 index 00000000..10828757 --- /dev/null +++ b/manual/deploy_pro/multi_tenancy.md @@ -0,0 +1,27 @@ +Multi-tenancy feature is designed for hosting providers that what to host several customers in a single Seafile instance. You can create multi-organizations. Organizations is separated from each other. Users can't share libraries between organizations. + +## Seafile Config ## + +#### seafile.conf + +``` +[general] +multi_tenancy = true +``` + +#### seahub_settings.py + +``` +CLOUD_MODE = True +MULTI_TENANCY = True + +ORG_MEMBER_QUOTA_ENABLED = True +``` + +## Usage + +An organization can be created via system admin in “admin panel->organization->Add organization”. + +Every organization has an URL prefix. This field is *for future usage*. When a user create an organization, an URL like org1 will be automatically assigned. + +After creating an organization, the first user will become the admin of that organization. The organization admin can add other users. Note, the system admin can't add users. diff --git a/manual/deploy_pro/multiple_storage_backends.md b/manual/deploy_pro/multiple_storage_backends.md new file mode 100644 index 00000000..214083f1 --- /dev/null +++ b/manual/deploy_pro/multiple_storage_backends.md @@ -0,0 +1,230 @@ +# Multiple Storage Backend + +There are some use cases that supporting multiple storage backends in Seafile server is needed. Such as: + +1. Store different types of files into different storage backends. For example, normal files can be stored in primary storage (disks, SSD); Archived files can be stored in cold storage (tapes or other backup systems). +2. Combine multiple storage backends to extend storage scalability. For example, a single NFS volume may be limited by size; a single S3 bucket of Ceph RGW may suffer performance decrease when the number of objects become very large. + +The library data in Seafile server are spreaded into multiple storage backends in the unit of libraries. All the data in a library will be located in the same storage backend. The mapping from library to its storage backend is stored in a database table. Different mapping policies can be chosen based on the use case. + +To use this feature, you need to: + +1. Define storage classes in seafile.conf. +2. Enable multiple backend feature in seahub and choose a mapping policy. + +## Defining Storage Classes + +In Seafile server, a storage backend is represented by the concept of "storage class". A storage class is defined by specifying the following information: + +* `storage_id`: an internal string ID to identify the storage class. It's not visible to users. For example "primary storage". +* `name`: A user visible name for the storage class. +* `is_default`: whether this storage class is the default. This option are effective in two cases: + * If the chosen mapping policy allows users to choose storage class for a library, this would be the default if the user doesn't choose one. + * For other mapping policies, this option only takes effect when you have some existing libraries before enabling multiple storage backend feature. For existing libraries, the system will automatically map them to the default storage backend. So in this case you have to set the existing storage backend as the default one. +* `commits`:the storage for storing the commit objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3. +* `fs`:the storage for storing the fs objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3. +* `blocks`:the storage for storing the block objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3. + +commit, fs, and blocks can be stored in different storages. This provides the most flexible way to define storage classes. + +As Seafile server before 6.3 version doesn't support multiple storage classes, you have to explicitely enable this new feature and define storage classes with a different syntax than how we define storage backend before. + +First, you have to enable this feature in seafile.conf. + +``` +[storage] +enable_storage_classes = true +storage_classes_file = /opt/seafile_storage_classes.json + +[memcached] +memcached_options = --SERVER= --POOL-MIN=10 --POOL-MAX=100 + +``` + +* enable_storage_classes :If this is set to true, storage class feature is enabled. You have to define the storage classes in a JSON file provided in the next configuration option. +* storage_classes_file:Specifies the path for the JSON file that contains storage class definition. + +The JSON file is an array of objects. Each object defines a storage class. The fields in the definition corresponds to the information we need to specify for a storage class. Below is an example: + +``` +[ +{ +"storage_id": "hot_storage", +"name": "Hot Storage", +"is_default": true, +"commits": {"backend": "s3", "bucket": "seafile-commits", "key": "ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09", "key_id": "AKIAIOT3GCU5VGCCL44A"}, +"fs": {"backend": "s3", "bucket": "seafile-fs", "key": "ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09", "key_id": "AKIAIOT3GCU5VGCCL44A"}, +"blocks": {"backend": "s3", "bucket": "seafile-blocks", "key": "ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09", "key_id": "AKIAIOT3GCU5VGCCL44A"} +}, + +{ +"storage_id": "cold_storage", +"name": "Cold Storage", +"is_default": false, +"fs": {"backend": "fs", "dir": "/storage/seafile/seafile-data"}, +"commits": {"backend": "fs", "dir": "/storage/seafile/seafile-data"}, +"blocks": {"backend": "fs", "dir": "/storage/seafile/seaflle-data"} +}, + +{ +"storage_id": "swift_storage", +"name": "Swift Storage", +"fs": {"backend": "swift", "tenant": "adminTenant", "user_name": "admin", "password": "openstack", "container": "seafile-commits", "auth_host": "192.168.56.31:5000", "auth_ver": "v2.0"}, +"commits": {"backend": "swift", "tenant": "adminTenant", "user_name": "admin", "password": "openstack", "container": "seafile-fs", "auth_host": "192.168.56.31:5000", "auth_ver": "v2.0"}, +"blocks": {"backend": "swift", "tenant": "adminTenant", "user_name": "admin", "password": "openstack", "container": "seafile-blocks", "auth_host": "192.168.56.31:5000", "auth_ver": "v2.0", "region": "RegionTwo"} +} + +{ +"storage_id": "ceph_storage", +"name": "ceph Storage", +"fs": {"backend": "ceph", "ceph_config": "/etc/ceph/ceph.conf", "pool": "seafile-fs"}, +"commits": {"backend": "ceph", "ceph_config": "/etc/ceph/ceph.conf", "pool": "seafile-commits"}, +"blocks": {"backend": "ceph", "ceph_config": "/etc/ceph/ceph.conf", "pool": "seafile-blocks"} +} +] + +``` + +As you may have seen, the `commits`, `fs` and `blocks` information syntax is similar to what used in `[commit_object_backend]`, `[fs_object_backend]` and `[block_backend]` section of seafile.conf. + +If you use file system as storage for `fs`, `commits` or `blocks`, you have to explicitely provide the path for the `seafile-data` directory. The objects will be stored in `storage/commits`, `storage/fs`, `storage/blocks` under this path. + +_Note_: Currently file system, S3 and Swift backends are supported. Ceph/RADOS is supported since version 7.0.14. + +## Library Mapping Policies + +Library mapping policies decide the storage class a library uses. Currently we provide 3 policies for 3 different use cases. The storage class of a library is decided on creation and stored in a database table. The storage class of a library won't change if the mapping policy is changed later. + +Before choosing your mapping policy, you need to enable storage classes feature in seahub_settings.py: + +``` +ENABLE_STORAGE_CLASSES = True + +``` + +### User Chosen + +This policy lets the users to choose which storage class to use when creating a new library. The users can select any storage class that's been defined in the JSON file. + +To use this policy, add following options in seahub_settings.py: + +``` +STORAGE_CLASS_MAPPING_POLICY = 'USER_SELECT' + +``` + +If you enable storage class support but don't explicitely set `STORAGE_CLASS_MAPPING_POLIICY` in seahub_settings.py, this policy is used by default. + +### Role-based Mapping + +Due to storage cost or management consideration, sometimes system admin wants to make different type of users to use different storage backends (or classes). You can configure user's storage classes based on their roles. + +A new option `storage_ids` is added to the role configuration in `seahub_settings.py` to assign storage classes to each role. If only one storage class is assigned to a role, the users with this role cannot choose storage class for libraries; otherwise, the users can choose storage class if more than one classes are assigned. If no storage class is assigned to a role, the default class specified in the JSON file will be used. + +Here is sample options in seahub_settings.py to use this policy: + +``` +ENABLE_STORAGE_CLASSES = True +STORAGE_CLASS_MAPPING_POLICY = 'ROLE_BASED' + +ENABLED_ROLE_PERMISSIONS = { + 'default': { + 'can_add_repo': True, + 'can_add_group': True, + 'can_view_org': True, + 'can_use_global_address_book': True, + 'can_generate_share_link': True, + 'can_generate_upload_link': True, + 'can_invite_guest': True, + 'can_connect_with_android_clients': True, + 'can_connect_with_ios_clients': True, + 'can_connect_with_desktop_clients': True, + 'storage_ids': ['old_version_id', 'hot_storage', 'cold_storage', 'a_storage'], + }, + 'guest': { + 'can_add_repo': True, + 'can_add_group': False, + 'can_view_org': False, + 'can_use_global_address_book': False, + 'can_generate_share_link': False, + 'can_generate_upload_link': False, + 'can_invite_guest': False, + 'can_connect_with_android_clients': False, + 'can_connect_with_ios_clients': False, + 'can_connect_with_desktop_clients': False, + 'storage_ids': ['hot_storage', 'cold_storage'], + }, +} + +``` + +### Library ID Based Mapping + +This policy maps libraries to storage classes based on its library ID. The ID of a library is an UUID. In this way, the data in the system can be evenly districuted among the storage classes. + +Note that this policy is not a designed to be a complete distributed storage solution. It doesn't handle automatical migration of library data between storage classes. If you need to add more storage classes to the configuration, existing libraries will stay in their original storage classes. New libraries can be distributed among the new storage classes (backends). You still have to plan about the total storage capacity of your system at the beginning. + +To use this policy, you first add following options in seahub_settings.py: + +``` +STORAGE_CLASS_MAPPING_POLICY = 'REPO_ID_MAPPING' + +``` + +Then you can add option `for_new_library` to the backends which are expected to store new libraries in json file: + +``` +[ +{ +"storage_id": "new_backend", +"name": "New store", +"for_new_library": true, +"is_default": false, +"fs": {"backend": "fs", "dir": "/storage/seafile/new-data"}, +"commits": {"backend": "fs", "dir": "/storage/seafile/new-data"}, +"blocks": {"backend": "fs", "dir": "/storage/seafile/new-data"} +} +] + +``` + +## Multiple Storage Backend Data Migration + +Run the `migrate-repo.sh` script to migrate library data between different storage backends. + +``` +./migrate-repo.sh [repo_id] origin_storage_id destination_storage_id + +``` + +* repo_id: migrated library id +* origin_storage_id: migrated origin storage id +* destination_storage_id: migrated destination storage id + +repo_id is optional, if not specified, all libraries will be migrated. + +Before running the migration script, you can set the `OBJECT_LIST_FILE_PATH` environment variable to specify a path prefix to store the migrated object list. + +For example: + +``` +export OBJECT_LIST_FILE_PATH=/opt/test + +``` + +This will create three files in the specified path (/opt): `test_4c731e5c-f589-4eaa-889f-14c00d4893cb.fs` `test_4c731e5c-f589-4eaa-889f-14c00d4893cb.commits` `test_4c731e5c-f589-4eaa-889f-14c00d4893cb.blocks` +Setting the `OBJECT_LIST_FILE_PATH` environment variable has two purposes: + +1. If the migrated library is very large, you need to run the migration script multiple times. Setting this environment variable can skip the previously migrated objects. +2. After the migration is complete, if you need to delete the objects in the origin storage, you must set this environment variable. + +### Delete All Objects In a Library In The Specified Storage Backend + +Run the `remove-objs.sh` script (before migration, you need to set the OBJECT_LIST_FILE_PATH environment variable) to delete all objects in a library in the specified storage backend. + +``` +./remove-objs.sh repo_id storage_id + +``` + + diff --git a/manual/deploy_pro/office_documents_preview.md b/manual/deploy_pro/office_documents_preview.md new file mode 100644 index 00000000..406c56ea --- /dev/null +++ b/manual/deploy_pro/office_documents_preview.md @@ -0,0 +1,219 @@ +# Office Documents Preview with LibreOffice + +Seafile Professional Server supports previewing office documents online by converting them to PDF. You can follow these steps to use the feature. If you'd like to edit office files online, you can integrate Seafile with Microsoft Office Online server, LibreOffice online or OnlyOffice. + +## Version 7.0 or below + +### Install Libreoffice/UNO + +Libreoffice 4.1+ and Python-uno library are required to enable office files online preview. + +On Ubuntu/Debian: + +```bash +sudo apt-get install libreoffice libreoffice-script-provider-python + +``` + +> For older version of Ubuntu: `sudo apt-get install libreoffice python-uno` + +On Centos/RHEL: + +```bash +sudo yum install libreoffice libreoffice-headless libreoffice-pyuno + +``` + +For other Linux distributions: [Installation of LibreOffice on Linux](https://wiki.documentfoundation.org/Documentation/Install/Linux#Terminal-Based_Install) + +Also, you may need to install fonts for your language, especially for Asians, otherwise the office/pdf document may not display correctly. + +For example, Chinese users may wish to install the WenQuanYi series of truetype fonts: + +```bash +# For ubuntu/debian +sudo apt-get install ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy + +``` + +### Install poppler-utils + +The package poppler-utils is also required. + +On Ubuntu/Debian: + +```bash +sudo apt-get install poppler-utils + +``` + +On CentOS/Red Hat: + +```bash +sudo yum install poppler-utils + +``` + +### Enable Office Preview + +1. Open file `seafevents.conf`, in the `OFFICE CONVERTER` section: + +```conf +[OFFICE CONVERTER] +enabled = true + +``` + +1. After modifying and saving `seafevents.conf`, restart seafile server by `./seafile.sh restart` +2. Open a doc/ppt/xls/pdf file on seahub, you should be about the previewing it in your browser. + +### Other Configurable Options + +Here are full list of options you can fine tune: + +```conf +[OFFICE CONVERTER] + +## must be "true" to enable office/pdf file online preview +enabled = true + +## How many libreoffice worker processes to run concurrenlty +workers = 1 + +## where to store the converted office/pdf files. Deafult is /tmp/. +outputdir = /tmp/ + +``` + +## Version 7.1+ + +### Install Libreoffice/UNO + +Libreoffice 4.1+ and Python-uno library are required to enable office files online preview. + +On Ubuntu/Debian: + +```bash +sudo apt-get install libreoffice libreoffice-script-provider-python + +``` + +> For older version of Ubuntu: `sudo apt-get install libreoffice python-uno` + +On Centos/RHEL, you need to first remove the default libreoffice in the distribution: + +``` +yum remove --setopt=clean_requirements_on_remove=0 libreoffice-* + +``` + +Then install version 6.4 or newer ([Installation of LibreOffice on Linux](https://wiki.documentfoundation.org/Documentation/Install/Linux#Terminal-Based_Install)). + +Also, you may need to install fonts for your language, especially for Asians, otherwise the office document may not display correctly. + +### Enable Office Preview + +Open file `seafevents.conf`, in the `OFFICE CONVERTER` section: + +```conf +[OFFICE CONVERTER] +enabled = true +host = 127.0.0.1 +port = 6000 + +``` + +After modifying and saving `seafevents.conf`, restart seafile server by `./seafile.sh restart` + +The office converter process will be started and listen on 127.0.0.1:6000 + +In `seahub_settings.py`, add the following config + +``` +OFFICE_CONVERTOR_ROOT = 'http://127.0.0.1:6000/' + +``` + +Open a doc/ppt/xls file on Seahub, you should be about the previewing it in your browser. + +### Other Configurable Options + +Here are full list of options you can fine tune: + +```conf +[OFFICE CONVERTER] + +## must be "true" to enable office file online preview +enabled = true + +## How many libreoffice worker processes to run concurrenlty +workers = 1 + +## where to store the converted office/pdf files. Deafult is /tmp/. +outputdir = /tmp/ + +host = 127.0.0.1 +port = 6000 + +``` + +## FAQ about Office document preview + +* Document preview doesn't work, where to find more information? + + You can check the log at logs/seafevents.log + +* My server is CentOS, and I see errors like "/usr/lib64/libreoffice/program/soffice.bin X11 error: Can't open display", how could I fix it? + + This error indicates you have not installed the `libreoffice-headless` package. Install it by `"sudo yum install libreoffice-headless"`. + +* Document preview doesn't work on my Ubuntu/Debian server, what can I do? + +Current office online preview works with libreoffice 4.0-4.2. If the version of libreoffice installed by `apt-get` is too old or too new, you can solve this by: + +Remove the installed libreoffice: + +``` +sudo apt-get remove libreoffice* python-uno python3-uno + +``` + +Download libreoffice packages from [libreoffice official site](https://downloadarchive.documentfoundation.org/libreoffice/old/) + +Install the downloaded pacakges: + +``` +tar xf LibreOffice_4.1.6_Linux_x86-64_deb.tar.gz +cd LibreOffice_4.1.6.2_Linux_x86-64_deb +cd DEBS +sudo dpkg -i *.deb + +``` + +Restart your seafile server and try again. It should work now. + +``` +./seafile.sh restart + +``` + +* The browser displays "document conversion failed", and in the logs I see messages like `[WARNING] failed to convert xxx to ...`, what should I do? + + Sometimes the libreoffice process need to be restarted, especially if it's the first time seafile server is running on the server. + + Try to kill the libreoffice process: + + ```sh + pkill -f soffice.bin + + ``` + + Now try re-opening the preview page in the brower again. + + Also if you are deploying seafile in cluster mode, make sure memcached is working on each server. + +* The above solution does not solve my problem. + + Please check whether the user you run Seafile can correctly start the libreoffice process. There may be permission problems. For example, if you use www-data user to run Seafile, make sure www-data has a home directory and can write to the home directory. + + diff --git a/manual/deploy_pro/office_web_app.md b/manual/deploy_pro/office_web_app.md new file mode 100644 index 00000000..0b17c143 --- /dev/null +++ b/manual/deploy_pro/office_web_app.md @@ -0,0 +1,82 @@ +# Office Online Server + +In Seafile Professional Server Version 4.4.0 (or above), you can use Microsoft Office Online Server (formerly named Office Web Apps) to preview documents online. Office Online Server provides the best preview for all Office format files. It also support collaborative editing of Office files directly in the web browser. For organizations with Microsoft Office Volume License, it's free to use Office Online Server. For more information about Office Online Server and how to deploy it, please refer to . + +**Notice**: Seafile only supports Office Online Server 2016 and above. + +Seafile's own Office file preview is still the default. To use Office Online Server for preview, please add following config option to seahub_settings.py. + +```python +# Enable Office Online Server +ENABLE_OFFICE_WEB_APP = True + +# Url of Office Online Server's discovery page +# The discovery page tells Seafile how to interact with Office Online Server when view file online +# You should change `http://example.office-web-app.com` to your actual Office Online Server server address +OFFICE_WEB_APP_BASE_URL = 'http://example.office-web-app.com/hosting/discovery' + +# Expiration of WOPI access token +# WOPI access token is a string used by Seafile to determine the file's +# identity and permissions when use Office Online Server view it online +# And for security reason, this token should expire after a set time period +WOPI_ACCESS_TOKEN_EXPIRATION = 60 * 60 * 24 # seconds + +# List of file formats that you want to view through Office Online Server +# You can change this value according to your preferences +# And of course you should make sure your Office Online Server supports to preview +# the files with the specified extensions +OFFICE_WEB_APP_FILE_EXTENSION = ('ods', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', + 'pptm', 'pptx', 'doc', 'docm', 'docx') + +# Enable edit files through Office Online Server +ENABLE_OFFICE_WEB_APP_EDIT = True + +# types of files should be editable through Office Online Server +# Note, Office Online Server 2016 is needed for editing docx +OFFICE_WEB_APP_EDIT_FILE_EXTENSION = ('xlsx', 'pptx', 'docx') + + +# HTTPS authentication related (optional) + +# Server certificates +# Path to a CA_BUNDLE file or directory with certificates of trusted CAs +# NOTE: If set this setting to a directory, the directory must have been processed using the c_rehash utility supplied with OpenSSL. +OFFICE_WEB_APP_SERVER_CA = '/path/to/certfile' + + +# Client certificates +# You can specify a single file (containing the private key and the certificate) to use as client side certificate +OFFICE_WEB_APP_CLIENT_PEM = 'path/to/client.pem' + +# or you can specify these two file path to use as client side certificate +OFFICE_WEB_APP_CLIENT_CERT = 'path/to/client.cert' +OFFICE_WEB_APP_CLIENT_KEY = 'path/to/client.key' + +``` + +Then restart + +``` +./seafile.sh restart +./seahub.sh restart + +``` + +After you click the document you specified in seahub_settings.py, you will see the new preview page. + +![office-web-app](../images/office-web-app.png) + +## Trouble shooting + +Understanding how the web app integration works is going to help you debugging the problem. When a user visits a file page: + +1. (seahub->browser) Seahub will generate a page containing an iframe and send it to the browser +2. (browser->office online server) With the iframe, the browser will try to load the file preview page from the office online server +3. (office online server->seahub) office online server receives the request and sends a request to Seahub to get the file content +4. (office online server->browser) office online server sends the file preview page to the browser. + +Please check the Nginx log for Seahub (for step 3) and Office Online Server to see which step is wrong. + +### Notes on Windows paging files + +You should make sure you have configured at least a few GB of paging files in your Windows system. Otherwise the IIS worker processes may die randomly when handling Office Online requests. diff --git a/manual/deploy_pro/real_time_backup.md b/manual/deploy_pro/real_time_backup.md new file mode 100644 index 00000000..7beeae07 --- /dev/null +++ b/manual/deploy_pro/real_time_backup.md @@ -0,0 +1,184 @@ +# Seafile Real-Time Backup Server + +Backup is the procedure that copies data from a primary server (which is running production service) to a backup server. + +Backup is an important procedure to keep data safe. The basic backup procedure described in [this documentation](../maintain/backup_recovery.md) has a few drawbacks: + +- The backup is done in fixed "backup windows" (once per day or a few times per day). The latest data written between two backup windows will be lost if the primary server storage is damaged. +- The backup procedure backup database and data directory separately. In the backup server, some entries in the database may become inconsistent with the data directory. This causes some libraries become "corrupted" after restore. + +The real-time backup server uses a syncing algorithm similar to the Seafile desktop client to retrieve data from the primary server. It works as follows: + +- Whenever a library is updated, the primary server notifies the backup server to retrieve the changed data. With a delta syncing algorithm, this procedure runs quickly and updates the backup server in nearly real-time. +- The backup server also checks all libraries on the primary server at a fixed period. Any new or updated libraries will be synced to the backup server. This will pick up any legged updates due to glitches in the above real-time sync procedure. +- The backup server always keep the database and data directory consistent. So no libraries on the backup server will be in corrupted state (unless they're already corrupted on the primary server). +- The full history of all libraries will be backed up. This is not like the desktop client, which only syncs the latest state of a library. + +There are two sets of data that need to be backup: + +- The seafile-data directory and the core library metadata tables in the seafile database. This data is the core data structures of the libraries in Seafile. They're synced to the backup server with Seafile's syncing algorithm. In this procedure, the metadata tables are kept consistent with the seafile-data directory. +- All other tables in the database (including seafile, ccnet and seahub databases) are backup with mysqldump. mysqldump can't backup the database in real time. You can setup a crontab for mysqldump at regular intervals. The latency of backup for these tables doesn't affect the integrity of library data. + +In the following discussion, we'll use "primary server" and "master server", "backup server" and "slave server" interchangeably. + +## Configure Real-Time Backup Server + +We assume you already have a primary server running, and now you want to setup a backup server. + +The steps to setup the backup server are: + +1. Install Seafile on the backup server +2. Configure Seafile syncing between the primary server and the backup server +3. Backup the tables in the database by `mysqldump` at regular intervals + +### Install Seafile on the Backup Server + +You should install Seafile Pro Edition on the backup server according to [this documentation](../deploy_pro/download_and_setup_seafile_professional_server.md). Since the real-time backup feature is only available for 5.1.0 or later, you also have to upgrade your primary server to 5.1.0 version or later. + +When installing Seafile on the backup server, you have to notice: + +- The database names (ccnet, seafile and seahub database) should be the same as the names on the primary server. +- You don't need to enable other Pro features, such as Office file preview, search indexing, file auditing etc. +- You can't start the seahub progress on backup server. It means that usually the Seafile backup server can't provide service. + +### Configure Real-time Backup in Seafile + +On the primary server, add following options to seafile.conf: + +``` +[backup] +backup_url = http://backup-server +sync_token = c7a78c0210c2470e14a20a8244562ab8ad509734 +``` + +On the backup server, add following options to seafile.conf: + +``` +[backup] +primary_url = http://primary-server +sync_token = c7a78c0210c2470e14a20a8244562ab8ad509734 +sync_poll_interval = 3 +``` + +- `backup_url`: the backup server's address in url format. You can use http or https. +- `primary_url`: the primary server's address in url format. +- `sync_token`: a secret that shared between the primary and backup server. It's 40 character SHA1 generated by the system admin. You can use `uuidgen | openssl sha1` command to generate a random token. +- `sync_poll_interval`: The backup server polls all libraries of the primary server periodically. You can set the poll interval in the unit of hours. The default interval is 1 hour, which mean the backup server will poll the primary every hour. You should choose larger intervals if you have large number of libraries. + +If you use https to sync between primary and backup servers, you have to use the correct Seafile server package for your system. If you run CentOS, you should use the Seafile package named without "Ubuntu" suffix; if you run Debian or Ubuntu, you should use the Seafile package named with "Ubuntu" suffix. Otherwise you may meet CA error in https requests. + +After saving the configuration, restart seafile service on the primary and backup servers. The backup server will automatically start backup on restart. + +**Note**: Don't start the seahub progress on the Seafile backup server. + +### Backup the Databases + +Backup data from the databases on the primary server's MySQL with mysqldump: + +``` +mysqldump -u -p --databases \ +--ignore-table=.Repo \ +--ignore-table=.Branch \ +--ignore-table=.RepoHead \ + > dbdump.sql +``` + +You should replace ``, `` with your MySQL admin user and password. You should replace ``, `` and `` with your database names. + +The three ignored tables are core tables related to library data and are synced by Seafile backup server in a real-time manner. They're kept in the seafile database of the backup server and are separated from the mysqldump process. + +**You should setup crontab to run the mysqldump at regular intervals.** + +If you want to backup the tables (except for the 3 tables synced by Seafile) in a more real-time manner, you can deploy the master-slave replication for the MySQL/MariaDB database from the primary node to another database server. **The database running on the backup server must not be used as the target of this replication.** Otherwise you'll end up with replication conflicts, since the db on backup server will also be updated by Seafile backup process too. + +### Checking Backup Status + +After the above setup, you should now have the below layout of your backup data: + +* Library data is backed up and managed by Seafile backup server. The data can be stored on external storage, object storage, or local disk, depending on your setup for the backup server. +* Database tables are splited into two parts: + * 3 core library tables are backup in real-time to the backup node's MySQL database. + * Other tables are regularly dumped to a file with mysqldump. The backup files are stored somewhere other than the primary server. + +`seaf-backup-cmd.sh` provides `status` command to view the backup status. The output is like: + +``` +# ./seaf-backup-cmd.sh status +Total number of libraries: xxx +Number of synchronized libraries: xxx +Number of libraries waiting for sync: xxx +Number of libraries syncing: xxx +Number of libraries failed to sync: xxx + +List of syncing libraries: +xxx +xxx + +List of libraries failed to sync: +xxx +xxx +``` + +There are a few reasons that may fail the backup of a library: + +- Some data in the primary server is corrupted. The data may be in the latest state or in history. Since the backup procedure syncs the full history, corruption in history will fail the backup. +- The primary server has run seaf-fsck, which may restore a library back to an older state. + +## Restore from the Backup Server + +In the unfortunate situation of severe data corruptoin happens on the primary server, you can restore your service quickly directly on the backup server. The recovered service can directly be run on the backup server. + +There are tow steps to restore on the backup server: + +- Import the latest mysql dump file into the Seafile backup server's MySQL database. +- Enable other Pro features on the Seafile backup server, and start seahub progress `./seahub.sh start`. + +#### Step1: Import mysql dump file into backup server + +Importing the latest mysql dump file into the backup server's database: + +``` +mysql -u -p < dbdump.sql +``` + +Replace `` and `` with your MySQL admin user name and password. + +#### Step2: Start the backup server's seahub + +Copy the seafile's configuration to the backup server, then start the seahub progress on the backup server. + +``` +./seahub.sh start +``` + +## Setup Backup Server for Seafile Cluster + +If your primary service runs as a Seafile cluster, you have two points to notice when setting up a backup server: + +1. You should only use one MySQL instance as the replication master, if you're using MariaDB cluster. +2. You have to change seafile.conf and set the `backup_url` and `sync_token` options on each Seafile node. The configuration on all primary Seafile node should be the same. They all point to the same backup server. + +Currently you cannot deploy the backup service **as** a cluster. That is, you can only use a single node as backup server. This support may be added in the future. + +## Managing the Real-time Backup Server + +`seaf-backup-cmd.sh` script is the tool for managing the backup server. The `seaf-backup-cmd.sh` script provides the following commands: + +### Manually Trigger Syncing a Library + +You can use the `sync` command to manually schedule backup of a library: + +``` +# ./seaf-backup-cmd.sh sync +``` + +The command will block until the backup is finished. + +### Handling Backup Errors + +The `--force` option of `sync` command can be used to force failing backup to complete. Permanent backup failures are usually caused by data corruption of a library in the primary server. The `--force` option asks the backup to skip corrupted objects and finish the backup. + +When you find a backup error, follow two steps: + +1. Run seaf-fsck on the primary server, for the failing libraries. Fsck fixes any corruption for the latest state of the libraries. +2. Run `seaf-backup-cmd.sh sync --force ` on the backup server. diff --git a/manual/deploy_pro/roles_permissions.md b/manual/deploy_pro/roles_permissions.md new file mode 100644 index 00000000..5c26f914 --- /dev/null +++ b/manual/deploy_pro/roles_permissions.md @@ -0,0 +1,159 @@ +# Roles and Permissions Support + +Starting from version 6.0, you can add/edit roles and permission for users. A role is just a group of users with some pre-defined permissions, you can toggle user roles in user list page at admin panel. + +In version 6.0, we support 10 permissions, more permissions will be added later. + +In version 6.1, we added a new permission `role_quota` which can be used to set quota for a certain role of users. For example, we can set the quota of employee to 100G by adding `'role_quota': '100g'`, and leave other role of users to the default quota. + +Since version 6.3.6, we added a new permission `can_add_public_repo`(whether or not you can create a public library, default is "False"). + +**Note:**The `can_add_public_repo` option will not take effect if you configure global `CLOUD_MODE = True`. + +Seafile comes with two build-in roles `default` and `guest`, a default user is a normal user with permissions as followings: +``` + 'default': { + 'can_add_repo': True, + 'can_add_group': True, + 'can_view_org': True, + 'can_use_global_address_book': True, + 'can_generate_share_link': True, + 'can_generate_upload_link': True, + 'can_invite_guest': False, + 'can_connect_with_android_clients': True, + 'can_connect_with_ios_clients': True, + 'can_connect_with_desktop_clients': True, + 'role_quota': '', + 'can_publish_repo': True, + }, +``` + +While a guest user can only read files/folders in the system, here are the permissions for a guest user: +``` + 'guest': { + 'can_add_repo': False, + 'can_add_group': False, + 'can_view_org': False, + 'can_use_global_address_book': False, + 'can_generate_share_link': False, + 'can_generate_upload_link': False, + 'can_invite_guest': False, + 'can_connect_with_android_clients': False, + 'can_connect_with_ios_clients': False, + 'can_connect_with_desktop_clients': False, + 'role_quota': '', + 'can_publish_repo': False, + }, +``` + +## Edit build-in roles + +If you want to edit the permissions of build-in roles, e.g. default users can invite guest, guest users can view repos in organization, you can add following lines to `seahub_settings.py` with corresponding permissions set to `True`. + +``` +ENABLED_ROLE_PERMISSIONS = { + 'default': { + 'can_add_repo': True, + 'can_add_group': True, + 'can_view_org': True, + 'can_use_global_address_book': True, + 'can_generate_share_link': True, + 'can_generate_upload_link': True, + 'can_invite_guest': True, + 'can_connect_with_android_clients': True, + 'can_connect_with_ios_clients': True, + 'can_connect_with_desktop_clients': True, + 'role_quota': '', + 'can_publish_repo': True, + }, + 'guest': { + 'can_add_repo': False, + 'can_add_group': False, + 'can_view_org': True, + 'can_use_global_address_book': False, + 'can_generate_share_link': False, + 'can_generate_upload_link': False, + 'can_invite_guest': False, + 'can_connect_with_android_clients': False, + 'can_connect_with_ios_clients': False, + 'can_connect_with_desktop_clients': False, + 'role_quota': '', + 'can_publish_repo': False, + } +} +``` + +### More about guest invitation feature + +An user who has `can_invite_guest` permission can invite people outside of the organization as guest. + +In order to use this feature, in addition to granting `can_invite_guest` permission to the user, add the following line to `seahub_settings.py`, + +``` +ENABLE_GUEST_INVITATION = True +``` + +After restarting, users who have `can_invite_guest` permission will see "Invite People" section at sidebar of home page. + +Users can invite a guest user by providing his/her email address, system will email the invite link to the user. + +**Tip:** If you want to block certain email addresses for the invitation, you can define a blacklist, e.g. + +``` +INVITATION_ACCEPTER_BLACKLIST = ["a@a.com", "*@a-a-a.com", r".