Updated on | #seafile, #server, #client | 0 User comments

Seafile - Manage your own Cloud

Seafile is a private open source cloud storage to manage teams and organizations. It supports file syncing and sharing and editing and commenting files online. Furthermore, you can use it as a mobile office, where it is possible to access files from your mobile device. You can install it on your own machine and encrypt your files with your own password.

Seafile is a file hosting software system where files are stored on a central server and can by synchronized with several devices like PC or mobile phones. You need to install the server version on your homeserver and install the Seafile Client on these devices. Furthermore, it is possible to use Webdav or an web interface to copy, delete or rename your files. Seafile has the following features: Selective sync, differential sync to minimize bandwidth, client-side encryption, user and group permission management, public link-sharing, version control and online file editing. Hence, Seafile's functionality is similar to other cloud services like Dropbox, Box or Google Drive. In this tutorial, I will show you how you can install and manage several Seafile functions in Ubuntu.

Seafile depends on the following packages:

  • Seafile Server
  • Seafile Client
  • Seafile Fuse
  • Seafile Webdav
  • Seafile CLI

Seafile Server

Add User

  1. sudo adduser --system --gecos "Seafile Server" seafile --disabled-password

Log into the seafile user

  1. sudo su - seafile

Installation or Upgrade

In order to install or upgrade Seafile, you need to download the latest version from Bitbucket.

If you already installed seafile, you need to stop it at first.

  1. sudo service seafile-server stop

After this you can download it from Bitbucket.

  1. sudo su - seafile
  2. wget https://bitbucket.org/haiwen/seafile/downloads/seafile-server_4.2.0_x86-64.tar.gz

Extract the file, remove it

  1. tar xzf seafile-server_*_x86-64.tar.gz
  2. rm seafile-server_*_x86-64.tar.gz

and change to the right folder:

  1. cd seafile-server-4.2.0

Fresh installation

Run setup with:

  1. ./setup-seafile.sh
-----------------------------------------------------------------
This script will guide you to config and setup your seafile server.

Make sure you have read seafile server manual at 

    https://github.com/haiwen/seafile/wiki

Note: This script will guide your to setup seafile server using sqlite3,
which may have problems if your disk is on a NFS/CIFS/USB.
In these cases, we sugguest you setup seafile server using MySQL.

Press [ENTER] to continue
-----------------------------------------------------------------


Checking packages needed by seafile ...

Checking python on this machine ...
Find python: python2.7

  Checking python module: setuptools ... Done.
  Checking python module: python-imaging ... Done.
  Checking python module: python-sqlite3 ... Done.

Checking for sqlite3 ...Done.

Checking Done.
Configure ccnet

At first, you will get the following question:

It seems that you have created a ccnet configuration before. 
Would you like to use the existing configuration?
[yes|no]

Answer with "yes", if you already configured it.

Existing ccnet configuration is being used.
Seafile data

The best way is to use the default directory for seafile data /home/seafile/seafile-data.

Where would you like to store your seafile data? 
Note: Please use a volume with enough free space.
[default: /home/seafile/seafile-data ] 

If you already installed seafile data, you will get the next question:

It seems that you have already existing seafile data in /home/seafile/seafile-data.
Would you like to use the existing seafile data?
[yes|no]

Answer this question with "yes".

This is your config information:
ccnet config:       use existing config in  /home/seafile/ccnet
seafile data dir:   use existing data in    /home/seafile/seafile-data
If you are OK with the configuration, press [ENTER] to continue.
Seahub

The next step is to upgrade/install seahub.

-----------------------------------------------------------------
Seahub is the web interface for seafile server.
Now let's setup seahub configuration. Press [ENTER] to continue
-----------------------------------------------------------------

Creating seahub database now, it may take one minute, please wait... 

Failed to sync seahub database.

Error occured during setup. 
Please fix possible issues and run the script again.
Seafile Config Files

In order to have the overview about all config files, you can create a symlink:

  1. ln -s /home/seafile/conf /etc/seafile

Upgrade from old version

Have a look at first, which seafile version you are using at the moment:

  1. sudo su - seafile
  2. ls -l ~/seafile-server-latest
lrwxrwxrwx 1 seafile seafile 20 Feb 17 00:38 /home/seafile/seafile-server-latest -> seafile-server-4.0.6

I'm upgrading seafile from 4.0.6 to 4.2. Hence, I need to look into the upgrade folder of the latest version:

