How to Install Seafile with Nginx on Ubuntu 18.04 LTS

Seafile is an open source file-hosting and cloud storage system with advanced functions like syncing from multiple platforms (cross-platform system), privacy protection with built-in file encryption, and support for Two-Factor Authentication (TFA), version control, file locking, online editing, and many more. Seafile is written in C and Python programming language and provides similar features like Dropbox, mega.co.nz, and others.

In this tutorial, I will show you step-by-step how to install and configure a Seafile server with Nginx web server and the MySQL database. We will install the seafile server under the Nginx web server with HTTPS SSL Letsencrypt enabled, using the latest MySQL 5.8 on the Ubuntu 18.04 system.

Prerequisites

  • Ubuntu 18.04
  • Root privileges

What we will do?

  1. Install Seafile Python Dependencies
  2. Install and Configure MySQL
  3. Download Seafile Server for Linux System
  4. Install Seafile Server
  5. Install Nginx and Letsencrypt
  6. Configure Nginx as a Reverse-Proxy for Seafile Server
  7. Configure Seafile Server
  8. Running Seafile Server as a Service
  9. Configure UFW Firewall
  10. Testing

Step 1 - Install Seafile Python Dependencies

The first step we must take before installing seafile server on the system is to install its dependencies. Seafile is a python based application, and it requires python 2.7 to run on the server.

Before installing any packages, we need to update the Ubuntu repository.

sudo apt update

Now install python 2.7 with all dependencies needed for seafile server installation using apt commands below.

sudo apt install python -y
sudo apt install python2.7 libpython2.7 python-setuptools python-pil python-ldap python-urllib3 ffmpeg python-pip python-mysqldb python-memcache python-requests -y

Wait for all dependencies to be installed.

Step 2 - Install and Configure MySQL

Seafile offers support for SQLite and the MySQL database server. For this guide, we will be using the MySQL database server for our installation. We will deploy the seafile server using the latest MySQL version 5.8.

Install MySQL server using the apt command below.

sudo apt install mysql-server mysql-client -y

After the installation is complete, start the MySQL service and enable it to launch everytime at system boot.

systemctl start mysql
systemctl enable mysql

The MySQL server is installed on the Ubuntu system.

Now we need to configure MySQL root password using the 'mysql_secure_installation' command.

mysql_secure_installation

Now you will be asked about the MySQL password policy, 0 for LOW, 1 for MEDIUM, and 2 for STRONG. Type number '1' for MEDIUM password policy, press enter and then type your secure password.

Install MySQL

For others, just type 'Y' as shown below.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y

The MySQL root password setup has been completed.

Next, we will create a new database for the Seafile server. We will create 3 databases for each seafile components and create a new database user. We will create a new user named 'seafile' and it will have all privileges to all 3 databases 'ccnet-db', 'seafile-db', and 'seahub-db'.

Log in to the MySQL shell using the MySQL client command.

mysql -u root -p

Now create new databases 'ccnet-db', 'seafile-db', 'seahub-db', and create new user 'seafile'. Then grant all 3 database privileges to the 'seafile' user.

Run MySQL queries below.

create database `ccnet-db` character set = 'utf8';
create database `seafile-db` character set = 'utf8';
create database `seahub-db` character set = 'utf8';

create user 'seafile'@'localhost' identified by '[email protected]';

GRANT ALL PRIVILEGES ON `ccnet-db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seafile-db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seahub-db`.* to `seafile`@localhost;

Create database for Seafile

The MySQL server has been installed, the root password has been set up, and the database for seafile installation has been created.

Step 3 - Download Seafile Server for Linux System

In this tutorial, the seafile server will run as a service on the systemd system, and it will run under a non-root user.

Create a new user named 'mohammad'.

useradd -m -s /bin/bash mohammad

Now log in the 'mohammad' user and download the seafile server latest version using wget.

su - mohammad
wget https://download.seadrive.org/seafile-server_6.2.5_x86-64.tar.gz

Extract the 'seafile-server.tar.gz' file and rename the master directory to the 'seafile-server'.

tar -xf seafile-server_6.2.5_x86-64.tar.gz
mv seafile-server-6.2.5/ seafile-server/

The seafile server source code has been downloaded to the '/home/mohammad/seafile-server' directory.

