Updated on | | 0 User comments

Seafile - Manage your own Cloud

Seafile is a private open source cloud storage to manage teams and organizations. It supports file syncing and sharing and editing and commenting files online. Furthermore, you can use it as a mobile office, where it is possible to access files from your mobile device. You can install it on your own machine and encrypt your files with your own password.

Seafile is a file hosting software system where files are stored on a central server and can by synchronized with several devices like PC or mobile phones. You need to install the server version on your homeserver and install the Seafile Client on these devices. Furthermore, it is possible to use Webdav or an web interface to copy, delete or rename your files. Seafile has the following features: Selective sync, differential sync to minimize bandwidth, client-side encryption, user and group permission management, public link-sharing, version control and online file editing. Hence, Seafile's functionality is similar to other cloud services like Dropbox, Box or Google Drive. In this tutorial, I will show you how you can install and manage several Seafile functions in Ubuntu.

Seafile depends on the following packages:

  • Seafile Server
  • Seafile Client
  • Seafile Fuse
  • Seafile Webdav
  • Seafile CLI

Seafile Server

Add User and Group

Add a seafile group

  1. sudo addgroup --system --gecos "Seafile Server" seafile

and a seafile user

  1. sudo adduser --system --gecos "Seafile Server" seafile --disabled-password

with the aim to add seafile user to seafile group:

  1. sudo usermod -a -G seafile seafile

Log into the seafile user

  1. sudo su - seafile

Installation or Upgrade

In order to install or upgrade Seafile, you need to download the latest version from Bitbucket.

If you already installed seafile, you need to stop it at first.

  1. sudo service seafile-server stop

After this you can download it from Bitbucket.

  1. sudo su - seafile
  2. wget https://bitbucket.org/haiwen/seafile/downloads/seafile-server_4.2.0_x86-64.tar.gz

Extract the file, remove it

  1. tar xzf seafile-server_*_x86-64.tar.gz
  2. rm seafile-server_*_x86-64.tar.gz

and change to the right folder:

  1. cd seafile-server-4.2.0

Fresh installation

Run setup with:

  1. ./setup-seafile.sh
This script will guide you to config and setup your seafile server.

Make sure you have read seafile server manual at 


Note: This script will guide your to setup seafile server using sqlite3,
which may have problems if your disk is on a NFS/CIFS/USB.
In these cases, we sugguest you setup seafile server using MySQL.

Press [ENTER] to continue

Checking packages needed by seafile ...

Checking python on this machine ...
Find python: python2.7

  Checking python module: setuptools ... Done.
  Checking python module: python-imaging ... Done.
  Checking python module: python-sqlite3 ... Done.

Checking for sqlite3 ...Done.

Checking Done.
Configure ccnet

At first, you will get the following question:

It seems that you have created a ccnet configuration before. 
Would you like to use the existing configuration?

Answer with "yes", if you already configured it.

Existing ccnet configuration is being used.
Seafile data

The best way is to use the default directory for seafile data /home/seafile/seafile-data.

Where would you like to store your seafile data? 
Note: Please use a volume with enough free space.
[default: /home/seafile/seafile-data ] 

If you already installed seafile data, you will get the next question:

It seems that you have already existing seafile data in /home/seafile/seafile-data.
Would you like to use the existing seafile data?

Answer this question with "yes".

This is your config information:
ccnet config:       use existing config in  /home/seafile/ccnet
seafile data dir:   use existing data in    /home/seafile/seafile-data
If you are OK with the configuration, press [ENTER] to continue.

The next step is to upgrade/install seahub.

Seahub is the web interface for seafile server.
Now let's setup seahub configuration. Press [ENTER] to continue

Creating seahub database now, it may take one minute, please wait... 

Failed to sync seahub database.

