diff --git a/manual/deploy/deploy_with_nginx.md b/manual/deploy/deploy_with_nginx.md index a158f4c1..9bfb8439 100644 --- a/manual/deploy/deploy_with_nginx.md +++ b/manual/deploy/deploy_with_nginx.md @@ -21,7 +21,7 @@ If your setup differs from thes requirements, adjust the following instructions ### Installing Nginx -Install Nginx: +Install Nginx using the package repositories: ```bash # CentOS @@ -39,9 +39,26 @@ sudo systemctl start nginx sudo systemctl enable nginx ``` +### Preparing Nginx +The configuration of a proxy server in Nginx differs slightly between CentOS and Debian/Ubuntu. Additionally, the restrictive default settings of SELinux's configuration on CentOS require a modification. -### Configuring Nginx +#### Preparing Nginx on CentOS + +Switch SELinux into permissive mode and perpetuate the setting: + +``` bash +sudo setenforce permissive +sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config +``` + +Create a configuration file for seafile in `/etc/nginx/conf.d`: + +```bash +touch /etc/nginx/conf.d/seafile.conf +``` + +#### Preparing Nginx on Debian/Ubuntu Create a configuration file for seafile in `/etc/nginx/sites-available/`: @@ -58,11 +75,13 @@ rm /etc/nginx/sites-available/default Create a symbolic link: -```` +````bash ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf ```` -Copy the following sample Nginx config file into `/etc/nginx/sites-available/seafile.conf` and modify the content to fit your needs: +### Configuring Nginx + +Copy the following sample Nginx config file into the just created `seafile.conf` and modify the content to fit your needs: ```nginx @@ -141,28 +160,16 @@ The following options must be modified in the CONF file: Optional customizable options in the seafile.conf are: -* Server listening port (listen)- if Seafile server should be available on a non-standard port +* Server listening port (listen) - if Seafile server should be available on a non-standard port * Proxy pass for location / - if Seahub is configured to start on a different port than 8000 * Proxy pass for location /seafhttp - if seaf-server is configured to start on a different port than 8082 * Maximum allowed size of the client request body (client_max_body_size) -The default value for `client_max_body_size` is 1M. Uploading larger files bigger will result in an error message HTTP error code 413 ("Request Entity Too Large"). It is recommended to syncronize the value of client_max_body_size with the parameter `max_upload_size` in section `[fileserver]` of [seafile.conf](../config/seafile-conf.md). Optionally, the value can also be set to 0 to disable this feature. +The default value for `client_max_body_size` is 1M. Uploading larger files will result in an error message HTTP error code 413 ("Request Entity Too Large"). It is recommended to syncronize the value of client_max_body_size with the parameter `max_upload_size` in section `[fileserver]` of [seafile.conf](../config/seafile-conf.md). Optionally, the value can also be set to 0 to disable this feature. Client uploads are only partly effected by this limit. With a limit of 100 MiB they can safely upload files of any size. -Client uploads are only partly effected by this limit. With a limit of 100 MiB they can safely upload files of any size. - -Note for very large files (> 4GB): By default Nginx will buffer large request bodies in temp files. After the body is completely received, Nginx will send the body to the upstream server (seaf-server in our case). But it seems when the file size is very large, the buffering mechanism dosen't work well. It may stop proxying the body in the middle. So if you want to support file uploads larger than 4GB, we suggest to install Nginx version >= 1.8.0 and add the following options to Nginx config file: - -```nginx - location /seafhttp { - ... ... - proxy_request_buffering off; - } -``` - -Finally, make sure your seafile.conf does not contain syntax error and restart Nginx for the configuration changes to take effect: +Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect: ```bash -# CentOS/Debian/Ubuntu nginx -t nginx -s reload ``` @@ -175,18 +182,30 @@ The `SERVICE_URL` in [ccnet.conf](../config/ccnet-conf.md) informs Seafile about SERVICE_URL = http://seafile.example.com ``` -Note: The`SERVICE_URL` can also be modified in Seahub via System Admininstration > Settings. If `SERVICE_URL` is configured via System Admin and in ccnet.conf, the value System Admin will take precedence. +Note: The`SERVICE_URL` can also be modified in Seahub via System Admininstration > Settings. If `SERVICE_URL` is configured via System Admin and in ccnet.conf, the value in System Admin will take precedence. ### Modifying seahub_settings.py -The `FILE_SERVER_ROOT` in [seahub_settings.py](../config/seahub_settings_py/) informs Seafile about the location of and the protocol used by the file server. Change the `FILE_SERVER_ROOT`so as to correspond to your host name (the `http://`and the trailing `/seafhttp`must not be removed): +The `FILE_SERVER_ROOT` in [seahub_settings.py](../config/seahub_settings_py/) informs Seafile about the location of and the protocol used by the file server. Change the `FILE_SERVER_ROOT`so as to correspond to your host name (the `http://`and the trailing `/seafhttp` must not be removed): ```python FILE_SERVER_ROOT = 'http://seafile.example.com/seafhttp' ``` -Note: The`FILE_SERVER_ROOT` can also be modified in Seahub