Install Seafile with NGINX on Ubuntu 16.04
Traducciones al EspañolEstamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
DeprecatedThis guide has been deprecated and is no longer being maintained.
Seafile is a cross-platform file hosting tool with server applications for Linux and Windows, and GUI clients for Android, iOS, Linux, OS X and Windows. It supports file versioning and snapshots, two-factor authentication, WebDAV, and can be paired with NGINX or Apache to enable connections over HTTPS.
Seafile has two editions: a free and open source Community Edition and a paid Professional edition. While the Pro edition is free for up to 3 users, this guide will use Seafile Community Edition with NGINX serving an HTTPS connection, and MySQL on the backend. This application stack could also benefit from large amounts of disk space, so consider using our Block Storage service with this setup.

 

Prepare Ubuntu
sudo. If you’re not familiar with the sudo command, see the
Linux Users and Groups guide.- Update the system: - apt update && apt upgrade
- Create a standard user account with root privileges. As an example, we’ll call the user sfadmin: - adduser sfadmin adduser sfadmin sudo
- Log out of your Linode’s root user account and back in as sfadmin: - exit ssh sfadmin@<your_linode's_ip>
- You should now be logged into your Linode as sfadmin. Use our Setting Up and Securing a Compute Instance guide to harden SSH access. 
- Set up UFW rules. UFW is Ubuntu’s iptables controller which makes setting up firewall rules a little easier. For more info on UFW, see our guide Configure a Firewall with UFW. Set the allow rules for SSH and HTTP(S) access with: - sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw enable- Then check the status of your rules and list them numerically: - sudo ufw status numbered- The output should be: - Status: active To Action From -- ------ ---- [ 1] 22 ALLOW IN Anywhere [ 2] 80 ALLOW IN Anywhere [ 3] 443 ALLOW IN Anywhere [ 4] 22 (v6) ALLOW IN Anywhere (v6) [ 5] 80 (v6) ALLOW IN Anywhere (v6) [ 6] 443 (v6) ALLOW IN Anywhere (v6)- Note If you don’t want UFW allowing SSH on port 22 for both IPv4 and IPv6, you can delete it. For example, you can delete the rule to allow SSH over IPv6 with- sudo ufw delete 4.
- Set the Linode’s hostname. We’ll call it seafile as an example: - sudo hostnamectl set-hostname seafile
- Add the new hostname to - /etc/hosts. The second line in the file should look like this:- File: /etc/hosts
- 127.0.1.1 members.linode.com seafile
 
- On first boot, your Linode’s timezone will be set to UTC. Changing this is optional, but if you wish, use: - sudo dpkg-reconfigure tzdata
Install and Configure MySQL
- During Installation, you will be asked to assign a password for the root mysql user. Be sure to install the package - mysql-server-5.7, not- mysql-server. This is because an upstream issue causes problems starting the MySQL service if you install by using the- mysql-serverpackage.- sudo apt install mysql-server-5.7
- Run the mysql_secure_installation script: - sudo mysql_secure_installation- For more info on MySQL, see our guide: Install MySQL on Ubuntu 
Create a TLS Certificate for use with NGINX
If you don’t already have an SSL/TLS certificate, you can create one. This certificate will be self-signed, and will cause web browsers to protest about a non-private connection. You should verify the SHA256 fingerprint of the certificate in the browser versus that on the server, and add a permanent exception to the browser to trust this certificate.
- Change to the location where we’ll store the certificate files and create server’s certificate with key: - cd /etc/ssl sudo openssl genrsa -out privkey.pem 4096 sudo openssl req -new -x509 -key privkey.pem -out cacert.pem
Install and Configure NGINX
- Install NGINX from Ubuntu’s repository: - sudo apt install nginx
- Create the site configuration file. The only line you need to change below is - server_name. For more HTTPS configuration options, see our guide on TLS Best Practices with NGINX.- File: /etc/nginx/sites-available/seafile.conf
- 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60- server{ listen 80; server_name example.com; rewrite ^ https://$http_host$request_uri? permanent; proxy_set_header X-Forwarded-For $remote_addr; } server { listen 443 ssl http2; ssl on; ssl_certificate /etc/ssl/cacert.pem; ssl_certificate_key /etc/ssl/privkey.pem; server_name example.com; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options DENY; ssl_session_cache shared:SSL:10m; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH !RC4"; ssl_prefer_server_ciphers on; fastcgi_param HTTPS on; fastcgi_param HTTP_SCHEME https; location / { fastcgi_pass 127.0.0.1:8000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param REMOTE_ADDR $remote_addr; access_log /var/log/nginx/seahub.access.log; error_log /var/log/nginx/seahub.error.log; fastcgi_read_timeout 36000; client_max_body_size 0; } location /seafhttp { rewrite ^/seafhttp(.*)$ $1 break; proxy_pass http://127.0.0.1:8082; client_max_body_size 0; proxy_connect_timeout 36000s; proxy_read_timeout 36000s; proxy_send_timeout 36000s; send_timeout 36000s; proxy_request_buffering off; } location /media { root /home/sfadmin/sfroot/seafile-server-latest/seahub; } }
 
