Seafile is an open-source, self-hosted file synchronization and sharing platform. It allows users to store and encrypt data on their servers without relying on third-party cloud providers. Seafile allows you to share files and folders using cross-platform syncing and password-protected links to files with expiration dates. Seafile also versions files which allow a user to restore deleted and modified files or folders.
In this tutorial, you will learn to install Seafile on a Ubuntu 22.04 server, MySQL, and Nginx as a reverse-proxy server.
Prerequisites
-
A server running Ubuntu 22.04 with a minimum of 2 CPU Cores and 2GB of RAM.
-
A non-root user with sudo privileges.
-
A fully qualified domain name (FQDN) like
seafile.example.com. -
Make sure everything is updated.
$ sudo apt update $ sudo apt upgrade -
Few packages that your system needs.
$ sudo apt install wget curl nano software-properties-common dirmngr apt-transport-https gnupg2 ca-certificates lsb-release ubuntu-keyring unzip -ySome of these packages may already be installed on your system.
Step 1 - Configure Firewall
The first step is to configure the firewall. Ubuntu comes with ufw (Uncomplicated Firewall) by default.
Check if the firewall is running.
$ sudo ufw status
You should get the following output.
Status: inactive
Allow SSH port so the firewall doesn't break the current connection on enabling it.
$ sudo ufw allow OpenSSH
Allow HTTP and HTTPS ports as well.
$ sudo ufw allow http
$ sudo ufw allow https
Enable the Firewall
$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
Check the status of the firewall again.
$ sudo ufw status
You should see a similar output.
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
80/tcp ALLOW Anywhere
443 ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
Step 2 - Installing Seafile Dependencies
Since Seafile is written in the Python Django framework, you need to install its dependencies and Python packages to make it work.
Run the following command to install Python tools, Pip package manager, SQL libraries, and Memcached.
$ sudo apt install -y python3 python3-setuptools python3-pip libmysqlclient-dev memcached libmemcached-dev
Run the following command to install Python dependencies.
$ sudo pip3 install --timeout=3600 django==3.2.* future==0.18.* mysqlclient==2.1.* \
pymysql pillow==9.3.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==1.4.3 \
psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml
Step 3 - Install MySQL
Ubuntu 22.04 ships with the latest version of MySQL. You can install it with a single command.
$ sudo apt install -y mysql-server
Check the version of MySQL.
$ mysql --version
mysql Ver 8.0.32-0ubuntu0.22.04.2 for Linux on x86_64 ((Ubuntu))
This step is necessary for MySQL versions 8.0.28 and above. Enter the MySQL Shell.
$ sudo mysql
Run the following command to set the password for your root user. Make sure it has a mix of numbers, uppercase, lowercase, and special characters.
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'YourPassword12!';
Exit the shell.
mysql> exit
Run the MySQL secure install script.
$ sudo mysql_secure_installation
First, you will be asked for your root password. Enter it. Next, you will be asked to install the Validate Password Component. It checks the strength of passwords used in MySQL. Press Y to install it. Next, you will be asked to set the level of the password validation policy. Choose 2 as it is the strongest one.
Securing the MySQL server deployment.
Enter password for user root:
VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?
Press y|Y for Yes, any other key for No: Y
There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2
Using existing password for root.
Estimated strength of the password: 100
Next, enter N to refuse to change your root password. Also, enter Y to remove anonymous users, disallow remote root logins, remove the test database, and reload the privilege tables.
Change the password for root ? ((Press y|Y for Yes, any other key for No) : N
... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.
Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Success.
Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.
Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Success.
By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.
Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
- Dropping test database...
Success.
- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
Success.
All done!
Step 4 - Configure MySQL
Log in to the MySQL shell. Enter your root password when prompted.
$ sudo mysql -u root -p
Create the following three databases.
mysql> CREATE DATABASE ccnet_db CHARACTER SET utf8;
mysql> CREATE DATABASE seafile_db CHARACTER SET utf8;
mysql> CREATE DATABASE seahub_db CHARACTER SET utf8;
Create an SQL user account for accessing these databases. Seafile only works with the mysql_native_password authentication plugin and since MySQL 8 doesn't use it by default, therefore you need to specify it while creating.
mysql> CREATE USER 'seafile'@'localhost' IDENTIFIED WITH mysql_native_password BY 'Your_password2';
Grant all privileges on the three databases to the user.
mysql> GRANT ALL PRIVILEGES ON `ccnet_db`.* to `seafile`@localhost;
mysql> GRANT ALL PRIVILEGES ON `seafile_db`.* to `seafile`@localhost;
mysql> GRANT ALL PRIVILEGES ON `seahub_db`.* to `seafile`@localhost;
Flush user privileges.
mysql> FLUSH PRIVILEGES;
Exit the shell.
mysql> exit
Step 5 - Create a Seafile directory and user
Create the directory for Seafile's program files.
