public/seafile-admin-docs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use github pages

Browse source
This commit is contained in:
王健辉 2020-12-01 10:33:47 +08:00
parent c963564878
commit c865a6c0e4
202 changed files with 23729 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

16
.github/workflows/deploy.yml vendored Normal file
View file

@ -0,0 +1,16 @@
name: Deploy CI
on:
[pull_request, push]
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/setup-python@v2
with:
python-version: 3.x
- run: pip install mkdocs-material mkdocs-awesome-pages-plugin mkdocs-material-extensions
- run: cd $GITHUB_WORKSPACE
- run: mkdocs gh-deploy --force

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
*~

13
LICENSE.txt Normal file
View file

@ -0,0 +1,13 @@
Copyright (c) 2016 Seafile Ltd.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

6
README.md
View file

@ -1 +1,5 @@
# seafile-admin-docs
# Seafile Admin Docs
Manual for Seafile server
The web site: https://haiwen.github.io/seafile-admin-docs/

22
manual/README.md Normal file
View file

@ -0,0 +1,22 @@
# Introduction
Seafile is an open source cloud storage system with file encryption and group sharing.
Collections of files are called libraries, and each library can be synced separately. A library can be encrypted with a user chosen password. This password is not stored on the server, so even the server admin cannot view a file's contents.
Seafile allows users to create groups with file syncing, a wiki and discussions to enable easy collaboration around documents within a team.
## LICENSE
The different components of Seafile project are released under different licenses:
* Seafile iOS client: Apache License v2
* Seafile Android client: GPLv3
* Desktop syncing client: GPLv2
* Seafile Server core: AGPLv3
* Seahub (Seafile server Web UI): Apache License v2
## Contact information
* Twitter: @seafile <https://twitter.com/seafile>
* Forum: <https://forum.seafile.com>

12
manual/build_seafile/README.md Normal file
View file

@ -0,0 +1,12 @@
# How to Build Seafile
You can build Seafile from our source code package or from the Github repo directly.
Client
* [Linux](linux.md)
* [Max OS X](osx.md)
Server
* [Build Seafile server](server.md)

156
manual/build_seafile/freebsd.md Normal file
View file

@ -0,0 +1,156 @@
# FreeBSD
#### Preparation
**support for FreeBSD** is still under construction.
The following list is what you need to install on your development machine. **You should install all of them before you build seafile**.
Package names are according to FreeBSD Ports. You might install your ports
manually or via `pkgng`.
* devel/autoconf
* devel/automake
* textproc/intltool
* textproc/gsed
* devel/libtool
* devel/libevent2
* ftp/curl
* devel/glib20
* misc/ossp-uuid
* databases/sqlite3
* devel/jansson
* lang/vala
* devel/cmake
* archivers/libarchive
* devel/py-simplejson (removed in furture release)
GUI
* devel/qt4
```bash
#portmaster devel/autoconf devel/automake textproc/intltool textproc/gsed \
devel/libtool devel/libevent2 ftp/curl devel/glib20 misc/ossp-uuid databases/sqlite3 \
devel/jansson lang/vala devel/cmake devel/py-simplejson archivers/libarchive
```
For a fresh PkgNG users,
```bash
#pkg install autoconf automake intltool gsed libtool libevent2 curl \
glib20 ossp-uuid sqlite3 jansson vala cmake py-simplejson libarchive
```
#### Building
First you should get the latest source of libsearpc/ccnet/seafile/seafile-client:
Download the source tarball of the latest tag from
* <https://github.com/haiwen/libsearpc/tags> (use v3.0-latest)
* <https://github.com/haiwen/ccnet/tags>
* <https://github.com/haiwen/seafile/tags>
* <https://github.com/haiwen/seafile-client/tags>
For example, if the latest released seafile client is 3.1.0, then just use the **v3.1.0** tags of the four projects. You should get four tarballs:
* libsearpc-v3.0-latest.tar.gz
* ccnet-3.1.0.tar.gz
* seafile-3.1.0.tar.gz
* seafile-client-3.1.0.tar.gz
```sh
export version=3.1.0
alias wget='wget --content-disposition -nc'
wget https://github.com/haiwen/libsearpc/archive/v3.0-latest.tar.gz
wget https://github.com/haiwen/ccnet/archive/v${version}.tar.gz
wget https://github.com/haiwen/seafile/archive/v${version}.tar.gz
wget https://github.com/haiwen/seafile-client/archive/v${version}.tar.gz
```
Now uncompress them:
```sh
tar xf libsearpc-v3.0-latest.tar.gz
tar xf ccnet-${version}.tar.gz
tar xf seafile-${version}.tar.gz
tar xf seafile-client-${version}.tar.gz
```
To build Seafile client, you need first build **libsearpc** and **ccnet**, **seafile**.
##### set paths
```bash
ln -sfh ../libdata/pkgconfig /usr/local/lib/pkgconfig
```
##### libsearpc
```bash
cd libsearpc-${version}
./autogen.sh
./configure --prefix=$PREFIX
make
sudo make install
```
##### ccnet
```bash
export CFLAGS="-I/usr/local/include/ossp/uuid -I/usr/local/include/event2"
export LDFLAGS="-L/usr/local/lib -L/usr/local/lib/event2"
cd ccnet-${version}
./autogen.sh
./configure --prefix=$PREFIX
make
sudo make install
```
##### seafile
```bash
cd seafile-${version}/
./autogen.sh
./configure --prefix=$PREFIX
make
sudo make install
```
#### seafile-client
```bash
cd seafile-client-${version}
cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=$PREFIX .
make
sudo make install
```
#### custom prefix
when installing to a custom `$PREFIX`, i.e. `/opt`, you may need a script to set the path variables correctly
```bash
cat >$PREFIX/bin/seafile-applet.sh <<END
#!/bin/bash
exec seafile-applet $@
END
cat >$PREFIX/bin/seaf-cli.sh <<END
export PYTHONPATH=/usr/local/lib/python2.7/site-packages
exec seaf-cli $@
END
chmod +x $PREFIX/bin/seafile-applet.sh $PREFIX/bin/seaf-cli.sh
```
you can now start the client with `$PREFIX/bin/seafile-applet.sh`.

164
manual/build_seafile/linux.md Normal file
View file

@ -0,0 +1,164 @@
# Linux
#### Preparation
The following list is what you need to install on your development machine. **You should install all of them before you build Seafile**.
Package names are according to Ubuntu 14.04. For other Linux distros, please find their corresponding names yourself.
* autoconf/automake/libtool
* libevent-dev ( 2.0 or later )
* libcurl4-openssl-dev (1.0.0 or later)
* libgtk2.0-dev ( 2.24 or later)
* uuid-dev
* intltool (0.40 or later)
* libsqlite3-dev (3.7 or later)
* valac (only needed if you build from git repo)
* libjansson-dev
* qtchooser
* qtbase5-dev
* libqt5webkit5-dev
* qttools5-dev
* qttools5-dev-tools
* valac
* cmake
* python-simplejson (for seaf-cli)
* libssl-dev
```bash
sudo apt-get install autoconf automake libtool libevent-dev libcurl4-openssl-dev libgtk2.0-dev uuid-dev intltool libsqlite3-dev valac libjansson-dev cmake qtchooser qtbase5-dev libqt5webkit5-dev qttools5-dev qttools5-dev-tools libssl-dev
```
For a fresh Fedora 20 / 23 installation, the following will install all dependencies via YUM:
```bash
$ sudo yum install wget gcc libevent-devel openssl-devel gtk2-devel libuuid-devel sqlite-devel jansson-devel intltool cmake libtool vala gcc-c++ qt5-qtbase-devel qt5-qttools-devel qt5-qtwebkit-devel libcurl-devel openssl-devel
```
#### Building
First you should get the latest source of libsearpc/ccnet/seafile/seafile-client:
Download the source tarball of the latest tag from
* <https://github.com/haiwen/libsearpc/tags> (use v3.1-latest)
* <https://github.com/haiwen/ccnet/tags> (NOTE: from 6.2 version on, ccnet is no longer needed)
* <https://github.com/haiwen/seafile/tags>
* <https://github.com/haiwen/seafile-client/tags>
For example, if the latest released seafile client is 5.0.7, then just use the **v5.0.7** tags of the four projects. You should get four tarballs:
* libsearpc-v3.0-latest.tar.gz
* ccnet-5.0.7.tar.gz (NOTE: from 6.2 version on, ccnet is no longer needed)
* seafile-5.0.7.tar.gz
* seafile-client-5.0.7.tar.gz
```sh
# without alias wget= might not work
shopt -s expand_aliases
export version=5.0.7
alias wget='wget --content-disposition -nc'
wget https://github.com/haiwen/libsearpc/archive/v3.0-latest.tar.gz
# NOTE: from 6.2 version on, ccnet is no longer needed
wget https://github.com/haiwen/ccnet/archive/v${version}.tar.gz
wget https://github.com/haiwen/seafile/archive/v${version}.tar.gz
wget https://github.com/haiwen/seafile-client/archive/v${version}.tar.gz
```
Now uncompress them:
```sh
tar xf libsearpc-3.0-latest.tar.gz
# NOTE: from 6.2 version on, ccnet is no longer needed
tar xf ccnet-${version}.tar.gz
tar xf seafile-${version}.tar.gz
tar xf seafile-client-${version}.tar.gz
```
To build Seafile client, you need first build **libsearpc** and **ccnet**, **seafile**.
##### set paths
```bash
export PREFIX=/usr
export PKG_CONFIG_PATH="$PREFIX/lib/pkgconfig:$PKG_CONFIG_PATH"
export PATH="$PREFIX/bin:$PATH"
```
##### libsearpc
```bash
cd libsearpc-3.0-latest
./autogen.sh
./configure --prefix=$PREFIX
make
sudo make install
cd ..
```
##### ccnet
NOTE: from 6.2 version on, ccnet is no longer needed
```bash
cd ccnet-${version}
./autogen.sh
./configure --prefix=$PREFIX
make
sudo make install
cd ..
```
##### seafile
```bash
cd seafile-${version}/
./autogen.sh
./configure --prefix=$PREFIX --disable-fuse
make
sudo make install
cd ..
```
#### seafile-client
```bash
cd seafile-client-${version}
cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=$PREFIX .
make
sudo make install
cd ..
```
#### custom prefix
when installing to a custom `$PREFIX`, i.e. `/opt`, you may need a script to set the path variables correctly
```bash
cat >$PREFIX/bin/seafile-applet.sh <<END
#!/bin/bash
export LD_LIBRARY_PATH="$PREFIX/lib:$LD_LIBRARY_PATH"
export PATH="$PREFIX/bin:$PATH"
exec seafile-applet $@
END
cat >$PREFIX/bin/seaf-cli.sh <<END
export LD_LIBRARY_PATH="$PREFIX/lib:$LD_LIBRARY_PATH"
export PATH="$PREFIX/bin:$PATH"
export PYTHONPATH=$PREFIX/lib/python2.7/site-packages
exec seaf-cli $@
END
chmod +x $PREFIX/bin/seafile-applet.sh $PREFIX/bin/seaf-cli.sh
```
you can now start the client with `$PREFIX/bin/seafile-applet.sh`.

110
manual/build_seafile/osx.md Normal file
View file

@ -0,0 +1,110 @@
# Mac OS X
### Install QT 5.6.2:
* Download it from <https://download.qt.io/archive/qt/5.6/5.6.2/qt-opensource-mac-x64-clang-5.6.2.dmg>
* Double click the downloaded dmg file to start the installer, and install it to its default location.
## Install Macports
\###Setup macports environment
1. Install xcode
* Download Xcode from [website](https://developer.apple.com/xcode/downloads/) or
[App Store](http://itunes.apple.com/us/app/xcode/id497799835?ls=1&mt=12)
1. Install macports
* Quick start <https://www.macports.org/install.php>
> visit <https://www.macports.org/> for more
1. Install following libraries and tools using `port`
```
sudo port install autoconf automake pkgconfig libtool glib2 \
libevent vala openssl git jansson cmake
```
2. Install python
```
sudo port install python27
sudo port select --set python python27
sudo port install py27-pip
sudo port select --set pip pip27
```
3. Set pkg config environment
```
export PKG_CONFIG_PATH=/opt/local/lib/pkgconfig:/usr/local/lib/pkgconfig
export LIBTOOL=glibtool
export LIBTOOLIZE=glibtoolize
export CPPFLAGS="-I/opt/local/include"
export LDFLAGS="-L/opt/local/lib -L/usr/local/lib -Wl,-headerpad_max_install_names"
QT_BASE=$HOME/Qt5.6.2/5.6/clang_64
export PATH=$QT_BASE/bin:$PATH
export PKG_CONFIG_PATH=$QT_BASE/lib/pkgconfig:$PKG_CONFIG_PATH
```
## Compiling libsearpc
Download [libsearpc](https://github.com/haiwen/libsearpc), then:
```
./autogen.sh
./configure
make
sudo make install
```
## Compiling ccnet
Download [ccnet](https://github.com/haiwen/ccnet), then:
```
./autogen.sh
./configure
make
sudo make install
```
## Compiling seafile
1. Download [seafile](https://github.com/haiwen/seafile)
2. Compile
```
./autogen.sh
./configure
make
sudo make install
```
## Compiling seafile-client
1. Download [seafile-client](https://github.com/haiwen/seafile-client)
2. Compile
```
cmake .
make
```
3. Run the seafile client executable
```
./seafile-applet
```

259
manual/build_seafile/rpi.md Normal file
View file

@ -0,0 +1,259 @@
# How to Build Seafile Server Release Package for Raspberry Pi
_Table of contents_:
* [Setup the build environment](#wiki-setup-build-env)
* [Install packages](#wiki-install-packages)
* [Compile development libraries](#wiki-compile-dev-libs)
* [Install Python libraries](#wiki-install-python-libs)
* [Prepare source code](#wiki-prepare-seafile-source-code)
* [Fetch git tags and prepare source tarballs](#wiki-fetch-tags-and-prepare-tarballs)
* [Run the packaging script](#wiki-run-pkg-script)
* [Test the built package](#wiki-test-built-pkg)
* [Test a fresh install](#wiki-test-fresh-install)
* [Test upgrading](#wiki-test-upgrading)
## <a id="wiki-setup-build-env"></a>Setup the build environment
Requirements:
* A raspberry pi with raspian distribution installed.
### <a id="wiki-install-packages"></a> Install packages
```
sudo apt-get install build-essential
sudo apt-get install libevent-dev libcurl4-openssl-dev libglib2.0-dev uuid-dev intltool libsqlite3-dev libmysqlclient-dev libarchive-dev libtool libjansson-dev valac libfuse-dev re2c flex python-setuptools cmake
```
### <a id="wiki-compile-dev-libs"></a> Compile development libraries
#### libevhtp
libevhtp is a http server libary on top of libevent. It's used in seafile file server.
```
git clone https://www.github.com/haiwen/libevhtp.git
cd libevhtp
cmake -DEVHTP_DISABLE_SSL=ON -DEVHTP_BUILD_SHARED=OFF .
make
sudo make install
```
After compiling all the libraries, run `ldconfig` to update the system libraries cache:
```
sudo ldconfig
```
### <a id="wiki-install-python-libs"></a> Install python libraries
Create a new directory `/home/pi/dev/seahub_thirdpart`:
```
mkdir -p ~/dev/seahub_thirdpart
```
Download these tarballs to `/tmp/`:
* [pytz](https://pypi.python.org/packages/source/p/pytz/pytz-2016.1.tar.gz)
* [Django](https://www.djangoproject.com/m/releases/1.8/Django-1.8.18.tar.gz)
* [django-statici18n](https://pypi.python.org/packages/source/d/django-statici18n/django-statici18n-1.1.3.tar.gz)
* [djangorestframework](https://pypi.python.org/packages/source/d/djangorestframework/djangorestframework-3.3.2.tar.gz)
* [django_compressor](https://pypi.python.org/packages/source/d/django_compressor/django_compressor-1.4.tar.gz)
* [jsonfield](https://pypi.python.org/packages/source/j/jsonfield/jsonfield-1.0.3.tar.gz)
* [django-post_office](https://pypi.python.org/packages/source/d/django-post_office/django-post_office-2.0.6.tar.gz)
* [gunicorn](http://pypi.python.org/packages/source/g/gunicorn/gunicorn-19.4.5.tar.gz)
* [flup](http://pypi.python.org/packages/source/f/flup/flup-1.0.2.tar.gz)
* [chardet](https://pypi.python.org/packages/source/c/chardet/chardet-2.3.0.tar.gz)
* [python-dateutil](https://labix.org/download/python-dateutil/python-dateutil-1.5.tar.gz)
* [six](https://pypi.python.org/packages/source/s/six/six-1.9.0.tar.gz)
* [django-picklefield](https://pypi.python.org/packages/source/d/django-picklefield/django-picklefield-0.3.2.tar.gz)
* [django-constance](https://github.com/haiwen/django-constance/archive/bde7f7c.zip)
* [jdcal](https://pypi.python.org/packages/source/j/jdcal/jdcal-1.2.tar.gz)
* [et_xmlfile](https://pypi.python.org/packages/source/e/et_xmlfile/et_xmlfile-1.0.1.tar.gz)
* [openpyxl](https://pypi.python.org/packages/source/o/openpyxl/openpyxl-2.3.0.tar.gz)
* [futures](https://pypi.python.org/packages/cc/26/b61e3a4eb50653e8a7339d84eeaa46d1e93b92951978873c220ae64d0733/futures-3.1.1.tar.gz)
* [django-formtools](https://pypi.python.org/packages/a8/07/947dfe63dff1f2be5f84eb7f0ff5f712bb1dc730a6499b0aa0be5c8f194e/django-formtools-2.0.tar.gz)
* [qrcode](https://pypi.python.org/packages/87/16/99038537dc58c87b136779c0e06d46887ff5104eb8c64989aac1ec8cba81/qrcode-5.3.tar.gz)
Install all these libaries to `/home/pi/dev/seahub_thirdpart`:
```
cd ~/dev/seahub_thirdpart
export PYTHONPATH=.
easy_install -d . /tmp/pytz-2016.1.tar.gz
easy_install -d . /tmp/Django-1.8.10.tar.gz
easy_install -d . /tmp/django-statici18n-1.1.3.tar.gz
easy_install -d . /tmp/djangorestframework-3.3.2.tar.gz
easy_install -d . /tmp/django_compressor-1.4.tar.gz
easy_install -d . /tmp/jsonfield-1.0.3.tar.gz
easy_install -d . /tmp/django-post_office-2.0.6.tar.gz
easy_install -d . /tmp/gunicorn-19.4.5.tar.gz
easy_install -d . /tmp/flup-1.0.2.tar.gz
easy_install -d . /tmp/chardet-2.3.0.tar.gz
easy_install -d . /tmp/python-dateutil-1.5.tar.gz
easy_install -d . /tmp/six-1.9.0.tar.gz
easy_install -d . /tmp/django-picklefield-0.3.2.tar.gz
wget -O /tmp/django_constance.zip https://github.com/haiwen/django-constance/archive/bde7f7c.zip
easy_install -d . /tmp/django_constance.zip
easy_install -d . /tmp/jdcal-1.2.tar.gz
easy_install -d . /tmp/et_xmlfile-1.0.1.tar.gz
easy_install -d . /tmp/openpyxl-2.3.0.tar.gz
```
## <a id="wiki-prepare-seafile-source-code"></a>Prepare seafile source code
To build seafile server, there are four sub projects involved:
* [libsearpc](https://github.com/haiwen/libsearpc)
* [ccnet-server](https://github.com/haiwen/ccnet-server)
* [seafile-server](https://github.com/haiwen/seafile-server)
* [seahub](https://github.com/haiwen/seahub)
The build process has two steps:
* First, fetch the tags of each projects, and make a soruce tarball for each of them.
* Then run a `build-server.py` script to build the server package from the source tarballs.
### <a id="wiki-fetch-tags-and-prepare-tarballs"></a> Fetch git tags and prepare source tarballs
Seafile manages the releases in tags on github.
Assume we are packaging for seafile server 6.0.1, then the tags are:
* ccnet-server, seafile-server, and seahub would all have a `v6.0.1-sever` tag.
* libsearpc would have the `v3.0-latest` tag (libsearpc has been quite stable and basically has no further development, so the tag is always `v3.0-latest`)
First setup the `PKG_CONFIG_PATH` enviroment variable (So we don't need to make and make install libsearpc/ccnet/seafile into the system):
```
export PKG_CONFIG_PATH=/home/pi/dev/seafile/lib:$PKG_CONFIG_PATH
export PKG_CONFIG_PATH=/home/pi/dev/libsearpc:$PKG_CONFIG_PATH
export PKG_CONFIG_PATH=/home/pi/dev/ccnet:$PKG_CONFIG_PATH
```
### libsearpc
```
cd ~/dev
git clone https://github.com/haiwen/libsearpc.git
cd libsearpc
git reset --hard v3.0-latest
./autogen.sh
./configure
make dist
```
### ccnet
```
cd ~/dev
git clone https://github.com/haiwen/ccnet-server.git
cd ccnet
git reset --hard v6.0.1-server
./autogen.sh
./configure
make dist
```
### seafile
```
cd ~/dev
git clone https://github.com/haiwen/seafile-server.git
cd seafile
git reset --hard v6.0.1-server
./autogen.sh
./configure
make dist
```
### seahub
```
cd ~/dev
git clone https://github.com/haiwen/seahub.git
cd seahub
git reset --hard v6.0.1-server
./tools/gen-tarball.py --version=6.0.1 --branch=HEAD
```
### seafobj
```
cd ~/dev
git clone https://github.com/haiwen/seafobj.git
cd seafobj
git reset --hard v6.0.1-server
make dist
```
### seafdav
```
cd ~/dev
git clone https://github.com/haiwen/seafdav.git
cd seafdav
git reset --hard v6.0.1-server
make
```
### Copy the source tar balls to the same folder
```
mkdir ~/seafile-sources
cp ~/dev/libsearpc/libsearpc-<version>-tar.gz ~/seafile-sources
cp ~/dev/ccnet/ccnet-<version>-tar.gz ~/seafile-sources
cp ~/dev/seafile/seafile-<version>-tar.gz ~/seafile-sources
cp ~/dev/seahub/seahub-<version>-tar.gz ~/seafile-sources
cp ~/dev/seafobj/seafobj.tar.gz ~/seafile-sources
cp ~/dev/seafdav/seafdav.tar.gz ~/seafile-sources
```
### <a id="wiki-run-pkg-script"></a> Run the packaging script
Now we have all the tarballs prepared, we can run the `build-server.py` script to build the server package.
```
mkdir ~/seafile-server-pkgs
~/dev/seafile/scripts/build-server.py --libsearpc_version=<libsearpc_version> --ccnet_version=<ccnet_version> --seafile_version=<seafile_version> --seahub_version=<seahub_version> --srcdir= --thirdpartdir=/home/pi/dev/seahub_thirdpart --srcdir=/home/pi/seafile-sources --outputdir=/home/pi/seafile-server-pkgs
```
After the script finisheds, we would get a `seafile-server_6.0.1_pi.tar.gz` in `~/seafile-server-pkgs` folder.
## <a id="wiki-test-built-pkg"></a> Test the built package
### <a id="wiki-test-fresh-install"></a>Test a fresh install
Use the built seafile server package to go over the steps of [Deploying Seafile with SQLite](http://manual.seafile.com/deploy/using_sqlite.html).
The test should cover these steps at least:
* The setup process is ok
* After `seafile.sh start` and `seahub.sh start`, you can login from a browser.
* Uploading/Downloading files through a web browser works correctly.
* Seafile [WebDAV](http://manual.seafile.com/extension/webdav.html) server works correctly
### <a id="wiki-test-upgrading"></a> Test upgrading from a previous version
* Download the package of the previous version seafile server, and setup it.
* Upgrading according to [the manual](http://manual.seafile.com/deploy/upgrade.html)
* After the upgrade, check the functionality is ok:
* Uploading/Downloading files through a web browser works correctly.
* Seafile [WebDAV](http://manual.seafile.com/extension/webdav.html) server works correctly

393
manual/build_seafile/server.md Normal file
View file

@ -0,0 +1,393 @@
# Server
## Preparation
The following list is all the libraries you need to install on your machine. **You should install all of them before you build seafile**.
Package names are according to Ubuntu 12.04. For other Linux distros, please find their corresponding names yourself.
* libevent-dev (2.0 or later )
* libcurl4-openssl-dev (1.0.0 or later)
* libglib2.0-dev (2.28 or later)
* uuid-dev
* intltool (0.40 or later)
* libsqlite3-dev (3.8 or later)
* libmysqlclient-dev (5.5 or later)
* libarchive-dev
* libtool
* libjansson-dev
* valac
* libfuse-dev
Also, python 2.7 is required since seafile server 5.1.0.
The following libraries need to be compiled from source.
### Notes about MySQL client library
You can also use MariaDB's LGPL Connector/C library. Download the latest stable version of the library on <https://downloads.mariadb.org/connector-c/> then compile and install the library.
```
cmake .
make
sudo make install
```
By default the library will be installed under `/usr/local/lib/mariadb`. Add this path to your `LD_LIBRARY_PATH` environment variable so the loader can find this library.
```
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib/mariadb
```
### libevhtp
* Download [libevhtp](https://github.com/ellzey/libevhtp/archive/1.1.6.tar.gz).
* Build libevhtp by:
```
cmake -DEVHTP_DISABLE_SSL=ON -DEVHTP_BUILD_SHARED=OFF .
make
sudo make install
```
### Seahub dependencies
**Seahub** is the web front end of Seafile. It's written in the [django](http://djangoproject.com) framework. Seahub requires Python 2.6(or 2.7) installed on your server, and it needs the following python libraries:
* Django 1.8
* pytz
* django-statici18n
* djangorestframework
* django_compressor
* django-post_office
* [django-constance](https://github.com/haiwen/django-constance/) (install it by `pip install https://github.com/haiwen/django-constance/archive/bde7f7c.zip`)
* gunicorn
* flup
* chardet
* python-dateutil
* six
* openpyxl
Before continue, make sure you have all the above libraries available in your system.
### Prepare the directory layout
In the following sections, you'll be guided to build and setup the seafile server step by step. Seafile server is consisted of several components. In order for them to function correctly, you must:
* Follow our instructions step by step
* Make sure your directory layout is exactly the same with the guide in each step.
First create the top level directory. In the following sections, we'll use "/data/haiwen" as the top level directory.
```
mkdir /data/haiwen/
cd /data/haiwen/
mkdir seafile-server
cd seafile-server
```
The currently layout is:
```
haiwen/
└── seafile-server
```
### Get the source
First you should get the latest source of libsearpc/ccnet-server/seafile-server/seahub
Download the source tarball of the latest tag from
* <https://github.com/haiwen/libsearpc/tags>
* <https://github.com/haiwen/ccnet-server/tags>
* <https://github.com/haiwen/seafile-server/tags>
* <https://github.com/haiwen/seahub/tags>
For example, if the latest released seafile server is 6.0.1, then just use the **v6.0.1-server** tags of the projects (except for libsearpc, which uses the **v3.0-latest** tag). You should get four tarballs:
* libsearpc-3.0-latest.tar.gz
* ccnet-server-6.0.1-server.tar.gz
* seafile-server-6.0.1-server.tar.gz
* seahub-6.0.1-server.tar.gz
Create a folder `haiwen/src`, and uncompress libsearpc/ccnet/seafile source to it.
```
cd haiwen/seafile-server
mkdir src
cd src
tar xf /path/to/libsearpc-3.0-latest.tar.gz
tar xf /path/to/ccnet-server-6.0.1-server.tar.gz
tar xf /path/to/seafile-server-6.0.1-server.tar.gz
```
And uncompress seahub tarball to `haiwen/seafile-server`:
```
cd haiwen/seafile-server
tar xf /path/to/seahub-6.0.1-server.tar.gz
mv seahub-6.0.1-server seahub
```
So far, The current directory layout is:
```
haiwen/
└── seafile-server
└── seahub
└── src
├── libsearpc-6.0.1-server
├── ccnet-server-6.0.1-server
├── seafile-server-6.0.1-server
├── ... (other files)
```
### Building
To build seafile server, you need first build **libsearpc** and **ccnet-server**.
##### libsearpc
```
cd libsearpc-${version}
./autogen.sh
./configure
make
make install
```
##### ccnet-server
```
cd ccnet-server-${version}
./autogen.sh
./configure # `export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig` if libsearpc is not found
make
make install
```
By default, `configure` tries to find MySQL and Postgresql client libraries in the system. If you do not want to support MySQL or Postgresql, use the following configure options:
```
./configure --without-mysql --without-postgresql
```
If you want to use MariaDB Connector/C library, use the following configure option:
```
./configure --with-mysql=/usr/local/bin/mariadb_config
```
##### seafile-server
```
cd seafile-${version}
./autogen.sh
./configure
make
make install
```
You can use the same options as ccnet-server to configure MySQL and Postgresql client libraries.
_Note_: You need to run `sudo ldconfig` to refresh the system libraries cache after you compiles all the components.
## Deploy Seafile Server
### Components of the Seafile Server
The seafile server consists of the following components:
![server architecture](../images/server-arch.png "server architecture")
* **ccnet** stores its configuration and metadata is a directory named `ccnet`.
* **seaf-server** store its configuration and data in a directory, normally named `seafile-data`.
* **seahub** is written in Django. If you have any experience with Django, you should know the `syncdb` command must be run to create all the database tables.
* An **admin account** has to be created, so that you, the admin, can login with this account to manage the server.
These are the essential steps to create the configuration:
* ensure seafile is already installed and all the python libraries seahub needs are installed.
* create the ccnet configuration with the **ccnet-init** program
* create the seafile configuration with **seaf-server-init** program
* run Django **syncdb** command for seahub
* create an admin account for the seafile server
To create the configurations, you can either:
* use the seafile-admin script(see below)
* \[\[create server configuration by hand]]
### Create Configurations with the seafile-admin script
`seafile-admin` should have been installed to system path after you have built and installed Seafile from source.
```
usage: seafile-admin [-h] {setup,start,stop,reset-admin} ...
optional arguments:
-h, --help show this help message and exit
subcommands:
{setup,start,stop,reset-admin}
setup setup the seafile server
start start the seafile server
stop stop the seafile server
reset-admin reset seafile admin account
```
Go to the top level directory(in this guide it's **/data/haiwen/**), and run **seafile-admin setup** to create all the configuration:
```
cd /data/haiwen
export PYTHONPATH=/data/haiwen/seafile-server/seahub/thirdpart
seafile-admin setup
```
The script would ask you a series of questions, and create all the configuration for you.
This is a screenshot of the **seafile-admin setup** command:
![admin setup running](../images/seafile-admin-1.png)
And a screenshot after setup is finished successfully:
![admin setup finished](../images/seafile-admin-2.png)
At this time, the directory layout would be like this:
```
haiwen/
└── ccnet # ccnet config directory
└── ccnet.conf # ccnet config file
└── seafile-data # seafile configuration and data
└── seafile.conf # seafile config file
└── seahub-data/ # seahub data
└── seahub.db # seahub sqlite3 database
└── seahub_settings.py # custom settings for seahub
└── seafile-server
└── seahub/
└── seafile-{VERSION} # seafile source code
```
### Start the Seafile Server
After configuration successfully created, run **seafile-admin start** in the top directory to start the all components of Seafile. ( **You should always run the seafile-admin script in the top directory** ).
```
cd /data/haiwen # go to the top level directory
seafile-admin start
```
At this moment, all the components should be running and seahub can be visited at <http://yourserver-ip-or-domain:8000>
**Note** You may want to deploy seahub with nginx or apache. In this case, follow the instructions on Deploy Seafile Web With [Nginx](../deploy/deploy_with_nginx.md)/[Apache](../deploy/deploy_with_apache.md).
### Stop the Seafile Server
To stop seafile server, run **seafile-admin stop**.
```
cd /data/haiwen # go to the top level directory
seafile-admin stop
```
## Upgrade the Seafile Server
When you want to upgrade to a new vesrion of seafile server, you need to:
* Stop the seafile server if it's running
```
cd /data/haiwen
seafile-admin stop
```
* Get and latest source code and build libsearpc/ccnet/seafile, just as what you do in a fresh setup.
* Run the upgrade script. The upgrade script mainly updates database used by seafile for you. For example, create a new database table that is used in the latest seafile server but not in the previous version.
### Get and compile the latest libsearpc/ccnet/seafile
See the **Building** section above.
### Get the new seahub tarball and uncompress it
```
cd haiwen/seafile-server
mv seahub/ seahub-old # move away the old seahub folder
tar xf /path/to/new/seahub-x.x.x-server.tar.gz
mv seahub-x.x.x-server seahub
```
### Do the upgrade
* copy the scripts/upgrade/ subdir outside
The upgrade scripts is distributed in the `scripts/upgrade` subdir of seafile source code, we need to copy it to **seafile-server** directory before run the scripts.
```
cd /data/haiwen/seafile-server
cp -rf seafile-{version}/scripts/upgrade .
```
#### Continuous Upgrade (like from 1.1 to 1.2)
Continuous upgrade means to upgrade from one version of seafile server to the next version. For example, upgrading from 1.1.0 to 1.2.0 is a continuous upgrade.
**Note:** Minor upgrade, like upgrade from 1.3.0 to 1.3.1, is documented in a separate section below.
Say you are upgrading from 1.1.0 to 1.2.0, you should run the script **upgrade_1.1_1.2.sh** in `seafile-server` directory.
```
cd /data/haiwen/seafile-server
./upgrade/upgrade_1.1_1.2.sh
```
#### Non-continous version upgrade(like from 1.1 to 1.3)
If you upgrade a few versions at once, e.g. from 1.1.0 to 1.3.0. The procedure is:
* upgrade from 1.1.0 to 1.2.0
* upgrade from 1.2.0 to 1.3.0
Just run the upgrade scripts in sequence.
#### Minor Upgrade (like from 1.3.0 to 1.3.1)
Minor upgrade Minor upgrade is like an upgrade from 1.3.0 to 1.3.1. For this type of upgrade, you only need to update the avatar link:
```
cd /data/haiwen/seafile-server/seahub/media
cp -rf avatars/* ../../../seahub-data/avatars/
rm -rf avatars
ln -s ../../../seahub-data/avatars
```
## Problems Report
If you encounter any problem when building/deploying Seafile, please leave us a message or [open an issue](https://github.com/haiwen/seafile/issues).

10
manual/changelog.md Normal file
View file

@ -0,0 +1,10 @@
# Changelog
### Changelogs
- [Seafile Community Edition](changelog/server-changelog.md)
- [Seafile Professional Edition](changelog/changelog-for-seafile-professional-server.md)
- [Seafile Client](changelog/client-changelog.md)
- [Drive Client ChangeLog](changelog/drive-client-changelog.md)
- [Seafile Android Client (Seadroid)](https://github.com/haiwen/seadroid/releases)
- [Seafile iOS Client](https://github.com/haiwen/seafile-iOS/releases)

772
manual/changelog/changelog-for-seafile-professional-server-old.md Normal file
View file