*@(foo|bar).com", ] +``` + +After that, email address "a@a.com", any email address ends with "@a-a-a.com" and any email address ends with "@foo.com" or "@bar.com" will not be allowed. + + +## Add custom roles + +If you want to add a new role and assign some users with this role, e.g. new role `employee` can invite guest and can create public library and have all other permissions a default user has, you can add following lines to `seahub_settings.py` + +``` +ENABLED_ROLE_PERMISSIONS = { + 'default': { + 'can_add_repo': True, + 'can_add_group': True, + 'can_view_org': True, + 'can_use_global_address_book': True, + 'can_generate_share_link': True, + 'can_generate_upload_link': True, + 'can_invite_guest': False, + 'can_connect_with_android_clients': True, + 'can_connect_with_ios_clients': True, + 'can_connect_with_desktop_clients': True, + 'role_quota': '', + 'can_publish_repo': True, + }, + 'guest': { + 'can_add_repo': False, + 'can_add_group': False, + 'can_view_org': False, + 'can_use_global_address_book': False, + 'can_generate_share_link': False, + 'can_generate_upload_link': False, + 'can_invite_guest': False, + 'can_connect_with_android_clients': False, + 'can_connect_with_ios_clients': False, + 'can_connect_with_desktop_clients': False, + 'role_quota': '', + 'can_publish_repo': False, + }, + 'employee': { + 'can_add_repo': True, + 'can_add_group': True, + 'can_view_org': True, + 'can_use_global_address_book': True, + 'can_generate_share_link': True, + 'can_generate_upload_link': True, + 'can_invite_guest': True, + 'can_connect_with_android_clients': True, + 'can_connect_with_ios_clients': True, + 'can_connect_with_desktop_clients': True, + 'role_quota': '', + 'can_add_public_repo': True, + 'can_publish_repo': True, + }, +} +``` diff --git a/manual/deploy_pro/seaf_encrypt.md b/manual/deploy_pro/seaf_encrypt.md new file mode 100644 index 00000000..60b1800d --- /dev/null +++ b/manual/deploy_pro/seaf_encrypt.md @@ -0,0 +1,91 @@ +# Seafile Storage Encryption Backend + +Since Seafile Professional Server 5.1.3, we support storage enryption backend functionality. When enabled, all seafile objects (commit, fs, block) will be encrypted with AES 256 CBC algorithm, before writing them to the storage backend. Currently supported backends are: file system, Ceph, Swift and S3. + +Note that all objects will be encrypted with the same global key/iv pair. The key/iv pair has to be generated by the system admin and stored safely. If the key/iv pair is lost, all data cannot be recovered. + +## Configure Storage Backend Encryption + +### Generate Key and IV + +Go to /seafile-server-latest, execute `./seaf-gen-key.sh -h`. it will print the following usage information: + +``` +usage : +seaf-gen-key.sh + -p +``` + +By default, the key/iv pair will be saved to a file named seaf-key.txt in the current directory. You can use '-p' option to change the path. + +### Configure a freshly installed Seafile Server + +Add the following configuration to seafile.conf: + +``` +[store_crypt] +key_path = +``` + +Now the encryption feature should be working. + +### Migrating Existing Seafile Server + +If you have existing data in the Seafile server, you have to migrate/encrypt the existing data. **You must stop Seafile server before migrating the data.** + +#### Create Directories for Encrypted Data + +Create new configuration and data directories for the encrypted data. + +``` +cd seafile-server-latest +cp -r conf conf-enc +mkdir seafile-data-enc +cp -r seafile-data/library-template seafile-data-enc +# If you use SQLite database +cp seafile-data/seafile.db seafile-data-enc/ +``` + +#### Edit Config Files + +If you configured S3/Swift/Ceph backend, edit /conf-enc/seafile.conf. You must use a different bucket/container/pool to store the encrypted data. + +Then add the following configuration to /conf-enc/seafile.conf + +``` +[store_crypt] +key_path = +``` + +#### Migrate the Data + +Go to /seafile-server-latest, use the seaf-encrypt.sh script to migrate the data. + +Run `./seaf-encrypt.sh -f ../conf-enc -e ../seafile-data-enc`, + +``` +Starting seaf-encrypt, please wait ... +[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 57 block among 12 repo. +[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 102 fs among 12 repo. +[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all fs. +[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 66 commit among 12 repo. +[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all commit. +[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all block. +seaf-encrypt run done +Done. +``` + +If there are error messages after executing seaf-encrypt.sh, you can fix the problem and run the script again. Objects that have already been migrated will not be copied again. + +#### Clean Up + +Go to , execute following commands: + +``` +mv conf conf-bak +mv seafile-data seafile-data-bak +mv conf-enc conf +mv seafile-data-enc seafile-data +``` + +Restart Seafile Server. If everything works okay, you can remove the backup directories. diff --git a/manual/deploy_pro/seaf_import.md b/manual/deploy_pro/seaf_import.md new file mode 100644 index 00000000..4f0b09d7 --- /dev/null +++ b/manual/deploy_pro/seaf_import.md @@ -0,0 +1,30 @@ +# Import Directory To Seafile + +Since seafile 5.1.3 pro edition, we support importing a local directory on the server to seafile. It's a handy tool for the system admin to import files from existing file servers (NFS, Samba etc.). + +To import a directory, use the `seaf-import.sh` script in seafile-server-latest directory. + +``` +usage : +seaf-import.sh + -p + -n + -u +``` + +The specified directory will be imported into Seafile as a library. You can set the name and owner of the imported library. + +Run `./seaf-import.sh -p -n -u `, + +``` +Starting seaf-import, please wait ... +[04/26/16 03:36:23] seaf-import.c(79): Import file ./runtime/seahub.pid successfully. +[04/26/16 03:36:23] seaf-import.c(79): Import file ./runtime/error.log successfully. +[04/26/16 03:36:23] seaf-import.c(79): Import file ./runtime/seahub.conf successfully. +[04/26/16 03:36:23] seaf-import.c(79): Import file ./runtime/access.log successfully. +[04/26/16 03:36:23] seaf-import.c(183): Import dir ./runtime/ to repo 5ffb1f43 successfully. + run done +Done. +``` + +Login to seafile server with the specified library owner, you will find a new library with the specified name. diff --git a/manual/deploy_pro/seafile-sql.md b/manual/deploy_pro/seafile-sql.md new file mode 100644 index 00000000..7c2a2e7e --- /dev/null +++ b/manual/deploy_pro/seafile-sql.md @@ -0,0 +1,114 @@ +``` +CREATE TABLE IF NOT EXISTS FileLockTimestamp ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + repo_id CHAR(40), + update_time BIGINT NOT NULL, + UNIQUE INDEX(repo_id) +); + +CREATE TABLE IF NOT EXISTS FileLocks ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + repo_id CHAR(40) NOT NULL, + path TEXT NOT NULL, + user_name VARCHAR(255) NOT NULL, + lock_time BIGINT, + expire BIGINT, + KEY(repo_id) +) ENGINE=INNODB; + +CREATE TABLE IF NOT EXISTS FolderGroupPerm ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + repo_id CHAR(36) NOT NULL, + path TEXT NOT NULL, + permission CHAR(15), + group_id INTEGER NOT NULL, + INDEX(repo_id) +) ENGINE=INNODB; + +CREATE TABLE IF NOT EXISTS FolderPermTimestamp ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + repo_id CHAR(36), + timestamp BIGINT, + UNIQUE INDEX(repo_id) +) ENGINE=INNODB; + +CREATE TABLE IF NOT EXISTS FolderUserPerm ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + repo_id CHAR(36) NOT NULL, + path TEXT NOT NULL, + permission CHAR(15), + user VARCHAR(255) NOT NULL, + INDEX(repo_id) +) ENGINE=INNODB; + +CREATE TABLE IF NOT EXISTS GCID ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + repo_id CHAR(36), + gc_id CHAR(36), + UNIQUE INDEX(repo_id) +) ENGINE=INNODB; + +CREATE TABLE IF NOT EXISTS LastGCID ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + repo_id CHAR(36), + client_id VARCHAR(128), + gc_id CHAR(36), + UNIQUE INDEX(repo_id, client_id) +) ENGINE=INNODB; + +CREATE TABLE IF NOT EXISTS OrgGroupRepo ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + org_id INTEGER, + repo_id CHAR(37), + group_id INTEGER, + owner VARCHAR(255), + permission CHAR(15), + UNIQUE INDEX(org_id, group_id, repo_id), + INDEX (repo_id), INDEX (owner) +) ENGINE=INNODB; + +CREATE TABLE IF NOT EXISTS OrgInnerPubRepo ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + org_id INTEGER, + repo_id CHAR(37), + UNIQUE INDEX(org_id, repo_id), + permission CHAR(15) +) ENGINE=INNODB; + +CREATE TABLE IF NOT EXISTS OrgRepo ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + org_id INTEGER, + repo_id CHAR(37), + user VARCHAR(255), + UNIQUE INDEX(org_id, repo_id), + UNIQUE INDEX (repo_id), + INDEX (org_id, user), + INDEX(user) +) ENGINE=INNODB; + +CREATE TABLE IF NOT EXISTS OrgSharedRepo ( + id INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT, + org_id INT, + repo_id CHAR(37) , + from_email VARCHAR(255), + to_email VARCHAR(255), + permission CHAR(15), + INDEX(repo_id), + INDEX (org_id, repo_id), + INDEX(from_email), INDEX(to_email) +) ENGINE=INNODB; + +CREATE TABLE IF NOT EXISTS RepoStorageId ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + repo_id CHAR(40) NOT NULL, + storage_id VARCHAR(255) NOT NULL, + UNIQUE INDEX(repo_id) +) ENGINE=INNODB; + +CREATE TABLE IF NOT EXISTS RoleQuota ( + id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT, + role VARCHAR(255), + quota BIGINT, + UNIQUE INDEX(role) +) ENGINE=INNODB; +``` \ No newline at end of file diff --git a/manual/deploy_pro/seafile_professional_sdition_software_license_agreement.md b/manual/deploy_pro/seafile_professional_sdition_software_license_agreement.md new file mode 100644 index 00000000..b9a8e45f --- /dev/null +++ b/manual/deploy_pro/seafile_professional_sdition_software_license_agreement.md @@ -0,0 +1,54 @@ +# Seafile Professional Edition Software License Agreement + +Seafile Professional Edition +SOFTWARE LICENSE AGREEMENT + +NOTICE: READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY BEFORE YOU DOWNLOAD, INSTALL OR USE Seafile Ltd.'S PROPRIETARY SOFTWARE. BY INSTALLING OR USING THE SOFTWARE, YOU AGREE TO BE BOUND BY THE FOLLOWING TERMS AND CONDITIONS. IF YOU DO NOT AGREE TO THE FOLLOWING TERMS AND CONDITIONS, DO NOT INSTALL OR USE THE SOFTWARE. + +## 1. DEFINITIONS + +"Seafile Ltd." means Seafile Ltd. + +"You and Your" means the party licensing the Software hereunder. + +"Software" means the computer programs provided under the terms of this license by Seafile Ltd. together with any documentation provided therewith. + +## 2. GRANT OF RIGHTS + +### 2.1 General +The License granted for Software under this Agreement authorizes You on a non-exclusive basis to use the Software. The Software is licensed, not sold to You and Seafile Ltd. reserves all rights not expressly granted to You in this Agreement. The License is personal to You and may not be assigned by You to any third party. + +### 2.2 License Provisions +Subject to the receipt by Seafile Ltd. of the applicable license fees, You have the right use the Software as follows: + +* You may use and install the Software on an unlimited number of computers that are owned, leased, or controlled by you. +* Nothing in this Agreement shall permit you, or any third party to disclose or otherwise make available to any third party the licensed Software, source code or any portion thereof. +* You agree to indemnify, hold harmless and defend Seafile Ltd. from and against any claims or lawsuits, including attorney's fees, that arise as a result from the use of the Software; +* You do not permit further redistribution of the Software by Your end-user customers + +## 3. NO DERIVATIVE WORKS +The inclusion of source code with the License is explicitly not for your use to customize a solution or re-use in your own projects or products. The benefit of including the source code is for purposes of security auditing. You may modify the code only for emergency bug fixes that impact security or performance and only for use within your enterprise. You may not create or distribute derivative works based on the Software or any part thereof. If you need enhancements to the software features, you should suggest them to Seafile Ltd. for version improvements. + +## 4. OWNERSHIP +You acknowledge that all copies of the Software in any form are the sole property of Seafile Ltd.. You have no right, title or interest to any such Software or copies thereof except as provided in this Agreement. + +## 5. CONFIDENTIALITY +You hereby acknowledge and agreed that the Software constitute and contain valuable proprietary products and trade secrets of Seafile Ltd., embodying substantial creative efforts and confidential information, ideas, and expressions. You agree to treat, and take precautions to ensure that your employees and other third parties treat, the Software as confidential in accordance with the confidentiality requirements herein. + +## 6. DISCLAIMER OF WARRANTIES +EXCEPT AS OTHERWISE SET FORTH IN THIS AGREEMENT THE SOFTWARE IS PROVIDED TO YOU "AS IS", AND Seafile Ltd. MAKES NO EXPRESS OR IMPLIED WARRANTIES WITH RESPECT TO ITS FUNCTIONALITY, CONDITION, PERFORMANCE, OPERABILITY OR USE. WITHOUT LIMITING THE FOREGOING, Seafile Ltd. DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR FREEDOM FROM INFRINGEMENT. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. THE LIMITED WARRANTY HEREIN GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM ONE JURISDICTION TO ANOTHER. + +## 7. LIMITATION OF LIABILITY +YOU ACKNOWLEDGE AND AGREE THAT THE CONSIDERATION WHICH Seafile Ltd. IS CHARGING HEREUNDER DOES NOT INCLUDE ANY CONSIDERATION FOR ASSUMPTION BY Seafile Ltd. OF THE RISK OF YOUR CONSEQUENTIAL OR INCIDENTAL DAMAGES WHICH MAY ARISE IN CONNECTION WITH YOUR USE OF THE SOFTWARE. ACCORDINGLY, YOU AGREE THAT Seafile Ltd. SHALL NOT BE RESPONSIBLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS-OF-PROFIT, LOST SAVINGS, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF A LICENSING OR USE OF THE SOFTWARE. + +## 8. INDEMNIFICATION +You agree to defend, indemnify and hold Seafile Ltd. and its employees, agents, representatives and assigns harmless from and against any claims, proceedings, damages, injuries, liabilities, costs, attorney's fees relating to or arising out of Your use of the Software or any breach of this Agreement. + +## 9. TERMINATION +Your license is effective until terminated. You may terminate it at any time by destroying the Software or returning all copies of the Software to Seafile Ltd.. Your license will terminate immediately without notice if You breach any of the terms and conditions of this Agreement, including non or incomplete payment of the license fee. Upon termination of this Agreement for any reason: You will uninstall all copies of the Software; You will immediately cease and desist all use of the Software; and will destroy all copies of the software in your possession. + +## 10. UPDATES AND SUPPORT +Seafile Ltd. has the right, but no obligation, to periodically update the Software, at its complete discretion, without the consent or obligation to You or any licensee or user. + + +YOU HEREBY ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, UNDERSTAND IT AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS. diff --git a/manual/deploy_pro/setup_seafile_cluster_with_nfs.md b/manual/deploy_pro/setup_seafile_cluster_with_nfs.md new file mode 100644 index 00000000..fe350883 --- /dev/null +++ b/manual/deploy_pro/setup_seafile_cluster_with_nfs.md @@ -0,0 +1,27 @@ +# Setup Seafile cluster with NFS + +In a Seafile cluster, one common way to share data among the Seafile server instances is to use NFS. You should only share the files objects on NFS. Here we'll provide a tutorial about how and what to share. + +How to setup nfs server and client is beyond the scope of this wiki. Here are few references: + +* Ubuntu: https://help.ubuntu.com/community/SettingUpNFSHowTo +* CentOS: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-nfs.html + +Supposed your seafile server installation directory is `/data/haiwen`, after you run the setup script there should be a `seafile-data` directory in it. And supposed you mount the NFS drive on `/seafile-nfs`, you should follow a few steps: + +* Move the `seafile-data` folder to `/seafile-nfs`: + +``` +mv /data/haiwen/seafile-data /seafile-nfs/ +``` + + +* On every node in the cluster, make a symbolic link to the shared seafile-data folder + +``` +cd /data/haiwen +ln -s /seafile-nfs/seafile-data /data/haiwen/seafile-data +``` + + +This way the instances will share the same `seafile-data` folder. All other config files and log files will remain independent. diff --git a/manual/deploy_pro/setup_with_amazon_s3.md b/manual/deploy_pro/setup_with_amazon_s3.md new file mode 100644 index 00000000..5296da52 --- /dev/null +++ b/manual/deploy_pro/setup_with_amazon_s3.md @@ -0,0 +1,160 @@ +# Setup With Amazon S3 + +**Note**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md). + +## Prepare + +To setup Seafile Professional Server with Amazon S3: + +- Setup the basic Seafile Professional Server following the guide on [Download and setup Seafile Professional Server](download_and_setup_seafile_professional_server.md) +- Install the python `boto` library. It's needed to access S3 service. +``` +sudo easy_install boto +``` +- Install and configure memcached. For best performance, Seafile requires install memcached and enable memcache for objects. We recommend to allocate 128MB memory for memcached. Edit /etc/memcached.conf + +``` +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +# -m 64 +-m 128 +``` + +## Modify Seafile.conf + +Edit `seafile.conf`, add the following lines: + +``` +[commit_object_backend] +name = s3 +# bucket name can only use lowercase characters, numbers, periods and dashes. Period cannot be used in Frankfurt region. +bucket = my-commit-objects +key_id = your-key-id +key = your-secret-key +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[fs_object_backend] +name = s3 +# bucket name can only use lowercase characters, numbers, periods and dashes. Period cannot be used in Frankfurt region. +bucket = my-fs-objects +key_id = your-key-id +key = your-secret-key +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[block_backend] +name = s3 +# bucket name can only use lowercase characters, numbers, periods and dashes. Period cannot be used in Frankfurt region. +bucket = my-block-objects +key_id = your-key-id +key = your-secret-key +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 +``` + +It's recommended to create separate buckets for commit, fs, and block objects. +The key_id and key are required to authenticate you to S3. You can find the key_id and key in the "security credentials" section on your AWS account page. + +When creating your buckets on S3, please first read [S3 bucket naming rules][1]. Note especially not to use **UPPERCASE** letters in bucket names (don't use camel style names, such as MyCommitOjbects). + +### Use S3 in newer regions + +After Januaray 2014, new regions of AWS will only support authentication signature version 4 for S3. At this time, new region includes Frankfurt and China. + +To use S3 backend in these regions, add following options to commit_object_backend, fs_object_backend and block_backend section in seafile.conf + +``` +use_v4_signature = true +# eu-central-1 for Frankfurt region +aws_region = eu-central-1 +``` + +For file search and webdav to work with the v4 signature mechanism, you need to add following lines to ~/.boto + +``` +[s3] +use-sigv4 = True +``` + +### Using memcached cluster + +In a cluster environment, you may want to use a memcached cluster. In the above configuration, you have to specify all the memcached server node addresses in seafile.conf + +``` +memcached_options = --SERVER=192.168.1.134 --SERVER=192.168.1.135 --SERVER=192.168.1.136 --POOL-MIN=10 --POOL-MAX=100 --RETRY-TIMEOUT=3600 +``` + +Notice that there is a `--RETRY-TIMEOUT=3600` option in the above config. This option is important for dealing with memcached server failures. After a memcached server in the cluster fails, Seafile server will stop trying to use it for "RETRY-TIMEOUT" (in seconds). You should set this timeout to relatively long time, to prevent Seafile from retrying the failed server frequently, which may lead to frequent request errors for the clients. + +### Use HTTPS connections to S3 + +Since Pro 5.0.4, you can use HTTPS connections to S3. Add the following options to seafile.conf: + +``` +[commit_object_backend] +name = s3 +...... +use_https = true + +[fs_object_backend] +name = s3 +...... +use_https = true + +[block_backend] +name = s3 +...... +use_https = true +``` + +Because the server package is built on CentOS 6, if you're using Debian/Ubuntu, you have to copy the system CA bundle to CentOS's CA bundle path. Otherwise Seafile can't find the CA bundle so that the SSL connection will fail. + +``` +sudo mkdir -p /etc/pki/tls/certs +sudo cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt +sudo ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/cert.pem +``` + +Another important note is that you **must not use '.' in your bucket names**. Otherwise the wildcard certificate for AWS S3 cannot be resolved. This is a limitation on AWS. + +## Use S3-compatible Object Storage + +Many object storage systems are now compatible with the S3 API, such as OpenStack Swift and Ceph's RADOS Gateway. You can use these S3-compatible storage systems as backend for Seafile. Here is an example config: + +``` +[commit_object_backend] +name = s3 +bucket = my-commit-objects +key_id = your-key-id +key = your-secret-key +host = 192.168.1.123:8080 +path_style_request = true +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[fs_object_backend] +name = s3 +bucket = my-fs-objects +key_id = your-key-id +key = your-secret-key +host = 192.168.1.123:8080 +path_style_request = true +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[block_backend] +name = s3 +bucket = my-block-objects +key_id = your-key-id +key = your-secret-key +host = 192.168.1.123:8080 +path_style_request = true +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 +``` + +`host` is the address and port of the S3-compatible service. You cannot prepend "http" or "https" to the `host` option. By default it'll use http connections. If you want to use https connection, please set `use_https = true` option. + +`path_style_request` asks Seafile to use URLs like `https://192.168.1.123:8080/bucketname/object` to access objects. In Amazon S3, the default URL format is in virtual host style, such as `https://bucketname.s3.amazonaws.com/object`. But this style relies on advanced DNS server setup. So most S3-compatible storage systems only implement the path style format. + +## Run and Test ## + +Now you can start Seafile by `./seafile.sh start` and `./seahub.sh start` and visit the website. + + [1]: http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html "the bucket naming rules" diff --git a/manual/deploy_pro/setup_with_ceph.md b/manual/deploy_pro/setup_with_ceph.md new file mode 100644 index 00000000..cd523de7 --- /dev/null +++ b/manual/deploy_pro/setup_with_ceph.md @@ -0,0 +1,166 @@ +# Setup With Ceph + +**Note**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md). + +Ceph is a scalable distributed storage system. It's recommended to use Ceph's S3 Gateway (RGW) to integarte with Seafile. Seafile can also use Ceph's RADOS object storage layer for storage backend. But using RADOS requires to link with librados library, which may introduce library incompatibility issues during deployment. Furthermore the S3 Gateway provides easier to manage HTTP based interface. If you want to integrate with S3 gateway, please refer to "Use S3-compatible Object Storage" section in [this documentation](./setup_with_amazon_s3.md). The documentation below is for integrating with RADOS. + +## Copy ceph conf file and client keyring + +Seafile acts as a client to Ceph/RADOS, so it needs to access ceph cluster's conf file and keyring. You have to copy these files from a ceph admin node's /etc/ceph directory to the seafile machine. + +``` +seafile-machine# sudo scp user@ceph-admin-node:/etc/ceph/ /etc + +``` + +## Install and enable memcached + +For best performance, Seafile requires install memcached and enable memcache for objects. + +We recommend to allocate 128MB memory for memcached. Edit /etc/memcached.conf + +``` +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +# -m 64 +-m 128 + +``` + +## Install Python Ceph Library + +File search and WebDAV functions rely on Python Ceph library installed in the system. + +On Debian/Ubuntu (Seafile 7.1+): + +``` +sudo apt-get install python3-rados + +``` + +On Debian/Ubuntu (Seafile 7.0 or below): + +``` +sudo apt-get install python-ceph + +``` + +On RedHat/CentOS (Seafile 7.0 or below): + +``` +sudo yum install python-rados + +``` + +## Edit seafile configuration + +Edit `seafile.conf`, add the following lines: + +``` +[block_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +pool = seafile-blocks +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[commit_object_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +pool = seafile-commits +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[fs_object_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +pool = seafile-fs +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +``` + +It's recommended to create separate pools for commit, fs, and block objects. + +``` +ceph-admin-node# rados mkpool seafile-blocks +ceph-admin-node# rados mkpool seafile-commits +ceph-admin-node# rados mkpool seafile-fs + +``` + +### Using memcached cluster + +In a cluster environment, you may want to use a memcached cluster. In the above configuration, you have to specify all the memcached server node addresses in seafile.conf + +``` +memcached_options = --SERVER=192.168.1.134 --SERVER=192.168.1.135 --SERVER=192.168.1.136 --POOL-MIN=10 --POOL-MAX=100 --RETRY-TIMEOUT=3600 + +``` + +Notice that there is a `--RETRY-TIMEOUT=3600` option in the above config. This option is important for dealing with memcached server failures. After a memcached server in the cluster fails, Seafile server will stop trying to use it for "RETRY-TIMEOUT" (in seconds). You should set this timeout to relatively long time, to prevent Seafile from retrying the failed server frequently, which may lead to frequent request errors for the clients. + +## Notes for Ubuntu 16.04 and 18.04 + +Since version 5.1.0 version, we upgraded the bundled Ceph rados library to 0.94.6. On Ubuntu 16.04, this causes some incompatibility. To work around this issue, you have to install librados 0.94.6 in the Ubuntu system (from Ceph's official repositories) and let Seafile use the library from system. + +As of version 7.1.0, the librados we packaged into the bundle is older than the one provided in system repositories. This leads to incompatibility with the python-rados package on **Ubuntu 18.04**. So it's also needed to remove the bundle librados libraries. + +To do this, you have to remove a few bundled libraries: + +``` +cd seafile-server-latest/seafile/lib +rm librados.so.2 libstdc++.so.6 libnspr4.so + +``` + +## Use arbitary Ceph user + +The above configuration will use the default (client.admin) user to connect to Ceph. +You may want to use some other Ceph user to connect. This is supported in Seafile. +To specify the Ceph user, you have to add a `ceph_client_id` option to seafile.conf, as the following: + +``` +[block_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +# Sepcify Ceph user for Seafile here +ceph_client_id = seafile +pool = seafile-blocks +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[commit_object_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +# Sepcify Ceph user for Seafile here +ceph_client_id = seafile +pool = seafile-commits +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[fs_object_backend] +name = ceph +ceph_config = /etc/ceph/ceph.conf +# Sepcify Ceph user for Seafile here +ceph_client_id = seafile +pool = seafile-fs +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +``` + +You can create a ceph user for seafile on your ceph cluster like this: + +``` +ceph auth add client.seafile \ + mds 'allow' \ + mon 'allow r' \ + osd 'allow rwx pool=seafile-blocks, allow rwx pool=seafile-commits, allow rwx pool=seafile-fs' + +``` + +You also have to add this user's keyring path to /etc/ceph/ceph.conf: + +``` +[client.seafile] +keyring = + +``` + + diff --git a/manual/deploy_pro/setup_with_openstackswift.md b/manual/deploy_pro/setup_with_openstackswift.md new file mode 100644 index 00000000..5dddae28 --- /dev/null +++ b/manual/deploy_pro/setup_with_openstackswift.md @@ -0,0 +1,163 @@ +# Setup With OpenStackSwift + +**Note**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md). + +Note: This documentation is obsolete. Please refer to [the new documentation about how to use Swift](setup_with_swift.md). + +Starting from professional server 2.0.5, Seafile can use S3-compatible cloud storage (such as OpenStack/Swift) as backend. This document will use Swift as example. + +## Seafile Server Preparation + +To setup Seafile Professional Server with OpenStack Swift: + +- Setup the basic Seafile Professional Server following the guide on [Download and Setup Seafile Professional Server](download_and_setup_seafile_professional_server.md) +- Install the python `boto` library. It's needed to access Swift. +``` +sudo easy_install boto +``` + +For best performance, Seafile requires install memcached and enable memcache for objects. + +We recommend to allocate 128MB memory for memcached. Edit /etc/memcached.conf + +``` +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +# -m 64 +-m 128 +``` + +## Swift Preparation + +In a production environment, you'll configure Swift with S3 middleware and use Keystone for authentication. The following instructions assumes you've already setup Swift with Keystone authentication. We'll focus on the change you need to make Swift work with S3 middleware. + +### Install Swift3 + +This middleware implements S3 API for Swift. + +``` +git clone https://github.com/fujita/swift3.git +cd swift3 +sudo python setup.py install +``` + +### Install keystonmiddleware + +This middleware contains the `s3token` filter for authentication between S3 API and Keystone. If you've configured Swift to work with Keystone, you should have this middleware installed already. + +``` +git clone https://github.com/openstack/keystonemiddleware.git +cd keystonmiddleware +sudo pip install -r requirements.txt +sudo python setup.py install +``` + +### Modify proxy-server.conf for Swift + +On Ubuntu, the config file is `/etc/swift/proxy-server.conf`. + +First check whether you've replaced `tempauth` with `authtoken keystoneauth` in the main pipeline. This should have been done if you configured Swift to work with Keystone. + +Add `swift3 s3token` to `[pipeline:main]`: + +``` +[pipeline:main] +pipeline = [...] swift3 s3token authtoken keystoneauth proxy-server +``` + +Add filters: + +``` +[filter:swift3] +use = egg:swift3#swift3 + +[filter:s3token] +paste.filter_factory = keystonemiddleware.s3_token:filter_factory +auth_port = 35357 +auth_host = [keystone-ip] +auth_protocol = http +``` + +### Restart Swift + +``` +swift-init proxy restart +``` + +### Accessing Swift via S3 API + +To access it via S3 API, you'll need AWS-like access key id and secret access key. Generate it with the following command for your specific tenant and user (You should change the tenant-id and user-id): + +``` +keystone ec2-credentials-create --tenant-id=d6fdc8460c7b46d0ad24aa23667b85c3 --user-id=b66742a744eb4fc98abd945781bf969d +``` + +After successfully setup S3 middleware, you should be able to access it with any S3 clients. The next thing you need to do is to create buckets for Seafile. With Python boto library you can do as follows (replace `key_id` and `secret_key` with your own): + +``` +import boto +import boto.s3.connection + +connection = boto.connect_s3( + aws_access_key_id='', + aws_secret_access_key='', + port=8080, + host='swift-proxy-server-address', + is_secure=False, + calling_format=boto.s3.connection.OrdinaryCallingFormat()) +connection.create_bucket('seafile-commits') +connection.create_bucket('seafile-fs') +connection.create_bucket('seafile-blocks') +``` + +Each S3 bucket maps to a container in Swift. So you can use native Swift command line to check the containers. For example: + +``` +swift -V 2 -A http://[keystone_ip]:5000/v2.0 -U [tenant]:[user] -K [pas] list +``` + +## Modify seafile.conf + +Append the following lines to `seafile.conf` (replace `key_id` and `secret_key` with your own) + +``` +[block_backend] +name = s3 +bucket = seafile-blocks +key_id = +key = +host = :8080 +path_style_request = true +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[commit_object_backend] +name = s3 +bucket = seafile-commits +key_id = +key = +host = :8080 +path_style_request = true +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 + +[fs_object_backend] +name = s3 +bucket = seafile-fs +key_id = +key = +host = :8080 +path_style_request = true +memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100 +``` + +### Using memcached cluster + +In a cluster environment, you may want to use a memcached cluster. In the above configuration, you have to specify all the memcached server node addresses in seafile.conf + +``` +memcached_options = --SERVER=192.168.1.134 --SERVER=192.168.1.135 --SERVER=192.168.1.136 --POOL-MIN=10 --POOL-MAX=100 +``` + +## Run and Test ## + +Now you can start Seafile by `./seafile.sh start` and `./seahub.sh start` and visit the website. diff --git a/manual/deploy_pro/setup_with_swift.md b/manual/deploy_pro/setup_with_swift.md new file mode 100644 index 00000000..b3f12db6 --- /dev/null +++ b/manual/deploy_pro/setup_with_swift.md @@ -0,0 +1,105 @@ +# Setup With OpenStack Swift + +Seafile supports OpenStack Swift as storage backend since 5.1.0. This backend uses the native Swift API. Previously users can only use the S3-compatibility layer of Swift. That way is obsolete now. The old documentation is still available [here](setup_with_openstackswift.md). + +Since version 6.3, OpenStack Swift v3.0 API is supported. + +## Prepare + +To setup Seafile Professional Server with Swift: + +* Setup the basic Seafile Professional Server following the guide on [Download and setup Seafile Professional Server](download_and_setup_seafile_professional_server.md) +* Install and configure memcached. For best performance, Seafile requires install memcached and enable memcache for objects. We recommend to allocate 128MB memory for memcached. Edit /etc/memcached.conf + + +``` +# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default +# Note that the daemon will grow to this size, but does not start out holding this much +# memory +# -m 64 +-m 128 + +``` + +## Modify Seafile.conf + +Edit `seafile.conf`, add the following lines: + +``` +[block_backend] +name = swift +tenant = yourTenant +user_name = user +password = secret +container = seafile-blocks +auth_host = 192.168.56.31:5000 +auth_ver = v3.0 +region = yourRegion +memcached_options = --SERVER=192.168.1.134:11211 --POOL-MIN=10 --POOL-MAX=100 + +[commit_object_backend] +name = swift +tenant = yourTenant +user_name = user +password = secret +container = seafile-commits +auth_host = 192.168.56.31:5000 +auth_ver = v3.0 +region = yourRegion +memcached_options = --SERVER=192.168.1.134:11211 --POOL-MIN=10 --POOL-MAX=100 + +[fs_object_backend] +name = swift +tenant = yourTenant +user_name = user +password = secret +container = seafile-fs +auth_host = 192.168.56.31:5000 +auth_ver = v3.0 +region = yourRegion +memcached_options = --SERVER=192.168.1.134:11211 --POOL-MIN=10 --POOL-MAX=100 + +``` + +The above config is just an example. You should replace the options according to your own environment. + +Seafile supports Swift with Keystone as authentication mechanism. The `auth_host` option is the address and port of Keystone service.The `region` option is used to select publicURL,if you don't configure it, use the first publicURL in returning authenticated information. + +Seafile also supports Tempauth and Swauth since professional edition 6.2.1. The `auth_ver` option should be set to `v1.0`, `tenant` and `region` are no longer needed. + +It's recommended to create separate containers for commit, fs, and block objects. + +### Use HTTPS connections to Swift + +Since Pro 5.0.4, you can use HTTPS connections to Swift. Add the following options to seafile.conf: + +``` +[commit_object_backend] +name = swift +...... +use_https = true + +[fs_object_backend] +name = swift +...... +use_https = true + +[block_backend] +name = swift +...... +use_https = true + +``` + +Because the server package is built on CentOS 6, if you're using Debian/Ubuntu, you have to copy the system CA bundle to CentOS's CA bundle path. Otherwise Seafile can't find the CA bundle so that the SSL connection will fail. + +``` +sudo mkdir -p /etc/pki/tls/certs +sudo cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt +sudo ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/cert.pem + +``` + +## Run and Test + +Now you can start Seafile by `./seafile.sh start` and `./seahub.sh start` and visit the website. diff --git a/manual/deploy_pro/terms_and_conditions.md b/manual/deploy_pro/terms_and_conditions.md new file mode 100644 index 00000000..bcfc65b1 --- /dev/null +++ b/manual/deploy_pro/terms_and_conditions.md @@ -0,0 +1,10 @@ +# Terms and Conditions + +Starting from version 6.0, system admin can add T&C at admin panel, all users need to accept that before using the site. + +In order to use this feature, please add following line to `seahub_settings.py`, +``` +ENABLE_TERMS_AND_CONDITIONS = True +``` + +After restarting, there will be "Terms and Conditions" section at sidebar of admin panel. diff --git a/manual/deploy_pro/two_factor_authentication.md b/manual/deploy_pro/two_factor_authentication.md new file mode 100644 index 00000000..fce85bac --- /dev/null +++ b/manual/deploy_pro/two_factor_authentication.md @@ -0,0 +1,41 @@ +# Two-Factor Authentication + +Starting from version 6.0, we added Two-Factor Authentication to enhance account security. + +There are two ways to enable this feature: + +* System admin can tick the check-box at the "Password" section of the system settings page, or + +* just add `ENABLE_TWO_FACTOR_AUTH = True` to `seahub_settings.py` and restart service. + +After that, there will be a "Two-Factor Authentication" section in the user profile page. + +Users can use the Google Authenticator app on their smart-phone to scan the QR code. + + +## Twilio intergration + +We also support text message methods by using the Twilio service. + +First you need to install the Twilio python library by + +``` +sudo pip install twilio==5.7.0 +``` + +After that, append the following lines to `seahub_settings.py`, + +``` +TWO_FACTOR_SMS_GATEWAY = 'seahub.two_factor.gateways.twilio.gateway.Twilio' +TWILIO_ACCOUNT_SID = '' +TWILIO_AUTH_TOKEN = '' +TWILIO_CALLER_ID = '' +EXTRA_MIDDLEWARE_CLASSES = ( + 'seahub.two_factor.gateways.twilio.middleware.ThreadLocals', +) +``` + +**Note**: if you have already defined `EXTRA_MIDDLEWARE_CLASSES`, please replace `EXTRA_MIDDLEWARE_CLASSES = (` with `EXTRA_MIDDLEWARE_CLASSES += (` + + +After restarting, there will be a "text message" method when users enable Two-Factor Authentication for their account. diff --git a/manual/deploy_pro/upgrade_a_cluster.md b/manual/deploy_pro/upgrade_a_cluster.md new file mode 100644 index 00000000..d17b647a --- /dev/null +++ b/manual/deploy_pro/upgrade_a_cluster.md @@ -0,0 +1,204 @@ +# Upgrade a Seafile cluster + +## Major and minor version upgrade + +Seafile adds new features in major and minor versions. It is likely that some database tables need to be modified or the search index need to be updated. In general, upgrading a cluster contains the following steps: + +1. Upgrade the database +2. Update symbolic link at frontend and backend nodes to point to the newest version +3. Update configuration files at each node +4. Update search index in the backend node + +In general, to upgrade a cluster, you need: + +1. Run the upgrade script (for example, ./upgrade/upgrade_4_0_4_1.sh) in one frontend node +2. Run the minor upgrade script (./upgrade/minor_upgrade.sh) in all other nodes to update symbolic link +3. Update configuration files at each node according to the documentation for each version +4. Delete old search index in the backend node if needed + +## Maintanence upgrade + +Doing maintanence upgrading is simple, you only need to run the script `./upgrade/minor_upgrade.sh` at each node to update the symbolic link. + +## Specific instructions for each version + +### From 7.0 to 7.1 + +In the background node, Seahub no longer need to be started. Nginx is not needed too. + +The way of how office converter work is changed. The Seahub in front end nodes directly access a service in background node. + +#### For front-end nodes + +**seahub_settings.py** + +``` +OFFICE_CONVERTOR_ROOT = 'http://' +⬇️ +OFFICE_CONVERTOR_ROOT = 'http://:6000' + +``` + +**seafevents.conf** + +``` +[OFFICE CONVERTER] +enabled = true +workers = 1 +max-size = 10 + +⬇️ +[OFFICE CONVERTER] +enabled = true +workers = 1 +max-size = 10 +host = +port = 6000 + +``` + +#### For backend node + +**seahub_settings.py is not needed. **But you can leave it unchanged. + +**seafevents.conf** + +``` +[OFFICE CONVERTER] +enabled = true +workers = 1 +max-size = 10 + +⬇️ +[OFFICE CONVERTER] +enabled = true +workers = 1 +max-size = 10 +host = +port = 6000 + +``` + +### From 6.3 to 7.0 + +No special upgrade operations. + +### From 6.2 to 6.3 + +In version 6.2.11, the included Django was upgraded. The memcached configuration needed to be upgraded if you were using a cluster. If you upgrade from a version below 6.1.11, don't forget to change your memcache configuration. If the configuration in your `seahub_settings.py` is: + +``` +CACHES = { + 'default': { + 'BACKEND': 'django_pylibmc.memcached.PyLibMCCache', + 'LOCATION': ':11211', + } +} + +COMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache' + +``` + +Now you need to change to: + +``` +CACHES = { + 'default': { + 'BACKEND': 'django_pylibmc.memcached.PyLibMCCache', + 'LOCATION': ':11211', + }, + 'locmem': { + 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', + }, +} +COMPRESS_CACHE_BACKEND = 'locmem' + +``` + +### From 6.1 to 6.2 + +No special upgrade operations. + +### From 6.0 to 6.1 + +In version 6.1, we upgraded the included ElasticSearch server. The old server listen on port 9500, new server listen on port 9200. Please change your firewall settings. + +### From 5.1 to 6.0 + +In version 6.0, the folder download mechanism has been updated. This requires that, in a cluster deployment, seafile-data/httptemp folder must be in an NFS share. You can make this folder a symlink to the NFS share. + +``` +cd /data/haiwen/ +ln -s /nfs-share/seafile-httptemp seafile-data/httptemp + +``` + +The httptemp folder only contains temp files for downloading/uploading file on web UI. So there is no reliability requirement for the NFS share. You can export it from any node in the cluster. + +### From v5.0 to v5.1 + +Because Django is upgraded to 1.8, the COMPRESS_CACHE_BACKEND should be changed + +``` + - COMPRESS_CACHE_BACKEND = 'locmem://' + + COMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache' + +``` + +### From v4.4 to v5.0 + +v5.0 introduces some database schema change, and all configuration files (ccnet.conf, seafile.conf, seafevents.conf, seahub_settings.py) are moved to a central config directory. + +Perform the following steps to upgrade: + +* Run the upgrade script at one fronend node to upgrade the database. + + +``` +./upgrade/upgrade_4.4_5.0.sh + +``` + +* Then, on all other frontend nodes and the background node, run the upgrade script with `SEAFILE_SKIP_DB_UPGRADE` environmental variable turned on: + + +``` +SEAFILE_SKIP_DB_UPGRADE=1 ./upgrade/upgrade_4.4_5.0.sh + +``` + +After the upgrade, you should see the configuration files has been moved to the conf/ folder. + +``` +conf/ + |__ ccnet.conf + |__ seafile.conf + |__ seafevent.conf + |__ seafdav.conf + |__ seahub_settings.conf + +``` + +### From v4.3 to v4.4 + +There are no database and search index upgrade from v4.3 to v4.4. Perform the following steps to upgrade: + +1. Run the minor upgrade script at frontend and backend nodes + +### From v4.2 to v4.3 + +v4.3 contains no database table change from v4.2. But the old search index will be deleted and regenerated. + +A new option COMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache' should be added to seahub_settings.py + +The secret key in seahub_settings.py need to be regenerated, the old secret key lack enough randomness. + +Perform the following steps to upgrade: + +1. Run the upgrade script at one fronend node to modify the seahub_settings.py +2. Modify seahub_settings.py at each node, replacing the old secret key with the new one and add option COMPRESS_CACHE_BACKEND +3. Run the minor upgrade script at frontend and backend nodes +4. Delete the old search index (the folder pro-data/search) at the backend node +5. Delete the old office preview output folder (/tmp/seafile-office-output) at the backend node + + diff --git a/manual/deploy_pro/upgrading_seafile_professional_server.md b/manual/deploy_pro/upgrading_seafile_professional_server.md new file mode 100644 index 00000000..36bb6c97 --- /dev/null +++ b/manual/deploy_pro/upgrading_seafile_professional_server.md @@ -0,0 +1,3 @@ +# Upgrading Seafile Professional Server + +Upgrading Seafile Professional Server works like [upgrading a Seafile Community Server](../deploy/upgrade.md) diff --git a/manual/deploy_pro/using_ldap_pro.md b/manual/deploy_pro/using_ldap_pro.md new file mode 100644 index 00000000..0d32cbb2 --- /dev/null +++ b/manual/deploy_pro/using_ldap_pro.md @@ -0,0 +1,355 @@ +# Configure Seafile Pro Edition to use LDAP + +## How does LDAP User Management works with Seafile + +When Seafile is integrated with LDAP/AD, users in the system can be divided into two tiers: + +* Users within Seafile's internal user database. Some attributes are attached to these users, such as whether it's a system admin user, whether it's activated. This tier includes two types of users: + * Native users: these users are created by the admin on Seafile's system admin interface and are stored in the `EmailUser` table of the `ccnet` database. + * Users imported from LDAP/AD server: When a user in LDAP/AD logs into Seafile, its information will be imported from LDAP/AD server into Seafile's database. These users are stored in the `LDAPUsers` table of the `ccnet` database. +* Users in LDAP/AD server. These are all the intended users of Seafile inside the LDAP server. Seafile doesn't manipulate these users directly. It has to import them into its internal database before setting attributes on them. + +When Seafile counts the user number in the system, it only counts the **activated** users in its internal database. + +When Seafile is integrated with LDAP/AD, it'll look up users from both the internal database and LDAP server. As long as the user exists in one of these two sources, he/she can log into the system. + +## Basic LDAP/AD Integration + +The only requirement for Seafile to use LDAP/AD for authentication is that there must be a unique identifier for each user in the LDAP/AD server. Seafile can only use email-address-format user identifiers. So there are usually only two options for this unique identifier: + +* Email address: this is the most common choice. Most organizations assign a unique email address for each member. +* UserPrincipalName: this is a user attribute only available in Active Directory. It's format is `user-login-name@domain-name`, e.g. `john@example.com`. It's not a real email address, but it works fine as the unique identifier. + +### Connecting to Active Directory + +To use AD to authenticate a user, please add the following lines to ccnet.conf. + +If you choose email address as unique identifier: + +``` +[LDAP] +HOST = ldap://192.168.1.123/ +BASE = cn=users,dc=example,dc=com +USER_DN = administrator@example.local +PASSWORD = secret +LOGIN_ATTR = mail + +``` + +If you choose UserPrincipalName as unique identifier: + +``` +[LDAP] +HOST = ldap://192.168.1.123/ +BASE = cn=users,dc=example,dc=com +USER_DN = administrator@example.local +PASSWORD = secret +LOGIN_ATTR = userPrincipalName + +``` + +Meaning of each config options: + +* HOST: LDAP URL for the host. ldap://, ldaps:// and ldapi:// are supported. You can also include port number in the URL, like ldap://ldap.example.com:389. To use TLS, you should configure the LDAP server to listen on LDAPS port and specify ldaps:// here. More details about TLS are covered below. +* BASE: The distinguished name (DN) of the search base when running queries against the directory server. If you want to use the root DN as search base (e.g. dc=example,dc=com), you need to add `FOLLOW_REFERRALS = false` to the configuration. The meaning of this option will be explained in following sections. +* USER_DN: The distinguished name of the user that Seafile will use when connecting to the directory server. This user should have sufficient privileges to access all the nodes under BASE. It's recommended to use a user in the administrator group. +* PASSWORD: Password of the above user. +* LOGIN_ATTR: The attribute used for user's unique identifier. Use `mail` or `userPrincipalName`. + +Tips for choosing BASE and USER_DN: + +* To determine the BASE, you first have to navigate your organization hierachy on the domain controller GUI. + * If you want to allow all users to use Seafile, you can use 'cn=users,dc=yourdomain,dc=com' as BASE (with proper adjustment for your own needs). + * If you want to limit users to a certain OU (Organization Unit), you run `dsquery` command on the domain controller to find out the DN for this OU. For example, if the OU is 'staffs', you can run 'dsquery ou -name staff'. More information can be found [here](https://technet.microsoft.com/en-us/library/cc770509.aspx). +* AD supports 'user@domain.name' format for the USER_DN option. For example you can use administrator@example.com for USER_DN. Sometimes the domain controller doesn't recognize this format. You can still use `dsquery` command to find out user's DN. For example, if the user name is 'seafileuser', run `dsquery user -name seafileuser`. More information [here](https://technet.microsoft.com/en-us/library/cc725702.aspx). + +### Connecting to other LDAP servers + +Please add the following options to ccnet.conf: + +``` +[LDAP] +HOST = ldap://192.168.1.123/ +BASE = ou=users,dc=example,dc=com +USER_DN = cn=admin,dc=example,dc=com +PASSWORD = secret +LOGIN_ATTR = mail + +``` + +The meaning of these options is the same as described in the previous section. With other LDAP servers, you can only use `mail` attribute as user's unique identifier. + +### Testing your LDAP Configuration + +Since 5.0.0 Pro Edition, we provide a command line tool for checking your LDAP configuration. + +To use this tool, make sure you have `python-ldap` package installed on your system. + +``` +sudo apt-get install python-ldap + +``` + +Then you can run the test: + +``` +cd seafile-server-latest +./pro/pro.py ldapsync --test + +``` + +The test script checks your LDAP settings under the `[LDAP]` section of ccnet.conf. If everything works, it'll print the first ten users of the search results. Otherwise, it'll print out possible errors in your config. + +## Setting Up LDAP/AD User Sync (optional) + +In Seafile Pro, except for importing users into internal database when they log in, you can also configure Seafile to periodically sync user information from LDAP/AD server into the internal database. + +* User's full name, department and contact email address can be synced to internal database. Users can use this information to more easily search for a specific user. +* User's Windows or Unix login id can be synced to the internal database. This allows the user to log in with its familiar login id. +* When a user is removed from LDAP/AD, the corresponding user in Seafile will be deactivated. Otherwise, he could still sync files with Seafile client or access the web interface. + +After synchronization is complete, you can see the user's full name, department and contact email on its profile page. + +### Active Directory + +If you're using Active Directory, add the following options to ccnet.conf: + +``` +[LDAP] +...... + +[LDAP_SYNC] +ENABLE_USER_SYNC = true +DEACTIVE_USER_IF_NOTFOUND = true +SYNC_INTERVAL = 60 +USER_OBJECT_CLASS = person +ENABLE_EXTRA_USER_INFO_SYNC = true +FIRST_NAME_ATTR = givenName +LAST_NAME_ATTR = sn +UID_ATTR = sAMAccountName + +``` + +Meaning of each options: + +* **ENABLE_USER_SYNC**: set to "true" if you want to enable ldap user synchronization +* **DEACTIVE_USER_IF_NOTFOUND**: set to "true" if you want to deactivate a user when he/she was deleted in AD server. +* **SYNC_INTERVAL**: The interval to sync. Unit is minutes. Defaults to 60 minutes. +* **USER_OBJECT_CLASS**: This is the name of the class used to search for user objects. In Active Directory, it's usually "person". The default value is "person". +* **ENABLE_EXTRA_USER_INFO_SYNC**: Enable synchronization of additional user information, including user's full name, department, and Windows login name, etc. +* **FIRST_NAME_ATTR**: Attribute for user's first name. It's "givenName" by default. +* **LAST_NAME_ATTR**: Attribute for user's last name. It's "sn" by default. +* **USER_NAME_REVERSE**: In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it. +* **UID_ATTR**: Attribute for Windows login name. If this is synchronized, users can also log in with their Windows login name. In AD, the attribute `sAMAccountName` can be used as `UID_ATTR`. + +If you choose `userPrincipalName` as the unique identifier for user, Seafile cannot use it as real email address to send notification emails to user. If the users in AD also have an email address attribute, you can sync these email addresses into Seafile's internal database. Seafile can then use them to send emails. The configuration option is: + +* **CONTACT_EMAIL_ATTR**: usually you can set it to the `mail` attribute. + +### Other LDAP servers + +Add the following options to ccnet.conf: + +``` +[LDAP] +...... + +[LDAP_SYNC] +ENABLE_USER_SYNC = true +DEACTIVE_USER_IF_NOTFOUND = true +SYNC_INTERVAL = 60 +USER_OBJECT_CLASS = userOfNames +ENABLE_EXTRA_USER_INFO_SYNC = true +FIRST_NAME_ATTR = givenName +LAST_NAME_ATTR = sn +UID_ATTR = uid + +``` + +Meaning of each option: + +* **ENABLE_USER_SYNC**: set to "true" if you want to enable ldap user synchronization +* **DEACTIVE_USER_IF_NOTFOUND**: set to "true" if you want to deactivate a user when he/she was deleted in LDAP server. +* **SYNC_INTERVAL**: The synchronization interval. Unit is minutes. Defaults to 60 minutes. +* **USER_OBJECT_CLASS**: This is the name of the class used to search for user objects. In OpenLDAP, you can use "userOfNames". The default value is "person". +* **ENABLE_EXTRA_USER_INFO_SYNC**: Enable synchronization of additional user information, including user's full name, department, and Windows/Unix login name, etc. +* **FIRST_NAME_ATTR**: Attribute for user's first name. It's "givenName" by default. +* **LAST_NAME_ATTR**: Attribute for user's last name. It's "sn" by default. +* **USER_NAME_REVERSE**: In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it. +* **UID_ATTR**: Attribute for Windows/Unix login name. If this is synchronized, users can also log in with their Windows/Unix login name. In OpenLDAP, the attribute `uid` or something similar can be used. + +### Importing Users without Activating Them + +The users imported with the above configuration will be activated by default. For some organizations with large number of users, they may want to import user information (such as user full name) without activating the imported users. Activating all imported users will require licenses for all users in AD/LDAP, which may not be affordable. + +Seafile provides a combination of options for such use case. First, you have to add below option to \[ldap_sync] section of ccnet.conf: + +``` +ACTIVATE_USER_WHEN_IMPORT = false + +``` + +This prevents Seafile from activating imported users. Second, add below option to `seahub_settings.py`: + +``` +ACTIVATE_AFTER_FIRST_LOGIN = True + +``` + +This option will automatically activate users when they login to Seafile for the first time. + +With these configurations, an imported user can be searched and be shared with folders, but will not consume license until he/she logs in. + +### Reactivating Users + +When you set the \`**DEACTIVE_USER_IF_NOTFOUND**\` option, a user will be deactivated when it's not found in LDAP server. By default, even after this user reappears in the LDAP server, it won't be reactivated automatically. This is to prevent auto reactivating a user that was manually deactivated by the system admin. + +However, sometimes it's desirable to auto reactivate such users. So in version 7.1.8 we added a new option to provide this behavior. + +``` +AUTO_REACTIVATE_USERS = True + +``` + +### Manually Trigger Synchronization + +To test your LDAP sync configuration, you can run the sync command manually. + +To trigger LDAP sync manually, + +``` +cd seafile-server-lastest +./pro/pro.py ldapsync + +``` + +## Advanced LDAP/AD Integration Options + +### Multiple BASE + +Multiple base DN is useful when your company has more than one OUs to use Seafile. You can specify a list of base DN in the "BASE" config. The DNs are separated by ";", e.g. `ou=developers,dc=example,dc=com;ou=marketing,dc=example,dc=com` + +### Additional Search Filter + +Search filter is very useful when you have a large organization but only a portion of people want to use Seafile. The filter can be given by setting "FILTER" config. The value of this option follows standard LDAP search filter syntax (). + +The final filter used for searching for users is `(&($LOGIN_ATTR=*)($FILTER))`. `$LOGIN_ATTR` and `$FILTER` will be replaced by your option values. + +For example, add the following line to LDAP config: + +``` +FILTER = memberOf=CN=group,CN=developers,DC=example,DC=com + +``` + +The final search filter would be `(&(mail=*)(memberOf=CN=group,CN=developers,DC=example,DC=com))` + +Note that the cases in the above example is significant. The `memberOf` attribute is only available in Active Directory. + +### Limiting Seafile Users to a Group in Active Directory + +You can use the FILTER option to limit user scope to a certain AD group. + +1. First, you should find out the DN for the group. Again, we'll use `dsquery` command on the domain controller. For example, if group name is 'seafilegroup', run `dsquery group -name seafilegroup`. +2. Add following line to LDAP config: + + +``` +FILTER = memberOf={output of dsquery command} + +``` + +### Using TLS connection to LDAP/AD server + +To use TLS connection to the directory server, you should install a valid SSL certificate on the directory server. + +The current version of Seafile Linux server package is compiled on CentOS. We include the ldap client library in the package to maintain compatibility with older Linux distributions. But since different Linux distributions have different path or configuration for OpenSSL library, sometimes Seafile is unable to connect to the directory server with TLS. + +The ldap library (libldap) bundled in the Seafile package is of version 2.4. If your Linux distribution is new enough (like CentOS 6, Debian 7 or Ubuntu 12.04 or above), you can use system's libldap instead. + +On Ubuntu 14.04 and Debian 7/8, moving the bundled ldap related libraries out of the library path should make TLS connection work. + +``` +cd ${SEAFILE_INSTALLATION_DIR}/seafile-server-latest/seafile/lib +mkdir disabled_libs_use_local_ones_instead +mv liblber-2.4.so.2 libldap-2.4.so.2 libsasl2.so.2 libldap_r-2.4.so.2 disabled_libs_use_local_ones_instead/ + +``` + +On CentOS 6, you have to move the libnssutil library: + +``` +cd ${SEAFILE_INSTALLATION_DIR}/seafile-server-latest/seafile/lib +mkdir disabled_libs_use_local_ones_instead +mv libnssutil3.so disabled_libs_use_local_ones_instead/ + +``` + +This effectively removes the bundled libraries from the library search path. +When the server starts, it'll instead find and use the system libraries (if they are installed). +This change has to be repeated after each update of the Seafile installation. + +### Use paged results extension + +LDAP protocol version 3 supports "paged results" (PR) extension. When you have large number of users, this option can greatly improve the performance of listing users. Most directory server nowadays support this extension. + +In Seafile Pro Edition, add this option to LDAP section of ccnet.conf to enable PR: + +``` +USE_PAGED_RESULT = true + +``` + +### Follow referrals + +Starting from Pro Edition 4.0.4, Seafile supports auto following referrals in LDAP search. This is useful for partitioned LDAP or AD servers, where users may be spreaded on multiple directory servers. For more information about referrals, you can refer to [this article](https://technet.microsoft.com/en-us/library/cc978014.aspx). + +To configure, add following option to ccnet.conf in the \[ldap] section: + +``` +FOLLOW_REFERRALS = true + +``` + +### Configure Multi-ldap Servers + +Since seafile 5.1.4 pro edition, we support multi-ldap servers, that is besides base ldap server info in \[ldap] section, you can set other ldap servers info in \[ldap_multi_1], \[ldap_multi_2] ... \[ldap_multi_9] sections, so you can configure ten ldap servers to work with seafile. Multi-ldap servers mean that, when get or search ldap user, it will iterate all configured ldap servers until a match is found; When listing all ldap users, it will iterate all ldap servers to get all users; For Ldap sync it will sync all user/group info in all configured ldap servers to seafile. + +For example I have configured base ldap server in `ccnet.conf` as follow: + +``` +[LDAP] +HOST = ldap://192.168.1.123/ +BASE = ou=users,dc=example,dc=com +USER_DN = cn=admin,dc=example,dc=com +PASSWORD = secret +LOGIN_ATTR = mail + +``` + +Then I can configure another ldap server in `ccnet.conf` as follow: + +``` +[LDAP_MULTI_1] +HOST = ldap://192.168.1.124/ +BASE = ou=users,dc=example,dc=com +USER_DN = cn=admin,dc=example,dc=com +PASSWORD = secret + +``` + +Before 6.3.8, all ldap servers share LOGIN_ATTR, USE_PAGED_RESULT, FOLLOW_REFERRALS attributes in \[ldap] section; For ldap user/group sync, all ldap servers share all ldap sync related attributes in \[ldap_sync] section. + +Since seafile 6.3.8 pro, we support more independent config sections for each ldap server. The LOGIN_ATTR, USE_PAGED_RESULT, FOLLOW_REFERRALS options can be set independently in each \[ldap_multi_x] section. Furthermore, independent \[ldap_sync_multi_x] sections can be set for each LDAP server. That is, each LDAP server can use different LDAP sync options. + +There are still some shared config options that can only be set in \[ldap_sync] section, which is used for all LDAP servers. + +* SYNC_INTERVAL +* DEACTIVE_USER_IF_NOTFOUND +* ACTIVATE_USER_WHEN_IMPORT +* IMPORT_NEW_USER +* DEL_GROUP_IF_NOT_FOUND + +These options are used to control synchronization behaviors, so they're shared for all LDAP servers. + +NOTE: It is recommended to have a \[ldap_sync_multi_x] section for each \[ldap_multi_x] section. Otherwise the LDAP sync process will use the options in \[ldap_sync] section for that LDAP server. diff --git a/manual/deploy_pro/virus_scan.md b/manual/deploy_pro/virus_scan.md new file mode 100644 index 00000000..c56d175d --- /dev/null +++ b/manual/deploy_pro/virus_scan.md @@ -0,0 +1,66 @@ +# Virus Scan + +**Note**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md). + +In Seafile Professional Server 4.4.0 (or above), Seafile can scan uploaded files for malicious content in the background. When configured to run periodically, the scan process scans all existing libraries on the server. In each scan, the process only scans newly uploaded/updated files since the last scan. For each file, the process executes a user-specified virus scan command to check whether the file is a virus or not. Most anti-virus programs provide command line utility for Linux. + +To enable this feature, add the following options to `seafile.conf`: + +``` +[virus_scan] +scan_command = (command for checking virus) +virus_code = (command exit codes when file is virus) +nonvirus_code = (command exit codes when file is not virus) +scan_interval = (scanning interval, in unit of minutes, default to 60 minutes) +``` + +More details about the options: + +* On Linux/Unix, most virus scan commands returns specific exit codes for virus and non-virus. You should consult the manual of your anti-virus program for more information. + +An example for ClamAV (http://www.clamav.net/) is provided below: + +``` +[virus_scan] +scan_command = clamscan +virus_code = 1 +nonvirus_code = 0 +``` + +To test whether your configuration works, you can trigger a scan manually: + +``` +cd seafile-server-latest +./pro/pro.py virus_scan +``` + +If a virus was detected, you can see scan records and delete infected files on the Virus Scan page in the admin area. +![virus-scan](../images/virus-scan.png) + +**INFO**: If you directly use clamav command line tool to scan files, scanning files will takes a lot of time. If you want to speed it up, we recommend to run Clamav as a daemon. Please refer to [Run ClamAV as a Daemon](deploy_clamav_as_daemon.md) + +When run Clamav as a daemon, the `scan_command` should be `clamdscan` in `seafile.conf`. An example for Clamav-daemon is provided below: +``` +[virus_scan] +scan_command = clamdscan +virus_code = 1 +nonvirus_code = 0 +``` + +Since Pro edition 6.0.0, a few more options are added to provide finer grained control for virus scan. + +``` +[virus_scan] +...... +scan_size_limit = (size limit for files to be scanned) # The unit is MB. +scan_skip_ext = (a comma (',') separated list of file extensions to be ignored) +threads = (number of concurrent threads for scan, one thread for one file, default to 4) +``` + +The file extensions should start with '.'