How to Install Seafile with Nginx on Ubuntu 20.04 LTS

Seafile is an open source file-hosting and cloud storage system with advanced functions like syncing from multiple platforms (cross-platform system), privacy protection with built-in file encryption, and support for Two-Factor Authentication (TFA), version control, file locking, online editing, and many more. Seafile is written in C and Python programming language and provides similar features like Dropbox, mega.co.nz, and others.

In this tutorial, I will show you step-by-step how to install and configure a Seafile server with Nginx web server and the MariaDB database. We will install the seafile server under the Nginx web server with HTTPS SSL Letsencrypt enabled, using the latest MariaDB on the Ubuntu 20.04 system.

Prerequisites

  • Ubuntu 20.04
  • Root privileges

What we will do?

  • Install Seafile Python Dependencies
  • Install and Configure MariaDB
  • Download Seafile Server for Linux Server
  • Install Seafile Server with MariaDB
  • Configure Seafile with Domain Name
  • Running Seafile as a Systemd Service
  • Generate SSL Letsencrypt and DHPARAM
  • Install and Configure Nginx as a Reverse-Proxy
  • Setup Firewall
  • Testing

Step 1 - Install Seafile Python Dependencies

The first step we must take before installing seafile server on the system is to install its dependencies. Seafile is a python based application, and it requires python 3.x to run on the server.

Before installing any packages, we need to update the Ubuntu repository.

sudo apt update

Now install python 3.x with all dependencies needed for seafile server installation using apt commands below.

sudo apt install python3 libpython3.8 python3-setuptools python3-pil python3-ldap python3-urllib3 ffmpeg python3-pip python3-mysqldb python3-memcache python3-requests libmemcached-dev

After that, install additional python packages from the PyPI repository using the pip command below.

pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy psd-tools django-pylibmc django-simple-captcha python3-ldap

As a result, all packages dependencies for Seafile has been installed.

Step 2 - Install and Configure MariaDB

Seafile offers support for SQLite and the MariaDB database server. For this guide, we will be using the MariaDB database server for our installation. We will deploy the seafile server using the latest MariaDB version.

Install MariaDB server using the apt command below.

sudo apt install mariadb-server -y

After the installation is complete, start the MariaDB service and enable it to launch everytime at system boot.

systemctl start mariadb
systemctl enable mariadb

The MariaDB server is installed on the Ubuntu system, check it using the following command.

systemctl status mariadb

The MariaDB service is up and running.

Install MariaDB Database Server

Next, we need to configure MariaDB root password using the 'mysql_secure_installation' command.

mysql_secure_installation

Now you will be asked about the MariaDBconfigiration, and type your strong root password for MariaDB.

Enter current password for root (enter for none): Press Enter
Set root password? [Y/n] Y
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y  
Reload privilege tables now? [Y/n] Y

Next, we will create a new database for the Seafile server. We will create 3 databases for each seafile component and create a new database user. We will create a new user named 'seafile' and it will have all privileges to all 3 databases 'ccnet-db', 'seafile-db', and 'seahub-db'.

Log in to the MySQL shell using the command below.

mysql -u root -p

Now create new databases 'ccnet-db', 'seafile-db', 'seahub-db', and create new user 'seafile'. Then grant all 3 database privileges to the 'seafile' user.

Run MySQL queries below.

create database `ccnet-db` character set = 'utf8';
create database `seafile-db` character set = 'utf8';
create database `seahub-db` character set = 'utf8';

create user 'seafile'@'localhost' identified by '[email protected]';

GRANT ALL PRIVILEGES ON `ccnet-db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seafile-db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seahub-db`.* to `seafile`@localhost;

Create a new database and user for Seafile

The MariaDB server has been installed, the root password has been set up, and the database for seafile installation has been created.

Step 3 - Download Seafile Server for Linux Server

In this tutorial, the seafile server will run as a service on the systemd system, and it will run under a non-root user.

Create a new user named 'ryujin'.

useradd -m -s /bin/bash ryujin

Now log in the 'ryujin' user and download the seafile server latest version using wget.

su - ryujin
wget -q https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_7.1.3_x86-64.tar.gz

Extract the 'seafile-server.tar.gz' file and rename the master directory to the 'seafile-server'.

tar -xf seafile-server_7.1.3_x86-64.tar.gz
mv seafile-server-*/ seafile-server/

The seafile server source code has been downloaded to the '/home/ryujin/seafile-server' directory.

Download Seafile 7.1

Step 4 - Install Seafile Server with MariaDB

In this step, we will install the seafile server using the MariaDB setup script provided by Seafile.

Log in as the 'ryujin' user and go to the 'seafile-server' directory.

su - ryujin
cd seafile-server/

Now run the 'setup-seafile-mysql.sh' script.

./setup-seafile-mysql.sh

The installation script will perform the python module checking. Make sure all dependencies are installed and then press Enter.

Now you will be in for Seafile configuration.

  • server name: input your seafile server name such as 'hakase-cloud'.
  • server domain name: type the domain name for your seafile server 'cloud.hakase-labs.io'.
  • seafile data directory: leave the configuration default and press enter.
  • seafile fileserver port: leave it on the default port '8082'.