@ -0,0 +1,772 @@
# Seafile Professional Server Changelog (old)
## 4.4
Note: Two new options are added in version 4.4, both are in seahub_settings.py
* SHOW_TRAFFIC: default is True, set to False if you what to hide public link traffic in profile
* SHARE_LINK_PASSWORD_MIN_LENGTH: default is 8
This version contains no database table change.
### 4.4.9 (2016.02.29)
* \[fix] Show “out of quota” instead of “DERP” in the case of out of quota when uploading files via web interface
### 4.4.8 (2015.12.17)
* \[security] Fix password check for visiting a file in folder sharing link
### 4.4.7 (2015.11.20)
* \[fix] Fix viewing PDF files via Office Web App
* \[fix, virus scan] Do not scanning deleted libraries in virus scan
* \[fix, virus scan] Fix showing the virus scan page when libraries containing scanned items are deleted
* \[virus scan] Add more debug information for virus scan
* \[fix] Clean cache when set users' name from web API
* \[fix] Fix a performance problem for generating picture thumbnails from folder sharing link
### 4.4.6 (2015.11.09)
* \[security] Fix a XSS problem in raw sharing link
* \[fix] Delete sharing links when deleting a library
* \[fix] Clean Seafile tables when deleting a library
* \[fix] Add <a> tag to the link in upload folder email notification
* \[fix] Fix a bug in creating a library (after submit a wrong password, the submit button is no longer clickable)
* \[fix, pro] Fix a bug in listing FileUpdate audit log
* \[security, pro] Don't online preview for office files in encrypted libraries
### 4.4.5 (2015.10.30)
* \[fix] Fix a bug in deleting sharing link in sharing dialog.
### 4.4.4 (2015.10.29)
* \[fix] Fix support for syncing old formatted libraries
* Remove commit and fs objects in GC for deleted libraries
* Add "transfer" operation to library list in "admin panel->a single user"
* \[fix] Fix the showing of the folder name for upload link generated from the root of a library
* \[fix] Add access log for online file preview
* \[fix] Fix permission settings for a sub-folder of a shared sub-folder
LDAP improvements and fixes
* Only import LDAP users to Seafile internal database upon login
* Only list imported LDAP users in "organization->members"
* Add option to not import users via LDAP Sync (Only update information for already imported users). The option name is IMPORT_NEW_USER. See document <http://manual.seafile.com/deploy/ldap_user_sync.html>
### 4.4.3 (2015.10.20)
* \[fix] Remove regenerate secret key in update script
### 4.4.2 (2015.10.19)
* \[security] Check validity of file object id to avoid a potential attack
* \[fix] Check the validity of system default library template, if it is broken, recreate a new one.
* \[fix] After transfer a library, remove original sharing information
* \[security] Fix possibility to bypass Captcha check
* \[security] More security fixes.
* \[pro] Enable syncing a sub-sub-folder of a shared sub-folder (For example, if you share library-A/sub-folder-B to a group, other group members can selectively sync sub-folder-B/sub-sub-folder-C)
* \[fix, office preview] Handle the case that "/tmp/seafile-office-output"is removed by operating system
### 4.4.1 beta (2015.09.24)
* \[fix] Fix a bug in setting an user's language
* \[fix] Show detailed failed information when sharing libraries failed
* \[api] Add API to list folders in a folder recursively
* \[api] Add API to list only folders in a folder
### 4.4.0 beta (2015.09.21)
New features:
* Allow group names with spaces
* Enable generating random password when adding an user
* Add option SHARE_LINK_PASSWORD_MIN_LENGTH
* Add sorting in share link management page
* Other UI improvements
Pro only:
* Integrate Office Web Apps server
* Integrate virus scan
* Support resumable upload (turn off by default)
* Add option to hide public link traffic in profile (SHOW_TRAFFIC)
Fixes:
* \[fix] Fix a bug that causing duplications in table LDAPImport
* set locale when Seahub start to avoid can't start Seahub problem in a few environments.
## 4.3
Note: this version contains no database table change from v4.2. But the old search index will be deleted and regenerated.
Note when upgrading from v4.2 and using cluster, a new option `COMPRESS_CACHE_BACKEND = 'locmem://'` should be added to seahub_settings.py
### 4.3.4 (2015.09.14)
* \[fix] Fix a bug in file locking
* \[fix] Fix sub-folder permission check for file rename/move
* \[fix] Fix a bug in active number of users checking
* Show total/active number of users in admin panel
* Counts all downloads into traffic statistics
* \[security] Use POST request to handle password reset request to avoid CSRF attack
* Don't show password reset link for LDAP users
* \[ui] Small improvements
### 4.3.3 (2015.08.21)
* \[fix, important] Bug-fix and improvements for seaf-fsck
* \[fix, important] Improve I/O error handling for file operations on web interface
* Update shared information when a sub-folder is renamed
* \[fix] Fix bug of list file revisions
* \[fix] Fix syncing sub-folder of encrypted library
* Update translations
* \[ui] Small improvements
* \[fix] Fix modification operations for system default library by admin
### 4.3.2 (2015.08.12)
* Update translations
* \[fix] Fix bug in showing German translation
* \[fix] Fix bug when remove shared link at library settings page
* \[fix] Fix api error in opCopy/opMove
* Old library page (used by admin in admin panel): removed 'thumbnail' & 'preview' for image files
### 4.3.1 (2015.07.31)
* \[fix] Fix generating image thumbnail
* \[ui] Improve UI for sharing link page, login page, file upload link page
* \[security] Clean web sessions when reset an user's password
* Delete the user's libraries when deleting an user
* Show link expiring date in sharing link management page
* \[admin] In a user's admin page, showing libraries' size and last modify time
* \[fix, api] Fix star file API
* \[pro, beta] Add "Open via Client" to enable calling local program to open a file at the web
About "Open via Client": The web interface will call Seafile desktop client via "seafile://" protocol to use local program to open a file. If the file is already synced, the local file will be opened. Otherwise it is downloaded and uploaded after modification. Need client version 4.3.0+
### 4.3.0 (2015.07.25)
Usability improvements
* \[ui] Improve ui for file view page
* \[ui] Improve ui for sorting files and libraries
* Redesign sharing dialog
* Enable generating random password for sharing link
* Remove direct file sharing between users (You can use sharing link instead)
Pro only features:
* Add file locking
* \[fix] Fix file name search for Chinese and other Asia language
* \[fix] Support special password for MySQL database in seafevents
Others
* \[security] Improve permission check in image thumbnail
* \[security] Regenerate Seahub secret key, the old secret key lack enough randomness
* Remove the support of ".seaf" format
* \[api] Add API for generating sharing link with password and expiration
* \[api] Add API for generating uploading link
* \[api] Add API for link files in sharing link
* Don't listen on 10001 and 12001 by default.
* Change the setting of THUMBNAIL_DEFAULT_SIZE from string to number, i.e., use `THUMBNAIL_DEFAULT_SIZE = 24`, instead of `THUMBNAIL_DEFAULT_SIZE = '24'`
## 4.2
Note: because Seafile has changed the way how office preview work in version 4.2.2,
you need to clean the old generated files using the command:
```
rm -rf /tmp/seafile-office-output/html/
```
### 4.2.4 (2015.07.08)
* More fix on showing share link management page
* Fix a bug on doc/ppt preview
* Fix a bug in reading last login time
### 4.2.3 (2015.07.07)
* Fix translation problem for German and other language
* Remove "open locally" feature. It needs more testing
* Fix a problem in showing share link management page
### 4.2.2 (2015.07.03)
* \[fix] Fix file uploading link
* Add LDAP user sync
* Improve preview for office files (doc/docx/ppt/pptx)
In the old way, the whole file is converted to HTML5 before returning to the client. By converting an office file to HTML5 page by page, the first page will be displayed faster. By displaying each page in a separate frame, the quality for some files is improved too.
### 4.2.1 (2015.06.30)
Improved account management
* Add global address book and remove the contacts module (You can disable it if you use CLOUD_MODE by adding ENABLE_GLOBAL_ADDRESSBOOK = False in seahub_settings.py)
* List users imported from LDAP
* \[guest] Enable guest user by default
* \[guest] Guest user can't generate share link
* Don't count inactive users as licensed users
Important
* \[fix] Fix viewing sub-folders for password protected sharing
* \[fix] Fix viewing starred files
* \[fix] Fix support of uploading multiple files in clients' cloud file browser
* Improve security of password resetting link
* Remove user private message feature
New features
* Enable syncing any folder for an encrypted library
* Add open file locally (open file via desktop client)
Others
* \[fix] Fix permission checking for sub-folder permissions
* Change "quit" to "Leave group"
* Clean inline CSS
* Use image gallery module in sharing link for folders containing images
* \[api] Update file details api, fix error
* Enable share link file download token available for multiple downloads
* \[fix] Fix visiting share link whose original path is deleted
* Hide enable sub-library option since it is not meaningless for Pro edition
### 4.2.0 (2015.05.29)
Pro only updates
* \[new] Support set permission on every sub-folder
* \[search] Support partial match like "com" matching "communication" in file name
* \[search] The search result page is much clean
Usability
* Add direct file download link
* Remove showing of library description
* Don't require library description
* Keep left navigation bar when navigate into a library
* Generate share link for the root of a library
* Add loading tip in picture preview page
Security Improvement
* Remove access tokens (all clients will log out) when a users password changed
* Temporary file access tokens can only be used once
* sudo mode: confirm password before doing sysadmin work
Platform
* Use HTTP/HTTPS sync only, no longer use TCP sync protocol
* Support byte-range requests
* Automatically clean of trashed libraries
* \[ldap] Save user information into local DB after login via LDAP
## 4.1
### 4.1.2 (2015.05.07)
* \[fix] Fix bug in syncing LDAP groups
* \[fix] Fix bug in viewing PDF/Doc
* \[fix] Fix crash bug when memcache is full
### 4.1.1 (2015.04.16)
* \[fix] Fix Webdav's port can't be changed to non default port (8082)
* \[fix, searching] Fix handling invalid path name when indexing
* \[fix] Fix seaf-fsck for swift/s3/ceph backend
* Do not show "this type of file can't be viewed online"
* \[fix] Fix showing of activity feed in mobile device
* \[fix] Fix viewing sharing link for deleted directories
* Log email sending in background task to seahub_email_sender.log
* Improve shibboleth login by supporting "next" parameter in URL
### 4.1.0 (2015.04.01)
Pro only updates
* Support syncing any sub-folder in the desktop client
* Add audit log, see <http://manual.seafile.com/security/auditing.html>. This feature is turned off by default. To turn it on, see <http://manual.seafile.com/deploy_pro/configurable_options.html>
* Syncing LDAP groups
* Add permission setting for a sub-folder (beta)
Updates in community edition too
* \[fix] Fix image thumbnail in sharing link
* Show detailed time when mouse over a relative time
* Add trashed libraries (deleted libraries will first be put into trashed libraries where system admin can restore)
* Improve seaf-gc.sh
* Redesign fsck.
* Add API to support logout/login an account in the desktop client
* Add API to generate thumbnails for images files
* Clean syncing tokens after deleting an account
* Change permission of seahub_settings.py, ccnet.conf, seafile.conf to 0600
* Update Django to v1.5.12
## 4.0
### 4.0.6 (2015.03.06)
* \[fix] Fix the seafevents not shutdown by seafile.sh problem
* Improved shibboleth support
* \[fix] Fix uploading a directory if the top directory only contains sub-folders (no files)
* Improve thumbnail API
### 4.0.5 (2015.02.13)
* \[fix] Fix a crash problem when a client tries to upload corrupted data
* Add image thumbnails
### 4.0.4 (2015.02.05)
Important
* \[fix] Fix transfer library error in sysadmin page
* \[fix] Fix showing of space used in sysadmin page for LDAP users
* \[fix] Fix preview office files in file share links and private share
* Improved trash listing performance
Small
* \[webdav] list organisation public libraries
* Disable non-shibboleth login for shibboleth users
* \[fix] Fix wrong timestamp in file view page for files in sub-library
* Add Web API for thumbnail
* Add languages for Thai and Turkish, update a few translations
* \[ldap] Following referrals
### 4.0.3 (2015.01.15)
* \[fix] Fix memory leak in HTTP syncing
* Repo owner can restore folders/files from library snapshot
* Update translations
* \[ldap] Make the "page result" support turn off by default to be compatible with community edition.
* Only repo owner can restore a library to a snapshot
* \[fix] Remote redundant logs in seaf-server
* \[fix] Raise 404 when visiting an non-existing folder
* \[fix] Enable add admin when LDAP is enabled
* Add API to get server features information (what features are supported by this server)
* \[fix] Fix throttle for /api2/ping
### 4.0.2 (2015.01.06)
* \[fix] Fix syncing sub-library with HTTP protocol
### 4.0.1 (2014.12.29)
* Add Shibboleth support (beta)
* Improve libraries page loading speed by adding cache for library
* \[fix] Fix performance problem of FUSE when using ceph/swift backend
* \[fix] Fix folder upload by drap&drop
* \[fix] Fix version check for pro edition
* \[fix] Fix performance problem in listing files API
* \[fix] Fix listing files of a large folder
* \[fix] Fix folder sharing link with password protection
* \[fix] Fix deleting broken libraries in the system admin panel
### 4.0.0 (2014.12.13)
* Add HTTP syncing support
* Merge FileServer into seaf-server
* \[web] New upload file dialog
* \[search] Improve the speed of search by removing in-efficient code in calculating file modification time in the search result page.
## 3.1
### 3.1.13 (2014.11.25)
* Add WMV video file preview on web
* Support office documents online preview in cluster deployment
* \[fix] Fix file private sharing bug when file name contains &
### 3.1.12 (2014.11.17)
* Update ElasticSearch to v1.4
* Limit content search of txt file to 100KB.
* Fix "out of memory" problem.
### 3.1.11 (2014.11.03)
* \[fix] Fixed ./seaf-gc.sh to run online GC
* \[fix] Fixed showing libraries with same name in WebDAV extension in some specific Python version
* \[fix] Fixed event timestamp for library creation and library deleting events
* \[fix] Don't allow setting an encrypted library as default library
* \[fix] Don't list unregistered contacts in sharing dialog
* Don't list inactive users in "organization->members"
* \[multi-tenancy] Add webdav support
* Autoupload files when added in web interface
### 3.1.10 (2014.10.27)
* Online GC: you don't need to shutdown Seafile server to perform GC
* \[fix] Fixed performance problem in WebDAV extension
* \[fix] Fixed quota check in WebDAV extension
* \[fix] Fixed showing libraries with same name in WebDAV extension
* Add "clear" button in a library's trash
* \[fix] Fix small errors when upload files via Web interface
* \[fix] Fix moving/coping files when the select all file checkbox is checked
* \[multi-tenancy] Listing libraries of an organization
* \[multi-tenancy] Enable rename an organization
* \[multi-tenancy] Prevent the deleting of creator account of an organisation
### 3.1.9 (2014.10.13)
* \[ldap] split LDAP and Database in organization -> pubuser
* \[ldap] Support pagination for loading users from LDAP
* \[multi-tenancy] fix quota related bugs
* \[office preview] Fix seafevents not start bug when using Python v2.6
### 3.1.7, 3.1.8
* Add support for multi-tenancy
### 3.1.6 (2014.09.16)
* Add access.log for file download
* \[fix, api] Fix bug in group creation
### 3.1.5 (2014.09.13)
* Add multi-tenancy support
### 3.1.4 (2014.09.11)
* \[fix] Fix bug in uploading >1GB files via Web
* \[fix] Remove assert in Ccnet to avoid denial-of-service attack
* \[fix] Add the missing ./seaf-gc.sh
* Support two modes of license, life-time and subscription
### 3.1.3 (2014.08.29)
* \[fix] Fix multi-file upload in upload link and library page
* \[fix] Fix libreoffice file online view
* Add 'back to top' for pdf file view.
* \[fix] Fix "create sub-library" button under some language
* \[fix popup] Fix bug in set single notice as read.
* Add message content to notification email
### 3.1.2 (2014.08.27)
* \[fix] Fix support for guest account
* \[fix, security] Fix permission check for PDF full screen view
* \[fix] Fix copy/move multiple files in web
* Improve UI for group reply notification
* Improve seaf-fsck, seaf-fsck now can fix commit missing problem
* \[security improve] Access token generated by FileServer can only be used once.
### 3.1.1 (2014.08.18)
* \[fix] Fix memory leak
* \[fix] Fix a memory not initialized problem which may cause sync problem under heavy load.
* \[fix, search] Closing database connection first before indexing
### 3.1.0 (2014.08.15)
Pro edition only:
* \[search] Enable searching directories
* \[search] Enable search groups in organization tab
* \[search] Enable encrypted libraries (filename only)
* \[search, fix] Fix a bug when indexing a large library
* \[preview,fix] Fix document preview for Excel files in sharing links
* \[user] Enable add users as guests. Guests are only able to use libraries shared to him/her.
* \[user] Enable set users password strength requirement
* \[sharing link] Enable set expiring time for sharing links
* \[sharing link] Library owner can manage all share links from this library
Syncing
* Improve performance: easily syncing 10k+ files in a library.
* Don't need to download files if they are moved to another directory.
Platform
* Rename HttpServer to FileServer to remove confusing.
* Support log rotate
* Use unix domain socket in ccnet to listen for local connections. This isolates the access to ccnet daemon for different users.
* Delete old PID files when stop Seafile
* Remove simplejson dependency
* \[fix] fix listing libraries when some libraries are broken
* Add a bash wrapper for seafile-gc
Web
* Enable deleting of personal messages
* Improved notification
* Upgrade pdf.js
* Password protection for sharing links
* \[admin] Create multi-users by uploading a CSV file
* Sort libraries by name/date
* Enable users to put an additional message when sending a sharing link
* Expiring time for sharing links
* \[fix] Send notification to all users participating a group discussion
* Redesigned file viewing page
* Remove simplejson dependency
* Disable the ability to make a group public by default (admin can turn it on in settings)
* Add "Back to Top" button in file view page
* Improve page refreshing after uploading files
## 3.0
### 3.0.7
* Add support for logrotate
* \[fix] Fix script for migrating from community edition
### 3.0.6
* Fix seahub failing to start problem when Ceph backend is used
### 3.0.5
* Add option to enable highlight search keyword in the file view
* \[fix] Fix "Save to My Library" in file sharing
* \[fix] Fix API for renaming files containing non-ASCII characters from mobile clients
### 3.0.4
* Add support for MariaDB Cluster
### 3.0.3
Web
* Show a notice when one tries to reset/change the password of a LDAP user
* Improve the initial size of pdf/office documents online preview
* Handle languages more gracefully in search
* Highlight the keywords in the search results
* \[fix] Fixed a web page display problem for French language
Platform
* Improve the speed when saving objects to disks
* Show error messages when seahub.sh script failed to start
### 3.0.2
* Added Ceph storage backend support
* Use random ID as avatar file name instead of the file name uploaded by the user
### 3.0.1
* \[fix] Fix an UI bug in selecting multiple contacts in sending message
* Library browser page: Loading contacts asynchronously to improve initial loading speed
### 3.0.0
Web
* Redesigned UI
* \[admin] Add login log
* \[admin] Add share link traffic statistics
* \[fix] Handle loading avatar exceptions to avoid 500 error
* Fixed a few api errors
* Improve page loading speed
* \[fix] Fix UI problem when selecting contacts in personal message send form
* \[fix] Add nickname check and escape nickname to prevent XSS attack
* \[fix] Check validity of library name (only allow a valid directory name).
Platform
* Separate the storage of libraries
* Record files' last modification time directly
* Keep file timestamp during syncing
* Allow changing password of an encrypted library
* Allow config httpserver bind address
* Improved device (desktop and mobile clients) management
Misc
* \[fix] Fix API for uploading files from iOS in an encrypted library.
* \[fix] Fix API for getting groups messages containing multiple file attachments
* \[fix] Fix bug in HttpServer when file block is missing
* \[fix] Fix login error for some kind of Android
## 2.2
### 2.2.1
* Add more checking for the validity of users' Email
* Use random salt and PBKDF2 algorithm to store users' password.
## 2.1
### 2.1.5
* Add correct mime types for mp4 files when downloading
* \[important] set correct file mode bit after uploading a file from web.
* Show meaningful message instead of "auto merged by system" for file merges
* Improve file history calculation for files which were renamed
WebDAV
* Return last modified time of files
### 2.1.4-1
* \[fix] fixed the `pro.py search --clear` command
* \[fix] fixed full text search for office/pdf files
### 2.1.4
* Improved Microsoft Excel files online preview
* \[fix] Fixed file share link download issue on some browsers.
* \[wiki] Enable create index for wiki.
* Hide email address in avatar.
* Show "create library" button on Organization page.
* \[fix] Further improve markdown filter to avoid XSS attack.
### 2.1.3
* Fixed a problem of Seafile WebDAV server
### 2.1.2
* Fixed a problem of requiring python boto library even if it's not needed.
### 2.1.1
Platform
* Added FUSE support, currently read-only
* Added WebDAV support
* A default library would be created for new users on first login to seahub
* Upgrade scripts support MySQL databases now
Web
* Redesigned Web UI
* Redesigned notification module
* Uploadable share links
* \[login] Added captcha to prevent brute force attack
* \[login] Allow the user to choose the expiration of the session when login
* \[login] Change default session expiration age to 1 day
* \[fix] Fixed a bug of "trembling" when scrolling file lists
* \[sub-library] User can choose whether to enable sub-library
* Improved error messages when upload fails
* Set default browser file upload size limit to unlimited
Web for Admin
* Improved admin UI
* More flexible customization options
* Support specify the width of height of custom LOGO
* Online help is now bundled within Seahub
## 2.0
### 2.0.5
* Support S3-compatible storage backends like Swift
* Support use existing elasticsearch server
### 2.0.4
* \[fix] set the utf8 charset when connecting to database
* Use users from both database and LDAP
* \[admin] List database and LDAP users in sysadmin
### 2.0.3
* \[fix] Speed up file syncing when there are lots of small files
### 2.0.1
* \[fix] Elasticsearch now would not be started if search is not enabled
* \[fix] Fix CIFS support.
* \[fix] Support special characters like '@' in MySQL password
* \[fix] Fix create library from desktop client when deploy Seafile with Apache.
* \[fix] Fix sql syntax error in ccnet.log, issue #400 (<https://github.com/haiwen/seafile/issues/400>).
* \[fix] Return organization libraries to the client.
* Update French, German and Portuguese (Brazil) languages.
### 2.0.0
Platform
* New crypto scheme for encrypted libraries
* A fsck utility for checking data integrity
Web
* Change owner of a library/group
* Move/delete/copy multiple files
* Automatically save draft during online editing
* Add "clear format" to .seaf file online editing
* Support user delete its own account
* Hide Wiki module by default
* Remove the concept of sub-library
Web for Admin
* Change owner of a library
* Search user/library
API
* Add list/add/delete user API
## 1.8
### 1.8.3
* Improve seahub.sh
* Improve license checking
### 1.8.2
* fixed 'cannot enter space' bug for .seaf file online edit
* add paginating for repo files list
* fixed a bug for empty repo
### 1.8.1
* Remove redundant log messages
### 1.8.0
Web
* Improve online file browsing and uploading
* Redesigned interface
* Use ajax for file operations
* Support selecting of multiple files in uploading
* Support drag/drop in uploading
* Improve file syncing and sharing
* Syncing and sharing a sub-directory of an existing library.
* Directly sharing files between two users (instead of generating public links)
* User can save shared files to one's own library
* \[wiki] Add frame and max-width to images
* Use 127.0.0.1 to read files (markdown, txt, pdf) in file preview
* \[bugfix] Fix pagination in library snapshot page
* Set the max length of message reply from 128 characters to 2000 characters.
API
* Add creating/deleting library API
Platform
* Improve HTTPS support, now HTTPS reverse proxy is the recommend way.
* Add LDAP filter and multiple DN
* Case insensitive login
* Move log files to a single directory
* \[security] Add salt when saving user's password
* \[bugfix] Fix a bug in handling client connection
* Add a script to automate setup seafile with MySQL
## 1.7
### 1.7.0.4
* Fixed a bug in file activities module
### 1.7.0
* First release of Seafile Professional Server

1278
manual/changelog/changelog-for-seafile-professional-server.md Normal file
View file

File diff suppressed because it is too large Load diff

993
manual/changelog/client-changelog.md Normal file
View file

@ -0,0 +1,993 @@
# Seafile Client Changelog
## 8.0
### 8.0.0 beta (2020/11/28)
* \[Win] Build with Visual Studio 2019 instead of MinGW
* \[Win/Mac] Upgrade Qt version to 5.15.1 (which supports TLS 1.3)
* Add V4 encryption library support, which will be available in server 8.0
## 7.0
### 7.0.10 (2020/10/16)
* Fix sync error when downloading duplicated files from a library
* Fix crash bug when downloading files with very long names
### 7.0.9 (2020/07/30)
* Avoid downloading existing blocks during sync download
* Fix crash when cancel syncing before a library is synced
* Fix incorrect error message in some error situations
### 7.0.8 (2020/06/03)
* Fix GUI crash on start
* Avoid redundant notification when downloading updates from a read-only library
### 7.0.7 (2020/04/03)
* Use new API to copy/move files from one library to another in cloud file browser
* \[fix] Fix SSO problem after logout and login again
* \[mac] Ignore files start with `._`
* \[fix] Fix deleting of multiple sync error logs
### 7.0.6 (2020/02/14)
* Enable to config block size at the client side
* Do not refresh explorer when restart
* Can clean sync error records in sync errors dialog
* \[fix] Do not popup the sync errors dialog when click a sync notification popup
### 7.0.5 (2020/01/14)
* Fix some right click menu do not work
* Fix "View on cloud" function
* Fix sign in file name break "view file history"
* Support get upload link for folders
* \[mac] Fix SSO in MacOS 10.15
### 7.0.4 (2019/11/20)
* Fix showing syncing error "!" in the system tray icon after restarting the client
* Don't clean modified files in cloud file browser
* Improve seaf-cli
* \[mac] Add support for MacOS 10.15
* \[mac] Drop support for MacOS 10.12, 10.11 and 10.10
### 7.0.3 (2019/10/31)
* Official repo for CentOS or RHEL is ready. Currently only CentOS/RHEL 7 is supported.
* Seaf-cli now support both Python2 and Python3.
* Re-enable the old style seafile internal links (seafile://openfile?repo_id=…)
* Improve error message display
* Fix a bug that local added files are deleted if the folder is removed or renamed by another user simultaneously.
* Improve progress percentage display during syncing downloading.
* Users can check who locked a file now
### 7.0.2 (2019/08/12)
* Improve notifications when user editing files in read-only libraries
* \[fix] Fix seaf-cli syncing problem
### 7.0.1 (2019/07/11)
* Fix a bug that causing GUI to crash when seaf-daemon dead
* Fix a bug that cloud file browser does not show file status correctly
* Do not show lots of "Failed to index file" messages
### 7.0.0 (2019/06/04)
* Improve error notifications
* Support new version of encrypted libraries if server version is 7.0.0+
* Starred items support libraries and folders
* Support new version of file activities
* Fix the error of "Failed to remove local repos sync token" during client shutdown
* Add menu to repair Windows Explorer extension
## 6.2
### 6.2.10 (2019/01/15)
* \[fix] Fix support for Windows user name containting non-ascii characters
* Remove seacloud.cc from the default server list
* Remove description from library detail dialog
### 6.2.9 (2018/12/10)
* \[fix] Fix background index when upload files via cloud file browser
* Don't call ping and account-info every 5 minutes
### 6.2.8 (2018/12/05)
* \[fix] Don't refresh activity list automatically
* \[fix] Fix view on Web link for starred items
### 6.2.7 (2018/11/22)
* Handle library permission change for synced libraries
* Don't retry forever when error occur during first time downloading
* \[mac] Fix dark mode support on Mac Mojave
* Show user's name instead of email in account switching popup
### 6.2.5 (2018/09/14)
* More robust deleting folder locally if it is deleted on the server
* Show file modifier in cloud file browser
* \[fix, win] Fix avatar with jpg format can't be displayed problem
* Support getting internal link
* \[fix, win] Fix support for some SSL CA
### 6.2.4 (2018/08/03)
* \[fix] Fix a bug that causing Windows Explorer crash
### 6.2.3 (2018/07/30)
* Prevent multiple seaf-daemon running
* \[fix] Support preconfigured Shibboleth Url
* Restart seaf-daemon automatically if it is dead
### 6.2.2 6.2.1 Beta (2018/07/13)
* \[fix] Fix initialization problem in first time launching
* Improve file syncing notification message
### 6.2.0 Beta (2018/07/03)
* \[mac] Add automatical locking support for Office files
* \[mac] Don't update local office file if it is editing locally while simultaneously edited remotely
* \[win] Enable using both syncing client and drive client while keep the Explorer file status icon work for both
* \[win] Remove ccnet component to make running multiple-instances on a single machine possible
* Don't send unneccesary "api2/events" requests
* \[cloud file browser] Fix uploading retrying
* \[fix] Fix .eml files can't be deleted
## 6.1
### 6.1.8 (2018/05/08)
* \[fix] Fix display of library search box
### 6.1.7 (2018/03/29)
* \[fix] Fix file searching
* \[cloud file browser] Support showing indexing progress after uploading a large file
### 6.1.6 (2018/03/13)
* \[fix] Fix crash during login
* \[cloud file browser] Only show search button when the server is pro edition
* Show detailed path when a library can't be synced because a file is locked
* \[fix] Fix a crash during file syncing caused by files with illegal file name
* \[fix] Fix a bug that causing crash during loading libraries
### 6.1.5 (2018/02/06)
* Add "trust this device" function to two-step authentication
* Add search files inside a library
* Some UI improvements
### 6.1.4 (2017/12/20)
cloud file browser
* Don't use resumable upload feature when updating a file
* Show an icon to indicate that a file is cached
* Show a warning icon when a file failed to upload to the server after changing
* User can re-upload a local modified file that failed to upload
* Add a command to open local cache folder
* Improve error messages when uploading a file or a folder
* \[mac] Fix a bug that a doc/xls file uploaded automatically after downloading
* Some ui fixes and improvements
others
* Don't show the connection status of 127.0.0.1
* Disable editing of local syncing path, users can only choose a path
* Some ui fixes and improvements
### 6.1.3 (2017/11/03)
* \[fix] Fix system tray icon
* Change "Shibbeloth Login" to "Single Sign On"
* \[fix] Fix MacOS client using discrete GPU
* \[cloud file browser] Improve file uploading after modification
* \[cloud file browser, fix] Don't show quota exceeded when server return 502 error
* \[cloud file browser] Show number of files in current folder
### 6.1.2 (2017/10/28)
* \[win] Update system tray icon
* Return error if repo name contains invalid characters when syncing a library
* Update local folder name when repo name is changed.
* Leave a shared library
* \[fix] Fix open cloud file browser from activity view
* \[fix] Fix loading more events in activity tab
* \[fix, cloud file browser] Always watching local cached files after uploading failed when file changed
* \[fix, cloud file browser] Use local cached version if it is changed locally
### 6.1.1 (2017/09/20)
* Improve support for syncing EML files (Don't sync EML files if only timestamp changed)
* Improve support for Copy/Paste files in cloud file browser
* \[mac] Fix opening file history from Mac
* \[fix] Fix memory leak in Windows extension handler
* \[fix] Fix re-login with Shibboleth
* UI/UX improvements for cloud file browser
* \[fix, windows] Fix a bug in detecting whether there is an old instance of Seafile running
### 6.1.0 (2017/08/02)
* \[fix] Fix a bug that library name will be changed back when it is changed in the server
* \[fix] Fix a bug that uploading progress exceeding 100%.
* \[fix] Fix selectively synced subfolder disappear after logout and login again
* Use new library icons
* \[fix] Fix showing of avatars
* \[fix] Improve UI in Windows with high DPI screens
* Only allow https for Shibboleth login
* Clean unused logs in applet.log
* Remove the function of map a library to a network drive
* \[fix] Fix an issue when uploading a deep empty folder like "A/B/C"
* Change default block size to 8MB
* \[fix, mac] Popup a notification after user clicking the "Check new version" button in about dialog if the current version is the latest version
## 6.0
### 6.0.7 (2017/06/23)
* \[fix] Fix auto-completion in sharing dialog
* Show contact avatars in auto-completion of sharing dialog
* \[fix] Fix mis-leading error message when uploading a file to a read-only library via cloud file browser
* Add highlight background color when drag and drop a file/folder to a library
* \[fix] Fix connection error in libcurl
* \[fix] Fix sorting by time in cloud file browser
* \[fix] Fix sorting by name case sensitive in cloud file browser
* \[fix] Fix drag more than one folder to cloud file browser
* Add loading more in activity tab and search tab
* "View sync error" can only be clicked when there are sync errors
* Move seafile.log, applet.log to seafile.log.old, applet.log.old if they become too large
* Remove the "?" icon in creating new folder dialog title bar
### 6.0.6 (2017/05/08)
* Sort files by numbers if numbers contained in the file name, so "1, 10, 2, 11, 3" will be sorted as "1, 2, 3, 10, 11".
* Use native system window for Seafile main windown and cloud file browser window.
* Fix progress overflow when uploading large file using cloud file browser
* Improve the tip when removing an account in the client
* Don't show download button when select folders in cloud file browser
* Clean cache data of cloud file browser when logout an account or restart the client
* \[fix] Fix display problem for high screen Windows in win10
* \[fix] Fix libssl compatibility problem in Debain Stretch
* Add auto-update check
### 6.0.4 (2017/02/21)
* \[fix] Fix Shibboleth login support
* Improve network connection check
* Don't log "read pipe error" into log file
* \[fix] Fix the link for help page
* Improve library sharing dialog (pro edition only feature)
### 6.0.3 (2017/02/11)
* Add a dialog to list all sync errors
* Don't popup file is locked by other users error message
* Make sync error message more accurate
* \[win] Support intermediate CA
* \[cloud file browser] Show correct error message when quota is exceeded during file upload
* Show the server address during Shibboleth login
* Support pre-config Shibboleth server address in seafile.ini
* \[fix] Show the recent shared user in sharing dialog
* "open folder" changed to "open local folder"
### 6.0.2 (deprecated)
This version has a few bugs. We will fix it soon.
### 6.0.1 (2016/12/07)
* Don't generate case conflict file/folder
* \[fix] Fix popup style for Mac Sierra
* Show image thumbnail in cloud file browser
* Change label "organization" to "shared with all", "private shares" to "shared with me"
### 6.0.0 (2016/10/14)
* \[fix] Fix a conflict problem with ESET anti-virus program
* Fix client name and add client version in modification history
* Add remote wipe support
* \[fix] Fix sub-folder permission support
## 5.1
### 5.1.4 (2016/07/29)
* \[fix] Fix seaf-daemon crash if root dir is corrupted
* \[fix, pro] Fix auto-completion in sharing a folder to a user if the user name contains a space
### 5.1.3 (2016/06/27)
* Support syncing any sub-folder with a community server
* \[fix, win] Fix automatically unlocking office files
* \[fix, pro] Fix auto-completion in sharing a folder to a user
* auto-login for open file history in web
* Prevent generating too many "case conflict" files
### 5.1.2 (2016/06/07)
* Add context menu to view file history in web
* \[fix, pro] Fix user auto-completion in folder sharing dialog
* \[linux] Fix tray icon not shown in KDE 5 <https://github.com/haiwen/seafile-client/issues/697>
* \[win 10, fix] Fix explorer context menu has no right arrow
* \[win, fix] Can't create new files/folders in "My Library" Shortcut
* \[win, fix] Fix on Windows 10 sometimes the seafile client main window exceeds the height of the screen.
### 5.1.1 (2016/05/04)
* Add “Groups” category in the clients library view
* Click notification pop up now open the exact folder containing the modified file.
* Change "Get Seafile Share Link" to "Get Seafile Download Link"
* \[fix] Use case-insensitive sorting in cloud file browser
* \[fix] Don't sync a folder in Windows if it contains invalid characters instead of creating an empty folder with invalid name
* \[fix] Fix a rare bug where sometimes files are synced as zero length files. This happens when another software doesn't change the file timestamp after changing the content of the file.
### 5.1.0 (2016/04/11)
Note: Seafile client now support HiDPI under Windows, you should remove QT_DEVICE_PIXEL_RATIO settings if you had set one previous.
* Update to QT5.6
* Add HiDPI support
* Remove corrupted local metadata when unsync or resync a library
## 5.0
### 5.0.7 (2016/03/29)
* \[fix, mac] Enable multi-users running Seafile on Mac
* \[win, pro] auto-lock office files (doc/ppt/excel) when open, require Seafile pro edition v5.1.0+
* Enable using system proxy setting
* Auto login when viewing unread notifications
* Record device name to modification history
### 5.0.6 (2016/03/08)
* \[fix, mac] Fix deleted folder get re-uploaded if with .DS_Store inside
* \[fix] Fix loading proxy configuration during start-up
* \[fix] Fix a crash bug when using libcurl with multiplt https connection
* \[fix] Fix sync problem when the network connection is slow
* Use GB/MB/KB instead of GiB/MiB/KiB (1GB = 1000MB = 1,000,000KB)
* \[fix] Fix disappear of synced sub-folder from the main window
* Small UI improvements
### 5.0.5 (2016/02/20)
* \[fix] Fix a crash bug in multi-threaded file download/upload
### 5.0.4 (2016/01/26)
* Add crash report support
* \[win] Add mapping a synced library as a network drive
### 5.0.3 (2016/01/13)
* \[fix] Fix German translation
### 5.0.2 (2016/01/11)
* \[fix] Fix compatibility issue with F-Secure
* Add setting sync interval for a library
* Showing progress when downloading file list during the first-time syncing
### 5.0.1 (2015/12/21)
* \[fix] Fix a memory leak
* Show user name instead of email in the profile area
* \[pro] For pro users, you can manage the library sharing from the client now.
### 5.0.0 (2015/11/25)
* Show storage usage
* Support login via username
* Set current tab icon color to orange
* Send notifications when sync error happens for some files
* Improve file locking for Microsoft Office files
* \[fix] Fix preventing syncing with any folder if it is prevented by the server
* \[windows] Set TCP send buffer size and TCP_NODELAY options
* \[fix] Keep ignore files when deleting a folder (<https://github.com/haiwen/seafile/issues/1383>)
## 4.4
### 4.4.2 (2015/10/20)
* \[fix] Fix showing data transfer percentage in syncing.
* Add open containing folder in search result
### 4.4.1 (2015/10/14)
* \[fix, win] Fix a rare bug in file sync on Windows related to multi-thread downloading
### 4.4.0 (2015/09/18)
* Fix bugs in file ignore feature
* Fix popup two password input dialogs when visit an encrypted library
* Popup a tip when file conflicts happen
* Don't send the password to server when creating an encrypted library
* \[mac] Fix support for TLS 1.2
* \[win, extension] Add context menu "get internal link"
* Enable uploading of an empty folder in cloud file browser
* \[pro] Enable customization of app name and logo for the main window (See <https://github.com/haiwen/seafile-docs/blob/master/config/seahub_customization.md#customize-the-logo-and-name-displayed-on-seafile-desktop-clients-seafile-professional-only>)
* A few small UI improvements
## 4.3
### 4.3.4 (2015/09/14)
* Fix a bug in refresh file locking status icon
* Use 3 threads instead of 10 threads when syncing files to reduce load on server
### 4.3.3 (2015/08/25)
* Fix one more syncing issues introduced in v4.3.0
* Improve the file lock icon
* Improve cloud file browser
* Fix icon overlay problem in win10
* Add back sync with existing folder
### 4.3.2 (2015/08/19)
* Fix more syncing issues introduced in v4.3.0
* Update translation
* Fix ignore feature
* Add HiDPI icons for cloud file browser
### 4.3.1 (2015/08/11)
* Fix syncing issues.
### 4.3.0 beta (2015/08/03)
* \[fix, windows] Fix a bug that causes freeze of Seafile UI
* \[sync] Improve index performance after a file is modified
* \[sync] Use multi-threads to upload/download file blocks
* \[admin] Enable config Seafile via seafile.rc in Mac/Linux or seafile.ini in Windows (<https://github.com/haiwen/seafile-user-manual/blob/master/en/faq.md>)
* \[admin] Enable uninstall Seafile without popup "deleting config files" dialog
* Add file lock
* \[mac, extension] Add getting Seafile internal link
* \[mac, extension] Improve performance of showing sync status
## 4.2
### 4.2.8 (2015/07/11)
* \[win] Another fix on the explorer extension
* Improve the ui for downloading the encrypted library
* filebrowser: fix a crash when closed while context menu pop up
* explorer extension: show read-only badge when a file is read-only
### 4.2.7 (2015/07/08)
* \[win] Fixed another bug that will cause crash of explorer extension
* \[win] Add executable file version information for the client
* \[mac] Use OS X native notification when possible (OS X >= 10.8)
* \[mac] Implement sync status improvement for every files
* filebrowser: fix uploading failures in the folders with permission set
* filebrowser: support "save as" multiple files simultaneously
* filebrowser: fix the sorting of folders
* filebrowser: implement get seafile internal link
* shibboleth: popup ShiLoginDialog when doing relogin
* \[ui] disable the inputablity of computer name when doing login
### 4.2.6 (2015/06/25)
* \[win] Fixed more memory problem that will cause crash of explorer extension
### 4.2.5 (2015/06/24)
* \[win] Fixed a possible memory corruption in explorer extension
* \[win] Add icon for readonly state in explorer extension
* \[win] unconfigured clients now can hide the configuration wizard
* \[win] ui: improve set password dialog
* \[win] fix broken local DNS resolve
* \[mac] add "seafile://" protocol support
* \[ui] tweak search tab item padding
* Add a menu item to open seafile folder
* \[ui] don't change current account after logout
* \[ui] fix some bugs on account-view
* \[ui] improve account management
* filebrowser: support readonly directories
* \[fix] Fix creating subfolder for password-protected repo
* \[fix] Fix file size integer overflow in search results
### 4.2.4 (2015/06/11)
* \[win] add workarounds with auto update bugs in cloud browser
* \[win] add the missing support for ipv6 (curl)
* \[pro] add new tab to searching files
* \[osx] fix the regularly disappearance tray icon (Qt5.4.2)
* \[osx] fix broken network connection sometimes after resume (Qt5.4.2)
* add an option to syncing with an existing folder with a different name
* avoid race condition when quiting
* fix a bug with opening password-protected repo in cloud browser
* ui: tweak paddings in the event activities
* filebrowser: show file type correctly along with icons
* ui: improve repo item category
* ui: show download link in share link dialog
* ui: enhance event details
### 4.2.3 (2015/05/29)
* Improve self-signed CA support
* Auto login when click "view on cloud"
* \[fix] Fix bugs with open directory from modification details dialog (pro)
* \[fix] Fix incorrect transfer rates for each sync task
* \[fix] Fix auto uploaded modified files in cloud file browser for some office files
### 4.2.2 (2015/05/26)
* \[win] Use Openssl to handle HTTPS connection
* \[mac] Load trusted CA certificates from Keychain
* \[fix] Fix logout/login issue (libraries stay at waiting for sync)
* \[fix] Fix a file deletion problem in Mac client
* Ignore the others of ssl errors if we have dealt with one
* Expand env variable in preconfigure seafile directory
* Hide explorer extension option on other platforms than windows
* Cloud file browser: fix broken title bar when minimized on windows
* Remove unused option in setting dialog
### 4.2.1 (2015/05/14)
* \[fix] Fix "Waiting for synchronization" problem
* \[win] Fixed encoding problem in the explorer extension
* \[win] Prefer home for seafile data dir when it is on the largest drive
* \[win] Adopt preconfigure directory for initialization if any
* \[win] Adopt preconfigure server addr for adding accounts if any
* \[win] Open current repo worktree when clicking ballon message
* \[mac] Fix some memory leaks
* Description is no longer required when creating repositories
* \[fix] Fix webview url for server version >= 4.2.0
* redesign the event list in activity tab (pro)
* \[fix] Fix window focus when creating repository from drag and drop
* \[fix] filebrowser: fix sorting column kind for non-English users
* network: disable weak ciphers explicitly
* \[fix] Fix a issue synced subfolders are not shown when client starts
* \[fix] Remember the used server addresses for convenience
* \[fix] Fix the ssl handshake errors with custom CA seafile servers
### 4.2.0 (2015/05/07)
* \[win] Support overlay icons for files based on the sync status
* Use http syncing only
* Auto detect existing folders and prompt "syncing with existing folder" in first time syncing
* \[win] Open desktop icon popup the main window if Seafile is already running
* Respect umask on Linux
* \[fix] Fix main window stay outside screens problem
* \[fix] Fix a few small syncing issues.
* \[osx] Allow sharing root directory from finder extension
* Auto login from the client when click the server URL (need v4.2 server)
* Auto logout when the authorization is expired (require server supports)
* Auto detect existing folders in first time syncing
* Save server info persistently
* More miscellaneous fixes
## 4.1
### 4.1.6 (2015/04/21)
* \[win] add overlay icon to show sync status at the library level
* \[win] add an option to enable/disable explorer extension support
* \[mac] add finder sync extension (need OSX 10.10.x)
* \[mac] fix the broken hide-the-dock option in some cases
* \[linux] fix the bug that we have two title bar for some desktop environment
* Update shibboleth support
* \[cloud file browser] Pop notifications when new versions of cached files uploaded
* \[cloud file browser] Add a save_as action
* \[cloud file browser] Improve file browser's UI
* \[fix] Fix a rare case of login failure by using complex password, a regression from 4.1.0
* \[fix] Fix a rare case of program crash when changing accounts
* Update avatars automatically
* More miscellaneous fixes
### 4.1.5 (2015/04/09)
* Add Shibboleth login support
* Reset local modified files to the state in Server when resyncing a read-only library.
* \[fix] Fix unable to unsync a library when it is in the state of uploading files
* \[fix, win] handle file/directory locking more gracefully
* Add http user agent for better logging in Apache/Nginx
* \[fix] Fix timeout problem in first time syncing for large libraries
### 4.1.4 (2015/03/27)
* \[fix, win] Fix Windows explore crash by seafile extension when right clicking on "Libraries->Documents" at the right side
### 4.1.3 (2015/03/23)
* \[fix] Fix unable to sync bug (permission denial) if the Windows system user name contains space like "test 123" introduced in v4.1.2
* \[win] Update version of OpenSSL to 1.0.2a
### 4.1.2 (2015/03/19) (deprecated)
* Add logout/login support (need server 4.1.0+)
* fix proxy password disappearance after restarting issue
* mask proxy password in the setting dialog
* \[fix] fix unexpected disconnection with proxy servers
* \[fix] fix a conflicting case when we have read-only sharing repository to a group
* update translations
* support darkmode (OS X)
* and other minor fixes
### 4.1.1 (2015/03/03)
* Add network proxy support for HTTP sync
* \[mac] Add more complete support for retina screen
* Improve UI
* Add option for killing old Seafile instance when starting a new one
* Add experimental support for HiDPI screen on Windows and Linux
* Showing shared from for private shared libraries
* Use API token v2 for shibbloeth login
* \[fix] Fix some bugs in uploading file from cloud file browser
* fix a bug of uploading directory from cloud file browser (pro version)
### 4.1.0 beta (2015/01/29)
* Add support for HDPI screen by using QT5
* \[win] Add context menu for generating share link
* Enable changing of interface language
* Make http syncing the default option (will fall back to non-http sync automatically if the server does not support it)
* \[fix] Fix a problem in handling long path in Windows
## 4.0
### 4.0.7 (2015/01/22)
* \[win] support for file path greater than 260 characters.
In the old version, you will sometimes see strange directory such as "Documents~1" synced to the server, this because the old version did not handle long path correctly.
### 4.0.6 (2015/01/09)
* \[fix] Fix a timeout problem during file syncing (Which also cause program crash sometimes).
### 4.0.5 (2014/12/24)
* \[mac] More on fixing mac syncing problem
* \[linux, mac] Do not ignore files with invalid name in Windows
* \[fix] Fix "sync now"
* \[fix] Handle network problems during first time sync
* \[file browser] Support create folders
* \[file browser] Improve interface
* \[file browser] Support multiple file selection and operation
### 4.0.4 (2014/12/15)
* \[mac] Fix a syncing problem when library name contains "è" characters
* \[windows] Gracefully handle file lock issue.
In the previous version, when you open an office file in Windows, it is locked by the operating system. If another person modify this file in another computer, the syncing will be stopped until you close the locked file. In this new version, the syncing process will continue. The locked file will not be synced to local computer, but other files will not be affected.
### 4.0.3 (2014/12/03)
* \[mac] Fix a syncing problem when library name contains "è" characters
* \[fix] Fix another bug in syncing with HTTP protocol
### 4.0.2 (2014/11/29)
* \[fix] Fix bugs in syncing with HTTP protocol
### 4.0.1 (2014/11/18)
* \[fix] Fix crash problem
### 4.0.0 (2014/11/10)
* Add http syncing support
* Add cloud file browser
## 3.1
### 3.1.12 (2014/12/01)
* \[fix] Fix a syncing problem for files larger than 100MB.
### 3.1.11 (2014/11/15)
* \[fix] Fix "sometimes deleted folder reappearing problem" on Windows.
You have to update all the clients in all the PCs. If one PC does not use the v3.1.11, when the "deleting folder" information synced to this PC, it will fail to delete the folder completely. And the folder will be synced back to other PCs. So other PCs will see the folder reappear again.
### 3.1.10 (2014/11/13)
* \[fix] Fix conflict problem when rename the case of a folder
* \[fix] Improve the deleted folder reappearing problem if it contains ignored files
* \[fix] Add "resync" action
### 3.1.8 (2014/10/28)
* Better support read-only sync. Now local changes will be ignored.
* \[mac,fix] Fix detection of local changes.
### 3.1.7 (2014/09/28)
* \[fix] Fix another not sync problem when adding a big file (>100M) and several other files.
### 3.1.6 (2014/09/19)
* Add option to sync MSOffice/Libreoffice template files
* Add back choosing the "Seafile" directory when install Seafile client.
* Add option to change the address of a server
* Add menu item for open logs directory
* \[mac] Add option for hide dock icon
* Show read-only icon for read-only libraries
* Show detailed information if SSL certification is not valid
* Do not show "Seafile was closed unexpectedly" message when turning down of Windows
* Don't refresh libraries/starred files when the window is not visible
* Move local file to conflict file when syncing with existing folder
* Add more log information when file conflicts happen
* \[fix] Fix sync error when deleting all files in a library
* \[fix] Fix not sync problem when adding a big file (>100M) and several small files together.
* \[fix] Fix Windows client doesn't save advanced settings
### 3.1.5 (2014/08/14)
* Do not ignore libreoffice lock files
* \[fix] Fix possible crash when network condition is not good.
* \[fix] Fix problem in syncing a large library with an existing folder
* Add option "do not unsync a library even it is deleted in the server"
* \[mac] upgrade bundled openssl to 1.0.1i
* \[mac] remove unused ossp-uuid dependency
* \[mac] fix code sign issue under OSX 10.10
### 3.1.4 (2014/08/05)
* \[fix, mac] Fix case conflict problem under Mac
### 3.1.3 (2014/08/04)
* \[fix] Fix showing bubble
* \[mac] More UI improvements
* Do not ignore 'TMP', 'tmp' files
### 3.1.2 (2014/08/01)
* Do not show rotate icon when checking update for a library
* Do not show activity tab if server not supported
* \[mac] show unread messages tray icon on Mac
* \[mac] Improve UI for Mac
* \[fix] Support rename files from upper case to lower case or vice versa.
### 3.1.1 (2014/07/28)
* \[win] Fix crash problems
* \[win] Fix interface freeze problem when restoring the window from the minimized state
* Remove the need of selecting Seafile directory
### 3.1.0 (2014/07/24)
* Add starred files and activity history
* Notification on unread messages
* Improve icons for Retina screen
* Load and show avatar from server
* Use new and better icons
## 3.0
### 3.0.4
* \[fix] Fix a syncing bug
### 3.0.3
* \[fix] Fix syncing problem when update from version 2.x
* \[fix] Fix UI when syncing an encrypted library
### 3.0.2
* \[fix] Fix a syncing issue.
### 3.0.1
* Improved ssl check
* Imporved ui of sync library dialog
* Send device name to the server
* \[fix] Fixed system shutdown problem
* \[fix] Fixed duplicate entries in recently updated libraries list
* Remove ongoing library download tasks when removing an account
* Updated translation
* \[fix] Fix file ID calculation
### 3.0.0
* Adjust settings dialog hint text size
* Improved login dialog
## 2.2
### 2.2.0
* Add check for the validity of servers' SSL Certification
## 2.1
### 2.1.2
* Show proper error message when failed to login
* Show an error message in the main window when failed to get libraries list
* Open seahub in browser when clicking the account url
* Add an option "Do not automatically unsync a library"
* Improve sync status icons for libraries
* Show correct repo sync status icon even if global auto sync is turned off
* Show more useful notification than "Auto merge by system" when conflicts were merged
### 2.1.1
* Make the main window resizable
* \[windows] Improved tray icons
* Show detailed network error when login failed
* Show sub-libraries
* \[windows] Use the name of the default library as the name of the virtual disk
### 2.1.0
* Redesigned the UI of the main window
* \[windows] Download the default library, and creates a virtual disk for it in "My Computer"
* Support drag and drop a folder to sync
* Automatically check for new version on startup
* Support of file syncing from both inside and outside the LAN
* \[fix] Fix a bug of clicking the tray icon during initialization
* \[fix] fixed a few bugs in merge and handling of empty folders
* \[mac] Fixed the alignment in settings dialog
## 2.0
### 2.0.8
* \[fix] Fix UI freeze problem during file syncing
* Improve syncing speed (More improvements will be carried out in our next version)
### 2.0.7 (Don't use it)
Note: This version contains a bug that you can't login into your private servers.
* \[fix] Fix a bug which may lead to crash when exiting client
* show library download progress in the library list
* add official server addresses to the login dialog
* improve library sync status icons
* \[windows] use the same tray icon for all windows version later than Vista
* translate the bubble notification details to Chinese
### 2.0.6
* \[windows] Fix handling daylight saving time
* Improve library details dialog
* \[fix] Fix a bug in api request
* Improve the handling of "Organization" libraries
* \[fix] Fix the settings of upload/download rate limit
* \[fix] Update French/German translations
* \[cli] Support the new encryption scheme
### 2.0.5
* Improve UI
* Fix a bug in French translation
### 2.0.4
* Improve memory usage during syncing
* \[windows] Change system tray icons
* \[windows] Hide seafile-data under Seafile folder
* \[fix] Fix remember main window's location
* Improve the dialog for adding account
* Add setting for showing main windows on seafile start up
* Open local folder when double click on a library
* Show warning dialog when login to a server with untrusted ssl certification
### 2.0.3
* sync empty folder
* support seafile crypto v2
* show warning in system tray when some servers not connected
* add German/French/Hungarian translations
* change system tray icons for Windows
* show "recent updated libraries"
* reduce cpu usage
* \[fix] fixed a bug when login with password containing characters like "+" "#"
* ask the user about untrusted ssl certs when login
* add Edit->Settings and "view online help" menu item
### 2.0.2
* \[fix] Fix compatibility with server v1.8
* \[fix] the bug of closing the settings dialog
* Add Chinese translation
* Show error detail when login failed
* Remember main window position and size
* Improve library detail dialog
* Add unsync a library
### 2.0.0
* Re-implement GUI with Qt
## 1.8
1.8.1
* \[bugfix] Fix a bug in indexing files
1.8.0
* \[bugfix] Skip chunking error
* Improve local web interface
* Remove link to official Seafile server
* Ignore all temporary files created by Microsoft Office
* Add French and Slovak translation
## 1.7
1.7.3
* \[bugfix] Fix a small syncing bug.
1.7.2
* \[bugfix] Fix a bug in un-syncing library. <https://github.com/haiwen/seafile/issues/270>
1.7.1
* \[win] Fix selecting of Seafile directory
1.7.0
* \[win] Enable selecting of Seafile directory
* Enable setting of upload/download speed
* Use encrypted transfer by default
* Support ignore certain files by seafile-ignore.txt
## 1.6
1.6.2
* \[bugfix,mac] Fix a bug in supporting directory names with accents
1.6.1
* \[bugfix] Prevent running of multiple seaf-daemon instance
* Improve the efficiency of start-up GC for libraries in merge stage
* \[mac,win] Handle case-conflict files by renaming
1.6.0
* \[linux,mac] Support symbolic links
* \[seaf-cli] clean logs
* Do not re-download file blocks when restart Seafile during file syncing
* \[bugfix] Fix treating files as deleted when failed to create it due to reasons like disk full.
* \[bugfix] Fix several bugs when shutdown Seafile during some syncing operation.
## 1.5
1.5.3
* Log the version of seafile client when start-up.
* \[bugfix] Fix a bug when simultaneously creating an empty folder with same name in server and client.
* \[bugfix] Always use IPv4 address to connect a server.
1.5.2
* \[bug] Fix a memory-access bug when showing "Auto merge by seafile system" in bubble
1.5.1
* \[seaf-cli] Fix a bug in initializing the config dir.
* \[bugfix] Improve the robustness of DNS looking-up.
Use standard DNS looking-up instead of libevent's non-blocking version.
1.5.0
* Add Seaf-cli
* Check the correctness of password in the beginning of downloading a encrypted library.
* Show detailed information in bubble
* Enable change the server's address in the client
* \[linux] Do not popup the browser when start up
* Remove seafile-web.log