  1. ls -l ~/seafile-server-4.2.0/upgrade
...
-rwxrwxr-x  1 seafile seafile  6705 Feb  5 22:36 upgrade_3.0_3.1.sh
-rwxrwxr-x  1 seafile seafile  6705 Feb  5 22:36 upgrade_3.1_4.0.sh
-rwxrwxr-x  1 seafile seafile  7132 Apr 30 00:35 upgrade_4.0_4.1.sh
-rwxrwxr-x  1 seafile seafile  6753 Apr 30 00:35 upgrade_4.1_4.2.sh

As you can see, I need to run the following files at first:

  1. ~/seafile-server-4.2.0/upgrade/upgrade_4.0_4.1.sh
  2. ~/seafile-server-4.2.0/upgrade/upgrade_4.1_4.2.sh
-------------------------------------------------------------
This script would upgrade your seafile server from 4.0 to 4.1
Press [ENTER] to contiune
-------------------------------------------------------------

What is the root password for mysql? 

verifying password of root user root ...  done
Done

Updating seafile/seahub database ...

[INFO] You are using MySQL
[INFO] updating ccnet database...
[INFO] updating seafile database...
Done

migrating avatars ...

Done

updating /home/seafile/seafile-server-latest symbolic link to /home/seafile/seafile-server-4.2.0 ...

-----------------------------------------------------------------
Upgraded your seafile server successfully.
-----------------------------------------------------------------


-------------------------------------------------------------
This script would upgrade your seafile server from 4.1 to 4.2
Press [ENTER] to contiune
-------------------------------------------------------------

Updating seafile/seahub database ...

[INFO] You are using MySQL
[INFO] updating seafile database...
[INFO] updating seahub database...
Done

migrating avatars ...

Done

updating /home/seafile/seafile-server-latest symbolic link to /home/seafile/seafile-server-4.2.0 ...

-----------------------------------------------------------------
Upgraded your seafile server successfully.
-----------------------------------------------------------------

Hint: If you are using Zentyal, you can find here the root password for your mysql database:

sudo cat /var/lib/zentyal/conf/zentyal-mysql.passwd

After the installation or the upgrade, you need to start the server as first:

  1. sudo service seafile-server start

Configure HAProxy

HAProxy frontend

  1. # Subdomain Seafile Cloud
  2. acl seafile_path url_beg /seafhttp/
  3. acl seafdav_path url_beg /seafdav/
  4. acl seafile_server ssl_fc_sni -i DOMAIN.TLD
  5. use_backend bk_zentyal_seafileHAProxyId_8080 if seafile_server seafdav_path !seafile_path
  6. use_backend bk_zentyal_seafileHAProxyId_8082 if seafile_server seafile_path !seafdav_path
  7. use_backend bk_zentyal_seafileHAProxyId_8000 if seafile_server !seafile_path !seafdav_path

HAProxy backend

# Seahub
backend bk_zentyal_seafileHAProxyId_8000
        mode http
        log global
        option forwardfor
        option httplog
        option http-no-delay

        server srv_zentyal_seafileHAProxyId 127.0.0.1:8000 check

# Seafile
backend bk_zentyal_seafileHAProxyId_8082
        mode http
        log global
        option httplog
        option forwardfor
        option http-no-delay
        option httpchk HEAD / HTTP/1.0
        option httpchk GET /check HTTP/1.0

        reqrep ^(.*)/seafhttp(.*) \1\2
        server srv_zentyal_seafileHAProxyId 127.0.0.1:8082 check


# SeaDav
backend bk_zentyal_seafileHAProxyId_8080
        mode http
        log global
        option forwardfor
        option httplog
        option http-no-delay

        server srv_zentyal_seafileHAProxyId 127.0.0.1:8080 check

Active Directory or LDAP

Seafile supports LDAP authentication. I'm using it together with Zentyal in order to manage the users. It's pretty easy to use LDAP with Seafile: You need to add/change the following values in your /home/seafile/ccnet/ccnet.conf file.

  1. [LDAP]
  2. HOST = ldap://127.0.0.1:389
  3. USE_SSL = false
  4. BASE = cn=Users,dc=ludwig,dc=im
  5. USER_DN = CN=zentyal-mail-mediaserver,CN=Users,DC=ludwig,DC=im
  6. PASSWORD = XXXXXX
  7. LOGIN_ATTR = mail
  8. #FILTER = memberof=CN=cloud,CN=Groups,DC=ludwig,DC=im

The read access user zentyal-mail-mediaserver in LDAP is generated by Zentyal. You can find the right user by using:

  1. ls -lta /var/lib/zentyal/conf/zentyal-mail-*.passwd
-rw------- 1 ebox adm 20 Jul  3  2014 /var/lib/zentyal/conf/zentyal-mail-mediaserver.passwd

The LDAP password is written in this file. More information about Seafile with LDAP you can find here.