via System Admininstration > Settings. If `FILE_SERVER_ROOT` is configured via System Admin and in seahub_settings.py, the value System Admin will take precedence. +Note: The`FILE_SERVER_ROOT` can also be modified in Seahub via System Admininstration > Settings. If `FILE_SERVER_ROOT` is configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence. + +### Modifying seafile.conf + +To improve security, the file server should only be accessible via Nginx. + +Add the following line in the [fileserver] block on `seafile.conf` in `/opt/seafile/conf`: + +``` +host = 127.0.0.1 ## default port 0.0.0.0 +``` + +After his change, the file server only accepts requests from Nginx. ### Starting Seafile and Seahub diff --git a/manual/deploy/https_with_nginx.md b/manual/deploy/https_with_nginx.md index 9b1c713e..a1033ec4 100644 --- a/manual/deploy/https_with_nginx.md +++ b/manual/deploy/https_with_nginx.md @@ -1,79 +1,102 @@ # Enabling Https with Nginx -Here we suggest you use [Let’s Encrypt](https://letsencrypt.org/getting-started/) to get a certificate from a Certificate Authority (CA). If you use a paid ssl certificate from some authority, just skip the first step. +When using HTTPS, traffic from and to Seafile Server is encrypted. HTTPS requires a SSL certificate from a Certificate Authority (CA). -### Generate SSL certificate +For production use, HTTPS is imperative. -For users who use Let’s Encrypt, you can obtain a valid certificate via [Certbot ACME client](https://certbot.eff.org/) +Unless you already have a SSL certificate, we recommend that you get your SSL certificate from [Let’s Encrypt](https://letsencrypt.org/). If you have a SSL certificate from another CA, skip the section "Getting a Let's Encrypt certificate". -On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages. +## Setup + +The configuration of Seafile behind Nginx as a reverse proxy is demonstrated using the sample host name `seafile.example.com`. + +These instructions assume the following requirements: + +* Seafile Server Community Edition/Professional Edition and [Nginx](deploy_with_nginx.md) were set up according to the instructions in this manual +* A host name points at the IP address of the server and the server is available on port 80 and 443 + +If your setup differs from thes requirements, adjust the following instructions accordingly. + +### Getting a Let's Encrypt certificate + +Getting a Let's Encrypt certificate is straightforward thanks to [Certbot](https://certbot.eff.org/). Certbot is a free, open source software tool for requesting, receiving, and renewing Let's Encrypt certificates. + +First, go to the [Certbot](https://certbot.eff.org/) website and choose your webserver and OS. +![grafik](../images/certbot.png) + +Second, follow the detailed instructions then shown. + +![grafik](../images/certbot-step2.png) + + + +We recommend that you get just a certificate and that you modify the Nginx configuration yourself: ```bash -sudo apt-get update -sudo apt-get install software-properties-common -sudo add-apt-repository ppa:certbot/certbot -sudo apt-get update -sudo apt-get install python-certbot-nginx +sudo certbot certonly --nginx ``` -Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs: +Follow the instructions on the screen. -```bash -sudo certbot --nginx -``` +Upon successful verification, Certbot saves the certificate files in a directory named after the host name in ```/etc/letsencrypt/live```. -Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand: +### Enabling SSL module of Nginx (optional) -```bash -sudo certbot --nginx certonly -``` - -To learn more about how to use Certbot you can read threir [documentation](https://certbot.eff.org/docs/). - -> If you're using a custom CA to sign your SSL certificate, you have to enable certificate revocation list (CRL) in your certificate. Otherwise http syncing on Windows client may not work. See [this thread](https://forum.seafile-server.org/t/https-syncing-on-windows-machine-using-custom-ca/898) for more information. - -### Enable SSL module of Nginx (optional) - -If your Nginx does not support SSL, you need to recompile it, the commands are as follows: +If your Nginx does not support SSL, you need to recompile it. Use the following command: ```bash ./configure --with-http_stub_status_module --with-http_ssl_module make && make install ``` -### Modify Nginx configuration file +### Modifying Nginx configuration file -Assume you have configured nginx as [Deploy-Seafile-with-nginx](deploy_with_nginx.md). To use https, you need to modify your nginx configuration file. +Add an server block for port 443 and a http-to-https redirect to the `seafile.conf` configuration file in `/etc/nginx`. + +This is a (shortened) sample configuration for the host name seafile.example.com: ```nginx +log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time'; + server { listen 80; server_name seafile.example.com; - rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https + rewrite ^ https://$http_host$request_uri? permanent; # forced http to https redirect - # Enables or disables emitting nginx version on error pages and in the "Server" response header field. - server_tokens off; + server_tokens off; # Enables or disables emitting nginx version on error pages and in the "Server" response header field } server { listen 443; ssl on; - ssl_certificate /etc/ssl/cacert.pem; # path to your cacert.pem - ssl_certificate_key /etc/ssl/privkey.pem; # path to your privkey.pem + ssl_certificate /etc/letsencrypt/live/seafile.example.com/fullchain.pem; # path to your fullchain.pem + ssl_certificate_key /etc/letsencrypt/live/seafile.example.com/privkey.pem; # path to your privkey.pem server_name seafile.example.com; server_tokens off; - # ...... - proxy_pass http://127.0.0.1:8000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Host $server_name; - proxy_set_header X-Forwarded-Proto https; + + location / { + proxy_pass http://127.0.0.1:8000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; + proxy_read_timeout 1200s; + + proxy_set_header X-Forwarded-Proto https; + +... # No changes beyond this point compared to the Nginx configuration without HTTPS - proxy_read_timeout 1200s; -} ``` +Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect: + +``` +nginx -t +nginx -s reload +``` + + + ### Sample configuration file #### Generate DH params @@ -191,52 +214,40 @@ If you have WebDAV enabled it is recommended to add the same: } ``` -### Reload Nginx -```bash - nginx -s reload -``` +### Modifying ccnet.conf -## Modify settings to use https - -### ccnet conf - -Since you changed from http to https, you need to modify the value of `SERVICE_URL` in [ccnet.conf](../config/ccnet-conf.md). You can also modify `SERVICE_URL` via web UI in "System Admin->Settings". (**Warning**: If you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.) +Modify the `SERVICE_URL` in [ccnet.conf](../config/ccnet-conf.md) to account for the switch from HTTP to HTTPS. ```bash SERVICE_URL = https://seafile.example.com ``` -### seahub_settings.py +Note: The`SERVICE_URL` can also be modified in Seahub via System Admininstration > Settings. If `SERVICE_URL` is configured via System Admin and in ccnet.conf, the value in System Admin will take precedence. -You need to add a line in seahub_settings.py to set the value of `FILE_SERVER_ROOT`. You can also modify `FILE_SERVER_ROOT` via web UI in "System Admin->Settings". (**Warning**: If you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.) +### Modifying seahub_settings.py + +Modify the `FILE_SERVER_ROOT` in [seahub_settings.py](../config/seahub_settings_py/) to account for the switch from HTTP to HTTPS. ```python FILE_SERVER_ROOT = 'https://seafile.example.com/seafhttp' ``` -### Change Seafile config +Note: The`FILE_SERVER_ROOT` can also be modified in Seahub via System Admininstration > Settings. If `FILE_SERVER_ROOT` is configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence. -Update the [configuration](../config/seafile-conf.md#seafile-fileserver-configuration -) of seafile fileserver is in the `[fileserver]` section of the file `seafile.conf` to local ip `127.0.0.1` +### Starting Seafile and Seahub -``` -[fileserver] -# bind address for fileserver -# default to 0.0.0.0, if deployed without proxy: no access restriction -# set to 127.0.0.1, if used with local proxy: only access by local -host = 127.0.0.1 -``` - -## Start Seafile and Seahub +Restart the seaf-server and Seahub for the config changes to take effect: ```bash -./seafile.sh start -./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi +su seafile +cd /opt/seafile/seafile-server-latest +./seafile.sh restart +./seahub.sh restart # or "./seahub.sh start-fastcgi" if you're using fastcgi ``` ## Additional modern settings for nginx (optional) -### Activate IPv6 +### Activating IPv6 Require IPv6 on server otherwise the server will not start! Also the AAAA dns record is required for IPv6 usage. @@ -245,7 +256,7 @@ listen 443; listen [::]:443; ``` -### Activate HTTP2 +### Activating HTTP2 Activate HTTP2 for more performance. Only available for SSL and nginx version>=1.9.5. Simply add `http2`. ```nginx @@ -262,7 +273,7 @@ Add the HSTS header. If you already visited the https version the next time your add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ``` -### Obfuscate nginx version +### Obfuscating nginx version Disable exact server version in header. Prevent scans for vulnerable server. **This should be added to every server block, as it shall obfuscate the version of nginx.** diff --git a/manual/deploy/using_mysql.md b/manual/deploy/using_mysql.md index 87a49de8..f1e83289 100644 --- a/manual/deploy/using_mysql.md +++ b/manual/deploy/using_mysql.md @@ -1,73 +1,295 @@ -# Deploying Seafile with MySQL +# Deployment of Seafile Server Community Edition with MySQL/MariaDB -This manual explains how to setup and run Seafile server from a pre-built package with MySQL. +This manual explains how to deploy and run Seafile server on a Linux server from a pre-built package using MySQL/MariaDB as database. The deployment has been tested for Debian/Ubuntu and CentOS, but Seafile should also work on other Linux distributions. -**Tip:** If you are deploying the Seafile service for the first time, we recommend that you use an [automatic installation script](https://github.com/haiwen/seafile-server-installer) to quickly deploy a Seafile service. +**Tip:** If you have little experience with Seafile Server, we recommend that you use an [installation script](https://github.com/haiwen/seafile-server-installer) for deploying Seafile. -## Download +## Requirements -[Download](https://www.seafile.com/en/download) the latest server package. +Seafile Server Community Edition (Seafile CE) for x86 architecture requires a minimum of 2 cores and 2GB RAM. -## Deploying and Directory