From 8a1ac59f38391136a681137c97357d5d63b60ae1 Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Sat, 1 Mar 2025 12:05:25 +0800 Subject: [PATCH 01/58] Add changelog for 12.0.10 --- manual/changelog/server-changelog.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/manual/changelog/server-changelog.md b/manual/changelog/server-changelog.md index 50d543f2..353adab7 100644 --- a/manual/changelog/server-changelog.md +++ b/manual/changelog/server-changelog.md @@ -9,6 +9,15 @@ Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md) +### 12.0.10 (2025-03-01) + +* [fix] Fix seaf-fuse support +* [fix] Fix "save to" button in external link +* [fix] Search library text in system admin page is incorrect +* [fix] Fix library path displays issue in read-only shared +* Improve icons for creating Wiki and inviting links +* [fix] Fix a bug in Collabora integration: Interface in English despite Seafile interface in French + ### 12.0.9 (2025-02-14) * Improve consistency of format of logs From b102aa359f202967fc0affe93d6081e6f7c0a7fb Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Sat, 1 Mar 2025 12:06:20 +0800 Subject: [PATCH 02/58] Add changelog for 12.0.10 --- manual/changelog/server-changelog.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manual/changelog/server-changelog.md b/manual/changelog/server-changelog.md index 353adab7..2befe1f4 100644 --- a/manual/changelog/server-changelog.md +++ b/manual/changelog/server-changelog.md @@ -9,9 +9,9 @@ Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md) -### 12.0.10 (2025-03-01) +### 12.0.10 (2025-03-03) -* [fix] Fix seaf-fuse support +* [fix] Fix seaf-fuse support * [fix] Fix "save to" button in external link * [fix] Search library text in system admin page is incorrect * [fix] Fix library path displays issue in read-only shared From 659382fef569c2dd9ddac74eec5eb5f16c18a36c Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Mon, 3 Mar 2025 18:11:52 +0800 Subject: [PATCH 03/58] fix: migrate from non-docker --- manual/setup/migrate_non_docker_to_docker.md | 143 ++++++++++++------- 1 file changed, 92 insertions(+), 51 deletions(-) diff --git a/manual/setup/migrate_non_docker_to_docker.md b/manual/setup/migrate_non_docker_to_docker.md index f137e81e..c9def782 100644 --- a/manual/setup/migrate_non_docker_to_docker.md +++ b/manual/setup/migrate_non_docker_to_docker.md @@ -1,24 +1,27 @@ # Migrate from non-docker Seafile deployment to docker -!!! note "For Seafile cluster" - This document is writting to about the single node, you have to do the following opeartions (except migtating database) in **all nodes** +!!! note + - This document is writting to about the single node, you have to do the following opeartions (except migtating database) in **all nodes** if you are using *Seafile Cluster* + - Normally, we only recommend that you perform the migration operation **on two different machines** according to the solution in this document. If you decide to perform the operation on the same machine, **please pay attention to the corresponding tips in the document**. -The recommended steps to migrate from non-docker deployment to docker deployment are: +The recommended steps to migrate from non-docker deployment to docker deployment on two different machines are: -1. Shutdown Seafile and native Nginx, Memcached -2. Backup Seafile data (database also neet to backup if you are not use an existed MySQL database to deploy non-Docker version Seafile) -3. Create the directory needed for Seafile Docker image to run, and recover the data. (If you are use an existed MySQL database to deploy non-Docker version Seafile, the data from database also need to recover) -4. Download the `.yml` files and `.env`. -5. Start Seafile Docker +1. Upgrade your Seafile server to the latest version. +2. Shutdown the Seafile, Nginx and Memcached according to your situations. +3. Backup MySQL databse and Seafile libraries data. +4. Recover the MySQL database and Seafile libraries in the new machine. +5. Download the `.yml` files and `.env`, and modify it according to your old Seafile configurations +6. Start Seafile Docker +7. Shutdown the old MySQL (or Mariadb) according to your situations. -## Before Migration +## Upgrade your Seafile server -Upgrade the version of the binary package to [latest version](../upgrade/upgrade_notes_for_12.0.x.md), and ensure that the system is running normally. +You have to upgrade the version of the binary package to [latest version](../upgrade/upgrade_notes_for_12.0.x.md) before the migration, and ensure that the system is running normally. !!! tip If you running a very old version of Seafile, you can following the [FAQ item](https://cloud.seatable.io/dtable/external-links/7b976c85f504491cbe8e/?tid=0000&vid=0000&row-id=VYQI9DJfRmCv5NggcX4f0Q) to migrate to the latest version -## Stop Services +## Stop basic Services (except MySQL) ### Stop Seafile server Run the following commands in `/opt/seafile/seafile-server-latest`: @@ -39,7 +42,7 @@ su seafile ./seahub.sh stop ``` -### Stop Nginx, cached server (e.g., *Memcached*), ElasticSearch +### Stop Nginx, cache server (e.g., *Memcached*), ElasticSearch You have to stop the above services to avoid losing data before migrating. @@ -49,15 +52,85 @@ systemctl stop memcached && systemctl disable memcached docker stop es && docker remove es ``` -If you are not using an existed MySQL, you have to shutdown MySQL service too. - -## Backup Seafile +## Backup MySQL database and Seafile server Please follow [here](../administration/backup_recovery.md#backup-and-restore-for-binary-package-based-deployment) to backup: -- Backing up Databases (only if you are not using an existed database to deploy non-Docker version Seafile) +- Backing up MySQL Databases - Backing up Seafile library data +!!! note "Use *external MySQL service* or the *old MySQL service*" + You can skip the step *Backing up MySQL Databases* now for this situation, however, you have to configure the external MySQL server configuration information by following [here](./setup_with_an_existing_mysql_server.md) **after downloading `.yml` and `.env` section**. + + +## Create the directory and recovery data for Seafile Docker + +In Docker-base Seafile, the default working directory for Seafile is `/opt/seafile-data` (you can modify them in the `.env` file). Here, you have to create this directory, and recovery from backuped file: + +```sh +mkdir -p /opt/seafile-data/seafile + +# recover seafile data +cp /backup/data/* /opt/seafile-data/seafile +``` + +## Recover the Database (only for the new MySQL service used in Seafile docker) + +1. Pull *Mariadb* image + + !!! tip + By default, Seafile Docker will use *Mariadb* as the database server and version **10.11** from Seafile 10 Docker. You can specify a new version tag or image according to your situation, but donot forget to modify the `.env` on the next section. + + ```sh + docker pull mariadb:10.11 + ``` + +2. Start the *Mariadb* service with the persistent directory `/opt/seafile-mysql/db`, plase replace `` to your `root` user password and `` to the database backup directory: + + ```sh + docker run -d --rm \ + --name seafile-mariadb \ + -e MYSQL_ROOT_PASSWORD= \ + -e MYSQL_LOG_CONSOLE=true \ + -e MARIADB_AUTO_UPGRADE=1 \ + -v "/opt/seafile-mysql/db:/var/lib/mysql" \ + -v ":/tmp_sqls" \ + mariadb:10.11 + ``` + +3. Enter the container and Mariadb environment:` + + ```sh + docker exec -it seafile-mariadb bash + mariadb -p + ``` + +4. Execute the following SQL sentences, please replace `` to the password of the `seafile` user in the database: + + !!! tip "Default database properties used in Seafile" + You can modify the database configuration (e.g., the user used in Seafile server and relative database name in the following statement), and donot forget to modify in `.env` on the next section, please refer [here](./setup_pro_by_docker.md#downloading-and-modifying-env) for further details. + + + ```sql + CREATE DATABASE `seafile_db` CHARSET UTF8; + CREATE DATABASE `ccnet_db` CHARSET UTF8; + CREATE DATABASE `seahub_db` CHARSET UTF8; + + CREATE USER 'seafile'@'%' IDENTIFIED BY ''; + + GRANT ALL PRIVILEGES ON `ccnet_db`.* to 'seafile'@'%'; + GRANT ALL PRIVILEGES ON `seafile_db`.* to 'seafile'@'%'; + GRANT ALL PRIVILEGES ON `seahub_db`.* to 'seafile'@'%'; + ``` + +5. Then you can follow [here](../administration/backup_recovery.md#restore-the-databases-1) to restore the database data. Your database backup files should be in the directory `/tmp_sqls` + +6. Finally, exit the container and stop the Mariadb service + + ```sh + docker stop seafile-mariadb + ``` + ## Download the docker-compose files You have to download the latest docker-compose files (i.e., series of `.yml` and its configuration file `.env`) in order to startup the relative services: @@ -78,45 +151,11 @@ You have to download the latest docker-compose files (i.e., series of `.yml` and wget https://manual.seafile.com/12.0/repo/docker/caddy.yml ``` -Then modify the `.env` according to your configurations. +Then modify the `.env` according to your configurations, you can refer [here](./setup_pro_by_docker.md#downloading-and-modifying-env) for further details. !!! warning "Important" **Do not** use the `.env` in the non-Docker Seafile server as the `.env` in Docker-base Seafile server directly, which misses some key variables in running Docker-base Seafile. Otherwise the Seafile server may **not work properly**. - -## Create the directory and recovery data for Seafile Docker - -In Docker-base Seafile, the default working directory for Seafile is `/opt/seafile-data` (you can modify them in the `.env` file). Here, you have to create this directory, and recovery from backuped file: - -```sh -mkdir -p /opt/seafile-data/seafile - -# recover seafile data -cp /backup/data/* /opt/seafile-data/seafile -``` - -## Recover the Database (only if not use an existed MySQL) - -You should start the services Firstly, otherwise you cannot connect to MySQL service (`mariadb` now in docker-compose Seafile): - -```sh -docker compose up -d -``` - -After startuping the MySQL service, you should create the MySQL user (e.g., `seafile`, defined in your `.env` file) and add related permissions: - -``` -## Note, change the password according to the actual password you use -GRANT ALL PRIVILEGES ON *.* TO 'seafile'@'%' IDENTIFIED BY 'your-password' WITH GRANT OPTION; - -## Grant seafile user can connect the database from any IP address -GRANT ALL PRIVILEGES ON `ccnet_db`.* to 'seafile'@'%'; -GRANT ALL PRIVILEGES ON `seafile_db`.* to 'seafile'@'%'; -GRANT ALL PRIVILEGES ON `seahub_db`.* to 'seafile'@'%'; -``` - -Then you can follow [here](../administration/backup_recovery.md#restore-the-databases-1) to restore the database data - ## Restart the services Finally, the migration is complete. You can restart the Seafile server of Docker-base by restarting the service: @@ -140,3 +179,5 @@ docker compose up -d Done. ``` + +If your old MySQL service are not a dependency of other services, you can shutdown it. From caf686e7d2cb28412f577974a2a9b75f3160ec7a Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Mon, 3 Mar 2025 18:13:34 +0800 Subject: [PATCH 04/58] fix: minimal install for mariadb in backup and recover --- manual/administration/backup_recovery.md | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/manual/administration/backup_recovery.md b/manual/administration/backup_recovery.md index 1051d87c..b8c43bb3 100644 --- a/manual/administration/backup_recovery.md +++ b/manual/administration/backup_recovery.md @@ -53,6 +53,16 @@ mysqldump -h [mysqlhost] -u[username] -p[password] --opt seahub_db > /backup/dat ``` +!!! danger "`mysqldump`: command not found" + You may encounter this problem on some machines with a minimal Mariadb server installed. If you encounter this error, use the `mariadb-dump` command, such as: + + ```sh + mariadb-dump -h [mysqlhost] -u[username] -p[password] --opt ccnet_db > /backup/databases/ccnet_db.sql.`date +"%Y-%m-%d-%H-%M-%S"` + + mariadb-dump -h [mysqlhost] -u[username] -p[password] --opt seafile_db > /backup/databases/seafile_db.sql.`date +"%Y-%m-%d-%H-%M-%S"` + + mariadb-dump -h [mysqlhost] -u[username] -p[password] --opt seahub_db > /backup/databases/seahub_db.sql.`date +"%Y-%m-%d-%H-%M-%S"` + ``` ### Backing up Seafile library data @@ -87,7 +97,6 @@ Now supposed your primary seafile server is broken, you're switching to a new ma Now with the latest valid database backup files at hand, you can restore them. -**MySQL** ``` mysql -u[username] -p[password] ccnet_db < ccnet_db.sql.2013-10-19-16-00-05 @@ -96,6 +105,14 @@ mysql -u[username] -p[password] seahub_db < seahub_db.sql.2013-10-19-16-01-05 ``` +!!! danger "`mysql`: command not found" + You may encounter this problem on some machines with a minimal Mariadb server installed. If you encounter this error, use the `mariadb` command, such as: + + ```sh + mariadb -u[username] -p[password] ccnet_db < ccnet_db.sql.2013-10-19-16-00-05 + mariadb -u[username] -p[password] seafile_db < seafile_db.sql.2013-10-19-16-00-20 + mariadb -u[username] -p[password] seahub_db < seahub_db.sql.2013-10-19-16-01-05 + ``` ## Backup and restore for Docker based deployment From 2e30b400ce90c5847b3ca3bfbc4e389c5f5d3e89 Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Mon, 3 Mar 2025 18:28:03 +0800 Subject: [PATCH 05/58] fix: fuse content missing in host --- manual/extension/fuse.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/manual/extension/fuse.md b/manual/extension/fuse.md index 082a6bad..18fe5b6c 100644 --- a/manual/extension/fuse.md +++ b/manual/extension/fuse.md @@ -25,7 +25,11 @@ Add the following content ... volumes: ... - - /opt/seafile-fuse: /seafile-fuse + - type: bind + source: /opt/seafile-fuse + target: /seafile-fuse + bind: + propagation: rshared privileged: true cap_add: - SYS_ADMIN From 804890feb0ccf2fa0a3eaf483ca49bbaefaa7297 Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Tue, 4 Mar 2025 10:33:48 +0800 Subject: [PATCH 06/58] opt:adjusting migration strategy --- manual/setup/migrate_non_docker_to_docker.md | 133 ++++++------------- 1 file changed, 38 insertions(+), 95 deletions(-) diff --git a/manual/setup/migrate_non_docker_to_docker.md b/manual/setup/migrate_non_docker_to_docker.md index c9def782..1dff35c8 100644 --- a/manual/setup/migrate_non_docker_to_docker.md +++ b/manual/setup/migrate_non_docker_to_docker.md @@ -1,7 +1,7 @@ # Migrate from non-docker Seafile deployment to docker !!! note - - This document is writting to about the single node, you have to do the following opeartions (except migtating database) in **all nodes** if you are using *Seafile Cluster* + - This document is written to about the single node, you have to do the following opeartions (except migtating database) in **all nodes** if you are using *Seafile Cluster* - Normally, we only recommend that you perform the migration operation **on two different machines** according to the solution in this document. If you decide to perform the operation on the same machine, **please pay attention to the corresponding tips in the document**. The recommended steps to migrate from non-docker deployment to docker deployment on two different machines are: @@ -9,10 +9,9 @@ The recommended steps to migrate from non-docker deployment to docker deployment 1. Upgrade your Seafile server to the latest version. 