Download Seafile sources

Step 4 - Install Seafile Server with MySQL

In this step, we will install the seafile server using the MySQL setup script provided by Seafile.

Log in as the 'mohammad' user and go to the 'seafile-server' directory.

su - mohammad
cd seafile-server/

Now run the 'setup-seafile-mysql.sh' script.

./setup-seafile-mysql.sh

The installation script will perform the python module checking. Make sure all dependencies are installed and then press Enter.

Now you will be in for Seafile configuration.

  • server name: input your seafile server name such as 'hakase-cloud'.
  • server domain name: type the domain name for your seafile server 'cloud.hakase-labs.io'.
  • seafile data directory: leave the configuration default and press enter.
  • seafile fileserver port: leave it on the default port '8082'.

Install seafile server

Now for the database configuration. You will be asked for 2 options: let the script create the database for you, or use an existing database.

Choose option '2' to use existing database settings.

  • database host: default localhost
  • database port: default on mysql normal port '3306'
  • database user is 'seafile' with password '[email protected]'
  • ccnet database: 'ccnet-db'
  • seafile database: 'seafile-db'
  • seahub database: 'seahub-db'

Use existing database for seafile

Now press enter again to confirm our seafile server configuration.

Confirm seafile server configuration

And when installation is complete, you will get the result as shown below.

Seafile server installation complete

The seafile server installation and configuration has been completed successfully. And the seafile fileserver will run under port '8082', the seahub service will be running under port '8000'.

Next, we will test to run the seafile server and seahub server using the start script.

As a 'mohammad' user, go to the '~/seafile-server-latest' directory.

su - mohammad
cd ~/seafile-server-latest/

Now start the seafile server by running the command below.

./seafile.sh start

Then run the seahub server.

./seahub.sh start

The first time you run the 'seahub.sh' start script, you will be asked for creating an admin user and password for seafile server.

Type your admin email and password, then press Enter.

Start seafile

And the admin user and password has been created - now check the seafile and seahub service ports '8082' and '8080' using the netstat command.

netstat -plntu

And you will see the seafile server and seahub server is up and running on Ubuntu 18.04 system.

Check ports

Now stop seafile and seahub server.

./seafile.sh stop
./seahub.sh stop

Stop seafile and seahub

Step 5 - Install and Configure Nginx with Letsencrypt

For this guide, the seafile server will be running under the Nginx web server with HTTPS enabled. And in this step, we will install the Nginx web server and the Letsencrypt tool, then generate the SSL letsencrypt and DHPARAM key for the seafile server domain name.

Install Nginx web server using the apt command below.

sudo apt install nginx -y

After the installation is complete, start the Nginx service and enable it to launch everytime at system boot.

systemctl start nginx
systemctl enable nginx

Now install the letsencrypt tool for generating SSL letsencrypt certificates.

sudo apt install letsencrypt -y

The Nginx web server and letsencrypt tool have been installed.

Next, go to the '/etc/nginx' directory and create a new configuration file 'certbot.conf' for letsencrypt.

cd /etc/nginx/
vim snippets/certbot.conf

Paste the following configuration there.

location /.well-known {
    alias /var/www/html/.well-known;
}

Save and exit.

Edit the default virtual host file.

vim sites-available/default

Add the following include line below to the 'server {...}' bracket.

include snippets/certbot.conf;

Save and exit.

Test nginx configuration and restart the web server.

nginx -t
systemctl restart nginx

Configure nginx web server

And we're ready to generate new letsencrypt SSL certificate for the seafile server domain name.

Generate the SSL certificate files using the 'certbot' command as shown below.

certbot certonly --rsa-key-size 4096 --webroot --agree-tos --no-eff-email --email [email protected] -w /var/www/html -d cloud.hakase-labs.io

Note:

  • we will generate new SSL certificate and specify the key-size to '4096'.