. The extensions are case insensitive. By default, files with following extensions will be ignored: + +``` +.bmp, .gif, .ico, .png, .jpg, .mp3, .mp4, .wav, .avi, .rmvb, .mkv +``` + +The list you provide will override default list. diff --git a/manual/deploy_pro/virus_scan_with_kav4fs.md b/manual/deploy_pro/virus_scan_with_kav4fs.md new file mode 100644 index 00000000..214299b9 --- /dev/null +++ b/manual/deploy_pro/virus_scan_with_kav4fs.md @@ -0,0 +1,85 @@ +# Virus Scan with kav4fs + +## Prerequisite + +Assume you have installed Kaspersky Anti-Virus for Linux File Server on the Seafile Server machine. + +If the user that runs Seafile Server is not root, it should have sudoers privilege to avoid writing password when running kav4fs-control. Add following content to /etc/sudoers: + +``` + ALL=(ALL:ALL) ALL + ALL=NOPASSWD: /opt/kaspersky/kav4fs/bin/kav4fs-control +``` + +## Script + +As the return code of kav4fs cannot reflect the file scan result, we use a shell wrapper script to parse the scan output and based on the parse result to return different return codes to reflect the scan result. + +Save following contents to a file such as `kav4fs_scan.sh`: + +``` +#!/bin/bash + +TEMP_LOG_FILE=`mktemp /tmp/XXXXXXXXXX` +VIRUS_FOUND=1 +CLEAN=0 +UNDEFINED=2 +KAV4FS='/opt/kaspersky/kav4fs/bin/kav4fs-control' +if [ ! -x $KAV4FS ] +then + echo "Binary not executable" + exit $UNDEFINED +fi + +sudo $KAV4FS --scan-file "$1" > $TEMP_LOG_FILE +if [ "$?" -ne 0 ] +then + echo "Error due to check file '$1'" + exit 3 +fi +THREATS_C=`grep 'Threats found:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'` +RISKWARE_C=`grep 'Riskware found:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'` +INFECTED=`grep 'Infected:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'` +SUSPICIOUS=`grep 'Suspicious:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'` +SCAN_ERRORS_C=`grep 'Scan errors:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'` +PASSWORD_PROTECTED=`grep 'Password protected:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'` +CORRUPTED=`grep 'Corrupted:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'` + +rm -f $TEMP_LOG_FILE + +if [ $THREATS_C -gt 0 -o $RISKWARE_C -gt 0 -o $INFECTED -gt 0 -o $SUSPICIOUS -gt 0 ] +then + exit $VIRUS_FOUND +elif [ $SCAN_ERRORS_C -gt 0 -o $PASSWORD_PROTECTED -gt 0 -o $CORRUPTED -gt 0 ] +then + exit $UNDEFINED +else + exit $CLEAN +fi +``` + +Grant execute permissions for the script (make sure it is owned by the user Seafile is running as): + +``` +chmod u+x kav4fs_scan.sh +``` + +The meaning of the script return code: + +``` +1: found virus +0: no virus +other: scan failed +``` + +## Configuration + +Add following content to `seafile.conf`: + +``` +[virus_scan] +scan_command = +virus_code = 1 +nonvirus_code = 0 +scan_interval = +``` diff --git a/manual/deploy_pro/web_resumable_upload.md b/manual/deploy_pro/web_resumable_upload.md new file mode 100644 index 00000000..1e33170d --- /dev/null +++ b/manual/deploy_pro/web_resumable_upload.md @@ -0,0 +1,25 @@ +# Web Resumable File Upload + +When uploading a large file in the web interface, if the network is unreliable, the upload can be interrupted. It's convenient if the upload can be resumed from where it stopped last time. In Seafile Professional Server 4.4.0 and above, this feature is supported. + +This feature works as following: + +1. A user uploads a large file on the web interface, and the connection is interrupted after some part of the file has been uploaded. +2. The server remembers where the upload stopped. +3. When the same file is uploaded to the same library and folder, the server tells the browser where to start the upload. + +Limitations: + +1. Only supports resumble upload. File update and folder upload is not resumable. +2. Only supports Chrome, Firefox, IE 10+. + +To enable this feature, add following options to seahub_settings.py: + +``` +ENABLE_RESUMABLE_FILEUPLOAD = True +``` + +In Seafile cluster, in order to make this feature work as espected, one of the following two special configurations must be done: + +1. seafile-server-latest/seafile-data/httptemp folder should be shared amoung all front end Seafile Servers via NFS. +2. Or, configure the load balancer to always send requests from the same IP address to a fixed back end server. diff --git a/manual/deploy_windows/deploy_with_windows.md b/manual/deploy_windows/deploy_with_windows.md new file mode 100644 index 00000000..1e9937ae --- /dev/null +++ b/manual/deploy_windows/deploy_with_windows.md @@ -0,0 +1,3 @@ +# Deploy with Windows + +The document is moved to https://download.seafile.com/published/support/windows-server/deploy_with_windows.md diff --git a/manual/deploy_windows/migrate_from_win_to_linux.md b/manual/deploy_windows/migrate_from_win_to_linux.md new file mode 100644 index 00000000..6018b923 --- /dev/null +++ b/manual/deploy_windows/migrate_from_win_to_linux.md @@ -0,0 +1,40 @@ +# Migrate From Windows to Linux + +This tutorial show you how to migrate Seafile form Windows(using SQLite) to Linux. + +### 1. Deploying Seafile Under Linux + +First, you should [Deploy Seafile with SQLite](../deploy/using_sqlite.md). And we assume that you deploy Seafile under `/home/haiwen/` directory. + +### 2. Replace Config Files And Databases + +#### Delete config files and databases in Linux + +``` +rm /home/haiwen/seahub_settings.py +rm /home/haiwen/seahub.db +rm -r /home/haiwen/seafile-data +cp /home/haiwen/ccnet/seafile.ini /home/haiwen/seafile.ini +rm -r /home/haiwen/ccnet +``` + +> Note: `seafile.ini` is used to record the path to `seafile-data`, we will use it later, so we just copy it out, not delete it. + +#### Copy config files and databases to Linux + +- copy file `seahub_settings.py` from Windows **seafile-server** to Linux `/home/haiwen/`; + +- copy file `seahub.db` from Windows **seafile-server** to Linux `/home/haiwen/`; + +- copy sub-directory `seafile-data` from Windows **seafile-server** to Linux `/home/haiwen/`; + +- copy sub-directory `ccnet` from Windows **seafile-server** to Linux `/home/haiwen/`; + +- copy `/home/haiwen/seafile.ini` to new Linux **ccnet** directory. + +### Start Seafile + +``` +./seafile.sh start +./seahub.sh start +``` diff --git a/manual/develop/README.md b/manual/develop/README.md new file mode 100644 index 00000000..7c85dbab --- /dev/null +++ b/manual/develop/README.md @@ -0,0 +1,15 @@ +# Develop Documents + +* [How to Build Seafile](../build_seafile/README.md) +* [How to Setup Develop Envirnoment](env.md) + +Seafile Open API + +* [Seafile Web API](web_api_v2.1.md) +* [Seafile Python API](python_api.md) +* [Seafile PHP API](https://github.com/rene-s/Seafile-PHP-SDK) + +Seafile Implement Detail + +* [Seafile Data Model](data_model.md) +* [Seafile Server Components](server-components.md) diff --git a/manual/develop/data_model.md b/manual/develop/data_model.md new file mode 100644 index 00000000..4fcf7645 --- /dev/null +++ b/manual/develop/data_model.md @@ -0,0 +1,37 @@ +# Data Model + +Seafile internally uses a data model similar to GIT's. It consists of `Repo`, `Branch`, `Commit`, `FS`, and `Block`. + +## Repo + +A repo is also called a library. Every repo has an unique id (UUID), and attributes like description, creator, password. + +## Branch + +Unlike git, only two predefined branches is used, i.e., `local` and `master`. + +In PC client, modifications will first be committed to the `local` branch. +Then the `master` branch is downloaded from server, and merged into `local` branch. +After that the `local` branch will be uploaded to server. Then the server will fast-forward +its `master` branch to the head commit of the just uploaded branch. + +When users update a repo on the web, modifications will first be committed to temporary branch +on the server, then merged into the `master` branch. + +## Commit + +Like in GIT. + +## FS + +There are two types of FS objects, `SeafDir Object` and `Seafile Object`. +`SeafDir Object` represents a directory, and `Seafile Object` represents a file. + +## Block + +A file is further divided into blocks with variable lengths. We use Content Defined Chunking algorithm to +divide file into blocks. A clear overview of this algorithm can be found at http://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf. +On average, a block's size is around 1MB. + +This mechanism makes it possible to deduplicate data between different versions of frequently updated files, +improving storage efficiency. It also enables transferring data to/from multiple servers in parallel. diff --git a/manual/develop/env.md b/manual/develop/env.md new file mode 100644 index 00000000..d2fc406d --- /dev/null +++ b/manual/develop/env.md @@ -0,0 +1,153 @@ +# Setup Seafile Server Development Environment + +The following operations have been tested on ubuntu-16.04.1-desktop-amd64 system. + +## Install Necessary Packages + +#### install necessary packages by `apt` + +``` +sudo apt install ssh libevent-dev libcurl4-openssl-dev libglib2.0-dev uuid-dev intltool libsqlite3-dev libmysqlclient-dev libarchive-dev libtool libjansson-dev valac libfuse-dev python-dateutil cmake re2c flex sqlite3 python-pip python-simplejson git libssl-dev libldap2-dev libonig-dev +``` + +#### install `libevhtp` from source + +``` +cd ~/Downloads/ +git clone https://github.com/haiwen/libevhtp.git +cd libevhtp/ +cmake -DEVHTP_DISABLE_SSL=ON -DEVHTP_BUILD_SHARED=OFF . +make +sudo make install +sudo ldconfig +``` + +## Download and Build Seafile + +#### create project root directory *dev* + +``` +cd +mkdir dev +``` + +#### download and install `libsearpc` + +``` +cd ~/dev/ +git clone https://github.com/haiwen/libsearpc.git +cd libsearpc/ +./autogen.sh +./configure +make +sudo make install +sudo ldconfig +``` + +#### download and install `ccnet-server` + +``` +cd ~/dev/ +git clone https://github.com/haiwen/ccnet-server.git +cd ccnet-server/ +./autogen.sh +./configure --enable-ldap +make +sudo make install +sudo ldconfig +``` + +#### download and install `seafile-server` + +``` +cd ~/dev/ +git clone https://github.com/haiwen/seafile-server.git +cd seafile-server/ +./autogen.sh +./configure +make +sudo make install +``` + +#### download `seahub` + +``` +cd ~/dev/ +git clone https://github.com/haiwen/seahub.git +cd seahub/ +``` + +## Start `ccnet-server` and `seaf-server` + +Start `ccnet-server` and `seaf-server` in two separate terminals. + +``` +cd ~/dev/seafile-server/tests +ccnet-server -c conf -f - +``` + +``` +cd ~/dev/seafile-server/tests +mkdir -p conf/seafile-data +touch conf/seafile-data/seafile.conf +cat > conf/seafile-data/seafile.conf << EOF +[database] +create_tables = true +EOF +seaf-server -c conf -d conf/seafile-data -f -l - +``` + +The config files and databases (if you use sqlite, which is by default) of `ccnet-server` are located in `~/dev/seafile-server/tests/conf`. This directory is called "ccnet conf directory". The config files, databases and data of `seaf-server` are located in `~/dev/seafile-server/tests/conf/seafile-data`. This directory is called "seafile conf directory". + +## Start `seahub` + +`Seahub` is the web front end of Seafile. It is written in the Django framework, requires Python 2.7 installed on your server. + +#### set environment + +``` +cd ~/dev/seahub/ + +cat > setenv.sh << EOF +export CCNET_CONF_DIR=~/dev/seafile-server/tests/conf +export SEAFILE_CONF_DIR=~/dev/seafile-server/tests/conf/seafile-data +export PYTHONPATH=/usr/local/lib/python2.7/dist-packages:thirdpart:\$PYTHONPATH +EOF + +sudo chmod u+x setenv.sh +``` + +#### install requirements + +``` +# Expand setenv.sh in the current shell +. setenv.sh +cd ~/dev/seahub/ +sudo pip install -r requirements.txt +``` + +**NOTE**: if *locale.Error: unsupported locale setting*, you should `export LC_ALL=en_US.UTF-8` + +#### create database and admin account + +``` +. setenv.sh +python manage.py migrate +python tools/seahub-admin.py # create admin account +``` + +**NOTE**: currently, your *ccnet directory* is `~/dev/seafile-server/tests/conf` + +#### run `seahub` + +``` +python manage.py runserver 0.0.0.0:8000 +``` + +then open browser and navigate to http://127.0.0.1:8000 + +If you have set up Nginx/Apache to run Seafile, you should run seahub in fastcgi mode. + +``` +python manage.py runfcgi host=127.0.0.1 port=8000 +``` diff --git a/manual/develop/python_api.md b/manual/develop/python_api.md new file mode 100644 index 00000000..70a93662 --- /dev/null +++ b/manual/develop/python_api.md @@ -0,0 +1,259 @@ +# Python API + +

+ +

+ + +#Seafile Python API# + +This tutorial show you how to use seafile-api, and will accomplish a "library copy" work under **Ubuntu** as example. + +##Install Seafile Server## + +First of all, make sure you have [Download and Setup Seafile Server](https://github.com/haiwen/seafile/wiki/Download-and-setup-seafile-server) successfully. And your directory layout will be like this: + + # tree . -L 3 + . + ├── ccnet + │   ├── ccnet.conf + │   ├── ...... + │...... + ├── seafile-server-3.0.3 + │   ├── seafile + │   ├── seafile.sh + │   ├── seahub + │   ├── seahub.sh + │   ├── setup-seafile.sh + │   ├── upgrade + │   ├── README + │   ├── seaf_migrate_3.py + │   ├── seaf_migrate_3.sh + │   ├── ...... + │   ├── ...... + │...... + +##Example: Copy Library +In this example, two script files will be used: `seaf_migrate_3.sh` and `seaf_migrate_3.py`. We put them in the **upgrade** directory as you see above. + +###Set Environment Variable +If you want use Seafile-API, set environment variable first. That's what `seaf_migrate_3.sh` does: + +1. get ccnet/seafile config file path and export them; +2. export Python path; +3. call `seaf_migrate_3.py`. + +Example code +```sh +#!/bin/bash + +#get path of ccnet.conf +SCRIPT=$(readlink -f "$0") # haiwen/seafile-server-3.0.3/upgrade/seaf_migrate_3.sh +UPGRADE_DIR=$(dirname "$SCRIPT") # haiwen/seafile-server-3.0.3/upgrade/ +INSTALLPATH=$(dirname "$UPGRADE_DIR") # haiwen/seafile-server-3.0.3/ +TOPDIR=$(dirname "${INSTALLPATH}") # haiwen/ +default_ccnet_conf_dir=${TOPDIR}/ccnet + +#get path of seafile.conf +function read_seafile_data_dir () { + seafile_ini=${default_ccnet_conf_dir}/seafile.ini + if [[ ! -f ${seafile_ini} ]]; then + echo "${seafile_ini} not found. Now quit" + exit 1 + fi + seafile_data_dir=$(cat "${seafile_ini}") + if [[ ! -d ${seafile_data_dir} ]]; then + echo "Your seafile server data directory \"${seafile_data_dir}\" is invalid or doesn't exits." + echo "Please check it first, or create this directory yourself." + echo "" + exit 1; + fi + + export SEAFILE_CONF_DIR=$seafile_data_dir +} + +export CCNET_CONF_DIR=${default_ccnet_conf_dir} +read_seafile_data_dir; + +export PYTHONPATH=${INSTALLPATH}/seafile/lib/python2.6/site-packages:${INSTALLPATH}/seafile/lib64/python2.6/site-packages:${INSTALLPATH}/seafile/lib/python2.7/site-packages:${INSTALLPATH}/seahub/thirdpart:$PYTHONPATH +export PYTHONPATH=${INSTALLPATH}/seafile/lib/python2.7/site-packages:${INSTALLPATH}/seafile/lib64/python2.7/site-packages:$PYTHONPATH + +function usage () { + echo "Usage: `basename $0` " + echo "exit." + exit 1 +} +if [ $# != 1 ]; then + usage +fi + +python seaf_migrate_3.py $1 +``` + +> **NOTE:** +> You can get `repo_id` at address bar of Seahub or through [Seafile web API](https://github.com/haiwen/seafile/wiki/Seafile-web-API#list-libraries) + +###Copy Library +Then `seaf_migrate_3.py` will call Seafile-API to copy library: + +1. Get library ID from input. +2. Get origin_repo object. +3. Create a new library, set name, desc and owner. +4. Copy stuffs from old library to new library. + +Example code +```python +#!/usr/bin/env python + +import os +import stat +import sys +from seaserv import seafile_api + +def count_files_recursive(repo_id, path='/'): + num_files = 0 + for e in seafile_api.list_dir_by_path(repo_id, path): + if stat.S_ISDIR(e.mode): + num_files += count_files_recursive(repo_id, + os.path.join(path, e.obj_name)) + else: + num_files += 1 + return num_files + +#Get library ID from input +origin_repo_id = sys.argv[1] + +#Get origin_repo object +origin_repo = seafile_api.get_repo(origin_repo_id) +username = seafile_api.get_repo_owner(origin_repo_id) + +#Create a new library, set name, desc and owner +new_repo_id = seafile_api.create_repo(name=origin_repo.name, + desc=origin_repo.desc, + username=username, passwd=None) + +#Copy stuffs from old library to new library +dirents = seafile_api.list_dir_by_path(origin_repo_id, '/') +for e in dirents: + print "copying: " + e.obj_name + obj_name = e.obj_name + seafile_api.copy_file(origin_repo_id, '/', obj_name, new_repo_id, '/', + obj_name, username, 0, 1) + +print "*" * 60 +print "OK, verifying..." +print "Origin library(%s): %d files. New Library(%s): %d files." % ( + origin_repo_id[:8], count_files_recursive(origin_repo_id), + new_repo_id[:8], count_files_recursive(new_repo_id)) +print "*" * 60 +``` + +If you execute script file successfully, you will see these output, and of course a new library at myhome page of Seahub. + + foo@foo:~/haiwen/seafile-server-3.0.3/upgrade$ ./seaf_migrate_test.sh c8bbb088-cbaf-411d-8bd8-9870763f0e5f + Loading ccnet config from /home/foo/haiwen/ccnet + Loading seafile config from /home/foo/haiwen/seafile-data + copying: test.html + copying: test-dir-2 + copying: test-dir + copying: solar.html + copying: examples.desktop + ************************************************************ + OK, verifying... + Origin library(c8bbb088): 10 files. New Library(4d6f4837): 10 files. + ************************************************************ + +##List Of Seafile-API +This list is based on **seafile-server-3.0.3**, and parameter was omitted. + +For more infomation about Seafile-API, please see [api.py](https://github.com/haiwen/seafile-server/blob/master/python/seaserv/api.py). + +> - seafile_api.add_inner_pub_repo() +> - seafile_api.cancel_copy_task() +> - seafile_api.change_repo_passwd() +> - seafile_api.check_passwd() +> - seafile_api.check_permission() +> - seafile_api.check_quota() +> - seafile_api.check_repo_access_permission() +> - seafile_api.copy_file() +> - seafile_api.count_inner_pub_repos() +> - seafile_api.create_enc_repo() +> - seafile_api.create_repo() +> - seafile_api.create_virtual_repo() +> - seafile_api.del_file() +> - seafile_api.delete_repo_token() +> - seafile_api.delete_repo_tokens_by_peer_id() +> - seafile_api.diff_commits() +> - seafile_api.edit_repo() +> - seafile_api.generate_repo_token() +> - seafile_api.get_commit_list() +> - seafile_api.get_copy_task() +> - seafile_api.get_decrypt_key() +> - seafile_api.get_deleted() +> - seafile_api.get_dir_id_by_commit_and_path() +> - seafile_api.get_dir_id_by_path() +> - seafile_api.get_file_id_by_commit_and_path() +> - seafile_api.get_file_id_by_path() +> - seafile_api.get_file_revisions() +> - seafile_api.get_file_size() +> - seafile_api.get_files_last_modified() +> - seafile_api.get_group_repo_list() +> - seafile_api.get_group_repoids() +> - seafile_api.get_group_repos_by_owner() +> - seafile_api.get_fileserver_access_token() +> - seafile_api.get_inner_pub_repo_list() +> - seafile_api.get_orphan_repo_list() +> - seafile_api.get_owned_repo_list() +> - seafile_api.get_repo() +> - seafile_api.get_repo_list() +> - seafile_api.get_repo_owner() +> - seafile_api.get_repo_size() +> - seafile_api.get_share_in_repo_list() +> - seafile_api.get_share_out_repo_list() +> - seafile_api.get_shared_groups_by_repo() +> - seafile_api.get_user_quota() +> - seafile_api.get_user_self_usage() +> - seafile_api.get_user_share_usage() +> - seafile_api.get_virtual_repo() +> - seafile_api.get_virtual_repos_by_owner() +> - seafile_api.group_share_repo() +> - seafile_api.group_unshare_repo() +> - seafile_api.is_inner_pub_repo() +> - seafile_api.is_password_set() +> - seafile_api.is_repo_owner() +> - seafile_api.is_valid_filename() +> - seafile_api.list_dir_by_commit_and_path() +> - seafile_api.list_dir_by_dir_id() +> - seafile_api.list_dir_by_path() +> - seafile_api.list_file_by_file_id() +> - seafile_api.list_repo_tokens() +> - seafile_api.list_repo_tokens_by_email() +> - seafile_api.move_file() +> - seafile_api.post_dir() +> - seafile_api.post_empty_file() +> - seafile_api.post_file() +> - seafile_api.put_file() +> - seafile_api.query_fileserver_access_token() +> - seafile_api.remove_inner_pub_repo() +> - seafile_api.remove_repo() +> - seafile_api.remove_share() +> - seafile_api.rename_file() +> - seafile_api.revert_dir() +> - seafile_api.revert_file() +> - seafile_api.revert_repo() +> - seafile_api.set_group_repo_permission() +> - seafile_api.set_passwd() +> - seafile_api.set_repo_owner() +> - seafile_api.set_share_permission() +> - seafile_api.set_user_quota() +> - seafile_api.share_repo() +> - seafile_api.unset_passwd() diff --git a/manual/develop/server-components.md b/manual/develop/server-components.md new file mode 100644 index 00000000..bd0ab06d --- /dev/null +++ b/manual/develop/server-components.md @@ -0,0 +1,25 @@ +# Components of Seafile Server + +Seafile server comprises of the following services. + +* **Ccnet daemon** (ccnet for client side or ccnet-server for server side):networking service daemon. In our initial design, Ccnet worked like a traffic bus. All the network traffic between client, server and internal traffic between different components would go through Ccnet. After further development we found that file transfer is improved by utilizing the Seafile daemon component directly. +* **Seafile daemon**:data service daemon +* **Seahub**:the website. Seafile server package contains a light-weight Python HTTP server `gunicorn` that serves the website. Seahub runs as an application within gunicorn. +* **FileServer**: handles raw file upload/download functions for Seahub. Due to Gunicorn being poor at handling large files, so we wrote this "FileServer" in the C programming language to serve raw file upload/download. +* **Controller**: monitors ccnet and Seafile daemons, restarts them if necessary. + +**The picture below shows how Seafile desktop client syncs files with Seafile server**: + +![seafile-sync-arch](../images/seafile-sync-arch.png) + +
+ +**The picture below shows how Seafile mobile client interacts with Seafile server**: + +![mobile-arch](../images/mobile-arch.png) + +
+ +**The picture below shows how Seafile mobile client interacts with Seafile server if the server is configured behind Nginx/Apache**: + +![mobile-nginx-arch](../images/mobile-nginx-arch.png) diff --git a/manual/develop/translation.md b/manual/develop/translation.md new file mode 100644 index 00000000..55329992 --- /dev/null +++ b/manual/develop/translation.md @@ -0,0 +1,57 @@ +# Translation + +## Seahub (Seafile Server 7.1 and above) + +### Translate and try locally + +1\. Locate the translation files in the seafile-server-latest/seahub directory: + +* For Seahub (except Markdown editor): `/locale//LC_MESSAGES/django.po`  and  `/locale//LC_MESSAGES/djangojs.po` +* For Markdown editor: `/media/locales//seafile-editor.json` + +For example, if you want to improve the Russian translation, find the corresponding strings to be edited in either of the following three files: + +* `/seafile-server-latest/seahub/locale/ru/LC_MESSAGES/django.po` +* `/seafile-server-latest/seahub/locale/ru/LC_MESSAGES/djangojs.po` +* `/seafile-server-latest/seahub/media/locales/ru/seafile-editor.json` + +If there is no translation for your language, create a new folder matching your language code and copy-paste the contents of another language folder in your newly created one. (Don't copy from the 'en' folder because the files therein do not contain the strings to be translated.) + +2\. Edit the files using an UTF-8 editor. + +3\. Save your changes. + +4\. (Only necessary when you created a new language code folder) Add a new entry for your language to the language block in the `/seafile-server-latest/seahub/seahub/settings.py` file and save it. + +``` +LANGUAGES = ( + ... + ('ru', 'Русский'), + ... +) + +``` + +5\. (Only necessary when you edited either django.po or djangojs.po) Apply the changes made in django.po and djangojs.po by running the following two commands in `/seafile-server-latest/seahub/locale//LC_MESSAGES`: + +* `msgfmt -o django.mo django.po` +* `msgfmt -o djangojs.mo djangojs.po` + +Additionally, run the following two commands in the seafile-server-latest directory: + +* `./seahub.sh python-env python3 seahub/manage.py compilejsi18n -l ` +* `./seahub.sh python-env python3 seahub/manage.py collectstatic --noinput -i admin -i termsandconditions --no-post-process` + +6\. Restart Seahub to load changes made in django.po and djangojs.po; reload the Markdown editor to check your modifications in the seafile-editor.json file. + +### Submit your translation + +Please submit translations via Transifex: + +Steps: + +1. Create a free account on Transifex (https\://www.transifex.com/). +2. Send a request to join the language translation. +3. After accepted by the project maintainer, then you can upload your file or translate online. + + diff --git a/manual/develop/web_api_v2.1.md b/manual/develop/web_api_v2.1.md new file mode 100644 index 00000000..0963c498 --- /dev/null +++ b/manual/develop/web_api_v2.1.md @@ -0,0 +1,9 @@ +# Web API (For Seafile server v5.1.0+) + +## Seafile Web API + +The API document is moved to + +## Admin Only + +The Admin API document is moved to diff --git a/manual/docker/6.3 upgrade to 7.0.md b/manual/docker/6.3 upgrade to 7.0.md new file mode 100644 index 00000000..0e7c1c7b --- /dev/null +++ b/manual/docker/6.3 upgrade to 7.0.md @@ -0,0 +1,139 @@ +# Upgrade Seafile Docker Community Edition to 7.0 + +Starting with 7.0, we have adjusted seafile-docker image to use multiple containers. The old image runs MariaDB-Server and Memcached in the same container with Seafile server. Now, we strip the MariaDB-Server and Memcached services from the Seafile image and run them in their respective containers. In order to be compatible with the data of the old container, you need to follow the process below to upgrade to the new version. + +To prevent accidental old-fashioned upgrades, the new docker image has a new name called seafile-mc (Seafile Multiple Container). The new image is configured and run using docker-compose. + +## Check the current container data + +Suppose the current Seafile container's volumes directory is:`/opt/seafile-data` + +So the data structure of the Seafile container should look like this: + +``` +/opt/seafile-data +├── db <-----------> the data directory of MySQL +├── logs +│   ├── seafile <-----------> the logs directory of Seafile +│   └── var-log +└── seafile + ├── ccnet + ├── conf <-----------> the configuration directoy of Seafile + ├── pro-data + ├── seafile-data + └── seahub-data + +``` + +## Modify MariaDB permissions + +In the old container, the MariaDB user is only allowed to access through the '127.0.0.1' address. This permission is not enough in the new container, so you must first modify the permissions of MariaDB. + +### Allow root remote access + +The **root **needs to be allowed to access the MySQL remotely by specifying a password. E.g: + +* Suppose the current Seafile container name is:`seafile` +* Specify the access password of the root as:`db_dev` + +Refer to the following command to allow root to remotely access MariaDB: + +```bash +sudo docker exec -it seafile /usr/bin/mysql -e "grant all on *.* to 'root'@'%.%.%.%' identified by 'db_dev';" + +``` + +### Allow seafile remote access + +Similarly, you need to allow **seafile** to access the MariaDB remotely with the specified password. E.g: + +* Suppose the current Seafile container name is:`seafile` +* The seafile password needs to look at the `PASSWD` value in the current container's `ccnet.conf` configuration, assuming:`467fa02f-bf9a-4afb-9300-c4683073162a` + +```bash +for database in {ccnet_db,seafile_db,seahub_db}; do sudo docker exec -it seafile /usr/bin/mysql -e "grant all on ${database}.* to 'seafile'@'%.%.%.%' identified by '467fa02f-bf9a-4afb-9300-c4683073162a';"; done + +``` + +## Modify the configuration file of Seafile + +You also need to modify the MariaDB service address and Memcached service address in the configuration file of Seafile. + +* Suppose the current Seafile container name is:`seafile` + +### Stop the current Seafile container + +First you need to stop the old container that is currently running. + +```bash +sudo docker stop seafile + +``` + +### Backup configuration file + +Back up the original configuration file of Seafile. + +```bash +cd /opt/seafile-data/seafile +sudo tar -cf conf.bak.tar conf +cd conf + +``` + +### Modify the configuration file of Seafile + +* ccnet.conf:Change the `HOST` value to `db` in the `[Database]` configuration section ; +* seafile.conf:Change the `host` value to `db` in the `[database]` configuration section ; +* seahub_settings.py:Change the `'HOST'` value to `'db'` in the `DATABASES` dict,and change the `'LOCATION'` value to `'memcached:11211'` in the `CACHES` dict . + +## Migrate MariaDB data + +### Backup the data of MariaDB + +``` +cd /opt/seafile-data +sudo tar -cf db.bak.tar db + +``` + +### Migrate the data's directory of MariaDB + +Migrate the `db` directory out of the volume directory of the old container, so that the new MariaDB container can be used to mount the original data. If the directory is migrated to the `/opt/seafile-mysql` directory: + +```bash +sudo mkdir -p /opt/seafile-mysql +sudo mv db /opt/seafile-mysql/ + +``` + +## Modify the docker-compose.yml + +Community Edition:[Download](https://download.seafile.com/d/320e8adf90fa43ad8fee/files/?p=/docker/docker-compose.yml) `docker-compose.yml` sample file to the host. + +According to the actual situation, modify the `docker-compose.yml`, mainly the following: + +* The password of MySQL root ( **MYSQL_ROOT_PASSWORD **and **DB_ROOT_PASSWD** ), should be set to the root password above,such as:`db_dev` ; +* The volume directory of MySQL data ( **volumes **), should be set to the directory after the migration above, such as:`/opt/seafile-mysql/db:/var/lib/mysql` ; +* The volume directory of Seafile data ( **volumes **),should be set to the directory of the old container's volume, such as:`/opt/seafile-data:/shared` . + +## Run new container + +### Delete the old container + +``` +sudo docker rm seafile + +``` + +### Run the new container + +Go to the directory where has the docker-compose.yml file and run the following command to start the new container: + +``` +sudo docker-compose up +# You may need to install the docker-compose beforehand, plus the -d to run the command in the background. + +``` + +Tip: In addition to setting the correct `TIME_ZONE` in the `docker-compose.yml` , you also need to set `TIME_ZONE = 'your-timezone'` in the `seahub_settings.py`. diff --git a/manual/docker/deploy seafile with docker.md b/manual/docker/deploy seafile with docker.md new file mode 100644 index 00000000..b5df81d4 --- /dev/null +++ b/manual/docker/deploy seafile with docker.md @@ -0,0 +1,235 @@ +# Deploy Seafile with Docker + +> The official Docker image uses multiple containers. If you need to run Seafile and related database in a single container for Synology platform, you can try the docker image provided by community: + +## Getting started + +### Install docker-compose + +Seafile v7.x.x image uses docker-compose. You should first install the docker-compose command. + +```bash +# for CentOS +yum install docker-compose -y + +# for Ubuntu +apt-get install docker-compose -y + +``` + +### Download and modify docker-compose.yml + +Download [docker-compose.yml](https://download.seafile.com/d/320e8adf90fa43ad8fee/files/?p=/docker/docker-compose.yml) sample file to your host. Then modify the file according to your environtment. The following fields are needed to be modified: + +* The password of MySQL root (MYSQL_ROOT_PASSWORD and DB_ROOT_PASSWD) +* The volume directory of MySQL data (volumes) +* The volume directory of Seafile data (volumes). + +### Start Seafile server + +Start Seafile server with the following command + +```bash +docker-compose up -d + +``` + +Wait for a few minutes for the first time initialization, then visit `http://seafile.example.com` to open Seafile Web UI. + +**NOTE: You should run the above command in a directory with the **`docker-compose.yml`**.