Error occured during setup. 
Please fix possible issues and run the script again.
Seafile Config Files

In order to have the overview about all config files, you can create a symlink:

  1. ln -s /home/seafile/conf /etc/seafile

Problems with Mysql and Zentyal

When I try to login to mysql using the root account while logged in Ubuntu as normal user account I get access denied. In order to solve this, do the following:

Login in mysql at first:

  1. sudo mysql -u root -p

Check your accounts present in your db:

  1. SELECT User,Host FROM mysql.user;

Delete current root@localhost account:

  1. mysql> DROP USER 'root'@'localhost';
Query OK, 0 rows affected (0,00 sec)

Recreate your user:

  1. mysql> CREATE USER 'root'@'%' IDENTIFIED BY '';
Query OK, 0 rows affected (0,00 sec)

Give permissions to your user (don't forget to flush privileges):

  1. mysql> GRANT ALL PRIVILEGES ON *.* TO 'root'@'%';
Query OK, 0 rows affected (0,00 sec)
Query OK, 0 rows affected (0,00 sec)
Query OK, 0 rows affected (0,00 sec)

Check your accounts again: mysql

mysql> SELECT User,Host FROM mysql.user;

Exit mysql and try to reconnect without sudo

Upgrade from old version

Have a look at first, which seafile version you are using at the moment:

  1. sudo su - seafile
  2. ls -l ~/seafile-server-latest
lrwxrwxrwx 1 seafile seafile 20 Feb 17 00:38 /home/seafile/seafile-server-latest -> seafile-server-4.0.6

I'm upgrading seafile from 4.0.6 to 4.2. Hence, I need to look into the upgrade folder of the latest version:

  1. ls -l ~/seafile-server-4.2.0/upgrade
-rwxrwxr-x  1 seafile seafile  6705 Feb  5 22:36 upgrade_3.0_3.1.sh
-rwxrwxr-x  1 seafile seafile  6705 Feb  5 22:36 upgrade_3.1_4.0.sh
-rwxrwxr-x  1 seafile seafile  7132 Apr 30 00:35 upgrade_4.0_4.1.sh
-rwxrwxr-x  1 seafile seafile  6753 Apr 30 00:35 upgrade_4.1_4.2.sh

As you can see, I need to run the following files at first:

  1. ~/seafile-server-4.2.0/upgrade/upgrade_4.0_4.1.sh
  2. ~/seafile-server-4.2.0/upgrade/upgrade_4.1_4.2.sh
This script would upgrade your seafile server from 4.0 to 4.1
Press [ENTER] to contiune

What is the root password for mysql? 

verifying password of root user root ...  done

Updating seafile/seahub database ...

[INFO] You are using MySQL
[INFO] updating ccnet database...
[INFO] updating seafile database...

migrating avatars ...


updating /home/seafile/seafile-server-latest symbolic link to /home/seafile/seafile-server-4.2.0 ...

Upgraded your seafile server successfully.

This script would upgrade your seafile server from 4.1 to 4.2
Press [ENTER] to contiune

Updating seafile/seahub database ...

[INFO] You are using MySQL
[INFO] updating seafile database...
[INFO] updating seahub database...

migrating avatars ...


updating /home/seafile/seafile-server-latest symbolic link to /home/seafile/seafile-server-4.2.0 ...

Upgraded your seafile server successfully.

Hint: If you are using Zentyal, you can find here the root password for your mysql database:

sudo cat /var/lib/zentyal/conf/zentyal-mysql.passwd

After the installation or the upgrade, you need to start the server as first:

  1. sudo service seafile-server start

Configure HAProxy

HAProxy frontend

  1. # Subdomain Seafile Cloud
  2. acl seafile_path url_beg /seafhttp/
  3. acl seafdav_path url_beg /seafdav/
  4. acl seafile_server ssl_fc_sni -i DOMAIN.TLD
  5. use_backend bk_zentyal_seafileHAProxyId_8080 if seafile_server seafdav_path !seafile_path
  6. use_backend bk_zentyal_seafileHAProxyId_8082 if seafile_server seafile_path !seafdav_path
  7. use_backend bk_zentyal_seafileHAProxyId_8000 if seafile_server !seafile_path !seafdav_path

HAProxy backend

# Seahub
backend bk_zentyal_seafileHAProxyId_8000
        mode http
        log global
        option forwardfor
        option httplog
        option http-no-delay

        server srv_zentyal_seafileHAProxyId check

# Seafile
backend bk_zentyal_seafileHAProxyId_8082
        mode http
        log global
        option httplog
        option forwardfor
        option http-no-delay
        option httpchk HEAD / HTTP/1.0
        option httpchk GET /check HTTP/1.0

        reqrep ^(.*)/seafhttp(.*) \1\2
        server srv_zentyal_seafileHAProxyId check

# SeaDav
backend bk_zentyal_seafileHAProxyId_8080
        mode http
        log global
        option forwardfor
        option httplog
        option http-no-delay

        server srv_zentyal_seafileHAProxyId check

Active Directory or LDAP

Seafile supports LDAP authentication. I'm using it together with Zentyal / Samba4 in order to manage the users. It's pretty easy to use LDAP with Seafile: You need to add/change the following values in your /home/seafile/ccnet/ccnet.conf file.