Layout +There is a community-supported package for the installation on Raspberry Pi. -Supposed you have downloaded `seafile-server_*` into `/opt/seafile/`. We suggest you to use the following layout for your deployment: +## Setup + +Seafile prior to and including Seafile 7.0 use Python 2. More recent versions rely on Python 3. + +### Installing and preparing the SQL database + +Seafile supports MySQL and MariaDB. We recommend that you use the preferred SQL database management engine included in the package repositories of your distribution. This means: + +* CentOS and Debian: MariaDB +* Ubuntu: MySQL + +You can find step-by-step how-tos for installing MySQL and MariaDB in the [tutorials on the Digital Ocean website](https://www.digitalocean.com/community/tutorials). + +Seafile uses the mysql_native_password plugin for authentication. The versions of MySQL and MariaDB installed on CentOS 8, Debian 10, and Ubuntu 20.04 use a different authentication plugin by default. It is therefore required to change to authentication plugin to mysql_native_password for the root user prior to the installation of Seafile. The above mentioned tutorials explain how to do it. + +### Installing prerequisites + +**For Seafile 7.0.x** + +``` +# Ubuntu 16.04 +sudo apt-get update +sudo apt-get install python2.7 python-setuptools python-mysqldb python-urllib3 python-ldap -y + +``` + +``` +# CentOS 7 +sudo yum install python python-setuptools MySQL-python python-urllib3 python-ldap -y + +``` + +**For Seafile 7.1.x** + +``` +# Debian 10/Ubuntu 18.04 +sudo apt-get update +sudo apt-get install python3 python3-setuptools python3-pip -y + +sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.3.8 \ + django-pylibmc django-simple-captcha python3-ldap + +``` + +``` +# Ubuntu 20.04 +sudo apt-get update +sudo apt-get install python3 python3-setuptools python3-pip memcached libmemcached-dev -y + +sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.3.8 \ + django-pylibmc django-simple-captcha python3-ldap +``` + +``` +# CentOS 8 +sudo yum install python3 python3-setuptools python3-pip -y + +sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.3.8 \ + django-pylibmc django-simple-captcha python3-ldap + +``` + +**For Seafile 8.0.x** + +``` +# Debian 10 +sudo apt-get update +sudo apt-get install python3 python3-setuptools python3-pip default-libmysqlclient-dev -y + +sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \ + django-pylibmc django-simple-captcha python3-ldap mysqlclient + +``` + +``` +# Ubuntu 18.04 +sudo apt-get update +sudo apt-get install python3 python3-setuptools python3-pip -y + +sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \ + django-pylibmc django-simple-captcha python3-ldap + +``` + +``` +# Ubuntu 20.04 +sudo apt-get update +sudo apt-get install python3 python3-setuptools python3-pip libmysqlclient-dev memcached libmemcached-dev -y + +sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \ + django-pylibmc django-simple-captcha python3-ldap mysqlclient +``` + + + +``` +# CentOS 8 +sudo yum install python3 python3-setuptools python3-pip python3-devel mysql-devel gcc -y + +sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \ + django-pylibmc django-simple-captcha python3-ldap mysqlclient + +``` + +### Creating the programm directory + +The standard directory for Seafile's program files is `/opt/seafile`. Create this directory and change into it: ``` mkdir /opt/seafile -mv seafile-server_* /opt/seafile cd /opt/seafile -# after moving seafile-server_* to this directory -tar -xzf seafile-server_* -mkdir installed -mv seafile-server_* installed +``` + +The program directory can be changed. The standard directory `/opt/seafile` is assumed for the rest of this manual. If you decide to put Seafile in another directory, modify the commands accordingly. + +### Creating user seafile + +It is good practice not to run applications as root. + +Create a new user and follow the instructions on the screen: + +``` +adduser seafile +``` + +Change ownership of the created directory to the new user: + +``` +chown -R seafile: /opt/seafile +``` + +All the following steps are done as user seafile. + +Change to user seafile: + +``` +su seafile +``` + +### Downloading the install package + +Download the install package from the [download page](https://www.seafile.com/en/download/) on Seafile's website using wget: + +We use Seafile CE version 8.0.4 as an example in the rest of this manual. + +### Uncompressing the package + +The install package is downloaded as a compressed tarball which needs to be uncompressed. + +Uncompress the package using tar: + +``` +tar xf seafile-server_8.0.4_x86-64.tar.gz +``` + +Now you have: + +``` +#tree -L 2 +. +├── seafile-server-8.0.4 +│   ├── check_init_admin.py +│   ├── reset-admin.sh +│   ├── runtime +│   ├── seaf-fsck.sh +│   ├── seaf-fuse.sh +│   ├── seaf-gc.sh +│   ├── seafile +│   ├── seafile.sh +│   ├── seahub +│   ├── seahub.sh +│   ├── setup-seafile-mysql.py +│   ├── setup-seafile-mysql.sh +│   ├── setup-seafile.sh +│   ├── sql +│   └── upgrade +└── seafile-server_8.0.4_x86-64.tar.gz ``` -Now you should have the following directory layout +### Setting up Seafile CE -``` -#tree seafile -L 2 -seafile -├── installed -│   └── seafile-server_7.0.0_x86-64.tar.gz -└── seafile-server-7.0.0 - ├── reset-admin.sh - ├── runtime - ├── seafile - ├── seafile.sh - ├── seahub - ├── seahub.sh - ├── setup-seafile-mysql.sh - └── upgrade - -``` - -The benefit of this layout is that: - -* We can place all the config files for Seafile server inside `/opt/seafile/conf` directory, making it easier to manage. -* When you upgrade to a new version of Seafile, you can simply untar the latest package into `/opt/seafile` directory. In this way you can reuse the existing config files in `/opt/seafile` directory and don't need to configure again. - -## Prepare MySQL Databases - -Three components of Seafile Server need their own databases: +The install package comes with a script that sets Seafile up for you. Specifically, the script creates the required directories and extracts all files in the right place. It can also create a MySQL user and the three databases that [Seafile's components](../overview/components.md) require : * ccnet server * seafile server * seahub -See [Seafile Server Components Overview](../overview/components.md) if you want to know more about the Seafile server components. +Note: While ccnet server was merged into the seafile-server in Seafile 8.0, the corresponding database is still required for the time being. -There are two ways to intialize the databases: +Run the script as user seafile: -* let the `setup-seafile-mysql.sh` script create the databases for you. -* create the databases by yourself, or someone else (the database admin, for example) +``` +cd seafile-server-8.0.4 +./setup-seafile-mysql.sh -We recommend the first way. The script would ask you for the root password of the mysql server, and it will create: +``` -* database for ccnet/seafile/seahub. -* a new user to access these databases +Configure your Seafile Server by specifying the following three parameters: -However, sometimes you have to use the second way. If you don't have the root password, you need someone who has the privileges, e.g., the database admin, to create the three databases, as well as a mysql user who can access the three databases for you. For example, to create three databases: `ccnet_db` / `seafile_db` / `seahub_db` for ccnet/seafile/seahub respectively, and a mysql user "seafile" to access these databases run the following SQL queries: +| Option | Description | Note | +| --------------------- | ---------------------------------------------------- | ------------------------------------------------------------ | +| server name | Name of the Seafile Server | 3-15 characters, only English letters, digits and underscore ('\_') are allowed | +| server's ip or domain | IP address or domain name used by the Seafile Server | Seafile client program will access the server using this address | +| fileserver port | TCP port used by the Seafile fileserver | Default port is 8082, it is recommended to use this port and to only change it if is used by other service | + + + +In the next step, choose whether to create new databases for Seafile or to use existing databases. The creation of new databases requires the root password for the SQL server. + +![grafik](../images/seafile-setup-database.png) + +When choosing "\[1] Create new ccnet/seafile/seahub databases", the script creates these databases and a MySQL user that Seafile Server will use to access them. To this effect, you need to answer these questions: + +| Question | Description | Note | +| ------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | +| mysql server host | Host address of the MySQL server | Default is localhost | +| mysql server port | TCP port used by the MySQL server | Default port is 3306; almost every MySQL server uses this port | +| mysql root password | Password of the MySQL root account | The root password is required to create new databases and a MySQL user | +| mysql user for Seafile | MySQL user created by the script, used by Seafile's components to access the databases | Default is seafile; the user is created unless it exists | +| mysql password for Seafile user | Password for the user above, written in Seafile's config files | Percent sign ('%') is not allowed | +| database name | Name of the database used by ccnet | Default is "ccnet-db", the database is created if it does not exist | +| seafile database name | Name of the database used by Seafile | Default is "seafile-db", the database is created if it does not exist | +| seahub database name | Name of the database used by seahub | Default is "seahub-db", the database is created if it does not exist | + +When choosing "\[2] Use existing ccnet/seafile/seahub databases", this are the prompts you need to answer: + +| Question | Description | Note | +| ------------------------------- | ------------------------------------------------------------ | ------------------------------------------------------------ | +| mysql server host | Host address of the MySQL server | Default is localhost | +| mysql server port | TCP port used by MySQL server | Default port is 3306; almost every MySQL server uses this port | +| mysql user for Seafile | User used by Seafile's components to access the databases | The user must exists | +| mysql password for Seafile user | Password for the user above | | +| ccnet database name | Name of the database used by ccnet, default is "ccnet-db" | The database must exist | +| seafile database name | Name of the database used by Seafile, default is "seafile-db" | The database must exist | +| seahub dabase name | Name of the database used by Seahub, default is "seahub-db" | The database must exist | + +If