2. Shutdown the Seafile, Nginx and Memcached according to your situations. 3. Backup MySQL databse and Seafile libraries data. -4. Recover the MySQL database and Seafile libraries in the new machine. -5. Download the `.yml` files and `.env`, and modify it according to your old Seafile configurations -6. Start Seafile Docker -7. Shutdown the old MySQL (or Mariadb) according to your situations. +4. Deploy the Seafile Docker in the new machine. +5. Recover the Seafile libraries and MySQL database in the new machine. +6. Start Seafile Docker and shutdown the old MySQL (or Mariadb) according to your situations. ## Upgrade your Seafile server @@ -56,105 +55,65 @@ docker stop es && docker remove es Please follow [here](../administration/backup_recovery.md#backup-and-restore-for-binary-package-based-deployment) to backup: -- Backing up MySQL Databases +- Backing up MySQL databases - Backing up Seafile library data + +## Deploy the Seafile Docker + +You can follow [here](./overview.md#single-node-deployment) to deploy Seafile with Docker, please use your old configurations when modifying `.env`, and make sure the Seafile server is running normally after deployment. + !!! note "Use *external MySQL service* or the *old MySQL service*" - You can skip the step *Backing up MySQL Databases* now for this situation, however, you have to configure the external MySQL server configuration information by following [here](./setup_with_an_existing_mysql_server.md) **after downloading `.yml` and `.env` section**. + This document is written to migrate from non-Docker version to Docker version Seafile between two different machines. We suggest using the Docker-compose *Mariadb* service (version 10.11 by default) as the database service in after-migration Seafile. If you would like to use an existed MySQL service, always in which situation you try to do migrate operation on the same host or the old MySQL service is the dependency of other services, you have to follow [here](./setup_with_an_existing_mysql_server.md) to deploy Seafile. +## Recovery libraries data for Seafile Docker -## Create the directory and recovery data for Seafile Docker - -In Docker-base Seafile, the default working directory for Seafile is `/opt/seafile-data` (you can modify them in the `.env` file). Here, you have to create this directory, and recovery from backuped file: +Firstly, you should stop the Seafile server before recovering Seafile libraries data: ```sh -mkdir -p /opt/seafile-data/seafile +docker compose down +``` -# recover seafile data +Then recover the data from backuped file: + +```sh cp /backup/data/* /opt/seafile-data/seafile ``` ## Recover the Database (only for the new MySQL service used in Seafile docker) -1. Pull *Mariadb* image +1. Add a temporary persistent directory, where the database backup files are, to the `seafile-server.yml` for service `db`: - !!! tip - By default, Seafile Docker will use *Mariadb* as the database server and version **10.11** from Seafile 10 Docker. You can specify a new version tag or image according to your situation, but donot forget to modify the `.env` on the next section. + ```yml + services: + db: + volumes: + ... + - ":/tmp_sqls" + ... + ``` + +2. Start the database service **Only**: ```sh - docker pull mariadb:10.11 + docker compose up -d --no-deps db ``` -2. Start the *Mariadb* service with the persistent directory `/opt/seafile-mysql/db`, plase replace `` to your `root` user password and `` to the database backup directory: +3. Enter the container and *Mariadb* environment:` ```sh - docker run -d --rm \ - --name seafile-mariadb \ - -e MYSQL_ROOT_PASSWORD= \ - -e MYSQL_LOG_CONSOLE=true \ - -e MARIADB_AUTO_UPGRADE=1 \ - -v "/opt/seafile-mysql/db:/var/lib/mysql" \ - -v ":/tmp_sqls" \ - mariadb:10.11 + docker exec -it seafile-mysql bash ``` -3. Enter the container and Mariadb environment:` +4. Follow [here](../administration/backup_recovery.md#restore-the-databases-1) to recover the database data. Your database backup files should be in the directory `/tmp_sqls` + +5. Finally, exit the container and stop the Mariadb service ```sh - docker exec -it seafile-mariadb bash - mariadb -p + docker compose down ``` -4. Execute the following SQL sentences, please replace `` to the password of the `seafile` user in the database: - - !!! tip "Default database properties used in Seafile" - You can modify the database configuration (e.g., the user used in Seafile server and relative database name in the following statement), and donot forget to modify in `.env` on the next section, please refer [here](./setup_pro_by_docker.md#downloading-and-modifying-env) for further details. - - - ```sql - CREATE DATABASE `seafile_db` CHARSET UTF8; - CREATE DATABASE `ccnet_db` CHARSET UTF8; - CREATE DATABASE `seahub_db` CHARSET UTF8; - - CREATE USER 'seafile'@'%' IDENTIFIED BY ''; - - GRANT ALL PRIVILEGES ON `ccnet_db`.* to 'seafile'@'%'; - GRANT ALL PRIVILEGES ON `seafile_db`.* to 'seafile'@'%'; - GRANT ALL PRIVILEGES ON `seahub_db`.* to 'seafile'@'%'; - ``` - -5. Then you can follow [here](../administration/backup_recovery.md#restore-the-databases-1) to restore the database data. Your database backup files should be in the directory `/tmp_sqls` - -6. Finally, exit the container and stop the Mariadb service - - ```sh - docker stop seafile-mariadb - ``` - -## Download the docker-compose files - -You have to download the latest docker-compose files (i.e., series of `.yml` and its configuration file `.env`) in order to startup the relative services: - -=== "Seafile CE" - - ```sh - wget -O .env https://manual.seafile.com/12.0/repo/docker/ce/env - wget https://manual.seafile.com/12.0/repo/docker/ce/seafile-server.yml - wget https://manual.seafile.com/12.0/repo/docker/caddy.yml - ``` - -=== "Seafile Pro" - - ```sh - wget -O .env https://manual.seafile.com/12.0/repo/docker/pro/env - wget https://manual.seafile.com/12.0/repo/docker/pro/seafile-server.yml - wget https://manual.seafile.com/12.0/repo/docker/caddy.yml - ``` - -Then modify the `.env` according to your configurations, you can refer [here](./setup_pro_by_docker.md#downloading-and-modifying-env) for further details. - -!!! warning "Important" - **Do not** use the `.env` in the non-Docker Seafile server as the `.env` in Docker-base Seafile server directly, which misses some key variables in running Docker-base Seafile. Otherwise the Seafile server may **not work properly**. + and remove the temporary persistent directory in `seafile-server.yml` (i.e., undo the step 1) ## Restart the services @@ -164,20 +123,4 @@ Finally, the migration is complete. You can restart the Seafile server of Docker docker compose up -d ``` -!!! success - After staring the services, you can use `docker logs -f seafile` to follow the logs output from *Seafile* to check the status of the server. When the service is running normally, you will get the following message: - - ``` - Starting seafile server, please wait ... - Seafile server started - - Done. - - Starting seahub at port 8000 ... - - Seahub is started - - Done. - ``` - -If your old MySQL service are not a dependency of other services, you can shutdown it. +By the way, you can shutdown the old MySQL service, if it is not a dependency of other services, . From defad79b165e81aa4a27d0ccb0581b768b17287d Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Tue, 4 Mar 2025 17:36:16 +0800 Subject: [PATCH 07/58] Add changelog for pro 12.0.10 --- .../changelog-for-seafile-professional-server.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/manual/changelog/changelog-for-seafile-professional-server.md b/manual/changelog/changelog-for-seafile-professional-server.md index 650470e6..e0361c67 100644 --- a/manual/changelog/changelog-for-seafile-professional-server.md +++ b/manual/changelog/changelog-for-seafile-professional-server.md @@ -8,6 +8,20 @@ Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md) + +### 12.0.10 (2025-03-05) + +* [fix] Fix seaf-fuse support +* [fix] Fix "save to" button in external link +* [fix] Search library text in system admin page is incorrect +* [fix] Fix library path displays issue in read-only shared +* Improve icons for creating Wiki and inviting links +* [fix] Fix a bug in Collabora integration: Interface in English despite Seafile interface in French +* Delete temp files if zip download failed +* Create a record in social_auth table when user login via SSO even if SSO_LDAP_USE_SAME_UID enabled +* [fix] Cannot create a share link with the “cloud edit” permission for OpenDocument (odt, ods, odp, odg) + + ### 12.0.9 beta (2025-02-12) * [fix] Fix a bug related to smart-link in mutli-tenancy mode From d1cbd024661a16d58115e9e44ac305ee0984a02c Mon Sep 17 00:00:00 2001 From: Jiaqiang Xu Date: Wed, 5 Mar 2025 11:07:33 +0800 Subject: [PATCH 08/58] Update security_features.md Update descriptions for encrypted library. --- manual/administration/security_features.md | 33 +++++++++++++++++----- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/manual/administration/security_features.md b/manual/administration/security_features.md index 762b0b81..36a6237c 100644 --- a/manual/administration/security_features.md +++ b/manual/administration/security_features.md @@ -13,25 +13,42 @@ There are a few limitation about this feature: 1. File metadata is NOT encrypted. The metadata includes: the complete list of directory and file names, every files size, the history of editors, when, and what byte ranges were altered. 2. The client side encryption does currently NOT work while using the web browser and the cloud file explorer of the desktop client. When you are browsing encrypted libraries via the web browser or the cloud file explorer, you need to input the password and the server is going to use the password to decrypt the "file key" for the library (see description below) and cache the password in memory for one hour. The plain text password is never stored or cached on the server. 3. If you create an encrypted library on the web interface, the library password and encryption keys will pass through the server. If you want end-to-end protection, you should create encrypted libraries from desktop client only. -4. For encryption protocol version 3 or newer, each library use its own salt to derive key/iv pairs. However, all files within a library shares the same salt. Likewise, all the files within a library are encrypted with the same key/iv pair. With encryption protocol version <= 2, all libraries use the same salt, but separate key/iv pairs. +4. For encryption protocol version 4, each library use its own salt to derive key/iv pairs. However, all files within a library shares the same salt. Likewise, all the files within a library are encrypted with the same key/iv pair. With encryption protocol version 2, all libraries use the same salt, but separate key/iv pairs. 5. Encrypted library doesn't ensure file integrity. For example, the server admin can still partially change the contents of files in an encrypted library. The client is not able to detect such changes to contents. -The client side encryption works on iOS client since version 2.1.6. The Android client support client side encryption since version 2.1.0. - +The client side encryption works on iOS client since version 2.1.6. The Android client support client side encryption since version 2.1.0. But since version 3.0.0, the iOS and Android clients drop support for client side encryptioin. You need to send the password to the server to encrypt/decrypt files. ## How does an encrypted library work? When you create an encrypted library, you'll need to provide a password for it. All the data in that library will be encrypted with the password before uploading it to the server (see limitations above). -The encryption procedure is: +### Encryption/Decryption procedure + +There are currently two supported encryption protocol versions for encrypted libraries, version 2 and versioin 4. The two versions shares the same basic procedure so we first describe the procedure. 1. Generate a 32-byte long cryptographically strong random number. This will be used as the file encryption key ("file key"). -2. Encrypt the file key with the user provided password. We first use PBKDF2 algorithm (1000 iterations of SHA256) to derive a key/iv pair from the password, then use AES 256/CBC to encrypt the file key. The result is called the "encrypted file key". This encrypted file key will be sent to and stored on the server. When you need to access the data, you can decrypt the file key from the encrypted file key. -3. All file data is encrypted by the file key with AES 256/CBC. We use PBKDF2 algorithm (1000 iterations of SHA256) to derive key/iv pair from the file key. After encryption, the data is uploaded to the server. +2. Encrypt the file key with the user provided password. We first use a secure hash algorithm to derive a key/iv pair from the password, then use AES 256/CBC to encrypt the file key. The result is called the "encrypted file key". This encrypted file key will be sent to and stored on the server. When you need to access the data, you can decrypt the file key from the encrypted file key. +3. A "magic token" is derived from the password and library id, with the same secure hash algorithm. This token is stored with the library and will be use to check passwords before decrypting data later. +4. All file data is encrypted by the file key with AES 256/CBC. We use PBKDF2-SHA256 with 1000 iterations to derive key/iv pair from the file key. After encryption, the data is uploaded to the server. + +The only difference between version 2 and version 4 is on the usage of salt for the secure hash algorithm. In version 2, all libaries share the same fixed salt. In version 4, each library will use a separate and randomly generated salt. + +### Secure hash algorithms for password verification + +A secure hash algorithm is used to derive key/iv pair for encrypting the file key. So it's critical to choose a relatively costly algorithm to prevent brute-force guessing for the password. + +Before version 12, a fixed secure hash algorithm (PBKDF2-SHA256 with 1000 iterations) is used, which is far from secure for today's standard. + +Since Seafile server version 12, we allow the admin to choose proper secure hash algorithms. Currently two hash algorithms are supported. + +* PBKDF2: The only available parameter is the number of iterations. You need to increase the the number of iterations over time, as GPUs are more and more used for such calculation. The default number of iterations is 1000. As of 2023, the recommended iterations is 600,000. +* Argon2id: Secure hash algorithm that has high cost even for GPUs. There are 3 parameters that can be set: time cost, memory cost, and parallelism degree. The parameters are seperated by commas, e.g. "2,102400,8", which the default parameters used in Seafile. Learn more