At first, check if your LDAP connection is available:

  1. sudo apt-get install ldap-utils
  2. ldapsearch -x -p 389 -LLL -h localhost -b "" -s base "(objectclass=*)" supportedSASLMechanisms dn
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: NTLM
  1. [LDAP]
  2. HOST = ldap://
  3. USE_SSL = false
  4. BASE = cn=Users,dc=ludwig,dc=im
  5. USER_DN = CN=zentyal-mail-mediaserver,CN=Users,DC=ludwig,DC=im
  7. LOGIN_ATTR = mail
  8. #FILTER = memberof=CN=cloud,CN=Groups,DC=ludwig,DC=im

The read access user zentyal-mail-mediaserver in LDAP is generated by Zentyal. You can find the right user by using:

  1. ls -lta /var/lib/zentyal/conf/zentyal-mail-*.passwd
-rw------- 1 ebox adm 20 Jul  3  2014 /var/lib/zentyal/conf/zentyal-mail-mediaserver.passwd

The LDAP password is written in this file. More information about Seafile with LDAP you can find here.

Seafile WebDav

Install davfs2

  1. sudo apt-get install davfs2

Reconfigure davfs2 to enable to use davfs under unprivileged users

  1. sudo dpkg-reconfigure davfs2

It's recommended to disable LOCK operation for davfs2. You have to edit /etc/davfs2/davfs2.conf

  1. use_locks       0
  2. secrets ~/.davfs2/secrets

Edit ~/.davfs2/secrets file to add credentials to remote WebDav diectory. Add a line to the end of file in following style:

  1. https://<WebDav URI>   <username> <password>

Set the permission:

  1. chmod 600 ~/.davfs2/secrets

Mount Manual

The -o option sets the owner of the mounted directory to so that it's writable for non-root users.

  1. sudo mount -t davfs -o uid=YOUR_USER /home/samba/seafile

Mount with Nautilus

  1. dav://user@domain.tld:8080/seafdav

Mount with fstab

Add a line to /ect/fstab about the remote WebDav directory

  1. /home/samba/seafile davfs user,noauto,uid=YOUR_USER,file_mode=600,dir_mode=700 0 1

Add your user to the davfs2 group

  1. usermod -a -G davfs2 seafile

Seafile Fuse

In order to use twonky in combination with seafile, you need to create a ram folder in /media. In order to realize this, please edit your /etc/fstab and insert the following line:

  1. ramfs    /media/ramfs   ramfs   defaults        0       0

What happends in fstab? When you boot your server, fstab will mount the folder /media/ramfs into your memory. Normally, seafile-fuse is mounting the folder as root. If you want to mount it as a special user, you need to edit seaf-fuse.sh:

cd ~/seafile-server-4.2.0
nano seaf-fuse.sh

Change this:

  2.         -c "${default_ccnet_conf_dir}" \
  3.         -d "${seafile_data_dir}" \
  4.         -F "${default_conf_dir}" \
  5.         -l "${logfile}" \
  6.         "$@"

to this:

  2.         -c "${default_ccnet_conf_dir}" \
  3.         -d "${seafile_data_dir}" \
  4.         -F "${default_conf_dir}" \
  5.         -l "${logfile}" \
  6.         -o uid=123,gid=128,umask=222,allow_other \
  7.         "$@"

Furthermore, set uid and gid as you need (e.g. uid=123,gid=128).

Now you are able to create a start script in /etc/init.d/seafile-fuse.sh. With this script, you can start seafile-fuse in order to have read access to all your seafile stuff.