- Disable the default site configuration and enable the one you just created: - sudo rm /etc/nginx/sites-enabled/default sudo ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf
- Run the NGINX configuration test and restart the web server. If the test fails, it will give you a brief description of what’s wrong so you can troubleshoot the problem. - sudo nginx -t sudo systemctl restart nginx
Configure and Install Seafile
- The Seafile manual advises to use a particular directory structure to ease upgrades. We’ll do the same here, but instead of using the example - haiwendirectory found in the Seafile manual, we’ll create a directory called- sfrootin the- sfadminhome folder.- mkdir ~/sfroot && cd ~/sfroot
- Download the Seafile CE 64 bit Linux server. You’ll need to get the exact link from seafile.com. Once you have the URL, use - wgetto download it to ~/sfadmin/sfroot.- wget <link>
- Extract the tarball and move it when finished: - tar -xzvf seafile-server*.tar.gz mkdir installed && mv seafile-server*.tar.gz installed
- Install dependency packages for Seafile: - sudo apt install python2.7 libpython2.7 python-setuptools python-imaging python-ldap python-mysqldb python-memcache python-urllib3
- Run the installation script: - cd seafile-server-* && ./setup-seafile-mysql.sh- You’ll be prompted to answer several questions and choose settings during the installation process. For those that recommend a default, use that. 
- Start the server. - ./seafile.sh start ./seahub.sh start-fastcgi- The - seahub.shscript will set up an admin user account used to log into Seafile. You’ll be asked for a login email and to create a password.    
- Seafile should now be accessible from a web browser using both your Linode’s IP address or the - server_nameyou set earlier in NGINX’s- seafile.conffile. Nginx will redirect to HTTPS and as mentioned earlier, your browser will warn of an HTTPS connection which is not private due to the self-signed certificate you created. Once you tell the browser to proceed to the site anyway, you’ll see the Seafile login.    
Automatically Start Seafile on Sever Bootup
The seafile.sh and seahub.sh scripts don’t automatically run if your Linode were to reboot.
- Create the systemd unit files: - File: /etc/systemd/system/seafile.service
- 1 2 3 4 5 6 7 8 9 10 11 12 13 14- [Unit] Description=Seafile Server After=network.target mysql.service [Service] Type=oneshot ExecStart=/home/sfadmin/sfroot/seafile-server-latest/seafile.sh start ExecStop=/home/sfadmin/sfroot/seafile-server-latest/seafile.sh stop RemainAfterExit=yes User=sfadmin Group=sfadmin [Install] WantedBy=multi-user.target
 - File: /etc/systemd/system/seahub.service
- 1 2 3 4 5 6 7 8 9 10 11 12 13 14- [Unit] Description=Seafile Hub After=network.target seafile.service [Service] Type=oneshot ExecStart=/home/sfadmin/sfroot/seafile-server-latest/seahub.sh start-fastcgi ExecStop=/home/sfadmin/sfroot/seafile-server-latest/seahub.sh stop RemainAfterExit=yes User=sfadmin Group=sfadmin [Install] WantedBy=multi-user.target
 
- Then enable the services: - sudo systemctl enable seafile sudo systemctl enable seahub- You can verify they’ve started successfully with: - sudo systemctl status seafile sudo systemctl status seahub
- Confirm the startup scripts are working by rebooting your Linode. After bootup, both the Seafile and Seahub services should be active when running the status commands in the previous step. You should also still be able to access Seafile with a web browser. 
Updating Seafile
There are various ways to update Seafile depending on if you are upgrading from one milestone to another (version 5 to 6), or upgrading between point releases (5.1.0 to 5.1.1). See the Seafile Manual for upgrade instructions that best suit your needs.
More Information
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
This page was originally published on


