Install Seafile with NGINX on Ubuntu 16.04
Traducciones al EspañolEstamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Seafile is a cross-platform file hosting tool with server applications for Linux and Windows, and GUI clients for Android, iOS, Linux, OS X and Windows. It supports file versioning and snapshots, two-factor authentication, WebDAV, and can be paired with NGINX or Apache to enable connections over HTTPS.
Seafile has two editions: a free and open source Community Edition and a paid Professional edition. While the Pro edition is free for up to 3 users, this guide will use Seafile Community Edition with NGINX serving an HTTPS connection, and MySQL on the backend. This application stack could also benefit from large amounts of disk space, so consider using our Block Storage service with this setup.
Prepare Ubuntu
NoteThis guide is written for a non-root user. Commands that require elevated privileges are prefixed withsudo
. If you’re not familiar with thesudo
command, see the Linux Users and Groups guide.
Update the system:
apt update && apt upgrade
Create a standard user account with root privileges. As an example, we’ll call the user sfadmin:
adduser sfadmin adduser sfadmin sudo
Log out of your Linode’s root user account and back in as sfadmin:
exit ssh sfadmin@<your_linode's_ip>
You should now be logged into your Linode as sfadmin. Use our Setting Up and Securing a Compute Instance guide to harden SSH access.
Set up UFW rules. UFW is Ubuntu’s iptables controller which makes setting up firewall rules a little easier. For more info on UFW, see our guide Configure a Firewall with UFW. Set the allow rules for SSH and HTTP(S) access with:
sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw enable
Then check the status of your rules and list them numerically:
sudo ufw status numbered
The output should be:
Status: active To Action From -- ------ ---- [ 1] 22 ALLOW IN Anywhere [ 2] 80 ALLOW IN Anywhere [ 3] 443 ALLOW IN Anywhere [ 4] 22 (v6) ALLOW IN Anywhere (v6) [ 5] 80 (v6) ALLOW IN Anywhere (v6) [ 6] 443 (v6) ALLOW IN Anywhere (v6)
Note
If you don’t want UFW allowing SSH on port 22 for both IPv4 and IPv6, you can delete it. For example, you can delete the rule to allow SSH over IPv6 withsudo ufw delete 4
.Set the Linode’s hostname. We’ll call it seafile as an example:
sudo hostnamectl set-hostname seafile
Add the new hostname to
/etc/hosts
. The second line in the file should look like this:- File: /etc/hosts
127.0.1.1 members.linode.com seafile
On first boot, your Linode’s timezone will be set to UTC. Changing this is optional, but if you wish, use:
sudo dpkg-reconfigure tzdata
Install and Configure MySQL
During Installation, you will be asked to assign a password for the root mysql user. Be sure to install the package
mysql-server-5.7
, notmysql-server
. This is because an upstream issue causes problems starting the MySQL service if you install by using themysql-server
package.sudo apt install mysql-server-5.7
Run the mysql_secure_installation script:
sudo mysql_secure_installation
For more info on MySQL, see our guide: Install MySQL on Ubuntu
Create a TLS Certificate for use with NGINX
If you don’t already have an SSL/TLS certificate, you can create one. This certificate will be self-signed, and will cause web browsers to protest about a non-private connection. You should verify the SHA256 fingerprint of the certificate in the browser versus that on the server, and add a permanent exception to the browser to trust this certificate.
Change to the location where we’ll store the certificate files and create server’s certificate with key:
cd /etc/ssl sudo openssl genrsa -out privkey.pem 4096 sudo openssl req -new -x509 -key privkey.pem -out cacert.pem
Install and Configure NGINX
Install NGINX from Ubuntu’s repository:
sudo apt install nginx
Create the site configuration file. The only line you need to change below is
server_name
. For more HTTPS configuration options, see our guide on TLS Best Practices with NGINX.- File: /etc/nginx/sites-available/seafile.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
server{ listen 80; server_name example.com; rewrite ^ https://$http_host$request_uri? permanent; proxy_set_header X-Forwarded-For $remote_addr; } server { listen 443 ssl http2; ssl on; ssl_certificate /etc/ssl/cacert.pem; ssl_certificate_key /etc/ssl/privkey.pem; server_name example.com; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options DENY; ssl_session_cache shared:SSL:10m; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH !RC4"; ssl_prefer_server_ciphers on; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; location / { fastcgi_pass 127.0.0.1:8000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param REMOTE_ADDR $remote_addr; access_log /var/log/nginx/seahub.access.log; error_log /var/log/nginx/seahub.error.log; fastcgi_read_timeout 36000; client_max_body_size 0; } location /seafhttp { rewrite ^/seafhttp(.*)$ $1 break; proxy_pass http://127.0.0.1:8082; client_max_body_size 0; proxy_connect_timeout 36000s; proxy_read_timeout 36000s; proxy_send_timeout 36000s; send_timeout 36000s; proxy_request_buffering off; } location /media { root /home/sfadmin/sfroot/seafile-server-latest/seahub; } }
Disable the default site configuration and enable the one you just created:
sudo rm /etc/nginx/sites-enabled/default sudo ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf
Run the NGINX configuration test and restart the web server. If the test fails, it will give you a brief description of what’s wrong so you can troubleshoot the problem.