  1. sudo nano /etc/init.d/seafile-fuse.sh
  1. #!/bin/bash
  4. # Provides: seafile-fuse
  5. # Required-Start: $remote_fs $syslog $local_fs $network
  6. # Required-Stop: $remote_fs $syslog $local_fs $network
  7. # Should-Start: $named
  8. # Should-Stop: $named
  9. # Default-Start: 2 3 4 5
  10. # Default-Stop: 0 1 6
  11. # Short-Description: Starts seafile-fuse cloud
  12. # Description: This script mounts all seafile folders
  13. ### END INIT INFO
  15. # Change the value of "seafile_dir" to your path of seafile installation
  16. seafile_dir=/media/ramfs/seafile-share
  17. script_path=/usr/bin
  18. seafile_init_log=/home/seafile/logs/seaf-fuse.log
  20. case "$1" in
  21.         start)
  22.                 sudo mkdir -p ${seafile_dir}
  23.                 sudo ${script_path}/seaf-fuse.sh start ${seafile_dir} >> ${seafile_init_log}
  24.         ;;
  25.         restart)
  26.                 sudo ${script_path}/seaf-fuse.sh restart ${seafile_dir} >> ${seafile_init_log}
  27.         ;;
  28.         stop)
  29.                 sudo ${script_path}/seaf-fuse.sh $1 >> ${seafile_init_log}
  31.                 # Kill seaf-fuse processes
  32.                 pids=`ps aux | grep seaf-fuse | grep -v grep | awk '{print $2}'`
  33.                 for i in ${pids}
  34.                 do
  35.                         sudo kill -9 $i
  36.                 done
  38.                 # Kill umount processes
  39.                 pids=`ps aux | grep ${seafile_dir} | grep -v grep | awk '{print $2}'`
  40.                 for i in ${pids}
  41.                 do
  42.                         sudo kill -9 $i
  43.                 done
  44.         ;;
  45.         *)
  46.                 echo "Usage: /etc/init.d/seafile-fuse {start|stop|restart}"
  47.                 exit 1
  48.         ;;
  49. esac

Seafile Client

Autostart with Systemd

You need to create this service file only if you have seafile console client and you want to run it on system boot.

  1. sudo nano /etc/systemd/system/seafile-client.service
Description=Seafile client
# Uncomment the next line you are running seafile client on the same computer as server
# After=seafile.service
# Or the next one in other case
# After=network.target

ExecStart=/usr/bin/seaf-cli start
ExecStop=/usr/bin/seaf-cli stop


Seafile CLI


  1. sudo add-apt-repository ppa:seafile/seafile-client
  2. sudo apt-get update
  3. sudo apt-get install seafile-cli


Choose a folder where to store the seafile client settings e.g ~/.seafile-client and initialise seafile client with this folder by using:

  1. mkdir /mnt/seafile
  2. sudo seaf-cli init -d /mnt/seafile -c /home/seafile/conf/conf.d/fileserver-clien
Successly create configuration dir /home/seafile/conf/conf.d/fileserver-client.
Writen seafile data directory /mnt/seafile/seafile-data to /home/seafile/conf/conf.d/fileserver-client/seafile.ini

SystemD installation

  1. sudo nano /lib/systemd/system/seafile-client.service
Description=Seafile client
# Uncomment the next line you are running seafile client on the same computer as server
# After=seafile.service
# Or the next one in other case
After=network.target seafile.service seahub.service

ExecStart=/usr/bin/seaf-cli start --confdir /home/seafile/conf/conf.d/fileserver-client/
ExecStop=/usr/bin/seaf-cli stop --confdir /home/seafile/conf/conf.d/fileserver-client/


Enable the new service by using

  1. sudo systemctl enable seafile-client.service

and start it with:

  1. sudo service seafile-client start

Enable http sync by using:

  1. sudo seaf-cli config -k enable_http_sync -v true -c /home/seafile/conf/conf.d/fileserver-client

Now, we can identify the lib you need with:

  1. sudo seaf-cli list-remote -s  "" -u "USERNAME" -p "PASSWORD" -c /home/seafile/conf/conf.d/fileserver-client
Name    ID
Fotos af7926b2-8fe6-4766-98d6-18638e539081
Music 71ab1b86-4a22-4903-8a8e-6e06a319f6f1

Now, you can choose a LIB-ID (e.g. 71ab1b86-4a22-4903-8a8e-6e06a319f6f1), which you would like to sync to your local server:

  1. sudo mkdir /mnt/seafile/mediaserver
  2. sudo seaf-cli sync -l "LIB-ID" -s  "" -u "USERNAME" -p "PASSWORD" -c /home/seafile/conf/conf.d/fileserver-client -d "/mnt/seafile/mediaserver/"
Starting to download ...

