Christian WellsSeafile is a powerful open-source self-hosted cloud storage solution that allows users to securely store, sync, and share files across multiple devices. By hosting Seafile on your own server, you have full control over your data and can ensure its privacy and security. In this comprehensive guide, we will walk you through the step-by-step process of installing Seafile on an Ubuntu 22.04 server, configuring Nginx as a reverse proxy, and setting up SSL encryption for secure connections.
Prerequisites
Before we begin, let’s make sure we have everything we need:
- A server running Ubuntu 22.04 with at least 2 CPU cores and 2GB of RAM.
- A non-root user with sudo privileges.
- A fully qualified domain name (FQDN) for your Seafile installation, like seafile.example.com.
Make sure your system is up to date by running the following commands:
sudo apt update sudo apt upgrade
Next, install the necessary packages:
sudo apt install wget curl nano software-properties-common dirmngr apt-transport-https gnupg2 ca-certificates lsb-release ubuntu-keyring unzip -y
Step 1 – Configure Firewall
To secure your server, we will configure the firewall to allow incoming connections only on the necessary ports. By default, Ubuntu comes with ufw (Uncomplicated Firewall) installed.
Check the status of the firewall:
sudo ufw status
If the firewall is inactive, enable it:
sudo ufw enable
Allow SSH, HTTP, and HTTPS traffic:
sudo ufw allow OpenSSH sudo ufw allow http sudo ufw allow https
Verify the firewall rules:
sudo ufw status
Step 2 – Installing Seafile Dependencies
Seafile is built on the Python Django framework, so we need to install its dependencies and required Python packages.
Install Python tools, Pip package manager, SQL libraries, and Memcached:
sudo apt install -y python3 python3-setuptools python3-pip libmysqlclient-dev memcached libmemcached-dev
Install Python dependencies:
sudo pip3 install --timeout=3600 django==3.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==9.3.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==1.4.3 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml
Step 3 – Install MySQL
Seafile requires a database to store its data. We will be using MySQL as the database server.
Install MySQL:
sudo apt install -y mysql-server
Check the version of MySQL:
mysql --version
Step 4 – Configure MySQL
Now, let’s configure MySQL by setting a password for the root user and securing the installation.
Enter the MySQL shell:
sudo mysql
Set the password for the root user. Make sure to choose a strong password that includes a mix of numbers, uppercase and lowercase letters, and special characters:
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'YourPassword12!';
Exit the MySQL shell:
exit
Run the MySQL secure install script:
sudo mysql_secure_installation
During the script, you will be prompted to configure several security options. Follow the prompts and choose the appropriate options for your setup.
Step 5 – Create a Seafile Directory and User
Next, we need to create a directory to store Seafile’s program files and create a dedicated user for Seafile.
Create the directory:
sudo mkdir /opt/seafile
Create the user:
sudo adduser --home /opt/seafile --shell/bin/bash seafile
Change the ownership of the directory to the new user:
sudo chown -R seafile: /opt/seafile
Step 6 – Download and Install Seafile
Now, let’s download and install Seafile.
Switch to the Seafile user:
su seafile
Visit the Seafile download page and grab the download link for the latest version. Replace the <download-link> in the command below with the actual download link:
wget<download-link>
Extract the archive:
tar xf seafile-server_*_x86-64.tar.gz
Switch to the Seafile directory:
cd seafile-server-*
Run the Seafile installation script:
./setup-seafile-mysql.sh
The installer script will guide you through the installation process. Provide the requested information, such as the server name, domain, and database details. Use the default values unless you have specific requirements.
Once the installation is complete, you will see a success message.
Step 7 – Start Seafile Server
Now, let’s start the Seafile server.
Switch to the Seafile installation directory:
cd /opt/seafile/seafile-server-latest/
Start the Seafile server:
./seafile.sh start
Verify that the server has started successfully.
Start the Seahub server:
./seahub.sh start
The first time you start Seahub, you will be prompted to create an admin account. Provide the requested information, such as the admin email and password.
Step 8 – Configure Seafile
We need to make a few configuration changes to Seafile.
Open the seafile.conf file for editing:
nano /opt/seafile/conf/seafile.conf
Add the following line under the [fileserver] section:
host = 127.0.0.1
Save the file and exit the editor.
Open the seahub_settings.py file for editing:
nano /opt/seafile/conf/seahub_settings.py
Modify the SERVICE_URL to reflect the HTTPS protocol:
SERVICE_URL = "https://seafile.example.com/"
Add the following line below it:
FILE_SERVER_ROOT = "https://seafile.example.com/seafhttp"
Add the following code at the end of the file:
CACHES = { 'default': { 'BACKEND': 'django_pylibmc.memcached.PyLibMCCache', 'LOCATION': '127.0.0.1:11211', }, }
Save the file and exit the editor.
