The open source cloud storage system Seafile could easily serve as your in-house cloud platform. Written with the Python Django framework, Seafile is powerful, includes a user-friendly web front-end, and offers features like:

  • File syncing
  • Strong file encryption
  • Easy collaboration
  • Team Wiki
  • Small footprint server, for high performance
  • AD/LDAP integration
  • Create groups with file syncing, online file editing, and more
  • Create libraries (for separate syncing)
  • Automatic file conflict resolution
  • Share libraries, sub-directories, links, files, and more

In this guide, we will show you how to install Seafile on Ubuntu 18.04 to sync and share files. We will also secure this installation with NGINX HTTP Security Headers and install a Let’s Encrypt SSL certificate on top of it all with automatic renewal.


In order to install Seafile you will need to ensure your server has either Ubuntu 16.04 or Ubuntu 18.04 minimal installed with a minimum 2GB of RAM and you have root user access. The Seafile installer is designed to be run on a fresh installation only and should never be run on a production server, otherwise, you could lose valuable data!


Install Seafile CE Ubuntu 18.04

Firstly, before installing Seafile you’ll need to ensure that your Ubuntu 18.04 system is up to date. You can check for any system or software updates and install them using the following commands:

apt-get update
apt-get upgrade

Before we start we will need to ensure that the Seafile script will install the latest stable version of MariaDB (at time of writing v10.4). To change the version we will need to add the MariaDB 10.4 repository and import the relevant signing keys using the following commands:

sudo apt-get install software-properties-common
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/ubuntu bionic main'

If you preferred you can create a custom MariaDB repository sources.list file. First, you will need to import the signing keys using the following commands:

sudo apt-get install software-properties-common
sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'

After importing the signing key as outlined above, you will need to create the MariaDB repository sources.list file using your preferred editor. In our example we use the nano text editor:

nano /etc/apt/sources.list.d/MariaDB.list

Once you have opened the file you will need to copy and paste the following MariaDB repository information before saving the file:

# MariaDB 10.4 repository list
# http://downloads.mariadb.org/mariadb/repositories/
deb [arch=amd64,arm64,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/ubuntu bionic main
deb-src http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/ubuntu bionic main

Now we can download and execute the Seafile installation script using the wget command and bash:

cd /root
wget --no-check-certificate https://raw.githubusercontent.com/haiwen/seafile-server-installer/master/seafile-7.1_ubuntu
bash seafile-7.1_ubuntu 7.1.0

After running the installation script, you’ll need to select option 1 to install Community Edition (CE). Once you have selected the CE edition you will need to wait for the installation to finish:

  This script installs the community edition of the Seafile Server on a Ubuntu 18.04 (Bionic) 64bit
  - Newest Seafile server version, MariaDB, Memcached, NGINX -
   -----------------------------------------------------------------
  
  This installer is meant to run on a freshly installed machine
  only. If you run it on a production server things can and
  probably will go terribly wrong and you will lose valuable
  data!

  For questions or suggestions please contact us at
  [email protected]

  -----------------------------------------------------------------
  
  Possible options:
  1 = Seafile Community (Free) Edition (CE)
  2 = Seafile Professional Edition (PRO)

1) CE
2) PRO
3) ABORT
Which Seafile version would you like to install? 1

Once the installation script has finished you will see the following message that contains your server address with your admin username and password:

  Your Seafile server is installed
  -----------------------------------------------------------------
  
  Server Address:      http://IP_ADDRESS_OR_DOMAIN
  
  Seafile Admin:       SEAFILE_ADMIN_EMAIL
  Admin Password:      SEAFILE_ADMIN_PASSWORD
  
  Seafile Data Dir:    /opt/seafile/seafile-data
  
  Seafile DB Credentials:  Check /opt/seafile.my.cnf
  Root DB Credentials:     Check /root/.my.cnf
  
  Switch to Seafile system account with: su - seafile -s /bin/bash
  
  This report is also saved to /opt/seafile/aio_seafile-server.log
  
  Next you should manually complete the following steps
  -----------------------------------------------------------------
  
  1) Log in to Seafile and configure your server domain via the system
     admin area if applicable.
  
  2) If this server is behind a firewall, you need to ensure that
     tcp port 80 is open.
  
  3) Seahub tries to send emails via the local server. Install and
     configure Postfix for this to work or
     check https://manual.seafile.com/config/sending_email.html
     for instructions on how to use an existing email account via SMTP.
  
  Optional steps
  -----------------------------------------------------------------
  
  1) Check seahub_settings.py and customize it to fit your needs. Consult
     http://manual.seafile.com/config/seahub_settings_py.html for possible switches.
  
  2) Setup NGINX with official SSL certificate, we suggest you use Let’s Encrypt. Check
     https://manual.seafile.com/deploy/https_with_nginx.html
  
  3) Secure server with iptables based firewall. For instance: UFW or shorewall
  
  4) Harden system with port knocking, fail2ban, etc.
  
  5) Enable unattended installation of security updates. Check
     https://wiki.Ubuntu.org/UnattendedUpgrades for details.
  
  6) Implement a backup routine for your Seafile server.
  
  7) Update NGINX worker processes to reflect the number of CPU cores.
  Seafile support options
  
  -----------------------------------------------------------------
  
  For free community support visit:   https://bbs.seafile.com
  For paid commercial support visit:  https://seafile.com

That’s it. You have now successfully upgrade MariaDB to version 10.4 and installed Seafile on Ubuntu 18.04 using the official auto-installer script.

Securing Seafile

To add the Nginx HTTP Security Headers we will need to edit the seafile.conf file in the nginx folder using your preferred editor. In our example we use the nano text editor:

nano /etc/nginx/conf.d/seafile.conf

Once the seafile.conf has opened find the server block, which will start with your server_name and add the following headers below this:

server {
    server_name hostname.domain.com;
    add_header        X-XSS-Protection "1; mode=block" always;
    add_header        X-Content-Type-Options "nosniff" always;
    add_header        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;" always;
    add_header        X-Frame-Options "SAMEORIGIN" always;
    add_header        Referrer-Policy same-origin always;
    add_header        X-Permitted-Cross-Domain-Policies master-only;

Once complete, save your changes and reload Nginx with the following command:

nginx -s reload

That’s it for for the NGINX HTTP Security Headers. Now we will move onto grabbing an SSL certificate from Let’s Encrypt and enable automatic renewals.

Let’s Encrypt SSL

First you’ll need to add the Certbot PPA to your list of repositories and install Certbot using the following commands:

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-nginx

Next we will need to request an SSL certificate and edit the NGINX configuration automatically to serve the SSL certificate you obtain, this will enable HTTPS access all with one command:

sudo certbot --nginx

After certbot works it’s magic, you will now now have your front-end serving with HTTPS. To test the automatic renewal of your SSL certificates, run the the following command:

sudo certbot renew --dry-run

With all of the above done, you have successfully install Seafile alongside MariaDB and NGINX with SSL certificates!

Access Seafile

To access the Seafile web dashboard, open your web browser and type in your server IP address or FQDN. You will now see the Log In page as shown in the screenshot below, simply enter the Seafile Admin and Admin Password you set during initial setup.

Tagged in:

, , ,

About the Author

Pauraic Morrissey

Born and bred Irishman with a slight obsession with everything IT.

View All Articles