After the sync is finished you will get the following status of seaf-cli:

  1. sudo seaf-cli status -c /home/seafile/conf/conf.d/fileserver-client
# Name  Status  Progress

# Name  Status
workspace   synchronized

Seafile CLI Syncronization

Sync fileserver (e.g. Samba or DLNA)

I created a group called "mediaserver" with the user "service" that has the following libraries in seafile:

  • Music (id: 1xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
  • Movies (id: 2xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
  • Fotos (id: 3xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

I would like to sync these libraries to a new storage on my server in order to publish it by samba or twonky. Before, I used seaf-fuse that is very slow and it needs a lot of ressources. So I want to sync all these libraries in /mnt/seafile/.

Add Sync user config folder:

  1. mkdir /etc/seafile/conf.d/

Initialize new fileserver:

  1. /usr/bin/seafile-cli init -c /etc/seafile/conf.d/fileserver-client -d /mnt/seafile/

Configure daemon settings settings

  1. nano /etc/default/seafile-cli

Start Seaf-cli Daemon

  1. sudo service seafile-cli start

Configure client connection:

  1. /usr/bin/seafile-cli config -c /etc/seafile/conf.d/fileserver-client -k enable_http_sync -v true
Add folders


  1. mkdir /mnt/seafile/Music
  2. /usr/bin/seafile-cli sync -l 1xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -s "" -d /mnt/seafile/Music -c /etc/seafile/conf.d/fileserver-client -u user -p password


  1. mkdir /mnt/seafile/Movies
  2. /usr/bin/seafile-cli sync -l 2xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -s "" -d /mnt/seafile/Movies -c /etc/seafile/conf.d/fileserver-client -u user -p password


  1. mkdir /mnt/seafile/Fotos
  2. /usr/bin/seafile-cli sync -l 3xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -s "" -d /mnt/seafile/Fotos -c /etc/seafile/conf.d/fileserver-client -u user -p password
Get Status
  1. seafile-cli status -c /etc/seafile/conf.d/fileserver-client
Fotosdownloading6987/8055, 0.0KB/s
Moviesdownloading23/560, 66905.4KB/s
Musicdownloading3428/4387, 0.0KB/s

Seafile with Fail2Ban

Fail2ban scans Seafile's log file /home/seafile/logs/seahub.log and bans IPs that show the malicious signs like too many password failures. After the identification of a malicious sign, Fail2Ban update the firewall rules to reject the IP addresses for a specified amount of time. Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents.

On Ubuntu you can install Fan2Ban easily by using apt-get:

  1. sudo apt-get update
  2. sudo apt-get install fail2ban

After that, you need to download the filter for Fail2Ban from Denis Chatenay:

  1. cd /etc/fail2ban/filter.d
  2. sudo wget https://raw.githubusercontent.com/DenisChatenay/seafile-authentication-fail2ban/master/etc/fail2ban/filter.d/seafile-auth.conf

Configure the local jail for Seafile like this:

  1. sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
  2. sudo nano /etc/fail2ban/jail.local
############ Seafile, Owncloud etc.
enabled  = true
port     = https
filter   = seafile-auth
logpath  = /home/seafile/logs/seahub.log
maxretry = 3

Don't forget to restart or start Fail2Ban with:

sudo service fail2ban restart

After some hours you can test fail2ban with:

  1. sudo fail2ban-client status seafile
Status for the jail: seafile
|- filter
|  |- File list:    /home/seafile/logs/seahub.log 
|  |- Currently failed: 0
|  `- Total failed: 1
`- action
   |- Currently banned: 1
   |  `- IP list: XXX.XXX.XXX.XXX
   `- Total banned: 1

Well, what do you think?

Comments powered by LudwigDisqus for ModX