about this algorithm on https://github.com/P-H-C/phc-winner-argon2 . + +### Client-side encryption and decryption The above encryption procedure can be executed on the desktop and the mobile client. The Seahub browser client uses a different encryption procedure that happens at the server. Because of this your password will be transferred to the server. -When you sync an encrypted library to the desktop, the client needs to verify your password. When you create the library, a "magic token" is derived from the password and library id. This token is stored with the library on the server side. The client use this token to check whether your password is correct before you sync the library. The magic token is generated by PBKDF2 algorithm with 1000 iterations of SHA256 hash. +When you sync an encrypted library to the desktop, the client needs to verify your password. When you create the library, a "magic token" is derived from the password and library id. This token is stored with the library on the server side. The client use this token to check whether your password is correct before you sync the library. The magic token is generated by the secure hash algorithm chosen when the library was created. For maximum security, the plain-text password won't be saved on the client side, too. The client only saves the key/iv pair derived from the "file key", which is used to decrypt the data. So if you forget the password, you won't be able to recover it or access your data on the server. @@ -39,6 +56,8 @@ For maximum security, the plain-text password won't be saved on the client side, When a file download link is clicked, a random URL is generated for user to access the file from fileserver. This url can only be access once. After that, all access will be denied to the url. So even if someone else happens to know about the url, he can't access it anymore. +This was changed in Seafile server version 12. Instead of a random URL, a URL like 'https://yourserver.com/seafhttp/repos/{library id}/file_path' is used for downloading the file. Authorization will be done by checking cookies or API tokens on the server side. This makes the URL more cache-friendly while still being secure. + ## How does Seafile store user login password? User login passwords are stored in hash form only. Note that user login password is different from the passwords used in encrypted libraries. In the database, its format is From 8f7c115b1140e5d2db33442c4cd5d509afc31c6d Mon Sep 17 00:00:00 2001 From: Jiaqiang Xu Date: Wed, 5 Mar 2025 11:10:35 +0800 Subject: [PATCH 09/58] Update seahub_settings_py.md Update description for encrypted library versions. --- manual/config/seahub_settings_py.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/manual/config/seahub_settings_py.md b/manual/config/seahub_settings_py.md index ffd737d5..b4d9ffaf 100644 --- a/manual/config/seahub_settings_py.md +++ b/manual/config/seahub_settings_py.md @@ -162,7 +162,9 @@ ENABLE_ENCRYPTED_LIBRARY = True # version for encrypted library # should only be `2` or `4`. -# version 3 is insecure (using AES128 encryption) so it's not recommended any more. +# version 3 is insecure (using AES128 encryption) so it's not supported any more. +# refer to https://manual.seafile.com/latest/administration/security_features/#how-does-an-encrypted-library-work +# for the difference between version 2 and 4. ENCRYPTED_LIBRARY_VERSION = 2 # Since version 12, you can choose password hash algorithm for new encrypted libraries. From 8626408e5f833d7a179aefda2c0c4a8bca87d4a9 Mon Sep 17 00:00:00 2001 From: rumtid Date: Wed, 5 Mar 2025 16:15:00 +0800 Subject: [PATCH 10/58] docs: update Windows development setup instructions for vcpkg (#471) --- manual/develop/windows.md | 16 ++-------------- 1 file changed, 2 insertions(+), 14 deletions(-) diff --git a/manual/develop/windows.md b/manual/develop/windows.md index 68b4a943..644a84c9 100644 --- a/manual/develop/windows.md +++ b/manual/develop/windows.md @@ -19,21 +19,9 @@ The following setups are required for building and packaging Sync Client on Wind * Qt WebChannel * Qt WebEngine * Qt VS Tools -* vcpkg - * curl\[openssl\]:x64-windows - * getopt:x64-windows - * glib:x64-windows - * jansson:x64-windows - * libevent:x64-windows - * libwebsockets:x64-windows - * openssl:x64-windows - * pthreads:x64-windows - * sqlite3:x64-windows - * zlib:x64-windows - * argon2:x64-windows +* vcpkg (it is recommended to update to the latest version) - # Example of the install command: - $ ./vcpkg.exe install curl[core,openssl]:x64-windows + Note: Dependencies will be automatically downloaded and compiled when building VS projects. * Python 3.7 * [wix](https://github.com/wixtoolset/wix3/releases/tag/wix3111rtm) From dc4129a3a7d24a70abd9be74385fbef57df68cc5 Mon Sep 17 00:00:00 2001 From: Jiaqiang Xu Date: Thu, 6 Mar 2025 18:48:22 +0800 Subject: [PATCH 11/58] Update drive-client-changelog.md 3.0.13 --- manual/changelog/drive-client-changelog.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/manual/changelog/drive-client-changelog.md b/manual/changelog/drive-client-changelog.md index d3626486..ca75dc7b 100644 --- a/manual/changelog/drive-client-changelog.md +++ b/manual/changelog/drive-client-changelog.md @@ -1,6 +1,16 @@ # SeaDrive Client Changelog -### 3.0.12 (2024/12/03)¶ +### 3.0.13 (2025/03/06) + +* Support PDF previews +* Don't timeout for fs-id-list requests +* Upgrade OpenSSL +* \[mac] Fix handling of "._DS" files +* \[win] Add user name in the SeaDrive entry in Windows Explorer +* \[linux] Support importing CA certificates from OS +* \[linux] Auto lock Office files opened by LibreOffice and WPS + +### 3.0.12 (2024/12/03) * Handle changes of invisible sub-folder permissions * Support encrypted library with custom password hash algorithms * [mac] Add back file search UI From 22f6c9852d5913da5b5707689c9f2aba523bb9ea Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Tue, 11 Mar 2025 11:20:20 +0800 Subject: [PATCH 12/58] update seasearch.yml --- manual/repo/docker/pro/seasearch.yml | 69 +++++++++++++--------------- 1 file changed, 31 insertions(+), 38 deletions(-) diff --git a/manual/repo/docker/pro/seasearch.yml b/manual/repo/docker/pro/seasearch.yml index 6cf1cdcc..84aea0ff 100644 --- a/manual/repo/docker/pro/seasearch.yml +++ b/manual/repo/docker/pro/seasearch.yml @@ -5,45 +5,38 @@ services: volumes: - ${SS_DATA_PATH:-/opt/seasearch-data}:/opt/seasearch/data environment: - - ZINC_FIRST_ADMIN_USER=${INIT_SS_ADMIN_USER:-} - - ZINC_FIRST_ADMIN_PASSWORD=${INIT_SS_ADMIN_PASSWORD:-} - - GIN_MODE=${GIN_MODE:-release} - - ZINC_WAL_ENABLE=${SS_WAL_ENABLE:-true} - - ZINC_STORAGE_TYPE=${SS_STORAGE_TYPE:-} - - ZINC_SHARD_NUM=${SS_SHARD_NUM:-} - - ZINC_MAX_OBJ_CACHE_SIZE=${SS_MAX_OBJ_CACHE_SIZE:-10GB} - - ZINC_S3_ACCESS_ID=${SS_S3_ACCESS_ID:-} - - ZINC_S3_USE_V4_SIGNATURE=${SS_S3_USE_V4_SIGNATURE:-false} - - ZINC_S3_ACCESS_SECRET=${SS_S3_ACCESS_SECRET:-} - - ZINC_S3_ENDPOINT=${SS_S3_ENDPOINT:-s3.us-east-1.amazonaws.com`} - - ZINC_S3_BUCKET=${SS_S3_BUCKET:-} - - ZINC_S3_USE_HTTPS=${SS_S3_USE_HTTPS:-true} - - ZINC_S3_PATH_STYLE_REQUEST=${SS_S3_PATH_STYLE_REQUEST:-true} - - ZINC_S3_AWS_REGION=${SS_S3_AWS_REGION:-us-east-1} - - ZINC_S3_SSE_C_KEY=${SS_S3_SSE_C_KEY:-} - - ZINC_SERVER_MODE=${SS_SERVER_MODE:-} - - ZINC_CLUSTER_ID=${SS_CLUSTER_ID:-} - - ZINC_ETCD_USERNAME=${SS_ETCD_USERNAME:-} - - ZINC_ETCD_PASSWORD=${SS_ETCD_PASSWORD:-} - - ZINC_CLUSTER_PROXY_LOG_DIR=${SS_CLUSTER_PROXY_LOG_DIR:-/opt/seasearch/data/log} - - ZINC_CLUSTER_PROXY_HOST=${SS_CLUSTER_PROXY_HOST:-0.0.0.0} - - ZINC_CLUSTER_PROXY_PORT=${SS_CLUSTER_PROXY_PORT:-4082} - - ZINC_ETCD_ENDPOINTS=${SS_ETCD_ENDPOINTS:-127.0.0.1:2379} - - ZINC_ETCD_PREFIX=${SS_ETCD_PREFIX:-/zinc} - - ZINC_MAX_DOCUMENT_SIZE=${SS_MAX_DOCUMENT_SIZE:-1m} - - ZINC_CLUSTER_MANAGER_ADDR=${SS_CLUSTER_MANAGER_ADDR:-127.0.0.1:4081} - - ZINC_CLUSTER_MANAGER_LOG_DIR=${SS_CLUSTER_MANAGER_LOG_DIR:-/opt/seasearch/data/log} - - ZINC_CLUSTER_MANAGER_HOST=${SS_CLUSTER_MANAGER_HOST:-0.0.0.0} - - ZINC_CLUSTER_MANAGER_PORT=${SS_CLUSTER_MANAGER_PORT:-4081} - - ZINC_CLUSTER_MANAGER_ETCD_ENDPOINTS=${SS_CLUSTER_MANAGER_ETCD_ENDPOINTS:-127.0.0.1:2379} - - ZINC_CLUSTER_MANAGER_ETCD_PREFIX=${SS_CLUSTER_MANAGER_ETCD_PREFIX:-/zinc} + - SS_FIRST_ADMIN_USER=${INIT_SS_ADMIN_USER:-} + - SS_FIRST_ADMIN_PASSWORD=${INIT_SS_ADMIN_PASSWORD:-} + - SS_STORAGE_TYPE=${SS_STORAGE_TYPE:-} + - SS_MAX_OBJ_CACHE_SIZE=${SS_MAX_OBJ_CACHE_SIZE:-10GB} + - SS_S3_ACCESS_ID=${SS_S3_ACCESS_ID:-} + - SS_S3_USE_V4_SIGNATURE=${SS_S3_USE_V4_SIGNATURE:-false} + - SS_S3_ACCESS_SECRET=${SS_S3_ACCESS_SECRET:-} + - SS_S3_ENDPOINT=${SS_S3_ENDPOINT:-s3.us-east-1.amazonaws.com`} + - SS_S3_BUCKET=${SS_S3_BUCKET:-} + - SS_S3_USE_HTTPS=${SS_S3_USE_HTTPS:-true} + - SS_S3_PATH_STYLE_REQUEST=${SS_S3_PATH_STYLE_REQUEST:-true} + - SS_S3_AWS_REGION=${SS_S3_AWS_REGION:-us-east-1} + - SS_S3_SSE_C_KEY=${SS_S3_SSE_C_KEY:-} - SS_LOG_TO_STDOUT=${SS_LOG_TO_STDOUT:-false} - - ZINC_LOG_OUTPUT=${SS_LOG_OUTPUT:-true} - - ZINC_LOG_DIR=${SS_LOG_DIR:-/opt/seasearch/data/log} - - ZINC_LOG_LEVEL=${SS_LOG_LEVEL:-info} - - ZINC_PLUGIN_GSE_ENABLE = ${SS_PLUGIN_GSE_ENABLE:-false} - - ZINC_PLUGIN_GSE_DICT_EMBED = ${SS_PLUGIN_GSE_DICT_EMBED:-} - - ZINC_PLUGIN_GSE_DICT_PATH = ${SS_PLUGIN_GSE_DICT_PATH:-} + - SS_LOG_DIR=${SS_LOG_DIR:-/opt/seasearch/data/log} + - SS_LOG_LEVEL=${SS_LOG_LEVEL:-info} + # SeaSeasrch Proxy + - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false} + - SEATABLE_LOG_TO_STDOUT=${SEATABLE_LOG_TO_STDOUT:-false} + # for cluster + - SS_SERVER_MODE=${SS_SERVER_MODE:-} + - SS_CLUSTER_ID=${SS_CLUSTER_ID:-} + - SS_CLUSTER_PROXY_HOST=${SS_CLUSTER_PROXY_HOST:-0.0.0.0} + - SS_CLUSTER_PROXY_PORT=${SS_CLUSTER_PROXY_PORT:-4082} + - SS_CLUSTER_MANAGER_ADDR=${SS_CLUSTER_MANAGER_ADDR:-127.0.0.1:4081} + - SS_ETCD_USERNAME=${SS_ETCD_USERNAME:-} + - SS_ETCD_PASSWORD=${SS_ETCD_PASSWORD:-} + - SS_ETCD_ENDPOINTS=${SS_ETCD_ENDPOINTS:-127.0.0.1:2379} + - SS_ETCD_PREFIX=${SS_ETCD_PREFIX:-/zinc} + - SS_CLUSTER_PROXY_LOG_DIR=${SS_CLUSTER_PROXY_LOG_DIR:--/opt/seasearch/data/log} + - SS_CLUSTER_MANAGER_HOST=${SS_CLUSTER_MANAGER_HOST:-0.0.0.0} + - SS_CLUSTER_MANAGER_PORT=${SS_CLUSTER_MANAGER_PORT:-4081} networks: - seafile-net From 0f0491d57a3f2352df945503821104a3a3f721fd Mon Sep 17 00:00:00 2001 From: r350178982 <32759763+r350178982@users.noreply.github.com> Date: Thu, 13 Mar 2025 16:40:53 +0800 Subject: [PATCH 13/58] update --- manual/config/ldap_in_11.0_pro.md | 2 +- manual/upgrade/upgrade_notes_for_11.0.x.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manual/config/ldap_in_11.0_pro.md b/manual/config/ldap_in_11.0_pro.md index 406d4fa9..65f9b8f7 100644 --- a/manual/config/ldap_in_11.0_pro.md +++ b/manual/config/ldap_in_11.0_pro.md @@ -428,7 +428,7 @@ MULTI_LDAP_1_DEPT_NAME_ATTR = '' ### SSO and LDAP users use the same uid -If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set +If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth or Shibboleth), you want Seafile to find the existing account for this user instead of creating a new one, you can set ```python SSO_LDAP_USE_SAME_UID = True diff --git a/manual/upgrade/upgrade_notes_for_11.0.x.md b/manual/upgrade/upgrade_notes_for_11.0.x.md index d2de5162..28d6e9e9 100644 --- a/manual/upgrade/upgrade_notes_for_11.0.x.md +++ b/manual/upgrade/upgrade_notes_for_11.0.x.md @@ -179,7 +179,7 @@ DEL_GROUP_IF_NOT_FOUND = False # Set to "true", sync process will dele DEL_DEPARTMENT_IF_NOT_FOUND = False # Set to "true", sync process will deleted the department if not found it in LDAP server. ``` -If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set `SSO_LDAP_USE_SAME_UID = True`: +If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth or Shibboleth), you want Seafile to find the existing account for this user instead of creating a new one, you can set `SSO_LDAP_USE_SAME_UID = True`: ```python SSO_LDAP_USE_SAME_UID = True From faeacc9469f19e07ed4b07f01c4d8b735ac478a0 Mon Sep 17 00:00:00 2001 From: lian Date: Fri, 14 Mar 2025 11:43:25 +0800 Subject: [PATCH 14/58] Update shibboleth_authentication.md --- manual/config/shibboleth_authentication.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/config/shibboleth_authentication.md b/manual/config/shibboleth_authentication.md index d1edc3ca..88aeca9c 100644 --- a/manual/config/shibboleth_authentication.md +++ b/manual/config/shibboleth_authentication.md @@ -224,7 +224,7 @@ SHIBBOLETH_ATTRIBUTE_MAP = { "HTTP_SN": (False, "surname"), "HTTP_MAIL": (False, "contact_email"), "HTTP_ORGANIZATION": (False, "institution"), - "HTTP_Shibboleth-affiliation": (False, "affiliation"), + "HTTP_SHIBBOLETH_AFFILIATION": (False, "affiliation"), } ``` From 7d64c90645d24caedab1a550333c68910632babe Mon Sep 17 00:00:00 2001 From: lian Date: Fri, 14 Mar 2025 12:08:19 +0800 Subject: [PATCH 15/58] Update remote_user.md --- manual/config/remote_user.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/config/remote_user.md b/manual/config/remote_user.md index bd1614f6..fa7847e8 100644 --- a/manual/config/remote_user.md +++ b/manual/config/remote_user.md @@ -41,7 +41,7 @@ REMOTE_USER_ATTRIBUTE_MAP = { "HTTP_ORGANIZATION": 'institution', # for user role - 'HTTP_Shibboleth-affiliation': 'affiliation', + 'HTTP_SHIBBOLETH_AFFILIATION': 'affiliation', } # Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP, From b33abd4776328a110e23b8c707bfd5ce4b40a800 Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Mon, 17 Mar 2025 11:59:28 +0800 Subject: [PATCH 16/58] fix: backup & restore command mysql -> mariadb --- manual/administration/backup_recovery.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manual/administration/backup_recovery.md b/manual/administration/backup_recovery.md index b8c43bb3..4443a42b 100644 --- a/manual/administration/backup_recovery.md +++ b/manual/administration/backup_recovery.md @@ -136,9 +136,9 @@ The data files to be backed up: ```bash # It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week. cd /backup/databases -docker exec -it seafile-mysql mysqldump -u[username] -p[password] --opt ccnet_db > ccnet_db.sql -docker exec -it seafile-mysql mysqldump -u[username] -p[password] --opt seafile_db > seafile_db.sql -docker exec -it seafile-mysql mysqldump -u[username] -p[password] --opt seahub_db > seahub_db.sql +docker exec -it seafile-mysql mariadb-dump -u[username] -p[password] --opt ccnet_db > ccnet_db.sql +docker exec -it seafile-mysql mariadb-dump -u[username] -p[password] --opt seafile_db > seafile_db.sql +docker exec -it seafile-mysql mariadb-dump -u[username] -p[password] --opt seahub_db > seahub_db.sql ``` ### Backing up Seafile library data @@ -164,9 +164,9 @@ docker cp /backup/databases/ccnet_db.sql seafile-mysql:/tmp/ccnet_db.sql docker cp /backup/databases/seafile_db.sql seafile-mysql:/tmp/seafile_db.sql docker cp /backup/databases/seahub_db.sql seafile-mysql:/tmp/seahub_db.sql -docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] ccnet_db < /tmp/ccnet_db.sql" -docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] seafile_db < /tmp/seafile_db.sql" -docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] seahub_db < /tmp/seahub_db.sql" +docker exec -it seafile-mysql /bin/sh -c "mariadb -u[username] -p[password] ccnet_db < /tmp/ccnet_db.sql" +docker exec -it seafile-mysql /bin/sh -c "mariadb -u[username] -p[password] seafile_db < /tmp/seafile_db.sql" +docker exec -it seafile-mysql /bin/sh -c "mariadb -u[username] -p[password] seahub_db < /tmp/seahub_db.sql" ``` ### Restore the seafile data From 5a46bf863155d20f3e0925ae5f12a06dd03af066 Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Mon, 17 Mar 2025 14:20:04 +0800 Subject: [PATCH 17/58] update backup and recovery commands and tip --- manual/administration/backup_recovery.md | 27 ++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/manual/administration/backup_recovery.md b/manual/administration/backup_recovery.md index 4443a42b..355f51c3 100644 --- a/manual/administration/backup_recovery.md +++ b/manual/administration/backup_recovery.md @@ -54,7 +54,7 @@ mysqldump -h [mysqlhost] -u[username] -p[password] --opt seahub_db > /backup/dat ``` !!! danger "`mysqldump`: command not found" - You may encounter this problem on some machines with a minimal Mariadb server installed. If you encounter this error, use the `mariadb-dump` command, such as: + You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been fully deprecated](https://mariadb.com/kb/en/mysqldump/). If you encounter this error, use the `mariadb-dump` command, such as: ```sh mariadb-dump -h [mysqlhost] -u[username] -p[password] --opt ccnet_db > /backup/databases/ccnet_db.sql.