sudo nginx -t sudo systemctl restart nginx
Configure and Install Seafile
The Seafile manual advises to use a particular directory structure to ease upgrades. We’ll do the same here, but instead of using the example
haiwen
directory found in the Seafile manual, we’ll create a directory calledsfroot
in thesfadmin
home folder.mkdir ~/sfroot && cd ~/sfroot
Download the Seafile CE 64 bit Linux server. You’ll need to get the exact link from seafile.com. Once you have the URL, use
wget
to download it to ~/sfadmin/sfroot.wget <link>
Extract the tarball and move it when finished:
tar -xzvf seafile-server*.tar.gz mkdir installed && mv seafile-server*.tar.gz installed
Install dependency packages for Seafile:
sudo apt install python2.7 libpython2.7 python-setuptools python-imaging python-ldap python-mysqldb python-memcache python-urllib3
Run the installation script:
cd seafile-server-* && ./setup-seafile-mysql.sh
You’ll be prompted to answer several questions and choose settings during the installation process. For those that recommend a default, use that.
Start the server.
./seafile.sh start ./seahub.sh start-fastcgi
The
seahub.sh
script will set up an admin user account used to log into Seafile. You’ll be asked for a login email and to create a password.Seafile should now be accessible from a web browser using both your Linode’s IP address or the
server_name
you set earlier in NGINX’sseafile.conf
file. Nginx will redirect to HTTPS and as mentioned earlier, your browser will warn of an HTTPS connection which is not private due to the self-signed certificate you created. Once you tell the browser to proceed to the site anyway, you’ll see the Seafile login.
Automatically Start Seafile on Sever Bootup
The seafile.sh
and seahub.sh
scripts don’t automatically run if your Linode were to reboot.
Create the systemd unit files:
- File: /etc/systemd/system/seafile.service
1 2 3 4 5 6 7 8 9 10 11 12 13 14
[Unit] Description=Seafile Server After=network.target mysql.service [Service] Type=oneshot ExecStart=/home/sfadmin/sfroot/seafile-server-latest/seafile.sh start ExecStop=/home/sfadmin/sfroot/seafile-server-latest/seafile.sh stop RemainAfterExit=yes User=sfadmin Group=sfadmin [Install] WantedBy=multi-user.target
- File: /etc/systemd/system/seahub.service
1 2 3 4 5 6 7 8 9 10 11 12 13 14
[Unit] Description=Seafile Hub After=network.target seafile.service [Service] Type=oneshot ExecStart=/home/sfadmin/sfroot/seafile-server-latest/seahub.sh start-fastcgi ExecStop=/home/sfadmin/sfroot/seafile-server-latest/seahub.sh stop RemainAfterExit=yes User=sfadmin Group=sfadmin [Install] WantedBy=multi-user.target
Then enable the services:
sudo systemctl enable seafile sudo systemctl enable seahub
You can verify they’ve started successfully with:
sudo systemctl status seafile sudo systemctl status seahub
Confirm the startup scripts are working by rebooting your Linode. After bootup, both the Seafile and Seahub services should be active when running the status commands in the previous step. You should also still be able to access Seafile with a web browser.
Updating Seafile
There are various ways to update Seafile depending on if you are upgrading from one milestone to another (version 5 to 6), or upgrading between point releases (5.1.0 to 5.1.1). See the Seafile Manual for upgrade instructions that best suit your needs.
More Information
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This page was originally published on