317
manual/changelog/drive-client-changelog.md Normal file
View file

@ -0,0 +1,317 @@
# SeaDrive Client Changelog
### 2.0.9 (2020/11/20)
* \[Mac] Fix failure to load kernel extension on macOS 11 Big Sur
### 2.0.8 (2020/11/14)
* \[Mac] Support macOS 11
* \[Win] Fix moving multiple files/folders across different folders
### 2.0.7 (2020/10/31)
* \[Win] Avoid unintended file deletions when removing seafile account
* \[Mac] Fix some application compatibility issues caused by extended file attributes handling
### 2.0.6 (2020/09/24)
* \[Win] Remove invalid characters from sync root folder name
* \[Win] Increase request timeout for rename library, delete library, create library, move folders
* \[Win] Avoid creating redundant sync root folders on restart
* \[Win] Support pre-configuration registry keys
### 1.0.12 (2020/08/25)
* Fix occasional "permission denied" error when syncing a library
### 2.0.5 (2020/07/30)
* Fix occasional "permission denied" error when syncing a library
* \[Win] Remove explorer shortcut when uninstall SeaDrive or change cache folder location
### 2.0.4 (2020/07/13)
* \[Win] Use username for cache folder name instead of a hash value
* \[Win] Retry download files when pinning a folder
* \[Win] Retry rename category folder when switching language
* \[Win] Only allow install on Windows 10 1709 or later
* \[Mac] Disable "search in Finder" option
* Fix tray icon sync error status
### 2.0.3 (2020/06/17)
* \[Win] Fix crash on Windows 10 1709 - 1803
* \[Win] Show SeaDrive shortcut when opening files in 32-bit applications (e.g. Word)
* \[Win] Avoid creating unnecessary conflict files
* \[Win] Improve error message of opening placeholder files when SeaDrive is not running
* \[Win] Support removing account information when uninstall
### 2.0.2 (2020/05/23)
* \[Mac] Support syncing encrypted libraries
* \[Win] Support change cache location
* \[Win] Improve account switching behaviors
* \[Win] Other bug fixes
### 2.0.1 for Windows (2020/04/13)
* Fix issues when switching languages
* Fix issues for legacy Windows "8.3 format" paths
* Improve speed of creating placeholders
* Don't add SeaDrive cache folder to Windows search index
* Use short hash instead of "servername_account" for cache folder name
* Prevent the old Explorer extension from calling new SeaDrive (avoiding high CPU usage)
* Fix small issues in encrypted library support
* Change installation location from "Seafile Ltd" to "Seafile"
* Add SeaDrive entry to Windows start menu
* Change "seadrive" to "SeaDrive" in Explorer navigation pane
* Fix SSO re-login failure
### 2.0.0 for Windows (2020/03/20)
* Use Windows 10 native API to implement the virtual drive
* Support syncing encrypted libraries
### 1.0.11 (2020/02/07)
* Fix a bug that logout and login will lead to file deletion
* \[mac] Fix a bug in SSO
### 1.0.10 (2019/12/23)
* Fix a bug that sometimes SeaDrive is empty when network unavailable
* Fix generating too many tokens when library downloading failed
* Fix sometimes files should be ignored are uploaded
* Automatically re-sync a library if local metadata is broken
* \[mac] Add support for MacOS 10.15
* \[mac] Drop support for MacOS 10.12
### 1.0.8 (2019/11/05)
* Support French and Germany language for top level folder name
* Fix a compatible issue with Excel
* Fix a problem in cleaning local cache
* Support delete library in category My Libraries
* Ignore .fuse_hidden file in Mac
* Rotate seadrive.log
### 1.0.7 (2019/08/21)
* \[mac] Improve finder extension
### 1.0.6 (2019/07/01)
* \[fix, win] Fix a problem when uninstall or upgrade the drive client when the client is running.
* \[fix] Fix a crash problem when file path containing invalid character
### 1.0.5 (2019/06/11)
* \[fix] Fix lots of "Creating partial commit after adding" in the log
* \[fix] Fix permission at the client is wrong when a library shared to different groups with different permissions
* \[fix] Don't show libraries with online preview or online read-write permission
* \[mac] Add Mac Finder preview plugin to prevent automatically downloading of files
### 1.0.4 (2019/04/23)
* \[fix] Fix file locking
* \[fix] Fix support of detecting pro edition when first time login
* Support Kerberos authentication
### 1.0.3 (2019/03/18)
* \[fix] Fix copy folders with properties into SeaDrive
* \[fix] Fix a possible crash bug when listing libraries
### 1.0.1 (2019/01/14)
* Update included Dokany drive
* Improve notification when user try to delete a library in the client
* \[fix] Fix getting internal link for folders
* \[fix] Fix problem after changing the cache directory
* \[fix] Fix support for guest users that have no storage capacity
* \[fix] Fix timeout when loading a library with a lot of files
### 1.0.0 (2018/11/19)
* \[fix] Allow a guest user to copy files into shared library
* Support pause sync
* \[win] Add option to only allow current user to view the virtual disk
* \[win] Don't let the Windows to search into the internal cache folder
* \[win] Install the explorer extension to system path to allow multiple users to use the extension
* \[mac] Add option to allow search in Finder (disabled by default)
* \[mac] Update kernel drive to support Mac Mojave
* \[mac] Support office file automatically lock
### 0.9.5 (2018/09/10)
* \[fix, win] Fix support for some SSL CA
* Redirect to https if user accidentally input server's address with http but the server is actually use http
* \[fix, win] Show a tooltip that the Windows system maybe rebooted during upgrading drive client
* \[fix, mac] Fix permission problems during installation on Mac 10.13+
### 0.9.4 (2018/08/18)
* \[win] No longer depends on .Net framework
* \[mac] Support file search in Finder
* \[win] Fix loading of HTTPS certifications
### 0.9.3 (2018/06/19)
* \[win] Show syncing status at the top level folders
* \[fix] Fix sometimes logout/login lead to empty drive folder
* Support change cache folder
* Add "open file/open folder" in search window
* Set automatically login to true in SSO mode
* \[mac] Fix compatibility with AirDrop
### 0.9.2 (2018/05/05)
* Fix a bug that causing SeaDrive crash
### 0.9.1 (2018/04/24)
* Fix a bug that causing crash when file search menu is clicked
### 0.9.0 (2018/04/24)
* Libraries are displayed under three folders "My Libraries", "Group Libraries", "Shared libraries"
* \[fix] Fix a bug in cleaning cache
* \[win] Update the kernel drive
* Improve syncing notification messages
* \[mac] Include the kernel drive with the SeaDrive package
* \[mac] Add Finder sidebar shortcut
* Add file search
### 0.8.6 (2018/03/19)
* \[fix] Fix compatibility with Visio and other applications by implementing a missing system API
### 0.8.5 (2018/01/03)
* \[fix] Fix SeaDrive over RDP in Windows 10/7
* \[fix] Fix SeaDrive shell extension memory leak
* \[fix] Fix duplicated folder/files shown in Finder.app (macOS)
* \[fix] Fix file cache status icon for MacOS
### 0.8.4 (2017/12/01)
* \[fix] Fix Word/Excel files can't be saved in Windows 10
* Add "download" context menu to explicitly download a file
* Change "Shibboleth" to "Single Sign On"
### 0.8.3 (2017/11/24)
* \[fix] Fix deleted folder recreated issue
* Improve UI of downloading/uploading list dialog
### 0.8.1 (2017/11/03)
* Use "REMOVABLE" when mount the drive disk
* Prevent creating "System Volume Information"
* Some UI fixes
### 0.8.0 (2017/09/16)
* \[fix] Reuse old drive letter after SeaDrive crash
* \[fix] Fix rename library back to old name when it is changed in the server
* \[fix] Fix sometimes network can not reconnected after network down
* Change default block size to 8MB
* Make auto-login as default
* Remount SeaDrive when it is unmounted after Windows hibernate
### 0.7.1 (2017/06/23)
* \[fix] Fix a bug that causing client crash
### 0.7.0 (2017/06/07)
* Add support for multi-users using SeaDrive on a single desktop. But different users must choose different drive letters.
* Improve write performance
* \[fix] When a non-cached file is locked in the server, the "lock" icon will be shown instead of the "cloud" icon.
* Add "automatically login" option in login dialog
* Add file transfer status dialog.
### 0.6.2 (2017/04/22)
* \[fix] Fix after moving a file to a newly created sub folder, the file reappear when logout and login
* Refresh current folder and the destination folder after moving files from one library to another library
* \[fix] Fix file locking not work
* \[fix] Fix sometimes files can't be saved
### 0.6.1 (2017/03/27)
* \[fix] Don't show a popup notification to state that a file can't be created in `S:` because a few programs will automatically try to create files in `S:`
### 0.6.0 (2017/03/25)
* Improve syncing status icons
* Show error in the interface when there are syncing errors
* Don't show rorate icon when downloading/uploading metadata
* \[fix] Don't download files when the network is not connected
### 0.5.2 (2017/03/09)
* \[fix] Rename a non-cached folder or file will lead to sync error.
### 0.5.1 (2017/02/16)
* \[fix] Fix copying exe files to SeaDrive on Win 7 will freeze the explorer
* The mounted drive is only visible to the current user
* Add popup notification when syncing is done
* \[fix] Fix any change in the settings leads to a drive letter change
### 0.5.0 (2017/01/18)
* Improve stability
* Support file locking
* Support sub-folder permission
* \[fix] Fix 1TB limitation
* User can choose disk letter in settings dialog
* Support remote wipe
* \[fix] Use proxy server when login
* Click system tray icon open SeaDrive folder
* Support application auto-upgrade
### 0.4.2 (2016/12/16)
* \[fix] Fix SeaDrive initialization error during Windows startup
### 0.4.1 (2016/11/07)
* \[fix] Fix a bug that lead to empty S: drive after installation.
### 0.4.0 (2016/11/05)
* \[fix] Fix a bug that leads to generation of conflict files when editing
* Add translations
* Update included Dokany library to 1.0
* Don't show encrypted libraries even in command line
* Show permission error when copy a file to the root
* Show permission error when try to modify a read-only folder
* Show permission error when try to delete a folder in the root folder
### 0.3.1 (2016/10/22)
* Fix link for license terms
* Use new system tray icon
* Add notification for cross-libraries file move
### 0.3.0 (2016/10/14)
* Support selecting Drive letter
* Don't create folders like msiS50.tmp on Windows
* \[fix] Fix cache size limit settings
* Correctly show the storage space if the space is unlimited on the server side.
### 0.2.0 (2016/09/15)
* Add shibboleth support
* Show a dialog notify the client is downloading file list from the server during initialisation
* Show transfer rate
* \[fix] Fix a bug that lead to the file modification time to be empty
* \[fix] Fix a bug that lead to files not be uploaded
### 0.1.0 (2016/09/02)
* Initial release

839
manual/changelog/server-changelog-old.md Normal file
View file

@ -0,0 +1,839 @@
# Seafile Server Changelog (old)
## 5.0
**Note when upgrade to 5.0 from 4.4**
You can follow the document on major upgrade (<http://manual.seafile.com/deploy/upgrade.html>)
In Seafile 5.0, we have moved all config files to folder `conf`, including:
* seahub_settings.py -> conf/seahub_settings.py
* ccnet/ccnet.conf -> conf/ccnet.conf
* seafile-data/seafile.conf -> conf/seafile.conf
* \[pro only] pro-data/seafevents.conf -> conf/seafevents.conf
If you want to downgrade from v5.0 to v4.4, you should manually copy these files back to the original place, then run minor_upgrade.sh to upgrade symbolic links back to version 4.4.
The 5.0 server is compatible with v4.4 and v4.3 desktop clients.
Common issues (solved) when upgrading to v5.0:
* DatabaseError after Upgrade to 5.0 <https://github.com/haiwen/seafile/issues/1429#issuecomment-153695240>
### 5.0.5 (2016.03.02)
* Get name, institution, contact_email field from Shibboleth
* \[webdav] Don't show sub-libraries
* Enable LOGIN_URL to be configured, user need to add LOGIN_URL to seahub_settings.py explicitly if deploy at non-root domain, e.g. LOGIN_URL = '/<sub-path>/accounts/login/'.
* Add ENABLE_USER_CREATE_ORG_REPO to enable/disable organization repo creation.
* Change the Chinese translation of "organization"
* Use GB/MB/KB instead of GiB/MiB/KiB in quota calculation and quota setting (1GB = 1000MB = 1,000,000KB)
* Show detailed message if sharing a library failed.
* \[fix] Fix JPG Preview in IE11
* \[fix] Show "out of quota" instead of "DERP" in the case of out of quota when uploading files via web interface
* \[fix] Fix empty nickname during shibboleth login.
* \[fix] Fix default repo re-creation bug when web login after desktop.
* \[fix] Don't show sub-libraries at choose default library page, seafadmin page and save shared file to library page
* \[fix] Seafile server daemon: write PID file before connecting to database to avoid a problem when the database connection is slow
* \[fix] Don't redirect to old library page when restoring a folder in snapshot page
### 5.0.4 (2016.01.13)
* \[fix] Fix unable to set a library to keep full history when the globally default keep_days is set.
* \[fix] Improve the performance of showing library trash
* \[fix] Improve share icon
* Search user by name in case insensitive way
* Show broken libraries in user's library page (so they can contact admin for help)
* \[fix] Fix cache for thumbnail in sharing link
* \[fix] Enable copy files from read-only shared libraries to other libraries
* \[fix] Open image gallery popup in grid view when clicking the thumbnail image
### 5.0.3 (2015.12.17)
* \[ui] Improve UI of all groups page
* Don't allow sharing library to a non-existing user
* \[fix, admin] Fix deleting a library when the owner does not exist anymore
* \[fix] Keep file last modified time when copy files between libraries
* Enable login via username in API
* \[ui] Improve markdown editor
Improve seaf-fsck
* Do not set "repaired" mark
* Clean syncing tokens for repaired libraries so the user are forced to resync the library
* Record broken file paths in the modification message
Sharing link
* Remember the "password has been checked" information in session instead of memcached
* \[security] Fix password check for visiting a file in password protected sharing link.
* Show file last modified time
* \[fix] Fix image thumbnail in grid view
* \[ui] Improve UI of grid view mode
### 5.0.2 (2015.12.04)
* \[admin] Show the list of groups an user joined in user detail page
* \[admin] Add exporting user/group statistics into Excel file
* Showing libraries list in "All Groups" page
* Add importing group members from CSV file
* \[fix] Fix the performance problem in showing thumbnails in folder sharing link page
* \[fix] Clear cache when set user name via API
* \[fix, admin] Fix searching libraries by name when some libraries are broken
### 5.0.1 beta (2015.11.12)
* \[fix] Fix start up parameters for seaf-fuse, seaf-server, seaf-fsck
* Update Markdown editor and viewer. The update of the markdown editor and parser removed support for the Seafile-specific wiki syntax: Linking to other wikipages isn't possible anymore using `[[ Pagename]]`.
* Add tooltip in admin panel->library->Trash: "libraries deleted 30 days before will be cleaned automatically"
* Include fixes in v4.4.6
### 5.0.0 beta (2015.11.03)
UI changes:
* change most png icons to icon font
* UI change of file history page
* UI change of library history page
* UI change of trash page
* UI change of sharing link page
* UI change of rename operation
* Add grid view for folder sharing link
* Don't open a new page when click the settings, trash and history icons in the library page
* other small UI improvements
Config changes:
* Move all config files to folder `conf`
* Add web UI to config the server. The config items are saved in database table (seahub-dab/constance_config). They have a higher priority over the items in config files.
Trash:
* A trash for every folder, showing deleted items in the folder and sub-folders.
Others changes
Admin:
* Admin can see the file numbers of a library
* Admin can disable the creation of encrypted library
Security:
* Change most GET requests to POST to increase security
## 4.4
### 4.4.6 (2015.11.09)
* \[security] Fix a XSS problem in raw sharing link
* \[fix] Delete sharing links when deleting a library
* \[fix] Clean Seafile tables when deleting a library
* \[fix] Add <a> tag to the link in upload folder email notification
* \[fix] Fix a bug in creating a library (after submit a wrong password, the submit button is no longer clickable)
### 4.4.5 (2015.10.31)
* \[fix] Fix a bug in deleting sharing link in sharing dialog.
### 4.4.4 (2015.10.27)
* \[fix] Fix support for syncing old formatted libraries
* Only import LDAP users to Seafile internal database upon login
* Only list imported LDAP users in "organization->members"
* Remove commit and fs objects in GC for deleted libraries
* Improve error log for LDAP
* Add "transfer" operation to library list in "admin panel->a single user"
* \[fix] Fix the showing of the folder name for upload link generated from the root of a library
### 4.4.3 (2015.10.15)
* \[security] Check validity of file object id to avoid a potential attack
* \[fix] Check the validity of system default library template, if it is broken, recreate a new one.
* \[fix] After transfer a library, remove original sharing information
* \[security] Fix possibility to bypass Captcha check
* \[security] More security fixes.
### 4.4.2 (2015.10.12)
* \[fix] Fix sometimes a revision is missing from a file's version history
* \[security] Use HTTP POST instead of GET to remove libraries
* \[fix] Fix a problem that sharing dialog not popup in IE10
* A few other small UI improvements
### 4.4.1 (2015.09.24)
* \[fix] Fix a bug in setting an user's language
* \[fix] Show detailed failed information when sharing libraries failed
* Update translations
* \[api] Add API to list folders in a folder recursively
* \[api] Add API to list only folders in a folder
### 4.4.0 (2015.09.16)
New features:
* Allow group names with spaces
* Enable generating random password when adding an user
* Add option SHARE_LINK_PASSWORD_MIN_LENGTH
* Add sorting in share link management page
* Show total/active number of users in admin panel
* Other UI improvements
Fixes:
* \[fix] Fix a bug that causing duplications in table LDAPImport
* \[security] Use POST request to handle password reset request to avoid CSRF attack
* Don't show password reset link for LDAP users
* set locale when Seahub start to avoid can't start Seahub problem in a few environments.
## 4.3
### 4.3.2 (2015.08.20)
* \[fix, important] Bug-fix and improvements for seaf-fsck
* \[fix, important] Improve I/O error handling for file operations on web interface
* Update shared information when a sub-folder is renamed
* \[fix] Fix bug of list file revisions
* Update translations
* \[ui] Small improvements
* \[fix] Fix api error in opCopy/opMove
* Old library page (used by admin in admin panel): removed 'thumbnail' & 'preview' for image files
* \[fix] Fix modification operations for system default library by admin
### 4.3.1 (2015.07.29)
* \[fix] Fix generating image thumbnail
* \[ui] Improve UI for sharing link page, login page, file upload link page
* \[security] Clean web sessions when reset an user's password
* Delete the user's libraries when deleting an user
* Show link expiring date in sharing link management page
* \[admin] In a user's admin page, showing libraries' size and last modify time
### 4.3.0 (2015.07.21)
Usability Improvement
* \[ui] Improve ui for file view page
* \[ui] Improve ui for sorting files and libraries
* Redesign sharing dialog
* Enable generating random password for sharing link
* Remove private message module
* Remove direct _single_ file sharing between users (You can still sharing folders)
* Change "Quit" to "Leave group" in group members page
Others
* Improve user management for LDAP
* \[fix] Fix a bug that client can't detect a library has been deleted in the server
* \[security] Improve permission check in image thumbnail
* \[security] Regenerate Seahub secret key, the old secret key lack enough randomness
* Remove the support of ".seaf" format
* \[api] Add API for generating sharing link with password and expiration
* \[api] Add API for generating uploading link
* \[api] Add API for link files in sharing link
* Don't listen in 10001 and 12001 by default.
* Add an option to disable sync with any folder feature in clients
* Change the setting of THUMBNAIL_DEFAULT_SIZE from string to number, i.e., use `THUMBNAIL_DEFAULT_SIZE = 24`, instead of `THUMBNAIL_DEFAULT_SIZE = '24'`
## 4.2
Note when upgrade to 4.2 from 4.1:
If you deploy Seafile in a non-root domain, you need to add the following extra settings in seahub_settings.py:
```
COMPRESS_URL = MEDIA_URL
STATIC_URL = MEDIA_URL + '/assets/'
```
### 4.2.3 (2015.06.18)
* Add global address book and remove the contacts module (You can disable it if you use CLOUD_MODE by adding ENABLE_GLOBAL_ADDRESSBOOK = False in seahub_settings.py)
* Use image gallery module in sharing link for folders containing images
* \[fix] Fix missing library names (show as none) in 32bit version
* \[fix] Fix viewing sub-folders for password protected sharing
* \[fix] Fix viewing starred files
* \[fix] Fix supporting of uploading multi-files in clients' cloud file browser
* Improve security of password resetting link
### 4.2.2 (2015.05.29)
* \[fix] Fix picture preview in sharing link of folders
* Improve add library button in organization tab
### 4.2.1 (2015.05.27)
* Add direct file download link
* \[fix] Fix group library creation bug
* \[fix] Fix library transfer bug
* \[fix] Fix markdown file/wiki bug
* Don't show generating sharing link for encrypted libraries
* Don't show the list of sub-libraries if user do not enable sub-library
* Enable adding existing libraries to organization
* Add loading tip in picture preview page
### 4.2.0 beta (2015.05.13)
Usability
* Remove showing of library description
* Don't require library description
* Keep left navigation bar when navigate into a library
* Generate share link for the root of a library
Security Improvement
* Remove access tokens (all clients will log out) when a users password changed
* Temporary file access tokens can only be used once
* sudo mode: confirm password before doing sysadmin work
Platform
* Use HTTP/HTTPS sync only, no longer use TCP sync protocol
* read/write permission on sub-folders (Pro)
* Support byte-range requests
* Automatically clean of trashed libraries
* \[ldap] Save user information into local DB after login via LDAP
## 4.1
### 4.1.2 (2015.03.31)
* \[fix] Fix several packaging related bugs (missing some python libraries)
* \[fix] Fix webdav issue
* \[fix] Fix image thumbnail in sharing link
* \[fix] Fix permission mode of seaf-gc.sh
* Show detailed time when mouse over a relative time
### 4.1.1 (2015.03.25)
* Add trashed libraries (deleted libraries will first be put into trashed libraries where system admin can restore)
* \[fix] Fix upgrade script for SQLite
* Improve seaf-gc.sh
* Do not support running on CentOS 5.
### 4.1.0 beta (2015.03.18)
* Shibboleth authentication support.
* Redesign fsck.
* Add image thumbnail in folder sharing link
* Add API to support logout/login an account in the desktop client
* Add API to generate thumbnails for images files
* Clean syncing tokens after deleting an account
* Change permission of seahub_settings.py, ccnet.conf, seafile.conf to 0600
* Update Django to v1.5.12
## 4.0
### 4.0.6 (2015.02.04)
Important
* \[fix] Fix transfer library error in sysadmin page
* \[fix] Fix showing of space used in sysadmin page for LDAP users
* Improved trash listing performance
Small
* \[webdav] list organisation public libraries
* Disable non-shibboleth login for shibboleth users
* \[fix] Fix wrong timestamp in file view page for files in sub-library
* Add Web API for thumbnail
* Add languages for Thai and Turkish, update a few translations
### 4.0.5 (2015.01.14)
Important
* \[fix] Fix memory leak in HTTP syncing
* Repo owner can restore folders/files from library snapshot
* Update translations
* Only repo owner can restore a library to a snapshot
Small improvements
* \[fix] Remote redundant logs in seaf-server
* \[fix] Raise 404 when visiting an non-existing folder
* \[fix] Enable add admin when LDAP is enabled
* Add API to get server features information (what features are supported by this server)
* \[fix] Fix throttle for /api2/ping
### 4.0.4 (2015.01.06)
* \[fix] Fix syncing sub-library with HTTP protocol
* \[fix] Fix a bug in setup-seafile-mysql.sh
### 4.0.3 (2014.12.30)
* \[fix] Fix unable to share library to another user
### 4.0.2 (2014.12.26)
* Add image thumbnail
* Add Shibboleth support (beta)
* \[fix] Fix performance problem in listing files API
* \[fix] Fix listing files of a large folder
* \[fix] Fix folder sharing link with password protection
* \[fix] Fix deleting broken libraries in the system admin panel
### 4.0.1 (2014.11.29)
* \[fix] Fix bugs in syncing with HTTP protocol
* Add upgrading script (from v3.1 to v4.0)
### 4.0.0 (2014.11.10)
* Add HTTP syncing support
* Merge FileServer into seaf-server
## 3.1
### 3.1.7 (2014.10.20)
* \[fix] Fixed performance problem in WebDAV extension
* \[fix] Fixed quota check in WebDAV extension
* \[fix] Fixed showing libraries with same name in WebDAV extension
* Add "clear" button in a library's trash
* Support upload a folder in web interface when using Chrome
* \[fix] Improve small errors when upload files via Web interface
* \[fix] Fix moving/coping files when the select all file checkbox is checked
### 3.1.6 (2014.09.11)
* \[fix] Fix bug in uploading >1GB files via Web
* \[fix] Remove assert in Ccnet to avoid denial-of-service attack
* Revert the work "access token generated by FileServer can only be used once" because this leads to several problems
### 3.1.5 (2014.08.29)
* \[fix] Fix multi-file upload in upload link and library page
* \[fix] Fix libreoffice file online view
* Add 'back to top' for pdf file view.
* \[fix] Fix "create sub-library" button under some language
* \[fix popup] Fix bug in set single notice as read.
### 3.1.4 (2014.08.26)
* \[fix, security] Fix permission check for PDF full screen view
* \[fix] Fix copy/move multiple files in web
* Improve UI for group reply notification
* Improve seaf-fsck, seaf-fsck now can fix commit missing problem
* \[security improve] Access token generated by FileServer can only be used once.
### 3.1.3 (2014.08.18)
* \[fix] fix memory leak
* \[fix] fix a memory not initialized problem which may cause sync problem under heavy load.
* \[fix] fix creating personal wiki
### 3.1.2 (2014.08.07)
* Use unix domain socket in ccnet to listen for local connections. This isolates the access to ccnet daemon for different users. Thanks to Kimmo Huoman and Henri Salo for reporting this issue.
### 3.1.1 (2014.08.01)
* Add a bash wrapper for seafile-gc
* \[fix] fix listing libraries when some libraries are broken
* Remove simplejson dependency
* Update translations
* Add "Back to Top" button in file view page
* Improve page refreshing after uploading files
### 3.1.0 (2014.07.24)
Syncing
* Improve performance: easily syncing 10k+ files in a library.
* Don't need to download files if they are moved to another directory.
Platform
* Rename HttpServer to FileServer to remove confusing.
* Support log rotate
* Delete old PID files when stop Seafile
Web
* Enable deleting of personal messages
* Improved notification
* Upgrade pdf.js
* Password protection for sharing links
* \[admin] Create multi-users by uploading a CSV file
* Sort libraries by name/date
* Enable users to put an additional message when sending a sharing link
* Expiring time for sharing links
* \[fix] Send notification to all users participating a group discussion
* Redesigned file viewing page
* Remove simplejson dependency
* Disable the ability to make a group public by default (admin can turn it on in settings)
## 3.0
### 3.0.4 (2014.06.07)
* \[api] Add replace if exist into upload-api
* Show detailed error message when Gunicorn failed to start
* Improve object and block writting performance
* Add retry when failed getting database connection
* \[fix] Use hash value for avatar file names to avoid invalid file name
* \[fix] Add cache for repo_crypto.js to improve page speed
* \[fix] Show error message when change/reset password of LDAP users
* \[fix] Fix "save to my library" when viewing a shared file
* \[fix, api] Fix rename file names with non-ascii characters
### 3.0.3
* \[fix] Fix an UI bug in selecting multiple contacts in sending message
* Library browser page: Loading contacts asynchronously to improve initial loading speed
### 3.0.2
* \[fix] Fix a bug in writing file metadata to disk, which causing "file information missing error" in clients.
* \[fix] Fix API for uploading files from iOS in an encrypted library.
* \[fix] Fix WebDAV
* \[fix] Fix API for getting groups messages containing multiple file attachments
* \[fix] Fix bug in HttpServer when file block is missing
* \[fix] Fix login error for some kind of Android
### 3.0.1
* \[fix] Fix showing bold/italic text in .seaf format
* \[fix] Fix UI problem when selecting contacts in personal message send form
* \[fix] Add nickname check and escape nickname to prevent XSS attack
* \[fix] Check validity of library name (only allow a valid directory name).
### 3.0.0
Web
* Lots of small improvements in UI
* Translations
* \[fix] Handle loading avatar exceptions to avoid 500 error
Platform
* Use random salt and PBKDF2 algorithm to store users' password. (You need to manually upgrade the database if you using 3.0.0 beta2 with MySQL backend.)
### 3.0.0 beta2
Web
* Handle 413 error of file upload
* Support cross library files copy/move
* Fixed a few api errors
Platform
* Allow config httpserver bind address
* \[fix] Fix file ID calculation
* Improved device (desktop and mobile clients) management
* Add back webdav support
* Add upgrade script
### 3.0.0 beta
Platform
* Separate the storage of libraries
* Record files' last modification time directly
* Keep file timestamp during syncing
* Allow changing password of an encrypted library
Web
* Redesigned UI
* Improve page loading speed
## 2.2
### 2.2.1
* \[fix] Fixed creation of admin account
### 2.2.0
* Add more checking for the validity of users' Email
* Use random salt and PBKDF2 algorithm to store users' password.
## 2.1
### 2.1.5
* Add correct mime types for mp4 files when downloading
* \[important] set correct file mode bit after uploading a file from web.
* Show meaningful message instead of "auto merged by system" for file merges
* Improve file history calculation for files which were renamed
WebDAV
* Return last modified time of files
### 2.1.4
* \[fix] Fix file share link download issue on some browsers.
* \[wiki] Enable create index for wiki.
* Hide email address in avatar.
* Show "create library" button on Organization page.
* \[fix] Further improve markdown filter to avoid XSS attack.
### 2.1.3
* \[api] Add more web APIs
* Incorporate Viewer.js to display opendocument formats
* \[fix] Add user email validation to avoid SQL injection
* \[fix] Only allow `<a>, <table>, <img>` and a few other html elements in markdown to avoid XSS attack.
* Return sub-libraries to the client when the feature is enabled.
### 2.1.2
* \[fix] Fixed a bug in update script
### 2.1.1
* Allow the user to choose the expiration of the session when login
* Change default session expiration age to 1 day
* \[fix] Fixed a bug of copying/moving files on web browsers
* \[fix] Don't allow script in markdown files to avoid XSS attacks
* Disable online preview of SVG files to avoid potential XSS attacks
* \[custom] Support specify the width of height of custom LOGO
* Upgrade scripts support MySQL databases now
### 2.1.0
Platform
* Added FUSE support, currently read-only
* Added WebDAV support
* A default library would be created for new users on first login to seahub
Web
* Redesigned Web UI
* Redesigned notification module
* Uploadable share links
* \[login] Added captcha to prevent brute force attack
* \[fix] Fixed a bug of "trembling" when scrolling file lists
* \[sub-library] User can choose whether to enable sub-library
* Improved error messages when upload fails
* Set default browser file upload size limit to unlimited
Web for Admin
* Improved admin UI
* More flexible customization options
* Online help is now bundled within Seahub
## 2.0
### 2.0.4
* \[fix] set the utf8 charset when connecting to database
* Getting users from both database and LDAP
* \[web] List all contacts when sharing libraries
* \[admin] List database and LDAP users in sysadmin
### 2.0.3
* \[fix] Speed up file syncing when there are lots of small files
### 2.0.2
* \[fix] Fix CIFS support.
* \[fix] Support special characters like '@' in MySQL password
* \[fix] Fix create library from desktop client when deploy Seafile with Apache.
* \[fix] Fix sql syntax error in ccnet.log, issue #400 (<https://github.com/haiwen/seafile/issues/400>).
* \[fix] Return organization libraries to the client.
* Update French, German and Portuguese (Brazil) languages.
### 2.0.1
* \[fix] Fix a bug in sqlite3 upgrade script
* Add Chinese translation
### 2.0.0
Platform
* New crypto scheme for encrypted libraries
* A fsck utility for checking data integrity
Web
* Change owner of a library/group
* Move/delete/copy multiple files
* Automatically save draft during online editing
* Add "clear format" to .seaf file online editing
* Support user delete its own account
* Hide Wiki module by default
* Remove the concept of sub-library
Web for Admin
* Change owner of a library
* Search user/library
API
* Add list/add/delete user API
## 1.8
### 1.8.5
* \[bugfix] Fix "can't input space" bug in .seaf files
* Add pagination for online file browsing
### 1.8.3
* \[bugfix] Fix bug in setup-seafile-mysql.sh
* Make reset-admin script work for MySQL
* Remove redundant log messages
* Fixed bugs in web API
### 1.8.2
* Add script for setting up MySQL
* \[bugfix] Fixed a bug when sharing a library to another user without sending HTTP_REFERER
### 1.8.1
* \[bugfix] Fixed a bug when generating shared link
### 1.8.0
Web
* Improve online file browsing and uploading
* Redesigned interface
* Use ajax for file operations
* Support selecting of multiple files in uploading
* Support drag/drop in uploading
* Improve file syncing and sharing
* Syncing and sharing a sub-directory of an existing library.
* Directly sharing files between two users (instead of generating public links)
* User can save shared files to one's own library
* \[wiki] Add frame and max-width to images
* Use 127.0.0.1 to read files (markdown, txt, pdf) in file preview
* \[bugfix] Fix pagination in library snapshot page
* Set the max length of message reply from 128 characters to 2000 characters.
* Improved performance for home page and group page
* \[admin] Add administration of public links
API
* Add creating/deleting library API
Platform
* Improve HTTPS support, now HTTPS reverse proxy is the recommend way.
* Add LDAP filter and multiple DN
* Case insensitive login
* Move log files to a single directory
* \[security] Add salt when saving user's password
* \[bugfix] Fix a bug in handling client connection
## 1.7
### 1.7.0.2 for Linux 32 bit
* \[bugfix] Fix "Page Unavailable" when view doc/docx/ppt.
### 1.7.0.1 for Linux 32 bit
* \[bugfix] Fix PostgreSQL support.
### 1.7.0
Web
* Upgrade to Django 1.5
* Add personal messaging
* Support cloud_mode to hide the "organization" tab
* Support listing/revoking syncing clients
* \[bugfix] Fix a bug in Markdown undo/redo
* \[pro-edition] Searching in a library
* \[pro-edition] Redesign file activities
* \[pro-edition] Redesign doc/ppt/pdf preview with pdf2htmlEX
Daemon
* Support PostgreSQL
* \[bugfix] fix bugs in GC
## 1.6
### 1.6.1
Web
* \[bugfix] Fix showing personal Wiki under French translation
* \[bugfix] Fix showing markdown tables in Wiki
* \[bugfix] Fixed wiki link parsing bug when page alias contains dot.
* Disable sharing link for encrypted libraries
* \[admin] improved user-add, set/revoke admin, user-delete
Daemon
* \[controller] Add monitor for httpserver
### 1.6.0
Web
* Separate group functions into Library/Discuss/Wiki tabs
* Redesign Discussion module
* Add Wiki module
* Improve icons
* Can make a group public
* \[editing] Add toolbar and help page for Markdown files
* \[editing] A stable rich document editor for .seaf files
* \[bugfix] Keep encryption property when change library name/desc.
For Admin
* Add --dry-run option to seafserv-gc.
* Support customize seafile-data location in seafile-admin
* Do not echo the admin password when setting up Seafile server
* seahub/seafile no longer check each other in start/stop scripts
API
* Show file modification time
* Add update file API
## 1.5
### 1.5.2
* \[daemon] Fix problem in DNS lookup for LDAP server
### 1.5.1
* \[web] Fix password reset bug in Seafile Web
* \[daemon] Fix memory leaks in Seafile server
### 1.5.0
Seafile Web
* Video/Audio playback with MediaElement.js (Contributed by Phillip Thelen)
* Edit library title/description
* Public Info & Public Library page are combined into one
* Support selection of file encoding when viewing online
* Improved online picture view (Switch to prev/next picture with keyboard)
* Fixed a bug when doing diff for a newly created file.
* Sort starred files by last-modification time.
Seafile Daemon
* Fixed bugs for using httpserver under https
* Fixed performance bug when checking client's credential during sync.
* LDAP support
* Enable setting of the size of the thread pool.
API
* Add listing of shared libraries
* Add unsharing of a library.