`date +"%Y-%m-%d-%H-%M-%S"` @@ -106,7 +106,7 @@ mysql -u[username] -p[password] seahub_db < seahub_db.sql.2013-10-19-16-01-05 ``` !!! danger "`mysql`: command not found" - You may encounter this problem on some machines with a minimal Mariadb server installed. If you encounter this error, use the `mariadb` command, such as: + You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been fully deprecated](https://mariadb.com/kb/en/mysqldump/). If you encounter this error, use the `mariadb` command, such as: ```sh mariadb -u[username] -p[password] ccnet_db < ccnet_db.sql.2013-10-19-16-00-05 @@ -141,6 +141,18 @@ docker exec -it seafile-mysql mariadb-dump -u[username] -p[password] --opt seaf docker exec -it seafile-mysql mariadb-dump -u[username] -p[password] --opt seahub_db > seahub_db.sql ``` +!!! tip + The default image of database is ***Mariadb 10.11*** from Seafile 12, you may not be able to find these commands in the container (such as `mysqldump: command not found`), since commands of `mysql*` series [have been gradually deprecated](https://mariadb.com/kb/en/mysqldump/). So we recommend that you use the `mariadb*` series of commands. + + However, **if you still use the *MySQL* docker image**, you should continue to use `mysqldump` here: + + ```sh + docker exec -it seafile-mysql mysqldump -u[username] -p[password] --opt ccnet_db > ccnet_db.sql + docker exec -it seafile-mysql mysqldump -u[username] -p[password] --opt seafile_db > seafile_db.sql + docker exec -it seafile-mysql mysqldump -u[username] -p[password] --opt seahub_db > seahub_db.sql + ``` + + ### Backing up Seafile library data #### To directly copy the whole data directory @@ -169,6 +181,17 @@ docker exec -it seafile-mysql /bin/sh -c "mariadb -u[username] -p[password] seaf docker exec -it seafile-mysql /bin/sh -c "mariadb -u[username] -p[password] seahub_db < /tmp/seahub_db.sql" ``` +!!! tip + The default image of database is ***Mariadb 10.11*** from Seafile 12, you may not be able to find these commands in the container (such as `mysql: command not found`), since commands of `mysql*` series [have been gradually deprecated](https://mariadb.com/kb/en/mysqldump/). So we recommend that you use the `mariadb*` series of commands. + + However, **if you still use the *MySQL* docker image**, you should continue to use `mysql` here: + + ```sh + docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] ccnet_db < /tmp/ccnet_db.sql" + docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] seafile_db < /tmp/seafile_db.sql" + docker exec -it seafile-mysql /bin/sh -c "mysql -u[username] -p[password] seahub_db < /tmp/seahub_db.sql" + ``` + ### Restore the seafile data ```bash From 6cee689c1dba37fc62aa0dd6986941bc69af44ca Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Mon, 17 Mar 2025 14:25:24 +0800 Subject: [PATCH 18/58] opt: steps in recovering DB --- manual/setup/migrate_non_docker_to_docker.md | 25 ++++---------------- 1 file changed, 4 insertions(+), 21 deletions(-) diff --git a/manual/setup/migrate_non_docker_to_docker.md b/manual/setup/migrate_non_docker_to_docker.md index 1dff35c8..87c9eb21 100644 --- a/manual/setup/migrate_non_docker_to_docker.md +++ b/manual/setup/migrate_non_docker_to_docker.md @@ -82,38 +82,21 @@ cp /backup/data/* /opt/seafile-data/seafile ## Recover the Database (only for the new MySQL service used in Seafile docker) -1. Add a temporary persistent directory, where the database backup files are, to the `seafile-server.yml` for service `db`: - - ```yml - services: - db: - volumes: - ... - - ":/tmp_sqls" - ... - ``` - -2. Start the database service **Only**: +1. Start the database service **Only**: ```sh docker compose up -d --no-deps db ``` -3. Enter the container and *Mariadb* environment:` +2. Follow [here](../administration/backup_recovery.md#restore-the-databases_1) to recover the database data. - ```sh - docker exec -it seafile-mysql bash - ``` - -4. Follow [here](../administration/backup_recovery.md#restore-the-databases-1) to recover the database data. Your database backup files should be in the directory `/tmp_sqls` - -5. Finally, exit the container and stop the Mariadb service +3. Exit the container and stop the Mariadb service ```sh docker compose down ``` - and remove the temporary persistent directory in `seafile-server.yml` (i.e., undo the step 1) +4. Remove the temporary persistent directory in `seafile-server.yml` (i.e., undo the step 1). ## Restart the services From c09a5b1cda008a70f7eec73f0ddac3b07dc7282d Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Mon, 17 Mar 2025 14:42:06 +0800 Subject: [PATCH 19/58] update link of note of MDEV-30203 note from Mariadb --- manual/administration/backup_recovery.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/manual/administration/backup_recovery.md b/manual/administration/backup_recovery.md index 355f51c3..c84fef99 100644 --- a/manual/administration/backup_recovery.md +++ b/manual/administration/backup_recovery.md @@ -54,7 +54,7 @@ mysqldump -h [mysqlhost] -u[username] -p[password] --opt seahub_db > /backup/dat ``` !!! danger "`mysqldump`: command not found" - You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been fully deprecated](https://mariadb.com/kb/en/mysqldump/). If you encounter this error, use the `mariadb-dump` command, such as: + You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been fully deprecated](https://jira.mariadb.org/browse/MDEV-30203). If you encounter this error, use the `mariadb-dump` command, such as: ```sh mariadb-dump -h [mysqlhost] -u[username] -p[password] --opt ccnet_db > /backup/databases/ccnet_db.sql.`date +"%Y-%m-%d-%H-%M-%S"` @@ -106,7 +106,7 @@ mysql -u[username] -p[password] seahub_db < seahub_db.sql.2013-10-19-16-01-05 ``` !!! danger "`mysql`: command not found" - You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been fully deprecated](https://mariadb.com/kb/en/mysqldump/). If you encounter this error, use the `mariadb` command, such as: + You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been fully deprecated](https://jira.mariadb.org/browse/MDEV-30203). If you encounter this error, use the `mariadb` command, such as: ```sh mariadb -u[username] -p[password] ccnet_db < ccnet_db.sql.2013-10-19-16-00-05 @@ -142,7 +142,7 @@ docker exec -it seafile-mysql mariadb-dump -u[username] -p[password] --opt seah ``` !!! tip - The default image of database is ***Mariadb 10.11*** from Seafile 12, you may not be able to find these commands in the container (such as `mysqldump: command not found`), since commands of `mysql*` series [have been gradually deprecated](https://mariadb.com/kb/en/mysqldump/). So we recommend that you use the `mariadb*` series of commands. + The default image of database is ***Mariadb 10.11*** from Seafile 12, you may not be able to find these commands in the container (such as `mysqldump: command not found`), since commands of `mysql*` series [have been gradually deprecated](https://jira.mariadb.org/browse/MDEV-30203). So we recommend that you use the `mariadb*` series of commands. However, **if you still use the *MySQL* docker image**, you should continue to use `mysqldump` here: @@ -182,7 +182,7 @@ docker exec -it seafile-mysql /bin/sh -c "mariadb -u[username] -p[password] seah ``` !!! tip - The default image of database is ***Mariadb 10.11*** from Seafile 12, you may not be able to find these commands in the container (such as `mysql: command not found`), since commands of `mysql*` series [have been gradually deprecated](https://mariadb.com/kb/en/mysqldump/). So we recommend that you use the `mariadb*` series of commands. + The default image of database is ***Mariadb 10.11*** from Seafile 12, you may not be able to find these commands in the container (such as `mysql: command not found`), since commands of `mysql*` series [have been gradually deprecated](https://jira.mariadb.org/browse/MDEV-30203). So we recommend that you use the `mariadb*` series of commands. However, **if you still use the *MySQL* docker image**, you should continue to use `mysql` here: From cbc62cc7ee10becd427083b266c93b3b22333b61 Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Mon, 17 Mar 2025 14:42:54 +0800 Subject: [PATCH 20/58] update link of note of MDEV-30203 note from Mariadb --- manual/administration/backup_recovery.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/manual/administration/backup_recovery.md b/manual/administration/backup_recovery.md index c84fef99..c63e8985 100644 --- a/manual/administration/backup_recovery.md +++ b/manual/administration/backup_recovery.md @@ -54,7 +54,7 @@ mysqldump -h [mysqlhost] -u[username] -p[password] --opt seahub_db > /backup/dat ``` !!! danger "`mysqldump`: command not found" - You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been fully deprecated](https://jira.mariadb.org/browse/MDEV-30203). If you encounter this error, use the `mariadb-dump` command, such as: + You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been gradually deprecated](https://jira.mariadb.org/browse/MDEV-30203). If you encounter this error, use the `mariadb-dump` command, such as: ```sh mariadb-dump -h [mysqlhost] -u[username] -p[password] --opt ccnet_db > /backup/databases/ccnet_db.sql.`date +"%Y-%m-%d-%H-%M-%S"` @@ -106,7 +106,7 @@ mysql -u[username] -p[password] seahub_db < seahub_db.sql.2013-10-19-16-01-05 ``` !!! danger "`mysql`: command not found" - You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been fully deprecated](https://jira.mariadb.org/browse/MDEV-30203). If you encounter this error, use the `mariadb` command, such as: + You may encounter this problem on some machines with a minimal (from 10.5) or a newer (from 11.0) Mariadb server installed, of which the `mysql*` series of commands [have been gradually deprecated](https://jira.mariadb.org/browse/MDEV-30203). If you encounter this error, use the `mariadb` command, such as: ```sh mariadb -u[username] -p[password] ccnet_db < ccnet_db.sql.2013-10-19-16-00-05 From 54402bea843564ac3f13516038a922165c5c3619 Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Mon, 17 Mar 2025 17:53:53 +0800 Subject: [PATCH 21/58] opt: steps in recovering DB --- manual/setup/migrate_non_docker_to_docker.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/manual/setup/migrate_non_docker_to_docker.md b/manual/setup/migrate_non_docker_to_docker.md index 87c9eb21..c1b9033a 100644 --- a/manual/setup/migrate_non_docker_to_docker.md +++ b/manual/setup/migrate_non_docker_to_docker.md @@ -96,8 +96,6 @@ cp /backup/data/* /opt/seafile-data/seafile docker compose down ``` -4. Remove the temporary persistent directory in `seafile-server.yml` (i.e., undo the step 1). - ## Restart the services Finally, the migration is complete. You can restart the Seafile server of Docker-base by restarting the service: From a896907796952759db3c1e81bdd62dbe1336e9e1 Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Tue, 18 Mar 2025 11:10:11 +0800 Subject: [PATCH 22/58] Add changelog for 12.0.11-pro --- .../changelog-for-seafile-professional-server.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/manual/changelog/changelog-for-seafile-professional-server.md b/manual/changelog/changelog-for-seafile-professional-server.md index e0361c67..3c7dbe35 100644 --- a/manual/changelog/changelog-for-seafile-professional-server.md +++ b/manual/changelog/changelog-for-seafile-professional-server.md @@ -8,6 +8,14 @@ Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md) +### 12.0.11 (2025-03-20) + +* [fix] Fix a stored XSS issue +* [fix] Do not show Wiki libraries in clients and WebDAV +* Add library name in "share admin -> folders" +* [fix] Fix set of library history keep days +* [fix] Fix support for enforcing Two-Factor Authentication +* Update support for working with SeaSearch 0.9.1 ### 12.0.10 (2025-03-05) From 95d4b7e5edf234cd782c5604430fac0aaf6c092c Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Wed, 19 Mar 2025 14:42:42 +0800 Subject: [PATCH 23/58] Add changelog for v12.0.11 --- manual/changelog/server-changelog.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/manual/changelog/server-changelog.md b/manual/changelog/server-changelog.md index 2befe1f4..6555e119 100644 --- a/manual/changelog/server-changelog.md +++ b/manual/changelog/server-changelog.md @@ -9,6 +9,15 @@ Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md) +### 12.0.11 (2025-03-19) + +* [fix] Fix a stored XSS issue +* [fix] Do not show Wiki libraries in clients and WebDAV +* Add library name in "share admin -> folders" +* [fix] Fix set of library history keep days +* [fix] Fix support for enforcing Two-Factor Authentication + + ### 12.0.10 (2025-03-03) * [fix] Fix seaf-fuse support From c3c2c8380da9858e9d86289878fc5617edf7bc51 Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Wed, 19 Mar 2025 16:31:49 +0800 Subject: [PATCH 24/58] fix: ce binary deployment format error --- manual/setup_binary/installation_ce.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/setup_binary/installation_ce.md b/manual/setup_binary/installation_ce.md index d3281ee8..db555f40 100644 --- a/manual/setup_binary/installation_ce.md +++ b/manual/setup_binary/installation_ce.md @@ -88,7 +88,7 @@ Seafile uses the mysql_native_password plugin for authentication. The versions o ``` - === "Debian 11" + === "Debian 11" ```sh sudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev-compat ldap-utils libldap2-dev libsasl2-dev From da0c95dbb75c2ba404edab5b62845770232b541f Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Fri, 21 Mar 2025 13:21:44 +0800 Subject: [PATCH 25/58] Update changelog-for-seafile-professional-server.md --- .../changelog/changelog-for-seafile-professional-server.