Seafile WebDav

Install davfs2

  1. sudo apt-get install davfs2

Reconfigure davfs2 to enable to use davfs under unprivileged users

  1. sudo dpkg-reconfigure davfs2

It's recommended to disable LOCK operation for davfs2. You have to edit /etc/davfs2/davfs2.conf

  1. use_locks       0
  2. secrets ~/.davfs2/secrets

Edit ~/.davfs2/secrets file to add credentials to remote WebDav diectory. Add a line to the end of file in following style:

  1. https://<WebDav URI>   <username> <password>

Set the permission:

  1. chmod 600 ~/.davfs2/secrets

Mount Manual

The -o option sets the owner of the mounted directory to so that it's writable for non-root users.

  1. sudo mount -t davfs -o uid=YOUR_USER http://127.0.0.1:8080/seafdav /home/samba/seafile

Mount with Nautilus

  1. dav://user@domain.tld:8080/seafdav

Mount with fstab

Add a line to /ect/fstab about the remote WebDav directory

  1. http://127.0.0.1:8080/seafdav /home/samba/seafile davfs user,noauto,uid=YOUR_USER,file_mode=600,dir_mode=700 0 1

Add your user to the davfs2 group

  1. usermod -a -G davfs2 seafile

Seafile Fuse

In order to use twonky in combination with seafile, you need to create a ram folder in /media. In order to realize this, please edit your /etc/fstab and insert the following line:

  1. ramfs    /media/ramfs   ramfs   defaults        0       0

What happends in fstab? When you boot your server, fstab will mount the folder /media/ramfs into your memory. Normally, seafile-fuse is mounting the folder as root. If you want to mount it as a special user, you need to edit seaf-fuse.sh:

cd ~/seafile-server-4.2.0
nano seaf-fuse.sh

Change this:

  1. LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${seaf_fuse} \
  2.         -c "${default_ccnet_conf_dir}" \
  3.         -d "${seafile_data_dir}" \
  4.         -F "${default_conf_dir}" \
  5.         -l "${logfile}" \
  6.         "$@"

to this:

  1. LD_LIBRARY_PATH=$SEAFILE_LD_LIBRARY_PATH ${seaf_fuse} \
  2.         -c "${default_ccnet_conf_dir}" \
  3.         -d "${seafile_data_dir}" \
  4.         -F "${default_conf_dir}" \
  5.         -l "${logfile}" \
  6.         -o uid=123,gid=128,umask=222,allow_other \
  7.         "$@"

Furthermore, set uid and gid as you need (e.g. uid=123,gid=128).

Now you are able to create a start script in /etc/init.d/seafile-fuse.sh. With this script, you can start seafile-fuse in order to have read access to all your seafile stuff.

  1. sudo nano /etc/init.d/seafile-fuse.sh
  1. #!/bin/bash
  2.  
  3. ### BEGIN INIT INFO
  4. # Provides: seafile-fuse
  5. # Required-Start: $remote_fs $syslog $local_fs $network
  6. # Required-Stop: $remote_fs $syslog $local_fs $network
  7. # Should-Start: $named
  8. # Should-Stop: $named
  9. # Default-Start: 2 3 4 5
  10. # Default-Stop: 0 1 6
  11. # Short-Description: Starts seafile-fuse cloud
  12. # Description: This script mounts all seafile folders
  13. ### END INIT INFO
  14.  
  15. # Change the value of "seafile_dir" to your path of seafile installation
  16. seafile_dir=/media/ramfs/seafile-share
  17. script_path=/usr/bin
  18. seafile_init_log=/home/seafile/logs/seaf-fuse.log
  19.  
  20. case "$1" in
  21.         start)
  22.                 sudo mkdir -p ${seafile_dir}
  23.                 sudo ${script_path}/seaf-fuse.sh start ${seafile_dir} >> ${seafile_init_log}
  24.         ;;
  25.         restart)
  26.                 sudo ${script_path}/seaf-fuse.sh restart ${seafile_dir} >> ${seafile_init_log}
  27.         ;;
  28.         stop)
  29.                 sudo ${script_path}/seaf-fuse.sh $1 >> ${seafile_init_log}
  30.  
  31.                 # Kill seaf-fuse processes
  32.                 pids=`ps aux | grep seaf-fuse | grep -v grep | awk '{print $2}'`
  33.                 for i in ${pids}
  34.                 do
  35.                         sudo kill -9 $i
  36.                 done
  37.  
  38.                 # Kill umount processes
  39.                 pids=`ps aux | grep ${seafile_dir} | grep -v grep | awk '{print $2}'`
  40.                 for i in ${pids}
  41.                 do
  42.                         sudo kill -9 $i
  43.                 done
  44.         ;;
  45.         *)
  46.                 echo "Usage: /etc/init.d/seafile-fuse {start|stop|restart}"
  47.                 exit 1
  48.         ;;
  49. esac

Seafile Client

Autostart with Systemd

You need to create this service file only if you have seafile console client and you want to run it on system boot.