Now you will get all SSL certificate files located at the '/etc/letsencrypt/live' directory.

Create SSL certificate with Let's encrypt

And for the additional security, we will generate the Diffie-Hellman key with size 4096 using the OpenSSL command.

openssl dhparam -out /etc/nginx/dhparam.pem 4096

All certificates needed have been generated.

Step 6 - Configure Nginx as a Reverse-Proxy for Seafile Server

Go to the '/etc/nginx' configuration directory and create new virtual host file 'seafile' using vim.

cd /etc/nginx/
vim sites-available/seafile

Paste the following configuration there.

 server {
        listen       80;
        server_name  cloud.hakase-labs.io;
        rewrite ^ https://$http_host$request_uri? permanent;
        server_tokens off;
    }
    server {
        listen 443 ssl http2;
        server_name cloud.hakase-labs.io;
        
        ssl on;
        ssl_certificate /etc/letsencrypt/live/cloud.hakase-labs.io/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/cloud.hakase-labs.io/privkey.pem;
        ssl_session_timeout 5m;
        ssl_session_cache shared:SSL:5m;

        ssl_dhparam /etc/nginx/dhparam.pem;

        #SSL Security
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
        ssl_ecdh_curve secp384r1;
        ssl_prefer_server_ciphers on;
        server_tokens off;
        ssl_session_tickets off;

        proxy_set_header X-Forwarded-For $remote_addr;

        location / {
            proxy_pass         http://127.0.0.1:8000;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
            proxy_read_timeout  1200s;

            # used for view/edit office file via Office Online Server
            client_max_body_size 0;

            access_log      /var/log/nginx/seahub.access.log;
            error_log       /var/log/nginx/seahub.error.log;
        }

        location /seafhttp {
            rewrite ^/seafhttp(.*)$ $1 break;
            proxy_pass http://127.0.0.1:8082;
            client_max_body_size 0;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout  36000s;
            proxy_read_timeout  36000s;
            proxy_send_timeout  36000s;
            send_timeout  36000s;
        }
        location /media {
            root /home/mohammad/seafile-server-latest/seahub;
        }
    }

Save and exit.

Enable the seafile virtual host and test the configuration.

ln -s /etc/nginx/sites-available/seafile /etc/nginx/sites-enabled/
nginx -t

make sure there is no error and restart the nginx service.

systemctl restart nginx

Nginx configuration as a reverse-proxy for seafile server has been completed.

Nginx as reverse proxy for seafile

Step 7 - Configure Seafile Server

To run the seafile server under the Nginx web server domain name, we need to edit the default 'seafile' configuration for the 'ccnet service', 'seafile server' and 'seahub server'.

Log in as the 'mohammad' user and go to the 'conf/' directory.

su - mohammad
cd conf/

Edit the ccnet service configuration file 'ccnet.conf'.

vim ccnet.conf

On the 'SERVICE_URL' line, change the value to the domain name with HTTPS as below.

SERVICE_URL = https://cloud.hakase-labs.io

Save and exit.

Now edit the 'seafile.conf' file for seafile server configuration.

vim seafile.conf

Add the 'host' line with the value to '127.0.0.1' localhost as below.

[fileserver]
host = 127.0.0.1
port = 8082

Save and exit.

And finally, we will edit the 'seahub_settings.py' file.

vim seahub_settings.py

On the 'FILE_SERVER_ROOT' line, change the value to the domain name with HTTPS.

FILE_SERVER_ROOT = 'https://cloud.hakase-labs.io/seafhttp'

Save and exit.

Configure Seafile server

Step 8 - Running Seafile Server as a Service

In this tutorial, we will run the seafile server as a service on the Ubuntu 18.04 system. We will create new service script for seafile and seahub.

Go to the '/etc/systemd/system' directory and create new service file 'seafile.service'.

cd /etc/systemd/system/
vim seafile.service

Paste the following seafile service script there.