619
manual/changelog/server-changelog.md Normal file
View file

@ -0,0 +1,619 @@
# Seafile Server Changelog
> You can check Seafile release table to find the lifetime of each release and current supported OS: <https://cloud.seatable.io/dtable/external-links/a85d4221e41344c19566/?tid=0000&vid=0000>
## 8.0
Please check our document for how to upgrade to 8.0: <https://download.seafile.com/published/seafile-manual/upgrade/upgrade_notes_for_8.0.md>
### 8.0.0 beta (2020/11/27)
* Support searching file in a library
* Rewrite upload link page to use React technology
* Improve GC performance
* Upgrade Django to 2.2 version
* Remove ccnet-server component
* Update help page
* Release v4 encrypted library format to enhance security for v3 encrypted format
## 7.1
**Feature changes**
Progresql support is dropped as we have rewritten the database access code to remove copyright issue.
**Upgrade**
Please check our document for how to upgrade to 7.1: <https://download.seafile.com/published/seafile-manual/upgrade/upgrade_notes_for_7.1.x.md>
### 7.1.5 (2020/09/22)
* \[fix] Fix a bug in returned group library permission for SeaDrive client
* \[fix] Fix files preview using OnlyOffice in public shared links
* Support pagination when listing libraries in a group
* Update wsgidav used in WebDAV
* \[fix] Fix WebDAV failed login via WebDAV secret
* \[fix] Fix WebDAV error if a file is moved immediately after uploading
* Remove redundent logs in seafile.log
* \[fix] Fix "save to..." in share link
* Add an option to show a user's email in sharing dialog (ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER)
* Add database connection pool to reduce database connection usage
* Enable generating internal links for files in an encrypted library
* Support setting the expire date time of a share link to a specific date time
* GC add --id-prefix option to scan a specific range of libraries
* fsck add an option to not check block integrity to speed up scanning
* \[fix] ccnet no longer listen on port 10001
### 7.1.4 (2020/05/19)
* \[fix] Fix page error in "System Admin-> Users -> A User -> Groups"
* \[fix] Fix listing LDAP imported users when number of users is greater than 500
* Support selecting and downloading multiple files in a sharing link
* Show share link expiration time in system admin
* \[fix] Fix file download links in public libraries
* Other UI fixes
### 7.1.3 (2020/03/26)
* Support sort libraries by size and number of files in admin panel
* Support sort users by used storage in admin panel
* \[fix] Fix Markdown print for markdown with more than 1 page
* Other UI fixes
### 7.1.2 beta (2020/03/05)
* \[fix] Fix HTTP/2 support
* Markdown page can now be printed using browser's "Print..."
* Add zoom buttons for PDF page
* Add sort function to directory share link page
* Add support for JSON web tokens in OnlyOffice integration
* UI improvements for pages in admin panel
### 7.1.1 beta (2019/12/23)
* \[fix] Fix Gunicorn warning
* \[fix] Fix SQLite upgrade script
* \[fix] Fix Seahub can't started problem on Debian 10
* \[fix] For for Excel and PPT, the default fonts are Chinese font sets.
* Some other UI fixes and improvements
### 7.1.0 beta (2019/12/05)
* Rewrite the system admin pages with React
* Upgrade to Python3
* Add library API Token, you can now generate API tokens for a library and use them in third party programs.
* Add a feature abuse report for reporting abuse for download links.
## 7.0
**Feature changes**
In version 6.3, users can create public or private Wikis. In version 7.0, private Wikis is replaced by column mode view. Every library has a column mode view. So users don't need to explicitly create private Wikis.
Public Wikis are now renamed to published libraries.
**Upgrade**
Just follow our document on major version upgrade. No special steps are needed.
### 7.0.5 (2019/09/23)
* \[fix] Fix '\\n' in system wide notification will lead to blank page
* \[fix] Remove all metadata in docx template
* \[fix] Fix redirection after login
* \[fix] Fix group order is not alphabetic
* \[fix] Fix download button in sharing link
* Mobile UI Improvement (Now all major pages can be used in Mobile smoothly)
* Add notification when a user try to leave a page during file transfer
* Add UI waiting notification when resetting a user's password in admin panel
* Add generating internal link (smart-link) for folders
* \[fix] Fix file drag and drop in IE and Firefox
* Improve UI for file uploading, support re-upload after error
* \[fix] Fix devices login via Shibboleth not show in devices list
* Support of OnlyOffice auto-save option
* \[fix] Fix zip download when user selecting a long list of files
* Other UI fixes
### 7.0.4 (2019/07/26)
* Fix avatar problem when deployed under non-root domain
* Add get internal link in share dialog
* Fix newly created DOCX files are not empty and have a Chinese font set as default font
* Fix system does not send email to new user when adding new user in system admin
* Fix thumbnail for TIFF files
* Fix direct download link for sharing links
### 7.0.3 (2019/07/05)
* UI Improvements and fixes
* Fix file upload button with Safari, IE edge
* Fix compatibility with "Open library in web" from the old version desktop client
* Support "." in group name
* Add back "send link" for upload links
* Add back grid view for folder sharing links
* Fix preview for PSD, TIFF files
* Fix deleting of favorate items when they are shared items but the sharing are revoked
* Fix avatar broken problem when using a non-stardard port
* Fix resumable file uploading
### 7.0.2 (2019/06/13)
* UI fixes
* Support index.md in published library
* Fix IE Edge support
### 7.0.1 beta (2019/05/31)
* \[fix] Fix database upgrade problem
* \[fix] Fix WebDAV can't be started
* \[fix] Some UI fixes
### 7.0.0 beta (2019/05/23)
* Upgraded Web UI with React framework. The look and feel of the new UI is much better.
* Improved Markdown editor
* Add columns view mode (tree view like in the Windows Explorer)
* Add context menu to manipulate files
* Move files via drag and drop
* Redesigned file tags
* Support editing share link permission after creating a link
## 6.3
In version 6.3, Django is upgraded to version 1.11. Django 1.8, which is used in version 6.2, is deprecated in 2018 April.
With this upgrade, the fast-cgi mode is no longer supported. You need to config Seafile behind Nginx/Apache in WSGI mode.
The way to run Seahub in another port is also changed. You need to modify the configuration file `conf/gunicorn.conf` instead of running `./seahub.sh start <another-port>`.
Version 6.3 also changed the database table for file comments, if you have used this feature, you need migrate old file comments using the following commends after upgrading to 6.3:
```
./seahub.sh python-env seahub/manage.py migrate_file_comment
```
> Note, this command should be run while Seafile server is running.
### 6.3.4 (2018/09/15)
* \[fix] Fix a security issue in Shibboleth authentication
* \[fix] Fix sometimes Web UI will not autoload a >100 item directory view
### 6.3.3 (2018/09/07)
* Add generating of internal links
* Support copy a file to its own parent folder, creating a file with a suffix like test-1.docx
* Support setting the language list
* Redirect '/shib-login' to '/sso'
* Change "Unknown error" to "network error" when uploading failed caused by network error
* \[fix] Fix groups not shown in system admin panel
* Support files be manually saved in OnlyOffice
* Improve performance when getting users quota usage
* Improve Markdown editor
* The new Wiki feature is ready
* Update Django to 1.11.11
### 6.3.2 (2018/07/09)
* \[fix] Fix error when public wiki be viewed by anonymous users
* Remove department field in users' profile page
* \[fix] Print warning instead of exit when there are errors in database table upgrade
* \[fix] Send notification to the upload link creator after there are files uploaded
* \[fix] Fix customize css via "custom/custom.css"
* \[api] return the last modifier in file detail API
* \[fix] Fix ZIP download can't work in some languages
### 6.3.1 (2018/06/24)
* Allow fullscreen presentation when view ppt(x) file via CollaboraOffice.
* Support mobile UI style when view file via OnlyOffice.
* Some UI improvement.
* Show terms and condition link if terms and condition is enabled
* \[fix] Update OnlyOffice callback func (save file when status is 6).
* \[fix] Show librarys first commits desc on library history page.
* \[fix] Check if is an deleted library when admin restore a deleted library.
* \[fix] Removed dead 'quota doc' link on user info popup.
* \[fix] Fix bug of OnlyOffice file co-authoring.
* \[api] Add starred field to file detail api.
* Use ID instead of email on sysadmin user page.
* \[fix] Fix database upgrade problems
* \[fix] Fix support for sqlite3
* \[fix] Fix crash when seaf-fsck, seaf-gc receive wrong arguments
### 6.3.0 beta (2018/05/26)
* UI Improvements: moving buttons to top bar, improve scrolling in file/library list
* Update Django to 1.11, remove fast-cgi support
* Update jQuery to version 3.3.1
* Update pdf.js
* Add invite people link to share dialog if the feature is enabled
* Remove login log after delete a user
* \[admin] Support customize site title, site name, CSS via Web UI
* \[beta] Wiki, users can create public wikis
* Add an option to define the listening address for WSGI mode
* \[fix] Fix a bug that causing seaf-fsck crash
* \[fix] Fix support for uploading folder via Cloud file browser
* \[fix] Cancel Zip download task at the server side when user close zip download dialog
* Other fixes
## 6.2
From 6.2, It is recommended to use WSGI mode for communication between Seahub and Nginx/Apache. Two steps are needed if you'd like to switch to WSGI mode:
1. Change the config file of Nginx/Apache.
2. Restart Seahub with `./seahub.sh start` instead of `./seahub.sh start-fastcgi`
The configuration of Nginx is as following:
```
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
```
The configuration of Apache is as following:
```
# seahub
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
```
### 6.2.5 (2018/01/23)
* \[fix] Fix OAuth bug
* \[fix] Improve the performance of returning a user's all group libraries
* \[new] Support customize the list of groups that a user can see when sharing a library
### 6.2.4 (2018/01/16)
* \[new] Add the feature "remember this device" after two-factor authentication
* \[new] Add option to notify the admin after new user registration (NOTIFY_ADMIN_AFTER_REGISTRATION)
* \[fix] Fix a bug in modify permission for a a shared sub-folder
* \[fix] Fix support for PostgreSQL
* \[fix] Fix a bug in SQLite database support
* \[fix] Fix support for uploading 500+ files via web interface (caused by API rate throttle)
* \[improve, ui] Add transition to show/hide of feedback messages.
* \[improve] Improve performance of file history page.
* \[improve] Show two file history records at least.
* \[fix] show shared sub-folders when copy/move file/folder to “Other Libraries”.
* \[fix] Remove the white edge of webpage when previewing file via OnlyOffice.
* \[fix] Dont check if user exists when deleting a group member in admin panel.
* \[fix, oauth] Dont overwrite public registration settings when login a nonexistent user.
* Other UI improvements.
### 6.2.3 (2017/11/15)
* Support OAuth.
* WSGI uses 5 processors by default instead of 3 processors each with 5 threads
* \[share] Add "click to select" feature for download/upload links.
* \[admin] Show/edit contact email in admin panel.
* \[admin] Show upload links in admin panel.
* \[fix] Fix Shibboleth login redirection issue, see <https://forum.seafile.com/t/shared-links-via-shibboleth/4067/19>
* \[fix] In some case failed to unshare a folder.
* \[fix] LDAP search issue.
* \[fix] Fix Safari downloaded file names are encoded like 'test-%2F%4B.doc' if it contains special characters.
* \[fix] Disable client encrypt library creation when creating encrypt library is disabled on server.
### 6.2.2 (2017/09/25)
* \[fix] Fix register button can't be clicked in login page
* \[fix] Fix login_success field not exist in sysadmin_extra_userloginlog
### 6.2.1 (2017/09/22)
* \[fix] Fix upgrade script for SQLite database
* Add Czech language
* \[ui] Move password setting to a separate section
* \[ui] Add divider to file operation menu
* \[ui] Use high DPI icon in favorites page
* \[ui] Focus on password fields by default
* \[ui] Show feedback message when restore a library to a snapshot
* \[fix] Don't import settings in seafile.conf to database
### 6.2.0 beta (2017/09/14)
* Redesign login page, adding a background image.
* Add two factor authentication
* Clean the list of languages
* Add the ability of tagging a snapshot of a library (Use `ENABLE_REPO_SNAPSHOT_LABEL = True` to turn the feature on)
* \[admin] Add an option to enable users to share a library to any groups in the system.
* Use WSGI as the default mode for deploying Seahub.
* Add a field Reference ID to support changing users primary ID in Shibboleth or LDAP
* Improved performance of loading library list
* Support adding a custom user search function (<https://github.com/haiwen/seafile-docs/commit/115f5d85cdab7dc272da81bcc8e8c9b91d85506e>)
* Other small UI improvements
## 6.1
If you upgrade from 6.0 and you'd like to use the feature video thumbnail, you need to install ffmpeg package:
```
# for ubuntu 16.04
apt-get install ffmpeg
pip install pillow moviepy
# for Centos 7
yum -y install epel-release
rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
yum -y install ffmpeg ffmpeg-devel
pip install pillow moviepy
```
### 6.1.2 (2017.08.15)
* Use user's language as lang setting for OnlyOffice
* Improve performance for getting users unread messages
* Fix error when uploading files to system default library template
* Users can restore their own deleted libraries
* Improve performance when move or copy multiple files/folders
* Add “details” for libraries, folders and files to show information like how many files in a library/folder
* \[fix] Fix a bug in seaf-gc
* \[fix, api] Fix a bug in creating folder API
* \[admin] Improve performance in getting total file number, used space and total number of devices
* \[fix] Fix MySQL connection pool in Ccnet
### 6.1.1 (2017.06.15)
* Disable thumbnail for video files in default
* Enable fixing the email for share link to be fixed in certain language (option SHARE_LINK_EMAIL_LANGUAGE in seahub_setting.py). So admin can force the language for a email of a share link to be always in English, regardless of what language the sender is using.
* The language of the interface of CollaboraOffice/OnlyOffice will be determined by the language of the current user.
* Display the correct image thumbnails in favorites instead of the generic one
* Enable set favicon and logo via admin panel
* Admin can add libraries in admin panel
### 6.1.0 beta (2017.05.11)
Web UI Improvement:
1. Add thumbnail for video files
2. Improved image file view, using thumbnail to view pictures
3. Improve pdf preview in community edition
4. Move items by drap & drop
5. Add create docx/xlsx/pptx in web interface
6. Add OnlyOffice integration
7. Add Collabora integration
8. Support folder upload in community edition
9. Show which client modify a file in history, this will help to find which client accidentally modified a file or deleted a file.
Improvement for admins:
1. Admin can set users quote, delete users in bulk
2. Support using admin panel in mobile platform
3. Add translation for settings page
System changes:
1. Remove wiki by default
2. Upgrade Django to 1.8.18
3. Clean Ajax API
4. Increase share link token length to 20 characters
5. Upgrade jstree to latest version
## 6.0
Note: If you ever used 6.0.0 or 6.0.1 or 6.0.2 with SQLite as database and encoutered a problem with desktop/mobile client login, follow <https://github.com/haiwen/seafile/pull/1738> to fix the problem.
### 6.0.9 (2017.03.30)
* Show user' name instead of user's email in notifications sent out by email
* Add config items for setting favicon, disable wiki feature
* Add css id to easily hide user password reset and delete account button
* \[fix] Fix UI bug in restoring a file from snapshot
* \[fix] Fix after renaming a file, the old versions before file rename can't be downloaded
* \[security] Fix XSS problem of the "go back" button in history page and snapshot view page
### 6.0.8 (2017.02.16)
Improvement for admin
* Admin can add/delete group members
* Admin can create group in admin panel
* Show total storage, total number of files, total number of connected devices in the info page of admin panel
* Force users to change password if imported via csv
* Support set user's quota, name when import user via csv
* Set user's quota in user list page
* Add search group by group name
* Use ajax when deleting a user's library in admin panel
* Support logrotate for controller.log
* Add `# -*- coding: utf-8 -*-` to seahub_settings.py, so that admin can use non-ascii characters in the file.
* Ingore white space character in the end of lines in ccnet.conf
* Add a log when a user can't be find in LDAP during login, so that the system admin can know whether it is caused by password error or the user can't be find
* Delete shared libraries information when deleting a user
Other
* \[fix] Uploading files with special names lets seaf-server crash
* \[fix] Fix user search when global address book is disabled in CLOUD_MODE
* \[fix] Avoid timeout in some cases when showing a library trash
* Show "the account is inactive" when an inactive account try to login
* \[security] Remove viewer.js to show open document files (ods, odt) because viewer.js is not actively maintained and may have potential security bugs (Thanks to Lukas Reschke from Nextcloud GmbH to report the issue)
* \[fix] Fix PostgreSQL support
* Update Django to 1.8.17
* Change time_zone to UTC as default
* \[fix] Fix quota check: users can't upload a file if the quota will be exceeded after uploading the file
* \[fix] Fix quota check when copy file from one library to another
* \[fix] Prevent admin from access group's wiki
* \[fix] Fix a bug when download folder in grid view
### 6.0.7 (2016.12.16)
* \[fix] Fix generating of password protected link in file view page
* \[fix] Fix .jpg/.JPG image display in IE10
* Export quota usage in export Excel in user list admin page
* \[fix] Fix admin can't delete broken libraries
* Add "back to previous page" link in trash page, history page
* \[fix] Improve logo show in About page
* \[fix] Fix file encoding for text file editing online
* \[fix] Don't show operation buttons for broken libraries in normal users page
### 6.0.6 (2016.11.16)
* \[fix] Fix the shared folder link in the notification message when a user share a folder to another user
* \[fix] Update Django version from 1.8.10 to 1.8.16
* \[fix] Fix support for PostgreSQL
* \[fix] Fix SQLite database locking problem
* \[fix] Fix the shared folder name is not changed after removing the old share, renaming the folder and re-sharing the folder
* \[fix] Fix sub-folder accidentially show the files in parent folder when the parent folder contains more than 100 files
* \[fix] Fix image preview navigation when there are more than 100 entries in a folder
* \[fix] Fix bug when admin searching unexisting user
* \[fix] Fix jpeg image display in IE10
* Add support for online view of mov video files
* Make web access token expiring time configurable
* Add an option on server to control block size for web upload files
### 6.0.5 (2016.10.17)
* \[fix] Fix API for uploading file by blocks (Used by iOS client when uploading a large file)
* \[fix] Fix a database connection problem in ccnet-server
* \[fix] Fix moved files are still present in local folder until refresh
* \[fix] Fix admin panel can't show deleted libraries
### 6.0.4 (2016.09.22)
* \[fix] Fix not able to move files via WebDAV interface
* Check whether the quota will exceed before saving the uploaded file to Seafile via Web UI or API
* \[fix] Fix owner can't restore a deleted file or folder in snapshot
* \[fix] Fix UI of personal profile page
* \[fix] Fix in some cases mobile devices can't be unlinked
* \[fix] Fix connection problem for the latest MariaDB in initialisation script
* \[fix] PNG Thumbnail creation broken in 6.0.3 (getexif failes)
* Make maxNumberOfFiles configurable
* \[fix] Remember the sorting of libraries
* Add Finnish translation
* Video + audio no longer be limited by max preview size
### 6.0.3 (2016.09.03)
* \[fix] Fix a bug in sqlite database upgrade script
* \[fix] Fix a bug in database connection pool
* \[fix] Fix a bug in file comment
### 6.0.2 (2016.09.02)
* \[fix] Fix a bug in sqlite database table locking
* Update translations
* Support create libraries for Seafile Drive client
### 6.0.1 beta (2016.08.22)
* \[fix] Fix default value of created_at in table api2_tokenv2. This bug leads to login problems for desktop and mobile clients.
* \[fix] Fix a bug in generating a password protected share link
* Improve checking the user running Seafile must be the owner of seafile-data. If seafile-data is symbolic link, check the destination folder instead of the symbolic link.
* \[ui] Improve rename operation
* Admin can set library permissions in admin panel
* Show name/contact email in admin panel and enable search user by name/contact email
* Add printing style for markdown
* The “Seafile” in "Welcome to Seafile" message can be customised by SITE_NAME
* Improve sorting of files with numbers
* \[fix] Fix can't view more than 100 files
* \[api] Add admin API to only return LDAP imported user list
### 6.0.0 beta (2016.08.02)
* Add full screen Web UI
* Code clean and update Web APIs
* Add file comment
* Improve zip downloading by adding zip progress
* Change of navigation labels
* \[admin] Add group transfer function in admin panel
* Remove number of synced libraries in devices page for simplify the interface and concept
* Update help pages
## 5.1
Warning:
* The concept of sub-library is removed in version 5.1. You can do selective sync with the latest desktop client
* The group message **reply** function is removed, and the old reply messages will not be shown with the new UI
Note: when upgrade from 5.1.3 or lower version to 5.1.4+, you need to install python-urllib3 (or python2-urllib3 for Arch Linux) manually:
```
# for Ubuntu
sudo apt-get install python-urllib3
# for CentOS
sudo yum install python-urllib3
```
### 5.1.4 (2016.07.23)
* \[fix] Fix seaf-fsck.sh --export fails without database
* \[fix] Fix users with Umlauts in their display name breaks group management and api2/account/info on some special Linux distribution
* Remove user from groups when a user is deleted.
* \[fix] Fix can't generate shared link for read-only shared library
* \[fix] Fix can still view file history after library history is set to "no history".
* \[fix] Fix after moving or deleting multiple selected items in the webinterface, the buttons are lost until reloading
* Check user before start seafile. The user must be the owner of seafile-data directory
* Don't allow emails with very special characters that may containing XSS string to register
* \[fix] During downloading multiple files/folders, show "Total size exceeds limits" instead of "internal server error" when selected items exceeds limits.
* \[fix] When delete a share, only check whether the be-shared user exist or not. This is to avoid the situation that share to a user can't be deleted after the user be deleted.
* Add a notificition to a user if he/she is added to a group
* Improve UI for password change page when forcing password change after admin reset a user's password
* \[fix] Fix duplicated files show in Firefox if the folder name contains single quote '
### 5.1.3 (2016.05.30)
* \[security] Fix permission checking for generating share links
* Add an option (ENABLE_SETTINGS_VIA_WEB) to ignore settings via Web UI (system admin->settings)
* \[fix] Making user search (used in auto-completion) case insensitive
### 5.1.2 (2016.05.13)
* \[fix] Fix group rename
* \[fix] Fix group transfer
* Send notifications to members when a new library is shared to a group
* Download multiple selected files from Seahub as a ZIP-file
* Use seafile-data/http-temp to store zip file when downloading a dir
* \[ui] Remember the expanded status of groups in the left hand nav bar
* \[accessibility] Improve accessiblity of library trash/history page by making links for operations selectable by tab.
* \[accessibility] Improve accessiblity of dialogs, add missing labelledby properties for the whole dialog.
* \[accessibility] Improve file/folder upload menu
* list all devices in admin panel
* Add syslog support for seafile.log
### 5.1.1 (2016.04.08)
Note: downloading multiple files at once will be added in the next release.
* A few UI Improvement and fixes
* Add group-discussion (warning: the group message reply function is removed, and the old reply messages will not be shown with the new UI)
* Add an option for disable forcing users to change password (FORCE_PASSWORD_CHANGE, default is True)
* Support new Shibboleth users be created as inactive and activated via Admin later (SHIB_ACTIVATE_AFTER_CREATION , default is True)
* Update jquery to v1.11
### 5.1.0 beta (2016.03.22)
Note: in this version, the group discussion is not re-implement yet. It will be available when the stable verison is released.
* Redesign navigation
* Rewrite group management
* Improve sorting for large folder
* Remember the sorting option for folder
* Improve devices page
* Update icons for libraries and files
* Remove library settings page, re-implement them with dialogs
* Remove group avatar
* Don't show share menu in top bar when multiple item selected
* Auto-focus on username field when loading the login page
* Remove self-introduction in user profile
* Upgrade to django 1.8
* Force the user to change password if adding by admin or password reset by admin
* disable add non-existing user to a group

30
manual/client/client.md Normal file
View file

@ -0,0 +1,30 @@
# Client
This manual explains how to setup and run Seafile client from a pre-built package.
## Components
Seafile client v3.0 consists of three components:
* ccnet-daemon: for networking
* seafile-daemon: for file syncing
* seafile-applet: GUI Client
## Platform Support
* GUI Client (seafile-applet)
* Availabe on Ubuntu 12.04 or above
* Availabe on Windows XP/Vista/7/8
* Availabe on Mac OS X 10.6 or above
* Availabe on Android
* Availabe on iOS (App Store)
* Terminal Client (ccnet-daemon, and seafile-applet)
* Runs on Generic Linux
* Runs on Windows XP/Vista/7/8
* Runs on Mac OS X 10.6 or above
## Download
Visit [our download page](http://www.seafile.com/en/download), download the latest client package.
Changelog: <http://seacloud.cc/group/3/wiki/client-changelog/>

121
manual/client/seafile_cli.md Normal file
View file

@ -0,0 +1,121 @@
# Seafile CLI
## init
Initialize config file
usage: seaf-cli -c <config-dir> -o init
## start
Start seafile-applet to run a seafile client
usage: seaf-cli -c <config-dir> -o start
## start-ccnet
Start ccnet daemon
usage: seaf-cli -c <config-dir> -o start-ccnet
## start-seafile
Start seafile daemon
usage: seaf-cli -c <config-dir> \[-w \<worktree>] -o start-seafile
## clone
Clone a repo from seafile server
A repo id and a url need to be give because this program need to use seafile web
API v2 to fetch repo information.
usage: seaf-cli -c <config-dir> -r <repo-id> -u <url> \[-w \<worktree>] -o clone
## sync
Try to synchronize a repo
usage: seaf-cli -c <config-dir> -r <repo-id> -o clone
## remove
Try to desynchronize a repo
usage: seaf-cli -c <config-dir> -r <repo-id> -o remove
## Usage
Subcommands:
```
init: create config files for seafile client
start: start and run seafile client as daemon
stop: stop seafile client
list: list local liraries
status: show syncing status
download: download a library from seafile server
sync: synchronize an existing folder with a library in
seafile server
desync: desynchronize a library with seafile server
```
\##More details
Seafile client stores all its configure information in a config dir. The default location is `~/.ccnet`. All the commands below accept an option `-c <config-dir>`.
## init
Initialize seafile client. This command initializes the config dir. It also creates sub-directories `seafile-data` and `seafile` under `parent-dir`. `seafile-data` is used to store internal data, while `seafile` is used as the default location put downloaded libraries.
```
seaf-cli init [-c <config-dir>] -d <parent-dir>
```
## start
Start seafile client. This command start `ccnet` and `seaf-daemon`, `ccnet` is the network part of seafile client, `seaf-daemon` manages the files.
```
seaf-cli start [-c <config-dir>]
```
## stop
Stop seafile client.
```
seaf-cli stop [-c <config-dir>]
```
## Download
Download a library from seafile server
```
seaf-cli download -l <library-id> -s <seahub-server-url> -d <parent-directory> -u <username> [-p <password>]
```
## sync
Synchronize a library with an existing folder.
```
seaf-cli sync -l <library-id> -s <seahub-server-url> -d <existing-folder> -u <username> [-p <password>]
```
## desync
Desynchronize a library from seafile server
```
seaf-cli desync -d <existing-folder>
```

26
manual/config/README.md Normal file
View file

@ -0,0 +1,26 @@
# Server Configuration and Customization
## Config Files
**Important**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md).
There are three config files in the community edition:
* [ccnet.conf](ccnet-conf.md): contains the LDAP settings
* [seafile.conf](seafile-conf.md): contains settings for seafile daemon and fileserver.
* [seahub_settings.py](seahub_settings_py.md): contains settings for Seahub
There is one additional config file in the pro edition:
* [seafevents.conf](seafevents-conf.md): contains settings for search and documents preview
Note: Since version 5.0.0, you can also modify most of the config items via web interface.The config items are saved in database table (seahub-db/constance_config). They have a higher priority over the items in config files.
![Seafile Config via Web](../images/seafile-server-config.png)
## Common Customization Tasks
* [Options for sending email](sending_email.md)
* [Customize web inferface](seahub_customization.md)
* User Management Options: refer to [seahub_settings.py](seahub_settings_py.md)
* Quota and Download/Upload Limits: refer to [seafile.conf](seafile-conf.md)

78
manual/config/ccnet-conf.md Normal file
View file

@ -0,0 +1,78 @@
# ccnet.conf
**Note**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md).
Ccnet is the internal RPC framework used by Seafile server and also manages the user database. A few useful options are in ccnet.conf.
```
[General]
# Used internally. Don't delete.
ID=eb812fd276432eff33bcdde7506f896eb4769da0
# Used internally. Don't delete.
NAME=example
# This is outside URL for Seahub(Seafile Web).
# The domain part (i.e., www.example.com) will be used in generating share links and download/upload file via web.
# Note: Outside URL means "if you use Nginx, it should be the Nginx's address"
SERVICE_URL=http://www.example.com:8000
[Network]
# Not used anymore
PORT=10001
[Client]
# Not used anymore
PORT=13419
```
## Enabled Slow Log
Since Seafile-pro-6.3.10, you can enable ccnet-server's RPC slow log to do performance analysis. The slow log is enabled by default.
If you want to configure related options, add the options to ccnet.conf:
```
[Slow_log]
# default to true
ENABLE_SLOW_LOG = true
# the unit of all slow log thresholds is millisecond.
# default to 5000 milliseconds, only RPC queries processed for longer than 5000 milliseconds will be logged.
RPC_SLOW_THRESHOLD = 5000
```
You can find `ccnet_slow_rpc.log` in `logs/slow_logs`. You can also use [log-rotate](../deploy/using_logrotate.md) to rotate the log files. You just need to send `SIGUSR2` to `ccnet-server` process. The slow log file will be closed and reopened.
**Note**: You should restart seafile so that your changes take effect.
```
cd seafile-server
./seafile.sh restart
```
## Changing MySQL Connection Pool Size
When you configure ccnet to use MySQL, the default connection pool size is 100, which should be enough for most use cases. You can change this value by adding following options to ccnet.conf:
```
[Database]
......
# Use larger connection pool
MAX_CONNECTIONS = 200
```
## Changing name of table 'Group'
There is a table named 'Group' in ccnet database, however, 'Group' is the key word in some of databases, you can configure this table name to avoid conflicts if necessary:
```
[GROUP]
TABLE_NAME=new_group_name
```

49
manual/config/customize_email_notifications.md Normal file
View file

@ -0,0 +1,49 @@
# Customize Email Notifications
**Note:** Subject line may vary between different releases, this is based on Release 2.0.1. Restart Seahub so that your changes take effect.
## User reset his/her password
**Subject**
seahub/seahub/auth/forms.py line:103
**Body**
seahub/seahub/templates/registration/password_reset_email.html
Note: You can copy password_reset_email.html to `seahub-data/custom/templates/registration/password_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
## System admin add new member
**Subject**
seahub/seahub/views/sysadmin.py line:424
**Body**
seahub/seahub/templates/sysadmin/user_add_email.html
Note: You can copy user_add_email.html to `seahub-data/custom/templates/sysadmin/user_add_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
## System admin reset user password
**Subject**
seahub/seahub/views/sysadmin.py line:368
**Body**
seahub/seahub/templates/sysadmin/user_reset_email.html
Note: You can copy user_reset_email.html to `seahub-data/custom/templates/sysadmin/user_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
## User send file/folder share link
**Subject**
seahub/seahub/share/views.py line:668
**Body**
seahub/seahub/templates/shared_link_email.html

88
manual/config/seafevents-conf.md Normal file
View file

@ -0,0 +1,88 @@
# Configurable Options
**Note**: Since Seafile Server 5.0.0, all config files have been moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md).
In the file `seafevents.conf`:
```
[FILE HISTORY]
enabled = true
threshold = 5
suffix = md,txt,...
## From seafile 7.0.0
## Recording file history to database for fast access is enabled by default for 'Markdown, .txt, ppt, pptx, doc, docx, xls, xlsx'.
## After enable the feature, the old histories version for markdown, doc, docx files will not be list in the history page.
## (Only new histories that stored in database will be listed) But the users can still access the old versions in the library snapshots.
## For file types not listed in the suffix , histories version will be scanned from the library history as before.
## The feature default is enable. You can set the 'enabled = false' to disable the feature.
## The 'threshold' is the time threshold for recording the historical version of a file, in minutes, the default is 5 minutes.
## This means that if the interval between two adjacent file saves is less than 5 minutes, the two file changes will be merged and recorded as a historical version.
## When set to 0, there is no time limit, which means that each save will generate a separate historical version.
## If you need to modify the file list format, you can add 'suffix = md, txt, ...' configuration items to achieve.
[AUDIT]
## Audit log is disabled default.
## Leads to additional SQL tables being filled up, make sure your SQL server is able to handle it.
enabled = true
[STATISTICS]
## must be "true" to enable statistics
enabled = false
[INDEX FILES]
## must be "true" to enable search
enabled = true
## The interval the search index is updated. Can be s(seconds), m(minutes), h(hours), d(days)
interval=10m
## From Seafile 6.3.0 pro, in order to speed up the full-text search speed, you should setup
highlight = fvh
## If true, indexes the contents of office/pdf files while updating search index
## Note: If you change this option from "false" to "true", then you need to clear the search index and update the index again.
## Refer to file search manual for details.
index_office_pdf=false
## The default size limit for doc, docx, ppt, pptx, xls, xlsx and pdf files. Files larger than this will not be indexed.
## Since version 6.2.0
## Unit: MB
office_file_size_limit = 10
[SEAHUB EMAIL]
## must be "true" to enable user email notifications when there are new unread notifications
enabled = true
## interval of sending Seahub email. Can be s(seconds), m(minutes), h(hours), d(days)
interval = 30m
[OFFICE CONVERTER]
## must be "true" to enable office/pdf online preview
enabled = true
## how many libreoffice worker processes should run concurrenlty
workers = 1
## where to store the converted office/pdf files. Deafult is /tmp/.
outputdir = /tmp/
[EVENTS PUBLISH]
## must be "true" to enable publish events messages
enabled = false
## message format: repo-update\t{{repo_id}}}\t{{commit_id}}
## Currently only support redis message queue
mq_type = redis
[REDIS]
## redis use the 0 database and "repo_update" channel
server = 192.168.1.1
port = 6379
password = q!1w@#123
```

183
manual/config/seafile-conf.md Normal file
View file

@ -0,0 +1,183 @@
# Seafile.conf settings
**Note**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md).
**Important**: Every entry in this configuration file is **case-sensitive**.
You need to restart seafile and seahub so that your changes take effect.
```
./seahub.sh restart
./seafile.sh restart
```
## Storage Quota Setting
You may set a default quota (e.g. 2GB) for all users. To do this, just add the following lines to `seafile.conf` file
```
[quota]
# default user quota in GB, integer only
default = 2
```
This setting applies to all users. If you want to set quota for a specific user, you may log in to seahub website as administrator, then set it in "System Admin" page.
## Default history length limit
If you don't want to keep all file revision history, you may set a default history length limit for all libraries.
```
[history]
keep_days = days of history to keep
```
## Default trash expiration time
The default time for automatic cleanup of the libraries trash is 30 days.You can modify this time by adding the following configuration
```
[library_trash]
expire_days = 60
```
## System Trash
Seafile uses a system trash, where deleted libraries will be moved to. In this way, accidentally deleted libraries can be recovered by system admin.
## Seafile fileserver configuration
The configuration of seafile fileserver is in the `[fileserver]` section of the file `seafile.conf`
```
[fileserver]
# bind address for fileserver
# default to 0.0.0.0, if deployed without proxy: no access restriction
# set to 127.0.0.1, if used with local proxy: only access by local
host = 127.0.0.1
# tcp port for fileserver
port = 8082
```
Since Community Edition 6.2 and Pro Edition 6.1.9, you can set the number of worker threads to server http requests. Default value is 10, which is a good value for most use cases.
```
[fileserver]
worker_threads = 15
```
Change upload/download settings.
```
[fileserver]
# Set maximum upload file size to 200M.
# If not configured, there is no file size limit for uploading.
max_upload_size=200
# Set maximum download directory size to 200M.
# Default is 100M.
max_download_dir_size=200
```
After a file is uploaded via the web interface, or the cloud file browser in the client, it needs to be divided into fixed size blocks and stored into storage backend. We call this procedure "indexing". By default, the file server uses 1 thread to sequentially index the file and store the blocks one by one. This is suitable for most cases. But if you're using S3/Ceph/Swift backends, you may have more bandwidth in the storage backend for storing multiple blocks in parallel. We provide an option to define the number of concurrent threads in indexing:
```
[fileserver]
max_indexing_threads = 10
```
When users upload files in the web interface (seahub), file server divides the file into fixed size blocks. Default blocks size for web uploaded files is 1MB. The block size can be set here.
```
[fileserver]
#Set block size to 2MB
fixed_block_size=2
```
When users upload files in the web interface, file server assigns an token to authorize the upload operation. This token is valid for 1 hour by default. When uploading a large file via WAN, the upload time can be longer than 1 hour. You can change the token expire time to a larger value.
```
[fileserver]
#Set uploading time limit to 3600s
web_token_expire_time=3600
```
You can download a folder as a zip archive from seahub, but some zip software
on windows doesn't support UTF-8, in which case you can use the "windows_encoding"
settings to solve it.
```
[zip]
# The file name encoding of the downloaded zip file.
windows_encoding = iso-8859-1
```
The "httptemp" directory contains temporary files created during file upload and zip download. In some cases the temporary files are not cleaned up after the file transfer was interrupted. Starting from 7.1.5 version, file server will regularly scan the "httptemp" directory to remove files created long time ago.
```
[fileserver]
# After how much time a temp file will be removed. The unit is in seconds. Default to 3 days.
http_temp_file_ttl = x
# File scan interval. The unit is in seconds. Default to 1 hour.
http_temp_scan_interval = x
```
## Database configuration
The whole database configuration is stored in the `[database]` section of the configuration file, whether you use SQLite, MySQL or PostgreSQL.
```
[database]
type=mysql
host=127.0.0.1
user=root
password=root
db_name=seafile_db
connection_charset=utf8
max_connections=100
```
When you configure seafile server to use MySQL, the default connection pool size is 100, which should be enough for most use cases.
## Change File Lock Auto Expire time (Pro edition only)
The Seafile Pro server auto expires file locks after some time, to prevent a locked file being locked for too long. The expire time can be tune in seafile.conf file.
```
[file_lock]
default_expire_hours = 6
```
The default is 12 hours.
## Enabled Slow Log
Since Seafile-pro-6.3.10, you can enable seaf-server's RPC slow log to do performance analysis.The slow log is enabled by default.
If you want to configure related options, add the options to seafile.conf:
```
[slow_log]
# default to true
enable_slow_log = true
# the unit of all slow log thresholds is millisecond.
# default to 5000 milliseconds, only RPC queries processed for longer than 5000 milliseconds will be logged.
rpc_slow_threshold = 5000
```
You can find `seafile_slow_rpc.log` in `logs/slow_logs`. You can also use [log-rotate](../deploy/using_logrotate.md) to rotate the log files. You just need to send `SIGUSR2` to `seaf-server` process. The slow log file will be closed and reopened.

141
manual/config/seahub_customization.md Normal file
View file

@ -0,0 +1,141 @@
# Seahub customization
## Customize Seahub Logo and CSS
Create a folder `<seafile-install-path>/seahub-data/custom`. Create a symbolic link in `seafile-server-latest/seahub/media` by `ln -s ../../../seahub-data/custom custom`.
During upgrading, Seafile upgrade script will create symbolic link automatically to preserve your customization.
### Customize Logo
1. Add your logo file to `custom/`
2. Overwrite `LOGO_PATH` in `seahub_settings.py`
```python
LOGO_PATH = 'custom/mylogo.png'
```
3. Default width and height for logo is 149px and 32px, you may need to change that according to yours.
```python
LOGO_WIDTH = 149
LOGO_HEIGHT = 32
```
### Customize Favicon
1. Add your favicon file to `custom/`
2. Overwrite `FAVICON_PATH` in `seahub_settings.py`
```python
FAVICON_PATH = 'custom/favicon.png'
```
### Customize Seahub CSS
1. Add your css file to `custom/`, for example, `custom.css`
2. Overwrite `BRANDING_CSS` in `seahub_settings.py`
```python
BRANDING_CSS = 'custom/custom.css'
```
You can find a good example of customized css file here: <https://github.com/focmb/seafile_custom_css_green>
## Customize help page
**Note:** Since version 2.1.
First go to the custom folder
```
cd <seafile-install-path>/seahub-data/custom
```
then run the following commands
```
mkdir templates
mkdir templates/help
cp ../../seafile-server-latest/seahub/seahub/help/templates/help/install.html templates/help/
```
Modify the `templates/help/install.html` file and save it. You will see the new help page.
## Add an extra note in sharing dialog
You can add an extra note in sharing dialog in seahub_settings.py
```
ADDITIONAL_SHARE_DIALOG_NOTE = {
'title': 'Attention! Read before shareing files:',
'content': 'Do not share personal or confidential official data with **.'
}
```
Result:
<img src="https://download.seafile.com/lib/bc427fa6-464c-4712-8e75-6bc08de53f91/file/images/auto-upload/image-1585712416075.png?raw=1" width="386" height="null" />
## Add custom navigation items
Since Pro 7.0.9, Seafile supports adding some custom navigation entries to the home page for quick access. This requires you to add the following configuration information to the `conf/seahub_settings.py` configuration file:
```
CUSTOM_NAV_ITEMS = [
{'icon': 'sf2-icon-star',
'desc': 'Custom navigation 1',
'link': 'https://www.seafile.com'
},
{'icon': 'sf2-icon-wiki-view',
'desc': 'Custom navigation 2',
'link': 'https://download.seafile.com/published/seafile-manual/home.md'
},
{'icon': 'sf2-icon-wrench',
'desc': 'Custom navigation 3',
'link': 'http://www.example.com'
},
]
```
**Note: The **`icon` **field currently only supports icons in Seafile that begin with **`sf2-icon`**. You can find the list of icons here: **<https://github.com/haiwen/seahub/blob/7.0/media/css/seahub.css#L146>
Then restart the Seahub service to take effect.
Once you log in to the Seafile system homepage again, you will see the new navigation entry under the `Tools` navigation bar on the left.
## Add more links to the bottom bar
```
ADDITIONAL_APP_BOTTOM_LINKS = {
'seafile': 'https://example.seahub.com/seahub',
'dtable-web': 'https://example.seahub.com/web'
}
```
Result:
<img src="https://download.seafile.com/lib/bc427fa6-464c-4712-8e75-6bc08de53f91/file/images/auto-upload/image-1585712569569.png?raw=1" width="586" height="null" />
## Add more links to about dialog
```
ADDITIONAL_ABOUT_DIALOG_LINKS = {
'seafile': 'https://example.seahub.com/seahub',
'dtable-web': 'https://example.seahub.com/dtable-web'
}
```
Result:
<img src="https://download.seafile.com/lib/bc427fa6-464c-4712-8e75-6bc08de53f91/file/images/auto-upload/image-1585712631552.png?raw=1" width="610" height="null" />

471
manual/config/seahub_settings_py.md Normal file
View file

@ -0,0 +1,471 @@
# Seahub Settings
Note: You can also modify most of the config items via web interface. The config items are saved in database table (seahub-db/constance_config). They have a higher priority over the items in config files. If you want to disable settings via web interface, you can add `ENABLE_SETTINGS_VIA_WEB = False` to `seahub_settings.py`.
## Sending Email Notifications on Seahub
Refer to [email sending documentation](sending_email.md).
## Memcached
Seahub caches items(avatars, profiles, etc) on file system by default(/tmp/seahub_cache/). You can replace with Memcached.
Refer to ["add memcached"](../deploy/add_memcached.md).
## Security settings
```python
# For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com'].
# Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.
ALLOWED_HOSTS = ['.myseafile.com']
```
## User management options
The following options affect user registration, password and session.
```python
# Enalbe or disalbe registration on web. Default is `False`.
ENABLE_SIGNUP = False
# Activate or deactivate user when registration complete. Default is `True`.
# If set to `False`, new users need to be activated by admin in admin panel.
ACTIVATE_AFTER_REGISTRATION = False
# Whether to send email when a system admin adding a new member. Default is `True`.
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
# Whether to send email when a system admin resetting a user's password. Default is `True`.
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
# Send system admin notify email when user registration is complete. Default is `False`.
NOTIFY_ADMIN_AFTER_REGISTRATION = True
# Remember days for login. Default is 7
LOGIN_REMEMBER_DAYS = 7
# Attempt limit before showing a captcha when login.
LOGIN_ATTEMPT_LIMIT = 3
# deactivate user account when login attempts exceed limit
# Since version 5.1.2 or pro 5.1.3
FREEZE_USER_ON_LOGIN_FAILED = False
# mininum length for user's password
USER_PASSWORD_MIN_LENGTH = 6
# LEVEL based on four types of input:
# num, upper letter, lower letter, other symbols
# '3' means password must have at least 3 types of the above.
USER_PASSWORD_STRENGTH_LEVEL = 3
# default False, only check USER_PASSWORD_MIN_LENGTH
# when True, check password strength level, STRONG(or above) is allowed
USER_STRONG_PASSWORD_REQUIRED = False
# Force user to change password when admin add/reset a user.
# Added in 5.1.1, deafults to True.
FORCE_PASSWORD_CHANGE = True
# Age of cookie, in seconds (default: 2 weeks).
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
# Whether a user's session cookie expires when the Web browser is closed.
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
# Whether to save the session data on every request. Default is `False`
SESSION_SAVE_EVERY_REQUEST = False
# Whether enable the feature "published library". Default is `False`
# Since 6.1.0 CE
ENABLE_WIKI = True
# In old version, if you use Single Sign On, the password is not saved in Seafile.
# Users can't use WebDAV because Seafile can't check whether the password is correct.
# Since version 6.3.8, you can enable this option to let user's to specific a password for WebDAV login.
# Users login via SSO can use this password to login in WebDAV.
# Enable the feature. pycryptodome should be installed first.
# sudo pip install pycryptodome==3.7.2
ENABLE_WEBDAV_SECRET = True
# Since version 7.0.9, you can force a full user to log in with a two factor authentication.
# The prerequisite is that the administrator should 'enable two factor authentication' in the 'System Admin -> Settings' page.
# Then you can add the following configuration information to the configuration file.
ENABLE_FORCE_2FA_TO_ALL_USERS = True
```
## Library snapshot label feature
```
# Turn on this option to let users to add a label to a library snapshot. Default is `False`
ENABLE_REPO_SNAPSHOT_LABEL = False
```
## Library options
Options for libraries:
```python
# if enable create encrypted library
ENABLE_ENCRYPTED_LIBRARY = True
# version for encrypted library
# should only be `2` or `4`.
# version 3 is insecure (using AES128 encryption) so it's not recommended any more.
ENCRYPTED_LIBRARY_VERSION = 2
# mininum length for password of encrypted library
REPO_PASSWORD_MIN_LENGTH = 8
# mininum length for password for share link (since version 4.4)
SHARE_LINK_PASSWORD_MIN_LENGTH = 8
# Default expire days for share link (since version 6.3.8)
# Once this value is configured, the user can no longer generate an share link with no expiration time.
# If the expiration value is not set when the share link is generated, the value configured here will be used.
SHARE_LINK_EXPIRE_DAYS_DEFAULT = 5
# minimum expire days for share link (since version 6.3.6)
# SHARE_LINK_EXPIRE_DAYS_MIN should be less than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
SHARE_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.
# maximum expire days for share link (since version 6.3.6)
# SHARE_LINK_EXPIRE_DAYS_MIN should be greater than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
SHARE_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.
# Default expire days for upload link (since version 7.1.6)
# Once this value is configured, the user can no longer generate an upload link with no expiration time.
# If the expiration value is not set when the upload link is generated, the value configured here will be used.
UPLOAD_LINK_EXPIRE_DAYS_DEFAULT = 5
# minimum expire days for upload link (since version 7.1.6)
# UPLOAD_LINK_EXPIRE_DAYS_MIN should be less than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
UPLOAD_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.
# maximum expire days for upload link (since version 7.1.6)
# UPLOAD_LINK_EXPIRE_DAYS_MAX should be greater than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
UPLOAD_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.
# force user login when view file/folder share link (since version 6.3.6)
SHARE_LINK_LOGIN_REQUIRED = True
# enable water mark when view(not edit) file in web browser (since version 6.3.6)
ENABLE_WATERMARK = True
# Disable sync with any folder. Default is `False`
# NOTE: since version 4.2.4
DISABLE_SYNC_WITH_ANY_FOLDER = True
# Enable or disable library history setting
ENABLE_REPO_HISTORY_SETTING = True
# Enable or disable normal user to create organization libraries
# Since version 5.0.5
ENABLE_USER_CREATE_ORG_REPO = True
# Enable or disable user share library to any group
# Since version 6.2.0
ENABLE_SHARE_TO_ALL_GROUPS = True
# Enable or disable user to clean trash (default is True)
# Since version 6.3.6
ENABLE_USER_CLEAN_TRASH = True
# Add a report abuse button on download links. (since version 7.1.0)
# Users can report abuse on the share link page, fill in the report type, contact information, and description.
# Default is false.
ENABLE_SHARE_LINK_REPORT_ABUSE = True
```
Options for online file preview:
```python
# Whether to use pdf.js to view pdf files online. Default is `True`, you can turn it off.
# NOTE: since version 1.4.
USE_PDFJS = True
# Online preview maximum file size, defaults to 30M.
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
# Extensions of previewed text files.
# NOTE: since version 6.1.1
TEXT_PREVIEW_EXT = """ac, am, bat, c, cc, cmake, cpp, cs, css, diff, el, h, html,
htm, java, js, json, less, make, org, php, pl, properties, py, rb,
scala, script, sh, sql, txt, text, tex, vi, vim, xhtml, xml, log, csv,
groovy, rst, patch, go"""
# Enable or disable thumbnails
# NOTE: since version 4.0.2
ENABLE_THUMBNAIL = True
# Seafile only generates thumbnails for images smaller than the following size.
# Since version 6.3.8 pro, suport the psd online preview.
THUMBNAIL_IMAGE_SIZE_LIMIT = 30 # MB
# Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first.
# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html
# NOTE: this option is deprecated in version 7.1
ENABLE_VIDEO_THUMBNAIL = False
# Use the frame at 5 second as thumbnail
# NOTE: this option is deprecated in version 7.1
THUMBNAIL_VIDEO_FRAME_TIME = 5
# Absolute filesystem path to the directory that will hold thumbnail files.
THUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/'
# Default size for picture preview. Enlarge this size can improve the preview quality.
# NOTE: since version 6.1.1
THUMBNAIL_SIZE_FOR_ORIGINAL = 1024
```
## Cloud Mode
You should enable cloud mode if you use Seafile with an unknown user base. It disables the organization tab in Seahub's website to ensure that users can't access the user list. Cloud mode provides some nice features like sharing content with unregistered users and sending invitations to them. Therefore you also want to enable user registration. Through the global address book (since version 4.2.3) you can do a search for every user account. So you probably want to disable it.
```python
# Enable cloude mode and hide `Organization` tab.
CLOUD_MODE = True
# Disable global address book
ENABLE_GLOBAL_ADDRESSBOOK = False
```
## External authentication
```python
# Enable authentication with ADFS
# Default is False
# Since 6.0.9
ENABLE_ADFS_LOGIN = True
# Enable authentication wit Kerberos
# Default is False
ENABLE_KRB5_LOGIN = True
# Enable authentication with Shibboleth
# Default is False
ENABLE_SHIBBOLETH_LOGIN = True
```
## Other options
```python
# Disable settings via Web interface in system admin->settings
# Default is True
# Since 5.1.3
ENABLE_SETTINGS_VIA_WEB = False
# Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
# although not all choices may be available on all operating systems.
# If running in a Windows environment this must be set to the same as your
# system time zone.
TIME_ZONE = 'UTC'
# Language code for this installation. All choices can be found here:
# http://www.i18nguy.com/unicode/language-identifiers.html
# Default language for sending emails.
LANGUAGE_CODE = 'en'
# Custom language code choice.
LANGUAGES = (
('en', 'English'),
('zh-cn', '简体中文'),
('zh-tw', '繁體中文'),
)
# Set this to your website/company's name. This is contained in email notifications and welcome message when user login for the first time.
SITE_NAME = 'Seafile'
# Browser tab's title
SITE_TITLE = 'Private Seafile'
# If you don't want to run seahub website on your site's root path, set this option to your preferred path.
# e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/.
SITE_ROOT = '/'
# Max number of files when user upload file/folder.
# Since version 6.0.4
MAX_NUMBER_OF_FILES_FOR_FILEUPLOAD = 500
# Control the language that send email. Default to user's current language.
# Since version 6.1.1
SHARE_LINK_EMAIL_LANGUAGE = ''
# Interval for browser requests unread notifications
# Since PRO 6.1.4 or CE 6.1.2
UNREAD_NOTIFICATIONS_REQUEST_INTERVAL = 3 * 60 # seconds
# Whether to allow user to delete account, change login password or update basic user
# info on profile page.
# Since PRO 6.3.10
ENABLE_DELETE_ACCOUNT = False
ENABLE_UPDATE_USER_INFO = False
ENABLE_CHANGE_PASSWORD = False
```
## Pro edition only options
```python
# Whether to show the used traffic in user's profile popup dialog. Default is True
SHOW_TRAFFIC = True
# Allow administrator to view user's file in UNENCRYPTED libraries
# through Libraries page in System Admin. Default is False.
ENABLE_SYS_ADMIN_VIEW_REPO = True
# For un-login users, providing an email before downloading or uploading on shared link page.
# Since version 5.1.4
ENABLE_SHARE_LINK_AUDIT = True
# Check virus after upload files to shared upload links. Defaults to `False`.
# Since version 6.0
ENABLE_UPLOAD_LINK_VIRUS_CHECK = True
# Enable system admin add T&C, all users need to accept terms before using. Defaults to `False`.
# Since version 6.0
ENABLE_TERMS_AND_CONDITIONS = True
# Enable two factor authentication for accounts. Defaults to `False`.
# Since version 6.0
ENABLE_TWO_FACTOR_AUTH = True
# Enable user select a template when he/she creates library.
# When user select a template, Seafile will create folders releated to the pattern automaticly.
# Since version 6.0
LIBRARY_TEMPLATES = {
'Technology': ['/Develop/Python', '/Test'],
'Finance': ['/Current assets', '/Fixed assets/Computer']
}
# Send email to these email addresses when a virus is detected.
# This list can be any valid email address, not necessarily the emails of Seafile user.
# Since version 6.0.8
VIRUS_SCAN_NOTIFY_LIST = ['user_a@seafile.com', 'user_b@seafile.com']
# Enable a user to change password in 'settings' page. Default to `True`
# Since version 6.2.11
ENABLE_CHANGE_PASSWORD = True
# Enable file comments. Default to `True`
# Since version 6.2.11
ENABLE_FILE_COMMENT = True
# If show contact email when search user.
ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER = True
```
## RESTful API
```
# API throttling related settings. Enlarger the rates if you got 429 response code during API calls.
REST_FRAMEWORK = {
'DEFAULT_THROTTLE_RATES': {
'ping': '600/minute',
'anon': '5/minute',
'user': '300/minute',
},
'UNICODE_JSON': False,
}
# Throtting whitelist used to disable throttle for certain IPs.
# e.g. REST_FRAMEWORK_THROTTING_WHITELIST = ['127.0.0.1', '192.168.1.1']
# Please make sure `REMOTE_ADDR` header is configured in Nginx conf according to https://manual.seafile.com/deploy/deploy_with_nginx.html.
REST_FRAMEWORK_THROTTING_WHITELIST = []
```
## Seahub Custom Functions
Since version 6.2, you can define a custom function to modify the result of user search function.
For example, if you want to limit user only search users in the same institution, you can define `custom_search_user` function in `{seafile install path}/conf/seahub_custom_functions/__init__.py`
Code example:
```
import os
import sys
current_path = os.path.dirname(os.path.abspath(__file__))
seahub_dir = os.path.join(current_path, \
'../../seafile-server-latest/seahub/seahub')
sys.path.append(seahub_dir)
from seahub.profile.models import Profile
def custom_search_user(request, emails):
institution_name = ''
username = request.user.username
profile = Profile.objects.get_profile_by_user(username)
if profile:
institution_name = profile.institution
inst_users = [p.user for p in
Profile.objects.filter(institution=institution_name)]
filtered_emails = []
for email in emails:
if email in inst_users:
filtered_emails.append(email)
return filtered_emails
```
> **NOTE**, you should NOT change the name of `custom_search_user` and `seahub_custom_functions/__init__.py`
Since version 6.2.5 pro, if you enable the **ENABLE_SHARE_TO_ALL_GROUPS** feather on sysadmin settings page, you can also define a custom function to return the groups a user can share library to.
For example, if you want to let a user to share library to both its groups and the groups of user `test@test.com`, you can define a `custom_get_groups` function in `{seafile install path}/conf/seahub_custom_functions/__init__.py`
Code example:
```
import os
import sys
current_path = os.path.dirname(os.path.abspath(__file__))
seaserv_dir = os.path.join(current_path, \
'../../seafile-server-latest/seafile/lib64/python2.7/site-packages')
sys.path.append(seaserv_dir)
def custom_get_groups(request):
from seaserv import ccnet_api
groups = []
username = request.user.username
# for current user
groups += ccnet_api.get_groups(username)
# for 'test@test.com' user
groups += ccnet_api.get_groups('test@test.com')
return groups
```
> **NOTE**, you should NOT change the name of `custom_get_groups` and `seahub_custom_functions/__init__.py`
## Note
* You need to restart seahub so that your changes take effect.
* If your changes don't take effect, You may need to delete 'seahub_setting.pyc'. (A cache file)
```bash
./seahub.sh restart
```