  1. sudo nano /etc/systemd/system/seafile-client.service
[Unit]
Description=Seafile client
# Uncomment the next line you are running seafile client on the same computer as server
# After=seafile.service
# Or the next one in other case
# After=network.target

[Service]
Type=oneshot
ExecStart=/usr/bin/seaf-cli start
ExecStop=/usr/bin/seaf-cli stop
RemainAfterExit=yes
User=seafile
Group=seafile

[Install]
WantedBy=multi-user.target

Seafile CLI

Installation

  1. sudo su - seafile
  2. wget https://bitbucket.org/haiwen/seafile/downloads/seafile-cli_4.0.4_x86-64.tar.gz
  1. tar xzf seafile-cli_*_x86-64.tar.gz
  2. rm seafile-cli_*_x86-64.tar.gz

Initialization

Create a Symlink for the latest cli client

  1. cd ~
  2. rm seafile-cli-latest
  3. ln -s seafile-cli-4.0.4 seafile-cli-latest

Link the full path of the exectuable

  1. ln -s /home/seafile/seafile-cli-latest/seaf-cli /usr/bin/seaf-cli

Configuration

Choose a folder where to store the seafile client settings e.g ~/.seafile-client and initialise seafile client with this folder by using:

  1. cd ~
  2. mkdir ~/.seafile-client
  3. seaf-cli init -d ~/.seafile-client
done
Successly create configuration dir /home/thomas/.ccnet.
Writen seafile data directory /home/thomas/.seafile-client/seafile-data to /home/thomas/.ccnet/seafile.ini
  1. seaf-cli start
starting ccnet daemon ...
Started: ccnet daemon ...
starting seafile daemon ...
Started: seafile daemon ...
  1. seaf-cli config -k enable_http_sync -v true
  1. mkdir ~/workspace
  2. seaf-cli sync -l "LIB-ID" -s  "http://127.0.0.1:8000" -d ~/workspace/ -u USERNAME -p PASSWORD
Starting to download ...
  1. seaf-cli status
# Name  Status  Progress
workspace   downloading 4737/21143, 0.0KB/s

# Name  Status

After the sync is finished you will get the following status of seaf-cli:

  1. seaf-cli status
# Name  Status  Progress

# Name  Status
workspace   synchronized

Autostart

With this file you are able to control the automatic startup of seaf-cli in Ubuntu and Debian.

  1. nano /etc/default/seaf-cli
# /etc/default/seaf-cli

# Change to one to enable seaf-cli automatic startup
ENABLED=1
#USER="nobody"
CONFIG=/home/seafile/conf/fileserver-client.conf

After this, you need to create the initial file:

  1. nano /etc/init.d/seaf-cli
#! /bin/sh
### BEGIN INIT INFO
# Provides: seaf-cli 
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Simple start script for seafile cli
# Description: Should be placed in /etc/init.d.
### END INIT INFO

# Author: Sven Knuth <sven.knuth@yawc.de>
# Author: Thomas Ludwig <thomas@ludwig.im>

# Do NOT "set -e"

# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Seafile Commandline"
NAME=seaf-cli
DAEMON=/usr/bin/$NAME
ENABLED=0
CONFIG="~/.seafile-client"
USER=root

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions

# Load default settings
test -f /etc/default/seaf-cli && . /etc/default/seaf-cli
if [ "$ENABLED" = "0" ] ; then
  echo "$DESC disabled, see /etc/default/seaf-cli"
  exit 0
fi

do_start()
{
    su -c "$DAEMON start --confdir $CONFIG" - $USER
}

do_stop()
{
    su -c "$DAEMON stop" - $USER
}

case "$1" in
 start)
   [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
   su -c "$DAEMON status --confdir $CONFIG" - $USER > /dev/null 2>&1
   case "$?" in
     0) echo "$DAEMON already started" ;;
     1) do_start
   esac
   ;;
 stop)
   [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
   su -c "$DAEMON status --confdir $CONFIG" - $USER > /dev/null 2>&1
   case "$?" in
     1) echo "$DAEMON already stopped" ;;
     0) do_stop ;;
   esac
   ;;
 restart)
   [ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME"
   su -c "$DAEMON status --confdir $CONFIG" - $USER > /dev/null 2>&1
   case "$?" in
     1) echo "$DAEMON already stopped" && do_start ;;
     0) do_stop && do_start ;;
   esac
   ;;
 status)
   su -c "$DAEMON status --confdir $CONFIG" - $USER > /dev/null 2>&1
   case "$?" in
     1) echo "$DAEMON not started" ;;
     0) su -c "$DAEMON status --confdir $CONFIG" - $USER
   esac
   ;;
 *)

 echo "Usage: $SCRIPTNAME {start|stop|restart|status}" >&2
 exit 3
 ;;
esac

:

Make the script executable:

  1. chmod +x /etc/init.d/seaf-cli

Start automatically on boot:

  1. sudo update-rc.d seaf-cli defaults

Seafile CLI Syncronization

Sync fileserver (e.g. Samba or DLNA)

I created a group called "mediaserver" with the user "service" that has the following libraries in seafile:

  • Music (id: 1xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
  • Movies (id: 2xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)
  • Fotos (id: 3xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)

I would like to sync these libraries to a new storage on my server in order to publish it by samba or twonky. Before, I used seaf-fuse that is very slow and it needs a lot of ressources. So I want to sync all these libraries in /mnt/seafile/.

Add Sync user config folder:

  1. mkdir /etc/seafile/conf.d/

Initialize new fileserver:

  1. /usr/bin/seaf-cli init -c /etc/seafile/conf.d/fileserver-client -d /mnt/seafile/

Configure daemon settings settings

  1. nano /etc/default/seaf-cli
ENABLED=1
USER=root
CONFIG="/etc/seafile/conf.d/fileserver-client"

Start Seaf-cli Daemon

  1. sudo service seaf-cli start

Configure client connection:

  1. /usr/bin/seaf-cli config -c /etc/seafile/conf.d/fileserver-client -k enable_http_sync -v true
Add folders

Music

  1. mkdir /mnt/seafile/Music
  2. /usr/bin/seaf-cli sync -l 1xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -s "http://127.0.0.1:8000" -d /mnt/seafile/Music -c /etc/seafile/conf.d/fileserver-client -u user -p password

Movies

  1. mkdir /mnt/seafile/Movies
  2. /usr/bin/seaf-cli sync -l 2xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -s "http://127.0.0.1:8000" -d /mnt/seafile/Movies -c /etc/seafile/conf.d/fileserver-client -u user -p password

Fotos

  1. mkdir /mnt/seafile/Fotos
  2. /usr/bin/seaf-cli sync -l 3xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx -s "http://127.0.0.1:8000" -d /mnt/seafile/Fotos -c /etc/seafile/conf.d/fileserver-client -u user -p password
Get Status
  1. seaf-cli status -c /etc/seafile/conf.d/fileserver-client
NameStatusProgress
Fotosdownloading6987/8055, 0.0KB/s
Moviesdownloading23/560, 66905.4KB/s
Musicdownloading3428/4387, 0.0KB/s

Seafile with Fail2Ban

Fail2ban scans Seafile's log file /home/seafile/logs/seahub.log and bans IPs that show the malicious signs like too many password failures. After the identification of a malicious sign, Fail2Ban update the firewall rules to reject the IP addresses for a specified amount of time. Fail2Ban is able to reduce the rate of incorrect authentications attempts however it cannot eliminate the risk that weak authentication presents.

On Ubuntu you can install Fan2Ban easily by using apt-get:

  1. sudo apt-get update
  2. sudo apt-get install fail2ban

After that, you need to download the filter for Fail2Ban from Denis Chatenay:

  1. cd /etc/fail2ban/filter.d
  2. sudo wget https://raw.githubusercontent.com/DenisChatenay/seafile-authentication-fail2ban/master/etc/fail2ban/filter.d/seafile-auth.conf

Configure the local jail for Seafile like this:

  1. sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
  2. sudo nano /etc/fail2ban/jail.local
#
############ Seafile, Owncloud etc.
#
[seafile]
enabled  = true
port     = https
filter   = seafile-auth
logpath  = /home/seafile/logs/seahub.log
maxretry = 3

Don't forget to restart or start Fail2Ban with:

sudo service fail2ban restart

After some hours you can test fail2ban with:

  1. sudo fail2ban-client status seafile
Status for the jail: seafile
|- filter
|  |- File list:    /home/seafile/logs/seahub.log 
|  |- Currently failed: 0
|  `- Total failed: 1
`- action
   |- Currently banned: 1
   |  `- IP list: XXX.XXX.XXX.XXX
   `- Total banned: 1

Well, what do you think?

Comments powered by LudwigDisqus for ModX