These are the notes for installing Seafile Pro with Backblaze B2 as the S3-compatible storage backend. This is an installation without elasticsearch. I use the Pro version because that is needed for using S3 as storage backend. The Pro version is free for up to 3 users.
Installing docker
See Docker install
Setup Seafile with docker
First, login to Seafile’s private repository: docker login docker.seadrive.org This will require a username and password which can be seen on the Customer Center download page. (As of August 2024, the username was seafile and the password was zjkmid6rQibdZ=uJMuWS)
-
docker login docker.seadrive.org - Then, make the corresponding seafile docker folder
1cd
2mkdir docker-compose/seafile; cd seafile
3mkdir mysql-data
4mkdir seafile-data
5touch .env
6touch dot-env-template
7wget -O "docker-compose.yml" "https://manual.seafile.com/docker/docker-compose/pro/11.0/docker-compose.yml"
Docker compose file
Edit the docker-compose.yaml so it looks like the following
1services:
2 db:
3 image: mariadb:10.11
4 container_name: seafile-mysql
5 environment:
6 - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} # Required, set the root's password of MySQL service.
7 - MYSQL_LOG_CONSOLE=true
8 - MARIADB_AUTO_UPGRADE=0
9 volumes:
10 - ./mysql-data:/var/lib/mysql # Required, specifies the path to MySQL data persistent store.
11 networks:
12 - seafile-net
13
14 memcached:
15 image: memcached:1.6.18
16 container_name: seafile-memcached
17 entrypoint: memcached -m 256
18 networks:
19 - seafile-net
20
21# elasticsearch:
22# image: elasticsearch:8.13.0
23# container_name: seafile-elasticsearch
24# environment:
25# - discovery.type=single-node
26# - bootstrap.memory_lock=true
27# - "ES_JAVA_OPTS=-Xms2g -Xmx2g"
28# - "xpack.security.enabled=false"
29# ulimits:
30# memlock:
31# soft: -1
32# hard: -1
33# mem_limit: 4g
34# volumes:
35# - /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data # Required, specifies the path to Elasticsearch data persistent store.
36# networks:
37# - seafile-net
38
39 seafile:
40 image: docker.seadrive.org/seafileltd/seafile-pro-mc:11.0-latest
41 container_name: seafile
42# ports:
43# - 100.118.224.21:8080:80
44# - "443:443" # If https is enabled, cancel the comment.
45 volumes:
46 - ./seafile-data:/shared # Required, specifies the path to Seafile data persistent store.
47 environment:
48 - DB_HOST=db
49 - DB_ROOT_PASSWD=${MYSQL_ROOT_PASSWORD} # Required, the value should be root's password of MySQL service.
50 - TIME_ZONE=America/Los_Angeles # Optional, default is UTC. Should be uncomment and set to your local time zone.
51 - SEAFILE_ADMIN_EMAIL=${SEAFILE_ADMIN_EMAIL} # Specifies Seafile admin user, default is '[email protected]'
52 - SEAFILE_ADMIN_PASSWORD=${SEAFILE_ADMIN_PASSWORD} # Specifies Seafile admin password, default is 'asecret'
53 - SEAFILE_SERVER_LETSENCRYPT=false # Whether to use https or not
54 - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME} # Specifies your host name if https is enabled
55 - FORCE_HTTPS_IN_CONF=true
56 depends_on:
57 - db
58 - memcached
59# - elasticsearch
60 networks:
61 - seafile-net
62 - seafile-npm
63
64networks:
65 seafile-net:
66# enable_ipv6: true
67 seafile-npm:
68 enable_ipv6: true
-
docker-compose file spools up three containers: mariadb, memcached, seafile (We will # out the elasticsearch container).
-
These communicate via their internal network
seafile-net -
additionally, the network
seafile-npm is created to enable seafile talk to Nginx Proxy Manager. The npm docker container will be added to this network in npm’s docker-compose file.- Set the option
enable_ipv6: true toseafile-npm if you are on an IPv6-only host.
- Set the option
-
Since npm and seafile will be on the same
seafile_seafile-npm network, npm can directly accessseafile:80. So there is no need to expose seafile’s ports to the host. Therefore, the port mapping parts of the docker-compose file below are commented out. -
The docker-compose file pulls in info from various environment variables. We create a dot-env-template file and a .env file. Both are similar, but the .env file has the actual content whereas the dot-env-template file does not have the sensitive content and can be backed up or committed to a git repository. The .env file will be in .gitignore because it contains sensitive content that is not needed to recreate the docker setup and should not be exposed inadvertently.
-
We don’t use any of seafile’s https features because we manage https termination at/with nginx proxy manager. See subsection on this below. But also see below that we do set the SERVICE_URL to https in the post-install configuration.
-
The
FORCE_HTTPS_IN_CONF=true option is needed because Seafile itself is not being configured with https (due toSEAFILE_SERVER_LETSENCRYPT=false). Rather, we’ll use Nginx Proxy Manager as the reverse proxy and https termination point.