191
manual/config/sending_email.md Normal file
View file

@ -0,0 +1,191 @@
# Sending Email Notifications on Seahub
## Types of Email Sending in Seafile
There are currently five types of emails sent in Seafile:
* User reset his/her password
* System admin add new member
* System admin reset user password
* User send file/folder share link and upload link
* \[pro] Reminder of unread notifications (It is sent by a background task which is pro edition only)
The first four types of email are sent immediately. The last type is sent by a background task running periodically.
## Options of Email Sending
Please add the following lines to seahub_settings.py to enable email sending.
```python
EMAIL_USE_TLS = False
EMAIL_HOST = 'smtp.example.com' # smpt server
EMAIL_HOST_USER = 'username@example.com' # username and domain
EMAIL_HOST_PASSWORD = 'password' # password
EMAIL_PORT = 25
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
SERVER_EMAIL = EMAIL_HOST_USER
```
If you are using Gmail as email server, use following lines:
```python
EMAIL_USE_TLS = True
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_USER = 'username@gmail.com'
EMAIL_HOST_PASSWORD = 'password'
EMAIL_PORT = 587
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
SERVER_EMAIL = EMAIL_HOST_USER
```
**Note**: If your email service still does not work, you can checkout the log file `logs/seahub.log` to see what may cause the problem. For a complete email notification list, please refer to [email notification list](customize_email_notifications.md).
**Note2**: If you want to use the email service without authentication leaf `EMAIL_HOST_USER` and `EMAIL_HOST_PASSWORD` **blank** (`''`). (But notice that the emails then will be sent without a `From:` address.)
**Note3**: About using SSL connection (using port 465)
Port 587 is being used to establish a TLS connection and port 465 is being used to establish an SSL connection. Starting from Django 1.8, it supports both. Until version 5.1 Seafile only supported Django 1.5, which only supports TLS connections. If your email server only supports SSL connections and you are using a Seafile Server version below 5.1, you can find a workaround here: [django-smtp-ssl](https://github.com/bancek/django-smtp-ssl).
## Change the `sender` and `reply to` of email
You can change the sender and reply to field of email by add the following settings to seahub_settings.py. This only affects email sending for file share link.
```python
# Replace default from email with user's email or not, defaults to ``False``
REPLACE_FROM_EMAIL = True
# Set reply-to header to user's email or not, defaults to ``False``. For details,
# please refer to http://www.w3.org/Protocols/rfc822/
ADD_REPLY_TO_HEADER = True
```
## Config background email sending task (Pro Edition Only)
The background task will run periodically to check whether an user have new unread notifications. If there are any, it will send a reminder email to that user. The background email sending task is controlled by `seafevents.conf`.
```
[SEAHUB EMAIL]
## must be "true" to enable user email notifications when there are new unread notifications
enabled = true
## interval of sending seahub email. Can be s(seconds), m(minutes), h(hours), d(days)
interval = 30m
```
## Customize email messages
The simplest way to customize the email message is setting the `SITE_NAME` variable in seahub_settings.py. If it is not enough for your case, you can customize the email templates.
**Note:** Subject line may vary between different releases, this is based on Release 5.0.0. Restart Seahub so that your changes take effect.
### The email base template
[seahub/seahub/templates/email_base.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/email_base.html)
Note: You can copy email_base.html to `seahub-data/custom/templates/email_base.html` and modify the new one. In this way, the customization will be maintained after upgrade.
### User reset his/her password
**Subject**
seahub/seahub/auth/forms.py line:127
```python
send_html_email(_("Reset Password on %s") % site_name,
email_template_name, c, None, [user.username])
```
**Body**
[seahub/seahub/templates/registration/password_reset_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/registration/password_reset_email.html)
Note: You can copy password_reset_email.html to `seahub-data/custom/templates/registration/password_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
### System admin add new member
**Subject**
seahub/seahub/views/sysadmin.py line:424
```
send_html_email(_(u'Password has been reset on %s') % SITE_NAME,
'sysadmin/user_reset_email.html', c, None, [email])
```
**Body**
[seahub/seahub/templates/sysadmin/user_add_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/sysadmin/user_add_email.html)
Note: You can copy user_add_email.html to `seahub-data/custom/templates/sysadmin/user_add_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
### System admin reset user password
**Subject**
seahub/seahub/views/sysadmin.py line:1224
```python
send_html_email(_(u'Password has been reset on %s') % SITE_NAME,
'sysadmin/user_reset_email.html', c, None, [email])
```
**Body**
[seahub/seahub/templates/sysadmin/user_reset_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/sysadmin/user_reset_email.html)
Note: You can copy user_reset_email.html to `seahub-data/custom/templates/sysadmin/user_reset_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
### User send file/folder share link
**Subject**
seahub/seahub/share/views.py line:913
```python
try:
if file_shared_type == 'f':
c['file_shared_type'] = _(u"file")
send_html_email(_(u'A file is shared to you on %s') % SITE_NAME,
'shared_link_email.html',
c, from_email, [to_email],
reply_to=reply_to
)
else:
c['file_shared_type'] = _(u"directory")
send_html_email(_(u'A directory is shared to you on %s') % SITE_NAME,
'shared_link_email.html',
c, from_email, [to_email],
reply_to=reply_to)
```
**Body**
[seahub/seahub/templates/shared_link_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/shared_link_email.html)
[seahub/seahub/templates/shared_upload_link_email.html](https://github.com/haiwen/seahub/blob/master/seahub/templates/shared_upload_link_email.html)
Note: You can copy shared_link_email.html to `seahub-data/custom/templates/shared_link_email.html` and modify the new one. In this way, the customization will be maintained after upgrade.
### Reminder of unread notifications
**Subject**
```python
send_html_email(_('New notice on %s') % settings.SITE_NAME,
'notifications/notice_email.html', c,
None, [to_user])
```
**Body**
[seahub/seahub/notifications/templates/notifications/notice_email.html](https://github.com/haiwen/seahub/blob/master/seahub/notifications/templates/notifications/notice_email.html)

26
manual/contribution.md Normal file
View file

@ -0,0 +1,26 @@
# Contribution
## Licensing
The different components of Seafile project are released under different licenses:
* [Seafile iOS client](https://github.com/haiwen/seafile-iOS): Apache License v2
* [Seafile Android client](https://github.com/haiwen/seadroid): GPLv3
* Desktop syncing client: GPLv2
* [Seafile Server core](https://github.com/haiwen/seafile-server): AGPLv3
* Seahub (Seafile server Web UI): Apache License v2
## Discussion
Forum: <https://forum.seafile.com>
Follow us @seafile <https://twitter.com/seafile>
## Report a Bug
* Please report a bug in our forum, this is a preferred way.
* You can also report a bug in GitHub <https://github.com/haiwen/seafile/issues?state=open>
## Code Style
The source code of seafile is ISO/IEC 9899:1999 (E) (a.k.a. C99) compatible. Take a look at [code standard](develop/code_standard.md).

BIN
manual/cover.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 110 KiB

BIN
manual/cover_small.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 7.5 KiB

55
manual/deploy/README.md Normal file
View file

@ -0,0 +1,55 @@
# Deploying Seafile under Linux
Here we describe how to deploy Seafile from prebuild binary packages.
## Deploy Seafile in Home/Personal Environment
* [Deploying Seafile with SQLite](using_sqlite.md)
## Deploy Seafile in Production/Enterprise Environment
In production environment we recommend using MySQL as the database and config Seafile web behing Nginx or Apache. For those who are not familiar with Nginx and Apache. We recommend Nginx, since it is easier to config than Apache.
We provide three ways to deploy Seafile services:
* Using [Docker](deploy_with_docker.md)
* Using [installation script](https://github.com/haiwen/seafile-server-installer)
* Manually installing Seafile and setting up database, memcached and Nginx/Apache. See the following section.
### Install Seafile manually
* [Deploying Seafile with MySQL](using_mysql.md)
* [Config Seahub with Nginx](deploy_with_nginx.md)
* [Enabling Https with Nginx](https_with_nginx.md)
* [Config Seahub with Apache](deploy_with_apache.md)
* [Enabling Https with Apache](https_with_apache.md)
* [Add Memcached](add_memcached.md), adding memcached is very important if you have more than 50 users.
* [Start Seafile at System Bootup](start_seafile_at_system_bootup.md)
* [Firewall settings](using_firewall.md)
* [Logrotate](using_logrotate.md)
### LDAP and AD integration
[LDAP/AD Integration](using_ldap.md)
### Single Sign On
Seafile supports a few Single Sign On authentication protocols. See [Single Sign On](single_sign_on.md) for a summary.
### Other Deployment Issues
* [Deploy Seafile behind NAT](deploy_seafile_behind_nat.md)
* [Deploy Seahub at Non-root domain](deploy_seahub_at_non-root_domain.md)
* [Migrate From SQLite to MySQL](migrate_from_sqlite_to_mysql.md)
Check [configuration options](../config/README.md) for server config options like enabling user registration.
### Trouble shooting
1. Read [Seafile Server Components Overview](../overview/components.md) to understand how Seafile server works. This will save you a lot of time.
2. [Common Problems for Setting up Server](common_problems_for_setting_up_server.md)
3. Go to our [forum](https://forum.seafile.com/) for help.
### Upgrade Seafile Server
* [Upgrade Seafile server](upgrade.md)

85
manual/deploy/add_memcached.md Normal file
View file

@ -0,0 +1,85 @@
# Add memcached
Seahub caches items (avatars, profiles, etc) on the file system in /tmp/seahub_cache/ by default. You can use memcached instead to improve the performance.
First, make sure `libmemcached` library and development headers are installed on your system.
**For Seafile 7.0.x**
```
# on Debian/Ubuntu 16.04
apt-get install memcached libmemcached-dev -y
systemctl enable --now memcached
```
```
# on CentOS 7
yum install memcached libffi-devel -y
systemctl enable --now memcached
```
**For Seafile 7.1.x**
```
# on Debian/Ubuntu 18.04
apt-get install memcached libmemcached-dev -y
pip3 install --timeout=3600 pylibmc django-pylibmc
systemctl enable --now memcached
```
```
# on CentOS 8
yum install memcached libmemcached -y
pip3 install --timeout=3600 pylibmc django-pylibmc
systemctl enable --now memcached
```
Add the following configuration to `seahub_settings.py`.
```
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '127.0.0.1:11211',
},
}
```
If you use a memcached cluster, your configuration depends on your Seafile server version. You can find how to setup memcached cluster [here](../deploy_pro/memcached_mariadb_cluster.md).
## Seafile server before 6.2.11
Please replace the `CACHES` variable with the following. This configuration uses consistent hashing to distribute the keys in memcached. More information can be found on [pylibmc documentation](http://sendapatch.se/projects/pylibmc/behaviors.html) and [django-pylibmc documentation](https://github.com/django-pylibmc/django-pylibmc). Supposed your memcached server addresses are 192.168.1.13\[4-6].
```
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': ['192.168.1.134:11211', '192.168.1.135:11211', '192.168.1.136:11211',],
'OPTIONS': {
'ketama': True,
'remove_failed': 1,
'retry_timeout': 3600,
'dead_timeout': 3600
}
},
'locmem': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
},
}
COMPRESS_CACHE_BACKEND = 'locmem'
```
## Seafile Server 6.2.11 or newer
The configuration is the same as single node memcached server. Just replace the IP address with the floating IP.

191
manual/deploy/ce_ccnet_db.sql Normal file
View file

@ -0,0 +1,191 @@
-- MySQL dump 10.13 Distrib 5.5.53, for debian-linux-gnu (x86_64)
--
-- Host: localhost Database: ccnet_db
-- ------------------------------------------------------
-- Server version 5.5.53-0ubuntu0.14.04.1
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Table structure for table `Binding`
--
DROP TABLE IF EXISTS `Binding`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `Binding` (
`email` varchar(255) DEFAULT NULL,
`peer_id` char(41) DEFAULT NULL,
UNIQUE KEY `peer_id` (`peer_id`),
KEY `email` (`email`(20))
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `EmailUser`
--
DROP TABLE IF EXISTS `EmailUser`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `EmailUser` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`email` varchar(255) DEFAULT NULL,
`passwd` varchar(256) DEFAULT NULL,
`is_staff` tinyint(1) NOT NULL,
`is_active` tinyint(1) NOT NULL,
`ctime` bigint(20) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `Group`
--
DROP TABLE IF EXISTS `Group`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `Group` (
`group_id` int(11) NOT NULL AUTO_INCREMENT,
`group_name` varchar(255) DEFAULT NULL,
`creator_name` varchar(255) DEFAULT NULL,
`timestamp` bigint(20) DEFAULT NULL,
`type` varchar(32) DEFAULT NULL,
PRIMARY KEY (`group_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `GroupDNPair`
--
DROP TABLE IF EXISTS `GroupDNPair`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `GroupDNPair` (
`group_id` int(11) DEFAULT NULL,
`dn` varchar(255) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `GroupUser`
--
DROP TABLE IF EXISTS `GroupUser`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `GroupUser` (
`group_id` int(11) NOT NULL DEFAULT '0',
`user_name` varchar(255) NOT NULL DEFAULT '',
`is_staff` tinyint(4) DEFAULT NULL,
PRIMARY KEY (`group_id`,`user_name`),
KEY `user_name` (`user_name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `LDAPUsers`
--
DROP TABLE IF EXISTS `LDAPUsers`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `LDAPUsers` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`email` varchar(255) NOT NULL,
`password` varchar(255) NOT NULL,
`is_staff` tinyint(1) NOT NULL,
`is_active` tinyint(1) NOT NULL,
`extra_attrs` text,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `OrgGroup`
--
DROP TABLE IF EXISTS `OrgGroup`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `OrgGroup` (
`org_id` int(11) NOT NULL DEFAULT '0',
`group_id` int(11) NOT NULL DEFAULT '0',
PRIMARY KEY (`org_id`,`group_id`),
KEY `group_id` (`group_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `OrgUser`
--
DROP TABLE IF EXISTS `OrgUser`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `OrgUser` (
`org_id` int(11) NOT NULL DEFAULT '0',
`email` varchar(255) NOT NULL DEFAULT '',
`is_staff` tinyint(1) NOT NULL,
PRIMARY KEY (`org_id`,`email`),
KEY `email` (`email`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `Organization`
--
DROP TABLE IF EXISTS `Organization`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `Organization` (
`org_id` int(11) NOT NULL AUTO_INCREMENT,
`org_name` varchar(255) DEFAULT NULL,
`url_prefix` varchar(255) DEFAULT NULL,
`creator` varchar(255) DEFAULT NULL,
`ctime` bigint(20) DEFAULT NULL,
PRIMARY KEY (`org_id`),
UNIQUE KEY `url_prefix` (`url_prefix`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `UserRole`
--
DROP TABLE IF EXISTS `UserRole`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `UserRole` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`email` varchar(255) DEFAULT NULL,
`role` varchar(255) DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2016-11-21 21:34:06

362
manual/deploy/ce_seafile_db.sql Normal file
View file

@ -0,0 +1,362 @@
-- MySQL dump 10.13 Distrib 5.5.53, for debian-linux-gnu (x86_64)
--
-- Host: localhost Database: seafile_db
-- ------------------------------------------------------
-- Server version 5.5.53-0ubuntu0.14.04.1
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
/*!40103 SET @OLD_TIME_ZONE=@@TIME_ZONE */;
/*!40103 SET TIME_ZONE='+00:00' */;
/*!40014 SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0 */;
/*!40014 SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0 */;
/*!40101 SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='NO_AUTO_VALUE_ON_ZERO' */;
/*!40111 SET @OLD_SQL_NOTES=@@SQL_NOTES, SQL_NOTES=0 */;
--
-- Table structure for table `Branch`
--
DROP TABLE IF EXISTS `Branch`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `Branch` (
`name` varchar(10) NOT NULL DEFAULT '',
`repo_id` char(41) NOT NULL DEFAULT '',
`commit_id` char(41) DEFAULT NULL,
PRIMARY KEY (`repo_id`,`name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `GarbageRepos`
--
DROP TABLE IF EXISTS `GarbageRepos`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `GarbageRepos` (
`repo_id` char(36) NOT NULL,
PRIMARY KEY (`repo_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `InnerPubRepo`
--
DROP TABLE IF EXISTS `InnerPubRepo`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `InnerPubRepo` (
`repo_id` char(37) NOT NULL,
`permission` char(15) DEFAULT NULL,
PRIMARY KEY (`repo_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `OrgQuota`
--
DROP TABLE IF EXISTS `OrgQuota`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `OrgQuota` (
`org_id` int(11) NOT NULL,
`quota` bigint(20) DEFAULT NULL,
PRIMARY KEY (`org_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `OrgUserQuota`
--
DROP TABLE IF EXISTS `OrgUserQuota`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `OrgUserQuota` (
`org_id` int(11) NOT NULL DEFAULT '0',
`user` varchar(255) NOT NULL DEFAULT '',
`quota` bigint(20) DEFAULT NULL,
PRIMARY KEY (`org_id`,`user`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `Repo`
--
DROP TABLE IF EXISTS `Repo`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `Repo` (
`repo_id` char(37) NOT NULL,
PRIMARY KEY (`repo_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `RepoFileCount`
--
DROP TABLE IF EXISTS `RepoFileCount`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `RepoFileCount` (
`repo_id` char(36) NOT NULL,
`file_count` bigint(20) unsigned DEFAULT NULL,
PRIMARY KEY (`repo_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `RepoGroup`
--
DROP TABLE IF EXISTS `RepoGroup`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `RepoGroup` (
`repo_id` char(37) DEFAULT NULL,
`group_id` int(11) DEFAULT NULL,
`user_name` varchar(255) DEFAULT NULL,
`permission` char(15) DEFAULT NULL,
UNIQUE KEY `group_id` (`group_id`,`repo_id`),
KEY `repo_id` (`repo_id`),
KEY `user_name` (`user_name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `RepoHead`
--
DROP TABLE IF EXISTS `RepoHead`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `RepoHead` (
`repo_id` char(37) NOT NULL,
`branch_name` varchar(10) DEFAULT NULL,
PRIMARY KEY (`repo_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `RepoHistoryLimit`
--
DROP TABLE IF EXISTS `RepoHistoryLimit`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `RepoHistoryLimit` (
`repo_id` char(37) NOT NULL,
`days` int(11) DEFAULT NULL,
PRIMARY KEY (`repo_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `RepoOwner`
--
DROP TABLE IF EXISTS `RepoOwner`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `RepoOwner` (
`repo_id` char(37) NOT NULL,
`owner_id` varchar(255) DEFAULT NULL,
PRIMARY KEY (`repo_id`),
KEY `owner_id` (`owner_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `RepoSize`
--
DROP TABLE IF EXISTS `RepoSize`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `RepoSize` (
`repo_id` char(37) NOT NULL,
`size` bigint(20) unsigned DEFAULT NULL,
`head_id` char(41) DEFAULT NULL,
PRIMARY KEY (`repo_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `RepoTokenPeerInfo`
--
DROP TABLE IF EXISTS `RepoTokenPeerInfo`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `RepoTokenPeerInfo` (
`token` char(41) NOT NULL,
`peer_id` char(41) DEFAULT NULL,
`peer_ip` varchar(41) DEFAULT NULL,
`peer_name` varchar(255) DEFAULT NULL,
`sync_time` bigint(20) DEFAULT NULL,
`client_ver` varchar(20) DEFAULT NULL,
PRIMARY KEY (`token`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `RepoTrash`
--
DROP TABLE IF EXISTS `RepoTrash`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `RepoTrash` (
`repo_id` char(36) NOT NULL,
`repo_name` varchar(255) DEFAULT NULL,
`head_id` char(40) DEFAULT NULL,
`owner_id` varchar(255) DEFAULT NULL,
`size` bigint(20) DEFAULT NULL,
`org_id` int(11) DEFAULT NULL,
`del_time` bigint(20) DEFAULT NULL,
PRIMARY KEY (`repo_id`),
KEY `owner_id` (`owner_id`),
KEY `org_id` (`org_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `RepoUserToken`
--
DROP TABLE IF EXISTS `RepoUserToken`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `RepoUserToken` (
`repo_id` char(37) DEFAULT NULL,
`email` varchar(255) DEFAULT NULL,
`token` char(41) DEFAULT NULL,
UNIQUE KEY `repo_id` (`repo_id`,`token`),
KEY `email` (`email`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `RepoValidSince`
--
DROP TABLE IF EXISTS `RepoValidSince`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `RepoValidSince` (
`repo_id` char(37) NOT NULL,
`timestamp` bigint(20) DEFAULT NULL,
PRIMARY KEY (`repo_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `SharedRepo`
--
DROP TABLE IF EXISTS `SharedRepo`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `SharedRepo` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`repo_id` char(37) DEFAULT NULL,
`from_email` varchar(255) DEFAULT NULL,
`to_email` varchar(255) DEFAULT NULL,
`permission` char(15) DEFAULT NULL,
PRIMARY KEY (`id`),
KEY `repo_id` (`repo_id`),
KEY `from_email` (`from_email`),
KEY `to_email` (`to_email`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `SystemInfo`
--
DROP TABLE IF EXISTS `SystemInfo`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `SystemInfo` (
`info_key` varchar(256) DEFAULT NULL,
`info_value` varchar(1024) DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `UserQuota`
--
DROP TABLE IF EXISTS `UserQuota`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `UserQuota` (
`user` varchar(255) NOT NULL,
`quota` bigint(20) DEFAULT NULL,
PRIMARY KEY (`user`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `UserShareQuota`
--
DROP TABLE IF EXISTS `UserShareQuota`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `UserShareQuota` (
`user` varchar(255) NOT NULL,
`quota` bigint(20) DEFAULT NULL,
PRIMARY KEY (`user`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `VirtualRepo`
--
DROP TABLE IF EXISTS `VirtualRepo`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `VirtualRepo` (
`repo_id` char(36) NOT NULL,
`origin_repo` char(36) DEFAULT NULL,
`path` text,
`base_commit` char(40) DEFAULT NULL,
PRIMARY KEY (`repo_id`),
KEY `origin_repo` (`origin_repo`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
--
-- Table structure for table `WebAP`
--
DROP TABLE IF EXISTS `WebAP`;
/*!40101 SET @saved_cs_client = @@character_set_client */;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `WebAP` (
`repo_id` char(37) NOT NULL,
`access_property` char(10) DEFAULT NULL,
PRIMARY KEY (`repo_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
/*!40101 SET character_set_client = @saved_cs_client */;
/*!40103 SET TIME_ZONE=@OLD_TIME_ZONE */;
/*!40101 SET SQL_MODE=@OLD_SQL_MODE */;
/*!40014 SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS */;
/*!40014 SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS */;
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
-- Dump completed on 2016-11-21 21:33:50

43
manual/deploy/common_problems_for_setting_up_server.md Normal file
View file

@ -0,0 +1,43 @@
# Common Problems for Setting up Server
#### "Error when calling the metaclass bases" during Seafile initialization
Seafile uses Django 1.5, which requires Python 2.6.5+. Make sure your Python version is 2.7.
#### Seahub.sh can't start, the error message contains: "Could not import settings 'seahub.settings', libpython2.7.so.1.0: can not open shared object file"
You probably encounter this problem in Ubuntu 14.04. Seafile pro edition requires libpython2.7. Install it by:
```
sudo apt-get install libpython2.7
```
#### Failed to upload/download file online
* Check your SERVICE_URL setting in ccnet.conf and FILE_SERVER_ROOT setting in seahub_settings.py
* Make sure you firewall for seafile fileserver is opened.
* Using chrome/firefox debug mode to find which link is given when click download button and what's wrong with this link
#### Error on Apache log: "File does not exist: /var/www/seahub.fcgi"
Make sure you use "FastCGIExternalServer /var/www/seahub.fcgi -host 127.0.0.1:8000" in httpd.conf or apache2.conf, especially the "/var/www/seahub.fcgi" part.
#### Error on Apache log: "FastCGI: comm with server "/var/www/seahub.fcgi" aborted: idle timeout (30 sec)"
When accessing file history in huge libraries you get HTTP 500 Error.
Solution:
Change in in httpd.conf or apache2.conf from "FastCGIExternalServer /var/www/seahub.fcgi -host 127.0.0.1:8000"
to "FastCGIExternalServer /var/www/seahub.fcgi -host 127.0.0.1:8000 -idle-timeout 60"
#### Seafile with Apache / HTTPS has text only (no CSS formatting / images)
The media folder (Alias location identified in /etc/apache2/sites-enabled/000-default (Ubuntu) has inappropriate permissions
Solutions:
1. Run installation script as non-root user
2. Copy /media folder to var/www/ and edit the Alias location in /etc/apache2/sites-enabled/000-default

84
manual/deploy/deploy_http_sync.md Normal file
View file

@ -0,0 +1,84 @@
# Configure Syncing via HTTP Protocol
Starting from version 4.0.0, Seafile supports file syncing via HTTP protocol. The server configuration depends on which version of Seafile client do you use.
Client version >= 4.2 use http syncing protocol exclusively, the cases are
* If you're not using https, you don't have to configure Nginx or Apache to use http sync. The client can talk directly with the file server on port 8082.
* If you're using https, you have to configure Nginx or Apahce.
If you'are using clients version < 4.2,
* If you want to use http(s) sync, you have to configure Nginx or Apache.
* If you don't configure Nginx or Apache, the client falls back to use non-http syncing protocol (using port 10001 and 12001).
Servers >= 4.0 are compatible with all syncing protocols, any version of client should work with the server.
## Nginx
Follow [this guide](deploy_with_nginx.md) to configure Nginx without HTTPS, or [this guide](https_with_nginx.md) to configure Nginx with HTTPS.
The section in Nginx config file related to HTTP sync is
```
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
```
there are two things to note:
* You must use the path "/seafhttp" for http syncing. This is hard coded in the client.
* You should add the "client_max_body_size" configuration. The value should be set to 0 (means no limit) or 100M (suffice for most cases).
## Apache
Follow [this guide](deploy_with_apache.md) to configure Apache without HTTPS, or [this guide](https_with_apache.md) to configure Nginx with HTTPS.
The section in Apache config file related to HTTP sync is
```
#
# seafile fileserver
#
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
```
Note that you must use the path "/seafhttp" for http syncing. This is hard coded in the client.
## Client Side Configuration for HTTPS
If you buy a valid SSL certificate, the syncing should work out of the box. If you use self-signed certificate, when you first add an account on the client, it'll pop up a window for you to confirm the server's certificate. If you choose to accept the certificate, the client will use that for https connection.
The client loads trusted CA list from the system trusted CA store on start. It then combines those CA list with the user accepted certificates. The combined list is then used for certificate verification.
If you follow certificate generation instruction in [this guide](https_with_nginx.md) to generate your self-signed certificate, the syncing should work after confirmation.
There may be cases when you can't establish https connection to the server. You can try two work-arounds:
1. Add your self-signed certificate to system trusted CA store.
2. Open the client "settings" window, in "advanced" tab, check "Do not verifiy server certificate in HTTPS sync".
## FAQ and Trouble Shooting
### My Client Doesn't Sync after Upgrading to 4.2.x
Older clients fall back to non-http sync protocol if http sync fails. So you may get the false sense that the old client works with http sync. But actually it doesn't. Client 4.2 use http sync exclusively, so it doesn't sync any more. You have to correctly configure the server for http sync.
### Choosing Ciphers on Nginx/Apache
You should choose strong ciphers on the server side. The following Nginx cipher list is tested to be working fine:
```
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
```
You may fine tune the list to meet your needs.

110
manual/deploy/deploy_seafile_behind_nat.md Normal file
View file

@ -0,0 +1,110 @@
# Deploy Seafile behind NAT
A lot of people want to deploy a seafile server in their LAN, and access it from the WAN.
To achieve this, you need:
- A router which supports port forwarding
- Use a dynamic DNS Service
- Modify your seafile server configuration
### Table of Contents
- [Setup the server](#setup-the-server)
- [Setup port forwarding in your router](#setup-port-forwarding-in-your-router)
- [Use a dynamic dns serivce](#use-a-dynamic-dns-serivce)
- [Modify your seafile configuration](#modify-your-seafile-configuration)
## Setup the server
First, you should follow the guide on [Download and Setup Seafile Server](using_sqlite.md) to setup your Seafile server.
Before you continue, make sure:
- You can visit your seahub website
- You can download/sync a library through your seafile client
## Setup Port Forwarding in Your Router
### Ensure Your Router Supports Port Forwarding
First, ensure your router supports port forwarding.
- Login to the web adminstration page of your router. If you don't know how to do this, you should find the instructions on the manual of the router. If you have no maunal, just google **"XXX router administration page"** where `XXX` is your router's brand.
- Navigate around in the adminstration page, and check if there is a tag which contains a word such as "forward", "advanced". If your router supports it, chances are that you can find the port forwarding related settings there.
### Setup Port Forwarding Rules
Seafile server is composed of several components. If you deployed Seafile behind Apache/Nginx you need to configure port forward for all the components listed below.
component | default port | protocol
-------------------|--------------|----------
webserver (http) | 80 | TCP
webserver (https) | 433 | TCP
If you do not deployed Seafile behind Apache/Nginx you need to configure port forward for all the components listed below. (**not recomended!**)
component | default port | protocol
-----------|--------------|---------
fileserver | 8082 | TCP
seahub | 8000 | TCP
* If you're not using the default ports, you should adjust the table accroding to your own customiztion.
### How to test if your port forwarding is working
After you have set the port forwarding rules on your router, you can check whether it works by:
- Open a command line prompt
- Get your WAN IP. A convenient way to get your WAN ip is to visit `http://who.is`, which would show you your WAN IP.
- Try to connect your seahub server
```bash
telnet <Your WAN IP> 8000
```
If your port forwarding is working, the command above should succeed. Otherwise, you may get a message saying something like *connection refused* or *connection timeout*.
If your port forwarding is not working, the reasons may be:
- You have configured a wrong port forwarding
- Your router may need a restart
- You network may be down
### Set SERVICE_URL
"SERVICE_URL" in `ccnet.conf` is used to generate the download/upload link for files when you browse files online. Set it using your WAN IP.
```python
SERVICE_URL = http://<Your WAN IP>:8000
```
Most routers support NAT loopback. When your access Seafile web from intranet, file download/upload still works even when external IP is used.
## Use a Dynamic DNS Serivce
### Why use a Dynamic DNS(DDNS) Service?
Having done all the steps above, you should be able to visit your seahub server outside your LAN by your WAN IP. But for most people, the WAN IP address is likey to change regularly by their ISP(Internet Serice Provider), which makes this approach impratical.
You can use a dynamic DNS(DDNS) Service to overcome this problem. By using a dynamic DNS service, you can visit your seahub by domain name (instead of by IP), and the domain name will always be mapped to your WAN IP address, even if it changes regularly.
There are a dozen of dynmaic DNS service providers on the internet. If you don't know what service to choose We recommend using [www.noip.com](http://www.noip.com) since it performs well in our testing.
The detailed process is beyond the scope of this wiki. But basically, you should:
1. Choose a DDNS service provider
2. Register an account on the DDNS service provider's website
3. Download a client from your DDNS service provider to keep your domain name always mapped to your WAN IP
## Modify your seafile configuration
After you have setup your DDNS service, you need to modify the `ccnet.conf`:
```python
SERVICE_URL = http://<Your dynamic DNS domain>:8000
```
Restart your seafile server after this.

155
manual/deploy/deploy_seahub_at_non-root_domain.md Normal file
View file

@ -0,0 +1,155 @@
# Deploy Seahub at Non-root domain
This documentation will talk about how to deploy Seafile Web using Apache/Nginx at Non-root directory of the website(e.g., www.example.com/seafile/). Please note that the file server path will still be e.g. www.example.com/seafhttp (rather than www.example.com/seafile/seafhttp) because this path is hardcoded in the clients.
**Note:** We assume you have read [Deploy Seafile with nginx](deploy_with_nginx.md) or [Deploy Seafile with apache](deploy_with_apache.md).
## Configure Seahub
First, we need to overwrite some variables in seahub_settings.py:
```
SERVE_STATIC = False
MEDIA_URL = '/seafmedia/'
COMPRESS_URL = MEDIA_URL
STATIC_URL = MEDIA_URL + 'assets/'
SITE_ROOT = '/seafile/'
LOGIN_URL = '/seafile/accounts/login/' # NOTE: since version 5.0.4
```
The webserver will serve static files (js, css, etc), so we just disable `SERVE_STATIC`.
`MEDIA_URL` can be anything you like, just make sure a trailing slash is appended at the end.
We deploy Seafile at `/seafile/` directory instead of root directory, so we set `SITE_ROOT` to `/seafile/`.
## Modify ccnet.conf and seahub_setting.py
### Modify ccnet.conf
You need to modify the value of `SERVICE_URL` in [ccnet.conf](../config/ccnet-conf.md)
to let Seafile know the domain you choose.
```
SERVICE_URL = http://www.myseafile.com/seafile
```
Note: If you later change the domain assigned to seahub, you also need to change the value of `SERVICE_URL`.
### Modify seahub_settings.py
You need to add a line in `seahub_settings.py` to set the value of `FILE_SERVER_ROOT`
```python
FILE_SERVER_ROOT = 'http://www.myseafile.com/seafhttp'
```
**Note:** The file server path MUST be `/seafhttp` because this path is hardcoded in the clients.
## Webserver configuration
### Deploy with Nginx
Then, we need to configure the Nginx:
```
server {
listen 80;
server_name www.example.com;
proxy_set_header X-Forwarded-For $remote_addr;
location /seafile {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /seafmedia {
rewrite ^/seafmedia(.*)$ /media$1 break;
root /home/user/haiwen/seafile-server-latest/seahub;
}
}
```
## Deploy with Apache
Here is the sample configuration:
```
<VirtualHost *:80>
ServerName www.example.com
DocumentRoot /var/www
Alias /seafmedia /home/user/haiwen/seafile-server-latest/seahub/media
<Location /seafmedia>
ProxyPass !
Require all granted
</Location>
RewriteEngine On
#
# seafile fileserver
#
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
#
# seahub
#
SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPreserveHost On
ProxyPass /seafile http://127.0.0.1:8000/seafile
ProxyPassReverse /seafile http://127.0.0.1:8000/seafile
</VirtualHost>
```
We use Alias to let Apache serve static files, please change the second argument to your path.
## Clear the cache
By default, Seahub caches some data like the link to the avatar icon in `/tmp/seahub_cache/` (unless memcache is used). We suggest to clear the cache after seafile has been stopped:
```
rm -rf /tmp/seahub_cache/
```
For memcache users, please purge the cache there instead by restarting your memcached server.
## Start Seafile and Seahub
```
./seafile.sh start
./seahub.sh start
```

101
manual/deploy/deploy_with_apache.md Normal file
View file

@ -0,0 +1,101 @@
# Config Seahub with Apache
## Important
According to the [security advisory](https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/) published by Django team, we recommend disable [GZip compression](http://httpd.apache.org/docs/2.2/mod/mod_deflate.html) to mitigate [BREACH attack](http://breachattack.com/).
This tutorial assumes you run at least Apache 2.4.
## Prepare
Install and enable apache modules
On Ubuntu you can use:
```bash
sudo a2enmod rewrite
sudo a2enmod proxy_http
```
## Deploy Seahub/FileServer With Apache
Seahub is the web interface of Seafile server. FileServer is used to handle raw file uploading/downloading through browsers. By default, it listens on port 8082 for HTTP request.
Here we deploy Seahub and FileServer with reverse proxy. We assume you are running Seahub using domain '''www.myseafile.com'''.
Modify Apache config file:
(`sites-enabled/000-default`) for ubuntu/debian, (`vhost.conf`) for centos/fedora
```apache
<VirtualHost *:80>
ServerName www.myseafile.com
# Use "DocumentRoot /var/www/html" for Centos/Fedora
# Use "DocumentRoot /var/www" for Ubuntu/Debian
DocumentRoot /var/www
Alias /media /home/user/haiwen/seafile-server-latest/seahub/media
RewriteEngine On
<Location /media>
Require all granted
</Location>
#
# seafile fileserver
#
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
#
# seahub
#
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
</VirtualHost>
```
## Modify ccnet.conf and seahub_setting.py
### Modify ccnet.conf
You need to modify the value of `SERVICE_URL` in [ccnet.conf](../config/ccnet-conf.md)
to let Seafile know the domain you choose. You can also modify SERVICE_URL via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.)
```python
SERVICE_URL = http://www.myseafile.com
```
Note: If you later change the domain assigned to seahub, you also need to change the value of `SERVICE_URL`.
### Modify seahub_settings.py
You need to add a line in `seahub_settings.py` to set the value of `FILE_SERVER_ROOT`. You can also modify `FILE_SERVER_ROOT` via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.)
```python
FILE_SERVER_ROOT = 'http://www.myseafile.com/seafhttp'
```
## Start Seafile and Seahub
```bash
sudo service apache2 restart
./seafile.sh start
./seahub.sh start
```
## Troubleshooting
### Problems with paths and files containing spaces
If there are problems with paths or files containing spaces, make sure to have at least Apache 2.4.12.
References
* https://github.com/haiwen/seafile/issues/1258#issuecomment-188866740
* https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1284641
* https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1284641/comments/5
* https://svn.apache.org/viewvc/httpd/httpd/tags/2.4.12/CHANGES?view=markup#l45

244
manual/deploy/deploy_with_docker.md Normal file
View file

@ -0,0 +1,244 @@
## About
* [Docker](https://docker.com/) is an open source project to pack, ship and run any Linux application in a lighter weight, faster container than a traditional virtual machine.
* Docker makes it much easier to deploy [a Seafile server](https://github.com/haiwen/seafile) on your servers and keep it updated.
* The base image configures Seafile with the Seafile team's recommended optimal defaults.
If you are not familiar with docker commands, please refer to [docker documentation](https://docs.docker.com/engine/reference/commandline/cli/).
**Note**: If you want to deploy the Seafile Pro Edition with docker, refor to the [Deploying Seafile-pro with Docker](../deploy_pro/deploy_with_docker.md)
## For seafile 7.x.x
Starting with 7.0, we have adjusted seafile-docker image to use multiple containers. The old image runs MariaDB-Server and Memcached in the same container with Seafile server. Now, we strip the MariaDB-Server and Memcached services from the Seafile image and run them in their respective containers.
If you plan to deploy seafile 7.0, you should refer to the [Deploy Documentation](<../docker/deploy seafile with docker.md>).
If you plan to upgrade 6.3 to 7.0, you can refer to the [Upgrade Documentation](<../docker/6.3 upgrade to 7.0.md>).
## For seafile 6.x.x
### Getting started
To run the seafile server container:
```sh
docker run -d --name seafile \
-e SEAFILE_SERVER_HOSTNAME=seafile.example.com \
-v /opt/seafile-data:/shared \
-p 80:80 \
seafileltd/seafile:latest
```
Wait for a few minutes for the first time initialization, then visit `http://seafile.example.com` to open Seafile Web UI.
This command will mount folder `/opt/seafile-data` at the local server to the docker instance. You can find logs and other data under this folder.
### More configuration options
#### Custom admin username and password
The default admin account is `me@example.com` and the password is `asecret`. You can use a different password by setting the container's environment variables:
e.g.
```sh
docker run -d --name seafile \
-e SEAFILE_SERVER_HOSTNAME=seafile.example.com \
-e SEAFILE_ADMIN_EMAIL=me@example.com \
-e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \
-v /opt/seafile-data:/shared \
-p 80:80 \
seafileltd/seafile:latest
```
If you forget the admin password, you can add a new admin account and then go to the sysadmin panel to reset user password.
#### Let's encrypt SSL certificate
If you set `SEAFILE_SERVER_LETSENCRYPT` to `true`, the container would request a letsencrypt-signed SSL certificate for you automatically.
e.g.
```
docker run -d --name seafile \
-e SEAFILE_SERVER_LETSENCRYPT=true \
-e SEAFILE_SERVER_HOSTNAME=seafile.example.com \
-e SEAFILE_ADMIN_EMAIL=me@example.com \
-e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \
-v /opt/seafile-data:/shared \
-p 80:80 \
-p 443:443 \
seafileltd/seafile:latest
```
If you want to use your own SSL certificate:
* create a folder `/opt/seafile-data/ssl`, and put your certificate and private key under the ssl directory.
* Assume your site name is `seafile.example.com`, then your certificate must have the name `seafile.example.com.crt`, and the private key must have the name `seafile.example.com.key`.
#### Modify seafile server configurations
The config files are under `shared/seafile/conf`. You can modify the configurations according to[ Seafile manual](https://download.seafile.com/published/seafile-manual/home.md)
After modification, you need to restart the container:
```
docker restart seafile
```
#### Find logs
The seafile logs are under `shared/logs/seafile` in the docker, or `/opt/seafile-data/logs/seafile` in the server that run the docker.
The system logs are under `shared/logs/var-log`, or `/opt/seafile-data/logs/var-log` in the server that run the docker.
#### Add a new admin
Ensure the container is running, then enter this command:
```
docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh
```
Enter the username and password according to the prompts. You now have a new admin account.
### Directory structure
#### `/shared`
Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various logfiles and upload directory outside. This allows you to rebuild containers easily without losing important information.
* /shared/db: This is the data directory for mysql server
* /shared/seafile: This is the directory for seafile server configuration and data.
* /shared/logs: This is the directory for logs.
* /shared/logs/var-log: This is the directory that would be mounted as `/var/log` inside the container. For example, you can find the nginx logs in `shared/logs/var-log/nginx/`.
* /shared/logs/seafile: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in `shared/logs/seafile/seafile.log`.
* /shared/ssl: This is directory for certificate, which does not exist by default.
* /shared/bootstrap.conf: This file does not exist by default. You can create it by your self, and write the configuration of files similar to the `samples` folder.
### Upgrading seafile server
If you plan to upgrade 6.3 to 7.0, you can refer to the [Upgrade Documentation](<../docker/6.3 upgrade to 7.0.md>).
To upgrade to the latest version of seafile 6.3:
```sh
docker pull seafileltd/seafile:latest
docker rm -f seafile
docker run -d --name seafile \
-e SEAFILE_SERVER_LETSENCRYPT=true \
-e SEAFILE_SERVER_HOSTNAME=seafile.example.com \
-e SEAFILE_ADMIN_EMAIL=me@example.com \
-e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \
-v /opt/seafile-data:/shared \
-p 80:80 \
-p 443:443 \
seafileltd/seafile:latest
```
If you are one of the early users who use the `launcher` script, you should refer to [upgrade from old format](https://github.com/haiwen/seafile-docker/blob/master/upgrade_from_old_format.md) document.
### Backup and recovery
#### Struct
We assume your seafile volumns path is in `/shared`. And you want to backup to `/backup` directory.
You can create a layout similar to the following in /backup directory:
```struct
/backup
---- databases/ contains database backup files
---- data/ contains backups of the data directory
```
The data files to be backed up:
```struct
/shared/seafile/conf # configuration files
/shared/seafile/pro-data # data of es
/shared/seafile/seafile-data # data of seafile
/shared/seafile/seahub-data # data of seahub
```
#### Backup
Steps:
1. Backup the databases;
2. Backup the seafile data directory;
[Backup Order: Database First or Data Directory First](../maintain/backup_recovery.md)
* backing up Database:
```bash
# It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week.
cd /backup/databases
docker exec -it seafile mysqldump -uroot --opt ccnet_db > ccnet_db.sql
docker exec -it seafile mysqldump -uroot --opt seafile_db > seafile_db.sql
docker exec -it seafile mysqldump -uroot --opt seahub_db > seahub_db.sql
```
* Backing up Seafile library data:
* To directly copy the whole data directory
```bash
cp -R /shared/seafile /backup/data/
cd /backup/data && rm -rf ccnet
```
* Use rsync to do incremental backup
```bash
rsync -az /shared/seafile /backup/data/
cd /backup/data && rm -rf ccnet
```
### Recovery
* Restore the databases:
```bash
cp /backup/data/ccnet_db.sql /shared/ccnet_db.sql
cp /backup/data/seafile_db.sql /shared/seafile_db.sql
cp /backup/data/seahub_db.sql /shared/seahub_db.sql
docker exec -it seafile /bin/sh -c "mysql -uroot ccnet_db < /shared/ccnet_db.sql"
docker exec -it seafile /bin/sh -c "mysql -uroot seafile_db < /shared/seafile_db.sql"
docker exec -it seafile /bin/sh -c "mysql -uroot seahub_db < /shared/seahub_db.sql"
```
* Restore the seafile data:
```bash
cp -R /backup/data/* /shared/seafile/
```
### Garbage collection
When files are deleted, the blocks comprising those files are not immediately removed as there may be other files that reference those blocks (due to the magic of deduplication). To remove them, Seafile requires a '[garbage collection](../maintain/seafile_gc.md)' process to be run, which detects which blocks no longer used and purges them. (NOTE: for technical reasons, the GC process does not guarantee that _every single_ orphan block will be deleted.)
The required scripts can be found in the `/scripts` folder of the docker container. To perform garbage collection, simply run `docker exec seafile /scripts/gc.sh`. For the community edition, this process will stop the seafile server, but it is a relatively quick process and the seafile server will start automatically once the process has finished. The Professional supports an online garbage collection.
### Troubleshooting
You can run docker commands like "docker exec" to find errors.
```sh
docker exec -it seafile bash
```