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manual/changelog/changelog-for-seafile-professional-server.md b/manual/changelog/changelog-for-seafile-professional-server.md index 3c7dbe35..1bf1f5b0 100644 --- a/manual/changelog/changelog-for-seafile-professional-server.md +++ b/manual/changelog/changelog-for-seafile-professional-server.md @@ -61,6 +61,13 @@ Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_ Please check our document for how to upgrade to [11.0](../upgrade/upgrade_notes_for_11.0.x.md) +### 11.0.19 (2025-03-21) + +* [fix] Fix a stored XSS issue +* SSO_LDAP_USE_SAME_UID option now support Shibboleth login method +* [fix] Fix a bug when a user view a shared file belong to a deleted user +* Improve SAML error message when exceed number of user limit of license + ### 11.0.18 (2025-01-20) * [fix] Fix license check in SAML mode From 9d0fa02ef0cb7a2859fae2067a0d372343b8b258 Mon Sep 17 00:00:00 2001 From: Huang Junxiang Date: Mon, 24 Mar 2025 14:28:17 +0800 Subject: [PATCH 26/58] feat: helm support custom storageClassName (#486) --- manual/setup/helm_chart_cluster.md | 11 ++++++++++- manual/setup/helm_chart_single_node.md | 11 ++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/manual/setup/helm_chart_cluster.md b/manual/setup/helm_chart_cluster.md index cd875c0c..6030674f 100644 --- a/manual/setup/helm_chart_cluster.md +++ b/manual/setup/helm_chart_cluster.md @@ -50,7 +50,16 @@ After installation, you need to start the k8s control plane service on each node ``` !!! tip - It is not necessary to use the `my-values.yaml` we provided (i.e., you can create an empty `my-values.yaml` and add required field, as others have defined default values in our chart), because it destroys the flexibility of deploying with Helm, but it contains some formats of how Seafile Helm Chart reads these configurations, as well as all the environment variables and secret variables that can be read directly. + - It is not necessary to use the `my-values.yaml` we provided (i.e., you can create an empty `my-values.yaml` and add required field, as others have defined default values in our chart), because it destroys the flexibility of deploying with Helm, but it contains some formats of how Seafile Helm Chart reads these configurations, as well as all the environment variables and secret variables that can be read directly. + - In addition, you can also create a custom ***storageClassName*** for the persistence directory used by Seafile. You only need to specify `storageClassName` in the `seafile.config.seafileDataVolume` object in `my-values.yaml`: + + ```yaml + seafile: + configs: + seafileDataVolume: + storageClassName: + ... + ``` 4. Then install the chart use the following command: diff --git a/manual/setup/helm_chart_single_node.md b/manual/setup/helm_chart_single_node.md index 402781a2..ef688215 100644 --- a/manual/setup/helm_chart_single_node.md +++ b/manual/setup/helm_chart_single_node.md @@ -65,7 +65,16 @@ Please refer [here](./system_requirements.md) for the details of system requirem ``` !!! tip - It is not necessary to use the `my-values.yaml` we provided (i.e., you can create an empty `my-values.yaml` and add required field, as others have defined default values in our chart), because it destroys the flexibility of deploying with Helm, but it contains some formats of how Seafile Helm Chart reads these configurations, as well as all the environment variables and secret variables that can be read directly. + - It is not necessary to use the `my-values.yaml` we provided (i.e., you can create an empty `my-values.yaml` and add required field, as others have defined default values in our chart), because it destroys the flexibility of deploying with Helm, but it contains some formats of how Seafile Helm Chart reads these configurations, as well as all the environment variables and secret variables that can be read directly. + - In addition, you can also create a custom ***storageClassName*** for the persistence directory used by Seafile. You only need to specify `storageClassName` in the `seafile.config.seafileDataVolume` object in `my-values.yaml`: + + ```yaml + seafile: + configs: + seafileDataVolume: + storageClassName: + ... + ``` 4. Then install the chart use the following command: From 7a55e9c17b34aed848098892646965543b81e4cf Mon Sep 17 00:00:00 2001 From: Huang Junxiang Date: Tue, 25 Mar 2025 11:03:12 +0800 Subject: [PATCH 27/58] docs(onlyoffice): syntax error (#489) --- manual/extension/only_office.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/extension/only_office.md b/manual/extension/only_office.md index bd71e9c1..b301c978 100644 --- a/manual/extension/only_office.md +++ b/manual/extension/only_office.md @@ -48,7 +48,7 @@ ONLYOFFICE_JWT_SECRET = '' ``` !!! tip - By default OnlyOffice will use port **6233** used for communication between Seafile and Document Server, You can modify the bound port by specifying `ONLYOFFICE_PORT`, and port in the term `ONLYOFFICE_APIJS_URL` in `seahub_settings.py` has been modified together. + By default OnlyOffice will use port **6233** used for communication between Seafile and Document Server, You can modify the bound port by specifying `ONLYOFFICE_PORT`, and the port in the term `ONLYOFFICE_APIJS_URL` in `seahub_settings.py` should be modified together. ### Advanced: Custom settings of OnlyOffice From 5fd154ee14a6dd6defd750947e7b3b4d603225b5 Mon Sep 17 00:00:00 2001 From: seafile-dev <57566977+seafile-dev@users.noreply.github.com> Date: Wed, 26 Mar 2025 18:35:29 +0800 Subject: [PATCH 28/58] Custom set user role when shib login (#493) Co-authored-by: lian --- manual/config/shibboleth_authentication.md | 32 ++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/manual/config/shibboleth_authentication.md b/manual/config/shibboleth_authentication.md index 88aeca9c..a1a75c90 100644 --- a/manual/config/shibboleth_authentication.md +++ b/manual/config/shibboleth_authentication.md @@ -248,6 +248,38 @@ SHIBBOLETH_AFFILIATION_ROLE_MAP = { After Shibboleth login, Seafile should calcualte user's role from affiliation and SHIBBOLETH_AFFILIATION_ROLE_MAP. +### Custom set user role + +If you are unable to set user roles by obtaining affiliation information, or if you wish to have a more customized way of setting user roles, you can add the following configuration to achieve this. + +For example, set all users whose email addresses end with `@seafile.com` as `default`, and set other users as `guest`. + +First, update the `SHIBBOLETH_ATTRIBUTE_MAP` configuration in seahub_settings.py, and add `HTTP_REMOTE_USER`. + +``` +SHIBBOLETH_ATTRIBUTE_MAP = { + .... + "HTTP_REMOTE_USER": (False, "remote_user"), + .... +} +``` + +Then, create `/opt/seafile/conf/seahub_custom_functions/__init__.py` file and add the following code. +``` +# function name `custom_shibboleth_get_user_role` should NOT be changed +def custom_shibboleth_get_user_role(shib_meta): + + remote_user = shib_meta.get('remote_user', '') + if not remote_user: + return '' + + remote_user = remote_user.lower() + if remote_user.endswith('@seafile.com'): + return 'default' + else: + return 'guest' +``` + ## Verify After restarting Apache and Seahub service (`./seahub.sh restart`), you can then test the shibboleth login workflow. From 0de30fb0db3587404c7e374a1e78a62f320101cb Mon Sep 17 00:00:00 2001 From: Ranjiwei <32759763+r350178982@users.noreply.github.com> Date: Fri, 28 Mar 2025 17:42:53 +0800 Subject: [PATCH 29/58] Seahub customizing opt (#499) * update * Update seahub_customization.md --- manual/config/seahub_customization.md | 28 ++++++++++----------------- 1 file changed, 10 insertions(+), 18 deletions(-) diff --git a/manual/config/seahub_customization.md b/manual/config/seahub_customization.md index bf33531a..f7a1a46a 100644 --- a/manual/config/seahub_customization.md +++ b/manual/config/seahub_customization.md @@ -39,7 +39,7 @@ Add your favicon file to `custom/` Overwrite `FAVICON_PATH` in `seahub_settings.py` ```py -LOGO_PATH = 'custom/favicon.png' +FAVICON_PATH = 'custom/favicon.png' ``` ### Customize Seahub CSS @@ -49,7 +49,7 @@ Add your css file to `custom/`, for example, `custom.css` Overwrite `BRANDING_CSS` in `seahub_settings.py` ```py -LOGO_PATH = 'custom/custom.css' +BRANDING_CSS = 'custom/custom.css' ``` ## Customize help page @@ -58,16 +58,20 @@ LOGO_PATH = 'custom/custom.css' ```sh mkdir -p /opt/seafile-data/seahub/media/custom/templates/help/ cd /opt/seafile-data/seahub/media/custom - cp ../../help/templates/help/install.html templates/help/ + cp ../../help/templates/help/base.html templates/help/ ``` === "Deploy from binary packages" ```sh mkdir /opt/seafile/seafile-server-latest/seahub/media/custom/templates/help/ cd /opt/seafile/seafile-server-latest/seahub/media/custom - cp ../../help/templates/help/install.html templates/help/ + cp ../../help/templates/help/base.html templates/help/ ``` -Modify the `templates/help/install.html` file and save it. You will see the new help page. +For example, modify the `templates/help/base.html` file and save it. You will see the new help page. + +!!! note + There are some more help pages available for modifying, you can find the list of the html file [here](https://github.com/haiwen/seahub/tree/master/seahub/help/templates/help) + ## Add an extra note in sharing dialog @@ -106,24 +110,12 @@ CUSTOM_NAV_ITEMS = [ ``` !!! note - The `icon` field currently only supports icons in Seafile that begin with `sf2-icon`. You can find the list of icons here: + The `icon` field currently only supports icons in Seafile that begin with `sf2-icon`. You can find the list of icons [here](https://github.com/haiwen/seahub/blob/master/media/css/seahub.css) Then restart the Seahub service to take effect. Once you log in to the Seafile system homepage again, you will see the new navigation entry under the `Tools` navigation bar on the left. -## Add more links to the bottom bar - -``` -ADDITIONAL_APP_BOTTOM_LINKS = { - 'seafile': 'https://example.seahub.com/seahub', - 'dtable-web': 'https://example.seahub.com/web' -} -``` - -Result: - -![](../images/additional-app-bottom-links.png) ## Add more links to about dialog From 5ce3b0c02ec58943ee467b4892c0195cd838a8fc Mon Sep 17 00:00:00 2001 From: Jiaqiang Xu Date: Wed, 2 Apr 2025 16:57:12 +0800 Subject: [PATCH 30/58] Update client-changelog.md 9.0.13 --- manual/changelog/client-changelog.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/manual/changelog/client-changelog.md b/manual/changelog/client-changelog.md index 3745cf9e..2215fa0b 100644 --- a/manual/changelog/client-changelog.md +++ b/manual/changelog/client-changelog.md @@ -2,6 +2,14 @@ ## 9.0 +### 9.0.13 (2025/04/02) + +* \[win] Fix bug that some items of context menu in Windows Explorer don't show up +* \[mac] Fix bug of handling rename events, that can cause files moved to wrong folder +* \[linux] Support Wayland +* \[linux] Auto lock Office files opened by LibreOffice and WPS +* Upgrade OpenSSL + ### 9.0.12 (2025/02/12) * Improve sync error descriptions in the main window for file sync errors From e95e5de48ecb17762c1e3b329db5bef8b578a7ed Mon Sep 17 00:00:00 2001 From: Ranjiwei <32759763+r350178982@users.noreply.github.com> Date: Tue, 8 Apr 2025 14:28:27 +0800 Subject: [PATCH 31/58] Update upgrade_notes_for_12.0.x.md (#501) * Update upgrade_notes_for_12.0.x.md * Update upgrade_notes_for_12.0.x.md --------- Co-authored-by: Daniel Pan --- manual/upgrade/upgrade_notes_for_12.0.x.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/manual/upgrade/upgrade_notes_for_12.0.x.md b/manual/upgrade/upgrade_notes_for_12.0.x.md index 6d20e6b2..049e2922 100644 --- a/manual/upgrade/upgrade_notes_for_12.0.x.md +++ b/manual/upgrade/upgrade_notes_for_12.0.x.md @@ -25,7 +25,7 @@ Configuration changes: * SERVICE_URL and FILE_SERVER_ROOT are removed. SERVICE_URL will be calculated from SEAFILE_SERVER_PROTOCOL and SEAFILE_SERVER_HOSTNAME in `.env` file. * `ccnet.conf` is removed. Some of its configuration items are moved from `.env` file, others are read from items in `seafile.conf` with same name. * Two role permissions are added, `can_create_wiki` and `can_publish_wiki` are used to control whether a role can create a Wiki and publish a Wiki. The old role permission `can_publish_repo` is removed. - +* REMOTE_USER header is not passed to Seafile by default, you need to change `gunicorn.conf.py` if you need REMOTE_USER header for SSO. Other changes: @@ -175,6 +175,16 @@ From version 1.0, SeaDoc is using seahub_db database to store its operation logs Please see the document [Setup SeaDoc](../extension/setup_seadoc.md) to install SeaDoc on a separate machine and integrate with your binary packaged based Seafile server v12.0. +### 9) (Optional) Update `gunicorn.conf.py` file in `conf/` directory + +If you deployed single sign on (SSO) by Shibboleth protocol, the following line should be added to the gunicorn config file. + +```python + +forwarder_headers = 'SCRIPT_NAME,PATH_INFO,REMOTE_USER' +``` + + ## FAQ We have documented common issues encountered by users when upgrading to version 12.0 in our FAQ . From ae14715f2ef79f78d3fad3230280f0ef15de16d8 Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Tue, 8 Apr 2025 14:31:57 +0800 Subject: [PATCH 32/58] Update upgrade_docker.md --- manual/upgrade/upgrade_docker.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/manual/upgrade/upgrade_docker.md b/manual/upgrade/upgrade_docker.md index 96c54a64..8731eb02 100644 --- a/manual/upgrade/upgrade_docker.md +++ b/manual/upgrade/upgrade_docker.md @@ -181,6 +181,16 @@ If you have deployed SeaDoc older version, you should remove `/sdoc-server/`, `/ Please see the document [Setup SeaDoc](../extension/setup_seadoc.md) to install SeaDoc with Seafile. +### Other configuration changes + +#### Enable passing of REMOTE_USER + +REMOTE_USER header is not passed to Seafile by default, you need to change `gunicorn.conf.py` if you need REMOTE_USER header for SSO. + +```python +forwarder_headers = 'SCRIPT_NAME,PATH_INFO,REMOTE_USER' +``` + ## Upgrade from 10.0 to 11.0 From faf3729bab4cb52a59adfdd2604e6d94710f30c9 Mon Sep 17 00:00:00 2001 From: Huang Junxiang Date: Tue, 8 Apr 2025 16:32:36 +0800 Subject: [PATCH 33/58] update upgrade to 12.0: other configuration changes (#502) --- manual/upgrade/upgrade_docker.md | 9 +++++++++ manual/upgrade/upgrade_notes_for_12.0.x.md | 19 +++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/manual/upgrade/upgrade_docker.md b/manual/upgrade/upgrade_docker.md index 8731eb02..09b220dd 100644 --- a/manual/upgrade/upgrade_docker.md +++ b/manual/upgrade/upgrade_docker.md @@ -191,6 +191,15 @@ REMOTE_USER header is not passed to Seafile by default, you need to change `guni forwarder_headers = 'SCRIPT_NAME,PATH_INFO,REMOTE_USER' ``` +#### Supplement or remove ALLOWED_HOSTS in seahub_settings.py + +Since version 12.0, the seaf-server component need to send internal requests to seahub component to check permissions, as reporting ***400 Error*** when downloading files if the `ALLOWED_HOSTS` set incorrect. In this case, you can either **remove** `ALLOWED_HOSTS` in `seahub_settings.py` or **supplement** `127.0.0.1` in `ALLOWED_HOSTS` list: + +```py +# seahub_settings.py + +ALLOWED_HOSTS = ['...