the setup is successful, you see the following output: + +![grafik](../images/seafile-setup-output.png) + +The directory layout then looks as follows: + +```sh +$ tree /opt/seafile -L 2 +seafile +├── ccnet +├── conf +│ └── ccnet.conf +│ └── gunicorn.conf.py +│ └── seafdav.conf +│ └── seafile.conf +│ └── seahub_settings.py +├── seafile-data +│ └── library-template +├── seafile-server-8.0.4 +│ └── check_init_admin.py +│   ├── reset-admin.sh +│   ├── runtime +│ └── seaf-fsck.sh +│ └── seaf-gc.sh +│   ├── seafile +│   ├── seafile.sh +│   ├── seahub +│   ├── seahub.sh +│ └── setup-seafile-mysql.py +│   ├── setup-seafile-mysql.sh +│ └── sql +│   └── upgrade +├── seafile-server-latest -> seafile-server-8.0.6 +├── seahub-data +│   └── avatars + +``` + +The folder `seafile-server-latest` is a symbolic link to the current Seafile Server folder. When later you upgrade to a new version, the upgrade scripts update this link to point to the latest Seafile Server folder. + + + +Note: If you don't have the root password, you need someone who has the privileges, e.g., the database admin, to create the three databases required by Seafile, as well as a MySQL user who can access the databases. For example, to create three databases `ccnet_db` / `seafile_db` / `seahub_db` for ccnet/seafile/seahub respectively, and a MySQL user "seafile" to access these databases run the following SQL queries: ``` create database `ccnet_db` character set = 'utf8'; @@ -82,202 +304,32 @@ GRANT ALL PRIVILEGES ON `seahub_db`.* to `seafile`@localhost; ``` -## Setting Up Seafile Server +### Tweaking conf files -### Prerequisites +Seafile's config files as created by the setup script are prepared for Seafile running behind a reverse proxy. -The Seafile server package requires the following packages to be installed on your system: +To access Seafile's web interface and to create working sharing links without a reverse proxy, you need to modify two configuration files in `/opt/seafile/conf`: -**For Seafile 7.0.x** +* ccnet.conf: Add port 8000 to the `SERVICE_URL` (i.e., SERVICE_URL = http://1.2.3.4:8000/) +* gunicorn.conf.py: Change the bind to "0.0.0.0:8000" (i.e., bind = "0.0.0.0:8000") + +## Starting Seafile Server + +Run the following commands in `/opt/seafile-server-latest`: ``` -# on Ubuntu 16.04 -apt-get update -apt-get install python2.7 python-setuptools python-mysqldb python-urllib3 python-ldap -y +./seafile.sh start # starts seaf-server +./seahub.sh start # starts seahub ``` -``` -# on CentOS 7 -yum install python python-setuptools MySQL-python python-urllib3 python-ldap -y +The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password. -``` +Now you can access Seafile via the web interface at the host address and port 8000 (e.g., http://1.2.3.4:8000) -**For Seafile 7.1.x** +Note: On CentOS, the firewall blocks traffic on port 8000 by default. -``` -# on Debian 10/Ubuntu 18.04 -apt-get update -apt-get install python3 python3-setuptools python3-pip -y - -pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.3.8 \ - django-pylibmc django-simple-captcha python3-ldap - -``` - -``` -# on CentOS 8 -yum install python3 python3-setuptools python3-pip -y - -pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.3.8 \ - django-pylibmc django-simple-captcha python3-ldap - -``` - -**For Seafile 8.0.x** - -``` -# on Debian 10/Ubuntu 18.04 -apt-get update -apt-get install python3 python3-setuptools python3-pip -y - -pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \ - django-pylibmc django-simple-captcha python3-ldap - -``` - -``` -# on CentOS 8 -yum install python3 python3-setuptools python3-pip -y - -pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \ - django-pylibmc django-simple-captcha python3-ldap - -``` - -### Setup - -``` -cd seafile-server-* -./setup-seafile-mysql.sh # run the setup script & answer prompted questions - -``` - -If some of the prerequisites are not installed, the Seafile initialization script will ask you to install them. - -The script will guide you through the settings of various configuration options. - -** Seafile configuration options ** - -| Option | Description | Note | -| ------------------- | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- | -| server name | Name of this seafile server | 3-15 characters, only English letters, digits and underscore ('\_') are allowed | -| server ip or domain | The IP address or domain name used by this server | Seafile client program will access the server with this address | -| seafile data dir | Seafile stores your data in this directory. By default it'll be placed in the current directory. | The size of this directory will increase as you put more and more data into Seafile. Please select a disk partition with enough free space. | -| fileserver port | The TCP port used by Seafile fileserver | Default is 8082. If it's been used by other service, you can set it to another port. | - -At this moment, you will be asked to choose a way to initialize Seafile databases: - -```sh -------------------------------------------------------- -Please choose a way to initialize Seafile databases: -------------------------------------------------------- - -[1] Create new ccnet/seafile/seahub databases -[2] Use existing ccnet/seafile/seahub databases - -``` - -Which one to choose depends on if you have the root password. - -* If you choose "1", you need to provide the root password. The script would