** + +## More configuration options + +### Custom admin username and password + +The default admin account is `me@example.com` and the password is `asecret`. You can use a different password by setting the container's environment variables in the `docker-compose.yml`: +e.g. + +``` +seafile: + ... + + environment: + ... + - SEAFILE_ADMIN_EMAIL=me@example.com + - SEAFILE_ADMIN_PASSWORD=a_very_secret_password + ... + +``` + +### Let's encrypt SSL certificate + +If you set `SEAFILE_SERVER_LETSENCRYPT` to `true`, the container would request a letsencrypt-signed SSL certificate for you automatically. + +e.g. + +``` +seafile: + ... + ports: + - "80:80" + - "443:443" + ... + environment: + ... + - SEAFILE_SERVER_LETSENCRYPT=true + - SEAFILE_SERVER_HOSTNAME=docs.seafile.com + ... + +``` + +If you want to use your own SSL certificate and the volume directory of Seafile data is `/opt/seafile-data`: + +* create a folder `/opt/seafile-data/ssl`, and put your certificate and private key under the ssl directory. +* Assume your site name is `seafile.example.com`, then your certificate must have the name `seafile.example.com.crt`, and the private key must have the name `seafile.example.com.key`. + +### Modify Seafile server configurations + +The config files are under `shared/seafile/conf`. You can modify the configurations according to [Seafile manual](https://manual.seafile.com/) + +After modification, you need to restart the container: + +```bash +docker-compose restart + +``` + +### Find logs + +The Seafile logs are under `shared/logs/seafile` in the docker, or `/opt/seafile-data/logs/seafile` in the server that run the docker. + +The system logs are under `shared/logs/var-log`, or `/opt/seafile-data/logs/var-log` in the server that run the docker. + +### Add a new admin + +Ensure the container is running, then enter this command: + +``` +docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh + +``` + +Enter the username and password according to the prompts. You now have a new admin account. + +## Seafile directory structure + +### `/shared` + +Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various logfiles and upload directory outside. This allows you to rebuild containers easily without losing important information. + +* /shared/seafile: This is the directory for seafile server configuration and data. +* /shared/logs: This is the directory for logs. + * /shared/logs/var-log: This is the directory that would be mounted as `/var/log` inside the container. For example, you can find the nginx logs in `shared/logs/var-log/nginx/`. + * /shared/logs/seafile: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in `shared/logs/seafile/seafile.log`. +* /shared/ssl: This is directory for certificate, which does not exist by default. +* /shared/bootstrap.conf: This file does not exist by default. You can create it by your self, and write the configuration of files similar to the `samples` folder. + +## Upgrading Seafile server + +To upgrade to latest version of seafile server: + +```sh +docker pull seafileltd/seafile-mc:latest +docker-compose down +docker-compose up -d + +``` + +## Backup and recovery + +### Struct + +We assume your seafile volumns path is in `/opt/seafile-data`. And you want to backup to `/opt/seafile-backup` directory. +You can create a layout similar to the following in /opt/seafile-backup directory: + +```struct +/opt/seafile-backup +---- databases/ MySQL contains database backup files +---- data/ Seafile contains backups of the data directory + +``` + +The data files to be backed up: + +```struct +/opt/seafile-data/seafile/conf # configuration files +/opt/seafile-data/seafile/seafile-data # data of seafile +/opt/seafile-data/seafile/seahub-data # data of seahub + +``` + +### Backup + +Steps: + +1. Backup the databases; +2. Backup the seafile data directory; + +Backup Order: Database First or Data Directory First + +* backing up Database: + + ```bash + # It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week. + cd /opt/seafile-backup/databases + docker exec -it seafile-mysql mysqldump -uroot --opt ccnet_db > ccnet_db.sql + docker exec -it seafile-mysql mysqldump -uroot --opt seafile_db > seafile_db.sql + docker exec -it seafile-mysql mysqldump -uroot --opt seahub_db > seahub_db.sql + + ``` + +* Backing up Seafile library data: + * To directly copy the whole data directory + + ```bash + cp -R /opt/seafile-data/seafile /opt/seafile-backup/data/ + cd /opt/seafile-backup/data && rm -rf ccnet + + ``` + + * Use rsync to do incremental backup + + ```bash + rsync -az /opt/seafile-data/seafile /opt/seafile-backup/data/ + cd /opt/seafile-backup/data && rm -rf ccnet + + ``` + +### Recovery + +* Restore the databases: + + ```bash + docker cp /opt/seafile-backup/databases/ccnet_db.sql seafile-mysql:/tmp/ccnet_db.sql + docker cp /opt/seafile-backup/databases/seafile_db.sql seafile-mysql:/tmp/seafile_db.sql + docker cp /opt/seafile-backup/databases/seahub_db.sql seafile-mysql:/tmp/seahub_db.sql + + docker exec -it seafile-mysql /bin/sh -c "mysql -uroot ccnet_db < /tmp/ccnet_db.sql" + docker exec -it seafile-mysql /bin/sh -c "mysql -uroot seafile_db < /tmp/seafile_db.sql" + docker exec -it seafile-mysql /bin/sh -c "mysql -uroot seahub_db < /tmp/seahub_db.sql" + + ``` + +* Restore the seafile data: + + ```bash + cp -R /opt/seafile-backup/data/* /opt/seafile-data/seafile/ + + ``` + +## Garbage collection + +When files are deleted, the blocks comprising those files are not immediately removed as there may be other files that reference those blocks (due to the magic of deduplication). To remove them, Seafile requires a ['garbage collection'](https://manual.seafile.com/maintain/seafile_gc.html) process to be run, which detects which blocks no longer used and purges them. (NOTE: for technical reasons, the GC process does not guarantee that _every single_ orphan block will be deleted.) + +The required scripts can be found in the `/scripts` folder of the docker container. To perform garbage collection, simply run `docker exec seafile /scripts/gc.sh`. For the community edition, this process will stop the seafile server, but it is a relatively quick process and the seafile server will start automatically once the process has finished. The Professional supports an online garbage collection. + +## Troubleshooting + +You can run docker commands like "docker exec" to find errors. + +```sh +docker exec -it seafile /bin/bash + +``` + + diff --git a/manual/docker/docker-compose.yml b/manual/docker/docker-compose.yml new file mode 100644 index 00000000..bf78606c --- /dev/null +++ b/manual/docker/docker-compose.yml @@ -0,0 +1,44 @@ +version: '2.0' +services: + db: + image: mariadb:10.1 + container_name: seafile-mysql + environment: + - MYSQL_ROOT_PASSWORD=db_dev # Requested, set the root's password of MySQL service. + - MYSQL_LOG_CONSOLE=true + volumes: + - /opt/seafile-mysql/db:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store. + networks: + - seafile-net + + memcached: + image: memcached:1.5.6 + container_name: seafile-memcached + entrypoint: memcached -m 256 + networks: + - seafile-net + + seafile: + image: seafileltd/seafile-mc:latest + container_name: seafile + ports: + - "80:80" +# - "443:443" # If https is enabled, cancel the comment. + volumes: + - /opt/seafile-data:/shared # Requested, specifies the path to Seafile data persistent store. + environment: + - DB_HOST=db + - DB_ROOT_PASSWD=db_dev # Requested, the value shuold be root's password of MySQL service. + - TIME_ZONE=Etc/UTC # Optional, default is UTC. Should be uncomment and set to your local time zone. + - SEAFILE_ADMIN_EMAIL=me@example.com # Specifies Seafile admin user, default is 'me@example.com'. + - SEAFILE_ADMIN_PASSWORD=asecret # Specifies Seafile admin password, default is 'asecret'. + - SEAFILE_SERVER_LETSENCRYPT=false # Whether to use https or not. + - SEAFILE_SERVER_HOSTNAME=docs.seafile.com # Specifies your host name if https is enabled. + depends_on: + - db + - memcached + networks: + - seafile-net + +networks: + seafile-net: \ No newline at end of file diff --git a/manual/docker/pro-edition/6.3 upgrade to 7.0.md b/manual/docker/pro-edition/6.3 upgrade to 7.0.md new file mode 100644 index 00000000..7ed28b8c --- /dev/null +++ b/manual/docker/pro-edition/6.3 upgrade to 7.0.md @@ -0,0 +1,174 @@ +# Upgrade Seafile Docker Professional Edition to 7.0 + +Starting with 7.0, we have adjusted seafile-docker image to use multiple containers. The old image runs MariaDB-Server、Memcached and Elasticsearch in the same container with Seafile server. Now, we strip the MariaDB-Server、Memcached and Elasticsearch from the Seafile image and run them in their respective containers. In order to be compatible with the data of the old container, you need to follow the process below to upgrade to the new version. + +To prevent accidental old-fashioned upgrades, the new docker image has a new name called seafile-pro-mc (Seafile-Pro Multiple Container). The new image is configured and run using docker-compose. + +## Check the current container data + +* Suppose the current Seafile container's volumes directory is:`/opt/seafile-data` + +So the data structure of the Seafile container should look like this: + +``` +/opt/seafile-data +├── db <-----------> the data directory of MySQL +├── logs +│   ├── seafile <-----------> the logs directory of Seafile +│   └── var-log +└── seafile + ├── ccnet + ├── conf <-----------> the configuration directoy of Seafile + ├── pro-data + | └── search/data/elasticsearch <-----------> the data directory of Elasticsearch + ├── seafile-data + └── seahub-data + +``` + +## Modify MariaDB permissions + +In the old container, the MariaDB user is only allowed to access through the '127.0.0.1' address. This permission is not enough in the new container, so you must first modify the permissions of MariaDB. + +### Allow root remote access + +The **root **needs to be allowed to access the MySQL remotely by specifying a password. E.g: + +* Suppose the current Seafile container name is:`seafile` +* Specify the access password of the root as:`db_dev` + +Refer to the following command to allow root to remotely access MariaDB: + +```bash +sudo docker exec -it seafile /usr/bin/mysql -e "grant all on *.* to 'root'@'%.%.%.%' identified by 'db_dev';" + +``` + +### Allow seafile remote access + +Similarly, you need to allow **seafile** to access the MariaDB remotely with the specified password. E.g: + +* Suppose the current Seafile container name is:`seafile` +* The seafile password needs to look at the `PASSWD` value in the current container's `ccnet.conf` configuration, assuming:`467fa02f-bf9a-4afb-9300-c4683073162a` + +```bash +for database in {ccnet_db,seafile_db,seahub_db}; do sudo docker exec -it seafile /usr/bin/mysql -e "grant all on ${database}.* to 'seafile'@'%.%.%.%' identified by '467fa02f-bf9a-4afb-9300-c4683073162a';"; done + +``` + +## Modify the configuration file of Seafile + +You also need to modify the MariaDB service address、Memcached service address and Elasticsearch service address in the configuration file of Seafile. + +* Suppose the current Seafile container name is:`seafile` + +### Stop the current Seafile container + +First you need to stop the old container that is currently running. + +```bash +sudo docker stop seafile + +``` + +### Backup configuration file + +Back up the original configuration file of Seafile. + +```bash +cd /opt/seafile-data/seafile +sudo tar -cf conf.bak.tar conf +cd conf + +``` + +### Modify the configuration file of Seafile + +* ccnet.conf:Change the `HOST` value to `db` in the `[Database]` configuration section ; +* seafile.conf:Change the `host` value to `db` in the `[database]` configuration section ; +* seahub_settings.py:Change the `'HOST'` value to `'db'` in the `DATABASES` dict,and change the `'LOCATION'` value to `'memcached:11211'` in the `CACHES` dict ; +* seafevents.conf:Change the `'host'` value to `'db'` in the `[DATABASE]` configuration section, and add the following configuration in the `[INDEX FILES]` section: + + +``` +external_es_server = true +es_host = elasticsearch +es_port = 9200 + +``` + +## Migrate MariaDB data + +### Backup the data of MariaDB + +``` +cd /opt/seafile-data/ +sudo tar -cf db.bak.tar db + +``` + +### Migrate the data's directory of MariaDB + +Migrate the `db` directory out of the volume directory of the old container, so that the new MariaDB container can be used to mount the original data. If the directory is migrated to the `/opt/seafile-mysql` directory: + +```bash +sudo mkdir -p /opt/seafile-mysql +sudo mv db /opt/seafile-mysql + +``` + +## Migrate the data's directory of Elasticsearch + +Copy the data directory of Elasticsearch generated in the old container to a new directory and mount it when the new container runs. If you migrate the directory to `/opt/seafile-elasticsearch/data`: + +``` +cd /opt/seafile-data/ +sudo tar -cf elasticsearch-data.tar seafile/pro-data/search/data/elasticsearch +sudo mkdir -p /opt/seafile-elasticsearch/ +sudo mv seafile/pro-data/search/data/elasticsearch /opt/seafile-elasticsearch/data + +``` + +## Download the Seafile images + +Login the Seafile private registry and pull the Seafile image: + +``` +docker login {host} +docker pull {host}/seafileltd/seafile-pro-mc:latest + +``` + +You can find the private registry information on the [customer center download page](https://customer.seafile.com/downloads/). + +## Modify the docker-compose.yml + +Professional Edition:[Download](https://download.seafile.com/d/320e8adf90fa43ad8fee/files/?p=/docker/pro-edition/docker-compose.yml) `docker-compose.yml` sample file to the host. + +According to the actual situation, modify the `docker-compose.yml`, mainly the following: + +* The password of MySQL root ( **MYSQL_ROOT_PASSWORD** and **DB_ROOT_PASSWD** ), should be set to the root password above,such as:`db_dev`; +* The volume directory of MySQL data ( **volumes** ), should be set to the directory after the migration above, such as:`/opt/seafile-mysql/db:/var/lib/mysql`; +* The volume directory of Elasticsearch data ( **volumes** ),should be set to the directory after the migration above, such as:`/opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data` ; +* The volume directory of Seafile data ( **volumes** ),should be set to the directory of the old container's volume, such as:`/opt/seafile-data:/shared` . + +## Run new container + +### Delete the old container + +``` +sudo docker rm seafile + +``` + +### Run the new container + +Go to the directory where has the `docker-compose.yml` file and run the following command to start the new container: + +``` +sudo docker-compose up +# You may need to install the docker-compose beforehand, plus the -d to run the command in the background. + +``` + +Tip: In addition to setting the correct `TIME_ZONE` in the `docker-compose.yml` , you also need to set `TIME_ZONE = 'your-timezone'` in the `seahub_settings.py`. diff --git a/manual/docker/pro-edition/Deploy Seafile-pro with Docker.md b/manual/docker/pro-edition/Deploy Seafile-pro with Docker.md new file mode 100644 index 00000000..598384dd --- /dev/null +++ b/manual/docker/pro-edition/Deploy Seafile-pro with Docker.md @@ -0,0 +1,285 @@ +# Deploy Seafile-pro with Docker + +## Getting started + +### Install docker-compose + +Seafile v7.x.x image uses docker-compose. You should first install the docker-compose command. + +```bash +# for CentOS +yum install docker-compose -y + +# for Ubuntu +apt-get install docker-compose -y + +``` + +### Download the Seafile images + +Login the Seafile private registry and pull the Seafile image: + +``` +docker login {host} +docker pull {host}/seafileltd/seafile-pro-mc:latest + +``` + +You can find the private registry information on the [customer center download page](https://customer.seafile.com/downloads/). + +### Download and modify docker-compose.yml + +Download [docker-compose.yml](https://download.seafile.com/d/320e8adf90fa43ad8fee/files/?p=/docker/pro-edition/docker-compose.yml) sample file to your host. Then modify the file according to your environtment. The following fields are needed to be modified: + +* The password of MySQL root (MYSQL_ROOT_PASSWORD and DB_ROOT_PASSWD) +* The volume directory of MySQL data (volumes) +* The volume directory of Seafile data (volumes) +* The volume directory of Elasticsearch data (volumes). + +### Start Seafile server + +Start Seafile server with the following command: + +```bash +docker-compose up -d + +``` + +Wait for a few minutes for the first time initialization, then visit `http://seafile.example.com` to open Seafile Web UI. + +**NOTE: You should run the above command in a directory with the **`docker-compose.yml`**.** + +### Put your licence file(seafile-license.txt) + +If you have a `seafile-license.txt` licence file, simply put it in the volume directory of Seafile data. If the directory is `/opt/seafile-data` So, in your host machine: + +``` +cp /path/to/seafile-license.txt /opt/seafile-data/seafile/ + +``` + +Then restart the container: + +``` +docker-compose restart + +``` + +## More configuration Options + +### Custom admin username and password + +The default admin account is `me@example.com` and the password is `asecret`. You can use a different password by setting the container's environment variables in the `docker-compose.yml`: +e.g. + +``` +seafile: + ... + + environment: + ... + - SEAFILE_ADMIN_EMAIL=me@example.com + - SEAFILE_ADMIN_PASSWORD=a_very_secret_password + ... + +``` + +### Let's encrypt SSL certificate + +If you set `SEAFILE_SERVER_LETSENCRYPT` to `true`, the container would request a letsencrypt-signed SSL certificate for you automatically. + +e.g. + +``` +seafile: + ... + ports: + - "80:80" + - "443:443" + ... + environment: + ... + - SEAFILE_SERVER_LETSENCRYPT=true + - SEAFILE_SERVER_HOSTNAME=seafile.example.com + ... + +``` + +If you want to use your own SSL certificate and the volume directory of Seafile data is `/opt/seafile-data`: + +* Create a folder `/opt/seafile-data/ssl`, and put your certificate and private key under the ssl directory. +* Assume your site name is `example.seafile.com`,modify the Nginx configuration file (`/opt/seafile-data/nginx/conf/seafile.nginx.conf`) as follows: + + ``` + server { + listen 80; + server_name example.seafile.com default_server; + + location / { + rewrite ^ https://$host$request_uri? permanent; + } + } + server { + listen 443; + ssl on; + ssl_certificate /shared/ssl/your-ssl-crt.crt; + ssl_certificate_key /shared/ssl/your-ssl-key.key; + ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; + + server_name example.seafile.com; + ... + + ``` + +* Reload the Nginx configuration file : `docker exec -it seafile /usr/sbin/nginx -s reload` + +### Modify Seafile server configurations + +The config files are under `shared/seafile/conf`. You can modify the configurations according to [Seafile manual](https://manual.seafile.com/) + +After modification, you need to restart the container: + +```bash +docker-compose restart + +``` + +### Find logs + +The Seafile logs are under `shared/seafile/logs` in the docker, or `/opt/seafile-data/seafile/logs` in the server that run the docker. + +The system logs are under `shared/logs/var-log`, or `/opt/seafile-data/logs/var-log` in the server that run the docker. + +### Add a new admin + +Ensure the container is running, then enter this command: + +```bash +docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh + +``` + +Enter the username and password according to the prompts. You now have a new admin account. + +## Seafile directory structure + +### `/shared` + +Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various logfiles and upload directory outside. This allows you to rebuild containers easily without losing important information. + +* /shared/seafile: This is the directory for seafile server configuration 、logs and data. + * /shared/seafile/logs: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in `shared/seafile/logs/seafile.log`. +* /shared/logs: This is the directory for logs. + * /shared/logs/var-log: This is the directory that would be mounted as `/var/log` inside the container. For example, you can find the nginx logs in `shared/logs/var-log/nginx/`. +* /shared/ssl: This is directory for certificate, which does not exist by default. +* /shared/bootstrap.conf: This file does not exist by default. You can create it by your self, and write the configuration of files similar to the `samples` folder. + +## Upgrading Seafile server + +To upgrade to latest version of seafile server: + +```sh +docker pull {host}/seafileltd/seafile-pro-mc:latest +docker-compose down +docker-compose up -d + +``` + +## Backup and recovery + +### Struct + +We assume your seafile volumns path is in `/opt/seafile-data`. And you want to backup to `/opt/seafile-backup` directory. +You can create a layout similar to the following in /opt/seafile-backup directory: + +```struct +/opt/seafile-backup +---- databases/ MySQL contains database backup files +---- data/ Seafile contains backups of the data directory + +``` + +The data files to be backed up: + +```struct +/opt/seafile-data/seafile/conf # configuration files +/opt/seafile-data/seafile/seafile-data # data of seafile +/opt/seafile-data/seafile/seahub-data # data of seahub + +``` + +### Backup + +Steps: + +1. Backup the databases; +2. Backup the seafile data directory; + +Backup Order: Database First or Data Directory First + +* backing up Database: + + ``` + # It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week. + cd /opt/seafile-backup/databases + docker exec -it seafile-mysql mysqldump -uroot --opt ccnet_db > ccnet_db.sql + docker exec -it seafile-mysql mysqldump -uroot --opt seafile_db > seafile_db.sql + docker exec -it seafile-mysql mysqldump -uroot --opt seahub_db > seahub_db.sql + + ``` + +* Backing up Seafile library data: + * To directly copy the whole data directory + + ``` + cp -R /opt/seafile-data/seafile /opt/seafile-backup/data/ + cd /opt/seafile-backup/data && rm -rf ccnet + + ``` + + * Use rsync to do incremental backup + + ```bash + rsync -az /opt/seafile-data/seafile /opt/seafile-backup/data/ + cd /opt/seafile-backup/data && rm -rf ccnet + + ``` + +### Recovery + +* Restore the databases: + + ``` + docker cp /opt/seafile-backup/databases/ccnet_db.sql seafile-mysql:/tmp/ccnet_db.sql + docker cp /opt/seafile-backup/databases/seafile_db.sql seafile-mysql:/tmp/seafile_db.sql + docker cp /opt/seafile-backup/databases/seahub_db.sql seafile-mysql:/tmp/seahub_db.sql + + docker exec -it seafile-mysql /bin/sh -c "mysql -uroot ccnet_db < /tmp/ccnet_db.sql" + docker exec -it seafile-mysql /bin/sh -c "mysql -uroot seafile_db < /tmp/seafile_db.sql" + docker exec -it seafile-mysql /bin/sh -c "mysql -uroot seahub_db < /tmp/seahub_db.sql" + + ``` + +* Restore the seafile data: + + ``` + cp -R /opt/seafile-backup/data/* /opt/seafile-data/seafile/ + + ``` + +## Garbage collection + +When files are deleted, the blocks comprising those files are not immediately removed as there may be other files that reference those blocks (due to the magic of deduplication). To remove them, Seafile requires a ['garbage collection'](https://manual.seafile.com/maintain/seafile_gc.html) process to be run, which detects which blocks no longer used and purges them. (NOTE: for technical reasons, the GC process does not guarantee that _every single_ orphan block will be deleted.) + +The required scripts can be found in the `/scripts` folder of the docker container. To perform garbage collection, simply run `docker exec seafile /scripts/gc.sh`. For the community edition, this process will stop the seafile server, but it is a relatively quick process and the seafile server will start automatically once the process has finished. The Professional supports an online garbage collection. + +## Troubleshooting + +You can run docker commands like "docker exec" to find errors. + +```sh +docker exec -it seafile /bin/bash + +``` + + diff --git a/manual/docker/pro-edition/Migrate CE to Pro with Docker.md b/manual/docker/pro-edition/Migrate CE to Pro with Docker.md new file mode 100644 index 00000000..4a806bcc --- /dev/null +++ b/manual/docker/pro-edition/Migrate CE to Pro with Docker.md @@ -0,0 +1,53 @@ +# Migrate CE to Pro with Docker + +## Preparation + +1. Make sure you are running the Seafile Community version 7.0.x, if not please refer to [Upgrade Documentation](https://download.seafile.com/published/seafile-manual/docker/6.3%20upgrade%20to%207.0.md)。 +2. Purchase Seafile Professional license file. +3. Download the [docker-compose.yml](https://download.seafile.com/d/320e8adf90fa43ad8fee/files/?p=/docker/pro-edition/docker-compose.yml) of Seafile Pro. + +## Migrate + +### Stop the Seafile CE + +```sh +docker-compose down + +``` + +**To ensure data security, it is recommended that you back up your MySQL data.** + +### Put your licence file + +Copy the `seafile-license.txt` to the volume directory of the Seafile CE's data. If the directory is `/opt/seafile-data`, so you should put it in the `/opt/seafile-data/seafile/`. + +### Modify the new docker-compose.yml + +Replace the old `docker-compose.yml` file with the new `docker-compose.yml` file and modify its configuration based on your actual situation: + +* The password of MySQL root (MYSQL_ROOT_PASSWORD and DB_ROOT_PASSWD) should be consistent with the old one; +* The volume directory of MySQL data (volumes) should be consistent with the old one; +* The volume directory of Seafile data (volumes) should be consistent with the old one; +* The volume directory of Elasticsearch data (volumes), this is the directory used to store the Elasticsearch's index data, E.g:`/opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data`; + +### Do the migration + +The Seafile Pro container needs to be running during the migration process, which means that end users may access the Seafile service during this process. In order to avoid the data confusion caused by this, it is recommended that you take the necessary measures to temporarily prohibit users from accessing the Seafile service. For example, modify the firewall policy. + +Run the following command to run the Seafile-Pro container: + +```sh +docker-compose up + +``` + +Then run the migration script by executing the following command: + +```sh +docker exec -it seafile /opt/seafile/seafile-server-latest/pro/pro.py setup --migrate + +``` + +**After the migration script runs successfully, restart the Seafile Pro container.** + +Now you have a Seafile Professional service. diff --git a/manual/docker/pro-edition/docker-compose.yml b/manual/docker/pro-edition/docker-compose.yml new file mode 100644 index 00000000..7f3a8ddb --- /dev/null +++ b/manual/docker/pro-edition/docker-compose.yml @@ -0,0 +1,62 @@ +version: '2.0' +services: + db: + image: mariadb:10.1 + container_name: seafile-mysql + environment: + - MYSQL_ROOT_PASSWORD=db_dev # Requested, set the root's password of MySQL service. + - MYSQL_LOG_CONSOLE=true + volumes: + - /opt/seafile-mysql/db:/var/lib/mysql # Requested, specifies the path to MySQL data persistent store. + networks: + - seafile-net + + memcached: + image: memcached:1.5.6 + container_name: seafile-memcached + entrypoint: memcached -m 256 + networks: + - seafile-net + + elasticsearch: + image: seafileltd/elasticsearch-with-ik:5.6.16 + container_name: seafile-elasticsearch + environment: + - discovery.type=single-node + - bootstrap.memory_lock=true + - "ES_JAVA_OPTS=-Xms1g -Xmx1g" + ulimits: + memlock: + soft: -1 + hard: -1 + mem_limit: 2g + volumes: + - /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data # Requested, specifies the path to Elasticsearch data persistent store. + networks: + - seafile-net + + seafile: + image: docker.seadrive.org/seafileltd/seafile-pro-mc:latest + container_name: seafile + ports: + - "80:80" +# - "443:443" # If https is enabled, cancel the comment. + volumes: + - /opt/seafile-data:/shared # Requested, specifies the path to Seafile data persistent store. + environment: + - DB_HOST=db + - DB_ROOT_PASSWD=db_dev # Requested, the value shuold be root's password of MySQL service. +# - TIME_ZONE=Asia/Shanghai # Optional, default is UTC. Should be uncomment and set to your local time zone. + - SEAFILE_ADMIN_EMAIL=me@example.com # Specifies Seafile admin user, default is 'me@example.com' + - SEAFILE_ADMIN_PASSWORD=asecret # Specifies Seafile admin password, default is 'asecret' + - SEAFILE_SERVER_LETSENCRYPT=false # Whether to use https or not + - SEAFILE_SERVER_HOSTNAME=example.seafile.com # Specifies your host name if https is enabled + depends_on: + - db + - memcached + - elasticsearch + networks: + - seafile-net + +networks: + seafile-net: diff --git a/manual/docker/upgrade/7.0_7.1.md b/manual/docker/upgrade/7.0_7.1.md new file mode 100644 index 00000000..c880eeeb --- /dev/null +++ b/manual/docker/upgrade/7.0_7.1.md @@ -0,0 +1,3 @@ +# Upgrade from 7.0 to 7.1 + +Just download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version, then start with docker-compose up. diff --git a/manual/extension/README.md b/manual/extension/README.md new file mode 100644 index 00000000..f70c7265 --- /dev/null +++ b/manual/extension/README.md @@ -0,0 +1,3 @@ +# WebDAV and FUSE extensions + +Seafile WebDAV and FUSE extensions make it easy for Seafile to work with third party applications. For example, you can use Documents App in iOS to access files in Seafile via WebDAV interface. diff --git a/manual/extension/fuse.md b/manual/extension/fuse.md new file mode 100644 index 00000000..efe84089 --- /dev/null +++ b/manual/extension/fuse.md @@ -0,0 +1,104 @@ +# FUSE extension + +Files in the seafile system are split to blocks, which means what are stored on your seafile server are not complete files, but blocks. This design faciliates effective data deduplication. + +However, administrators sometimes want to access the files directly on the server. You can use seaf-fuse to do this. + +`Seaf-fuse` is an implementation of the [FUSE](http://fuse.sourceforge.net) virtual filesystem. In a word, it mounts all the seafile files to a folder (which is called the '''mount point'''), so that you can access all the files managed by seafile server, just as you access a normal folder on your server. + +Note: + +* Encrypted folders can't be accessed by seaf-fuse. +* Currently the implementation is '''read-only''', which means you can't modify the files through the mounted folder. +* One debian/centos systems, you need to be in the "fuse" group to have the permission to mount a FUSE folder. + +### How to start seaf-fuse + +Assume we want to mount to `/data/seafile-fuse`. + +##### Create the folder as the mount point + +``` +mkdir -p /data/seafile-fuse +``` + +##### Start seaf-fuse with the script + +Note: Before start seaf-fuse, you should have started seafile server with `./seafile.sh start`. + +``` +./seaf-fuse.sh start /data/seafile-fuse +``` + +Since Community server version 4.2.1 and Pro server 4.2.0, the script supports standard mount options for FUSE. For example, you can specify ownership for the mounted folder: + +``` +./seaf-fuse.sh start -o uid= /data/seafile-fuse +``` + +You can find the complete list of supported options in `man fuse`. + +##### Special notes for used with Ceph + +If you use Ceph (via librados) as storage backend, you need to add the `-f` option to seaf-fuse.sh, to ask the fuse program not to daemonize. Otherwise the fuse program will have strange "frozen" behaviors when accessing files. + +``` +./seaf-fuse.sh start -f /data/seafile-fuse +``` + +##### Stop seaf-fuse + +``` +./seaf-fuse.sh stop +``` + +### Contents of the mounted folder + +##### The top level folder + +Now you can list the content of `/data/seafile-fuse`. + +``` +$ ls -lhp /data/seafile-fuse + +drwxr-xr-x 2 root root 4.0K Jan 1 2015 abc@abc.com/ +drwxr-xr-x 2 root root 4.0K Jan 4 2015 foo@foo.com/ +drwxr-xr-x 2 root root 4.0K Jan 1 2015 plus@plus.com/ +drwxr-xr-x 2 root root 4.0K Jan 1 2015 sharp@sharp.com/ +drwxr-xr-x 2 root root 4.0K Jan 3 2015 test@test.com/ +``` + +* The top level folder contains many subfolders, each of which corresponds to a user + +##### The folder for each user + +``` +$ ls -lhp /data/seafile-fuse/abc@abc.com + +drwxr-xr-x 2 root root 924 Jan 1 1970 5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/ +drwxr-xr-x 2 root root 1.6K Jan 1 1970 a09ab9fc-7bd0-49f1-929d-6abeb8491397_My Notes/ +``` + +From the above list you can see, under the folder of a user there are subfolders, each of which represents a library of that user, and has a name of this format: '''{library_id}-{library-name}'''. + +##### The folder for a library + +``` +$ ls -lhp /data/seafile-fuse/abc@abc.com/5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/ + +-rw-r--r-- 1 root root 501K Jan 1 2015 image.png +-rw-r--r-- 1 root root 501K Jan 1 2015 sample.jpng +``` + +##### If you get a "Permission denied" error + +If you get an error message saying "Permission denied" when running `./seaf-fuse.sh start`, most likely you are not in the "fuse group". You should: + +* Add yourself to the fuse group +``` +sudo usermod -a -G fuse +``` + +* Logout your shell and login again +* Now try `./seaf-fuse.sh start `again. + diff --git a/manual/extension/webdav.md b/manual/extension/webdav.md new file mode 100644 index 00000000..b482aff5 --- /dev/null +++ b/manual/extension/webdav.md @@ -0,0 +1,378 @@ +# WebDAV extension + +Seafile WebDAV Server(SeafDAV) is added in seafile server 2.1.0. + +In the wiki below, we assume your seafile installation folder is `/data/haiwen`. + +## SeafDAV Configuration for 7.1+ + +The configuration file is `/data/haiwen/conf/seafdav.conf`. If it is not created already, you can just create the file. + +``` +[WEBDAV] + +# Default is false. Change it to true to enable SeafDAV server. +enabled = true + +port = 8080 + +# If you deploy seafdav behind nginx/apache, you need to modify "share_name". +share_name = / + +``` + +Every time the configuration is modified, you need to restart seafile server to make it take effect. + +``` +./seafile.sh restart + +``` + +Your WebDAV client would visit the Seafile WebDAV server at `http://example.com:8080` + +**After Seafile 7.1.x, Seafdav does not support Fastcgi, only Wsgi**. So if you want to configure seafdav behind a proxy server, you have to use proxy configuration instead of fastcgi. + +In Pro edition 7.1.8 version and community edition 7.1.5, an option is added to append library ID to the library name returned by SeafDAV. + +``` +show_repo_id=true + +``` + +### Proxy with Nginx + +For Seafdav, the configuration of Nginx is as follows: + +``` +..... + location /seafdav { + proxy_pass http://127.0.0.1:8080/seafdav; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 1200s; + client_max_body_size 0; + + access_log /var/log/nginx/seafdav.access.log seafileformat; + error_log /var/log/nginx/seafdav.error.log; + } + +``` + +### Proxy with Apache + +For Seafdav, the configuration of Apache is as follows: + +``` +...... + + ProxyPass "http://127.0.0.1:8080/seafdav" + + +``` + +### HTTPS proxy + +If you configure https in Nginx or Apache, you have to configure the reverse proxy to rewrite the `Destination` header's protocol from 'https\:' to 'http\:'. This is a limitation on the WebDAV framework SeafDAV is based on. See more details: + +* +* + +## SeafDAV Configuration for 7.0 or older versions + +The configuration file is `/data/haiwen/conf/seafdav.conf`. If it is not created already, you can just create the file. + +``` +[WEBDAV] + +# Default is false. Change it to true to enable SeafDAV server. +enabled = true + +port = 8080 + +# Change the value of fastcgi to true if fastcgi is to be used +fastcgi = false + +# If you deploy seafdav behind nginx/apache, you need to modify "share_name". +share_name = / + +``` + +Every time the configuration is modified, you need to restart seafile server to make it take effect. + +``` +./seafile.sh restart + +``` + +### Sample Configuration 1: No nginx/apache + +Your WebDAV client would visit the Seafile WebDAV server at `http://example.com:8080` + +``` +[WEBDAV] +enabled = true +port = 8080 +fastcgi = false +share_name = / + +``` + +### Sample Configuration 2: With Nginx + +Your WebDAV client would visit the Seafile WebDAV server at `http://example.com/seafdav` + +``` +[WEBDAV] +enabled = true +port = 8080 +fastcgi = true +share_name = /seafdav + +``` + +In the above config, the value of '''share_name''' is changed to '''/seafdav''', which is the address suffix you assign to seafdav server. + +#### Nginx without HTTPS + +The corresponding Nginx configuration is (without https): + +``` + location /seafdav { + fastcgi_pass 127.0.0.1:8080; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_script_name; + + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + + client_max_body_size 0; + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + proxy_send_timeout 36000s; + send_timeout 36000s; + + # This option is only available for Nginx >= 1.8.0. See more details below. + proxy_request_buffering off; + + access_log /var/log/nginx/seafdav.access.log; + error_log /var/log/nginx/seafdav.error.log; + } + +``` + +#### Nginx with HTTPS + +Nginx conf with https\: + +``` + location /seafdav { + fastcgi_pass 127.0.0.1:8080; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + fastcgi_param PATH_INFO $fastcgi_script_name; + + fastcgi_param SERVER_PROTOCOL $server_protocol; + fastcgi_param QUERY_STRING $query_string; + fastcgi_param REQUEST_METHOD $request_method; + fastcgi_param CONTENT_TYPE $content_type; + fastcgi_param CONTENT_LENGTH $content_length; + fastcgi_param SERVER_ADDR $server_addr; + fastcgi_param SERVER_PORT $server_port; + fastcgi_param SERVER_NAME $server_name; + fastcgi_param HTTPS on; + fastcgi_param HTTP_SCHEME https; + + client_max_body_size 0; + proxy_connect_timeout 36000s; + proxy_read_timeout 36000s; + proxy_send_timeout 36000s; + send_timeout 36000s; + + # This option is only available for Nginx >= 1.8.0. See more details below. + proxy_request_buffering off; + + access_log /var/log/nginx/seafdav.access.log; + error_log /var/log/nginx/seafdav.error.log; + } + +``` + +By default Nginx will buffer large request body in temp file. After the body is completely received, Nginx will send the body to the upstream server (seafdav in our case). But it seems when file size is very large, the buffering mechanism dosen't work well. It may stop proxying the body in the middle. So if you want to support file upload larger for 4GB, we suggest you install Nginx version >= 1.8.0 and add `proxy_request_buffering off` to Nginx configuration. + +### Sample Configuration 3: With Apache + +The following configuratioin assumes you use Apache 2.4 or later. + +Your WebDAV client would visit the Seafile WebDAV server at `http://example.com/seafdav` + +``` +[WEBDAV] +enabled = true +port = 8080 +fastcgi = false +share_name = /seafdav + +``` + +In the above config, the value of '''share_name''' is changed to '''/seafdav''', which is the address suffix you assign to seafdav server. **Note that we do not use fastcgi for Apache.