$ sudo mkdir /opt/seafile
Create the user for Seafile.
$ sudo adduser --home /opt/seafile --shell /bin/bash seafile
Change the ownership of the directory to the new user.
$ sudo chown -R seafile: /opt/seafile
Step 6 - Download and Install Seafile
Log in as the Seafile user. Enter your user password when prompted.
$ su seafile
Visit the Seafile download page and grab the download link for Seafile's latest version. At the time of writing this tutorial, the latest version is 10.0.1.
Download the Seafile server archive.
$ wget https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_10.0.1_x86-64.tar.gz
Extract the archive.
$ tar xf seafile-server_10.0.1_x86-64.tar.gz
Switch to the Seafile directory.
$ cd seafile-server-10.0.1/
Run the Seafile installation script.
$ ./setup-seafile-mysql.sh
The installer script will start. Press the ENTER key to continue.
Checking python on this machine ...
-----------------------------------------------------------------
This script will guide you to setup your seafile server using MySQL.
Make sure you have read seafile server manual at
https://download.seafile.com/published/seafile-manual/home.md
Press ENTER to continue
-----------------------------------------------------------------
Next, configure your Seafile server by providing a name for your server, a domain name (seafile.example.com), and the port. You can leave the port field empty for Seafile to stick to the 8082 as the default port. Once configured, press the ENTER key to continue.
What is the name of the server? It will be displayed on the client.
3 - 15 letters or digits
[ server name ] Howtoforge
What is the ip or domain of the server?
For example: www.mycompany.com, 192.168.1.101
[ This server's ip or domain ] seafile.example.com
Which port do you want to use for the seafile fileserver?
[ default "8082" ]
Next, you will be asked to choose a way to initialize Seafile databases. Since we have already created the database, choose the 2nd option.
-------------------------------------------------------
Please choose a way to initialize seafile databases:
-------------------------------------------------------
[1] Create new ccnet/seafile/seahub databases
[2] Use existing ccnet/seafile/seahub databases
[ 1 or 2 ] 2
Next, you will be asked to enter the database details for Seafile. Leave the host and port fields empty for Seafile to select the default values. Enter the other values as configured in Step 4.
What is the host of mysql server?
[ default "localhost" ]
What is the port of mysql server?
[ default "3306" ]
Which mysql user to use for seafile?
[ mysql user for seafile ] seafile
What is the password for mysql user "seafile"?
[ password for seafile ]
verifying password of user seafile ... done
Enter the existing database name for ccnet:
[ ccnet database ] ccnet_db
verifying user "seafile" access to database ccnet_db ... done
Enter the existing database name for seafile:
[ seafile database ] seafile_db
verifying user "seafile" access to database seafile_db ... done
Enter the existing database name for seahub:
[ seahub database ] seahub_db
verifying user "seafile" access to database seahub_db ... done
Next, you will be shown your Seafile configurations. Press the ENTER key to continue the installation.
---------------------------------
This is your configuration
---------------------------------
server name: Howtoforge
server ip/domain: seafile.example.com
seafile data dir: /opt/seafile/seafile-data
fileserver port: 8082
database: use existing
ccnet database: ccnet_db
seafile database: seafile_db
seahub database: seahub_db
database user: seafile
---------------------------------
Press ENTER to continue, or Ctrl-C to abort
---------------------------------
You will see the following screen if the installation was successful.
Generating ccnet configuration ...
Generating seafile configuration ...
done
Generating seahub configuration ...
----------------------------------------
Now creating ccnet database tables ...
----------------------------------------
----------------------------------------
Now creating seafile database tables ...
----------------------------------------
----------------------------------------
Now creating seahub database tables ...
----------------------------------------
creating seafile-server-latest symbolic link ... done
-----------------------------------------------------------------
Your seafile server configuration has been finished successfully.
-----------------------------------------------------------------
run seafile server: ./seafile.sh { start | stop | restart }
run seahub server: ./seahub.sh { start <port> | stop | restart <port> }
-----------------------------------------------------------------
If you are behind a firewall, remember to allow input/output of these tcp ports:
-----------------------------------------------------------------
port of seafile fileserver: 8082
port of seahub: 8000
When problems occur, Refer to
https://download.seafile.com/published/seafile-manual/home.md
for information.