Exit the Seafile user shell:
exit
Step 9 – Create Systemd Service
To ensure that Seafile starts automatically at boot and can withstand reboots, we will create Systemd service unit files.
Create and open the seafile.service file:
sudo nano /etc/systemd/system/seafile.service
Paste the following code into the file:
[Unit] Description=Seafile After=network.target mysql.service [Service] Type=forking ExecStart=/opt/seafile/seafile-server-latest/seafile.sh start ExecStop=/opt/seafile/seafile-server-latest/seafile.sh stop LimitNOFILE=infinity User=seafile Group=seafile [Install] WantedBy=multi-user.target
Save the file and exit the editor.
Create and open the seahub.service file:
sudo nano /etc/systemd/system/seahub.service
Paste the following code into the file:
[Unit] Description=Seafile hub After=network.target seafile.service [Service] Type=forking ExecStart=/opt/seafile/seafile-server-latest/seahub.sh start ExecStop=/opt/seafile/seafile-server-latest/seahub.sh stop User=seafile Group=seafile [Install] WantedBy=multi-user.target
Save the file and exit the editor.
Reload the Systemctl daemon:
sudo systemctl daemon-reload
Enable and start the Seafile and Seahub services:
sudo systemctl enable --now seafile sudo systemctl enable --now seahub
Check the status of both services to ensure they are running:
sudo systemctl status seafile sudo systemctl status seahub
Step 10 – Install Nginx
We will use Nginx as a reverse proxy server for Seafile.
Import Nginx’s signing key:
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
Add the Nginx repository:
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg arch=amd64] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
Update the system repositories:
sudo apt update
Install Nginx:
sudo apt install nginx
Verify the installation:
nginx -v
Start the Nginx server:
sudo systemctl start nginx
Step 11 – Install SSL
To secure our Seafile installation, we will use Let’s Encrypt to generate SSL certificates.
Install Certbot:
sudo snap install core && sudo snap refresh core sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot
Generate an SSL certificate:
sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http-m admin@example.com -d seafile.example.com
Generate a Diffie-Hellman group certificate:
sudo openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem.4096
Check the Certbot renewal scheduler service:
sudo systemctl list-timers
Perform a dry run of the renewal process to ensure it works:
sudo certbot renew --dry-run
If there are no errors, the SSL certificate will be renewed automatically.
Step 12 – Configure Nginx
Finally, let’s configure Nginx to proxy requests to the Seafile server and handle SSL connections.
Create and open the seafile.conf file:
sudo nano /etc/nginx/conf.d/seafile.conf
Paste the following configuration into the file:
log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';
server {
listen 80;
listen [::]:80;
server_name seafile.example.com;
rewrite ^ https://$http_host$request_uri? permanent; # Forced redirect from HTTP to HTTPS
server_tokens off; # Prevents the Nginx version from being displayed in the HTTP response header
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/seafile.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seafile.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/seafile.example.com/chain.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:MozSSL:10m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
resolver 8.8.8.8;
server_name seafile.example.com;
server_tokens off;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
proxy_set_header X-Forwarded-Proto https;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
# Uncomment the following line if you want to support uploads > 4GB
# proxy_request_buffering off;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /media {
root /opt/seafile/seafile-server-latest/seahub;
}
}Save the file and exit the editor.
Open the nginx.conf file for editing:
sudo nano /etc/nginx/nginx.conf
Add the following line before the line include /etc/nginx/conf.d/*.conf;:
server_names_hash_bucket_size 64;
Save the file and exit the editor.
Verify the Nginx configuration file syntax:
sudo nginx -t
If there are no syntax errors, restart the Nginx service:
sudo systemctl restart nginx
Step 13 – Access Seafile
You can now access your Seafile installation by visiting your domain in a web browser:
https://seafile.example.com
You will be presented with the Seafile login screen. Enter the admin email and password you set during the installation process.
Once logged in, you can start uploading and managing files in Seafile. You can also access the administration panel to configure various settings and manage users.
Congratulations! You have successfully set up Seafile self-hosted cloud storage with Nginx on your Ubuntu 22.04 server. Enjoy the benefits of secure and scalable cloud storage for your organization.
Conclusion
In this tutorial, we walked you through the step-by-step process of installing Seafile self-hosted cloud storage on an Ubuntu 22.04 server. We covered the installation of Seafile, configuration of Nginx as a reverse proxy, and the setup of SSL encryption for secure connections. By following this guide, you have empowered your organization with a reliable and secure cloud storage solution.
If you need further assistance or want to explore more cloud hosting options, check out Shape.host. Shape.host offers Linux SSD VPS solutions tailored to meet your organization’s specific requirements. Experience the power and efficiency of cloud hosting with Shape.host.