** + +Modify Apache config file (site-enabled/000-default): + +#### Apache without HTTPS + +Based on your apache configuration when you [deploy Seafile with Apache](../deploy/deploy_with_apache.md), add seafdav related config: + +``` + + + ServerName www.myseafile.com + # Use "DocumentRoot /var/www/html" for Centos/Fedora + # Use "DocumentRoot /var/www" for Ubuntu/Debian + DocumentRoot /var/www + Alias /media /home/user/haiwen/seafile-server-latest/seahub/media + + RewriteEngine On + + + Require all granted + + + # + # seafile fileserver + # + ProxyPass /seafhttp http://127.0.0.1:8082 + ProxyPassReverse /seafhttp http://127.0.0.1:8082 + RewriteRule ^/seafhttp - [QSA,L] + + # + # WebDAV + # We use http proxy, since SeafDAV is incompatible with FCGI proxy in Apache 2.4. + # + ProxyPass /seafdav http://127.0.0.1:8080/seafdav + ProxyPassReverse /seafdav http://127.0.0.1:8080/seafdav + + # + # seahub + # + SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + ProxyPreserveHost On + ProxyPass / fcgi://127.0.0.1:8000/ + + + +``` + +#### Apache with HTTPS + +Based on your apache configuration when you [Enable Https on Seafile web with Apache](../deploy/https_with_apache.md), add seafdav related config: + +``` + + + ServerName www.myseafile.com + DocumentRoot /var/www + + SSLEngine On + SSLCertificateFile /path/to/cacert.pem + SSLCertificateKeyFile /path/to/privkey.pem + + Alias /media /home/user/haiwen/seafile-server-latest/seahub/media + + + ProxyPass ! + Require all granted + + + RewriteEngine On + + # + # seafile fileserver + # + ProxyPass /seafhttp http://127.0.0.1:8082 + ProxyPassReverse /seafhttp http://127.0.0.1:8082 + RewriteRule ^/seafhttp - [QSA,L] + + # + # WebDAV + # We use http proxy, since SeafDAV is incompatible with FCGI proxy in Apache 2.4. + # + ProxyPass /seafdav http://127.0.0.1:8080/seafdav + ProxyPassReverse /seafdav http://127.0.0.1:8080/seafdav + + # + # seahub + # + SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape + SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 + ProxyPass / fcgi://127.0.0.1:8000/ + + + +``` + +## Notes on Clients + +Please first note that, there are some known performance limitation when you map a Seafile webdav server as a local file system (or network drive). + +* Uploading large number of files at once is usually much slower than the syncing client. That's because each file needs to be committed separately. +* The access to the webdav server may be slow sometimes. That's because the local file system driver sends a lot of unnecessary requests to get the files' attributes. + +So WebDAV is more suitable for infrequent file access. If you want better performance, please use the sync client instead. + +### Windows + +The client recommendation for WebDAV depends on your Windows version: + +* For Windows XP: Only non-encryped HTTP connection is supported by the Windows Explorer. So for security, the only viable option is to use third-party clients, such as Cyberduck or Bitkinex. +* For Vista and later versions: Windows Explorer supports HTTPS connection. But it requires a valid certificate on the server. It's generally recommended to use Windows Explorer to map a webdav server as network dirve. If you use a self-signed certificate, you have to add the certificate's CA into Windows' system CA store. + +### Linux + +On Linux you have more choices. You can use file manager such as Nautilus to connect to webdav server. Or you can use davfs2 from the command line. + +To use davfs2 + +``` +sudo apt-get install davfs2 +sudo mount -t davfs -o uid= https://example.com/seafdav /media/seafdav/ + +``` + +The -o option sets the owner of the mounted directory to so that it's writable for non-root users. + +It's recommended to disable LOCK operation for davfs2. You have to edit /etc/davfs2/davfs2.conf + +``` + use_locks 0 + +``` + +### Mac OS X + +Finder's support for WebDAV is also not very stable and slow. So it is recommended to use a webdav client software such as Cyberduck. + +## Frequently Asked Questions + +### Clients can't connect to seafdav server + +By default, seafdav is disabled. Check whether you have `enabled = true` in `seafdav.conf`. +If not, modify it and restart seafile server. + +### The client gets "Error: 404 Not Found" + +If you deploy SeafDAV behind Nginx/Apache, make sure to change the value of `share_name` as the sample configuration above. Restart your seafile server and try again. + +### Windows Explorer reports "file size exceeds the limit allowed and cannot be saved" + +This happens when you map webdav as a network drive, and tries to copy a file larger than about 50MB from the network drive to a local folder. + +This is because Windows Explorer has a limit of the file size downloaded from webdav server. To make this size large, change the registry entry on the client machine. There is a registry key named `FileSizeLimitInBytes` under `HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> WebClient -> Parameters`. diff --git a/manual/faq.md b/manual/faq.md new file mode 100644 index 00000000..2da2789c --- /dev/null +++ b/manual/faq.md @@ -0,0 +1,204 @@ +# FAQ + +## Setup + +### Failed to upload/download file online + +* Make sure your firewall for Seafile fileserver is opened. +* Make sure `SERVICE_URL` in ccnet.conf and `FILE_SERVER_ROOT` in seahub_settings.py are set correctly. Furthermore check that you haven't overwritten them using the settings in the Seahub Admin section. +* Use Chrome/Firefox debug mode to find out which address is being used when clicking download button and whether it is correct. + +### Seahub/Seafile started correctly, but when visiting the web interface, it shows "Internal Server Error" + +It is mostly likely some required Python packages of Seahub is not installed correctly. + +You can check the detailed error messages in `/var/log/nginx/seahub.error.log` if you use Nginx. + +### Website displays "Page unavailable", what can I do? + +* You can check the back trace in Seahub log files (`installation folder/logs/seahub.log`) +* You can also turn on debug mode by adding `DEBUG = True` to `seahub_settings.py` and restarting Seahub with `./seahub.sh restart`, then refresh the page, all the debug infomations will be displayed. + +### Failed to send email, what can I do? + +Please check logs/seahub.log. + +There are some common mistakes: + +1. Check whether there are typos in the config (`seahub_settings.py`, e.g. you could have forgotten to add a single quote `EMAIL_HOST_USER = XXX`, which should be `EMAIL_HOST_USER = 'XXX'` or you could have a space at the end of a config line. +2. Your mail server is not available. + +## AD (LDAP) + +### Can't connect to LDAP server with ldaps + +#### Description + +Seafile server can't communication with my LDAP server. The ccnet.log shows: + +``` +[08/05/16 09:47:17] ../common/session.c(398): Accepted a local client +[08/05/16 09:47:17] user-mgr.c(335): ldap_initialize failed: Bad parameter to an ldap routine. +[08/05/16 09:47:17] user-mgr.c(773): Ldap init and bind failed using ‘cn=XXX,dc=XXX,dc=XXX': ‘XXXXXXX' on server 'ldaps://10.XX.XX.XX/'. + +``` + +#### Answer + +If you are using pro edition, you can check the LDAP configuration by running a script as described in [useing ldap pro](deploy_pro/using_ldap_pro.md) (search Testing your LDAP Configuration). + +If the script can correctly talk to ldap server, it is most likely caused by incompatible of bundled LDAP libraries. You can follow [useing ldap pro](deploy/using_ldap.md) (the end of document) to remove the bundled LDAP libraries. + +### How to restrict Seafile access to certain accounts in AD + +You can use FILTER field in LDAP configuration in `ccnet.conf`. For example, the following filter restricts the access to Seafile to members of a group. + +``` +FILTER = memberOf=cn=group,cn=users,DC=x + +``` + +AD also supports subgroups. The following filter restricts the access to Seafile to membersand subgroups of a group. + +``` +FILTER = memberOf:1.2.840.113556.1.4.1941:=cn=group,cn=users,DC=x + +``` + +For more information on the Filter syntax, see + +## Upgrade + +### After upgrading Web UI is broken because CSS files can't be loaded + +Please remove the cache and try again, `rm -rf /tmp/seahub_cache/*`. If you configured memecached, restart memcached, then restart Seahub. + +If the problem is not fixed, check whether seafile-server-latest point to the correct folder. Then check whether `seafile-server-latest/seahub/media/CACHE` is correctly being generated (it should contain the auto-generated CSS file(s)). + +### Avatar pictures vanished after upgrading the server, what can I do? + +* You need to check whether the "avatars" symbolic link under seahub/media/ is linking to ../../../seahub-data/avatars. If not, you need to correct the link according to the "minor upgrade" section in [Upgrading-Seafile-Server](deploy/upgrade.md). +* If your avatars link is correct, and avatars are still broken, you may need to refresh Seahub cache using `rm -rf /tmp/seahub_cache/*` or by restarting memcached if being used. + +## Server can't start + +### Seafile/Seahub can't start after upgrade or any other reasons + +Please check whether the old version of Seahub is still running. + +Please check whether you use the right user to run or upgrade Seafile. Pay special attention to the following files: + +* `seafile-directory/seafile-server-6.0.3/runtime/error.log` +* `seafile-directory/seafile-server-6.0.3/runtime/access.log` +* `seafile-directory/logs/*` + +You can run the following command to change fix the permission for the whole directory: + +``` +chown -R userx:groupx seafiledirectory + +``` + +You can also try remove the cache directory of Seahub + +``` +rm -rf /tmp/seahub_cache + +``` + +Please also check the permission of `seahub.pid` and `seahub.log`. If Seahub can't write to these files, it will fail to start. + +## SeafEvents + +### Seafevents can't be started + +#### Description + +Office files online preview can't work. There is no logs in seafevents.log. From `controller.log`, the seafevent process is being started again and again. + +#### Answer + +Please check the permission of `seafevent.pid` and `seafevent.log`. If seafevent can't write to these files, it will fail to start. + +Another possible reason is that you don't have all the necessary Python dependancies installed. Especially if you enable publishing events to Redis but not installed the Redis Python library. + +## GC + +### Seafile GC shows errors, FSCK can’t fix them + +GC scans the history. But FSCK only scans the current version. You can ignore the error. It is a minor issue. + +## Ceph and S3 + +### Seafile server can't started when using Ceph + +#### Description + +Seafile server can't started when using Ceph as storage backend. seafile.log is empty. controller.log shows: + +``` +[10/20/16 12:39:29] seafile-controller.c(568): pid file /opt/seafile/pids/seaf-server.pid does not exist +[10/20/16 12:39:29] seafile-controller.c(588): seaf-server need restart... +[10/20/16 12:39:29] seafile-controller.c(198): starting seaf-server ... + +``` + +#### Answer + +This is most likely caused by Ceph library incompatible. If you deploy Seafile on Ubuntu or Debian, make sure you are using the binary built for Ubuntu. + +### Virus scan and search index doesn't work with HTTPS S3 + +The `use_https = true` options in seafile.conf config are working just for regular file operations to S3, but not indexing or AV scanning. + +Create ‘/etc/boto.cfg’ and add the following: + +``` +[boto] +is_secure = True + +``` + +Then the issue can be resolved. + +### GC error when removing blocks in Ceph + +#### Description + +We just did a GC run which came up with errors when deleting blocks. This seems to happen with all blocks/libraries. Below is an example for a single library. + +``` +Starting seafserv-gc, please wait ... +[08/29/16 09:15:41] gc-core.c(768): Database is MySQL/Postgre, use online GC. +[08/29/16 09:15:41] gc-core.c(792): Using up to 10 threads to run GC. +[08/29/16 09:15:41] gc-core.c(738): GC version 1 repo Documents(135ca71c-da2b-4b07-86e3-c7a1d46b9b22) +[08/29/16 09:16:04] gc-core.c(510): GC started for repo 135ca71c. Total block number is 294. +[08/29/16 09:16:04] gc-core.c(68): GC index size is 1024 Byte for repo 135ca71c. +[08/29/16 09:16:04] gc-core.c(269): Populating index for repo 135ca71c. +[08/29/16 09:16:04] gc-core.c(334): Traversed 33 commits, 402 blocks for repo 135ca71c. +[08/29/16 09:16:04] gc-core.c(559): Scanning and deleting unused blocks for repo 135ca71c. +[08/29/16 09:16:04] ../../common/block-backend-ceph.c(463): [block bend] Failed to remove block 79fc986a: No such file +or directory. +[08/29/16 09:16:04] ../../common/block-backend-ceph.c(463): [block bend] Failed to remove block ae2678f8: No such file +or directory. +[08/29/16 09:16:04] ../../common/block-backend-ceph.c(463): [block bend] Failed to remove block 9fe1ca0b: No such file +or directory. +[08/29/16 09:16:04] ../../common/block-backend-ceph.c(463): [block bend] Failed to remove block 4cad277e: No such file +or directory. +[08/29/16 09:16:04] ../../common/block-backend-ceph.c(463): [block bend] Failed to remove block e9c94b16: No such file +or directory. +[08/29/16 09:16:04] gc-core.c(577): GC finished for repo 135ca71c. 294 blocks total, about 402 reachable blocks, 5 +blocks are removed. + +[08/29/16 09:16:04] gc-core.c(839): === GC is finished === +seafserv-gc run done + +``` + +#### Answer + +Your "issue" looks similar to the one discussed here: + + +That should be related to the behavior of cache tier in Ceph. You could try to use "rados rm" command to remove that object. If it returns the same error (no such file or directory), it should be the same issue. You should try to copy that object out before removing it, in case you still need it later. + diff --git a/manual/faq/README.md b/manual/faq/README.md new file mode 100644 index 00000000..33f22fb1 --- /dev/null +++ b/manual/faq/README.md @@ -0,0 +1,16 @@ +# FAQ + +## Clustering + +### Page layout broken because seahub/media/CACHE is created only on first node + +Please add + +``` +COMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache' + +``` + +to `seahub_settings.py` as documented at [Deploy in a Cluster](../deploy_pro/deploy_in_a_cluster.md) + +This is going to tell every node to generate the CSS CACHE in its local folder. diff --git a/manual/images/Create-seahub-admin.png b/manual/images/Create-seahub-admin.png new file mode 100644 index 00000000..4f07ff05 Binary files /dev/null and b/manual/images/Create-seahub-admin.png differ diff --git a/manual/images/Server-setup-successfully.png b/manual/images/Server-setup-successfully.png new file mode 100644 index 00000000..d5903178 Binary files /dev/null and b/manual/images/Server-setup-successfully.png differ diff --git a/manual/images/Server-setup.mysql.png b/manual/images/Server-setup.mysql.png new file mode 100644 index 00000000..f3319c8e Binary files /dev/null and b/manual/images/Server-setup.mysql.png differ diff --git a/manual/images/Server-setup.png b/manual/images/Server-setup.png new file mode 100644 index 00000000..33e6e029 Binary files /dev/null and b/manual/images/Server-setup.png differ diff --git a/manual/images/admin-audit-log.png b/manual/images/admin-audit-log.png new file mode 100644 index 00000000..3af6f668 Binary files /dev/null and b/manual/images/admin-audit-log.png differ diff --git a/manual/images/auto-upload/image-1585712360351.png b/manual/images/auto-upload/image-1585712360351.png new file mode 100644 index 00000000..1dea0f88 Binary files /dev/null and b/manual/images/auto-upload/image-1585712360351.png differ diff --git a/manual/images/auto-upload/image-1585712416075.png b/manual/images/auto-upload/image-1585712416075.png new file mode 100644 index 00000000..5c8a5376 Binary files /dev/null and b/manual/images/auto-upload/image-1585712416075.png differ diff --git a/manual/images/auto-upload/image-1585712569569.png b/manual/images/auto-upload/image-1585712569569.png new file mode 100644 index 00000000..b9c1ce37 Binary files /dev/null and b/manual/images/auto-upload/image-1585712569569.png differ diff --git a/manual/images/auto-upload/image-1585712631552.png b/manual/images/auto-upload/image-1585712631552.png new file mode 100644 index 00000000..84ea6dcb Binary files /dev/null and b/manual/images/auto-upload/image-1585712631552.png differ diff --git a/manual/images/client-arch-new.png b/manual/images/client-arch-new.png new file mode 100644 index 00000000..451b6423 Binary files /dev/null and b/manual/images/client-arch-new.png differ diff --git a/manual/images/client-arch.png b/manual/images/client-arch.png new file mode 100644 index 00000000..8c3b1e50 Binary files /dev/null and b/manual/images/client-arch.png differ diff --git a/manual/images/cluster-nodes.png b/manual/images/cluster-nodes.png new file mode 100644 index 00000000..d7623236 Binary files /dev/null and b/manual/images/cluster-nodes.png differ diff --git a/manual/images/desktop-customization.png b/manual/images/desktop-customization.png new file mode 100644 index 00000000..780ea47d Binary files /dev/null and b/manual/images/desktop-customization.png differ diff --git a/manual/images/elb-health-check.png b/manual/images/elb-health-check.png new file mode 100644 index 00000000..1c5f8615 Binary files /dev/null and b/manual/images/elb-health-check.png differ diff --git a/manual/images/elb-listeners.png b/manual/images/elb-listeners.png new file mode 100644 index 00000000..1d260125 Binary files /dev/null and b/manual/images/elb-listeners.png differ diff --git a/manual/images/libreoffice-online.png b/manual/images/libreoffice-online.png new file mode 100644 index 00000000..cb16db80 Binary files /dev/null and b/manual/images/libreoffice-online.png differ diff --git a/manual/images/mobile-arch.png b/manual/images/mobile-arch.png new file mode 100644 index 00000000..3da2c826 Binary files /dev/null and b/manual/images/mobile-arch.png differ diff --git a/manual/images/mobile-nginx-arch.png b/manual/images/mobile-nginx-arch.png new file mode 100644 index 00000000..fa3b94be Binary files /dev/null and b/manual/images/mobile-nginx-arch.png differ diff --git a/manual/images/mysql-create-new.png b/manual/images/mysql-create-new.png new file mode 100644 index 00000000..ab562360 Binary files /dev/null and b/manual/images/mysql-create-new.png differ diff --git a/manual/images/mysql-use-existing.png b/manual/images/mysql-use-existing.png new file mode 100644 index 00000000..3ea87517 Binary files /dev/null and b/manual/images/mysql-use-existing.png differ diff --git a/manual/images/office-web-app.png b/manual/images/office-web-app.png new file mode 100644 index 00000000..0c66b6b8 Binary files /dev/null and b/manual/images/office-web-app.png differ diff --git a/manual/images/seafile-admin-1.png b/manual/images/seafile-admin-1.png new file mode 100644 index 00000000..0defc0d7 Binary files /dev/null and b/manual/images/seafile-admin-1.png differ diff --git a/manual/images/seafile-admin-2.png b/manual/images/seafile-admin-2.png new file mode 100644 index 00000000..04297ac4 Binary files /dev/null and b/manual/images/seafile-admin-2.png differ diff --git a/manual/images/seafile-arch-new-http.png b/manual/images/seafile-arch-new-http.png new file mode 100644 index 00000000..39f8a9f0 Binary files /dev/null and b/manual/images/seafile-arch-new-http.png differ diff --git a/manual/images/seafile-cluster-arch.png b/manual/images/seafile-cluster-arch.png new file mode 100644 index 00000000..6775a191 Binary files /dev/null and b/manual/images/seafile-cluster-arch.png differ diff --git a/manual/images/seafile-cluster.png b/manual/images/seafile-cluster.png new file mode 100644 index 00000000..e81a9d4c Binary files /dev/null and b/manual/images/seafile-cluster.png differ diff --git a/manual/images/seafile-server-config.png b/manual/images/seafile-server-config.png new file mode 100644 index 00000000..a1956093 Binary files /dev/null and b/manual/images/seafile-server-config.png differ diff --git a/manual/images/seafile-sync-arch.png b/manual/images/seafile-sync-arch.png new file mode 100644 index 00000000..75ccd99f Binary files /dev/null and b/manual/images/seafile-sync-arch.png differ diff --git a/manual/images/server-arch.png b/manual/images/server-arch.png new file mode 100644 index 00000000..eb9d46ee Binary files /dev/null and b/manual/images/server-arch.png differ diff --git a/manual/images/system-admin-entrance.png b/manual/images/system-admin-entrance.png new file mode 100644 index 00000000..110c3ce5 Binary files /dev/null and b/manual/images/system-admin-entrance.png differ diff --git a/manual/images/system-admin.png b/manual/images/system-admin.png new file mode 100644 index 00000000..f2a82938 Binary files /dev/null and b/manual/images/system-admin.png differ diff --git a/manual/images/tools-button.png b/manual/images/tools-button.png new file mode 100644 index 00000000..df1415a5 Binary files /dev/null and b/manual/images/tools-button.png differ diff --git a/manual/images/virus-scan.png b/manual/images/virus-scan.png new file mode 100644 index 00000000..a7222193 Binary files /dev/null and b/manual/images/virus-scan.png differ diff --git a/manual/maintain/README.md b/manual/maintain/README.md new file mode 100644 index 00000000..46ee0d65 --- /dev/null +++ b/manual/maintain/README.md @@ -0,0 +1,47 @@ +# Administration + +### Enter the admin panel + +As the system admin, you can enter the admin panel by click `System Admin` in the popup of avatar if you are using 6.0.0 or above: + +![System Admin](../images/system-admin-entrance.png) + +If your Seafile version is below 6.0.0, you can enter the admin panel by click the `tools` button at the top-right, beside the avatar: + +![Admin tools](../images/tools-button.png) + +After clicking the button, you will get into the admin panel: + +![System admin panel](../images/system-admin.png) + +### Account management + +* [Account management](account.md) + +### Logs + +* [The location of log files](logs.md) + +### Backup and Recovery + +Backup and recovery: + +* [Backup and recovery](backup_recovery.md) + +Recover corrupt files after server hard shutdown or system crash: + +* [Seafile FSCK](seafile_fsck.md) + +You can run Seafile GC to remove unused files: + +* [Seafile GC](seafile_gc.md) + +### Clean database + +* [Clean database](clean_database.md) + +### Export report + +* [Export report](export_report.md) + + diff --git a/manual/maintain/account.md b/manual/maintain/account.md new file mode 100644 index 00000000..36e8ef0a --- /dev/null +++ b/manual/maintain/account.md @@ -0,0 +1,20 @@ +# Account Management + +#### User Management + +When you setup seahub website, you should have setup a admin account. After you logged in a admin, you may add/delete users and file libraries. + +#### Resetting User Password + +Administrator can reset password for a user in "System Admin" page. + +In a private server, the default settings doesn't support users to reset their password by email. If you want to enable this, you have first to [set up notification email](../config/sending_email.md). + +#### Forgot Admin Account or Password? + +You may run `reset-admin.sh` script under seafile-server directory. This script would help you reset the admin account and password. +Your data will not be deleted from the admin account, this only unlocks and changes the password for the admin account. + +#### User Quota Notice + +Under the seafile-server-latest directory, run `./seahub.sh python-env python seahub/manage.py check_user_quota` , when the user quota exceeds 90%, an email will be sent. If you want to enable this, you have first to [set up notification email](../config/sending_email.md). diff --git a/manual/maintain/backup_recovery.md b/manual/maintain/backup_recovery.md new file mode 100644 index 00000000..58addbca --- /dev/null +++ b/manual/maintain/backup_recovery.md @@ -0,0 +1,153 @@ +## Overview + +There are generally two parts of data to backup + +* Seafile library data +* Databases + +If you setup seafile server according to our manual, you should have a directory layout like: + +``` +haiwen # Replace the name with your organization name + --seafile-server-2.x.x # untar from seafile package + --seafile-data # seafile configuration and data (if you choose the default) + --seahub-data # seahub data + --ccnet # ccnet configuration and data + --seahub.db # sqlite3 database used by seahub + --seahub_settings.py # optional config file for seahub + +``` + +All your library data is stored under the 'haiwen' directory. + +Seafile also stores some important metadata data in a few databases. The names and locations of these databases depends on which database software you use. + +For SQLite, the database files are also under the 'haiwen' directory. The locations are: + +* ccnet/PeerMgr/usermgr.db: contains user information +* ccnet/GroupMgr/groupmgr.db: contains group information +* seafile-data/seafile.db: contains library metadata +* seahub.db: contains tables used by the web front end (seahub) + +For MySQL, the databases are created by the administrator, so the names can be different from one deployment to another. There are 3 databases: + +* ccnet-db: contains user and group information +* seafile-db: contains library metadata +* seahub.db: contains tables used by the web front end (seahub) + +## Backup steps + +The backup is a three step procedure: + +1. Optional: Stop Seafile server first if you're using SQLite as database. +2. Backup the databases; +3. Backup the seafile data directory; + +### Backup Order: Database First or Data Directory First + +* backup data directory first, SQL later: When you're backing up data directory, some new objects are written and they're not backed up. Those new objects may be referenced in SQL database. So when you restore, some records in the database cannot find its object. So the library is corrupted. +* backup SQL first, data directory later: Since you backup database first, all records in the database have valid objects to be referenced. So the libraries won't be corrupted. But new objects written to storage when you're backing up are not referenced by database records. So some libraries are out of date. When you restore, some new data are lost. + +The second sequence is better in the sense that it avoids library corruption. Like other backup solutions, some new data can be lost in recovery. There is always a backup window. +However, if your storage backup mechanism can finish quickly enough, using the first sequence can retain more data. + +We assume your seafile data directory is in `/data/haiwen`. And you want to backup to `/backup` directory. The `/backup` can be an NFS or Windows share mount exported by another machine, or just an external disk. You can create a layout similar to the following in `/backup` directory: + +``` +/backup +---- databases/ contains database backup files +---- data/ contains backups of the data directory + +``` + +### Backing up Databases + +It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week. + +**MySQL** + +Assume your database names are `ccnet-db`, `seafile-db` and `seahub-db`. mysqldump automatically locks the tables so you don't need to stop Seafile server when backing up MySQL databases. Since the database tables are usually very small, it won't take long to dump. + +``` +mysqldump -h [mysqlhost] -u[username] -p[password] --opt ccnet-db > /backup/databases/ccnet-db.sql.`date +"%Y-%m-%d-%H-%M-%S"` + +mysqldump -h [mysqlhost] -u[username] -p[password] --opt seafile-db > /backup/databases/seafile-db.sql.`date +"%Y-%m-%d-%H-%M-%S"` + +mysqldump -h [mysqlhost] -u[username] -p[password] --opt seahub-db > /backup/databases/seahub-db.sql.`date +"%Y-%m-%d-%H-%M-%S"` + +``` + +**SQLite** + +You need to stop Seafile server first before backing up SQLite database. + +``` +sqlite3 /data/haiwen/ccnet/GroupMgr/groupmgr.db .dump > /backup/databases/groupmgr.db.bak.`date +"%Y-%m-%d-%H-%M-%S"` + +sqlite3 /data/haiwen/ccnet/PeerMgr/usermgr.db .dump > /backup/databases/usermgr.db.bak.`date +"%Y-%m-%d-%H-%M-%S"` + +sqlite3 /data/haiwen/seafile-data/seafile.db .dump > /backup/databases/seafile.db.bak.`date +"%Y-%m-%d-%H-%M-%S"` + +sqlite3 /data/haiwen/seahub.db .dump > /backup/databases/seahub.db.bak.