Step 7 - Start Seafile Server
Switch to the /opt/seafile/seafile-server-latest directory.
$ cd /opt/seafile/seafile-server-latest
Run the following command to start the Seaf-server.
$ ./seafile.sh start
You will get the following output.
Starting seafile server, please wait ...
** Message: 04:42:32.937: seafile-controller.c(621): No seafevents.
Seafile server started
Done.
Run the following command to start Seahub.
$ ./seahub.sh start
The first time Seahub starts, you will be prompted for the administrator account details.
LC_ALL is not set in ENV, set to en_US.UTF-8
Starting seahub at port 8000 ...
----------------------------------------
It's the first time you start the seafile server. Now let's create the admin account
----------------------------------------
What is the email for the admin account?
[ admin email ] navjot@example.com
What is the password for the admin account?
[ admin password ]
Enter the password again:
[ admin password again ]
----------------------------------------
Successfully created seafile admin
----------------------------------------
Seahub is started
Done.
Stop the Seafile and Seahub servers.
$ ./seafile.sh stop
$ ./seahub.sh stop
Step 8 - Configure Seafile
Open the file /opt/seafile/conf/seafile.conf for editing.
$ nano /opt/seafile/conf/seafile.conf
Add the parameter host = 127.0.0.1 under the [fileserver] section.
[fileserver]
host = 127.0.0.1
port = 8082
Save the file by pressing Ctrl + X and entering Y when prompted.
Open the file /opt/seafile/conf/seahub_settings.py for editing.
$ nano /opt/seafile/conf/seahub_settings.py
Modify the value of the SERVICE_URL to reflect HTTPS protocol.
SERVICE_URL = "https://seafile.example.com/"
Add the following line below it.
FILE_SERVER_ROOT = "https://seafile.example.com/seafhttp"
Add the following code at the end of the file.
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '127.0.0.1:11211',
},
}
Save the file by pressing Ctrl + X and entering Y when prompted.
Exit the Seafile user shell.
$ exit
Step 9 - Create Systemd Service
To make sure Seafile starts automatically at boot and can withstand reboots, you need to create Systemd service unit files for it.
Create and open the /etc/systemd/system/seafile.service file for editing.
$ sudo nano /etc/systemd/system/seafile.service
Paste the following code in it.
[Unit]
Description=Seafile
# add mysql.service or postgresql.service depending on your database to the line below
After=network.target mysql.service
[Service]
Type=forking
ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start
ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop
LimitNOFILE=infinity
User=seafile
Group=seafile
[Install]
WantedBy=multi-user.target
Save the file by pressing Ctrl + X and entering Y when prompted.
Create and open the /etc/systemd/system/seahub.service file for editing.
$ sudo nano /etc/systemd/system/seahub.service
Paste the following code in it.
[Unit]
Description=Seafile hub
After=network.target seafile.service
[Service]
Type=forking
# change start to start-fastcgi if you want to run fastcgi
ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start
ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop
User=seafile
Group=seafile
[Install]
WantedBy=multi-user.target
Save the file by pressing Ctrl + X and entering Y when prompted.
Reload the Systemctl daemon.
$ sudo systemctl daemon-reload
Run the following commands to enable and start Seafile and Seahub services.
$ sudo systemctl enable --now seafile
$ sudo systemctl enable --now seahub
Check the status of both services.
$ sudo systemctl status seafile
? seafile.service - Seafile
Loaded: loaded (/etc/systemd/system/seafile.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-04-19 07:20:38 UTC; 24s ago
Tasks: 19 (limit: 1026)
Memory: 11.6M
CPU: 102ms
CGroup: /system.slice/seafile.service
??3601 /opt/seafile/seafile-server-10.0.1/seafile/bin/seafile-controller -c /opt/seafile/ccnet -d /opt/seafile/seafile-data -F /opt/seafile/conf
Next, check the status of Seahub.
$ sudo systemctl status seahub
? seahub.service - Seafile hub
Loaded: loaded (/etc/systemd/system/seahub.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-04-19 07:20:54 UTC; 19s ago
Process: 3655 ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start (code=exited, status=0/SUCCESS)
Main PID: 3668 (python3)
Tasks: 6 (limit: 1026)
Memory: 85.8M
CPU: 1.177s
CGroup: /system.slice/seahub.service
??3668 python3 /opt/seafile/seafile-server-10.0.1/seahub/thirdpart/bin/gunicorn seahub.wsgi:application -c /opt/seafile/conf/gunicorn.conf.py --preload
Step 10 - Install Nginx
Ubuntu 22.04 ships with an older version of Nginx. To install the latest version, you need to download the official Nginx repository.