127
manual/deploy/deploy_with_nginx.md Normal file
View file

@ -0,0 +1,127 @@
# Config Seahub with Nginx
## Deploy Seahub/FileServer with Nginx
Seahub is the web interface of Seafile server. FileServer is used to handle raw file uploading/downloading through browsers. By default, it listens on port 8082 for HTTP requests.
Here we deploy Seahub and FileServer with reverse proxy. We assume you are running Seahub using domain `seafile.example.com`.
This is a sample Nginx config file.
In Ubuntu 16.04, you can add the config file as follows:
1. create file `/etc/nginx/sites-available/seafile.conf`
2. Delete `/etc/nginx/sites-enabled/default`: `rm /etc/nginx/sites-enabled/default`
3. Create symbolic link: `ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf`
```nginx
log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $upstream_response_time';
server {
listen 80;
server_name seafile.example.com;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
# used for view/edit office file via Office Online Server
client_max_body_size 0;
access_log /var/log/nginx/seahub.access.log seafileformat;
error_log /var/log/nginx/seahub.error.log;
}
# If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI),
# which is not recommended, you should use the following config for location `/`.
#
# location / {
# fastcgi_pass 127.0.0.1:8000;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_script_name;
#
# fastcgi_param SERVER_PROTOCOL $server_protocol;
# fastcgi_param QUERY_STRING $query_string;
# fastcgi_param REQUEST_METHOD $request_method;
# fastcgi_param CONTENT_TYPE $content_type;
# fastcgi_param CONTENT_LENGTH $content_length;
# fastcgi_param SERVER_ADDR $server_addr;
# fastcgi_param SERVER_PORT $server_port;
# fastcgi_param SERVER_NAME $server_name;
# fastcgi_param REMOTE_ADDR $remote_addr;
# fastcgi_read_timeout 36000;
#
# client_max_body_size 0;
#
# access_log /var/log/nginx/seahub.access.log;
# error_log /var/log/nginx/seahub.error.log;
# }
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
access_log /var/log/nginx/seafhttp.access.log seafileformat;
error_log /var/log/nginx/seafhttp.error.log;
}
location /media {
root /home/user/haiwen/seafile-server-latest/seahub;
}
}
```
Nginx settings `client_max_body_size` is by default 1M. Uploading a file bigger than this limit will give you an error message HTTP error code 413 ("Request Entity Too Large").
You should use 0 to disable this feature or write the same value than for the parameter `max_upload_size` in section `[fileserver]` of [seafile.conf](../config/seafile-conf.md). Client uploads are only partly effected by this limit. With a limit of 100 MiB they can safely upload files of any size.
Tip for uploading very large files (> 4GB): By default Nginx will buffer large request bodies in temp files. After the body is completely received, Nginx will send the body to the upstream server (seaf-server in our case). But it seems when the file size is very large, the buffering mechanism dosen't work well. It may stop proxying the body in the middle. So if you want to support file uploads larger than 4GB, we suggest to install Nginx version >= 1.8.0 and add the following options to Nginx config file:
```nginx
location /seafhttp {
... ...
proxy_request_buffering off;
}
```
## Modify ccnet.conf and seahub_setting.py
### Modify ccnet.conf
You need to modify the value of `SERVICE_URL` in [ccnet.conf](../config/ccnet-conf.md) to let Seafile know the domain, protocol and port you choose. You can also modify `SERVICE_URL` via web UI in "System Admin->Settings". (**Warning**: If you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.)
```python
SERVICE_URL = http://seafile.example.com
```
Note: If you later change the domain assigned to Seahub, you also need to change the value of `SERVICE_URL`.
### Modify seahub_settings.py
You need to add a line in `seahub_settings.py` to set the value of `FILE_SERVER_ROOT`. You can also modify `FILE_SERVER_ROOT` via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.)
```python
FILE_SERVER_ROOT = 'http://seafile.example.com/seafhttp'
```
## Start Seafile and Seahub
```bash
./seafile.sh start
./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi
```

108
manual/deploy/https_with_apache.md Normal file
View file

@ -0,0 +1,108 @@
# Enabling Https with Apache
Here we suggest you use [Lets Encrypt](https://letsencrypt.org/getting-started/) to get a certificate from a Certificate Authority (CA). If you use a paid ssl certificate from some authority, just skip the first step.
### Generate SSL certificate
For users who use Lets Encrypt, you can obtain a valid certificate via [Certbot ACME client](https://certbot.eff.org/)
On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.
```bash
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
```
Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:
```bash
sudo certbot --apache
```
Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:
```bash
sudo certbot --apache certonly
```
To learn more about how to use Certbot you can read threir [documentation](https://certbot.eff.org/docs/).
> If you're using a custom CA to sign your SSL certificate, you have to enable certificate revocation list (CRL) in your certificate. Otherwise http syncing on Windows client may not work. See [this thread](https://forum.seafile-server.org/t/https-syncing-on-windows-machine-using-custom-ca/898) for more information.
## Enable https on Seahub
Assume you have configured Apache as [Deploy Seafile with
Apache](deploy_with_apache.md). To use https, you need to enable mod_ssl
```bash
sudo a2enmod ssl
```
On Windows, you have to add ssl module to httpd.conf
```apache
LoadModule ssl_module modules/mod_ssl.so
```
Then modify your Apache configuration file. Here is a sample:
```apache
<VirtualHost *:443>
ServerName www.myseafile.com
DocumentRoot /var/www
SSLEngine On
SSLCertificateFile /path/to/cacert.pem
SSLCertificateKeyFile /path/to/privkey.pem
Alias /media /home/user/haiwen/seafile-server-latest/seahub/media
<Location /media>
Require all granted
</Location>
RewriteEngine On
#
# seafile fileserver
#
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
#
# seahub
#
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
</VirtualHost>
```
## Modify settings to use https
### ccnet conf
Since you change from http to https, you need to modify the value of "SERVICE_URL" in [ccnet.conf](../config/ccnet-conf.md). You can also modify SERVICE_URL via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.)
```python
SERVICE_URL = https://www.myseafile.com
```
### seahub_settings.py
You need to add a line in seahub_settings.py to set the value of `FILE_SERVER_ROOT`. You can also modify `FILE_SERVER_ROOT` via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.)
```python
FILE_SERVER_ROOT = 'https://www.myseafile.com/seafhttp'
```
## Start Seafile and Seahub
```bash
./seafile.sh start
./seahub.sh start
```

275
manual/deploy/https_with_nginx.md Normal file
View file

@ -0,0 +1,275 @@
# Enabling Https with Nginx
Here we suggest you use [Lets Encrypt](https://letsencrypt.org/getting-started/) to get a certificate from a Certificate Authority (CA). If you use a paid ssl certificate from some authority, just skip the first step.
### Generate SSL certificate
For users who use Lets Encrypt, you can obtain a valid certificate via [Certbot ACME client](https://certbot.eff.org/)
On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.
```bash
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
```
Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:
```bash
sudo certbot --nginx
```
Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:
```bash
sudo certbot --nginx certonly
```
To learn more about how to use Certbot you can read threir [documentation](https://certbot.eff.org/docs/).
> If you're using a custom CA to sign your SSL certificate, you have to enable certificate revocation list (CRL) in your certificate. Otherwise http syncing on Windows client may not work. See [this thread](https://forum.seafile-server.org/t/https-syncing-on-windows-machine-using-custom-ca/898) for more information.
### Enable SSL module of Nginx (optional)
If your Nginx does not support SSL, you need to recompile it, the commands are as follows:
```bash
./configure --with-http_stub_status_module --with-http_ssl_module
make && make install
```
### Modify Nginx configuration file
Assume you have configured nginx as [Deploy-Seafile-with-nginx](deploy_with_nginx.md). To use https, you need to modify your nginx configuration file.
```nginx
server {
listen 80;
server_name seafile.example.com;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
# Enables or disables emitting nginx version on error pages and in the "Server" response header field.
server_tokens off;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/cacert.pem; # path to your cacert.pem
ssl_certificate_key /etc/ssl/privkey.pem; # path to your privkey.pem
server_name seafile.example.com;
server_tokens off;
# ......
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_read_timeout 1200s;
}
```
### Sample configuration file
#### Generate DH params
(this takes some time)
```bash
openssl dhparam 2048 > /etc/nginx/dhparam.pem
```
Here is the sample configuration file:
```nginx
server {
listen 80;
server_name seafile.example.com;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
server_tokens off;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/ssl/cacert.pem; # path to your cacert.pem
ssl_certificate_key /etc/ssl/privkey.pem; # path to your privkey.pem
server_name seafile.example.com;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/dhparam.pem;
# secure settings (A+ at SSL Labs ssltest at time of writing)
# see https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_prefer_server_ciphers on;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
proxy_read_timeout 1200s;
client_max_body_size 0;
}
# If you are using [FastCGI](http://en.wikipedia.org/wiki/FastCGI),
# which is not recommended, you should use the following config for location `/`.
#
# location / {
# fastcgi_pass 127.0.0.1:8000;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_script_name;
#
# fastcgi_param SERVER_PROTOCOL $server_protocol;
# fastcgi_param QUERY_STRING $query_string;
# fastcgi_param REQUEST_METHOD $request_method;
# fastcgi_param CONTENT_TYPE $content_type;
# fastcgi_param CONTENT_LENGTH $content_length;
# fastcgi_param SERVER_ADDR $server_addr;
# fastcgi_param SERVER_PORT $server_port;
# fastcgi_param SERVER_NAME $server_name;
# fastcgi_param REMOTE_ADDR $remote_addr;
# fastcgi_read_timeout 36000;
#
# client_max_body_size 0;
#
# access_log /var/log/nginx/seahub.access.log;
# error_log /var/log/nginx/seahub.error.log;
# }
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /media {
root /home/user/haiwen/seafile-server-latest/seahub;
}
}
```
### Large file uploads
Tip for uploading very large files (> 4GB): By default Nginx will buffer large request body in temp file. After the body is completely received, Nginx will send the body to the upstream server (seaf-server in our case). But it seems when file size is very large, the buffering mechanism dosen't work well. It may stop proxying the body in the middle. So if you want to support file upload larger for 4GB, we suggest you install Nginx version >= 1.8.0 and add the following options to Nginx config file:
```nginx
location /seafhttp {
... ...
proxy_request_buffering off;
}
```
If you have WebDAV enabled it is recommended to add the same:
```nginx
location /seafdav {
... ...
proxy_request_buffering off;
}
```
### Reload Nginx
```bash
nginx -s reload
```
## Modify settings to use https
### ccnet conf
Since you changed from http to https, you need to modify the value of `SERVICE_URL` in [ccnet.conf](../config/ccnet-conf.md). You can also modify `SERVICE_URL` via web UI in "System Admin->Settings". (**Warning**: If you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.)
```bash
SERVICE_URL = https://seafile.example.com
```
### seahub_settings.py
You need to add a line in seahub_settings.py to set the value of `FILE_SERVER_ROOT`. You can also modify `FILE_SERVER_ROOT` via web UI in "System Admin->Settings". (**Warning**: If you set the value both via Web UI and seahub_settings.py, the setting via Web UI will take precedence.)
```python
FILE_SERVER_ROOT = 'https://seafile.example.com/seafhttp'
```
### Change Seafile config
Update the [configuration](../config/seafile-conf.md#seafile-fileserver-configuration
) of seafile fileserver is in the `[fileserver]` section of the file `seafile.conf` to local ip `127.0.0.1`
```
[fileserver]
# bind address for fileserver
# default to 0.0.0.0, if deployed without proxy: no access restriction
# set to 127.0.0.1, if used with local proxy: only access by local
host = 127.0.0.1
```
## Start Seafile and Seahub
```bash
./seafile.sh start
./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi
```
## Additional modern settings for nginx (optional)
### Activate IPv6
Require IPv6 on server otherwise the server will not start! Also the AAAA dns record is required for IPv6 usage.
```nginx
listen 443;
listen [::]:443;
```
### Activate HTTP2
Activate HTTP2 for more performance. Only available for SSL and nginx version>=1.9.5. Simply add `http2`.
```nginx
listen 443 http2;
listen [::]:443 http2;
```
## Additional security settings for nginx (optional)
### Force https on next visit
Add the HSTS header. If you already visited the https version the next time your browser will directly visit the https site and not the http one. Prevent man-in-the-middle-attacks:
```nginx
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
```
### Obfuscate nginx version
Disable exact server version in header. Prevent scans for vulnerable server.
**This should be added to every server block, as it shall obfuscate the version of nginx.**
```nginx
server_tokens off;
```
## Test your server
To check your configuration you can use the service from ssllabs: https://www.ssllabs.com/ssltest/index.html .

68
manual/deploy/kerberos_config.md Normal file
View file

@ -0,0 +1,68 @@
## Kerberos
NOTE: Since version 7.0, this documenation is deprecated. Users should use Apache as a proxy server for Kerberos authentication. Then configure Seahub by the instructions in [Remote User Authentication](remote_user.md).
[Kerberos](https://web.mit.edu/kerberos/) is a widely used single sign on (SSO) protocol. Seafile server supports authentication via Kerberos. It allows users to log in to Seafile without entering credentials again if they have a kerberos ticket.
In this documentation, we assume the reader is familiar with Kerberos installation and configuration.
Seahub provides a special URL to handle Kerberos login. The URL is `https://your-server/krb5-login`. Only this URL needs to be configured under Kerberos protection. All other URLs don't go through the Kerberos module. The overall workflow for a user to login with Kerberos is as follows:
1. In the Seafile login page, there is a separate "Kerberos" login button. When the user clicks the button, it will be redirected to `https://your-server/krb5-login`.
2. Since that URL is controlled by Kerberos, the apache module will try to get a Ticket from the Kerberos server.
3. Seahub reads the user information from the request and brings the user to its home page.
4. Further requests to Seahub will not pass through the Kerberos module. Since Seahub keeps session information internally, the user doesn't need to login again until the session expires.
The configuration includes three steps:
1. Get a keytab for Apache from Kerberos
2. Configure Apache
3. Configure Seahub
## Get keytab for Apache
Store the keytab under the name defined below and make it accessible only to the apache user (e.g. httpd or www-data and chmod 600).
## Apache Configuration
You should create a new location in your virtual host configuration for Kerberos.
```
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName seafile.example.com
DocumentRoot /var/www
...
<Location /krb5-login/>
SSLRequireSSL
AuthType Kerberos
AuthName "Kerberos EXAMPLE.ORG"
KrbMethodNegotiate On
KrbMethodK5Passwd On
Krb5KeyTab /etc/apache2/conf.d/http.keytab
#ErrorDocument 401 '<html><meta http-equiv="refresh" content="0; URL=/accounts/login"><body>Kerberos authentication did not pass.</body></html>'
Require valid-user
</Location>
...
</VirtualHost>
</IfModule>
```
After restarting Apache, you should see in the Apache logs that user@REALM is used when accessing https://seafile.example.com/krb5-login/.
## Configure Seahub
Seahub extracts the username from the `REMOTE_USER` environment variable.
Now we have to tell Seahub what to do with the authentication information passed in by Kerberos.
Add the following option to seahub_settings.py.
```
ENABLE_KRB5_LOGIN = True
```
## Verify
After restarting Apache and Seafile services, you can test the Kerberos login workflow.

114
manual/deploy/libreoffice_online.md Normal file
View file

@ -0,0 +1,114 @@
# Integrate Seafile with Collabora Online (LibreOffice Online)
Since Seafile Professional edition 6.0.0, you can integrate Seafile with Collabora Online to preview office files.
## Setup LibreOffice Online
1. Prepare an Ubuntu 16.04 64bit server with [docker](http://www.docker.com/) installed;
1. Assign a domain name to this server, we use *collabora-online.seafile.com* here.
1. Obtain and install valid TLS/SSL certificates for this server, we use [Lets Encrypt](https://letsencrypt.org/).
1. Use Nginx to serve collabora online, config file example:
```
server {
listen 443 ssl;
server_name collabora-online.seafile.com;
ssl_certificate /etc/letsencrypt/live/collabora-online.seafile.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/collabora-online.seafile.com/privkey.pem;
# static files
location ^~ /loleaflet {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# WOPI discovery URL
location ^~ /hosting/discovery {
proxy_pass https://localhost:9980;
proxy_set_header Host $http_host;
}
# websockets, download, presentation and image upload
location ^~ /lool {
proxy_pass https://localhost:9980;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
}
}
```
1. then use the following command to setup/start Collabora Online:
```
docker pull collabora/code
docker run -t -p 9980:9980 -e "domain=<your-dot-escaped-domain>" --restart always --cap-add MKNOD collabora/code
```
**NOTE:** the `domain` args is the domain name of your Seafile server, if your
Seafile server's domain name is *demo.seafile.com*, the command should be:
```
docker run -t -p 9980:9980 -e "domain=demo\.seafile\.com" --restart always --cap-add MKNOD collabora/code
```
For more information about Collabora Online and how to deploy it, please refer to https://www.collaboraoffice.com
## Config Seafile
**NOTE:** You must [enable https](../deploy/https_with_nginx.md) with valid TLS/SSL certificates (we use [Lets Encrypt](https://letsencrypt.org/)) to Seafile to use Collabora Online.
Add following config option to seahub_settings.py:
``` python
# From 6.1.0 CE version on, Seafile support viewing/editing **doc**, **ppt**, **xls** files via LibreOffice
# Add this setting to view/edit **doc**, **ppt**, **xls** files
OFFICE_SERVER_TYPE = 'CollaboraOffice'
# Enable LibreOffice Online
ENABLE_OFFICE_WEB_APP = True
# Url of LibreOffice Online's discovery page
# The discovery page tells Seafile how to interact with LibreOffice Online when view file online
# You should change `https://collabora-online.seafile.com/hosting/discovery` to your actual LibreOffice Online server address
OFFICE_WEB_APP_BASE_URL = 'https://collabora-online.seafile.com/hosting/discovery'
# Expiration of WOPI access token
# WOPI access token is a string used by Seafile to determine the file's
# identity and permissions when use LibreOffice Online view it online
# And for security reason, this token should expire after a set time period
WOPI_ACCESS_TOKEN_EXPIRATION = 30 * 60 # seconds
# List of file formats that you want to view through LibreOffice Online
# You can change this value according to your preferences
# And of course you should make sure your LibreOffice Online supports to preview
# the files with the specified extensions
OFFICE_WEB_APP_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx')
# Enable edit files through LibreOffice Online
ENABLE_OFFICE_WEB_APP_EDIT = True
# types of files should be editable through LibreOffice Online
OFFICE_WEB_APP_EDIT_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx')
```
Then restart Seafile.
Click an office file in Seafile web interface, you will see the online preview rendered by LibreOffice online. Here is an example:
![LibreOffice-online](../images/libreoffice-online.png)
## Trouble shooting
Understanding how theintegration work will help you debug the problem. When a user visits a file page:
1. (seahub->browser) Seahub will generate a page containing an iframe and send it to the browser
2. (browser->LibreOffice Online) With the iframe, the browser will try to load the file preview page from the LibreOffice Online
3. (LibreOffice Online->seahub) LibreOffice Online receives the request and sends a request to Seahub to get the file content
4. (LibreOffice Online->browser) LibreOffice Online sends the file preview page to the browser.
If you have a problem, please check the Nginx log for Seahub (for step 3) and Collabora Online to see which step is wrong.

105
manual/deploy/migrate_from_sqlite_to_mysql.md Normal file
View file

@ -0,0 +1,105 @@
# Migrate From SQLite to MySQL
**NOTE**: The tutorial is only available for Seafile CE version.
First make sure the python module for MySQL is installed. On Ubuntu, use `sudo apt-get install python-mysqldb` to install it.
Steps to migrate Seafile from SQLite to MySQL:
1. Stop Seafile and Seahub.
2. Download [sqlite2mysql.sh](https://raw.githubusercontent.com/haiwen/seafile-server/master/scripts/sqlite2mysql.sh) and [sqlite2mysql.py](https://raw.githubusercontent.com/haiwen/seafile-server/master/scripts/sqlite2mysql.py) to the top directory of your Seafile installation path. For example, `/opt/seafile`.
3. Run `sqlite2mysql.sh`:
```
chmod +x sqlite2mysql.sh
./sqlite2mysql.sh
```
This script will produce three files: `ccnet-db.sql`, `seafile-db.sql`, `seahub-db.sql`.
4. Create 3 databases ccnet_db, seafile_db, seahub_db and seafile user.
```
mysql> create database ccnet_db character set = 'utf8';
mysql> create database seafile_db character set = 'utf8';
mysql> create database seahub_db character set = 'utf8';
```
5. Import ccnet data to MySql.
```
mysql> use ccnet_db;
mysql> source ccnet-db.sql;
```
6. Import seafile data to MySql.
```
mysql> use seafile_db;
mysql> source seafile-db.sql;
```
7. Import seahub data to MySql.
```
mysql> use seahub_db;
mysql> source seahub-db.sql;
```
8. Modify configure files.
Append following lines to [ccnet.conf](../config/ccnet-conf.md):
```
[Database]
ENGINE=mysql
HOST=127.0.0.1
USER=root
PASSWD=root
DB=ccnet_db
CONNECTION_CHARSET=utf8
```
Note: Use `127.0.0.1`, don't use `localhost`.
Replace the database section in `seafile.conf` with following lines:
```
[database]
type=mysql
host=127.0.0.1
user=root
password=root
db_name=seafile_db
connection_charset=utf8
```
Append following lines to `seahub_settings.py`:
```
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'USER' : 'root',
'PASSWORD' : 'root',
'NAME' : 'seahub_db',
'HOST' : '127.0.0.1',
# This is only needed for MySQL older than 5.5.5.
# For MySQL newer than 5.5.5 INNODB is the default already.
'OPTIONS': {
"init_command": "SET storage_engine=INNODB",
}
}
}
```
9. Restart seafile and seahub
**NOTE**
User notifications will be cleared during migration due to the slight difference between MySQL and SQLite, if you only see the busy icon when click the notitfications button beside your avatar, please remove `user_notitfications` table manually by:
```
use seahub_db;
delete from notifications_usernotification;
```

36
manual/deploy/new_directory_layout_5_0_0.md Normal file
View file

@ -0,0 +1,36 @@
# Config files location change in Seafile Server 5.0.0
Seafile server has various components, each of them has its own config files. These files used to be in different directories, which is inconvenient to manage.
This is the layout before Seafile Server 5.0.0:
```sh
└── seahub_settings.py
└── ccnet/
└── ccnet.conf
└── seafile/
└── seafile.conf
└── conf/
└── seafdav.conf
└── pro-data/
└── seafevents.conf # (professional edition only)
└── seafile-server-latest/
```
Since Seafile Server 5.0.0, all config files are moved to the **conf** folder:
```sh
└── conf/
└── ccnet.conf
└── seafile.conf
└── seafdav.conf
└── seahub_settings.py
└── seafevents.conf # (professional edition only)
└── ccnet/
└── seafile/
└── pro-data/
```
This way, it's much easier to manage the configurations since all files can be found in the same place.
When you upgrading to seafile 5.0.0, the upgrade script would move these files to the central **conf/** folder for you.

133
manual/deploy/oauth.md Normal file
View file

@ -0,0 +1,133 @@
## OAuth
Since CE version 6.2.3, Seafile supports user login via [OAuth](https://oauth.net/).
Before using OAuth, Seafile administrator should first register an OAuth2 client application on your authorization server, then add some configurations to seahub_settings.py.
And don't forget install thirdparty requirement.
```
sudo pip install requests_oauthlib
```
#### Register an OAuth2 client application
Here we use Github as an example. First you should register an OAuth2 client application on Github, [official document from Github](https://developer.github.com/apps/building-integrations/setting-up-and-registering-oauth-apps/registering-oauth-apps/) is very detailed.
#### Configuration
Add the folllowing configurations to seahub_settings.py:
```
ENABLE_OAUTH = True
# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an "oauthlib.oauth2.rfc6749.errors.InsecureTransportError". Set this to `True` to avoid this error.
OAUTH_ENABLE_INSECURE_TRANSPORT = True
# Client id/secret generated by authorization server when you register your client application.
OAUTH_CLIENT_ID = "your-client-id"
OAUTH_CLIENT_SECRET = "your-client-secret"
# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.
OAUTH_REDIRECT_URL = 'http{s}://your-domain.com/oauth/callback/'
# The following should NOT be changed if you are using Github as OAuth provider.
OAUTH_PROVIDER_DOMAIN = 'github.com'
OAUTH_AUTHORIZATION_URL = 'https://github.com/login/oauth/authorize'
OAUTH_TOKEN_URL = 'https://github.com/login/oauth/access_token'
OAUTH_USER_INFO_URL = 'https://api.github.com/user'
OAUTH_SCOPE = ["user",]
OAUTH_ATTRIBUTE_MAP = {
"id": (True, "email"),
"name": (False, "name"),
"email": (False, "contact_email"),
}
```
###### Sample settings for Google:
```
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = True
OAUTH_CLIENT_ID = "your-client-id"
OAUTH_CLIENT_SECRET = "your-client-secret"
OAUTH_REDIRECT_URL = 'http{s}://your-domain.com/oauth/callback/'
# The following shoud NOT be changed if you are using Google as OAuth provider.
OAUTH_PROVIDER_DOMAIN = 'google.com'
OAUTH_AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth'
OAUTH_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token'
OAUTH_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v1/userinfo'
OAUTH_SCOPE = [
"https://www.googleapis.com/auth/userinfo.email",
]
OAUTH_ATTRIBUTE_MAP = {
"id": (True, "email"),
"name": (False, "name"),
"email": (False, "contact_email"),
}
```
For some system, like Github, `email` is not the unique identifier for an user, but `id` is in most cases, so we use `id` as settings example in our manual. As Seafile uses email to identify an unique user account for now, so we combine `id` and OAUTH_PROVIDER_DOMAIN, which is google.com in your case, to an email format string and then create this account if not exist. If you want to use `email` info from Google, just change the setting as followings:
```
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = True
OAUTH_CLIENT_ID = "your-client-id"
OAUTH_CLIENT_SECRET = "your-client-secret"
OAUTH_REDIRECT_URL = 'http{s}://your-domain.com/oauth/callback/'
# The following shoud NOT be changed if you are using Google as OAuth provider.
OAUTH_PROVIDER_DOMAIN = 'google.com'
OAUTH_AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth'
OAUTH_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token'
OAUTH_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v1/userinfo'
OAUTH_SCOPE = [
"https://www.googleapis.com/auth/userinfo.email",
]
OAUTH_ATTRIBUTE_MAP = {
"email": (True, "email"),
"name": (False, "name"),
}
```
To enable OAuth via GitLab. Create an application in GitLab (under Admin area->Applications).
Fill in required fields:
- Name: a name you specify
- Redirect URI: The callback url see below `OAUTH_REDIRECT_URL`
- Trusted: Skip confirmation dialog page. Select this to *not* ask the user if he wants to authorize seafile to receive access to his/her account data.
- Scopes: Select `openid` and `read_user` in the scopes list.
Press submit and copy the client id and secret you receive on the confirmation page and use them in this template for your seahub_settings.py:
```
ENABLE_OAUTH = True
OAUTH_CLIENT_ID = "your-client-id"
OAUTH_CLIENT_SECRET = "your-client-secret"
OAUTH_REDIRECT_URL = "https://your-seafile/oauth/callback/"
OAUTH_PROVIDER_DOMAIN = 'your-domain'
OAUTH_AUTHORIZATION_URL = 'https://gitlab.your-domain/oauth/authorize'
OAUTH_TOKEN_URL = 'https://gitlab.your-domain/oauth/token'
OAUTH_USER_INFO_URL = 'https://gitlab.your-domain/api/v4/user'
OAUTH_SCOPE = ["openid", "read_user"]
OAUTH_ATTRIBUTE_MAP = {
"email": (True, "email"),
"name": (False, "name")
}
```
For users of Azure Cloud, as there is no `id` field returned from Azure Cloud's user info endpoint, so we use a special configuration for `OAUTH_ATTRIBUTE_MAP` setting (others are the same as Github/Google):
```
OAUTH_ATTRIBUTE_MAP = {
"email": (True, "email"),
"id": (False, "not used"),
"name": (False, "name")
}
```
Please see [this tutorial](https://forum.seafile.com/t/oauth-authentification-against-microsoft-office365-azure-cloud/7999) for the complete deployment process of OAuth against Azure Cloud.

500
manual/deploy/only_office.md Normal file
View file

@ -0,0 +1,500 @@
# OnlyOffice
From version 6.1.0+ on (including CE), Seafile supports [OnlyOffice](https://www.onlyoffice.com/) to view/edit office files online. In order to use OnlyOffice, you must first deploy an OnlyOffice server.
You can deploy OnlyOffice and Seafile in the same machine with same domain or using two separate machines with two different domains.
In a cluster setup we recommend a dedicated DocumentServer host or a DocumentServer Cluster on a different subdomain.
## Deployment of OnlyOffice
For a quick and easy installation, we suggest you use [ONLYOFFICE/Docker-DocumentServer](https://github.com/ONLYOFFICE/Docker-DocumentServer).
### Test that OnlyOffice is running
After the installation process is finished, visit this page to make sure you have deployed OnlyOffice successfully: `http{s}://{your OnlyOffice server's domain or IP}/welcome`, you will get **Document Server is running** info at this page.
### Configure OnlyOffice to automatically save
When open file with OnlyOffice, OnlyOffice will only send a file save request to Seafile after the user closes the page. If the user does not close the page for a long time, the user's changes to the file will not be saved on the Seafile.
You can now set up automatic save by changing the configuration of OnlyOffice.
1. Go to the container of onlyoffice/documentserver.
2. Open the OnlyOffice configuration file: `/etc/onlyoffice/documentserver/local.json`
3. Add this configuration:
```
{
"services": {
"CoAuthoring": {
"autoAssembly": {
"enable": true,
"interval": "5m"
}
}
}
}
```
4. Restart OnlyOffice: `supervisorctl restart all`
You can get more info in OnlyOffice's official document: https\://api.onlyoffice.com/editors/save
### Configure OnlyOffice to use JWT Secret
JWT secret can be used to secure your OnlyOffice server so other people will not be able to use it.Since 7.1.2
To enable this feature, you should:
1. Install a python moduel.
```
pip install pyjwt
```
2. Config seahub_settings.py:
```
ONLYOFFICE_JWT_SECRET = 'your secret string'
```
3. Configure OnlyOffice Document server, add your secret string to `/etc/onlyoffice/documentserver/local.json`
```
...
{
"services": {
"CoAuthoring": {
...
"secret": {
"inbox": {
"string": "your secret string"
},
"outbox": {
"string": "your secret string"
},
},
"token": {
"enable": {
"browser": true,
"request": {
"inbox": true,
"outbox": true
}
}
}
...
}
}
}
...
```
For more information you can check the official documentation: <https://api.onlyoffice.com/editors/signature/>
4. Restart OnlyOffice: `supervisorctl restart all`
**NOTE**To avoid the problem of having to change the configuration file every time the _documentserver_ container is restarted, you can create a locally persistent configuration file `local-production-linux.json` and mount it into _documentserver_ container :
```
-v /local/path/to/local-production-linux.json:/etc/onlyoffice/documentserver/local-production-linux.json
```
## Configure Seafile Server
> For OnlyOffice is deployed in a separate machine with a different domain.
Add the following config option to `seahub_settings.py`.
```python
# Enable Only Office
ENABLE_ONLYOFFICE = True
VERIFY_ONLYOFFICE_CERTIFICATE = False
ONLYOFFICE_APIJS_URL = 'http{s}://{your OnlyOffice server's domain or IP}/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods')
ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx')
```
Then restart the Seafile Server
```
./seafile.sh restart
./seahub.sh restart
# or
service seafile-server restart
```
When you click on a document you should see the new preview page.
## Config Seafile and OnlyOffice in the same machine
When you want to deploy OnlyOffice and Seafile on the same server, Seafile should be deployed at the root URL while OnlyOffice should be deployed using a subfolder URL.
URL example for OnlyOffice: <https://seafile.domain.com/onlyofficeds>
**Do NOT CHANGE the SUBFOLDER if not absolutely required for some reason!**
**The subfolder page is only important for communication between Seafile and the DocumentServer, there is nothing except the welcome page (e.g. no overview or settings). Users will need access to it though for the OnlyOffice document server editor to work properly.**
**`/onlyoffice/`****\*\***\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\*\* cannot be used as subfolder as this path is used for communication between Seafile and Document Server !\*\*
### Configure Webserver
#### Configure Nginx
**Variable mapping**
Add the following configuration to your seafile nginx conf file (e.g. `/etc/ngnix/conf.d/seafile.conf`) out of the `server` directive. These variables are to be defined for the DocumentServer to work in a subfolder.
```
# Required for only office document server
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $host;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
```
**Proxy server settings subfolder**
Add the following configuration to your seafile nginx .conf file (e.g. `/etc/ngnix/conf.d/seafile.conf`) within the `server` directive.
```
...
location /onlyofficeds/ {
# THIS ONE IS IMPORTANT ! - Trailing slash !
proxy_pass http://{your Seafile server's domain or IP}:88/;
proxy_http_version 1.1;
client_max_body_size 100M; # Limit Document size to 100MB
proxy_read_timeout 3600s;
proxy_connect_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
# THIS ONE IS IMPORTANT ! - Subfolder and NO trailing slash !
proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
...
```
#### Configure Apache
_BETA - Requires further testing!_
Add the following configuration to your seafile apache config file (e.g. `sites-enabled/seafile.conf`) **outside** the `<VirtualHost >` directive.
```
...
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
<IfModule unixd_module>
User daemon
Group daemon
</IfModule>
...
```
Add the following configuration to your seafile apache config file (e.g. `sites-enabled/seafile.conf`) **inside** the `<VirtualHost >` directive at the end.
```
...
Define VPATH /onlyofficeds
Define DS_ADDRESS {your Seafile server's domain or IP}:88
...
<Location ${VPATH}>
Require all granted
SetEnvIf Host "^(.*)$" THE_HOST=$1
RequestHeader setifempty X-Forwarded-Proto http
RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
RequestHeader edit X-Forwarded-Host (.*) $1${VPATH}
ProxyAddHeaders Off
ProxyPass "http://${DS_ADDRESS}/"
ProxyPassReverse "http://${DS_ADDRESS}/"
</Location>
...
```
### Test that DocumentServer is running via SUBFOLDER
After the installation process is finished, visit this page to make sure you have deployed OnlyOffice successfully: `http{s}://{your Seafile Server's domain or IP}/{your subdolder}/welcome`, you will get **Document Server is running** info at this page.
### Configure Seafile Server for SUBFOLDER
Add the following config option to `seahub_settings.py`:
```python
# Enable Only Office
ENABLE_ONLYOFFICE = True
VERIFY_ONLYOFFICE_CERTIFICATE = True
ONLYOFFICE_APIJS_URL = 'http{s}://{your Seafile server's domain or IP}/{your subdolder}/web-apps/apps/api/documents/api.js'
ONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods')
ONLYOFFICE_EDIT_FILE_EXTENSION = ('docx', 'pptx', 'xlsx')
```
Then restart the Seafile Server
```
./seafile.sh restart
./seahub.sh restart
# or
service seafile-server restart
```
When you click on a document you should see the new preview page.
### Complete Nginx config EXAMPLE
Complete nginx config file (e.g. `/etc/nginx/conf.d/seafile.conf`) based on Seafile Server V6.1 including OnlyOffice DocumentServer via subfolder.
```
# Required for OnlyOffice DocumentServer
map $http_x_forwarded_proto $the_scheme {
default $http_x_forwarded_proto;
"" $scheme;
}
map $http_x_forwarded_host $the_host {
default $http_x_forwarded_host;
"" $host;
}
map $http_upgrade $proxy_connection {
default upgrade;
"" close;
}
server {
listen 80;
server_name seafile.domain.com;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
server_tokens off;
}
server {
listen 443 http2;
ssl on;
ssl_certificate /etc/ssl/cacert.pem; # path to your cacert.pem
ssl_certificate_key /etc/ssl/privkey.pem; # path to your privkey.pem
server_name seafile.domain.com;
proxy_set_header X-Forwarded-For $remote_addr;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
server_tokens off;
#
# seahub
#
location / {
fastcgi_pass 127.0.0.1:8000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
fastcgi_read_timeout 36000;
client_max_body_size 0;
}
#
# seafile
#
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://127.0.0.1:8082;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
location /media {
root /home/user/haiwen/seafile-server-latest/seahub;
}
#
# seafdav (webdav)
#
location /seafdav {
fastcgi_pass 127.0.0.1:8080;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param HTTPS on;
client_max_body_size 0;
access_log /var/log/nginx/seafdav.access.log;
error_log /var/log/nginx/seafdav.error.log;
}
#
# onlyofficeds
#
location /onlyofficeds/ {
# IMPORTANT ! - Trailing slash !
proxy_pass http://127.0.0.1:88/;
proxy_http_version 1.1;
client_max_body_size 100M; # Limit Document size to 100MB
proxy_read_timeout 3600s;
proxy_connect_timeout 3600s;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $proxy_connection;
# IMPORTANT ! - Subfolder and NO trailing slash !
proxy_set_header X-Forwarded-Host $the_host/onlyofficeds;
proxy_set_header X-Forwarded-Proto $the_scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
```
### Complete Apache config EXAMPLE
_BETA - Requires further testing!_
```
LoadModule authn_core_module modules/mod_authn_core.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule unixd_module modules/mod_unixd.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule headers_module modules/mod_headers.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
<IfModule unixd_module>
User daemon
Group daemon
</IfModule>
<VirtualHost *:80>
ServerName seafile.domain.com
ServerAlias domain.com
Redirect permanent / https://seafile.domain.com
</VirtualHost>
<VirtualHost *:443>
ServerName seafile.domain.com
DocumentRoot /var/www
SSLEngine On
SSLCertificateFile /etc/ssl/cacert.pem
SSLCertificateKeyFile /etc/ssl/privkey.pem
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_Apache2.html
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
SSLProtocol All -SSLv2 -SSLv3
SSLCompression off
SSLHonorCipherOrder on
Alias /media /home/user/haiwen/seafile-server-latest/seahub/media
<Location /media>
Require all granted
</Location>
RewriteEngine On
#
# seafile fileserver
#
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
#
# seahub
#
SetEnvIf Request_URI . proxy-fcgi-pathinfo=unescape
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPreserveHost On
ProxyPass / fcgi://127.0.0.1:8000/
#
# onlyofficeds
#
Define VPATH /onlyofficeds
Define DS_ADDRESS {your Seafile server's domain or IP}:88
<Location ${VPATH}>
Require all granted
SetEnvIf Host "^(.*)$" THE_HOST=$1
RequestHeader setifempty X-Forwarded-Proto http
RequestHeader setifempty X-Forwarded-Host %{THE_HOST}e
RequestHeader edit X-Forwarded-Host (.*) $1${VPATH}
ProxyAddHeaders Off
ProxyPass "http://${DS_ADDRESS}/"
ProxyPassReverse "http://${DS_ADDRESS}/"
</Location>
</VirtualHost>
```

63
manual/deploy/remote_user.md Normal file
View file

@ -0,0 +1,63 @@
# SSO using Remote User
Starting from 7.0.0, Seafile can integrate with various Single Sign On systems via a proxy server. Examples include Apache as Shibboleth proxy, or LemonLdap as a proxy to LDAP servers, or Apache as Kerberos proxy. Seafile can retrieve user information from special request headers (HTTP_REMOTE_USER, HTTP_X_AUTH_USER, etc.) set by the proxy servers.
After the proxy server (Apache/Nginx) is successfully authenticated, the user information is set to the request header, and Seafile creates and logs in the user based on this information.
Note: Make sure that the proxy server has a corresponding security mechanism to protect against forgery request header attacks.
Please add the following settings to `conf/seahub_settings.py` to enable this feature.
```
ENABLE_REMOTE_USER_AUTHENTICATION = True
# Optional, HTTP header, which is configured in your web server conf file,
# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.
REMOTE_USER_HEADER = 'HTTP_REMOTE_USER'
# Optional, when the value of HTTP_REMOTE_USER is not a valid email address
# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'
# and this domain, e.g. user1@example.com.
REMOTE_USER_DOMAIN = 'example.com'
# Optional, whether to create new user in Seafile system, default value is True.
# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.
# The admin has to first import the users from external systems like LDAP.
REMOTE_USER_CREATE_UNKNOWN_USER = True
# Optional, whether to activate new user in Seafile system, default value is True.
# If this setting is disabled, user will be unable to login by default.
# the administrator needs to manually activate this user.
REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True
# Optional, map user attribute in HTTP header and Seafile's user attribute.
REMOTE_USER_ATTRIBUTE_MAP = {
'HTTP_DISPLAYNAME': 'name',
'HTTP_MAIL': 'contact_email',
# for user info
"HTTP_GIVENNAME": 'givenname',
"HTTP_SN": 'surname',
"HTTP_ORGANIZATION": 'institution',
# for user role
'HTTP_Shibboleth-affiliation': 'affiliation',
}
# Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP,
# it is not restricted to Shibboleth
SHIBBOLETH_AFFILIATION_ROLE_MAP = {
'employee@uni-mainz.de': 'staff',
'member@uni-mainz.de': 'staff',
'student@uni-mainz.de': 'student',
'employee@hu-berlin.de': 'guest',
'patterns': (
('*@hu-berlin.de', 'guest1'),
('*@*.de', 'guest2'),
('*', 'guest'),
),
}
```
Then restart Seafile.