`date +"%Y-%m-%d-%H-%M-%S"` + +``` + +### Backing up Seafile library data + +The data files are all stored in the `/data/haiwen` directory, so just back up the whole directory. You can directly copy the whole directory to the backup destination, or you can use rsync to do incremental backup. + +To directly copy the whole data directory, + +``` +cp -R /data/haiwen /backup/data/haiwen-`date +"%Y-%m-%d-%H-%M-%S"` + +``` + +This produces a separate copy of the data directory each time. You can delete older backup copies after a new one is completed. + +If you have a lot of data, copying the whole data directory would take long. You can use rsync to do incremental backup. + +``` +rsync -az /data/haiwen /backup/data + +``` + +This command backup the data directory to `/backup/data/haiwen`. + +## Restore from backup + +Now supposed your primary seafile server is broken, you're switching to a new machine. Using the backup data to restore your Seafile instance: + +1. Copy `/backup/data/haiwen` to the new machine. Let's assume the seafile deployment location new machine is also `/data/haiwen`. +2. Restore the database. +3. Since database and data are backed up separately, they may become a little inconsistent with each other. To correct the potential inconsistency, run seaf-fsck tool to check data integrity on the new machine. See [seaf-fsck documentation](seafile_fsck.md). + +### Restore the databases + +Now with the latest valid database backup files at hand, you can restore them. + +**MySQL** + +``` +mysql -u[username] -p[password] ccnet-db < ccnet-db.sql.2013-10-19-16-00-05 +mysql -u[username] -p[password] seafile-db < seafile-db.sql.2013-10-19-16-00-20 +mysql -u[username] -p[password] seahub-db < seahub-db.sql.2013-10-19-16-01-05 + +``` + +**SQLite** + +``` +cd /data/haiwen +mv ccnet/PeerMgr/usermgr.db ccnet/PeerMgr/usermgr.db.old +mv ccnet/GroupMgr/groupmgr.db ccnet/GroupMgr/groupmgr.db.old +mv seafile-data/seafile.db seafile-data/seafile.db.old +mv seahub.db seahub.db.old +sqlite3 ccnet/PeerMgr/usermgr.db < usermgr.db.bak.xxxx +sqlite3 ccnet/GroupMgr/groupmgr.db < groupmgr.db.bak.xxxx +sqlite3 seafile-data/seafile.db < seafile.db.bak.xxxx +sqlite3 seahub.db < seahub.db.bak.xxxx + +``` + + diff --git a/manual/maintain/clean_database.md b/manual/maintain/clean_database.md new file mode 100644 index 00000000..1d1ced24 --- /dev/null +++ b/manual/maintain/clean_database.md @@ -0,0 +1,90 @@ +# Clean Database + +## Seahub + +### Session + +Since version 5.0, we offered command to clear expired session records in Seahub database. + +``` +cd /seafile-server-latest +./seahub.sh python-env seahub/manage.py clearsessions + +``` + +### Activity + +To clean the activity records, login in to MySQL/MariaDB and use the following command: + +``` +use seahub_db; +DELETE FROM Event WHERE to_days(now()) - to_days(timestamp) > 90; + +``` + +The corresponding items in UserEvent will deleted automatically by MariaDB when the foreign keys in Event table are deleted. + +Since version 7.0, we is using the table Activity intead of Event. Correspondingly, you need to empty the Activity table. + +Use the following command: + +``` +use seahub_db; +DELETE FROM Activity WHERE to_days(now()) - to_days(timestamp) > 90; + +``` + +The corresponding items in UserActivity will deleted automatically by MariaDB when the foreign keys in Activity table are deleted. + +### Login + +To clean the login records, login in to MySQL/MariaDB and use the following command: + +``` +use seahub_db; +DELETE FROM sysadmin_extra_userloginlog WHERE to_days(now()) - to_days(login_date) > 90; + +``` + +### File Access + +To clean the file access records, login in to MySQL/MariaDB and use the following command: + +``` +use seahub_db; +DELETE FROM FileAudit WHERE to_days(now()) - to_days(timestamp) > 90; + +``` + +### File Update + +To clean the file update records, login in to MySQL/MariaDB and use the following command: + +``` +use seahub_db; +DELETE FROM FileUpdate WHERE to_days(now()) - to_days(timestamp) > 90; + +``` + +### Permisson + +To clean the permisson records, login in to MySQL/MariaDB and use the following command: + +``` +use seahub_db; +DELETE FROM PermAudit WHERE to_days(now()) - to_days(timestamp) > 90; + +``` + +### Outdated Library Data + +Since version 6.2, we offer command to clear outdated library records in Seahub database, +e.g. records that are not deleted after a library is deleted. This is because users can restore a deleted library, so we can't delete these records at library deleting time. + +``` +cd /seafile-server-latest +./seahub.sh python-env seahub/manage.py clear_invalid_repo_data + +``` + + diff --git a/manual/maintain/export_file_access_log.md b/manual/maintain/export_file_access_log.md new file mode 100644 index 00000000..e0dced78 --- /dev/null +++ b/manual/maintain/export_file_access_log.md @@ -0,0 +1,11 @@ +# Export File Access Log + +Since version 7.0.8 pro, we offer command to export file access log. + +``` +cd /seafile-server-latest +./seahub.sh python-env python seahub/manage.py export_file_access_log --start-date 2019-06-01 --end-date 2019-07-01 + +``` + + diff --git a/manual/maintain/export_report.md b/manual/maintain/export_report.md new file mode 100644 index 00000000..ead40960 --- /dev/null +++ b/manual/maintain/export_report.md @@ -0,0 +1,29 @@ +# Export Report + +Since version 7.0.8 pro, Seafile provides commands to export reports via command line. + +## Export User Traffic Report + +``` +cd /seafile-server-latest +./seahub.sh python-env python seahub/manage.py export_user_traffic_report --date 201906 + +``` + +## Export User Storage Report + +``` +cd /seafile-server-latest +./seahub.sh python-env python seahub/manage.py export_user_storage_report + +``` + +## Export File Access Log + +``` +cd /seafile-server-latest +./seahub.sh python-env python seahub/manage.py export_file_access_log --start-date 2019-06-01 --end-date 2019-07-01 + +``` + + diff --git a/manual/maintain/export_user_storage_report.md b/manual/maintain/export_user_storage_report.md new file mode 100644 index 00000000..84137342 --- /dev/null +++ b/manual/maintain/export_user_storage_report.md @@ -0,0 +1,11 @@ +# Export User Storage Report + +Since version 7.0.8 pro, we offer command to export user storage report. + +``` +cd /seafile-server-latest +./seahub.sh python-env python seahub/manage.py export_user_storage_report + +``` + + diff --git a/manual/maintain/logs.md b/manual/maintain/logs.md new file mode 100644 index 00000000..4a09b87c --- /dev/null +++ b/manual/maintain/logs.md @@ -0,0 +1,24 @@ +# Logs + +### Log files of seafile server: + +* seafile.log: logs of Seafile server +* controller.log: logs of Controller +* seahub.log: logs from Django framework and emails sending +* Ccnet Log: logs/ccnet.log (logs for internal RPC, not useful) + +pro edition only: + +* seafevents.log: logs for background tasks and office file conversion +* seahub_email_sender.log: logs for periodically email sending of background tasks + + +### Log files for seafile background node in cluster mode: + +* seafile.log: logs of Seafile server +* controller.log: logs of Controller +* seahub.log: logs from Django framework and emails sending +* seafevents.log: Empty +* seafile-background-tasks.log: logs for background tasks and office file convertion +* seahub_email_sender.log: logs for periodically email sending of background tasks +* Ccnet Log: logs/ccnet.log (logs for internal RPC, not useful) diff --git a/manual/maintain/seafile_fsck.md b/manual/maintain/seafile_fsck.md new file mode 100644 index 00000000..84942a9b --- /dev/null +++ b/manual/maintain/seafile_fsck.md @@ -0,0 +1,130 @@ +# Seafile FSCK + +On the server side, Seafile stores the files in the libraries in an internal format. Seafile has its own representation of directories and files (similar to Git). + +With default installation, these internal objects are stored in the server's file system directly (such as Ext4, NTFS). But most file systems don't assure the integrity of file contents after a hard shutdown or system crash. So if new Seafile internal objects are being written when the system crashes, they can be corrupt after the system reboots. This will make part of the corresponding library not accessible. + +Note: If you store the seafile-data directory in a battery-backed NAS (like EMC or NetApp), or use S3 backend available in the Pro edition, the internal objects won't be corrupt. + +Starting from version 2.0, Seafile server comes with a seaf-fsck tool to help you recover from this corruption (similar to git-fsck tool). This tool recovers any corrupted library back to its last consistent and usable state. + +Starting from version 4.1, we provide a seaf-fsck.sh script. The seaf-fsck tool accepts the following arguments: + +``` +cd seafile-server-latest +./seaf-fsck.sh [--repair|-r] [--export|-E export_path] [repo_id_1 [repo_id_2 ...]] + +``` + +There are three modes of operation for seaf-fsck: + +1. checking integrity of libraries. +2. repairing corrupted libraries. +3. exporting libraries. + +## Checking Integrity of Libraries + +Running seaf-fsck.sh without any arguments will run a **read-only** integrity check for all libraries. + +``` +cd seafile-server-latest +./seaf-fsck.sh + +``` + +If you want to check integrity for specific libraries, just append the library id's as arguments: + +``` +cd seafile-server-latest +./seaf-fsck.sh [library-id1] [library-id2] ... + +``` + +The output looks like: + +``` +[02/13/15 16:21:07] fsck.c(470): Running fsck for repo ca1a860d-e1c1-4a52-8123-0bf9def8697f. +[02/13/15 16:21:07] fsck.c(413): Checking file system integrity of repo fsck(ca1a860d)... +[02/13/15 16:21:07] fsck.c(35): Dir 9c09d937397b51e1283d68ee7590cd9ce01fe4c9 is missing. +[02/13/15 16:21:07] fsck.c(200): Dir /bf/pk/(9c09d937) is curropted. +[02/13/15 16:21:07] fsck.c(105): Block 36e3dd8757edeb97758b3b4d8530a4a8a045d3cb is corrupted. +[02/13/15 16:21:07] fsck.c(178): File /bf/02.1.md(ef37e350) is curropted. +[02/13/15 16:21:07] fsck.c(85): Block 650fb22495b0b199cff0f1e1ebf036e548fcb95a is missing. +[02/13/15 16:21:07] fsck.c(178): File /01.2.md(4a73621f) is curropted. +[02/13/15 16:21:07] fsck.c(514): Fsck finished for repo ca1a860d. + +``` + +The corrupted files and directories are reported. + +Sometimes you can see output like the following: + +``` +[02/13/15 16:36:11] Commit 6259251e2b0dd9a8e99925ae6199cbf4c134ec10 is missing +[02/13/15 16:36:11] fsck.c(476): Repo ca1a860d HEAD commit is corrupted, need to restore to an old version. +[02/13/15 16:36:11] fsck.c(314): Scanning available commits... +[02/13/15 16:36:11] fsck.c(376): Find available commit 1b26b13c(created at 2015-02-13 16:10:21) for repo ca1a860d. + +``` + +This means the "head commit" (current state of the library) recorded in database is not consistent with the library data. In such case, fsck will try to find the last consistent state and check the integrity in that state. + +Tips: **If you have many libraries, it's helpful to save the fsck output into a log file for later analysis.** + +## Repairing Corruption + +Corruption repair in seaf-fsck basically works in two steps: + +1. If the library state (commit) recorded in database is not found in data directory, find the last available state from data directory. +2. Check data integrity in that specific state. If files or directories are corrupted, set them to empty files or empty directories. The corrupted paths will be reported, so that the user can recover them from somewhere else. + +Running the following command repairs all the libraries: + +``` +cd seafile-server-latest +./seaf-fsck.sh --repair + +``` + +Most of time you run the read-only integrity check first, to find out which libraries are corrupted. And then you repair specific libraries with the following command: + +``` +cd seafile-server-latest +./seaf-fsck.sh --repair [library-id1] [library-id2] ... + +``` + +After repairing, in the library history, seaf-fsck includes the list of files and folders that are corrupted. So it's much easier to located corrupted paths. + +### Best Practice for Repairing a Library + +To check all libraries and find out which library is corrupted, the system admin can run seaf-fsck.sh without any argument and save the output to a log file. Search for keyword "Fail" in the log file to locate corrupted libraries. You can run seaf-fsck to check all libraries when your Seafile server is running. It won't damage or change any files. + +When the system admin find a library is corrupted, he/she should run seaf-fsck.sh with "--repair" for the library. After the command fixes the library, the admin should inform user to recover files from other places. There are two ways: + +* Upload corrupted files or folders via the web interface +* If the library was synced to some desktop computer, and that computer has a correct version of the corrupted file, resyncing the library on that computer will upload the corrupted files to the server. + +## Speeding up FSCK by not checking file contents + +Starting from Pro edition 7.1.5, an option is added to speed up FSCK. Most of the running time of seaf-fsck is spent on calculating hashes for file contents. This hash will be compared with block object ID. If they're not consistent, the block is detected as corrupted. + +In many cases, the file contents won't be corrupted most of time. Some objects are just missing from the system. So it's enough to only check for object existence. This will greatly speed up the fsck process. + +To skip checking file contents, add the "--shallow" or "-s" option to seaf-fsck. + +## Exporting Libraries to File System + +Since version 4.2.0, you can use seaf-fsck to export all the files in libraries to external file system (such as Ext4). This procedure doesn't rely on the seafile database. As long as you have your seafile-data directory, you can always export your files from Seafile to external file system. + +The command syntax is + +``` +cd seafile-server-latest +./seaf-fsck.sh --export top_export_path [library-id1] [library-id2] ... + +``` + +The argument `top_export_path` is a directory to place the exported files. Each library will be exported as a sub-directory of the export path. If you don't specify library ids, all libraries will be exported. + +Currently only un-encrypted libraries can be exported. Encrypted libraries will be skipped. diff --git a/manual/maintain/seafile_gc.md b/manual/maintain/seafile_gc.md new file mode 100644 index 00000000..4613a44d --- /dev/null +++ b/manual/maintain/seafile_gc.md @@ -0,0 +1,204 @@ +# Seafile GC + +Seafile uses storage de-duplication technology to reduce storage usage. The underlying data blocks will not be removed immediately after you delete a file or a library. As a result, the number of unused data blocks will increase on Seafile server. + +To release the storage space occupied by unused blocks, you have to run a +"garbage collection" program to clean up unused blocks on your server. + +The GC program cleans up two types of unused blocks: + +1. Blocks that no library references to, that is, the blocks belong to deleted libraries; +2. If you set history length limit on some libraries, the out-dated blocks in those libraries will also be removed. + +**Before running GC, you must shutdown the Seafile program on your server if you use the community edition. For professional edition, online GC operation is supported. If you use Professional edition, you don't need to shutdown the Seafile program if you are using MySQL.** +This is because new blocks written into Seafile while GC is running may be mistakenly deleted by the GC program. + +At the bottom of the page there is a script that you can use to run the cleanup manually or e.g. once a week with as cronjob. + +## Run GC + +### Dry-run Mode + +To see how much garbage can be collected without actually removing any garbage, use the dry-run option: + +``` +seaf-gc.sh --dry-run [repo-id1] [repo-id2] ... + +``` + +The output should look like: + +``` +[03/19/15 19:41:49] seafserv-gc.c(115): GC version 1 repo My Library(ffa57d93) +[03/19/15 19:41:49] gc-core.c(394): GC started. Total block number is 265. +[03/19/15 19:41:49] gc-core.c(75): GC index size is 1024 Byte. +[03/19/15 19:41:49] gc-core.c(408): Populating index. +[03/19/15 19:41:49] gc-core.c(262): Populating index for repo ffa57d93. +[03/19/15 19:41:49] gc-core.c(308): Traversed 5 commits, 265 blocks. +[03/19/15 19:41:49] gc-core.c(440): Scanning unused blocks. +[03/19/15 19:41:49] gc-core.c(472): GC finished. 265 blocks total, about 265 reachable blocks, 0 blocks can be removed. + +[03/19/15 19:41:49] seafserv-gc.c(115): GC version 1 repo aa(f3d0a8d0) +[03/19/15 19:41:49] gc-core.c(394): GC started. Total block number is 5. +[03/19/15 19:41:49] gc-core.c(75): GC index size is 1024 Byte. +[03/19/15 19:41:49] gc-core.c(408): Populating index. +[03/19/15 19:41:49] gc-core.c(262): Populating index for repo f3d0a8d0. +[03/19/15 19:41:49] gc-core.c(308): Traversed 8 commits, 5 blocks. +[03/19/15 19:41:49] gc-core.c(264): Populating index for sub-repo 9217622a. +[03/19/15 19:41:49] gc-core.c(308): Traversed 4 commits, 4 blocks. +[03/19/15 19:41:49] gc-core.c(440): Scanning unused blocks. +[03/19/15 19:41:49] gc-core.c(472): GC finished. 5 blocks total, about 9 reachable blocks, 0 blocks can be removed. + +[03/19/15 19:41:49] seafserv-gc.c(115): GC version 1 repo test2(e7d26d93) +[03/19/15 19:41:49] gc-core.c(394): GC started. Total block number is 507. +[03/19/15 19:41:49] gc-core.c(75): GC index size is 1024 Byte. +[03/19/15 19:41:49] gc-core.c(408): Populating index. +[03/19/15 19:41:49] gc-core.c(262): Populating index for repo e7d26d93. +[03/19/15 19:41:49] gc-core.c(308): Traversed 577 commits, 507 blocks. +[03/19/15 19:41:49] gc-core.c(440): Scanning unused blocks. +[03/19/15 19:41:49] gc-core.c(472): GC finished. 507 blocks total, about 507 reachable blocks, 0 blocks can be removed. + +[03/19/15 19:41:50] seafserv-gc.c(124): === Repos deleted by users === +[03/19/15 19:41:50] seafserv-gc.c(145): === GC is finished === + +[03/19/15 19:41:50] Following repos have blocks to be removed: +repo-id1 +repo-id2 +repo-id3 + +``` + +If you give specific library ids, only those libraries will be checked; otherwise all libraries will be checked. + +Notice that at the end of the output there is a "repos have blocks to be removed" section. It contains the list of librareis that have garbage blocks. Later when you run GC without --dry-run option, you can use these libraris ids as input arguments to GC program. + +### Removing Garbage + +To actually remove garbage blocks, run without the --dry-run option: + +``` +seaf-gc.sh [repo-id1] [repo-id2] ... + +``` + +If libraries ids are specified, only those libraries will be checked for garbage. + +As described before, there are two types of garbage blocks to be removed. Sometimes just removing the first type of blocks (those that belong to deleted libraries) is good enough. In this case, the GC program won't bother to check the libraries for outdated historic blocks. The "-r" option implements this feature: + +``` +seaf-gc.sh -r + +``` + +**In Seafile version 4.1.1 and later, libraries deleted by the users are not immediately removed from the system. Instead, they're moved into a "trash" in the system admin page. Before they're cleared from the trash, their blocks won't be garbage collected.** + +### Using Multiple Threads in GC + +Since Pro server 5.1.0, you can specify the thread number in GC. By default, + +* If storage backend is S3/Swift/Ceph, 10 threads are started to do the GC work. +* If storage backend is file system, only 1 thread is started. + +You can specify the thread number in with "-t" option. "-t" option can be used together with all other options. Each thread will do GC on one library. For example, the following command will use 20 threads to GC all libraries: + +``` +seaf-gc.sh -t 20 + +``` + +Since the threads are concurrent, the output of each thread may mix with each others. Library ID is printed in each line of output. + +### Run GC based on library ID prefix + +Since GC usually runs quite slowly as it needs to traverse the entire library history. You can use multiple threads to run GC in parallel. For even larger deployments, it's also desirable to run GC on multiple server in parallel. + +A simple pattern to divide the workload among multiple GC servers is to assign libraries to servers based on library ID. Since Pro edition 7.1.5, this is supported. You can add "--id-prefix" option to seaf-gc.sh, to specify the library ID prefix. For example, the below command will only process libraries having "a123" as ID prefix. + +``` +seaf-gc.sh --id-prefix a123 + +``` + +## GC cleanup script for Community Version + +To use this script you need: + +* Setup the seafile-service file at '/etc/init.d/seafile-server' +* Files of seafile setup need to be owner by 'seafile:nogroup' or 'seafile:seafile' +* Run the script with sudo or as root +* Put the script into crontab of a root user + +Create the script file (change the location to your liking): + +``` +touch /opt/haiwen/seafile/cleanupScript.sh + +``` + +Use your favorite text editor and paste the following code: + +``` +#!/bin/bash + +##### +# Uncomment the following line if you rather want to run the script manually. +# Display usage if the script is not run as root user +# if [[ $USER != "root" ]]; then +# echo "This script must be run as root user!" +# exit 1 +# fi +# +# echo "Super User detected!!" +# read -p "Press [ENTER] to start the procedure, this will stop the seafile server!!" +##### + +# stop the server +echo Stopping the Seafile-Server... +systemctl stop seafile.service +systemctl stop seahub.service + +echo Giving the server some time to shut down properly.... +sleep 20 + +# run the cleanup +echo Seafile cleanup started... +sudo -u seafile $pathtoseafile/seafile-server-latest/seaf-gc.sh + +echo Giving the server some time.... +sleep 10 + +# start the server again +echo Starting the Seafile-Server... +systemctl start seafile.service +systemctl start seahub.service + +echo Seafile cleanup done! + +``` + +Make sure that the script has been given execution rights, to do that run this command. + +``` +sudo chmod +x /path/to/yourscript.sh + +``` + +Then open crontab with the root user + +``` +crontab -e + +``` + +Add the following line (change the location of your script accordingly!) + +``` +0 2 * * Sun /opt/haiwen/seafile/cleanupScript.sh + +``` + +The script will then run every Sunday at 2:00 AM. + +## GC in the [seafile docker container](https://github.com/haiwen/seafile-docker) + +To perform garbage collection inside the seafile docker container, you must run the `/scripts/gc.sh` script. Simply run `docker exec /scripts/gc.sh`. diff --git a/manual/media/favicon.ico b/manual/media/favicon.ico new file mode 100644 index 00000000..c2a2563f Binary files /dev/null and b/manual/media/favicon.ico differ diff --git a/manual/media/seafile-transparent-1024.png b/manual/media/seafile-transparent-1024.png new file mode 100644 index 00000000..ff00b9dc Binary files /dev/null and b/manual/media/seafile-transparent-1024.png differ diff --git a/manual/overview/README.md b/manual/overview/README.md new file mode 100644 index 00000000..6b7372a3 --- /dev/null +++ b/manual/overview/README.md @@ -0,0 +1,8 @@ +# Overview + +* [Seafile Components](components.md) +* [File permission management](file_permission_management.md) +* [FAQ](../faq.md) +* [Changelog](../changelog.md) +* [Roadmap](../roadmap.md) +* [Contribution](../contribution.md) diff --git a/manual/overview/components.md b/manual/overview/components.md new file mode 100644 index 00000000..a2168d72 --- /dev/null +++ b/manual/overview/components.md @@ -0,0 +1,14 @@ +# Components Overview + +Seafile server consists of following components: + +- **Seahub** (django):the web frontend. Seafile server package contains a light-weight Python HTTP server gunicorn that serves the website. By default, Seahub runs as an application within gunicorn. You can also configure Seahub to run under WSGI mode behind Nginx or Apache. This is recommended for production setups. +- **Seafile server** (``seaf-server``):data service daemon, handles raw file upload, download and synchronization. Seafile server by default listens on port 8082. You can configure Nginx/Apache to proxy traffic to the local 8082 port. +- **Ccnet server** (``ccnet-server``): RPC service daemon to enable communication among multiple components. Ccnet is only used for internal communication. + +The picture below shows how Seafile clients access files when you configure Seafile behind Nginx/Apache. + +![Seafile Sync](../images/seafile-arch-new-http.png) + +- All access to the Seafile service (including Seahub and Seafile server) can be configured behind Nginx or Apache web server. This way all network traffic to the service can be encrypted with HTTPS. +- When user accesses Seahub, Seahub accesses data from Seafile server using Ccnet RPC. diff --git a/manual/overview/file_permission_management.md b/manual/overview/file_permission_management.md new file mode 100644 index 00000000..f11890b9 --- /dev/null +++ b/manual/overview/file_permission_management.md @@ -0,0 +1,19 @@ +# File permission management + +Seafile manages files using libraries. Every library has an owner, who can share the library to other users or share it with groups. The sharing can be read-only or read-write. + +## Read-only syncing + +Read-only libraries can be synced to local desktop. The modifications at the client will not be synced back. If a user has modified some file contents, he can use "resync" to revert the modifications. + + +## Cascading permission/Sub-folder permissions (Pro edition) + +Sharing controls whether a user or group can see a library, while sub-folder permissions are used to modify permissions on specific folders. + +Supposing you share a library as read-only to a group and then want specific sub-folders to be read-write for a few users, you can set read-write permissions on sub-folders for some users and groups. + +Note: + +* Setting sub-folder permission for a user without sharing the folder or parent folder to that user will have no effect. +* Sharing a library read-only to a user and then sharing a sub-folder read-write to that user will lead to two shared items for that user. This is going to cause confusion. Use sub-folder permissions instead. diff --git a/manual/roadmap.md b/manual/roadmap.md new file mode 100644 index 00000000..c1b27a78 --- /dev/null +++ b/manual/roadmap.md @@ -0,0 +1,3 @@ +# Roadmap + +Please check diff --git a/manual/scripts/deploy-manual.sh b/manual/scripts/deploy-manual.sh new file mode 100644 index 00000000..9ac723a3 --- /dev/null +++ b/manual/scripts/deploy-manual.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +set -e + +work_dir=/home/deploy +cd ${work_dir} +repo=${1:-seafile-docs} + +if ! [[ -e ${repo} ]]; then + echo "Cloing ${repo}" + git clone -q https://github.com/haiwen/${repo}.git +else + cd ${repo} + echo "Updating ${repo}" + git fetch -q origin + git reset --hard origin/master + git clean -fdx +fi + +cd ${work_dir}/${repo}/ +echo "Building ${repo}" +gitbook build > /dev/null && rm -rf /home/deploy/_book +mv ./_book /home/deploy/ + +echo "Reloading nginx" +sudo nginx -s reload +echo "done" diff --git a/manual/scripts/deploy.sh b/manual/scripts/deploy.sh new file mode 100644 index 00000000..437d5129 --- /dev/null +++ b/manual/scripts/deploy.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +set -e + +if [[ $DEPLOY_USER == "" || $DEPLOY_SERVER == "" || $DEPLOY_CMD == "" ]]; then + echo "Not configured properly." + exit 1 +fi + +if [[ $TRAVIS_BRANCH != "master" ]]; then + exit 0 +fi + +mkdir -p ~/.ssh +cat >~/.ssh/config < + +ignoreregex = + +# DEV Notes: +# +# pattern : 2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: , ip: 1.2.3.4, attemps: 3 +# 2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip: 1.2.3.4, attempts: 3 +``` + + +#### Restart fail2ban + +Finally, just restart fail2ban and check your firewall (iptables for me) : + +``` +sudo fail2ban-client reload +sudo iptables -S +``` + +Fail2ban will create a new chain for this jail. +So you should see these new lines : + +``` +... +-N fail2ban-seafile +... +-A fail2ban-seafile -j RETURN +``` + +## Tests + +To do a simple test (but you have to be an administrator on your seafile server) go to your seafile webserver URL and try 3 authentications with a wrong password. + +Actually, when you have done that, you are banned from http and https ports in iptables, thanks to fail2ban. + +To check that : + +on fail2ban + +``` +denis@myserver:~$ sudo fail2ban-client status seafile +Status for the jail: seafile +|- filter +| |- File list: /home//logs/seahub.log +| |- Currently failed: 0 +| `- Total failed: 1 +`- action + |- Currently banned: 1 + | `- IP list: 1.2.3.4 + `- Total banned: 1 +``` + +on iptables : + +``` +sudo iptables -S + +... +-A fail2ban-seafile -s 1.2.3.4/32 -j REJECT --reject-with icmp-port-unreachable +... +``` + +To unban your IP address, just execute this command : + +``` +sudo fail2ban-client set seafile unbanip 1.2.3.4 +``` + +## Note + +As three (3) failed attempts to login will result in one line added in seahub.log a Fail2Ban jail with the settings maxretry = 3 is the same as nine (9) failed attempts to login. diff --git a/manual/security/security_features.md b/manual/security/security_features.md new file mode 100644 index 00000000..61084941 --- /dev/null +++ b/manual/security/security_features.md @@ -0,0 +1,54 @@ +# Security Questions + +## How is the connection between client and server encrypted? + +Seafile uses HTTP(S) to syncing files between client and server (Since version 4.1.0). + +## Encrypted Library + +Seafile provides a feature called encrypted library to protect your privacy. The file encryption/decryption is performed on client-side when using the desktop client for file synchronization. The password of an encrypted library is not stored on the server. **Even the system admin of the server can't view the file contents - they can however view the metadata [which are currently not encrypted](https://github.com/haiwen/seafile/issues/350).** The metadata includes: the complete list of directory and file names, every files size, the history of editors, when, and what byte ranges were altered. + +CAUTION: The client side encryption does currently NOT work while using the web browser and the cloud file explorer of the desktop client. When you are browsing encrypted libraries via the web browser or the cloud file explorer, you need to input the password and the server is going to use the password to decrypt the "file key" for the library (see description below) and cache the password in memory for one hour. The plain text password is never stored or cached on the server. + +The client side encryption works on iOS client since version 2.1.6. The Android client support client side encryption since version 2.1.0. + + +## How does an encrypted library work? + +When you create an encrypted library, you'll need to provide a password for it. All the data in that library will be encrypted with the password before uploading it to the server (see limitations above). + +The encryption procedure is: + +1. Generate a 32-byte long cryptographically strong random number. This will be used as the file encryption key ("file key"). +2. Encrypt the file key with the user provided password. We first use PBKDF2 algorithm (1000 iterations of SHA256) to derive a key/iv pair from the password, then use AES 256/CBC to encrypt the file key. The result is called the "encrypted file key". This encrypted file key will be sent to and stored on the server. When you need to access the data, you can decrypt the file key from the encrypted file key. +3. All file data is encrypted by the file key with AES 256/CBC. We use PBKDF2 algorithm (1000 iterations of SHA256) to derive key/iv pair from the file key. After encryption, the data is uploaded to the server. + +The above encryption procedure can be executed on the desktop and the mobile client. The Seahub browser client uses a different encryption procedure that happens at the server. Because of this your password will be transferred to the server. + +When you sync an encrypted library to the desktop, the client needs to verify your password. When you create the library, a "magic token" is derived from the password and library id. This token is stored with the library on the server side. The client use this token to check whether your password is correct before you sync the library. The magic token is generated by PBKDF2 algorithm with 1000 iterations of SHA256 hash. + +For maximum security, the plain-text password won't be saved on the client side, too. The client only saves the key/iv pair derived from the "file key", which is used to decrypt the data. So if you forget the password, you won't be able to recover it or access your data on the server. + +## Why fileserver delivers every content to everybody knowing the content URL of an unshared private file? + +When a file download link is clicked, a random URL is generated for user to access the file from fileserver. This url can only be access once. After that, all access will be denied to the url. So even if someone else happens to know about the url, he can't access it anymore. + +## How does Seafile store user login password? + +User login passwords are stored in hash form only. Note that user login password is different from the passwords used in encrypted libraries. In the database, its format is + +``` +PBKDF2SHA256$iterations$salt$hash +``` + +The record is divided into 4 parts by the $ sign. + +- The first part is the used hash algorithm. Currently we use PBKDF2 with SHA256. It can be changed to an even stronger algorithm if needed. +- The second part is the number of iterations of the hash algorithm +- The third part is the random salt used to generate the hash +- The fourth part is the final hash generated from the password + +To calculate the hash: + +- First, generate a 32-byte long cryptographically strong random number, use it as the salt. +- Calculate the hash with `PBKDF2(password, salt, iterations)`. The number of iterations is currently 10000. diff --git a/manual/upgrade/ce-7.0.md b/manual/upgrade/ce-7.0.md new file mode 100644 index 00000000..1b0e4a6c --- /dev/null +++ b/manual/upgrade/ce-7.0.md @@ -0,0 +1,50 @@ +# ce-7.0 + +## Common Problems + +### Not able to open Markdown file + +If after upgrading to 7.0, you are not able to open Markdown file and if your seahub.log containing the following error, it is caused by you forgot to migrate file comment when you upgrade to 6.3 version. + +![](./image-1558745192334.png) + + + +You can delete the table base_filecomment and recreate the table. + +``` +CREATE TABLE `base_filecomment` ( + `id` int(11) NOT NULL AUTO_INCREMENT, + `author` varchar(255) NOT NULL, + `comment` longtext NOT NULL, + `created_at` datetime NOT NULL, + `updated_at` datetime NOT NULL, + `uuid_id` char(32) NOT NULL, + `detail` longtext NOT NULL, + `resolved` tinyint(1) NOT NULL, + + PRIMARY KEY (`id`), + KEY `base_filecomment_uuid_id_4f9a2ca2_fk_tags_fileuuidmap_uuid` (`uuid_id`), + KEY `base_filecomment_author_8a4d7e91` (`author`), + KEY `base_filecomment_resolved_e0717eca` (`resolved`), + CONSTRAINT `base_filecomment_uuid_id_4f9a2ca2_fk_tags_fileuuidmap_uuid` FOREIGN KEY (`uuid_id`) REFERENCES `tags_fileuuidmap` (`uuid`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +``` + +If you are using SQLite, the corresponding SQL is: + +``` +CREATE TABLE "base_filecomment" ( +"id" integer NOT NULL PRIMARY KEY AUTOINCREMENT, + "author" varchar(255) NOT NULL, + "comment" text NOT NULL, +"created_at" datetime NOT NULL, +"updated_at" datetime NOT NULL, +"uuid_id" char(32) NOT NULL REFERENCES "tags_fileuuidmap" ("uuid"), +"detail" text NOT NULL, +"resolved" bool NOT NULL); + +``` + + diff --git a/manual/upgrade/image-1558745192334.png b/manual/upgrade/image-1558745192334.png new file mode 100644 index 00000000..e4887ecd Binary files /dev/null and b/manual/upgrade/image-1558745192334.png differ diff --git a/manual/upgrade/image-1558745374080.png b/manual/upgrade/image-1558745374080.png new file mode 100644 index 00000000..453d7c02 Binary files /dev/null and b/manual/upgrade/image-1558745374080.png differ diff --git a/manual/upgrade/pro-7.0.md b/manual/upgrade/pro-7.0.md new file mode 100644 index 00000000..10d010be --- /dev/null +++ b/manual/upgrade/pro-7.0.md @@ -0,0 +1,289 @@ +# Upgrade to Pro 7.0 + +Since seafile-pro 7.0.0, we have upgraded Elasticsearch to 5.6. As Elasticsearch 5.6 relies on the Java 8 environment and can't run with root, you need to run Seafile with a non-root user and upgrade the Java version. + +## Upgrade the Java version + +In order to upgrade from 6.3.x to 7.0.x, you may need to upgrade the JDK version. + +Run the following command to view the current Java version information: + +``` +java -version + +``` + +If the current JDK version is 1.7.0, then you need to upgrade to 1.8.0. To upgrade to openjdk-1.8.0, refer to the following command: + +``` +# For CentOS +yum install java-1.8.0-openjdk + +``` + +``` +# For Ubuntu +apt-get install openjdk-8-jre + +``` + +--- + +**In addition, if you previously ran Seafile with root, you would need to run Seafile with a non-root user in order to use search functionality after upgrading to 7.0.x. If Seafile is already running with a non-root user, you can do the upgrade directly.