[Unit]
Description=Seafile
After=network.target mysql.service

[Service]
Type=forking
ExecStart=/home/mohammad/seafile-server-latest/seafile.sh start
ExecStop=/home/mohammad/seafile-server-latest/seafile.sh stop
User=mohammad
Group=mohammad

[Install]
WantedBy=multi-user.target

Save and exit.

Now create the seahub service file 'seahub.service'.

vim seahub.service

Paste the following seahub service script there.

[Unit]
Description=Seafile hub
After=network.target seafile.service

[Service]
Type=forking
ExecStart=/home/mohammad/seafile-server-latest/seahub.sh start
ExecStop=/home/mohammad/seafile-server-latest/seahub.sh stop
User=mohammad
Group=mohammad

[Install]
WantedBy=multi-user.target

Save and exit.

Note:

  • Change the path of seafile.sh and seahub.sh scripts.

Now reload the systemd system.

systemctl daemon-reload

And start the seafile and seahub service.

systemctl start seafile
systemctl start seahub

Enable these services to launch every time at system boot.

systemctl enable seafile
systemctl enable seahub

Configure Seafile systemd unit

The seafile and seahub services are up and running - check it using commands below.

systemctl status seafile
systemctl status seahub

netstat -plntu

Seafile started by systemd

Step 8 - Configure UFW Firewall

It's recommended always to turn on the firewall on any system. For ubuntu system, we will turn on the UFW firewall and add the SSH, HTTP and HTTPS ports on it.

Add the 'ssh' port and enable the UFW firewall.

ufw allow ssh
ufw enable

type 'y' to turn on the firewall.

Now add HTTP and HTTPS services.

ufw allow http
ufw allow https

Check the list rules on the firewall.

ufw status numbered

And you will get three services SSH, HTTP, and HTTPS on the list.

Configure UFW Firewall

Step 9 - Testing

Open your web browser and type the seafile server URL installation. Mine is:

http://cloud.hakase-labs.io/

And you will be redirected to the secure HTTPS connection login page.

Seafile Login

Type the admin email '[email protected]' and the password 'mypassword', then click the 'Log in' button.

Now you will get the seafile dashboard as below.

Seafile Dashboard

Additional - uploaded an image and view on the seafile dashboard.

Upload file with Seafile

The seafile server installation and configuration with Nginx web server and Letsencrypt on Ubuntu 18.04 has been completed successfully.

Reference

Share this page:

Suggested articles

5 Comment(s)

Add comment

Comments

By: Federico at: 2018-09-14 01:59:39

La instalacion salio todo perfecto, carga el ambiente de trabajo.

Pero siempre que trato de subir un archivo sale error.

Puedo crear uno nuevo y eliminarlo. Pero no subirlo.

Alguna idea

By: Federico at: 2018-09-14 02:04:26

Solucionado!!!

By: Fatih K. at: 2018-09-15 17:32:02

Great tutorial worked great, but why not use the new option for Wildcard SSL, so you don't have to add new sub to the process?

Also you did not stated out if the certbot is renewing the SSL Certificate. I think with the option certbot-auto you are safer.

By: Nate at: 2018-10-04 21:21:25

I followed this great tutorial but now i have received an email stating i needed to renew my letsencrypt CA file... i have tried many different things i have found online but none will update it as i always get a failure here;

 Failed authorization procedure. my.domain.com (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://my.domain.com/.well-known/acme-challenge/-DEFs9WMZNt-QkTudBwYwEcq_xtWkM4LvQD8MQgk9lU: "<html>\r\n<head><title>404 Not Found</title></head>\r\n<body bgcolor=\"white\">\r\n<center><h1>404 Not Found</h1></center>\r\n<hr><center>". Skipping.

All renewal attempts failed. The following certs could not be renewed:

  /etc/letsencrypt/live/my.domain.com/fullchain.pem (failure)

By: geinjei at: 2018-10-19 03:11:59

how to save n exit in create a new configuration file 'certbot.conf' for letsencrypt. im newbie