.env file
Create a .env file and a dot-env-template file with the content
MYSQL_ROOT_PASSWORD=
SEAFILE_ADMIN_EMAIL=
SEAFILE_ADMIN_PASSWORD=
SEAFILE_SERVER_HOSTNAME=
Note that there is no space after the = when you add the values in the .env. file. Leave the dot-env-template file empty though.
TIP: In a pinch, can generate random passwords with
head /dev/urandom | tr -dc A-Za-z0-9 | head -c16
Now bring up everything with docker compose up. This will result in the creation of a bunch of files in the folders seafile-data and mysql-data. We need to fiddle with those files. So after the containers have come up, hit CTRL+C to stop the containers and start working on those files.
Configure seafile.conf and seahub_settings.py
sudo editor seafile-data/seafile/conf/seafile.conf. It should look something like the below.
You’ll need to fill in values for the bucket = , host = , key_id = , key = , and aws_region = . For that, log in to your Backblaze B2 account and create three buckets and review their settings. Then create three keys, one for each bucket, and note down the key_id and key for each key.
1[fileserver]
2port = 8082
3
4[database]
5type = mysql
6host = db
7port = 3306
8user = seafile
9password = REDACTED
10db_name = seafile_db
11connection_charset = utf8
12
13[notification]
14enabled = false
15host = 127.0.0.1
16port = 8083
17log_level = info
18jwt_private_key = REDACTED
19
20[commit_object_backend]
21name = s3
22bucket =
23host =
24key_id =
25key =
26# v2 authentication protocol will be used if not set
27use_v4_signature = true
28# required for v4 protocol. ignored for v2 protocol.
29aws_region =
30use_https = true
31
32[fs_object_backend]
33name = s3
34bucket =
35host =
36key_id =
37key =
38use_v4_signature = true
39aws_region =
40use_https = true
41
42[block_backend]
43name = s3
44bucket =
45host =
46key_id =
47key =
48use_v4_signature = true
49aws_region =
50use_https = true
51
52[memcached]
53# Replace `localhost` with the memcached address:port if you're using remote memcached
54# POOL-MIN and POOL-MAX is used to control connection pool size. Usually the default is good enough.
55memcached_options = --SERVER=memcached --POOL-MIN=10 --POOL-MAX=100
Next sudo editor seafile-data/seafile/conf/seahub_settings.py and ensure it has the following (replace the subdomain.example.com with the right URL.
1SERVICE_URL = "https://subdomain.example.com"
2
3TIME_ZONE = 'America/Los_Angeles'
4FILE_SERVER_ROOT = "https://subdomain.example.com/seafhttp"
5CSRF_TRUSTED_ORIGINS = ['https://subdomain.example.com']
6ENABLE_TWO_FACTOR_AUTH = True
7TWO_FACTOR_DEVICE_REMEMBER_DAYS = 30
NPM and SSL / https configuration
Configure reverse proxy to seafile:80 as a new proxy host in NPM. Force SSL. The NPM will be the https termination point. The communication between NPM and seafile:80 will be without https.
Modify Seafile server configurations
The config files are under shared/seafile/conf. You can modify the configurations, if needed, according to Seafile manual
docker exec -it seafile /bin/bash
After modification, you need to restart the container:
docker-compose restart
Troubleshooting
If you need a shell inside the docker container, use the command
docker exec -it seafile /bin/bash
Find logs
The Seafile logs in /opt/seafile/logs inside the docker container and /seafile-data/seafile/logs in the server that run the docker.
The system logs are under shared/logs/var-log in the docker container, or seafile-data/logs/var-log in the server that run the docker.
Post install
-
Log in to seafile using the admin username/pw set in the .env file.
-
In sys admin settings configure
- Change SITE_TITLE and SITE_NAME as needed (Seafile and Sagar’s Seafile)
- Enable 2FA in user settings
- Set Avtar (photo) in user settings
- Change password is user settings. NOTE: I think that changing the user password through the user settings essentially supercedes the admin password environment variable in the .env file i.e. that env variable password is not valid any more.
Upgrade
See Seafile’s docker deployment manual. Note that rather than using the latest tag, we explicitly specify the actual version in our docker-compose.yaml file. So, for example, when upgrading from Seafile-server-9.0.9 to seafile-server-9.0.10 you should
1. Edit the docker-compose.yaml file and replace imag``e: seafileltd/seafile-mc:9.0.9 with image: seafileltd/seafile-mc:9.0.10
2. docker-compose down
3. docker-compose up -d
References
- https://manual.seafile.com/docker/pro-edition/deploy_seafile_pro_with_docker/ <– Seafile Pro docker installation manual
TODO
- Configure Seafile to send email
- Figure out what to backup in the installation and how to do backup and recovery of the seafile application