Seafile Installation Configuration

Now for the database configuration. You will be asked for 2 options: let the script create the database for you, or use an existing database.

Choose option '2' to use existing database settings.

  • database host: default localhost
  • database port: default on mysql normal port '3306'
  • database user is 'seafile' with password '[email protected]'
  • ccnet database: 'ccnet-db'
  • seafile database: 'seafile-db'
  • seahub database: 'seahub-db'

Database Configuration for Seafile

Now press enter again to confirm our seafile server configuration.

Seafile configuration summary

And when installation is complete, you will get the result as shown below.

Installing Seafile on Ubuntu 20.04

The seafile server installation and configuration has been completed successfully. And the seafile fileserver will run under port '8082', the seahub service will be running under port '8000'.

Next, we will test to run the seafile server and seahub server using the start script.

As a 'ryujin' user, go to the '~/seafile-server-latest' directory.

su - ryujin
cd ~/seafile-server-latest/

Now start the seafile server by running the command below.

./seafile.sh start

Then run the seahub server.

./seahub.sh start

The first time you run the 'seahub.sh' start script, you will be asked for creating an admin user and password for seafile server.

Type your admin email and password, then press Enter.

Seafile Create Admin user

And the admin user and password have been created - now check the seafile and seahub service ports '8082' and '8080' using the netstat command.

ss -plnt4

And you will see the seafile server and seahub server is up and running on Ubuntu 20.04 system.

Now stop seafile and seahub server.

./seafile.sh stop
./seahub.sh stop

Stop Seafile and Seahub Service

Step 5 - Configure Seafile with Domain Name

For this tutorial, we will run the Seafile with our domain name 'seafile.hakase-labs.io'. To do that, we need to edit some of the Seafile configurations.

Log in to the user 'ryujin' and go to the 'conf' directory.

su - ryujin
cd conf/

Edit the configuration 'ccnet.conf' using vim editor.

vim ccnet.conf

on the 'SERVICE_URL' option, change the value with the domain name, and make sure to change the default HTTP protocol with HTTPS secure protocol as below.

SERVICE_URL = https://seafile.hakase-labs.io

Save and close.

Next, edit the configuration 'seafile.conf'.

vim seafile.conf

On the '[fileserver]' section, specify the 'host' IP address for the seafile service. The seafile service will be running on the local address as below.

[fileserver]
host = 127.0.0.1
port = 8082

Save and close.

Next, edit the 'seahub_settings.py' using vim editor.

vim seahub_settings.py

Add the 'FILE_SERVER_ROOT' option as below to the bottom of the line.

FILE_SERVER_ROOT = 'https://seafile.hakase-labs.io/seafhttp'

Save and close.

Configure Seafile Domain Name

And the Seafile configuration has been completed, it will be running under the domain name 'seafile.hakase-labs.io'.

Step 6 - Running Seafile as a Systemd Service

After configuring Seafile with the domain name, we will set up the seafile and seahub as a systemd service.

Go to the '/etc/systemd/system' directory and create a new service file for seafile named 'seafile.service'.

cd /etc/systemd/system/
vim seafile.service

Paste the following configuration into it.

[Unit]
Description=Seafile
After=network.target mysql.service nginx.service

[Service]
Type=forking
ExecStart=/home/ryujin/seafile-server-latest/seafile.sh start
ExecStop=/home/ryujin/seafile-server-latest/seafile.sh stop
User=ryujin
Group=ryujin

[Install]
WantedBy=multi-user.target

Save and close.

Next, create the seahub service file named 'seahub.service'.

vim seahub.service

Paste the following configuration into it.

[Unit]
Description=Seafile hub
After=network.target seafile.service

[Service]
Type=forking
ExecStart=/home/ryujin/seafile-server-latest/seahub.sh start
ExecStop=/home/ryujin/seafile-server-latest/seahub.sh stop
User=ryujin
Group=ryujin

[Install]
WantedBy=multi-user.target

Save and close.

And the seafile and seahub service files have been created.

Next, reload the systemd manager and make sure there is no error.

systemctl daemon-reload

Now start the seafile service and add it to the system boot.

systemctl start seafile
systemctl enable seafile

After that, start and enable the seahub service.

systemctl start seahub
systemctl enable seahub

Configure Seafile and Seahub as a Systemd Service

The seafile and seahub service are up and running, check it using the following command.

systemctl status seafile seahub

Below is the result you will get.

Configure Seafile and Seahub as a Systemd Service

As a result, the configuration of Seafile and Seahub as a systemd service has been completed.

Step 7 - Generate SSL Letsencrypt and DHPARAM

In this step, we will generate the SSL Letsencrypt and DHPARAM certificate. We will use the certbot tool for generating the SSL Letsencrypt and using the openssl command to generate the dhparam certificate.

To generate the SSL Letsencrypt, make sure that you have got the real domain name and pointed to your server IP address.