(your domain)', '127.0.0.1'] +``` ## Upgrade from 10.0 to 11.0 diff --git a/manual/upgrade/upgrade_notes_for_12.0.x.md b/manual/upgrade/upgrade_notes_for_12.0.x.md index 049e2922..9ed92ce6 100644 --- a/manual/upgrade/upgrade_notes_for_12.0.x.md +++ b/manual/upgrade/upgrade_notes_for_12.0.x.md @@ -184,6 +184,25 @@ If you deployed single sign on (SSO) by Shibboleth protocol, the following line forwarder_headers = 'SCRIPT_NAME,PATH_INFO,REMOTE_USER' ``` +### 10) (Optional) Other configuration changes + +#### Enable passing of REMOTE_USER + +REMOTE_USER header is not passed to Seafile by default, you need to change `gunicorn.conf.py` if you need REMOTE_USER header for SSO. + +```python +forwarder_headers = 'SCRIPT_NAME,PATH_INFO,REMOTE_USER' +``` + +#### Supplement or remove ALLOWED_HOSTS in seahub_settings.py + +Since version 12.0, the seaf-server component need to send internal requests to seahub component to check permissions, as reporting ***400 Error*** when downloading files if the `ALLOWED_HOSTS` set incorrect. In this case, you can either **remove** `ALLOWED_HOSTS` in `seahub_settings.py` or **supplement** `127.0.0.1` in `ALLOWED_HOSTS` list: + +```py +# seahub_settings.py + +ALLOWED_HOSTS = ['...(your domain)', '127.0.0.1'] +``` ## FAQ From fdc855e1c50094ecff17e7096bda21a217929447 Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Mon, 21 Apr 2025 18:16:38 +0800 Subject: [PATCH 34/58] Update changelog-for-seafile-professional-server.md --- .../changelog/changelog-for-seafile-professional-server.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manual/changelog/changelog-for-seafile-professional-server.md b/manual/changelog/changelog-for-seafile-professional-server.md index 1bf1f5b0..bb26ffcc 100644 --- a/manual/changelog/changelog-for-seafile-professional-server.md +++ b/manual/changelog/changelog-for-seafile-professional-server.md @@ -8,6 +8,12 @@ Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md) +### 12.0.12 (2025-04-21) + +* [fix] Fix a UI bug in "share admin -> share links" +* [fix] Fix a bug in rendering "system admin -> users" +* Update translations + ### 12.0.11 (2025-03-20) * [fix] Fix a stored XSS issue From e11ea0225b7984e1e759109e51ccec893a35f4b4 Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Thu, 24 Apr 2025 12:05:23 +0800 Subject: [PATCH 35/58] perf: Priority issues for S3_HOST and S3_AWS_REGION in 12.0 --- manual/config/env.md | 2 +- manual/repo/docker/cluster/env | 2 +- manual/repo/docker/cluster/seafile-server.yml | 2 +- manual/repo/docker/pro/env | 4 ++-- manual/repo/docker/pro/seafile-server.yml | 2 +- manual/repo/docker/pro/seasearch.yml | 2 +- manual/repo/k8s/cluster/seafile-env.yaml | 2 +- manual/repo/k8s/pro/seafile-env.yaml | 2 +- manual/setup/setup_pro_by_docker.md | 2 +- manual/setup/setup_with_s3.md | 2 +- manual/setup/use_other_reverse_proxy.md | 2 +- 11 files changed, 12 insertions(+), 12 deletions(-) diff --git a/manual/config/env.md b/manual/config/env.md index f45dc718..d9777ac3 100644 --- a/manual/config/env.md +++ b/manual/config/env.md @@ -126,7 +126,7 @@ NOTIFICATION_SERVER_VOLUME=/opt/notification-data - `INIT_S3_SECRET_KEY`: S3 storage backend secret key - `INIT_S3_USE_V4_SIGNATURE`: Use the v4 protocol of S3 if enabled, default is `true` - `INIT_S3_AWS_REGION`: Region of your buckets (AWS only), default is `us-east-1`. (Only valid when `INIT_S3_USE_V4_SIGNATURE` sets to `true`) -- `INIT_S3_HOST`: Host of your buckets, default is `s3.us-east-1.amazonaws.com`. (Only valid when `INIT_S3_USE_V4_SIGNATURE` sets to `true`) +- `INIT_S3_HOST`: Host of your buckets (Only required when not use AWS). - `INIT_S3_USE_HTTPS`: Use HTTPS connections to S3 if enabled, default is `true` ## SeaSearch diff --git a/manual/repo/docker/cluster/env b/manual/repo/docker/cluster/env index 7b828476..afd6cac5 100644 --- a/manual/repo/docker/cluster/env +++ b/manual/repo/docker/cluster/env @@ -35,7 +35,7 @@ INIT_S3_KEY_ID= INIT_S3_SECRET_KEY= INIT_S3_USE_V4_SIGNATURE=true INIT_S3_AWS_REGION=us-east-1 -INIT_S3_HOST=s3.us-east-1.amazonaws.com +INIT_S3_HOST= INIT_S3_USE_HTTPS=true JWT_PRIVATE_KEY= \ No newline at end of file diff --git a/manual/repo/docker/cluster/seafile-server.yml b/manual/repo/docker/cluster/seafile-server.yml index 47cd4c61..cd1ad1f4 100644 --- a/manual/repo/docker/cluster/seafile-server.yml +++ b/manual/repo/docker/cluster/seafile-server.yml @@ -34,7 +34,7 @@ services: - INIT_S3_SECRET_KEY=${INIT_S3_SECRET_KEY:-} - INIT_S3_USE_V4_SIGNATURE=${INIT_S3_USE_V4_SIGNATURE:-true} - INIT_S3_AWS_REGION=${INIT_S3_AWS_REGION:-us-east-1} - - INIT_S3_HOST=${INIT_S3_HOST:-s3.us-east-1.amazonaws.com} + - INIT_S3_HOST=${INIT_S3_HOST:-} - INIT_S3_USE_HTTPS=${INIT_S3_USE_HTTPS:-true} - JWT_PRIVATE_KEY=${JWT_PRIVATE_KEY:?Variable is not set or empty} - SEAFILE_LOG_TO_STDOUT=${SEAFILE_LOG_TO_STDOUT:-false} diff --git a/manual/repo/docker/pro/env b/manual/repo/docker/pro/env index 3f9b9b08..9468fcc6 100644 --- a/manual/repo/docker/pro/env +++ b/manual/repo/docker/pro/env @@ -47,7 +47,7 @@ INIT_S3_KEY_ID= INIT_S3_SECRET_KEY= INIT_S3_USE_V4_SIGNATURE=true INIT_S3_AWS_REGION=us-east-1 -INIT_S3_HOST=s3.us-east-1.amazonaws.com +INIT_S3_HOST= INIT_S3_USE_HTTPS=true # SeaDoc service @@ -76,7 +76,7 @@ SS_MAX_OBJ_CACHE_SIZE=10GB SS_S3_USE_V4_SIGNATURE=false SS_S3_ACCESS_ID= SS_S3_ACCESS_SECRET= -SS_S3_ENDPOINT=s3.us-east-1.amazonaws.com +SS_S3_ENDPOINT= SS_S3_BUCKET= SS_S3_USE_HTTPS=true SS_S3_PATH_STYLE_REQUEST=true diff --git a/manual/repo/docker/pro/seafile-server.yml b/manual/repo/docker/pro/seafile-server.yml index c7013ee3..19aa9666 100644 --- a/manual/repo/docker/pro/seafile-server.yml +++ b/manual/repo/docker/pro/seafile-server.yml @@ -84,7 +84,7 @@ services: - INIT_S3_SECRET_KEY=${INIT_S3_SECRET_KEY:-} - INIT_S3_USE_V4_SIGNATURE=${INIT_S3_USE_V4_SIGNATURE:-true} - INIT_S3_AWS_REGION=${INIT_S3_AWS_REGION:-us-east-1} - - INIT_S3_HOST=${INIT_S3_HOST:-us-east-1} + - INIT_S3_HOST=${INIT_S3_HOST:-} - INIT_S3_USE_HTTPS=${INIT_S3_USE_HTTPS:-true} labels: caddy: ${SEAFILE_SERVER_PROTOCOL:-http}://${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty} diff --git a/manual/repo/docker/pro/seasearch.yml b/manual/repo/docker/pro/seasearch.yml index 84aea0ff..da578933 100644 --- a/manual/repo/docker/pro/seasearch.yml +++ b/manual/repo/docker/pro/seasearch.yml @@ -12,7 +12,7 @@ services: - SS_S3_ACCESS_ID=${SS_S3_ACCESS_ID:-} - SS_S3_USE_V4_SIGNATURE=${SS_S3_USE_V4_SIGNATURE:-false} - SS_S3_ACCESS_SECRET=${SS_S3_ACCESS_SECRET:-} - - SS_S3_ENDPOINT=${SS_S3_ENDPOINT:-s3.us-east-1.amazonaws.com`} + - SS_S3_ENDPOINT=${SS_S3_ENDPOINT:-} - SS_S3_BUCKET=${SS_S3_BUCKET:-} - SS_S3_USE_HTTPS=${SS_S3_USE_HTTPS:-true} - SS_S3_PATH_STYLE_REQUEST=${SS_S3_PATH_STYLE_REQUEST:-true} diff --git a/manual/repo/k8s/cluster/seafile-env.yaml b/manual/repo/k8s/cluster/seafile-env.yaml index f6d94231..f1c5be6f 100644 --- a/manual/repo/k8s/cluster/seafile-env.yaml +++ b/manual/repo/k8s/cluster/seafile-env.yaml @@ -39,5 +39,5 @@ data: INIT_S3_KEY_ID: "" INIT_S3_USE_V4_SIGNATURE: "true" INIT_S3_AWS_REGION: "us-east-1" - INIT_S3_HOST: "s3.us-east-1.amazonaws.com" + INIT_S3_HOST: "" INIT_S3_USE_HTTPS: "true" diff --git a/manual/repo/k8s/pro/seafile-env.yaml b/manual/repo/k8s/pro/seafile-env.yaml index df081aed..9cf8644b 100644 --- a/manual/repo/k8s/pro/seafile-env.yaml +++ b/manual/repo/k8s/pro/seafile-env.yaml @@ -33,5 +33,5 @@ data: INIT_S3_KEY_ID: "" INIT_S3_USE_V4_SIGNATURE: "true" INIT_S3_AWS_REGION: "us-east-1" - INIT_S3_HOST: "s3.us-east-1.amazonaws.com" + INIT_S3_HOST: "" INIT_S3_USE_HTTPS: "true" diff --git a/manual/setup/setup_pro_by_docker.md b/manual/setup/setup_pro_by_docker.md index a2c6ef90..e7ef0f2c 100644 --- a/manual/setup/setup_pro_by_docker.md +++ b/manual/setup/setup_pro_by_docker.md @@ -75,7 +75,7 @@ The following fields merit particular attention: | `INIT_S3_SECRET_KEY` | S3 storage backend secret key (only valid when `INIT_S3_STORAGE_BACKEND_CONFIG` sets to `true`) | (required when `INIT_S3_STORAGE_BACKEND_CONFIG` sets to `true`) | | `INIT_S3_USE_V4_SIGNATURE` | Use the v4 protocol of S3 if enabled (only valid when `INIT_S3_STORAGE_BACKEND_CONFIG` sets to `true`) | `true` | | `INIT_S3_AWS_REGION` | Region of your buckets (only valid when `INIT_S3_STORAGE_BACKEND_CONFIG` and `INIT_S3_USE_V4_SIGNATURE` sets to `true`) | `us-east-1` | -| `INIT_S3_HOST` | Host of your buckets (only valid when `INIT_S3_STORAGE_BACKEND_CONFIG` and `INIT_S3_USE_V4_SIGNATURE` sets to `true`) | `s3.us-east-1.amazonaws.com` | +| `INIT_S3_HOST` | Host of your buckets (only valid when `INIT_S3_STORAGE_BACKEND_CONFIG` and `INIT_S3_USE_V4_SIGNATURE` sets to `true`) | (required when not use AWS) | | `INIT_S3_USE_HTTPS` | Use HTTPS connections to S3 if enabled (only valid when `INIT_S3_STORAGE_BACKEND_CONFIG` sets to `true`) | `true` | To conclude, set the directory permissions of the Elasticsearch volumne: diff --git a/manual/setup/setup_with_s3.md b/manual/setup/setup_with_s3.md index 7f78cc87..c7400f35 100644 --- a/manual/setup/setup_with_s3.md +++ b/manual/setup/setup_with_s3.md @@ -29,7 +29,7 @@ INIT_S3_SECRET_KEY= INIT_S3_USE_V4_SIGNATURE=true INIT_S3_AWS_REGION=us-east-1 # your AWS Region - INIT_S3_HOST=s3.us-east-1.amazonaws.com # your S3 Host + INIT_S3_HOST= # your S3 Host INIT_S3_USE_HTTPS=true ``` diff --git a/manual/setup/use_other_reverse_proxy.md b/manual/setup/use_other_reverse_proxy.md index 54268764..201a26a8 100644 --- a/manual/setup/use_other_reverse_proxy.md +++ b/manual/setup/use_other_reverse_proxy.md @@ -78,7 +78,7 @@ services: - INIT_S3_SECRET_KEY=${INIT_S3_SECRET_KEY:-} - INIT_S3_USE_V4_SIGNATURE=${INIT_S3_USE_V4_SIGNATURE:-true} - INIT_S3_AWS_REGION=${INIT_S3_AWS_REGION:-us-east-1} - - INIT_S3_HOST=${INIT_S3_HOST:-us-east-1} + - INIT_S3_HOST=${INIT_S3_HOST:-} - INIT_S3_USE_HTTPS=${INIT_S3_USE_HTTPS:-true} # please remove the label section depends_on: From 89cb4837d7e11a4fc4bfc8fe8acaccfaa53c75a7 Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Thu, 24 Apr 2025 13:38:18 +0800 Subject: [PATCH 36/58] perf: Priority issues for S3_HOST and S3_AWS_REGION in 12.0 --- manual/setup/setup_with_s3.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/setup/setup_with_s3.md b/manual/setup/setup_with_s3.md index c7400f35..39eeff86 100644 --- a/manual/setup/setup_with_s3.md +++ b/manual/setup/setup_with_s3.md @@ -29,7 +29,7 @@ INIT_S3_SECRET_KEY= INIT_S3_USE_V4_SIGNATURE=true INIT_S3_AWS_REGION=us-east-1 # your AWS Region - INIT_S3_HOST= # your S3 Host + INIT_S3_HOST= # your S3 Host (specify when not use AWS) INIT_S3_USE_HTTPS=true ``` From 36e8ebbd75b21301ac472234e63b0bf294a56b25 Mon Sep 17 00:00:00 2001 From: Ranjiwei <32759763+r350178982@users.noreply.github.com> Date: Fri, 25 Apr 2025 18:11:39 +0800 Subject: [PATCH 37/58] Update sending_email.md (#512) * Update sending_email.md * Update sending_email.md --- manual/config/sending_email.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/manual/config/sending_email.md b/manual/config/sending_email.md index 1670fe6a..8b159ee8 100644 --- a/manual/config/sending_email.md +++ b/manual/config/sending_email.md @@ -65,6 +65,28 @@ interval = 30m ``` +## Add S/MIME signature to email + +If you want the email signed by S/MIME, please add the config in `seahub_settings.py` + + +```python +ENABLE_SMIME = True +SMIME_CERTS_DIR = /opt/seafile/seahub-data/smime-certs # including cert.pem and private_key.pem + +``` +The certificate can be generated by the openssl command, or you can apply to the certificate manufacturer, it is up to you. +For example, generate the certs using the following command: + +``` +mkdir -p /opt/seafile/seahub-data/smime-certs +cd /opt/seafile/seahub-data/smime-certs +openssl req -x509 -newkey rsa:4096 -keyout private_key.pem -outform PEM -out cert.pem -days 3650 -nodes +``` +!!! tip + Some email clients may not verify the email signed by certs generated by command line. So it's better to apply the certs from a manufacture + + ## Customize email messages The simplest way to customize the email messages is setting the `SITE_NAME` variable in `seahub_settings.py`. If it is not enough for your case, you can customize the email templates. From 0031ec2aaaafb2e9c2b1fa25cbe4444412b85ebe Mon Sep 17 00:00:00 2001 From: Jiaqiang Xu Date: Wed, 7 May 2025 15:21:34 +0800 Subject: [PATCH 38/58] Update drive-client-changelog.md 3.0.14 --- manual/changelog/drive-client-changelog.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/manual/changelog/drive-client-changelog.md b/manual/changelog/drive-client-changelog.md index ca75dc7b..85f73974 100644 --- a/manual/changelog/drive-client-changelog.md +++ b/manual/changelog/drive-client-changelog.md @@ -1,5 +1,12 @@ # SeaDrive Client Changelog +### 3.0.14 (2025/05/07) + +* \[win] Avoid potential file overwriting issue after internal metadata is removed by Anti-virus +* \[win] Keep encryption keys after auto-resyncing an encrypted library +* \[win] Enhance handling of pinned files +* \[mac] Auto lock office files when they're opened (requires macOS 15+) + ### 3.0.13 (2025/03/06) * Support PDF previews From 6e2aaf61a7a0ce2a47967da7f6d798c544bf8215 Mon Sep 17 00:00:00 2001 From: Jiaqiang Xu Date: Wed, 7 May 2025 15:22:32 +0800 Subject: [PATCH 39/58] Update drive-client-changelog.md 3.0.14 --- manual/changelog/drive-client-changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/changelog/drive-client-changelog.md b/manual/changelog/drive-client-changelog.md index 85f73974..7eb2ae20 100644 --- a/manual/changelog/drive-client-changelog.md +++ b/manual/changelog/drive-client-changelog.md @@ -3,7 +3,7 @@ ### 3.0.14 (2025/05/07) * \[win] Avoid potential file overwriting issue after internal metadata is removed by Anti-virus -* \[win] Keep encryption keys after auto-resyncing an encrypted library +* \[win] Keep encryption keys after auto-resyncing an encrypted library, when internal metadata is removed by Anti-virus * \[win] Enhance handling of pinned files * \[mac] Auto lock office files when they're opened (requires macOS 15+) From 7201ccdfc1fad596a0a59419d055f0cc7ea8de7f Mon Sep 17 00:00:00 2001 From: Huang Junxiang Date: Thu, 8 May 2025 17:08:48 +0800 Subject: [PATCH 40/58] code bar copy button (#517) --- mkdocs.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mkdocs.yml b/mkdocs.yml index d56c54e9..27a3bd18 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -23,6 +23,8 @@ theme: - search.highlight - search.share - math + - content.code.copy + - content.code.annotate palette: - scheme: default From f868acb5194d3d746fc8ed9591b3c4c960589ea1 Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Fri, 9 May 2025 17:43:25 +0800 Subject: [PATCH 41/58] Update changelog-for-seafile-professional-server.md --- manual/changelog/changelog-for-seafile-professional-server.