Import Nginx's signing key.
$ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Add the repository for Nginx's stable version.
$ echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg arch=amd64] \
http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
Update the system repositories.
$ sudo apt update
Install Nginx.
$ sudo apt install nginx
Verify the installation.
$ nginx -v
nginx version: nginx/1.24.0
Start the Nginx server.
$ sudo systemctl start nginx
Step 11 - Install SSL
We need to install Certbot to generate the SSL certificate. You can either install Certbot using Ubuntu's repository or grab the latest version using the Snapd tool. We will be using the Snapd version.
Ubuntu 22.04 comes with Snapd installed by default. Run the following commands to ensure that your version of Snapd is up to date.
$ sudo snap install core && sudo snap refresh core
Install Certbot.
$ sudo snap install --classic certbot
Use the following command to ensure that the Certbot command can be run by creating a symbolic link to the /usr/bin directory.
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Run the following command to generate an SSL Certificate.
$ sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m name@example.com -d seafile.example.com
The above command will download a certificate to the /etc/letsencrypt/live/seafile.example.com directory on your server.
Generate a Diffie-Hellman group certificate.
$ sudo openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096
Check the Certbot renewal scheduler service.
$ sudo systemctl list-timers
You will find snap.certbot.renew.service as one of the services scheduled to run.
NEXT LEFT LAST PASSED UNIT ACTIVATES
Wed 2023-04-19 10:31:47 UTC 2h 55min left Wed 2023-04-19 03:31:58 UTC 4h 3min ago ua-timer.timer ua-timer.service
Wed 2023-04-19 12:02:42 UTC 4h 26min left Wed 2023-04-19 03:19:20 UTC 4h 16min ago motd-news.timer motd-news.service
Wed 2023-04-19 18:19:56 UTC 10h left Wed 2023-04-19 07:19:52 UTC 16min ago apt-daily.timer apt-daily.service
Wed 2023-04-19 22:51:00 UTC 15h left n/a n/a snap.certbot.renew.timer snap.certbot.renew.service
Do a dry run of the process to check whether the SSL renewal is working fine.
$ sudo certbot renew --dry-run
If you see no errors, you are all set. Your certificate will renew automatically.
Step 12 - Configure Nginx
Create and open the file /etc/nginx/conf.d/seafile.conf for editing.
$ sudo nano /etc/nginx/conf.d/seafile.conf
Paste the following code in it.
log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';
server {
listen 80;
listen [::]:80;
server_name seafile.example.com;
rewrite ^ https://$http_host$request_uri? permanent; # Forced redirect from HTTP to HTTPS
server_tokens off; # Prevents the Nginx version from being displayed in the HTTP response header
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/seafile.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seafile.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/seafile.example.com/chain.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
resolver 8.8.8.8;
server_name seafile.example.com;
server_tokens off;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
proxy_set_header X-Forwarded-Proto https;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
# Uncomment the following line if you want to support uploads > 4GB
# proxy_request_buffering off;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
}
Save the file by pressing Ctrl + X and entering Y when prompted once finished.
Open the file /etc/nginx/nginx.conf for editing.
$ sudo nano /etc/nginx/nginx.conf
Add the following line before the line include /etc/nginx/conf.d/*.conf;.
server_names_hash_bucket_size 64;
Save the file by pressing Ctrl + X and entering Y when prompted.
Verify the Nginx configuration file syntax.
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart the Nginx service.
$ sudo systemctl restart nginx
Step 13 - Access Seafile
Open the URL https://seafile.example.com in your browser and you will get the following login screen.
Enter the credentials you created in step 7 and click the Log in button to proceed. You will be greeted by the following page.
Click the My Library to open the default library.
Click the Upload button and select the Upload files option. Select the file you want to upload and click the Open button.
The progress bar will load and your file will be soon uploaded.
To access the Administration panel, click the profile picture icon on the top right area.
Select the System Admin option to open the administration panel.
From here on, you can change your site's branding, enable stronger passwords, and two-factor authentication, disable registrations, and manage multiple users among other options.
Conclusion
This concludes our tutorial on installing Seafile self-hosted cloud storage on a Ubuntu 22.04 server. If you have any questions, post them in the comments below.