Install the certbot tool to the Ubuntu system using the apt command below.

sudo apt install certbot

After that, generate the SSL Letsencrypt for the seafile domain-name 'seafile.hakase-labs.io' using the certbot command as below.

certbot certonly --agree-tos --no-eff-email --email [email protected] -d seafile.hakase-labs.io

Once all process is completed, your certificate will be available at the '/etc/letsencrypt/live/seafile.hakase-labs.io' directory.

Next, generate the DHPARAM certificate using the openssl command as below.

openssl dhparam -out /etc/nginx/dhparam.pem 2048

The DHAPRAM certificate will be generated and available on the '/etc/nginx/dhparam.pem'.

As a result, the SSL Letsencrypt for the Seafile domain-name and the DHPARAM certificate has been generated.

Step 8 - Install and Configure Nginx as a Reverse-Proxy

In this step, we will install and configure Nginx as a reverse proxy for the Seafile service. The Nginx webserver will run under the secure HTTPS protocol with the SSL Letsencrypt and DHPARAM certificate generated on top.

Install Nginx to the Ubuntu 20.04 server using the apt command below.

sudo apt install nginx -y

Once all installation is completed, start the Nginx service and add it to the system boot.

systemctl start nginx
systemctl enable nginx

And the Nginx service is up and running on the Ubuntu system.

Next, go to the '/etc/nginx/sites-available' directory and create a new virtualhost configuration 'seafile' using vim editor.

cd /etc/nginx/sites-available/
vim seafile

Paste the following configuration into it.

server {
        listen       80;
        server_name  seafile.hakase-labs.io;
        rewrite ^ https://$http_host$request_uri? permanent;
        server_tokens off;
    }
    server {
        listen 443 ssl http2;
        server_name seafile.hakase-labs.io;
        
        ssl_certificate /etc/letsencrypt/live/seafile.hakase-labs.io/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/seafile.hakase-labs.io/privkey.pem;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:5m;

        ssl_dhparam /etc/nginx/dhparam.pem;

        #SSL Security
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
        ssl_ecdh_curve secp384r1;
        ssl_prefer_server_ciphers on;
        server_tokens off;
        ssl_session_tickets off;

        proxy_set_header X-Forwarded-For $remote_addr;

        location / {
            proxy_pass         http://127.0.0.1:8000;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
            proxy_read_timeout  1200s;

            # used for view/edit office file via Office Online Server
            client_max_body_size 0;

            access_log      /var/log/nginx/seahub.access.log;
            error_log       /var/log/nginx/seahub.error.log;
        }

        location /seafdav {
            proxy_pass         http://127.0.0.1:8080/seafdav;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
            proxy_set_header   X-Forwarded-Proto $scheme;
            proxy_read_timeout  1200s;
            client_max_body_size 0;

            access_log      /var/log/nginx/seafdav.access.log;
            error_log       /var/log/nginx/seafdav.error.log;
        }

        location /seafhttp {
            rewrite ^/seafhttp(.*)$ $1 break;
            proxy_pass http://127.0.0.1:8082;
            client_max_body_size 0;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout  36000s;
            proxy_read_timeout  36000s;
            proxy_send_timeout  36000s;
            send_timeout  36000s;
        }
        location /media {
            root /home/ryujin/seafile-server-latest/seahub;
        }
    }

Save and close.

Next, activate the virtualhost configuration for seafile and test the Nginx configuration.

ln -s /etc/nginx/sites-available/seafile /etc/nginx/sites-enabled/
nginx -t

Make sure there is no error, then restart the Nginx service.

systemctl restart nginx

As a result, the Nginx installation and configuration as a reverse proxy for Seafile has been completed successfully.

Install and Configure Nginx as a Reverse proxy for Seafile

Step 9 - Setup Firewall

For this tutorial, we will run the Seafile with the UFW firewall enabled. And we need to add the SSH, HTTP, and HTTPS services to the UFW firewall configuration.

Add the SSH, HTTP, and HTTPS services to the UFW firewall using the following command.

for svc in ssh http https
do
ufw allow $svc
done

Now activate the UFW firewall and check the status of the configuration.

ufw enable
ufw status numbered

And you will get the result as below.

UFW Allow SSH HTTP and HTTPS

The UFW firewall is enabled, and the SSH, HTTP, and HTTPS service have been added.

Now we're ready to use the Seafile.

Step 10 - Testing

Open your web browser and type the Seafile installation domain name on the address bar.

https://seafile.hakase-labs.io/

Now you will be redirected to the secure HTTPS connection and will get the Seafile login page as below.

Seafile Login Page

Type the seafile user password that you just created on top and click the 'Log In' button.

Now you will get the Seafile dashboard as below.

Seafile Dashboard

Below is the result after creating a new folder and upload the file into the Seafile server.

Seafile Successful Upload File

As a result, the installation and configuration of Seafile with Nginx web server and MariaDB database on Ubuntu 20.04 has been completed successfully.

Reference

Share this page:

Suggested articles

1 Comment(s)

Add comment

Comments

By: Sean at: 2020-10-07 14:27:55

Thank you!!!!