259
manual/deploy/server.md Normal file
View file

@ -0,0 +1,259 @@
# Seafile
## Server
This manual explains how to setup and run Seafile server from a pre-built package.
## Platform Support
- Generic Linux
- including Raspberry Pi
- Windows
## Download
Visit [our download page](http://www.seafile.com/en/download), download the latest server package.
```
#check if your system is x86 (32bit) or x86_64 (64 bit)
uname -m
```
## Deploying and Directory Layout
NOTE: If you place the Seafile data directory in external storage, such as NFS, CIFS mount, you should not use SQLite as the database, but use MySQL instead. Please follow [https://github.com/haiwen/seafile/wiki/Download-and-Setup-Seafile-Server-with-MySQL this manual] to setup Seafile server.
Supposed your organization's name is "haiwen", and you've downloaded seafile-server_1.4.0_* into your home directory.
We suggest you to layout your deployment as follows :
```
mkdir haiwen
mv seafile-server_* haiwen
cd haiwen
# after moving seafile-server_* to this directory
tar -xzf seafile-server_*
mkdir installed
mv seafile-server_* installed
```
Now you should have the following directory layout
```
# tree . -L 2
.
├── installed
│   └── seafile-server_1.4.0_x86-64.tar.gz
└── seafile-server-1.4.0
├── reset-admin.sh
├── runtime
├── seafile
├── seafile.sh
├── seahub
├── seahub.sh
├── setup-seafile.sh
└── upgrade
```
'''The benefit of this layout is that'''
* We can place all the config files for Seafile server inside "haiwen" directory, making it easier to manage.
* When you upgrade to a new version of Seafile, you can simply untar the latest package into "haiwen" directory. ''In this way you can reuse the existing config files in "haiwen" directory and don't need to configure again''.
## Setting Up Seafile Server
#### Prerequisites
The Seafile server package requires the following packages have been installed in your system
* python 2.6.5+ or 2.7
* python-setuptools
* python-simplejson
* sqlite3
```
#on Debian
apt-get update
apt-get install python2.7 python-setuptools python-simplejson sqlite3
pip install Pillow==4.3.0
```
#### Setup
```
cd seafile-server-*
./setup-seafile.sh #run the setup script & answer prompted questions
```
If some of the prerequisites are not installed, the seafile initialization script will ask you to install them.
[[images/server-setup.png|You'll see these outputs when you run the setup script]]
The script will guide you through the settings of various configuration options.
{| border="1" cellspacing="0" cellpadding="5" align="center"
|+ Seafile configuration options
! Option
! Description
! Note
|-
| server name
| Name of this seafile server
| 3-15 characters, only English letters, digits and underscore ('_') are allowed
|-
| server ip or domain
| The IP address or domain name used by this server
| Seafile client program will access the server with this address
|-
| ccnet server port
| The TCP port used by ccnet, the underlying networking service of Seafile
| Default is 10001. If it's been used by other service, you can set it to another port.
|-
| seafile data dir
| Seafile stores your data in this directory. By default it'll be placed in the current directory.
| The size of this directory will increase as you put more and more data into Seafile. Please select a disk partition with enough free space.
|-
| seafile server port
| The TCP port used by Seafile to transfer data
| Default is 12001. If it's been used by other service, you can set it to another port.
|-
| fileserver port
| The TCP port used by Seafile fileserver
| Default is 8082. If it's been used by other service, you can set it to another port.
|-
|}
If the setup is successful, you'll see the following output
[[images/server-setup-successfully.png]]
Now you should have the following directory layout :
```
#tree haiwen -L 2
haiwen
├── ccnet # configuration files
│   ├── ccnet.conf
│   ├── mykey.peer
│   ├── PeerMgr
│   └── seafile.ini
├── installed
│   └── seafile-server_1.4.0_x86-64.tar.gz
├── seafile-data
│   └── seafile.conf
├── seafile-server-1.4.0 # active version
│   ├── reset-admin.sh
│   ├── runtime
│   ├── seafile
│   ├── seafile.sh
│   ├── seahub
│   ├── seahub.sh
│   ├── setup-seafile.sh
│   └── upgrade
├── seafile-server-latest # symbolic link to seafile-server-1.4.0
├── seahub-data
│   └── avatars
├── seahub.db
├── seahub_settings.py # optional config file
└── seahub_settings.pyc
```
The folder `seafile-server-latest` is a symbolic link to the current seafile server folder. When later you upgrade to a new version, the upgrade scripts would update this link to keep it always point to the latest seafile server folder.
## Running Seafile Server
#### Before Running
Since Seafile uses persistent connection between client and server, if you have '''a large number of clients ''', you should increase Linux file descriptors by ulimit before start seafile, like:
```
ulimit -n 30000
```
#### Starting Seafile Server and Seahub Website
Under seafile-server-1.4.0 directory, run the following commands
* Start seafile:
```
./seafile.sh start # Start seafile service
```
* Start seahub
```
./seahub.sh start <port> # Start seahub website, port defaults to 8000
```
'''Note:''' The first time you start seahub, the script would prompt you to create an admin account for your seafile server.
After starting the services, you may open a web browser and types
```
http://192.168.1.111:8000/
```
you will be redirected to the Login page. Enter the username and password you were provided during the Seafile setup. You will then be returned to the `Myhome` page where you can create libraries.
'''Congratulations!''' Now you have successfully setup your private Seafile server.
#### Run Seahub on another port
If you want to run seahub in a port other than the default 8000, say 8001, you must:
* stop the seafile server
```
./seahub.sh stop
./seafile.sh stop
```
* modify the value of `SERVICE_URL` in the file [ccnet.conf](../config/ccnet-conf.md), like this: (assume your ip or domain is `192.168.1.100`)
```
SERVICE_URL = http://192.168.1.100:8001
```
* restart seafile server
```
./seafile.sh start
./seahub.sh start 8001
```
see [[Seafile server configuration options]] for more details about `ccnet.conf`.
## Stopping and Restarting Seafile and Seahub
#### Stopping
```
./seahub.sh stop # stop seahub website
./seafile.sh stop # stop seafile processes
```
#### Restarting
```
./seafile.sh restart
./seahub.sh restart
```
#### When the Scripts Fail
Most of the time, seafile.sh and seahub.sh work fine. But if they fail, you may
* Use '''pgrep''' command to check if seafile/seahub processes are still running
```
pgrep -f seafile-controller # check seafile processes
pgrep -f "manage.py run_gunicorn" # check seahub process
```
* Use '''pkill''' to kill the processes
```
pkill -f seafile-controller
pkill -f "manage.py run_gunicorn"
```
## That's it!
That's it! Now you may want read more about seafile.
* [[Seafile-server-management|How to manage the server]].

192
manual/deploy/server_configuration.md Normal file
View file

@ -0,0 +1,192 @@
# Server Configuration and Customization
**Note**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md).
This manual explains how to change various config options for Seafile server.
There are three config files in the community edition:
- [ccnet.conf](../config/ccnet-conf.md): contains the network settings
- [seafile.conf](../config/seafile-conf.md): contains settings for seafile daemon and FileServer.
- [seahub_settings.py](../config/seahub_settings_py.md): contains settings for Seahub
There is one additional config file in the pro edition:
- `seafevents.conf`: contains settings for ccnet/ccnet.search and documents preview
## Storage Quota Setting (seafile.conf)
You may set a default quota (e.g. 2GB) for all users. To do this, just add the following lines to `seafile.conf` file
```
[quota]
# default user quota in GB, integer only
default = 2
```
This setting applies to all users. If you want to set quota for a specific user, you may log in to seahub website as administrator, then set it in "System Admin" page.
## Default history length limit (seafile.conf)
If you don't want to keep all file revision history, you may set a default history length limit for all libraries.
```
[history]
keep_days = days of history to keep
```
## Seafile fileserver configuration (seafile.conf)
The configuration of seafile fileserver is in the `[fileserver]` section of the file `seafile.conf`
```
[fileserver]
# binding host for fileserver
host = 0.0.0.0
# tcp port for fileserver
port = 8082
```
Change upload/download settings.
```
[fileserver]
# Set maximum upload file size to 200M.
max_upload_size=200
# Set maximum download directory size to 200M.
max_download_dir_size=200
```
**Note**: You need to restart seafile and seahub so that your changes take effect.
```
./seahub.sh restart
./seafile.sh restart
```
## Seahub Configurations (seahub_settings.py)
#### Sending Email Notifications on Seahub
A few features work better if it can send email notifications, such as notifying users about new messages.
If you want to setup email notifications, please add the following lines to seahub_settings.py (and set your email server).
See [Django email documentation](https://docs.djangoproject.com/en/1.10/topics/email/) for the full description of these variables.
```
EMAIL_USE_TLS = False
EMAIL_HOST = 'smtp.example.com' # smpt server
EMAIL_HOST_USER = 'username@example.com' # smtp authentication username
EMAIL_HOST_PASSWORD = 'password' # smtp authentication password
EMAIL_PORT = '25'
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER # value of email's From: field
SERVER_EMAIL = EMAIL_HOST_USER # error-reporting emails' From: field
```
If you are using Gmail as email server, use following lines:
```
EMAIL_USE_TLS = True
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_USER = 'username@gmail.com'
EMAIL_HOST_PASSWORD = 'password'
EMAIL_PORT = 587
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
SERVER_EMAIL = EMAIL_HOST_USER
```
**Note**: If your Email service still can not work, you may checkout the log file `logs/seahub.log` to see what may cause the problem. For complete email notification list, please refer to [Email notification list](../config/customize_email_notifications.md).
**Note2**: If you want to use the Email service without authentication leaf `EMAIL_HOST_USER` and `EMAIL_HOST_PASSWORD` **blank** (`''`). (But notice that the emails then will be sent without a `From:` address.)
#### Cache
Seahub caches items(avatars, profiles, etc) on file system by default(/tmp/seahub_cache/). You can replace with Memcached (you have to install python-memcache first).
```
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
```
#### Seahub Settings
You may change seahub website's settings by adding variables in `seahub_settings.py`.
```
# Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
# although not all choices may be available on all operating systems.
# If running in a Windows environment this must be set to the same as your
# system time zone.
TIME_ZONE = 'UTC'
# Set this to seahub website's URL. This URL is contained in email notifications.
SITE_BASE = 'http://www.example.com/'
# Set this to your website's name. This is contained in email notifications.
SITE_NAME = 'example.com'
# Set seahub website's title
SITE_TITLE = 'Seafile'
# If you don't want to run seahub website on your site's root path, set this option to your preferred path.
# e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/.
SITE_ROOT = '/'
# Whether to use pdf.js to view pdf files online. Default is `True`, you can turn it off.
# NOTE: since version 1.4.
USE_PDFJS = True
# Enalbe or disalbe registration on web. Default is `False`.
# NOTE: since version 1.4.
ENABLE_SIGNUP = False
# Activate or deactivate user when registration complete. Default is `True`.
# If set to `False`, new users need to be activated by admin in admin panel.
# NOTE: since version 1.8
ACTIVATE_AFTER_REGISTRATION = False
# Whether to send email when a system admin adding a new member. Default is `True`.
# NOTE: since version 1.4.
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True
# Whether to send email when a system admin resetting a user's password. Default is `True`.
# NOTE: since version 1.4.
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True
# Hide `Organization` tab.
# If you want your private seafile behave exactly like https://cloud.seafile.com/, you can set this flag.
CLOUD_MODE = True
# Online preview maximum file size, defaults to 30M.
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024
# Age of cookie, in seconds (default: 2 weeks).
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2
# Whether to save the session data on every request.
SESSION_SAVE_EVERY_REQUEST = False
# Whether a user's session cookie expires when the Web browser is closed.
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
# Using server side crypto by default, otherwise, let user choose crypto method.
FORCE_SERVER_CRYPTO = True
```
**Note**:
* You need to restart seahub so that your changes take effect.
* If your changes don't take effect, You may need to delete 'seahub_setting.pyc'. (A cache file)
```
./seahub.sh restart
```

201
manual/deploy/shibboleth_config.md Normal file
View file

@ -0,0 +1,201 @@
> This document is for Seafile Server version lower than 6.3, if the server version is 6.3 or above, please refer to [this document](https://manual.seafile.com/deploy/shibboleth_config_v6.3.html).
## Overview
[Shibboleth](https://shibboleth.net/) is a widely used single sign on (SSO) protocol. Seafile server (Community Edition >= 4.1.0, Pro Edition >= 4.0.6) supports authentication via Shibboleth. It allows users from another organization to log in to Seafile without registering an account on the service provider.
In this documentation, we assume the reader is familiar with Shibboleth installation and configuration. For introduction to Shibboleth concepts, please refer to <https://wiki.shibboleth.net/confluence/display/SHIB2/UnderstandingShibboleth> .
Shibboleth Service Provider (SP) should be installed on the same server as the Seafile server. The official SP from <https://shibboleth.net/> is implemented as an Apache module. The module handles all Shibboleth authentication details. Seafile server receives authentication information (username) from fastcgi. The username then can be used as login name for the user.
Seahub provides a special URL to handle Shibboleth login. The URL is `https://your-server/shib-login`. Only this URL needs to be configured under Shibboleth protection. All other URLs don't go through the Shibboleth module. The overall workflow for a user to login with Shibboleth is as follows:
1. In the Seafile login page, there is a separate "Shibboleth" login button. When the user clicks the button, she/he will be redirected to `https://your-server/shib-login`.
2. Since that URL is controlled by Shibboleth, the user will be redirected to IdP for login. After the user logs in, she/he will be redirected back to `https://your-server/shib-login`.
3. This time the Shibboleth module passes the request to Seahub. Seahub reads the user information from the request and brings the user to her/his home page.
4. All later access to Seahub will not pass through the Shibboleth module. Since Seahub keeps session information internally, the user doesn't need to login again until the session expires.
Since Shibboleth support requires Apache, if you want to use Nginx, you need two servers, one for non-Shibboleth access, another configured with Apache to allow Shibboleth login. In a cluster environment, you can configure your load balancer to direct traffic to different server according to URL. Only the URL `https://your-server/shib-login` needs to be directed to Apache.
The configuration includes 3 steps:
1. Install and configure Shibboleth Service Provider;
2. Configure Apache;
3. Configure Seahub.
## Install and Configure Shibboleth Service Provider
Installation and configuration of Shibboleth is out of the scope of this documentation. Here are a few references:
* For RedHat and SUSE: <https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPLinuxInstall>
* For Ubuntu: <http://bradleybeddoes.com/2011/08/12/installing-a-shibboleth-2-sp-in-ubuntu-11-04-within-virtualbox/>
Please note that you don't have to follow the Apache configurations in the above links. Just use the Apache config we provide in the next section.
## Apache Configuration
You should create a new virtual host configuration for Shibboleth.
```
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName seafile.example.com
DocumentRoot /var/www
#Alias /seafmedia /home/ubuntu/dev/seahub/media
Alias /media /home/user/seafile-server-latest/seahub/media
ErrorLog ${APACHE_LOG_DIR}/seahub.error.log
CustomLog ${APACHE_LOG_DIR}/seahub.access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl-cert.pem
SSLCertificateKeyFile /path/to/ssl-key.pem
<Location /Shibboleth.sso>
SetHandler shib
</Location>
<Location /api2>
AuthType None
Require all granted
Allow from all
satisfy any
</Location>
RewriteEngine On
<Location /media>
Require all granted
</Location>
<Location /shib-login>
AuthType shibboleth
ShibRequestSetting requireSession true
Require valid-user
</Location>
#
# seafile fileserver
#
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
#
# seahub
#
RewriteRule ^/(media.*)$ /$1 [QSA,L,PT]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/Shibboleth.sso
ProxyPreserveHost On
RewriteRule ^(.*)$ /seahub.fcgi$1 [QSA,L,E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</VirtualHost>
</IfModule>
```
After restarting Apache, you should be able to get the Service Provider metadata by accessing <https://seafile.example.com/Shibboleth.sso/Metadata> . This metadata should be uploaded to the Identity Provider (IdP) server.
## Configure Seahub
Seahub extracts the username from the `REMOTE_USER` environment variable. So you should modify your SP's shibboleth2.xml (/etc/shibboleth/shibboleth2.xml on Ubuntu) config file, so that Shibboleth translates your desired attribute into `REMOTE_USER` environment variable.
```
<ApplicationDefaults entityID="https://your-server/shibboleth"
REMOTE_USER="xxxx">
```
In Seafile, only one of the following two attributes can be used for username: `eppn`, and `mail`. `eppn` stands for "Edu Person Principal Name". It is usually the UserPrincipalName attribute in Active Directory. It's not necessarily a valid email address. `mail` is the user's email address. You should set `REMOTE_USER` to either one of these attributes.
Now we have to tell Seahub how to do with the authentication information passed in by Shibboleth.
Add the following configuration to seahub_settings.py.
```
EXTRA_AUTHENTICATION_BACKENDS = (
'shibboleth.backends.ShibbolethRemoteUserBackend',
)
EXTRA_MIDDLEWARE_CLASSES = (
'shibboleth.middleware.ShibbolethRemoteUserMiddleware',
)
ENABLE_SHIB_LOGIN = True
SHIBBOLETH_ATTRIBUTE_MAP = {
# Change eppn to mail if you use mail attribute for REMOTE_USER
"eppn": (False, "username"),
}
```
Since version 5.0, Seahub can process additional user attributes from Shibboleth. These attributes are saved into Seahub's database, as user's properties. They're all not mandatory. The internal user properties Seahub now supports are:
* givenname
* surname
* contact_email: used for sending notification email to user if username is not a valid email address (like eppn).
* institution: used to identify user's institution
You can specify the mapping between Shibboleth attributes and Seahub's user properties in seahub_settings.py:
```
SHIBBOLETH_ATTRIBUTE_MAP = {
"eppn": (False, "username"),
"givenname": (False, "givenname"),
"sn": (False, "surname"),
"mail": (False, "contact_email"),
"organization": (False, "institution"),
}
```
In the above config, the hash key is Shibboleth attribute name, the second element in the hash value is Seahub's property name. You can adjust the Shibboleth attribute name for your own needs. **_Note that you may have to change attribute-map.xml in your Shibboleth SP, so that the desired attributes are passed to Seahub. And you have to make sure the IdP sends these attributes to the SP._**
Since version 5.1.1, we added an option `SHIB_ACTIVATE_AFTER_CREATION` (defaults to `True`) which control the user status after shibboleth connection. If this option set to `False`, user will be inactive after connection, and system admins will be notified by email to activate that account.
### Affiliation and user role
Shibboleth has a field called affiliation. It is a list like: `employee@uni-mainz.de;member@uni-mainz.de;faculty@uni-mainz.de;staff@uni-mainz.de.`
Since version 6.0.7 pro, we are able to set user role from Shibboleth. Details about user role, please refer to <https://download.seafile.com/published/seafile-manual/deploy_pro/roles_permissions.md>
To enable this, modify `SHIBBOLETH_ATTRIBUTE_MAP` above and add `Shibboleth-affiliation` field, you may need to change `Shibboleth-affiliation` according to your Shibboleth SP attributes.
```
SHIBBOLETH_ATTRIBUTE_MAP = {
"eppn": (False, "username"),
"givenname": (False, "givenname"),
"sn": (False, "surname"),
"mail": (False, "contact_email"),
"organization": (False, "institution"),
"Shibboleth-affiliation": (False, "affiliation"),
}
```
Then add new config to define affiliation role map,
```
SHIBBOLETH_AFFILIATION_ROLE_MAP = {
'employee@uni-mainz.de': 'staff',
'member@uni-mainz.de': 'staff',
'student@uni-mainz.de': 'student',
'employee@hu-berlin.de': 'guest',
# Since 6.1.7 pro, we support wildcards matching.
'patterns': (
('*@hu-berlin.de', 'guest1'),
('*@*.de', 'guest2'),
('*', 'guest'),
),
}
```
After Shibboleth login, Seafile should calcualte user's role from affiliation and SHIBBOLETH_AFFILIATION_ROLE_MAP.
## Verify
After restarting Apache and Seafile services, you can then test the shibboleth login workflow.

312
manual/deploy/shibboleth_config_v6.3.md Normal file
View file

@ -0,0 +1,312 @@
> This document is for Seafile Server version 6.3 or above, if the server version is lower than 6.3, please refer to [this document](https://manual.seafile.com/deploy/shibboleth_config.html).
## Overview
[Shibboleth](https://shibboleth.net/) is a widely used single sign on (SSO) protocol. Seafile supports authentication via Shibboleth. It allows users from another organization to log in to Seafile without registering an account on the service provider.
In this documentation, we assume the reader is familiar with Shibboleth installation and configuration. For introduction to Shibboleth concepts, please refer to <https://wiki.shibboleth.net/confluence/display/SHIB2/UnderstandingShibboleth> .
Shibboleth Service Provider (SP) should be installed on the same server as the Seafile server. The official SP from <https://shibboleth.net/> is implemented as an Apache module. The module handles all Shibboleth authentication details. Seafile server receives authentication information (username) from HTTP request. The username then can be used as login name for the user.
Seahub provides a special URL to handle Shibboleth login. The URL is `https://your-seafile-domain/sso`. Only this URL needs to be configured under Shibboleth protection. All other URLs don't go through the Shibboleth module. The overall workflow for a user to login with Shibboleth is as follows:
1. In the Seafile login page, there is a separate "Single Sign-On" login button. When the user clicks the button, she/he will be redirected to `https://your-seafile-domain/sso`.
2. Since that URL is controlled by Shibboleth, the user will be redirected to IdP for login. After the user logs in, she/he will be redirected back to `https://your-seafile-domain/sso`.
3. This time the Shibboleth module passes the request to Seahub. Seahub reads the user information from the request(`HTTP_REMOTE_USER` header) and brings the user to her/his home page.
4. All later access to Seahub will not pass through the Shibboleth module. Since Seahub keeps session information internally, the user doesn't need to login again until the session expires.
Since Shibboleth support requires Apache, if you want to use Nginx, you need two servers, one for non-Shibboleth access, another configured with Apache to allow Shibboleth login. In a cluster environment, you can configure your load balancer to direct traffic to different server according to URL. Only the URL `https://your-seafile-domain/sso` needs to be directed to Apache.
The configuration includes 3 steps:
1. Install and configure Shibboleth Service Provider;
2. Configure Apache;
3. Configure Seahub.
## Install and Configure Shibboleth Service Provider
We use CentOS 7 as example.
#### Configure Apache
You should create a new virtual host configuration for Shibboleth. And then restart Apache.
```
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName your-seafile-domain
DocumentRoot /var/www
Alias /media /opt/seafile/seafile-server-latest/seahub/media
ErrorLog ${APACHE_LOG_DIR}/seahub.error.log
CustomLog ${APACHE_LOG_DIR}/seahub.access.log combined
SSLEngine on
SSLCertificateFile /path/to/ssl-cert.pem
SSLCertificateKeyFile /path/to/ssl-key.pem
<Location /Shibboleth.sso>
SetHandler shib
AuthType shibboleth
ShibRequestSetting requireSession 1
Require valid-user
</Location>
<Location /sso>
SetHandler shib
AuthType shibboleth
ShibUseHeaders On
ShibRequestSetting requireSession 1
Require valid-user
</Location>
RewriteEngine On
<Location /media>
Require all granted
</Location>
# seafile fileserver
ProxyPass /seafhttp http://127.0.0.1:8082
ProxyPassReverse /seafhttp http://127.0.0.1:8082
RewriteRule ^/seafhttp - [QSA,L]
# seahub
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
ProxyPass / http://127.0.0.1:8000/
ProxyPassReverse / http://127.0.0.1:8000/
# for http
# RequestHeader set REMOTE_USER %{REMOTE_USER}e
# for https
RequestHeader set REMOTE_USER %{REMOTE_USER}s
</VirtualHost>
</IfModule>
```
#### Install and Configure Shibboleth
Installation and configuration of Shibboleth is out of the scope of this documentation. Here are a few references:
* For RedHat, CentOS-7 and SUSE: <https://wiki.shibboleth.net/confluence/display/SP3/LinuxInstall>
#### Configure Shibboleth(SP)
##### shibboleth2.xml
Open `/etc/shibboleth/shibboleth2.xml` and change some property. After you have done all the followings, don't forget to restart Shibboleth(SP)
###### `ApplicationDefaults` element
Change `entityID` and [`REMOTE_USER`](https://wiki.shibboleth.net/confluence/display/SP3/ApplicationDefaults) property:
```
<!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->
<ApplicationDefaults entityID="https://your-seafile-domain/sso"
REMOTE_USER="mail"
cipherSuites="DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1">
```
Seahub extracts the username from the `REMOTE_USER` environment variable. So you should modify your SP's shibboleth2.xml config file, so that Shibboleth translates your desired attribute into `REMOTE_USER` environment variable.
In Seafile, only one of the following two attributes can be used for username: `eppn`, and `mail`. `eppn` stands for "Edu Person Principal Name". It is usually the UserPrincipalName attribute in Active Directory. It's not necessarily a valid email address. `mail` is the user's email address. You should set `REMOTE_USER` to either one of these attributes.
###### `SSO` element
Change `entityID` property:
```
<!--
Configures SSO for a default IdP. To properly allow for >1 IdP, remove
entityID property and adjust discoveryURL to point to discovery service.
You can also override entityID on /Login query string, or in RequestMap/htaccess.
-->
<SSO entityID="https://your-IdP-domain">
<!--discoveryProtocol="SAMLDS" discoveryURL="https://wayf.ukfederation.org.uk/DS"-->
SAML2
</SSO>
```
###### `MetadataProvider` element
Change `url` and `backingFilePath` property:
```
<!-- Example of remotely supplied batch of signed metadata. -->
<MetadataProvider type="XML" validate="true"
url="http://your-IdP-metadata-url"
backingFilePath="your-IdP-metadata.xml" maxRefreshDelay="7200">
<MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
<MetadataFilter type="Signature" certificate="fedsigner.pem" verifyBackup="false"/>
```
##### attribute-map.xml
Open `/etc/shibboleth/attribute-map.xml` and change some property. After you have done all the followings, don't forget to restart Shibboleth(SP)
###### `Attribute` element
Uncomment attribute elements for getting more user info:
```
<!-- Older LDAP-defined attributes (SAML 2.0 names followed by SAML 1 names)... -->
<Attribute name="urn:oid:2.16.840.1.113730.3.1.241" id="displayName"/>
<Attribute name="urn:oid:0.9.2342.19200300.100.1.3" id="mail"/>
<Attribute name="urn:mace:dir:attribute-def:displayName" id="displayName"/>
<Attribute name="urn:mace:dir:attribute-def:mail" id="mail"/>
```
#### Upload Shibboleth(SP)'s metadata
After restarting Apache, you should be able to get the Service Provider metadata by accessing <https://your-seafile-domain/Shibboleth.sso/Metadata>. This metadata should be uploaded to the Identity Provider (IdP) server.
## Configure Seahub
Add the following configuration to seahub_settings.py.
```
ENABLE_SHIB_LOGIN = True
SHIBBOLETH_USER_HEADER = 'HTTP_REMOTE_USER'
# basic user attributes
SHIBBOLETH_ATTRIBUTE_MAP = {
"HTTP_DISPLAYNAME": (False, "display_name"),
"HTTP_MAIL": (False, "contact_email"),
}
EXTRA_MIDDLEWARE_CLASSES = (
'shibboleth.middleware.ShibbolethRemoteUserMiddleware',
)
EXTRA_AUTHENTICATION_BACKENDS = (
'shibboleth.backends.ShibbolethRemoteUserBackend',
)
```
Seahub can process additional user attributes from Shibboleth. These attributes are saved into Seahub's database, as user's properties. They're all not mandatory. The internal user properties Seahub now supports are:
* givenname
* surname
* contact_email: used for sending notification email to user if username is not a valid email address (like eppn).
* institution: used to identify user's institution
You can specify the mapping between Shibboleth attributes and Seahub's user properties in seahub_settings.py:
```
SHIBBOLETH_ATTRIBUTE_MAP = {
"HTTP_EPPN": (False, "username"),
"HTTP_GIVENNAME": (False, "givenname"),
"HTTP_SN": (False, "surname"),
"HTTP_MAIL": (False, "contact_email"),
"HTTP_ORGANIZATION": (False, "institution"),
}
```
In the above config, the hash key is Shibboleth attribute name, the second element in the hash value is Seahub's property name. You can adjust the Shibboleth attribute name for your own needs. **_Note that you may have to change attribute-map.xml in your Shibboleth SP, so that the desired attributes are passed to Seahub. And you have to make sure the IdP sends these attributes to the SP._**
We also added an option `SHIB_ACTIVATE_AFTER_CREATION` (defaults to `True`) which control the user status after shibboleth connection. If this option set to `False`, user will be inactive after connection, and system admins will be notified by email to activate that account.
#### Affiliation and user role
Shibboleth has a field called affiliation. It is a list like: `employee@uni-mainz.de;member@uni-mainz.de;faculty@uni-mainz.de;staff@uni-mainz.de.`
We are able to set user role from Shibboleth. Details about user role, please refer to <https://download.seafile.com/published/seafile-manual/deploy_pro/roles_permissions.md>
To enable this, modify `SHIBBOLETH_ATTRIBUTE_MAP` above and add `Shibboleth-affiliation` field, you may need to change `Shibboleth-affiliation` according to your Shibboleth SP attributes.
```
SHIBBOLETH_ATTRIBUTE_MAP = {
"HTTP_EPPN": (False, "username"),
"HTTP_GIVENNAME": (False, "givenname"),
"HTTP_SN": (False, "surname"),
"HTTP_MAIL": (False, "contact_email"),
"HTTP_ORGANIZATION": (False, "institution"),
"HTTP_Shibboleth-affiliation": (False, "affiliation"),
}
```
Then add new config to define affiliation role map,
```
SHIBBOLETH_AFFILIATION_ROLE_MAP = {
'employee@uni-mainz.de': 'staff',
'member@uni-mainz.de': 'staff',
'student@uni-mainz.de': 'student',
'employee@hu-berlin.de': 'guest',
'patterns': (
('*@hu-berlin.de', 'guest1'),
('*@*.de', 'guest2'),
('*', 'guest'),
),
}
```
After Shibboleth login, Seafile should calcualte user's role from affiliation and SHIBBOLETH_AFFILIATION_ROLE_MAP.
## Verify
After restarting Apache and Seahub service (`./seahub.sh restart`), you can then test the shibboleth login workflow.
## Debug
If you encountered problems when login, follow these steps to get debug info (for Seafile pro 6.3.13).
#### Add this setting to `seahub_settings.py`
```
DEBUG = True
```
#### Change Seafile's code
Open `seafile-server-latest/seahub/thirdpart/shibboleth/middleware.py`
Insert the following code in line 59
```
assert False
```
Insert the following code in line 65
```
if not username:
assert False
```
The complete code after these changes is as follows:
```
#Locate the remote user header.
# import pprint; pprint.pprint(request.META)
try:
username = request.META[SHIB_USER_HEADER]
except KeyError:
assert False
# If specified header doesn't exist then return (leaving
# request.user set to AnonymousUser by the
# AuthenticationMiddleware).
return
if not username:
assert False
p_id = ccnet_api.get_primary_id(username)
if p_id is not None:
username = p_id
```
Then restart Seafile and relogin, you will see debug info in web page.

16
manual/deploy/single_sign_on.md Normal file
View file

@ -0,0 +1,16 @@
# Single Sign On support in Seafile
Seafile supports most of the popular single-sign-on authentication protocols. Some are included in Community Edition, some are only in Pro Edition.
In the Community Edition:
* [Shibboleth](./shibboleth_config_v6.3.md)
* [OAuth](./oauth.md)
* [Remote User (Proxy Server)](./remote_user.md)
Kerberos authentication can be integrated by using Apache as a proxy server and follow the instructions in [Remote User Authentication](./remote_user.md).
In Pro Edition:
* [ADFS or SAML 2.0](../deploy_pro/adfs.md)
* [CAS](../deploy_pro/cas.md)

118
manual/deploy/sqlite_to_mysql.sh Normal file
View file

@ -0,0 +1,118 @@
#!/bin/sh
#
# This shell script uses sqlite3 commands to export data only(no schema) from seafile sqlite3 installation
#
# Setup:
#
# 1. Move this file to the top directory of your Seafile
# installation path (e.g. /data/haiwen).
# 2. Run: ./sqlite_to_mysql.sh
# 3. Three files(ccnet_db_data.sql, seafile_db_data.sql, seahub_db_data.sql) are created.
# 4. Loads these files to MySQL after you load schema
# example: (mysql> source ccnet_db_data.sql)
#
#Function that generates INSERT statements for all data in given database
#Parameter1 = database_path
Sqlite2MysqlData () {
echo "SET FOREIGN_KEY_CHECKS=0;"
for TABLE in $(sqlite3 $1 .tables)
do
#get columns and insert ``, around every one
COLS=$(sqlite3 $1 "PRAGMA table_info('${TABLE}');" | cut -d'|' -f2 | sed 's/^/`/' | sed 's/$/`, /' )
#remove comma from last one
COLS_PURE=$(echo $COLS | sed 's/.$//')
#generate insertstatemets (via echoMultipleCommands support by sqlite3), does not include column names
echo ".mode insert\nselect * from '${TABLE}';" | sqlite3 $1 |
#replace 3rd word with columns from above: TableName(`col1`, `col2`, `col3`, ...)
sed "s/[^ ]*[^ ]/${TABLE}(${COLS_PURE})/3"
done
echo "SET FOREIGN_KEY_CHECKS=1;"
}
CCNET_DB='ccnet_db_data.sql'
SEAFILE_DB='seafile_db_data.sql'
SEAHUB_DB='seahub_db_data.sql'
########## ccnet
seafile_path=$(pwd)
if [ -d "${seafile_path}/ccnet" ]; then
USER_MGR_DB=${seafile_path}/ccnet/PeerMgr/usermgr.db
GRP_MGR_DB=${seafile_path}/ccnet/GroupMgr/groupmgr.db
else
echo "${seafile_path}/ccnet does not exists."
read -p "Please provide your ccnet folder path(e.g. /data/haiwen/ccnet): " ccnet_path
if [ -d ${ccnet_path} ]; then
USER_MGR_DB=$(dirname "${ccnet_path}")/PeerMgr/usermgr.db
GRP_MGR_DB=$(dirname "${ccnet_path}")/GroupMgr/groupmgr.db
else
echo "${ccnet_path} does not exists, quit."
exit 1
fi
fi
rm -rf ${CCNET_DB}
echo "Start export ccnet data from user"
Sqlite2MysqlData ${USER_MGR_DB} > ${CCNET_DB}
echo "Start export ccnet data from group"
Sqlite2MysqlData ${GRP_MGR_DB} >> ${CCNET_DB}
echo "Done export ccnet data"
########## seafile
if [ -f "${seafile_path}/seafile-data/seafile.db" ]; then
SEAFILE_SQLITE_DB=${seafile_path}/seafile-data/seafile.db
else
echo "${seafile_path}/seafile-data/seafile.db does not exists."
read -p "Please provide your seafile.db path(e.g. /data/haiwen/seafile-data/seafile.db): " seafile_db_path
if [ -f ${seafile_db_path} ];then
SEAFILE_SQLITE_DB=${seafile_db_path}
else
echo "${seafile_db_path} does not exists, quit."
exit 1
fi
fi
rm -rf ${SEAFILE_DB}
echo "Start export seafile data"
Sqlite2MysqlData ${SEAFILE_SQLITE_DB} > ${SEAFILE_DB}
echo "Done export seafile data"
########## seahub
if [ -f "${seafile_path}/seahub.db" ]; then
SEAHUB_SQLITE_DB=${seafile_path}/seahub.db
else
echo "${seafile_path}/seahub.db does not exists."
read -p "Please prove your seahub.db path(e.g. /data/haiwen/seahub.db): " seahub_db_path
if [ -f ${seahub_db_path} ]; then
SEAHUB_SQLITE_DB=${seahub_db_path}
else
echo "${seahub_db_path} does not exists, quit."
exit 1
fi
fi
rm -rf ${SEAHUB_DB}
#delete existed data from `django_content_type`:
echo "DELETE FROM \`django_content_type\`;" > ${SEAHUB_DB}
#delete existed data from `django_migrations`:
echo "DELETE FROM \`django_migrations\`;" >> ${SEAHUB_DB}
echo "Start export seahub data"
Sqlite2MysqlData ${SEAHUB_SQLITE_DB} >> ${SEAHUB_DB}
echo "Done export seahub data"

564
manual/deploy/start_seafile_at_system_bootup.md Normal file
View file

@ -0,0 +1,564 @@
# Start Seafile at System Bootup
## For systems running systemd
* For example Debian 8 and newer, Linux Ubuntu 15.04 and newer
Create systemd service files, change **${seafile_dir}** to your
**seafile** installation location and **seafile** to user, who runs
**seafile** (if appropriate). Then you need to reload systemd's daemons:
**systemctl daemon-reload**.
### Create systemd service file /etc/systemd/system/seafile.service
```
sudo vim /etc/systemd/system/seafile.service
```
The content of the file is:
```
[Unit]
Description=Seafile
# add mysql.service or postgresql.service depending on your database to the line below
After=network.target
[Service]
Type=forking
ExecStart=${seafile_dir}/seafile-server-latest/seafile.sh start
ExecStop=${seafile_dir}/seafile-server-latest/seafile.sh stop
LimitNOFILE=infinity
User=seafile
Group=seafile
[Install]
WantedBy=multi-user.target
```
### Create systemd service file /etc/systemd/system/seahub.service
```
sudo vim /etc/systemd/system/seahub.service
```
The content of the file is (please dont forget to change it if you want to run fastcgi):
```
[Unit]
Description=Seafile hub
After=network.target seafile.service
[Service]
Type=forking
# change start to start-fastcgi if you want to run fastcgi
ExecStart=${seafile_dir}/seafile-server-latest/seahub.sh start
ExecStop=${seafile_dir}/seafile-server-latest/seahub.sh stop
User=seafile
Group=seafile
[Install]
WantedBy=multi-user.target
```
### Create systemd service file /etc/systemd/system/seafile-client.service (optional)
You need to create this service file only if you have **seafile**
console client and you want to run it on system boot.
```
sudo vim /etc/systemd/system/seafile-client.service
```
The content of the file is:
```
[Unit]
Description=Seafile client
# Uncomment the next line you are running seafile client on the same computer as server
# After=seafile.service
# Or the next one in other case
# After=network.target
[Service]
Type=oneshot
ExecStart=/usr/bin/seaf-cli start
ExecStop=/usr/bin/seaf-cli stop
RemainAfterExit=yes
User=seafile
Group=seafile
[Install]
WantedBy=multi-user.target
```
### Enable service start on system boot
```
sudo systemctl enable seafile.service
sudo systemctl enable seahub.service
sudo systemctl enable seafile-client.service # optional
```
## For systems using another init system than systemd
## Ubuntu 14.10 and older
On Ubuntu without systemd we make use of the
[/etc/init.d/](https://help.ubuntu.com/community/UbuntuBootupHowto)
scripts to start seafile/seahub at system boot.
### Create a script **/etc/init.d/seafile-server**
```
sudo vim /etc/init.d/seafile-server
```
The content of this script is: (You need to modify the value of **user**
and **seafile_dir** accordingly)
```
#!/bin/bash
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $remote_fs $syslog
# Required-Stop: $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Seafile server
# Description: Start Seafile server
### END INIT INFO
# Change the value of "user" to your linux user name
user=haiwen
# Change the value of "seafile_dir" to your path of seafile installation
# usually the home directory of $user
seafile_dir=/data/haiwen
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to false if fastcgi is not used
fastcgi=true
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
#
# Write a polite log message with date and time
#
echo -e "\n \n About to perform $1 for seafile at `date -Iseconds` \n " >> ${seafile_init_log}
echo -e "\n \n About to perform $1 for seahub at `date -Iseconds` \n " >> ${seahub_init_log}
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
```
**Note:** If you are using local mysql server, please replace `# Required-Start: $remote_fs $syslog` with `# Required-Start: $remote_fs $syslog mysql`.
### Make the seafile-sever script executable
```
sudo chmod +x /etc/init.d/seafile-server
```
### Add seafile-server to rc.d
```
sudo update-rc.d seafile-server defaults
```
**Note:** Don't forget to update the value of **script_path** later if you update
your seafile server.
## Other Debian based Distributions
### Create a script **/etc/init.d/seafile-server**
```
sudo vim /etc/init.d/seafile-server
```
The content of this script is: (You need to modify the value of **user**
and **seafile_dir** accordingly)
```
#!/bin/sh
### BEGIN INIT INFO
# Provides: seafile-server
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Starts Seafile Server
# Description: starts Seafile Server
### END INIT INFO
# Change the value of "user" to linux user name who runs seafile
user=haiwen
# Change the value of "seafile_dir" to your path of seafile installation
# usually the home directory of $user
seafile_dir=/data/haiwen
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=false
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
#
# Write a polite log message with date and time
#
echo -e "\n \n About to perform $1 for seafile at `date -Iseconds` \n " >> ${seafile_init_log}
echo -e "\n \n About to perform $1 for seahub at `date -Iseconds` \n " >> ${seahub_init_log}
case "$1" in
start)
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
fi
;;
restart)
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
if [ $fastcgi = true ];
then
sudo -u ${user} ${script_path}/seahub.sh ${1}-fastcgi ${fastcgi_port} >> ${seahub_init_log}
else
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
fi
;;
stop)
sudo -u ${user} ${script_path}/seahub.sh ${1} >> ${seahub_init_log}
sudo -u ${user} ${script_path}/seafile.sh ${1} >> ${seafile_init_log}
;;
*)
echo "Usage: /etc/init.d/seafile-server {start|stop|restart}"
exit 1
;;
esac
```
**Note**:
1. If you want to start seahub in fastcgi, just change the **fastcgi**
variable to **true**
2. If you deployed Seafile with MySQL, append "mysql" to the
Required-Start line:
```
# Required-Start: $local_fs $remote_fs $network mysql
```
### Add Directory for Logfiles
```
mkdir /path/to/seafile/dir/logs
```
### Make the seafile-sever script executable
```
sudo chmod +x /etc/init.d/seafile-server
```
### Add seafile-server to rc.d
```
sudo update-rc.d seafile-server defaults
```
### Done
Don't forget to update the value of **seafile_dir** later if you update
your seafile server.
## RHEL/CentOS
On RHEL/CentOS, the script
[/etc/rc.local](http://www.centos.org/docs/5/html/Installation_Guide-en-US/s1-boot-init-shutdown-run-boot.html)
is executed by the system at bootup, so we start seafile/seahub there.
* Locate your python executable (python 2.6 or 2.7)
```
which python2.6 # or "which python2.7"
```
* In /etc/rc.local, add the directory of python2.6(2.7) to **PATH**,
and add the seafile/seahub start command
```
`
# Assume the python 2.6(2.7) executable is in "/usr/local/bin"
PATH=$PATH:/usr/local/bin/
# Change the value of "user" to your linux user name
user=haiwen
# Change the value of "seafile_dir" to your path of seafile installation
# usually the home directory of $user
seafile_dir=/data/haiwen
script_path=${seafile_dir}/seafile-server-latest
sudo -u ${user} ${script_path}/seafile.sh start > /tmp/seafile.init.log 2>&1
sudo -u ${user} ${script_path}/seahub.sh start > /tmp/seahub.init.log 2>&1
```
**Note**: If you want to start seahub in fastcgi, just change the
**"seahub.sh start"** in the last line above to **"seahub.sh
start-fastcgi"**
* Done. Don't forget to update the value of **seafile_dir** later if
you update your seafile server.
## RHEL/CentOS (run as service)
On RHEL/CentOS we make use of the /etc/init.d/ scripts to start
seafile/seahub at system boot as service.
### Create a file **/etc/sysconfig/seafile**
```
# Change the value of "user" to your linux user name
user=haiwen
# Change the value of "seafile_dir" to your path of seafile installation
# usually the home directory of $user
seafile_dir=/data/haiwen
script_path=${seafile_dir}/seafile-server-latest
seafile_init_log=${seafile_dir}/logs/seafile.init.log
seahub_init_log=${seafile_dir}/logs/seahub.init.log
# Change the value of fastcgi to true if fastcgi is to be used
fastcgi=false
# Set the port of fastcgi, default is 8000. Change it if you need different.
fastcgi_port=8000
```
### Create a script **/etc/init.d/seafile**
```
#!/bin/bash
#
# seafile
#
# chkconfig: - 68 32
# description: seafile
# Source function library.
. /etc/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
if [ -f /etc/sysconfig/seafile ];then
. /etc/sysconfig/seafile
else
echo "Config file /etc/sysconfig/seafile not found! Bye."
exit 200
fi
RETVAL=0
start() {
# Start daemons.
echo -n $"Starting seafile: "
ulimit -n 30000
su - ${user} -c"${script_path}/seafile.sh start >> ${seafile_init_log} 2>&1"
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/seafile
return $RETVAL
}
stop() {
echo -n $"Shutting down seafile: "
su - ${user} -c"${script_path}/seafile.sh stop >> ${seafile_init_log} 2>&1"
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/seafile
return $RETVAL
}
#
# Write a polite log message with date and time
#
echo -e "\n \n About to perform $1 for seafile at `date -Iseconds` \n " >> ${seafile_init_log}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart}"
RETVAL=3
esac
exit $RETVAL
```
### Create a script **/etc/init.d/seahub**
```
#!/bin/bash
#
# seahub
#
# chkconfig: - 69 31
# description: seahub
# Source function library.
. /etc/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
if [ -f /etc/sysconfig/seafile ];then
. /etc/sysconfig/seafile
else
echo "Config file /etc/sysconfig/seafile not found! Bye."
exit 200
fi
RETVAL=0
start() {
# Start daemons.
echo -n $"Starting seahub: "
ulimit -n 30000
if [ $fastcgi = true ];
then
su - ${user} -c"${script_path}/seahub.sh start-fastcgi ${fastcgi_port} >> ${seahub_init_log} 2>&1"
else
su - ${user} -c"${script_path}/seahub.sh start >> ${seahub_init_log} 2>&1"
fi
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/seahub
return $RETVAL
}
stop() {
echo -n $"Shutting down seahub: "
su - ${user} -c"${script_path}/seahub.sh stop >> ${seahub_init_log} 2>&1"
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/seahub
return $RETVAL
}
#
# Write a polite log message with date and time
#
echo -e "\n \n About to perform $1 for seahub at `date -Iseconds` \n " >> ${seahub_init_log}
# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart|reload)
stop
start
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart}"
RETVAL=3
esac
exit $RETVAL
```
Next, enable services:
```
chmod 550 /etc/init.d/seafile
chmod 550 /etc/init.d/seahub
chkconfig --add seafile
chkconfig --add seahub
chkconfig seahub on
chkconfig seafile on
```
and run:
```
service seafile start
service seahub start
```

165
manual/deploy/upgrade.md Normal file
View file

@ -0,0 +1,165 @@
# Upgrade manual
This page is for users who use the pre-compiled seafile server package.
- If you [build seafile server from source](../build_seafile/server.md), please read the **Upgrading Seafile Server** section on that page, instead of this one.
- After upgrading, you may need to clean [seahub cache](add_memcached.md) if it doesn't behave as expect.
- If you are running a **cluster**, please read [upgrade a Seafile cluster](../deploy_pro/upgrade_a_cluster.md).
## Upgrade notes
Please check the [upgrade notes](upgrade_notes.md) for any special configuration or changes before/while upgrading.
---
## Major version upgrade (e.g. from 4.x.x to 5.y.y)
Suppose you are using version 4.3.0 and like to upgrade to version 5.0.0. First download and extract the new version. You should have a directory layout similar to this:
```
haiwen
-- seafile-server-4.3.0
-- seafile-server-5.0.0
-- ccnet
-- seafile-data
```
Now upgrade to version 5.0.0.
1. Shutdown Seafile server if it's running
```sh
cd haiwen/seafile-server-4.3.0
./seahub.sh stop
./seafile.sh stop
# or via service
/etc/init.d/seafile-server stop
```
2. Check the upgrade scripts in seafile-server-5.0.0 directory.
```sh
cd haiwen/seafile-server-5.0.0
ls upgrade/upgrade_*
```
You will get a list of upgrade files:
```
...
upgrade/upgrade_4.0_4.1.sh
upgrade/upgrade_4.1_4.2.sh
upgrade/upgrade_4.2_4.3.sh
upgrade/upgrade_4.3_4.4.sh
upgrade/upgrade_4.4_5.0.sh
```
3. Start from your current version, run the script(s one by one)
```
upgrade/upgrade_4.3_4.4.sh
upgrade/upgrade_4.4_5.0.sh
```
4. Start Seafile server
```sh
cd haiwen/seafile-server-5.0.0/
./seafile.sh start
./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi
# or via service
/etc/init.d/seafile-server start
```
5. If the new version works fine, the old version can be removed
```sh
rm -rf seafile-server-4.3.0/
```
## Minor version upgrade (e.g. from 5.0.x to 5.1.y)
Suppose you are using version 5.0.0 and like to upgrade to version 5.1.0. First download and extract the new version. You should have a directory layout similar to this:
```
haiwen
-- seafile-server-5.0.0
-- seafile-server-5.1.0
-- ccnet
-- seafile-data
```
Now upgrade to version 5.1.0.
1. Shutdown Seafile server if it's running
```sh
cd haiwen/seafile-server-5.0.0
./seahub.sh stop
./seafile.sh stop
# or via service
/etc/init.d/seafile-server stop
```
2. Check the upgrade scripts in seafile-server-5.1.0 directory.
```sh
cd haiwen/seafile-server-5.1.0
ls upgrade/upgrade_*
```
You will get a list of upgrade files:
```
...
upgrade/upgrade_4.0_4.1.sh
upgrade/upgrade_4.1_4.2.sh
upgrade/upgrade_4.2_4.3.sh
upgrade/upgrade_4.3_4.4.sh
upgrade/upgrade_4.4_5.0.sh
upgrade/upgrade_5.0_5.1.sh
```
3. Start from your current version, run the script(s one by one)
```
upgrade/upgrade_5.0_5.1.sh
```
4. Start Seafile server
```sh
cd haiwen/seafile-server-5.1.0/
./seafile.sh start
./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi
# or via service
/etc/init.d/seafile-server start
```
5. If the new version works, the old version can be removed
```sh
rm -rf seafile-server-5.0.0/
```
## Maintenance version upgrade (e.g. from 5.1.2 to 5.1.3)
A maintenance upgrade is for example an upgrade from 5.1.2 to 5.1.3.
1. Shutdown Seafile server if it's running
2. For this type of upgrade, you only need to update the symbolic links (for avatar and a few other folders).
A script to perform a minor upgrade is provided with Seafile server (for history reasons, the script is called `minor-upgrade.sh`):
```sh
cd seafile-server-5.1.3
upgrade/minor-upgrade.sh
```
3. Start Seafile
4. If the new version works, the old version can be removed
```sh
rm -rf seafile-server-5.1.2/
```

153
manual/deploy/upgrade_notes.md Normal file
View file

@ -0,0 +1,153 @@
# Upgrade notes
These notes give additional information about changes.
Please always follow the [main upgrade guide](./upgrade.md).
## Summary
* [Upgrade notes for V6.x.x](#upgrade-notes-v6.x.x)
* [Upgrade notes for V5.x.x](#upgrade-notes-v5.x.x)
* [Upgrade notes for V4.x.x](#upgrade-notes-v4.x.x)
*This documentation is just done from V4 + !*
------
# Upgrade Notes V6.x.x
## Important release changes
From this version, the Wiki module is hidden by default. Users will not be able to turn it on. For compatibility with older versions, it can be turned on by adding the following line to `seahub_settings.py`:
```python
ENABLE_WIKI = True
```
---
## V6.1.0
### Video Thumbnails
Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first.
For details, please refer to the [manual](./video_thumbnails.md).
### OnlyOffice
The system requires some minor changes to support the OnlyOffice document server.
Please follow the instructions [here](./only_office.md).
### Pip Pillow upgrade
```
# for Ubuntu 16.04
sudo apt-get install libjpeg-dev
pip install --upgrade Pillow
# If the pillow installation fails you may install
# "build-dep python-imaging" instead of just "libjpeg-dev"
# for Debian 8
apt-get install libjpeg-dev
pip install --upgrade Pillow
# If the pillow installation fails you may install
# "build-dep python-imaging" instead of just "libjpeg-dev"
# for Centos 7
sudo yum install libjpeg-dev
pip install --upgrade Pillow
```
### Seahub does not start
In case Seahub does not start after the upgrade, install python-requests.
```bash
sudo apt-get install python-requests
```
---
## V6.0.0 - V6.0.9
There are no other special instructions.
---
# Upgrade Notes V5.x.x
## Important release changes
__In Seafile 5.0, we moved all config files to the folder ```/seafile-root/conf```, including:__
- seahub_settings.py -> conf/seahub_settings.py
- ccnet/ccnet.conf -> conf/ccnet.conf
- seafile-data/seafile.conf -> conf/seafile.conf
- [pro only] pro-data/seafevents.conf -> conf/seafevents.conf
------
## V5.1.4
**Python upgrade**
If you upgrade to 5.1.4+, you need to install the python 3 libs:
```
# for Ubuntu 16.04
sudo apt-get install python-urllib3
# for Debian 8
apt-get install python-urllib3
# for Centos 7
sudo yum install python-urllib3
# for Arch Linux
pacman -Sy python2-urllib3
```
---
## V5.0.0 - V5.1.3
Nothing to be installed/changed.
------
# Upgrade Notes V4.x.x
These notes just give additional information about changes within each major version.
Please always follow the [main installation guide](./upgrade.md).
## Important release changes
- [Thumbnail string to number](##V4.3.0)
---
## V4.3.1 - V4.4.6
There are no other special instructions.
---
## V4.3.0
Change the setting of THUMBNAIL_DEFAULT_SIZE from string to number in ```seahub_settings.py```:
Use ```THUMBNAIL_DEFAULT_SIZE = 24```, instead of ```THUMBNAIL_DEFAULT_SIZE = '24'```.
---
## V4.2.0 - V4.2.3
**Note when upgrading to 4.2:**
If you deploy Seafile in a non-root domain, you need to add the following extra settings in ```seahub_settings.py```:
```
COMPRESS_URL = MEDIA_URL
STATIC_URL = MEDIA_URL + '/assets/'
```
---
## V4.0.0 - V4.1.2
There are no other special instructions.