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/manual/changelog/changelog-for-seafile-professional-server.md b/manual/changelog/changelog-for-seafile-professional-server.md index bb26ffcc..0c40c145 100644 --- a/manual/changelog/changelog-for-seafile-professional-server.md +++ b/manual/changelog/changelog-for-seafile-professional-server.md @@ -8,6 +8,10 @@ Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md) +### 12.0.13 (2025-05-09) + +* Add S/MIME support for emails + ### 12.0.12 (2025-04-21) * [fix] Fix a UI bug in "share admin -> share links" From ed0a710b818319572d7ecc8d510ebd4bd5a46147 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AC=A2=E4=B9=90=E9=A9=AC?= <38058090+SkywalkerSpace@users.noreply.github.com> Date: Wed, 14 May 2025 11:28:23 +0800 Subject: [PATCH 42/58] 12.0 index master (#518) * add index-server * deploy index-server * deploy index-server * rm redis in env * Update distributed_indexing.md * update restore-all-repo command --------- Co-authored-by: Daniel Pan --- manual/extension/distributed_indexing.md | 66 ++++++++++++------- manual/repo/docker/index-server/env | 16 +++++ .../repo/docker/index-server/index-server.yml | 22 +++++++ 3 files changed, 80 insertions(+), 24 deletions(-) create mode 100644 manual/repo/docker/index-server/env create mode 100644 manual/repo/docker/index-server/index-server.yml diff --git a/manual/extension/distributed_indexing.md b/manual/extension/distributed_indexing.md index 0c2923b3..ae167972 100644 --- a/manual/extension/distributed_indexing.md +++ b/manual/extension/distributed_indexing.md @@ -1,8 +1,3 @@ ---- -status: new ---- - - # Distributed indexing If you use a cluster to deploy Seafile, you can use distributed indexing to realize real-time indexing and improve indexing efficiency. The indexing process is as follows: @@ -74,13 +69,27 @@ enabled=false ## Deploy distributed indexing -First, prepare a seafes master node and several seafes slave nodes, the number of slave nodes depends on your needs. Deploy Seafile on these nodes, and copy the configuration files in the `conf` directory from the frontend nodes. The master node and slave nodes do not need to start Seafile, but need to read the configuration files to obtain the necessary information. +First, prepare a seafes master node and several seafes slave nodes, the number of slave nodes depends on your needs. Copy the configuration files in the `conf` directory from the Seafile frontend nodes to `/opt/seafile-data/seafile/conf`. The master node and slave nodes need to read the configuration files to obtain the necessary information. + +Then download `.env` and `index-server.yml` to `/opt/seafile` in all nodes. Modify mysql configurations in `.env`. + +```env +SEAFILE_MYSQL_DB_HOST=127.0.0.1 +SEAFILE_MYSQL_DB_PORT=3306 +SEAFILE_MYSQL_DB_USER=seafile +SEAFILE_MYSQL_DB_PASSWORD=PASSWORD + +CLUSTER_MODE=master +``` + +!!! note + CLUSTER_MODE needs to be configured as master on the master node, and needs to be configured as worker on the slave nodes. Next, create a configuration file `index-master.conf` in the `conf` directory of the master node, e.g. -``` +```conf [DEFAULT] -mq_type=redis # must be redis +mq_type=redis # must be redis [REDIS] server=127.0.0.1 # your redis server host @@ -88,14 +97,18 @@ port=6379 # your redis server port password=xxx # your redis server password, if not password, do not set this item ``` -Execute `./run_index_master.sh [start/stop/restart]` in the `seafile-server-last` directory (or `/scripts` inner the Seafile-docker container) to control the program to start, stop and restart. +Start master node. + +```bash +docker compose up -d +``` Next, create a configuration file `index-slave.conf` in the `conf` directory of all slave nodes, e.g. -``` +```conf [DEFAULT] -mq_type=redis # must be redis -index_workers=2 # number of threads to create/update indexes, you can increase this value according to your needs +mq_type=redis # must be redis +index_workers=2 # number of threads to create/update indexes, you can increase this value according to your needs [REDIS] server=127.0.0.1 # your redis server host @@ -103,25 +116,30 @@ port=6379 # your redis server port password=xxx # your redis server password, if not password, do not set this item ``` -Execute `./run_index_worker.sh [start/stop/restart]` in the `seafile-server-last` directory (or `/scripts` inner the Seafile-docker container) to control the program to start, stop and restart. +Start all slave nodes. -!!! note - - The index worker connects to backend storage directly. You don't need to run seaf-server in index worker node. +```bash +docker compose up -d +``` ## Some commands in distributed indexing -Rebuild search index, execute in the `seafile-server-last` directory (or `/scripts` inner the Seafile-docker container): +Rebuild search index, first execute the command in the Seafile node: -``` -$ ./pro/pro.py search --clear -$ ./run_index_master.sh python-env index_op.py --mode resotre_all_repo +```bash +cd /opt/seafile/seafile-server-last/ +./pro/pro.py search --clear ``` -List the number of indexing tasks currently remaining, execute in the `seafile-server-last` directory (or `/scripts` inner the Seafile-docker container): +Then execute the command in the index-server master node: -``` -$ ./run_index_master.sh python-env index_op.py --mode show_all_task +```bash +docker exec -it index-server bash +/opt/seafile/index-server/index-server.sh restore-all-repo ``` -The above commands need to be run on the master node. +List the number of indexing tasks currently remaining, execute the command in the index-server master node: + +```bash +/opt/seafile/index-server/index-server.sh show-all-task +``` diff --git a/manual/repo/docker/index-server/env b/manual/repo/docker/index-server/env new file mode 100644 index 00000000..463446df --- /dev/null +++ b/manual/repo/docker/index-server/env @@ -0,0 +1,16 @@ +COMPOSE_FILE='index-server.yml' +COMPOSE_PATH_SEPARATOR=',' + + +INDEX_SERVER_IMAGE=seafileltd/index-server:13.0-latest + +SEAFILE_VOLUME=/opt/seafile-data + +SEAFILE_MYSQL_DB_HOST=192.168.0.2 +SEAFILE_MYSQL_DB_PORT=3306 +SEAFILE_MYSQL_DB_USER=seafile +SEAFILE_MYSQL_DB_PASSWORD=PASSWORD + +TIME_ZONE=Etc/UTC + +CLUSTER_MODE=master diff --git a/manual/repo/docker/index-server/index-server.yml b/manual/repo/docker/index-server/index-server.yml new file mode 100644 index 00000000..bc88ae0d --- /dev/null +++ b/manual/repo/docker/index-server/index-server.yml @@ -0,0 +1,22 @@ +services: + + index-server: + image: ${INDEX_SERVER_IMAGE:-seafileltd/index-server:12.0.13-testing} + container_name: index-server + restart: always + volumes: + - ${SEAFILE_VOLUME:-/opt/seafile-data/}:/shared + environment: + - SEAFILE_MYSQL_DB_HOST=${SEAFILE_MYSQL_DB_HOST:-db} + - SEAFILE_MYSQL_DB_PORT=${SEAFILE_MYSQL_DB_PORT:-3306} + - SEAFILE_MYSQL_DB_USER=${SEAFILE_MYSQL_DB_USER:-seafile} + - SEAFILE_MYSQL_DB_PASSWORD=${SEAFILE_MYSQL_DB_PASSWORD:?Variable is not set or empty} + - SEAFILE_MYSQL_DB_SEAFILE_DB_NAME=${SEAFILE_MYSQL_DB_SEAFILE_DB_NAME:-seafile_db} + - TIME_ZONE=${TIME_ZONE:-Etc/UTC} + - CLUSTER_MODE=${CLUSTER_MODE:-master} + networks: + - seafile-net + +networks: + seafile-net: + name: seafile-net From a88afe1e20177ea8b1163d2994dc9790af3618cf Mon Sep 17 00:00:00 2001 From: skywalker Date: Wed, 14 May 2025 11:47:54 +0800 Subject: [PATCH 43/58] wget index-server.yml --- manual/extension/distributed_indexing.md | 13 ++++++++++--- manual/repo/docker/index-server/env | 2 +- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/manual/extension/distributed_indexing.md b/manual/extension/distributed_indexing.md index ae167972..93d05524 100644 --- a/manual/extension/distributed_indexing.md +++ b/manual/extension/distributed_indexing.md @@ -69,9 +69,16 @@ enabled=false ## Deploy distributed indexing -First, prepare a seafes master node and several seafes slave nodes, the number of slave nodes depends on your needs. Copy the configuration files in the `conf` directory from the Seafile frontend nodes to `/opt/seafile-data/seafile/conf`. The master node and slave nodes need to read the configuration files to obtain the necessary information. +First, prepare a seafes master node and several seafes slave nodes, the number of slave nodes depends on your needs. Copy the `seafile.conf` and the `seafevents.conf` in the `conf` directory from the Seafile frontend nodes to `/opt/seafile-data/seafile/conf` in index-server nodes. The master node and slave nodes need to read the configuration files to obtain the necessary information. -Then download `.env` and `index-server.yml` to `/opt/seafile` in all nodes. Modify mysql configurations in `.env`. +Then download `.env` and `index-server.yml` to `/opt/seafile` in all index-server nodes. + +```bash +wget https://manual.seafile.com/12.0/repo/docker/index-server/index-server.yml +wget -O .env https://manual.seafile.com/12.0/repo/docker/index-server/env +``` + +Modify mysql configurations in `.env`. ```env SEAFILE_MYSQL_DB_HOST=127.0.0.1 @@ -83,7 +90,7 @@ CLUSTER_MODE=master ``` !!! note - CLUSTER_MODE needs to be configured as master on the master node, and needs to be configured as worker on the slave nodes. + CLUSTER_MODE needs to be configured as `master` on the master node, and needs to be configured as `worker` on the slave nodes. Next, create a configuration file `index-master.conf` in the `conf` directory of the master node, e.g. diff --git a/manual/repo/docker/index-server/env b/manual/repo/docker/index-server/env index 463446df..bd6d9351 100644 --- a/manual/repo/docker/index-server/env +++ b/manual/repo/docker/index-server/env @@ -2,7 +2,7 @@ COMPOSE_FILE='index-server.yml' COMPOSE_PATH_SEPARATOR=',' -INDEX_SERVER_IMAGE=seafileltd/index-server:13.0-latest +INDEX_SERVER_IMAGE=seafileltd/index-server:12.0.13-testing SEAFILE_VOLUME=/opt/seafile-data From 5cde16c9f388a199596033050ac21434d48c727d Mon Sep 17 00:00:00 2001 From: skywalker Date: Wed, 14 May 2025 13:43:43 +0800 Subject: [PATCH 44/58] update index-server conf --- manual/extension/distributed_indexing.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/manual/extension/distributed_indexing.md b/manual/extension/distributed_indexing.md index 93d05524..1094d6ab 100644 --- a/manual/extension/distributed_indexing.md +++ b/manual/extension/distributed_indexing.md @@ -69,11 +69,17 @@ enabled=false ## Deploy distributed indexing -First, prepare a seafes master node and several seafes slave nodes, the number of slave nodes depends on your needs. Copy the `seafile.conf` and the `seafevents.conf` in the `conf` directory from the Seafile frontend nodes to `/opt/seafile-data/seafile/conf` in index-server nodes. The master node and slave nodes need to read the configuration files to obtain the necessary information. +First, prepare a index-server master node and several index-server slave nodes, the number of slave nodes depends on your needs. Copy the `seafile.conf` and the `seafevents.conf` in the `conf` directory from the Seafile frontend nodes to `/opt/seafile-data/seafile/conf` in index-server nodes. The master node and slave nodes need to read the configuration files to obtain the necessary information. + +```bash +mkdir -p /opt/seafile-data/seafile/conf +mkdir -p /opt/seafile +``` Then download `.env` and `index-server.yml` to `/opt/seafile` in all index-server nodes. ```bash +cd /opt/seafile wget https://manual.seafile.com/12.0/repo/docker/index-server/index-server.yml wget -O .env https://manual.seafile.com/12.0/repo/docker/index-server/env ``` From 2197586cc67d5ae6e52248dcf74ac4f233640a3b Mon Sep 17 00:00:00 2001 From: skywalker Date: Wed, 14 May 2025 14:04:49 +0800 Subject: [PATCH 45/58] update index-worker.conf --- manual/extension/distributed_indexing.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/extension/distributed_indexing.md b/manual/extension/distributed_indexing.md index 1094d6ab..b42763f2 100644 --- a/manual/extension/distributed_indexing.md +++ b/manual/extension/distributed_indexing.md @@ -116,7 +116,7 @@ Start master node. docker compose up -d ``` -Next, create a configuration file `index-slave.conf` in the `conf` directory of all slave nodes, e.g. +Next, create a configuration file `index-worker.conf` in the `conf` directory of all slave nodes, e.g. ```conf [DEFAULT] From cd561e2cc60d2ec44f659fb7d4ca90f415e424b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=AC=A2=E4=B9=90=E9=A9=AC?= <38058090+SkywalkerSpace@users.noreply.github.com> Date: Mon, 19 May 2025 18:55:45 +0800 Subject: [PATCH 46/58] SeaDoc standalone Apache proxy (#519) --- manual/extension/setup_seadoc.md | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/manual/extension/setup_seadoc.md b/manual/extension/setup_seadoc.md index d376abcb..9814c181 100644 --- a/manual/extension/setup_seadoc.md +++ b/manual/extension/setup_seadoc.md @@ -101,6 +101,8 @@ If you deploy Seafile in a cluster or if you deploy Seafile with binary package, 4. Add a reverse proxy for SeaDoc server. In cluster environtment, it means you need to add reverse proxy rules at load balance. Here, we use Nginx as an example (**please replace `127.0.0.1:80` to `host:port` of your Seadoc server**) +=== "Nginx" + ``` ... server { @@ -136,6 +138,20 @@ If you deploy Seafile in a cluster or if you deploy Seafile with binary package, } ``` +=== "Apache" + + ``` + + ProxyPass "http://127.0.0.1:80/" + ProxyPassReverse "http://127.0.0.1:80/" + + + + # Since Apache HTTP Server 2.4.47 + ProxyPass "http://127.0.0.1:80/socket.io/" upgrade=websocket + + ``` + 5. Start SeaDoc server server with the following command ```sh From e3b1aaa3f36185b42d972c0c7044ad87eae7365b Mon Sep 17 00:00:00 2001 From: Huang Junxiang Date: Thu, 22 May 2025 21:42:21 +0800 Subject: [PATCH 47/58] fix: typo error serve -> server (#522) --- manual/extension/setup_seadoc.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/extension/setup_seadoc.md b/manual/extension/setup_seadoc.md index 9814c181..4ee58c42 100644 --- a/manual/extension/setup_seadoc.md +++ b/manual/extension/setup_seadoc.md @@ -25,7 +25,7 @@ The SeaDoc archticture is demonstrated as below: Here is the workflow when a user open sdoc file in browser 1. When a user open a sdoc file in the browser, a file loading request will be sent to Caddy, and Caddy proxy the request to SeaDoc server (see [Seafile instance archticture](../setup/overview.md) for the details). -2. SeaDoc server will send the file's content back if it is already cached, otherwise SeaDoc serve will sends a request to Seafile server. +2. SeaDoc server will send the file's content back if it is already cached, otherwise SeaDoc server will sends a request to Seafile server. 