** + +## Switch user if you are using root to run Seafile + +It is recommended that you run Seafile with the `seafile` user. For specific operations, please refer to the following process: + +**Assume that the Seafile installation directory is:** `/opt/seafile` + +**Assume that the Seafile data storage path is:** `/opt/seafile/seafile-data` + +### Stop Seafile Service + +You need to stop the currently running seafile process first. + +``` +cd /opt/seafile/seafile-server-latest +./seafile.sh stop +./seahub.sh stop + +``` + +### Create seafile user + +Create a system account to run the Seafile service. The suggested user name is seafile: + +``` +useradd --system --comment "seafile" seafile --create-home --home-dir /home/seafile + +``` + +### Modify directory permissions + +Modify the owner and group of the Seafile installation directory and the Seafile data storage directory to seafile: + +``` +chown -R seafile.seafile /opt/seafile +chown -R seafile.seafile /opt/seafile/seafile-data +chown -R seafile.seafile /tmp/seafile-office-output + +``` + +### Start the service + +``` +su - seafile +cd /opt/seafile/seafile-server-latest +./seafile.sh start +./seahub.sh start + +``` + +### Modify the startup scripts + +**If you used the systemd manager to implement boot-up:** + +* You need to modify `/etc/systemd/system/seafile.service`: + + +``` +[Unit] +Description=Seafile Server +After=network.target mariadb.service + +[Service] +ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start +ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop +User=seafile +Group=seafile +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target + +``` + +And `/etc/systemd/system/seahub.service`: + +``` +[Unit] +Description=Seafile Seahub +After=network.target seafile.service + +[Service] +ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start +ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop +User=seafile +Group=seafile +Type=oneshot +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target + +``` + +Reload the systemd manager configuration: + +``` +systemctl daemon-reload + +``` + +**If you used the init script to implement boot-up:** + +You need to modify `/etc/init.d/seafile-server`: + +``` +#!/bin/bash +### BEGIN INIT INFO +# Provides: seafile-server +# Required-Start: $remote_fs $syslog mysql +# Required-Stop: $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Seafile server +# Description: Start Seafile server +### END INIT INFO + +# Author: Alexander Jackson + +# Change the value of "seafile_dir" to your path of seafile installation +user=seafile +seafile_dir=/opt/seafile +script_path=${seafile_dir}/seafile-server-latest +seafile_init_log=${seafile_dir}/logs/seafile.init.log +seahub_init_log=${seafile_dir}/logs/seahub.init.log + +case "$1" in + start) + sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log} + sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log} + ;; + restart) + sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log} + sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log} + ;; + stop) + sudo -u ${user} ${script_path}/seafile.sh $1 >> ${seafile_init_log} + sudo -u ${user} ${script_path}/seahub.sh $1 >> ${seahub_init_log} + ;; + *) + echo "Usage: /etc/init.d/seafile-server {start|stop|restart}" + exit 1 + ;; +esac + +``` + +### Upgrade Seafile + +Stop running the current seafile service: + +``` +su - seafile +cd /opt/seafile/seafile-server-latest +./seafile.sh stop +./seahub.sh stop + +``` + +Download the seafile-pro 7.0.x package and extract it to the Seafile installation directory `/opt/seafile`; then execute the upgrade script: + +``` +cd /opt/seafile/seafile-pro-server-7.0.x/upgrade/ +./upgrade_6.3_7.0.sh + +``` + +After the upgrade script is successfully executed, start the Seafile service: + +``` +cd /opt/seafile/seafile-server-latest +./seafile.sh start +./seahub.sh start + +``` + +## Features Modification + +### Encrypted libraries + +Note, to enable using new encrypted libraries with different salt for different libraries, you need to add the following configuration to seahub_setting.py + +``` +ENCRYPTED_LIBRARY_VERSION = 3 + +``` + +Currently the mobile clients and desktop clients does not supported new version of encrypted library yet. After we upgrade the clients, we will make the setting as default. + +### File history + +Recording file history to database for fast access is enabled by default for 'Markdown, .txt, ppt, pptx, doc, docx, xls, xlsx'. To disable the feature or to modified the file list, you can add the following settings to seafevents.conf + +``` +[FILE HISTORY] +enabled = false +suffix = md,txt,... + +``` + +After enable the feature, the old histories version for markdown, doc, docx files will not be list in the history page. (Only new histories that stored in database will be listed) But the users can still access the old versions in the library snapshots. + +For file types not listed in the `suffix` , histories version will be scanned from the library history as before. + +### File activities + +The file activities feature are redesigned. We use a new database table to record file activities. The old activities will not be displayed. + +### Wikis + +In version 6.3, users can create public or private Wikis. In version 7.0, private Wikis is replaced by column mode view. Every library has a column mode view. So users don't need to explicitly create private Wikis. + +Public Wikis are now renamed to published libraries. + +There are two role permissions that control whether a user can create public Wikis, share link permission and publish library permission. A user must have both the permissions to be able to use public Wikis. + +## Common Problems + +### Not able to open Markdown file + +If after upgrading to 7.0, you are not able to open Markdown file and if your seahub.log containing the following error, it is caused by you forgot to migrate file comment when you upgrade to 6.3 version. + +![](./image-1558745192334.png) + + + +You can delete the table base_filecomment and recreate the table. + +``` +CREATE TABLE `base_filecomment` ( + + `id` int(11) NOT NULL AUTO_INCREMENT, + `author` varchar(255) NOT NULL, + + `comment` longtext NOT NULL, + `created_at` datetime NOT NULL, + + `updated_at` datetime NOT NULL, + `uuid_id` char(32) NOT NULL, + + `detail` longtext NOT NULL, + `resolved` tinyint(1) NOT NULL, + + PRIMARY KEY (`id`), + KEY `base_filecomment_uuid_id_4f9a2ca2_fk_tags_fileuuidmap_uuid` (`uuid_id`), + + KEY `base_filecomment_author_8a4d7e91` (`author`), + + KEY `base_filecomment_resolved_e0717eca` (`resolved`), + + CONSTRAINT `base_filecomment_uuid_id_4f9a2ca2_fk_tags_fileuuidmap_uuid` FOREIGN KEY (`uuid_id`) REFERENCES `tags_fileuuidmap` (`uuid`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +``` + + diff --git a/manual/upgrade/upgrade.md b/manual/upgrade/upgrade.md new file mode 100644 index 00000000..a984429b --- /dev/null +++ b/manual/upgrade/upgrade.md @@ -0,0 +1,178 @@ +# Upgrade manual + +There are three types of upgrade, i.e., major version upgrade, minor version upgrade and maintenance version upgrade. This page contains general instructions for the three types of upgrade. It also contains special notes for each version. + +* After upgrading, you may need to clean [seahub cache](../deploy/add_memcached.md) if it doesn't behave as expect. +* If you are running a **cluster**, please read [upgrade a Seafile cluster](../deploy_pro/upgrade_a_cluster.md). + +## Special upgrade notes + +Please check the **upgrade notes** for any special configuration or changes before/while upgrading. + +* [Upgrade notes for 5.x.x](./upgrade_notes_for_5.x.x.md) +* [Upgrade notes for 6.x.x](./upgrade_notes_for_6.x.x.md) +* [Upgrade notes for 7.0.x](./upgrade_notes_for_7.0.x.md) +* [Upgrade notes for 7.1.x](./upgrade_notes_for_7.1.x.md) + +## Major version upgrade (e.g. from 5.x.x to 6.y.y) + +Suppose you are using version 5.1.0 and like to upgrade to version 6.1.0. First download and extract the new version. You should have a directory layout similar to this: + +``` +seafile + -- seafile-server-5.1.0 + -- seafile-server-6.1.0 + -- ccnet + -- seafile-data + +``` + +Now upgrade to version 6.1.0. + +1. Shutdown Seafile server if it's running + + ```sh + cd seafile/seafile-server-latest + ./seahub.sh stop + ./seafile.sh stop + # or via service + /etc/init.d/seafile-server stop + + ``` + +2. Check the upgrade scripts in seafile-server-6.1.0 directory. + + ```sh + cd seafile/seafile-server-6.1.0 + ls upgrade/upgrade_* + + ``` + + You will get a list of upgrade files: + + ``` + ... + upgrade_5.0_5.1.sh + upgrade_5.1_6.0.sh + upgrade_6.0_6.1.sh + + ``` + +3. Start from your current version, run the script(s one by one) + + ``` + upgrade/upgrade_5.1_6.0.sh + upgrade/upgrade_6.0_6.1.sh + + ``` + +4. Start Seafile server + + ```sh + cd seafile/seafile-server-latest/ + ./seafile.sh start + ./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi + # or via service + /etc/init.d/seafile-server start + + ``` + +5. If the new version works fine, the old version can be removed + + ```sh + rm -rf seafile-server-5.1.0/ + + ``` + +## Minor version upgrade (e.g. from 6.1.x to 6.2.y) + +Suppose you are using version 6.1.0 and like to upgrade to version 6.2.0. First download and extract the new version. You should have a directory layout similar to this: + +``` +seafile + -- seafile-server-6.1.0 + -- seafile-server-6.2.0 + -- ccnet + -- seafile-data + +``` + +Now upgrade to version 6.2.0. + +1. Shutdown Seafile server if it's running + + ```sh + cd seafile/seafile-server-latest + ./seahub.sh stop + ./seafile.sh stop + # or via service + /etc/init.d/seafile-server stop + + ``` + +2. Check the upgrade scripts in seafile-server-6.2.0 directory. + + ```sh + cd seafile/seafile-server-latest + ls upgrade/upgrade_* + + ``` + + You will get a list of upgrade files: + + ``` + ... + upgrade/upgrade_5.1_6.0.sh + upgrade/upgrade_6.0_6.1.sh + upgrade/upgrade_6.1_6.2.sh + + ``` + +3. Start from your current version, run the script(s one by one) + + ``` + upgrade/upgrade_6.1_6.2.sh + + ``` + +4. Start Seafile server + + ```sh + cd seafile/seafile-server-latest/ + ./seafile.sh start + ./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi + # or via service + /etc/init.d/seafile-server start + + ``` + +5. If the new version works, the old version can be removed + + ```sh + rm -rf seafile-server-6.1.0/ + + ``` + +## Maintenance version upgrade (e.g. from 6.2.2 to 6.2.3) + +A maintenance upgrade is for example an upgrade from 6.2.2 to 6.2.3. + +1. Shutdown Seafile server if it's running +2. For this type of upgrade, you only need to update the symbolic links (for avatar and a few other folders). + A script to perform a minor upgrade is provided with Seafile server (for history reasons, the script is called `minor-upgrade.sh`): + + ```sh + cd seafile-server-latest + upgrade/minor-upgrade.sh + + ``` + +3. Start Seafile +4. If the new version works, the old version can be removed + + ```sh + rm -rf seafile-server-6.2.2/ + + ``` + + diff --git a/manual/upgrade/upgrade_notes_for_5.x.x.md b/manual/upgrade/upgrade_notes_for_5.x.x.md new file mode 100644 index 00000000..ea594626 --- /dev/null +++ b/manual/upgrade/upgrade_notes_for_5.x.x.md @@ -0,0 +1,35 @@ +# Upgrade notes for 5.x.x + +These notes give additional information about changes. +Please always follow the main [upgrade guide](./upgrade.md). + +## Important release changes + +**In Seafile 5.0, we moved all config files to the folder \*\***`/seafile-root/conf`\***\*, including:** + +* seahub_settings.py -> conf/seahub_settings.py +* ccnet/ccnet.conf -> conf/ccnet.conf +* seafile-data/seafile.conf -> conf/seafile.conf +* \[pro only] pro-data/seafevents.conf -> conf/seafevents.conf + +## V5.1.4 + +**Python upgrade** +If you upgrade to 5.1.4+, you need to install the python-urllib3: + +``` +# for Ubuntu 16.04 +sudo apt-get install python-urllib3 + +# for Debian 8 +apt-get install python-urllib3 + +# for Centos 7 +sudo yum install python-urllib3 + +# for Arch Linux +pacman -Sy python2-urllib3 + +``` + + diff --git a/manual/upgrade/upgrade_notes_for_6.x.x.md b/manual/upgrade/upgrade_notes_for_6.x.x.md new file mode 100644 index 00000000..5cd83ea7 --- /dev/null +++ b/manual/upgrade/upgrade_notes_for_6.x.x.md @@ -0,0 +1,58 @@ +# Upgrade notes for 6.x.x + +These notes give additional information about changes. +Please always follow the main [upgrade guide](./upgrade.md). + +## Important release changes + +From this version, the Wiki module is hidden by default. Users will not be able to turn it on. For compatibility with older versions, it can be turned on by adding the following line to `seahub_settings.py`: + +```python +ENABLE_WIKI = True + +``` + +## V6.1.0 + +### Video Thumbnails + +Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first. +For details, please refer to the [manual](../deploy/video_thumbnails.md). + +### OnlyOffice + +The system requires some minor changes to support the OnlyOffice document server. +Please follow the instructions [here](../deploy/only_office.md). + +### Pip Pillow upgrade + +``` +# for Ubuntu 16.04 +sudo apt-get install libjpeg-dev +pip install --upgrade Pillow +# If the pillow installation fails you may install +# "build-dep python-imaging" instead of just "libjpeg-dev" + +# for Debian 8 +apt-get install libjpeg-dev +pip install --upgrade Pillow + +# If the pillow installation fails you may install +# "build-dep python-imaging" instead of just "libjpeg-dev" + +# for Centos 7 +sudo yum install libjpeg-dev +pip install --upgrade Pillow + +``` + +### Seahub does not start + +In case Seahub does not start after the upgrade, install python-requests. + +```bash +sudo apt-get install python-requests + +``` + + diff --git a/manual/upgrade/upgrade_notes_for_7.0.x.md b/manual/upgrade/upgrade_notes_for_7.0.x.md new file mode 100644 index 00000000..96802f66 --- /dev/null +++ b/manual/upgrade/upgrade_notes_for_7.0.x.md @@ -0,0 +1,12 @@ +# Upgrade notes for 7.0.x + +These notes give additional information about changes. +Please always follow the main [upgrade guide](./upgrade.md). + +## Upgrade notes for CE-7.0.x + +If you are currently using the Seafile Community Edition, please refer to [Upgrade notes for CE-7.0.x](./ce-7.0.md). + +## Upgrade notes for Pro-7.0.x + +If you are currently using Seafile Professional, please refer to [Upgrade notes for Pro-7.0.x](pro-7.0.md). \ No newline at end of file diff --git a/manual/upgrade/upgrade_notes_for_7.1.x.md b/manual/upgrade/upgrade_notes_for_7.1.x.md new file mode 100644 index 00000000..9250ba30 --- /dev/null +++ b/manual/upgrade/upgrade_notes_for_7.1.x.md @@ -0,0 +1,201 @@ +# Upgrade notes for 7.1.x + +These notes give additional information about changes. +Please always follow the main [upgrade guide](./upgrade.md). + +## Important release changes + +From 7.1.0 version, Seafile will depend on the Python 3 and is not compatible with Python 2. + +Therefore you cannot upgrade directly from Seafile 6.x.x to 7.1.x. + +**If your current version of Seafile is not 7.0.x, you must first download the 7.0.x installation package and **[**upgrade to 7.0.x**](./upgrade_notes_for_7.0.x.md)** before performing the subsequent operations.** + +To support both Python 3.6 and 3.7, we no longer bundle python libraries with Seafile package. You need to install most of the libraries by your own as bellow. + +### Deploy Python3 + +Note, you should install Python libraries system wide using root user or sudo mode. + +#### Seafile-CE + +* For Ubuntu 16.04/18.04 or Debian 10 + + ```sh + apt-get install python3 python3-setuptools python3-pip -y + + sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \ + django-pylibmc django-simple-captcha python3-ldap + + ``` + +* For CentOS 7/8 + + ```sh + yum install python3 python3-setuptools python3-pip -y + + sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \ + django-pylibmc django-simple-captcha python3-ldap + + ``` + +#### Seafile-Pro + +* For Ubuntu 16.04/18.04 or Debian 10 + + ```sh + apt-get install python3 python3-setuptools python3-pip -y + + sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \ + django-pylibmc django-simple-captcha python3-ldap + + ``` + +* For CentOS 7/8 + + ```sh + yum install python3 python3-setuptools python3-pip -y + + sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \ + django-pylibmc django-simple-captcha python3-ldap + + ``` + +### Upgrade to 7.1.x + +1. Stop Seafile-7.0.x server. +2. Start from Seafile 7.0.x, run the script: + + ```sh + upgrade/upgrade_7.0_7.1.sh + + ``` + +3. Clear the Seahub cache: + + ``` + rm -rf /tmp/seahub_cache # Clear the Seahub cache files from disk. + # If you are using the Memcached service, you need to restart the service to clear the Seahub cache. + systemctl restart memcached + + ``` + +4. Start Seafile-7.1.x server. + +### Proxy Seafdav + +After Seafile 7.1.x, Seafdav does not support Fastcgi, only Wsgi. + +This means that if you are using Seafdav functionality and have deployed Nginx or Apache reverse proxy. You need to change Fastcgi to Wsgi. + +#### For Nginx + +For Seafdav, the configuration of Nginx is as follows: + +``` +..... + location /seafdav { + proxy_pass http://127.0.0.1:8080/seafdav; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_read_timeout 1200s; + client_max_body_size 0; + + access_log /var/log/nginx/seafdav.access.log seafileformat; + error_log /var/log/nginx/seafdav.error.log; + } + +``` + +#### For Apache + +For Seafdav, the configuration of Apache is as follows: + +``` +...... + + ProxyPass "http://127.0.0.1:8080/seafdav" + + +``` + +### Builtin office file preview + +The implementation of builtin office file preview has been changed. You should update your configuration according to: + + + +### If you are using Ceph backend + +If you are using Ceph storage backend, you need to install new python library. + +On Debian/Ubuntu (Seafile 7.1+): + +``` +sudo apt-get install python3-rados + +``` + +### Login Page Customization + +If you have customized the login page or other html pages, as we have removed some old javascript libraries, your customized pages may not work anymore. Please try to re-customize based on the newest version. + +### User name encoding issue with Shibboleth login + +> Note, the following patch is included in version pro-7.1.8 and ce-7.1.5 already. + +We have two customers reported that after upgrading to version 7.1, users login via Shibboleth single sign on have a wrong name if the name contains a special character. We suspect it is a Shibboleth problem as it does not sending the name in UTF-8 encoding to Seafile. () + +The solution is to modify the code in seahub/thirdpart/shibboleth/middleware.py: + +``` +158 if nickname.strip(): # set nickname when it's not empty +159 p.nickname = nickname + +to + +158 if nickname.strip(): # set nickname when it's not empty +159 p.nickname = nickname.encode("iso-8859-1”).decode('utf8') + +``` + +If you have this problem too, please let us know. + +## FAQ + +### SQL Error during upgrade + +The upgrade script will try to create a missing table and remove an used index. The following SQL errors are jus warnings and can be ignored: + +``` +[INFO] updating seahub database... +/opt/seafile/seafile-server-7.1.1/seahub/thirdpart/pymysql/cursors.py:170: Warning: (1050, "Table 'base_reposecretkey' already exists") + result = self._query(query) +[WARNING] Failed to execute sql: (1091, "Can't DROP 'drafts_draft_origin_file_uuid_7c003c98_uniq'; check that column/key exists") + +``` + +### Internal server error after upgrade to version 7.1 + +Please check whether the seahub process is running in your server. If it is running, there should be an error log in seahub.log for internal server error. + +If seahub process is not running, you can modify conf/gunicorn.conf, change `daemon = True`  to `daemon = False`  , then run ./seahub.sh again. If there are missing Python dependencies, the error will be reported in the terminal. + +The most common issue is that you use an old memcache configuration that depends on python-memcache. The new way is + +``` +'BACKEND': 'django_pylibmc.memcached.PyLibMCCache' + +``` + +The old way is + +``` +'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + +``` + + diff --git a/manual/upgrade/upgrade_notes_for_8.0.md b/manual/upgrade/upgrade_notes_for_8.0.md new file mode 100644 index 00000000..ffbb1045 --- /dev/null +++ b/manual/upgrade/upgrade_notes_for_8.0.md @@ -0,0 +1,14 @@ +# Upgrade notes for 8.0 + +These notes give additional information about changes. +Please always follow the main [upgrade guide](./upgrade.md). + +## Important release changes + +From 8.0, ccnet-server component is removed. But ccnet.conf is still needed. + +There are no special steps needed when upgrading from 7.1 to 8.0. + +## FAQ + + diff --git a/manual/upgrade/upgrade_with_mysql_or_postgresql.md b/manual/upgrade/upgrade_with_mysql_or_postgresql.md new file mode 100644 index 00000000..6be912d7 --- /dev/null +++ b/manual/upgrade/upgrade_with_mysql_or_postgresql.md @@ -0,0 +1,167 @@ +#Seafile +## Upgrade with MySQL or PostgreSQL + +First, download the new version, for example seafile-server_1.6.0_x86-64.tar.gz, and extract it to the directory where you put all Seafile related staff. You should have a directory layout similar to this: + +``` +haiwen + -- seafile-server-1.5.0 + -- seafile-server-1.6.0 + -- ccnet + -- seafile-data +``` + +## Major Continuous Upgrade (like from 1.5 to 1.6) + +Major continuous upgrade including upgrading from 1.5.0 to 1.6.0 or upgrading from 1.5.0 to 1.6.1. It involves four steps: + +1. Stop Seafile/Seahub +2. Update avatars folder and database tables +3. Update Nginx/Apache configs +4. Restart Seafile/Seahub + +### 2. Update avatars folder and database tables (After Seafile Server 2.1.1 for MySQL) + +Since seafile server 2.1.1, You can upgrade the the avatars folder and the databases using the upgrade scripts. The script's name is like `upgrade_X.X_Y.Y.sh`. For example, assume you are upgrading from seafile server 2.0.0 to seafile server 2.1.1, the you should run the `upgrade_2.0_2.1.sh` script. + +```sh +cd seafile-server-2.1.1/ +./upgrade/upgrade_2.0_2.1.sh +``` + +The script would update the avatars folder and the database tables for you. + +### 2. Update avatars folder and database tables (For PostgreSQL and before Seafile Server 2.1.1) + +Before Seafile Server 2.1.1 or if you are using PostgreSQL, you have to manually: + +- update the avatars folder symbolic link +- update and the database tables + +#### Update avatars symbolic link + +Assume your top level directory is `/data/haiwen/`, and you are upgrading to seafile server version 1.6.0: + +``` +cd /data/haiwen +cp -a seafile-server-1.6.0/seahub/media/avatars/* seahub-data/avatars/ +rm -rf seafile-server-1.6.0/seahub/media/avatars +#the new server avatars' folder will be linked to the updated avatars folder +ln -s -t seafile-server-1.6.0/seahub/media/ ../../../seahub-data/avatars/ +``` + +#### Update database tables + +When a new version of seafile server is released, there may be changes to the database of seafile/seahub/ccnet. We provide the sql statements to update the databases: + +- `upgrade/sql//mysql/seahub.sql`, for changes to seahub database +- `upgrade/sql//mysql/seafile.sql`, for changes to seafile database +- `upgrade/sql//mysql/ccnet.sql`, for changes to ccnet database + +To apply the changes, just execute the sqls in the correspondent database. If any of the sql files above do not exist, it means the new version does not bring changes to the correspondent database. + +```sh +seafile-server-1.6.0 +├── seafile +├── seahub +├── upgrade + ├── sql + ├── 1.6.0 + ├── mysql + ├── seahub.mysql + ├── seafile.mysql + ├── ccnet.mysql +``` + + +### 3. Update Nginx/Apache Config + +For Nginx: + +``` + location /media { + root /data/haiwen/seafile-server-1.6.0/seahub; + } +``` + +For Apache: + +``` +Alias /media /data/haiwen/seafile-server-1.6.0/seahub/media +``` + +**Tip:** +You can create a symbolic link `seafile-server-latest`, and make it point to your current seafile server folder (Since seafile server 2.1.0, the `setup-seafile.sh` script will do this for your). Then, each time you run a upgrade script, it would update the `seafile-server-latest` symbolic link to keep it always point to the latest version seafile server folder. + +In this case, you can write: + +``` + location /media { + root /data/haiwen/seafile-server-latest/seahub; + } +``` + +or For Apache: + +``` +Alias /media /data/haiwen/seafile-server-latest/seahub/media +``` + +This way, you no longer need to update the nginx/apache config file each time you upgrade your seafile server. + + +### 4. Restart Seafile/Seahub/Nginx/Apache + +After done above updating, now restart Seafile/Seahub/Nginx/Apache to see the new version at work! + +## Noncontinuous Upgrade (like from 1.1 to 1.3) + +You may also upgrade a few versions at once, e.g. from 1.1.0 to 1.3.0. +The procedure is: + +1. upgrade from 1.1.0 to 1.2.0; +2. upgrade from 1.2.0 to 1.3.0. + + +## Minor upgrade (like from 1.5.0 to 1.5.1) + +Minor upgrade is like an upgrade from 1.5.0 to 1.5.1. + +Here is our dir strutcutre + +``` +haiwen + -- seafile-server-1.5.0 + -- seafile-server-1.5.1 + -- ccnet + -- seafile-data +``` + +### Update the avatar link + +We provide a script for you, just run it: + +```sh +cd seafile-server-1.5.1 +upgrade/minor-upgrade.sh +``` + +### Update Nginx/Apache Config + +For Nginx: + +``` + location /media { + root /data/haiwen/seafile-server-1.5.1/seahub; + } +``` + +For Apache: + +``` +Alias /media /data/haiwen/seafile-server-1.5.1/seahub/media +``` + +### Restart Seafile/Seahub/Nginx/Apache + +After done above updating, now restart Seafile/Seahub/Nginx/Apache to see the new version at work! diff --git a/mkdocs.yml b/mkdocs.yml new file mode 100644 index 00000000..69159d57 --- /dev/null +++ b/mkdocs.yml @@ -0,0 +1,186 @@ +site_name: Seafile Admin Docs +site_author: seafile +docs_dir: ./manual +site_url: https://haiwen.github.io/seafile-admin-docs/ + +repo_name: haiwen/seafile-admin-docs +repo_url: https://github.com/haiwen/seafile-admin-docs/ + +copyright: Copyright © 2020 seafile + +theme: + name: material + logo: media/seafile-transparent-1024.png + favicon: media/favicon.ico + palette: + primary: deep orange + accent: + +plugins: + - search + - awesome-pages + +# Customization +extra: + social: + - icon: fontawesome/brands/github + link: https://github.com/haiwen/seafile-admin-docs/ + +# Extensions +markdown_extensions: + - markdown.extensions.admonition + - markdown.extensions.attr_list + - markdown.extensions.codehilite: + guess_lang: true + - markdown.extensions.def_list + - markdown.extensions.footnotes + - markdown.extensions.meta + - markdown.extensions.toc: + permalink: true + toc_depth: "1-4" + +# Page tree +nav: + - Overview: + - Forward: overview/README.md + - Seafile Components: overview/components.md + - File permission management: overview/file_permission_management.md + - Roadmap: roadmap.md + - FAQ: faq/README.md + - Contribution: contribution.md + - Changelog: changelog.md + - Deploy Seafile under Linux: + - Forward: deploy/README.md + - Deploy with SQLite: deploy/using_sqlite.md + - Deploy with MySQL: deploy/using_mysql.md + - Deploy with Docker: deploy/deploy_with_docker.md + - Config Seahub with Nginx: deploy/deploy_with_nginx.md + - Enabling Https with Nginx: deploy/https_with_nginx.md + - Config Seahub with Apache: deploy/deploy_with_apache.md + - Enabling Https with Apache: deploy/https_with_apache.md + - LDAP/AD Integration: deploy/using_ldap.md + - Single Sign On: + - Forward: deploy/single_sign_on.md + - Shibboleth Authentication for Seafile v6.2: deploy/shibboleth_config.md + - Shibboleth Authentication for Seafile v6.3+: deploy/shibboleth_config_v6.3.md + - OAuth Authentication: deploy/oauth.md + - Remote User Authentication: deploy/remote_user.md + - Syslog Integration: deploy/using_syslog.md + - Online File Preview and Edit: + - LibreOffice Online Integration: deploy/libreoffice_online.md + - OnlyOffice Integration: deploy/only_office.md + - Other Deployment Notes: + - Start Seafile at System Bootup: deploy/start_seafile_at_system_bootup.md + - Firewall settings: deploy/using_firewall.md + - Logrotate: deploy/using_logrotate.md + - Add Memcached: deploy/add_memcached.md + - Deploy Seafile behind NAT: deploy/deploy_seafile_behind_nat.md + - Deploy Seahub at Non-root domain: deploy/deploy_seahub_at_non-root_domain.md + - Migrate From SQLite to MySQL: deploy/migrate_from_sqlite_to_mysql.md + - Common Problems for Setting up Server: faq.md + - New Directory Layout in Seafile Server 5.0.0: deploy/new_directory_layout_5_0_0.md + - Deploy Seafile Pro Edition: + - Forward: deploy_pro/README.md + - Download and Setup Seafile Professional Server: deploy_pro/download_and_setup_seafile_professional_server.md + - Deploy Seafile-pro with Docker: deploy_pro/deploy_with_docker.md + - Migrate from Seafile Community Server: deploy_pro/migrate_from_seafile_community_server.md + - Upgrading Seafile Professional Server: deploy_pro/upgrading_seafile_professional_server.md + - LDAP/AD Integration: + - LDAP Configuration for Seafile Pro: deploy_pro/using_ldap_pro.md + - Importing Groups from LDAP: deploy_pro/ldap_group_sync.md + - Importing Roles from LDAP: deploy_pro/ldap_role_sync.md + - Online File Preview and Edit: + - Office Documents Preview: deploy_pro/office_documents_preview.md + - Office Online Server Integration: deploy_pro/office_web_app.md + - File Search: deploy_pro/details_about_file_search.md + - Virus Scan: + - Forward: deploy_pro/virus_scan.md + - Run ClamAV as a Daemon: deploy_pro/deploy_clamav_as_daemon.md + - Virus Scan With Kav4fs: deploy_pro/virus_scan_with_kav4fs.md + - Storage Backends: + - Amazon S3 Backend: deploy_pro/setup_with_amazon_s3.md + - Ceph Backend: deploy_pro/setup_with_ceph.md + - OpenStack Swift Backend: deploy_pro/setup_with_swift.md + - Multiple Storage Backends: deploy_pro/multiple_storage_backends.md + - Data migration: deploy_pro/migrate.md + - Cluster Deployment: + - Deploy in a cluster: deploy_pro/deploy_in_a_cluster.md + - Search and background tasks in a cluster: deploy_pro/enable_search_and_background_tasks_in_a_cluster.md + - Memcache and MariaDB Cluster: deploy_pro/memcached_mariadb_cluster.md + - Setup Seafile cluster with NFS: deploy_pro/setup_seafile_cluster_with_nfs.md + - Upgrade a cluster: deploy_pro/upgrade_a_cluster.md + - Advanced User Management: + - Multi-Institutions Support: deploy_pro/multi_institutions.md + - Roles and Permissions: deploy_pro/roles_permissions.md + - Administrator Roles and Permissions: deploy_pro/admin_roles_permissions.md + - Multi-Tenancy Support: deploy_pro/multi_tenancy.md + - Advanced Authentication: + - Two-factor Authentication: deploy_pro/two_factor_authentication.md + - ADFS or SAML 2.0: deploy_pro/adfs.md + - CAS Authentication: deploy_pro/cas.md + - Advanced Maintenance Tools: + - Real-time Backup Server: deploy_pro/real_time_backup.md + - Import Directory To Seafile: deploy_pro/seaf_import.md + - License: deploy_pro/seafile_professional_sdition_software_license_agreement.md + - Deploy Seafile with Docker: + - Deploy Seafile with Docker: docker/deploy seafile with docker.md + - Deploy Seafile Pro Edition with Docker: docker/pro-edition/Deploy Seafile-pro with Docker.md + - Migrate CE to Pro with Docker: docker/pro-edition/Migrate CE to Pro with Docker.md + - Upgrade from 6.3 to 7.0: + - Upgrade Seafile Docker CE: docker/6.3 upgrade to 7.0.md + - Upgrade Seafile Docker Pro: docker/pro-edition/6.3 upgrade to 7.0.md + - Upgrade for other versions: + - 7.0 to 7.1: docker/upgrade/7.0_7.1.md + - Configuration and Customization: + - Forward: config/README.md + - ccnet.conf: config/ccnet-conf.md + - seafile.conf: config/seafile-conf.md + - seahub_settings.py: config/seahub_settings_py.md + - seafevents.conf: config/seafevents-conf.md + - Seahub customization: config/seahub_customization.md + - Email Sending: config/sending_email.md + - Administration: + - Forward: maintain/README.md + - Account management: maintain/account.md + - Logs: maintain/logs.md + - Backup and Recovery: maintain/backup_recovery.md + - Seafile FSCK: maintain/seafile_fsck.md + - Seafile GC: maintain/seafile_gc.md + - Clean database: maintain/clean_database.md + - Export report: maintain/export_report.md + - Upgrade Seafile server: + - Forward: upgrade/upgrade.md + - Upgrade notes for 5.x.x: upgrade/upgrade_notes_for_5.x.x.md + - Upgrade notes for 6.x.x: upgrade/upgrade_notes_for_6.x.x.md + - Upgrade notes for 7.0.x: upgrade/upgrade_notes_for_7.0.x.md + - Upgrade notes for 7.1.x: upgrade/upgrade_notes_for_7.1.x.md + - WebDAV and FUSE extensions: + - Forward: extension/README.md + - WebDAV extension: extension/webdav.md + - FUSE extension: extension/fuse.md + - Security and Auditing: + - Forward: security/README.md + - Security features: security/security_features.md + - Access logs and auditing: security/auditing.md + - Config fail2ban: security/fail2ban.md + - Developing: + - Forward: develop/README.md + - How to Build Seafile: + - Forward: build_seafile/README.md + - Linux: build_seafile/linux.md + - FreeBSD: build_seafile/freebsd.md + - Mac OS X: build_seafile/osx.md + - Server: build_seafile/server.md + - Raspberry Pi: build_seafile/rpi.md + - Develop env: develop/env.md + - Translation: develop/translation.md + - Web API V2.1: develop/web_api_v2.1.md + - Python API: develop/python_api.md + - PHP API: https://github.com/rene-s/Seafile-PHP-SDK + - Data Model: develop/data_model.md + - Server Components: develop/server-components.md + - ChangeLog: + - Seafile Community Edition: changelog/server-changelog.md + - Seafile Professional Edition: changelog/changelog-for-seafile-professional-server.md + - Seafile Client: changelog/client-changelog.md + - Drive Client ChangeLog: changelog/drive-client-changelog.md