create the databases and a new user to access the databases -* If you choose "2", the ccnet/seafile/seahub databases must have already been created, either by you, or someone else. - -If you choose "\[1] Create new ccnet/seafile/seahub databases", you would be asked these questions: - -| Question | Description | Note | -| ------------------------------- | ----------------------------------------------------------------- | -------------------------------------------------------------------- | -| mysql server host | the host address of the mysql server | the default is localhost | -| mysql server port | the port of the mysql server | the default is 3306. Almost every mysql server uses this port. | -| root password | the password of mysql root account | the root password is required to create new databases and a new user | -| mysql user for Seafile | the username for Seafile programs to use to access MySQL server | if the user does not exist, it would be created | -| password for Seafile mysql user | the password for the user above | | -| ccnet dabase name | the name of the database used by ccnet, default is "ccnet_db" | the database would be created if not existing | -| seafile dabase name | the name of the database used by Seafile, default is "seafile_db" | the database would be created if not existing | -| seahub dabase name | the name of the database used by seahub, default is "seahub_db" | the database would be created if not existing | - -If you choose "\[2] Use existing ccnet/seafile/seahub databases", you would be asked these questions: - -** related questions for "Use existing ccnet/seafile/seahub databases" ** - -| Question | Description | Note | -| ------------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------------- | -| mysql server host | the host address of the mysql server | the default is localhost | -| mysql server port | the port of the mysql server | the default is 3306. Almost every mysql server uses this port | -| mysql user for Seafile | the user for Seafile programs to use to access MySQL server | the user must already exists | -| password for Seafile mysql user | the password for the user above | | -| ccnet dabase name | the name of the database used by ccnet, default is "ccnet-db" | this database must already exist | -| seafile dabase name | the name of the database used by Seafile, default is "seafile-db" | this database must already exist | -| seahub dabase name | the name of the database used by Seahub, default is "seahub-db" | this database must already exist | - -If the setup is successful, you'll see the following output - -![server-setup-succesfully](../images/Server-setup-successfully.png) - -Now you should have the following directory layout : - -```sh -#tree seafile -L 2 -seafile -├── ccnet # configuration files -│   ├── mykey.peer -│   ├── PeerMgr -│   └── seafile.ini -├── conf -│ └── ccnet.conf -│ └── seafile.conf -│ └── seahub_settings.py -│ └── gunicorn.conf -├── installed -│   └── seafile-server_7.0.0_x86-64.tar.gz -├── seafile-data -├── seafile-server-7.0.0 # active version -│   ├── reset-admin.sh -│   ├── runtime -│   ├── seafile -│   ├── seafile.sh -│   ├── seahub -│   ├── seahub.sh -│   ├── setup-seafile-mysql.sh -│   └── upgrade -├── seafile-server-latest # symbolic link to seafile-server-7.0.0 -├── seahub-data -│   └── avatars - -``` - -The folder `seafile-server-latest` is a symbolic link to the current Seafile server folder. When later you upgrade to a new version, the upgrade scripts update this link to point to the latest Seafile Server folder. - -## Running Seafile Server - -### Starting Seafile Server and Seahub Website - -Under seafile-server-latest directory, run the following commands - -``` -./seafile.sh start # Start Seafile service -./seahub.sh start # Start seahub website, port defaults to 127.0.0.1:8000 - -``` - -The first time you start Seahub, the script would prompt you to create an admin account for your Seafile Server. - -**Note:** The Seahub service listens on `127.0.0.1:8000` by default. So we recommend that you deploy a reverse proxy service so that other users can access the Seahub service. - -### Deploy a reverse proxy service - -You can choose [Apache](deploy_with_apache.md) or [Nginx](deploy_with_nginx.md) as the reverse proxy service. - -After deployed the reverse proxy service, you may open a web browser and visit Seafile web interface at (assume your server IP is 192.168.1.111): - -``` -http://192.168.1.111/ - -``` - -Congratulations! Now you have successfully setup your private Seafile Server. - -### Run Seahub on another port +### Running Seahub on another port If you want to run Seahub on a port other than the default 8000, say 8001, you must modify the `conf/gunicorn.conf`: @@ -287,11 +339,31 @@ bind = "0.0.0.0:8001" ``` -Then restart Seafile service: +Then restart the services: ``` -./seafile.sh restart -./seahub.sh restart +./seafile.sh restart # restarts seaf-server +./seahub.sh restart # restarts seahub + +``` + +### Troubleshooting + +If seafile.sh and/or seahub.sh fail to run successfully, use `pgrep` to check if seafile/seahub processes are still running: + + +``` +pgrep -f seafile-controller # checks seafile processes +pgrep -f "seahub" # checks seahub process + +``` + +Use `pkill` to kill the processes: + + +``` +pkill -f seafile-controller +pkill -f "seahub" ``` @@ -300,8 +372,8 @@ Then restart Seafile service: ### Stopping ``` -./seahub.sh stop # stop Seahub website -./seafile.sh stop # stop Seafile processes +./seahub.sh stop # stops seahub +./seafile.sh stop # stops seaf-server ``` @@ -313,28 +385,6 @@ Then restart Seafile service: ``` -### When the Scripts Fail - -Most of the time, seafile.sh and seahub.sh work fine. But if they fail, you may - -* Use `pgrep` command to check if seafile/seahub processes are still running - - -``` -pgrep -f seafile-controller # check seafile processes -pgrep -f "seahub" # check seahub process - -``` - -* Use `pkill` to kill the processes - - -``` -pkill -f seafile-controller -pkill -f "seahub" - -``` - ## Performance turning If you have more than 50 users, we highly recommand you to [add memcached](../deploy/add_memcached.md). This is going to greatly speed up Seahub (the web frontend). @@ -379,4 +429,3 @@ That's it! Now you may want read more about Seafile. * [Configure Seafile to use LDAP](using_ldap.md) * [How to manage the server](../maintain/README.md) - diff --git a/manual/deploy_pro/download_and_setup_seafile_professional_server.md b/manual/deploy_pro/download_and_setup_seafile_professional_server.md index 41bbb92d..016511df 100644 --- a/manual/deploy_pro/download_and_setup_seafile_professional_server.md +++ b/manual/deploy_pro/download_and_setup_seafile_professional_server.md @@ -12,7 +12,7 @@ Seafile PE can be used without a paid license with up to three users. Licenses f These instructions assume that MySQL/MariaDB server and client are installed and a MySQL/MariaDB root user can authenticate using the mysql_native_password plugin. (For more information, see [Download and Setup Seafile Server With MySQL](../deploy/using_mysql.md).) -Seafile prior to and including Seafile 7.0 use Python 2. More recent versions use on Python 3. +Seafile prior to and including Seafile 7.0 use Python 2. More recent versions rely on Python 3. ### Installing prerequisites @@ -105,10 +105,10 @@ sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 ``` # CentOS 8 -sudo yum install python3 python3-setuptools python3-pip mysql-devel gcc -y +sudo yum install python3 python3-setuptools python3-pip python3-devel mysql-devel gcc -y sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \ - django-pylibmc django-simple-captcha python3-ldap + django-pylibmc django-simple-captcha python3-ldap mysqlclient ``` @@ -163,7 +163,7 @@ sudo yum install poppler-utils -y -### Creating programm directory for Seafile PE +### Creating the programm directory The standard directory for Seafile's program files is `/opt/seafile`. Create this directory and change into it: @@ -173,7 +173,7 @@ cd /opt/seafile ``` -The program directory can be changed. The standard directory `/opt/seafile` is assumed for the remainder of these instructions. If you decide to put Seafile in another directory, some commmands need to be modified accordingly. +The program directory can be changed. The standard directory `/opt/seafile` is assumed for the remainder of these instructions. If you decide to put Seafile in another directory, some commands need to be modified accordingly. @@ -209,7 +209,7 @@ Save the license file in Seafile's programm directory `/opt/seafile`. Make sure -### Downloading the Seafile PE install package +### Downloading the install package The install packages for Seafile PE are available for download in the the [Seafile Customer Center](https://customer.seafile.com). To access the Customer Center, a user account is necessary. The registration is free. @@ -230,12 +230,12 @@ wget -O 'seafile-pro-server_x.x.x_x86-64_Ubuntu.tar.gz' 'VERSION_SPECIFIC_LINK_F wget -O 'seafile-pro-server_x.x.x_x86-64_CentOS.tar.gz' 'VERSION_SPECIFIC_LINK_FROM_SEAFILE_CUSTOMER_CENTER' ``` +We use Seafile version 8.0.4 as an example in the remainder of these instructions. +### Uncompressing the package -### Uncompressing Seafile PE - -The install package is downloaded as a compressed tarball which need to be uncompressed. +The install package is downloaded as a compressed tarball which needs to be uncompressed. Uncompress the package using tar: @@ -397,23 +397,29 @@ After the successful completition of the setup script, the directory layout of S ### Tweaking conf files -Two configuration files must be manually modified: ccnet.conf and gunicorn.conf.py +Unless you proceed immediately with the installation of a reverse proxy, you need to modify two configuration files: ccnet.conf and gunicorn.conf.py In ccnet.conf, add the port 8000 to the `SERVICE_URL` (i.e., SERVICE_URL = http://1.2.3.4:8000/) In gunicorn.conf.py, change the bind to "0.0.0.0:8000" (i.e., bind = "0.0.0.0:8000") -Restart seahub for the config changes to take effect: + + +## Starting Seafile Server + +Run the following commands in `/opt/seafile-server-latest`: ``` -#/opt/seafile/seafile-server-latest/seahub.sh restart +./seafile.sh start # Start Seafile service +./seahub.sh start # Start seahub website, port defaults to 127.0.0.1:8000 + ``` - Now you can access Seafile via the web interface at http://1.2.3.4:8000 with 1.2.3.4 being the IP address of your host. +The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password. +Now you can access Seafile via the web interface at the host address and port 8000 (e.g., http://1.2.3.4:8000) - -### Enabling access per HTTPS +## Enabling access per HTTPS It is strongly recommended to switch from unencrypted HTTP (via port 8000) to encrypted HTTPS (via port 443).