3. Seafile server loads the content, then sends it to SeaDoc server and write it to the cache at the same time. 4. After SeaDoc receives the content, it will be sent to the browser. From 514e659d6851a3b93a19ce7adeda2e60b804a70e Mon Sep 17 00:00:00 2001 From: Huang Junxiang Date: Fri, 23 May 2025 13:40:08 +0800 Subject: [PATCH 48/58] update 12.0 seasearch default image (#523) --- manual/repo/docker/pro/env | 4 ++-- manual/repo/docker/pro/seasearch.yml | 2 +- manual/setup/use_seasearch.md | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/manual/repo/docker/pro/env b/manual/repo/docker/pro/env index 9468fcc6..98e960ee 100644 --- a/manual/repo/docker/pro/env +++ b/manual/repo/docker/pro/env @@ -62,8 +62,8 @@ NOTIFICATION_SERVER_VOLUME=/opt/notification-data # SeaSearch ## Image -#SEASEARCH_IMAGE=seafileltd/seasearch-nomkl:latest # Apple's Chip -SEASEARCH_IMAGE=seafileltd/seasearch:latest +#SEASEARCH_IMAGE=seafileltd/seasearch-nomkl:0.9-latest # Apple's Chip +SEASEARCH_IMAGE=seafileltd/seasearch:0.9-latest ## Storage SS_STORAGE_TYPE=disk # disk (local storage), s3, oss diff --git a/manual/repo/docker/pro/seasearch.yml b/manual/repo/docker/pro/seasearch.yml index da578933..49efccdc 100644 --- a/manual/repo/docker/pro/seasearch.yml +++ b/manual/repo/docker/pro/seasearch.yml @@ -1,6 +1,6 @@ services: seasearch: - image: ${SEASEARCH_IMAGE:-seafileltd/seasearch:latest} + image: ${SEASEARCH_IMAGE:-seafileltd/seasearch:0.9-latest} container_name: seafile-seasearch volumes: - ${SS_DATA_PATH:-/opt/seasearch-data}:/opt/seasearch/data diff --git a/manual/setup/use_seasearch.md b/manual/setup/use_seasearch.md index 2c97dd24..bfc2e8fa 100644 --- a/manual/setup/use_seasearch.md +++ b/manual/setup/use_seasearch.md @@ -33,8 +33,8 @@ We have configured the relevant variables in .env. Here you must pay special att ```sh COMPOSE_FILE='...,seasearch.yml' # ... means other docker-compose files -#SEASEARCH_IMAGE=seafileltd/seasearch-nomkl:latest # for Apple's Chip -SEASEARCH_IMAGE=seafileltd/seasearch:latest +#SEASEARCH_IMAGE=seafileltd/seasearch-nomkl:0.9-latest # for Apple's Chip +SEASEARCH_IMAGE=seafileltd/seasearch:0.9-latest SS_DATA_PATH=/opt/seasearch-data INIT_SS_ADMIN_USER= From 8e3293434190bd0f3994763f839e5be15b7536e1 Mon Sep 17 00:00:00 2001 From: Huang Junxiang Date: Tue, 27 May 2025 14:04:21 +0800 Subject: [PATCH 49/58] fix: use nginx to proxy onlyoffice (#525) --- manual/setup/cluster_deploy_with_k8s.md | 2 +- manual/setup/helm_chart_cluster.md | 2 +- manual/setup/k8s_single_node.md | 2 +- manual/setup/use_other_reverse_proxy.md | 12 ++++++++++++ 4 files changed, 15 insertions(+), 3 deletions(-) diff --git a/manual/setup/cluster_deploy_with_k8s.md b/manual/setup/cluster_deploy_with_k8s.md index d2aedb18..00528ef1 100644 --- a/manual/setup/cluster_deploy_with_k8s.md +++ b/manual/setup/cluster_deploy_with_k8s.md @@ -189,4 +189,4 @@ kubectl delete -f /opt/seafile-k8s-yaml/ -n seafile ## Advanced operations -Please refer from [here](./k8s_advanced_management) for futher advanced operations. +Please refer from [here](./k8s_advanced_management.md) for futher advanced operations. diff --git a/manual/setup/helm_chart_cluster.md b/manual/setup/helm_chart_cluster.md index 6030674f..a38bea09 100644 --- a/manual/setup/helm_chart_cluster.md +++ b/manual/setup/helm_chart_cluster.md @@ -340,4 +340,4 @@ helm delete seafile --namespace seafile ## Advanced operations -Please refer from [here](./k8s_advanced_management) for futher advanced operations. \ No newline at end of file +Please refer from [here](./k8s_advanced_management.md) for futher advanced operations. \ No newline at end of file diff --git a/manual/setup/k8s_single_node.md b/manual/setup/k8s_single_node.md index 81680d5b..2a6a06c7 100644 --- a/manual/setup/k8s_single_node.md +++ b/manual/setup/k8s_single_node.md @@ -123,4 +123,4 @@ kubectl delete -f /opt/seafile-k8s-yaml/ -n seafile ## Advanced operations -Please refer from [here](./k8s_advanced_management) for futher advanced operations. +Please refer from [here](./k8s_advanced_management.md) for futher advanced operations. diff --git a/manual/setup/use_other_reverse_proxy.md b/manual/setup/use_other_reverse_proxy.md index 201a26a8..21d49f3f 100644 --- a/manual/setup/use_other_reverse_proxy.md +++ b/manual/setup/use_other_reverse_proxy.md @@ -160,6 +160,18 @@ Modify `nginx.conf` and add reverse proxy for services ***seafile*** and ***sead ``` === "onlyoffice" ```conf + map $http_x_forwarded_proto $the_scheme { + default $http_x_forwarded_proto; + "" $scheme; + } + map $http_x_forwarded_host $the_host { + default $http_x_forwarded_host; + "" $host; + } + map $http_upgrade $proxy_connection { + default upgrade; + "" close; + } location /onlyofficeds/ { proxy_pass http://127.0.0.1:6233/; proxy_http_version 1.1; From 0477e43ff73929e30a28559ccff7e4960652b8af Mon Sep 17 00:00:00 2001 From: Junxiang Huang Date: Tue, 27 May 2025 17:54:10 +0800 Subject: [PATCH 50/58] fix: cluster by docker for es_host in init --- manual/repo/docker/cluster/seafile-server.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/repo/docker/cluster/seafile-server.yml b/manual/repo/docker/cluster/seafile-server.yml index cd1ad1f4..b64664a9 100644 --- a/manual/repo/docker/cluster/seafile-server.yml +++ b/manual/repo/docker/cluster/seafile-server.yml @@ -18,7 +18,7 @@ services: - CLUSTER_SERVER=true - CLUSTER_INIT_MODE=${CLUSTER_INIT_MODE:-false} - CLUSTER_INIT_MEMCACHED_HOST=${CLUSTER_INIT_MEMCACHED_HOST:-} - - CLUSTER_INIT_ES_HOST=${CLUSTER_INIT_MEMCACHED_HOST:-} + - CLUSTER_INIT_ES_HOST=${CLUSTER_INIT_ES_HOST:-} - CLUSTER_INIT_ES_PORT=${CLUSTER_INIT_ES_PORT:-9200} - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty} - SEAFILE_SERVER_PROTOCOL=${SEAFILE_SERVER_PROTOCOL:-http} From cba17e883e76b10a7b0dba32b77813435fc8856f Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Wed, 28 May 2025 16:01:38 +0800 Subject: [PATCH 51/58] Update changelog-for-seafile-professional-server.md --- .../changelog/changelog-for-seafile-professional-server.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/manual/changelog/changelog-for-seafile-professional-server.md b/manual/changelog/changelog-for-seafile-professional-server.md index 0c40c145..5eed11c9 100644 --- a/manual/changelog/changelog-for-seafile-professional-server.md +++ b/manual/changelog/changelog-for-seafile-professional-server.md @@ -8,6 +8,11 @@ Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md) +### 12.0.14 (2025-05-28) + +* [fix] Fix two stored XSS issues (In rendering terms and conditions and in institution admin page) +* [fix] Do not close the search popover when click a result + ### 12.0.13 (2025-05-09) * Add S/MIME support for emails From 47d023a5923f56ee1df4be35544a0c008110f0ca Mon Sep 17 00:00:00 2001 From: Daniel Pan Date: Thu, 29 May 2025 15:44:51 +0800 Subject: [PATCH 52/58] Update server-changelog.md --- manual/changelog/server-changelog.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/manual/changelog/server-changelog.md b/manual/changelog/server-changelog.md index 6555e119..75ba39a1 100644 --- a/manual/changelog/server-changelog.md +++ b/manual/changelog/server-changelog.md @@ -9,6 +9,14 @@ Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md) +### 12.0.14 (2025-05-29) + +* [fix] Fix two stored XSS issues (In rendering terms and conditions and in institution admin page) +* Add S/MIME support for emails +* [fix] Fix a UI bug in "share admin -> share links" +* [fix] Fix a bug in rendering "system admin -> users" +* Update translations + ### 12.0.11 (2025-03-19) * [fix] Fix a stored XSS issue From 7a7c3f3864b0d7d1be3a0b622f6a70e86a6981d8 Mon Sep 17 00:00:00 2001 From: Huang Junxiang Date: Fri, 30 May 2025 17:34:27 +0800 Subject: [PATCH 53/58] add usage of custom ca certificate with caddy (#530) --- manual/setup/caddy.md | 68 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/manual/setup/caddy.md b/manual/setup/caddy.md index 04d25d7e..e025ec30 100644 --- a/manual/setup/caddy.md +++ b/manual/setup/caddy.md @@ -5,9 +5,77 @@ Caddy is a modern open source web server that mainly binds external traffic and internal services in [seafile docker](./overview.md). In addition to the advantages of traditional proxy components (e.g., *nginx*), Caddy also makes it easier for users to complete the acquisition and update of HTTPS certificates by providing simpler configurations. +## Engage HTTPS by caddy + +We provide two options for enabling HTTPS via *Caddy*, which mainly rely on The caddy docker proxy container from [Lucaslorentz](https://github.com/lucaslorentz/caddy-docker-proxy) supports dynamic configuration with labels: + +- With a automatically generated certificate +- Using a custom (existing) certificate + +### With a automatically generated certificate + To engage HTTPS, users only needs to correctly configure the following fields in `.env`: ```shell SEAFILE_SERVER_PROTOCOL=https SEAFILE_SERVER_HOSTNAME=example.com ``` + +### Using a custom (existing) certificate + +With the `caddy.yml`, a default volume-mount is created: `/opt/seafile-caddy` (as you can change it by modifying `SEAFILE_CADDY_VOLUME` in `.env`). By convention you should provide your certificate & key files in the container host filesystem under `/opt/seafile-caddy/certs/` to make it available to caddy: + +```sh +/opt/seafile-caddy/certs/ +├── cert.pem # xxx.crt in some case +├── key.pem # xxx.key in some case +``` + +!!! tip "Command to generate custom certificates" + With this command, you can generate your own custom certificates: + + ```sh + cd /opt/seafile-caddy/certs + openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./key.pem -out ./cert.pem + ``` + + **Please be aware that custom certicates can not be used for ip-adresses** + +Then modify `seafile-server.yml` to enable your custom certificate, by the way, we strongly recommend you to make a backup of `seafile-server.yml` before doing this: + +```sh +cp seafile-server.yml seafile-server.yml.bak +nano seafile-server.yml +``` + +and + +```yml +services: + ... + seafile: + ... + volumes: + ... + # If you use a self-generated certificate, please add it to the Seafile server trusted directory (i.e. remove the comment symbol below) + # - "/opt/seafile-caddy/certs/cert.pem:/usr/local/share/ca-certificates/cert.crt" + labels: + caddy: ${SEAFILE_SERVER_HOSTNAME:?Variable is not set or empty} # leave this variables only + caddy.tls: "/data/caddy/certs/cert.pem /data/caddy/certs/key.pem" + ... +``` + +!!! warning "DNS resolution must work inside the container" + + If you're using a ***non-public url*** like `my-custom-setup.local`, you have to make sure, that the docker container can resolve this DNS query. If you don't run your own DNS servers, you have to add extras_hosts to your `.yml` file. + +## Modify `seahub_settings.py` and restart the server + +If you enabled HTTPS during initial deployment, you can skip this section (the HTTPS will take effect with the first time startup). + +1. Modify `seahub_settings.py` and change all `http://seafile.example.com` to `https://seafile.example.com`. +2. Restart the server: + +```sh +docker compose down && docker compose up -d +``` From 5d83311026410f16853f00f733531e17440ddf60 Mon Sep 17 00:00:00 2001 From: lian Date: Mon, 9 Jun 2025 11:53:26 +0800 Subject: [PATCH 54/58] Update multi_institutions.md --- manual/config/multi_institutions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/config/multi_institutions.md b/manual/config/multi_institutions.md index 7af0db0d..1298c29e 100644 --- a/manual/config/multi_institutions.md +++ b/manual/config/multi_institutions.md @@ -12,7 +12,7 @@ In `seahub_settings.py`, add `MULTI_INSTITUTION = True` to enable multi-institut ) ``` -!!! tip "Please replease `+=` to `=` if `EXTRA_MIDDLEWARE_CLASSES` or `EXTRA_MIDDLEWARE` is not defined" +!!! tip "Please replease `+=` to `=` if `EXTRA_MIDDLEWARE` is not defined" ## Add institutions and institution admins From 6ab1f36154009e432c5d7d4f2e629bb89abf04c5 Mon Sep 17 00:00:00 2001 From: Jiaqiang Xu Date: Mon, 16 Jun 2025 14:33:41 +0800 Subject: [PATCH 55/58] Update client-changelog.md 9.0.14 --- manual/changelog/client-changelog.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/manual/changelog/client-changelog.md b/manual/changelog/client-changelog.md index 2215fa0b..382fb20a 100644 --- a/manual/changelog/client-changelog.md +++ b/manual/changelog/client-changelog.md @@ -2,6 +2,16 @@ ## 9.0 +### 9.0.14 (2025/06/16) + +* Improve cloud file browser dialog +* Improve icons for system notification area +* Add link to FAQ in file sync error dialog +* Check and notify when client uses wrong key for encryption +* Update some seahub APIs +* Update grandparent modification time when file is updated +* \[win] Skip syncing special legacy folders under Documents ("My Music", "My Pictures" and "My Videos"), to avoid permission errors + ### 9.0.13 (2025/04/02) * \[win] Fix bug that some items of context menu in Windows Explorer don't show up From e259f4a0488a24554dddc884e0492be2172c1d2b Mon Sep 17 00:00:00 2001 From: SkywalkerSpace Date: Thu, 19 Jun 2025 11:00:26 +0800 Subject: [PATCH 56/58] update old sdoc tag --- manual/repo/docker/seadoc/0.8/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manual/repo/docker/seadoc/0.8/docker-compose.yml b/manual/repo/docker/seadoc/0.8/docker-compose.yml index b2f7ef62..726e086f 100644 --- a/manual/repo/docker/seadoc/0.8/docker-compose.yml +++ b/manual/repo/docker/seadoc/0.8/docker-compose.yml @@ -1,7 +1,7 @@ services: sdoc-server: - image: seafileltd/sdoc-server:latest + image: seafileltd/sdoc-server:0.8.0 container_name: sdoc-server ports: - 80:80 From abd3ec035104a730db657acca82ee9eb5fca44d7 Mon Sep 17 00:00:00 2001 From: feiniks <36756310+feiniks@users.noreply.github.com> Date: Mon, 23 Jun 2025 14:42:13 +0800 Subject: [PATCH 57/58] Add fs_id_list_max_threads option (#538) Co-authored-by: yangheran --- manual/config/seafile-conf.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manual/config/seafile-conf.md b/manual/config/seafile-conf.md index 6d709cdf..52b37a37 100644 --- a/manual/config/seafile-conf.md +++ b/manual/config/seafile-conf.md @@ -370,6 +370,12 @@ Go fileserver caches fs objects in memory. On the one hand, it avoids repeated c fs_cache_limit = 100 ``` +Since Pro 12.0.10 version, you can set the max threads of fs-id-list requests. When you download a repo, Seafile client will request fs id list, and you can control the maximum concurrency for handling fs-id-list requests in the go fileserver through `fs_id_list_max_threads` configuration, which defaults to 10. +``` +[fileserver] +fs_id_list_max_threads = 20 +``` + ## Profiling Go Fileserver Performance Since Seafile 9.0.7, you can enable the profile function of go fileserver by adding the following configuration options: From 9387f40415eb36a478de451b4fad1a9ca839eca2 Mon Sep 17 00:00:00 2001 From: Jiaqiang Xu Date: Thu, 26 Jun 2025 17:41:45 +0800 Subject: [PATCH 58/58] Update drive-client-changelog.md 3.0.15 --- manual/changelog/drive-client-changelog.md | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/manual/changelog/drive-client-changelog.md b/manual/changelog/drive-client-changelog.md index 7eb2ae20..818f9976 100644 --- a/manual/changelog/drive-client-changelog.md +++ b/manual/changelog/drive-client-changelog.md @@ -1,5 +1,14 @@ # SeaDrive Client Changelog +### 3.0.15 (2025/06/26) + +* Persist file sync errors over restart +* Save encryption keys for encrypted libraries after delete confirmation "No" +* Increase fs-id-list request timeout to 30 minutes +* Update parent folder modification time when file are updated +* \[mac] Fix memory leaks when removing downloaded items from cache +* \[linux] Add Nautilus extension for GNOME + ### 3.0.14 (2025/05/07) * \[win] Avoid potential file overwriting issue after internal metadata is removed by Anti-virus