167
manual/deploy/upgrade_with_mysql_or_postgresql.md Normal file
View file

@ -0,0 +1,167 @@
#Seafile
## Upgrade with MySQL or PostgreSQL
First, download the new version, for example seafile-server_1.6.0_x86-64.tar.gz, and extract it to the directory where you put all Seafile related staff. You should have a directory layout similar to this:
```
haiwen
-- seafile-server-1.5.0
-- seafile-server-1.6.0
-- ccnet
-- seafile-data
```
## Major Continuous Upgrade (like from 1.5 to 1.6)
Major continuous upgrade including upgrading from 1.5.0 to 1.6.0 or upgrading from 1.5.0 to 1.6.1. It involves four steps:
1. Stop Seafile/Seahub
2. Update avatars folder and database tables
3. Update Nginx/Apache configs
4. Restart Seafile/Seahub
### 2. Update avatars folder and database tables After Seafile Server 2.1.1 for MySQL
Since seafile server 2.1.1, You can upgrade the the avatars folder and the databases using the upgrade scripts. The script's name is like `upgrade_X.X_Y.Y.sh`. For example, assume you are upgrading from seafile server 2.0.0 to seafile server 2.1.1, the you should run the `upgrade_2.0_2.1.sh` script.
```sh
cd seafile-server-2.1.1/
./upgrade/upgrade_2.0_2.1.sh
```
The script would update the avatars folder and the database tables for you.
### 2. Update avatars folder and database tables (For PostgreSQL and before Seafile Server 2.1.1)
Before Seafile Server 2.1.1 or if you are using PostgreSQL, you have to manually:
- update the avatars folder symbolic link
- update and the database tables
#### Update avatars symbolic link
Assume your top level directory is `/data/haiwen/`, and you are upgrading to seafile server version 1.6.0:
```
cd /data/haiwen
cp -a seafile-server-1.6.0/seahub/media/avatars/* seahub-data/avatars/
rm -rf seafile-server-1.6.0/seahub/media/avatars
#the new server avatars' folder will be linked to the updated avatars folder
ln -s -t seafile-server-1.6.0/seahub/media/ ../../../seahub-data/avatars/
```
#### Update database tables
When a new version of seafile server is released, there may be changes to the database of seafile/seahub/ccnet. We provide the sql statements to update the databases:
- `upgrade/sql/<VERSION>/mysql/seahub.sql`, for changes to seahub database
- `upgrade/sql/<VERSION>/mysql/seafile.sql`, for changes to seafile database
- `upgrade/sql/<VERSION>/mysql/ccnet.sql`, for changes to ccnet database
To apply the changes, just execute the sqls in the correspondent database. If any of the sql files above do not exist, it means the new version does not bring changes to the correspondent database.
```sh
seafile-server-1.6.0
├── seafile
├── seahub
├── upgrade
├── sql
├── 1.6.0
├── mysql
├── seahub.mysql
├── seafile.mysql
├── ccnet.mysql
```
### 3. Update Nginx/Apache Config
For Nginx:
```
location /media {
root /data/haiwen/seafile-server-1.6.0/seahub;
}
```
For Apache:
```
Alias /media /data/haiwen/seafile-server-1.6.0/seahub/media
```
**Tip:**
You can create a symbolic link `seafile-server-latest`, and make it point to your current seafile server folder (Since seafile server 2.1.0, the `setup-seafile.sh` script will do this for your). Then, each time you run a upgrade script, it would update the `seafile-server-latest` symbolic link to keep it always point to the latest version seafile server folder.
In this case, you can write:
```
location /media {
root /data/haiwen/seafile-server-latest/seahub;
}
```
or For Apache:
```
Alias /media /data/haiwen/seafile-server-latest/seahub/media
```
This way, you no longer need to update the nginx/apache config file each time you upgrade your seafile server.
### 4. Restart Seafile/Seahub/Nginx/Apache
After done above updating, now restart Seafile/Seahub/Nginx/Apache to see the new version at work!
## Noncontinuous Upgrade (like from 1.1 to 1.3)
You may also upgrade a few versions at once, e.g. from 1.1.0 to 1.3.0.
The procedure is:
1. upgrade from 1.1.0 to 1.2.0;
2. upgrade from 1.2.0 to 1.3.0.
## Minor upgrade (like from 1.5.0 to 1.5.1)
Minor upgrade is like an upgrade from 1.5.0 to 1.5.1.
Here is our dir strutcutre
```
haiwen
-- seafile-server-1.5.0
-- seafile-server-1.5.1
-- ccnet
-- seafile-data
```
### Update the avatar link
We provide a script for you, just run it:
```sh
cd seafile-server-1.5.1
upgrade/minor-upgrade.sh
```
### Update Nginx/Apache Config
For Nginx:
```
location /media {
root /data/haiwen/seafile-server-1.5.1/seahub;
}
```
For Apache:
```
Alias /media /data/haiwen/seafile-server-1.5.1/seahub/media
```
### Restart Seafile/Seahub/Nginx/Apache
After done above updating, now restart Seafile/Seahub/Nginx/Apache to see the new version at work!

5
manual/deploy/using_firewall.md Normal file
View file

@ -0,0 +1,5 @@
# Firewall settings
By default the ports `8000` and `8082` need to be opened in the firewall for incoming TCP connections.
If you run Seafile behind Nginx/Apache with HTTPS, you only need to open port 443 TCP.

89
manual/deploy/using_fuse.md Normal file
View file

@ -0,0 +1,89 @@
# Seafile
## Using Fuse
Files in the seafile system are split to blocks, which means what are stored on your seafile server are not complete files, but blocks. This design faciliates effective data deduplication.
However, administrators sometimes want to access the files directly on the server. You can use seaf-fuse to do this.
`Seaf-fuse` is an implementation of the [http://fuse.sourceforge.net FUSE] virtual filesystem. In a word, it mounts all the seafile files to a folder (which is called the '''mount point'''), so that you can access all the files managed by seafile server, just as you access a normal folder on your server.
Seaf-fuse is added since Seafile Server '''2.1.0'''.
'''Note:'''
* Encrypted folders can't be accessed by seaf-fuse.
* Currently the implementation is '''read-only''', which means you can't modify the files through the mounted folder.
* One debian/centos systems, you need to be in the "fuse" group to have the permission to mount a FUSE folder.
## How to start seaf-fuse
Assume we want to mount to `/data/seafile-fuse`.
#### Create the folder as the mount point
```
mkdir -p /data/seafile-fuse
```
#### Start seaf-fuse with the script
'''Note:''' Before start seaf-fuse, you should have started seafile server with `./seafile.sh start`.
```
./seaf-fuse.sh start /data/seafile-fuse
```
#### Stop seaf-fuse
```
./seaf-fuse.sh stop
```
## Contents of the mounted folder
#### The top level folder
Now you can list the content of `/data/seafile-fuse`.
```
$ ls -lhp /data/seafile-fuse
drwxr-xr-x 2 root root 4.0K Jan 1 1970 abc@abc.com/
drwxr-xr-x 2 root root 4.0K Jan 1 1970 foo@foo.com/
drwxr-xr-x 2 root root 4.0K Jan 1 1970 plus@plus.com/
drwxr-xr-x 2 root root 4.0K Jan 1 1970 sharp@sharp.com/
drwxr-xr-x 2 root root 4.0K Jan 1 1970 test@test.com/
```
* The top level folder contains many subfolders, each of which corresponds to a user
* The time stamp of files and folders is not preserved.
#### The folder for each user
```
$ ls -lhp /data/seafile-fuse/abc@abc.com
drwxr-xr-x 2 root root 924 Jan 1 1970 5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/
drwxr-xr-x 2 root root 1.6K Jan 1 1970 a09ab9fc-7bd0-49f1-929d-6abeb8491397_My Notes/
```
From the above list you can see, under the folder of a user there are subfolders, each of which represents a library of that user, and has a name of this format: '''{library_id}-{library-name}'''.
#### The folder for a library
```
$ ls -lhp /data/seafile-fuse/abc@abc.com/5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/
-rw-r--r-- 1 root root 501K Jan 1 1970 image.png
-rw-r--r-- 1 root root 501K Jan 1 1970 sample.jpng
```
#### If you get a "Permission denied" error
If you get an error message saying "Permission denied" when running `./seaf-fuse.sh start`, most likely you are not in the "fuse group". You should:
* Add yourself to the fuse group
```
sudo usermod -a -G fuse <your-user-name>
```
* Logout your shell and login again
* Now try `./seaf-fuse.sh start <path>` again.

135
manual/deploy/using_ldap.md Normal file
View file

@ -0,0 +1,135 @@
# Configure Seafile to use LDAP
Note: This documentation is for the Community Edition. If you're using Pro Edition, please refer to [the Seafile Pro documentation](../deploy_pro/using_ldap_pro.md).
## How does LDAP User Management work in Seafile
When Seafile is integrated with LDAP/AD, users in the system can be divided into two tiers:
- Users within Seafile's internal user database. Some attributes are attached to these users, such as whether it's a system admin user, whether it's activated. This tier includes two types of users:
* Native users: these users are created by the admin on Seafile's system admin interface. These users are stored in the `EmailUser` table of the `ccnet` database.
* Users imported from LDAP/AD server: When a user in LDAP/AD logs into Seafile, its information will be imported from LDAP/AD server into Seafile's database. These users are stored in the `LDAPUsers` table of the `ccnet` database.
- Users in LDAP/AD server. These are all the intended users of Seafile inside the LDAP server. Seafile doesn't manipulate these users directly. It has to import them into its internal database before setting attributes on them.
When Seafile counts the number of users in the system, it only counts the **activated** users in its internal database.
When Seafile is integrated with LDAP/AD, it'll look up users from both the internal database and LDAP server. As long as the user exists in one of these two sources, they can log into the system.
## Basic LDAP/AD Integration
The only requirement for Seafile to use LDAP/AD for authentication is that there must be a unique identifier for each user in the LDAP/AD server. Seafile can only use email-address-format user identifiers. So there are usually only two options for this unique identifier:
- Email address: this is the most common choice. Most organizations assign unique email address for each member.
- UserPrincipalName: this is a user attribute only available in Active Directory. It's format is `user-login-name@domain-name`, e.g. `john@example.com`. It's not a real email address, but it works fine as the unique identifier.
### Connecting to Active Directory
To use AD to authenticate user, please add the following lines to ccnet.conf.
If you choose email address as unique identifier:
[LDAP]
HOST = ldap://192.168.1.123/
BASE = cn=users,dc=example,dc=com
USER_DN = administrator@example.local
PASSWORD = secret
LOGIN_ATTR = mail
If you choose UserPrincipalName as unique identifier:
[LDAP]
HOST = ldap://192.168.1.123/
BASE = cn=users,dc=example,dc=com
USER_DN = administrator@example.local
PASSWORD = secret
LOGIN_ATTR = userPrincipalName
Meaning of each config options:
* HOST: LDAP URL for the host. ldap://, ldaps:// and ldapi:// are supported. You can also include a port number in the URL, like ldap://ldap.example.com:389. To use TLS, you should configure the LDAP server to listen on LDAPS port and specify ldaps:// here. More details about TLS will be covered below.
* BASE: The root distinguished name (DN) to use when running queries against the directory server. **You cannot use the root DN (e.g. dc=example,dc=com) as BASE**.
* USER_DN: The distinguished name of the user that Seafile will use when connecting to the directory server. This user should have sufficient privilege to access all the nodes under BASE. It's recommended to use a user in the administrator group.
* PASSWORD: Password of the above user.
* LOGIN_ATTR: The attribute used for user's unique identifier. Use `mail` or `userPrincipalName`.
Tips for choosing BASE and USER_DN:
* To determine the BASE, you first have to navigate your organization hierachy on the domain controller GUI.
* If you want to allow all users to use Seafile, you can use 'cn=users,dc=yourdomain,dc=com' as BASE (with proper adjustment for your own needs).
* If you want to limit users to a certain OU (Organization Unit), you run `dsquery` command on the domain controller to find out the DN for this OU. For example, if the OU is 'staffs', you can run 'dsquery ou -name staff'. More information can be found [here](https://technet.microsoft.com/en-us/library/cc770509.aspx).
* AD supports 'user@domain.name' format for the USER_DN option. For example you can use administrator@example.com for USER_DN. Sometime the domain controller doesn't recognize this format. You can still use `dsquery` command to find out user's DN. For example, if the user name is 'seafileuser', run `dsquery user -name seafileuser`. More information [here](https://technet.microsoft.com/en-us/library/cc725702.aspx).
### Connecting to other LDAP servers
Please add the following options to ccnet.conf:
[LDAP]
HOST = ldap://192.168.1.123/
BASE = ou=users,dc=example,dc=com
USER_DN = cn=admin,dc=example,dc=com
PASSWORD = secret
LOGIN_ATTR = mail
The meaning of the options are the same as described in the previous section. With other LDAP servers, you can only use `mail` attribute as user's unique identifier.
## Advanced LDAP/AD Integration Options
### Multiple BASE
Multiple base DN is useful when your company has more than one OUs to use Seafile. You can specify a list of base DN in the "BASE" config. The DNs are separated by ";", e.g. `ou=developers,dc=example,dc=com;ou=marketing,dc=example,dc=com`
### Additional Search Filter
Search filter is very useful when you have a large organization but only a portion of people want to use Seafile. The filter can be given by setting "FILTER" config. The value of this option follows standard LDAP search filter syntax (https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx).
The final filter used for searching for users is `(&($LOGIN_ATTR=*)($FILTER))`. `$LOGIN_ATTR` and `$FILTER` will be replaced by your option values.
For example, add the following line to LDAP config:
```
FILTER = memberOf=CN=group,CN=developers,DC=example,DC=com
```
The final search filter would be `(&(mail=*)(memberOf=CN=group,CN=developers,DC=example,DC=com))`
Note that the case of attribute names in the above example is significant. The `memberOf` attribute is only available in Active Directory.
### Limiting Seafile Users to a Group in Active Directory
You can use the FILTER option to limit user scope to a certain AD group.
1. First, you should find out the DN for the group. Again, we'll use the `dsquery` command on the domain controller. For example, if group name is 'seafilegroup', run `dsquery group -name seafilegroup`.
2. Add the following line to LDAP config:
```
FILTER = memberOf={output of dsquery command}
```
### Using TLS connection to LDAP/AD server
To use a TLS connection to the directory server, you should install a valid SSL certificate on the directory server.
The current version of Seafile Linux server package is compiled on CentOS. We include the ldap client library in the package to maintain compatibility with older Linux distributions. But since different Linux distributions have different path or configuration for OpenSSL library, sometimes Seafile is unable to connect to the directory server with TLS.
The ldap library (libldap) bundled in the Seafile package is of version 2.4. If your Linux distribution is new enough (like CentOS 6, Debian 7 or Ubuntu 12.04 or above), you can use system's libldap instead.
On Ubuntu 14.04 and Debian 7/8, moving the bundled ldap related libraries out of the library path should make TLS connection work.
```
cd ${SEAFILE_INSTALLATION_DIR}/seafile-server-latest/seafile/lib
mkdir disabled_libs_use_local_ones_instead
mv liblber-2.4.so.2 libldap-2.4.so.2 libsasl2.so.2 libldap_r-2.4.so.2 disabled_libs_use_local_ones_instead/
```
On CentOS 6, you have to move the libnssutil library:
```
cd ${SEAFILE_INSTALLATION_DIR}/seafile-server-latest/seafile/lib
mkdir disabled_libs_use_local_ones_instead
mv libnssutil3.so disabled_libs_use_local_ones_instead/
```
This effectively removes the bundled libraries from the library search path.
When the server starts, it'll instead find and use the system libraries (if they are installed).
This change has to be repeated after each update of the Seafile installation.

67
manual/deploy/using_logrotate.md Normal file
View file

@ -0,0 +1,67 @@
# Set up logrotate for server
## How it works
seaf-server, ccnet-server (since version 3.1) and seafile-controller (since version 6.0.8) support reopenning
logfiles by receiving a `SIGUR1` signal.
This feature is very useful when you need cut logfiles while you don't want
to shutdown the server. All you need to do now is cutting the logfile on the fly.
## Default logrotate configuration directory
For debian, the default directory for logrotate should be `/etc/logrotate.d/`
## Sample configuration
Assuming your ccnet-server's logfile is `/home/haiwen/logs/ccnet.log` and your
ccnet-server's pidfile for ccnet-server is `/home/haiwen/pids/ccnet.pid`.
Assuming your seaf-server's logfile is setup to `/home/haiwen/logs/seafile.log` and your
seaf-server's pidfile for seaf-server is setup to `/home/haiwen/pids/seaf-server.pid`:
The configuration for logrotate could be like this:
```
/home/haiwen/logs/seafile.log
{
daily
missingok
rotate 15
compress
delaycompress
notifempty
sharedscripts
postrotate
[ ! -f /home/haiwen/pids/seaf-server.pid ] || kill -USR1 `cat /home/haiwen/pids/seaf-server.pid`
endscript
}
/home/haiwen/logs/ccnet.log
{
daily
missingok
rotate 15
compress
delaycompress
notifempty
sharedscripts
postrotate
[ ! -f /home/haiwen/pids/ccnet.pid ] || kill -USR1 `cat /home/haiwen/pids/ccnet.pid`
endscript
}
/home/haiwen/logs/index.log
{
monthly
missingok
rotate 15
compress
delaycompress
notifempty
sharedscripts
}
```
You can save this file, in debian for example, at `/etc/logrotate.d/seafile`.

361
manual/deploy/using_mysql.md Normal file
View file

@ -0,0 +1,361 @@
# Deploying Seafile with MySQL
This manual explains how to setup and run Seafile server from a pre-built package with MySQL.
**Tip:** If you are deploying the Seafile service for the first time, we recommend that you use an [automatic installation script](https://github.com/haiwen/seafile-server-installer) to quickly deploy a Seafile service.
## Download
[Download](https://www.seafile.com/en/download) the latest server package.
## Deploying and Directory Layout
Supposed you have downloaded `seafile-server_*` into `/opt/seafile/`. We suggest you to use the following layout for your deployment:
```
mkdir /opt/seafile
mv seafile-server_* /opt/seafile
cd /opt/seafile
# after moving seafile-server_* to this directory
tar -xzf seafile-server_*
mkdir installed
mv seafile-server_* installed
```
Now you should have the following directory layout
```
#tree seafile -L 2
seafile
├── installed
│   └── seafile-server_7.0.0_x86-64.tar.gz
└── seafile-server-7.0.0
├── reset-admin.sh
├── runtime
├── seafile
├── seafile.sh
├── seahub
├── seahub.sh
├── setup-seafile-mysql.sh
└── upgrade
```
The benefit of this layout is that:
* We can place all the config files for Seafile server inside `/opt/seafile/conf` directory, making it easier to manage.
* When you upgrade to a new version of Seafile, you can simply untar the latest package into `/opt/seafile` directory. In this way you can reuse the existing config files in `/opt/seafile` directory and don't need to configure again.
## Prepare MySQL Databases
Three components of Seafile Server need their own databases:
* ccnet server
* seafile server
* seahub
See [Seafile Server Components Overview](../overview/components.md) if you want to know more about the Seafile server components.
There are two ways to intialize the databases:
* let the `setup-seafile-mysql.sh` script create the databases for you.
* create the databases by yourself, or someone else (the database admin, for example)
We recommend the first way. The script would ask you for the root password of the mysql server, and it will create:
* database for ccnet/seafile/seahub.
* a new user to access these databases
However, sometimes you have to use the second way. If you don't have the root password, you need someone who has the privileges, e.g., the database admin, to create the three databases, as well as a mysql user who can access the three databases for you. For example, to create three databases: `ccnet_db` / `seafile_db` / `seahub_db` for ccnet/seafile/seahub respectively, and a mysql user "seafile" to access these databases run the following SQL queries:
```
create database `ccnet_db` character set = 'utf8';
create database `seafile_db` character set = 'utf8';
create database `seahub_db` character set = 'utf8';
create user 'seafile'@'localhost' identified by 'seafile';
GRANT ALL PRIVILEGES ON `ccnet_db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seafile_db`.* to `seafile`@localhost;
GRANT ALL PRIVILEGES ON `seahub_db`.* to `seafile`@localhost;
```
## Setting Up Seafile Server
### Prerequisites
The Seafile server package requires the following packages to be installed on your system:
**For Seafile 7.0.x**
```
# on Ubuntu 16.04
apt-get update
apt-get install python2.7 python-setuptools python-mysqldb python-urllib3 python-ldap -y
```
```
# on CentOS 7
yum install python python-setuptools MySQL-python python-urllib3 python-ldap -y
```
**For Seafile 7.1.x**
```
# on Debian 10/Ubuntu 18.04
apt-get update
apt-get install python3 python3-setuptools python3-pip -y
pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \
django-pylibmc django-simple-captcha python3-ldap
```
```
# on CentOS 8
yum install python3 python3-setuptools python3-pip -y
pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \
django-pylibmc django-simple-captcha python3-ldap
```
### Setup
```
cd seafile-server-*
./setup-seafile-mysql.sh # run the setup script & answer prompted questions
```
If some of the prerequisites are not installed, the Seafile initialization script will ask you to install them.
The script will guide you through the settings of various configuration options.
** Seafile configuration options **
| Option | Description | Note |
| ------------------- | ------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------- |
| server name | Name of this seafile server | 3-15 characters, only English letters, digits and underscore ('\_') are allowed |
| server ip or domain | The IP address or domain name used by this server | Seafile client program will access the server with this address |
| seafile data dir | Seafile stores your data in this directory. By default it'll be placed in the current directory. | The size of this directory will increase as you put more and more data into Seafile. Please select a disk partition with enough free space. |
| fileserver port | The TCP port used by Seafile fileserver | Default is 8082. If it's been used by other service, you can set it to another port. |
At this moment, you will be asked to choose a way to initialize Seafile databases:
```sh
-------------------------------------------------------
Please choose a way to initialize Seafile databases:
-------------------------------------------------------
[1] Create new ccnet/seafile/seahub databases
[2] Use existing ccnet/seafile/seahub databases
```
Which one to choose depends on if you have the root password.
* If you choose "1", you need to provide the root password. The script would create the databases and a new user to access the databases
* If you choose "2", the ccnet/seafile/seahub databases must have already been created, either by you, or someone else.
If you choose "\[1] Create new ccnet/seafile/seahub databases", you would be asked these questions:
| Question | Description | Note |
| ------------------------------- | ----------------------------------------------------------------- | -------------------------------------------------------------------- |
| mysql server host | the host address of the mysql server | the default is localhost |
| mysql server port | the port of the mysql server | the default is 3306. Almost every mysql server uses this port. |
| root password | the password of mysql root account | the root password is required to create new databases and a new user |
| mysql user for Seafile | the username for Seafile programs to use to access MySQL server | if the user does not exist, it would be created |
| password for Seafile mysql user | the password for the user above | |
| ccnet dabase name | the name of the database used by ccnet, default is "ccnet_db" | the database would be created if not existing |
| seafile dabase name | the name of the database used by Seafile, default is "seafile_db" | the database would be created if not existing |
| seahub dabase name | the name of the database used by seahub, default is "seahub_db" | the database would be created if not existing |
If you choose "\[2] Use existing ccnet/seafile/seahub databases", you would be asked these questions:
** related questions for "Use existing ccnet/seafile/seahub databases" **
| Question | Description | Note |
| ------------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------------- |
| mysql server host | the host address of the mysql server | the default is localhost |
| mysql server port | the port of the mysql server | the default is 3306. Almost every mysql server uses this port |
| mysql user for Seafile | the user for Seafile programs to use to access MySQL server | the user must already exists |
| password for Seafile mysql user | the password for the user above | |
| ccnet dabase name | the name of the database used by ccnet, default is "ccnet-db" | this database must already exist |
| seafile dabase name | the name of the database used by Seafile, default is "seafile-db" | this database must already exist |
| seahub dabase name | the name of the database used by Seahub, default is "seahub-db" | this database must already exist |
If the setup is successful, you'll see the following output
![server-setup-succesfully](../images/Server-setup-successfully.png)
Now you should have the following directory layout :
```sh
#tree seafile -L 2
seafile
├── ccnet # configuration files
│   ├── mykey.peer
│   ├── PeerMgr
│   └── seafile.ini
├── conf
│ └── ccnet.conf
│ └── seafile.conf
│ └── seahub_settings.py
│ └── gunicorn.conf
├── installed
│   └── seafile-server_7.0.0_x86-64.tar.gz
├── seafile-data
├── seafile-server-7.0.0 # active version
│   ├── reset-admin.sh
│   ├── runtime
│   ├── seafile
│   ├── seafile.sh
│   ├── seahub
│   ├── seahub.sh
│   ├── setup-seafile-mysql.sh
│   └── upgrade
├── seafile-server-latest # symbolic link to seafile-server-7.0.0
├── seahub-data
│   └── avatars
```
The folder `seafile-server-latest` is a symbolic link to the current Seafile server folder. When later you upgrade to a new version, the upgrade scripts update this link to point to the latest Seafile Server folder.
## Running Seafile Server
### Starting Seafile Server and Seahub Website
Under seafile-server-latest directory, run the following commands
```
./seafile.sh start # Start Seafile service
./seahub.sh start # Start seahub website, port defaults to 127.0.0.1:8000
```
The first time you start Seahub, the script would prompt you to create an admin account for your Seafile Server.
**Note:** The Seahub service listens on `127.0.0.1:8000` by default. So we recommend that you deploy a reverse proxy service so that other users can access the Seahub service.
### Deploy a reverse proxy service
You can choose [Apache](deploy_with_apache.md) or [Nginx](deploy_with_nginx.md) as the reverse proxy service.
After deployed the reverse proxy service, you may open a web browser and visit Seafile web interface at (assume your server IP is 192.168.1.111):
```
http://192.168.1.111/
```
Congratulations! Now you have successfully setup your private Seafile Server.
### Run Seahub on another port
If you want to run Seahub on a port other than the default 8000, say 8001, you must modify the `conf/gunicorn.conf`:
```
# default localhost:8000
bind = "0.0.0.0:8001"
```
Then restart Seafile service:
```
./seafile.sh restart
./seahub.sh restart
```
## Stopping and Restarting Seafile and Seahub
### Stopping
```
./seahub.sh stop # stop Seahub website
./seafile.sh stop # stop Seafile processes
```
### Restarting
```
./seafile.sh restart
./seahub.sh restart
```
### When the Scripts Fail
Most of the time, seafile.sh and seahub.sh work fine. But if they fail, you may
* Use `pgrep` command to check if seafile/seahub processes are still running
```
pgrep -f seafile-controller # check seafile processes
pgrep -f "seahub" # check seahub process
```
* Use `pkill` to kill the processes
```
pkill -f seafile-controller
pkill -f "seahub"
```
## Performance turning
If you have more than 50 users, we highly recommand you to [add memcached](../deploy/add_memcached.md). This is going to greatly speed up Seahub (the web frontend).
## Setup in non-interactive way
Since Seafile Pro Edition version 5.1.4, `setup-seafile-mysql.sh` supports auto mode. You can run the setup script in non-interactive by supplying the needed parameters via script parameters or environment variables.
```sh
cd seafile-server-*
./setup-seafile-mysql.sh auto [param1] [param2]...
```
Related parameters as follow:
| Option | Script parameter | Environment variable | Default value |
| ------------------------------- | ---------------- | -------------------- | --------------------------------------------------------------------------------- |
| server name | \-n | SERVER_NAME | hostname -s(short host name) |
| server ip or domain | \-i | SERVER_IP | hostname -i(address for the host name) |
| fileserver port | \-p | FILESERVER_PORT | 8082 |
| seafile data dir | \-d | SEAFILE_DIR | current directory |
| use existing db | \-e | USE_EXISTING_DB | 0(create new db) |
| mysql server host | \-o | MYSQL_HOST | 127.0.0.1 |
| mysql server port | \-t | MYSQL_PORT | 3306 |
| mysql root password | \-r | MYSQL_ROOT_PASSWD | no default value(must be set when create new db) |
| mysql user for seafile | \-u | MYSQL_USER | no default value(must be set) |
| password for seafile mysql user | \-w | MYSQL_USER_PASSWD | no default value(must be set) |
| mysql user host | \-q | MYSQL_USER_HOST | no default value(must be set when create new db and using non local mysql server) |
| ccnet dabase name | \-c | CCNET_DB | ccnet-db |
| seafile dabase name | \-s | SEAFILE_DB | seafile-db |
| seahub dabase name | \-b | SEAHUB_DB | seahub-db |
**Note: If both script parameter and environment variable assigned, script parameter has higher priority. If neither script parameter nor environment variable assigned, default value will be used.**
## That's it!
That's it! Now you may want read more about Seafile.
* [Deploy Seafile with Nginx](deploy_with_nginx.md) / [Deploy Seafile with Apache](deploy_with_apache.md)
* [Enable Https on Seafile Web with Nginx](https_with_nginx.md) / [Enable Https on Seafile Web with Apache](https_with_apache.md)
* [Configure Seafile to use LDAP](using_ldap.md)
* [How to manage the server](../maintain/README.md)

286
manual/deploy/using_sqlite.md Normal file
View file

@ -0,0 +1,286 @@
# Deploying Seafile with SQLite
## Download binary package
Visit our [download page](http://www.seafile.com/en/download/#server), download the latest server package.
Choose one of:
- Generic Linux
- Windows
- Server for Raspberry Pi
```
#check if your system is x86 (32bit) or x86_64 (64 bit)
uname -m
```
Click the tarball link and save it.
## Deploying and Directory Layout
NOTE: If you place the Seafile data directory in external storage, such as NFS, CIFS mount, you should not use SQLite as the database, but use MySQL instead.
Supposed your organization's name is "haiwen", and you've downloaded seafile-server_1.4.0_* into your home directory. We suggest you to use the following layout for your deployment:
```sh
mkdir haiwen
mv seafile-server_* haiwen
cd haiwen
# after moving seafile-server_* to this directory
tar -xzf seafile-server_*
mkdir installed
mv seafile-server_* installed
```
Now you should have the following directory layout
```sh
# tree . -L 2
.
├── installed
│ └── seafile-server_1.4.0_x86-64.tar.gz
└── seafile-server-1.4.0
├── reset-admin.sh
├── runtime
├── seafile
├── seafile.sh
├── seahub
├── seahub.sh
├── setup-seafile.sh
└── upgrade
```
Benefits of this layout are
- We can place all the config files for Seafile server inside "haiwen" directory, making it easier to manage.
- When you upgrade to a new version of Seafile, you can simply untar the latest package into "haiwen" directory. In this way you can reuse the existing config files in "haiwen" directory and don't need to configure again.
## Setting Up Seafile Server
#### Prerequisites
The Seafile server package requires the following packages have been installed in your system
- python 2.7
- python-setuptools
- python-ldap
- python-urllib3
- python-requests
- sqlite3
```
#on Debian/Ubuntu 14.04 server
apt-get update
apt-get install python2.7 libpython2.7 python-setuptools python-ldap python-urllib3 sqlite3 python-requests
```
```
# on Ubuntu 16.04 server
# As the default python binary on Ubuntu 16.04 server is python 3, we need to install python (python 2) first.
apt-get update
apt-get install python
apt-get install python2.7 libpython2.7 python-setuptools python-ldap python-urllib3 ffmpeg python-pip sqlite3 python-requests
pip install Pillow==4.3.0
pip install moviepy # used in movie file thumbnails
```
```
# on CentOS 7
yum -y install epel-release
rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
yum -y install MySQL-python python-memcached python-ldap python-urllib3 ffmpeg ffmpeg-devel python-requests
pip install Pillow==4.3.0
pip install moviepy # used in movie file thumbnails
```
#### Setup
```sh
cd seafile-server-*
./setup-seafile.sh #run the setup script & answer prompted questions
```
If some of the prerequisites are not installed, the Seafile initialization script will ask you to install them.
The script will guide you through the settings of various configuration options.
**Seafile configuration options**
| Option | Description | Note |
| -- | -- | ---- |
| server name | Name of this Seafile server | 3-15 characters, only English letters, digits and underscore ('_') are allowed |
| server ip or domain | The IP address or domain name used by this server | Seafile client program will access the server with this address |
| Seafile data dir | Seafile stores your data in this directory. By default it'll be placed in the current directory. | The size of this directory will increase as you put more and more data into Seafile. Please select a disk partition with enough free space. |
| fileserver port | The TCP port used by Seafile fileserver | Default is 8082. If it's been used by other service, you can set it to another port. |
Now you should have the following directory layout:
```sh
#tree haiwen -L 2
haiwen
├── ccnet # configuration files
│ ├── mykey.peer
│ ├── PeerMgr
│ └── seafile.ini
├── conf
│ └── ccnet.conf
│ └── seafile.conf
│ └── seahub_settings.py
├── installed
│ └── seafile-server_1.4.0_x86-64.tar.gz
├── seafile-data
├── seafile-server-1.4.0 # active version
│ ├── reset-admin.sh
│ ├── runtime
│ ├── seafile
│ ├── seafile.sh
│ ├── seahub
│ ├── seahub.sh
│ ├── setup-seafile.sh
│ └── upgrade
├── seafile-server-latest # symbolic link to seafile-server-1.4.0
├── seahub-data
│ └── avatars
├── seahub.db
```
The folder seafile-server-latest is a symbolic link to the current Seafile server folder. When later you upgrade to a new version, the upgrade scripts would update this link to keep it always point to the latest Seafile server folder.
## Running Seafile Server
#### Before Running
Since Seafile uses persistent connections between client and server, you should increase Linux file descriptors by ulimit if you have a large number of clients before start Seafile, like:
``ulimit -n 30000``
#### Starting Seafile Server and Seahub Website
- Start Seafile:
```
./seafile.sh start # Start Seafile service
```
- Start Seahub:
```
./seahub.sh start <port> # Start Seahub website, port defaults to 8000
```
**Note**: The first time you start Seahub, the script is going to prompt you to create an admin account for your Seafile server.
After starting the services, you may open a web browser and type in
``http://192.168.1.111:8000``
you will be redirected to the Login page. Just enter the admin username and password.
**Congratulations!** Now you have successfully setup your private Seafile server.
#### Run Seahub on another port
If you want to run Seahub on a port other than the default 8000, say 8001, you must:
**Seafile 6.2.x and previous versions**
- stop the Seafile server
```
./seahub.sh stop
./seafile.sh stop
```
- modify the value of SERVICE_URL in the file [ccnet.conf](../config/ccnet-conf.md), like this: (assume your ip or domain is 192.168.1.100). You can also modify SERVICE_URL via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.)
```
SERVICE_URL = http://192.168.1.100:8001
```
- restart Seafile server
```
./seafile.sh start
./seahub.sh start 8001
```
See Seafile [Server Configuration Manual](../config/ccnet-conf.md) for more details about ``ccnet.conf``.
**Seafile 6.3.x and above versions**
You can assign the port of Seahub by setting the `conf/gunicorn.conf`.
- stop the Seafile server
```
./seahub.sh stop
./seafile.sh stop
```
- modify the value of SERVICE_URL in the file [ccnet.conf](../config/ccnet-conf.md), like this: (assume your ip or domain is 192.168.1.100). You can also modify SERVICE_URL via web UI in "System Admin->Settings". (**Warning**: if you set the value both via Web UI and ccnet.conf, the setting via Web UI will take precedence.)
```
SERVICE_URL = http://192.168.1.100:8001
```
- **modify the conf/gunicorn.conf**
```
# default localhost:8000
bind = "0.0.0.0:8001"
```
- restart Seafile server
```
./seafile.sh start
./seahub.sh start
```
See Seafile [Server Configuration Manual](../config/ccnet-conf.md) for more details about ``ccnet.conf``.
## Manage Seafile and Seahub
#### Stopping
```
./seahub.sh stop # stop seahub website
./seafile.sh stop # stop seafile processes
```
#### Restarting
```
./seafile.sh restart
./seahub.sh restart
```
#### When the Scripts Fail
Most of the time, `seafile.sh` and `seahub.sh` work fine. But if they fail, you might want to
- Use pgrep command to check if Seafile/Seahub processes are still running
```
pgrep -f seafile-controller # check Seafile processes
pgrep -f "seahub" # check Seahub process
```
- Use pkill to kill the processes
```
pkill -f seafile-controller
pkill -f "seahub"
```
## Setup in non-interactive way
Since Seafile version 5.1.4, `setup-seafile.sh` supports auto mode. You can run the setup script in non-interactive by supply the needed parameters via script parameters or environment variables.
```sh
cd seafile-server-*
./setup-seafile.sh auto [param1] [param2]...
```
Related parameters as follow:
Option | Script parameter | Environment variable | Default value
--------|--------|--------|--------
server name | -n | SERVER_NAME | hostname -s(short host name)
server ip or domain | -i |SERVER_IP | hostname -i(address for the host name)
fileserver port | -p | FILESERVER_PORT | 8082
seafile data dir | -d | SEAFILE_DIR | current directory
**Note: If both script parameter and environment variable assigned, script parameter has higher priority. If neither script parameter nor environment variable assigned, default value will be used.**
## That's it!
For a production server we highly recommend to setup with Nginx/Apache and enable SSL/TLS.
That's it! Now you might want read more about Seafile.
- [Administration](../maintain/README.md)

94
manual/deploy/using_syslog.md Normal file
View file

@ -0,0 +1,94 @@
## Configure Seafile to Use Syslog
Since community edition 5.1.2 and professional edition 5.1.4, Seafile support using Syslog.
### Configure Syslog for Seafile Controller and Server
Add following configuration to `general` section in `seafile.conf`:
```
[general]
enable_syslog = true
```
Restart seafile server, you will find follow logs in `/var/log/syslog`:
```
May 10 23:45:19 ubuntu seafile-controller[16385]: seafile-controller.c(154): starting ccnet-server ...
May 10 23:45:19 ubuntu seafile-controller[16385]: seafile-controller.c(73): spawn_process: ccnet-server -F /home/plt/haiwen/conf -c /home/plt/haiwen/ccnet -f /home/plt/haiwen/logs/ccnet.log -d -P /home/plt/haiwen/pids/ccnet.pid
```
```
May 12 01:00:51 ubuntu seaf-server[21552]: ../common/mq-mgr.c(60): [mq client] mq cilent is started
May 12 01:00:51 ubuntu seaf-server[21552]: ../common/mq-mgr.c(106): [mq mgr] publish to hearbeat mq: seaf_server.heartbeat
```
### Configure Syslog For Seafevents (Professional Edition only)
Add following configuration to `seafevents.conf`:
```
[Syslog]
enabled = true
```
Restart seafile server, you will find follow logs in `/var/log/syslog`
```
May 12 01:00:52 ubuntu seafevents[21542]: [seafevents] database: mysql, name: seahub-pro
May 12 01:00:52 ubuntu seafevents[21542]: seafes enabled: True
May 12 01:00:52 ubuntu seafevents[21542]: seafes dir: /home/plt/pro-haiwen/seafile-pro-server-5.1.4/pro/python/seafes
```
### Configure Syslog For Seahub
Add following configurations to `seahub_settings.py`:
```
LOGGING = {
'version': 1,
'disable_existing_loggers': True,
'formatters': {
'verbose': {
'format': '%(process)-5d %(thread)d %(name)-50s %(levelname)-8s %(message)s'
},
'standard': {
'format': '%(asctime)s [%(levelname)s] %(name)s:%(lineno)s %(funcName)s %(message)s'
},
'simple': {
'format': '[%(asctime)s] %(name)s %(levelname)s %(message)s',
'datefmt': '%d/%b/%Y %H:%M:%S'
},
},
'filters': {
'require_debug_false': {
'()': 'django.utils.log.RequireDebugFalse',
},
'require_debug_true': {
'()': 'django.utils.log.RequireDebugTrue',
},
},
'handlers': {
'console': {
'filters': ['require_debug_true'],
'class': 'logging.StreamHandler',
'formatter': 'simple'
},
'syslog': {
'class': 'logging.handlers.SysLogHandler',
'address': '/dev/log',
'formatter': 'standard'
},
},
'loggers': {
# root logger
       # All logs printed by Seahub and any third party libraries will be handled by this logger.
       '': {
'handlers': ['console', 'syslog'],
'level': 'INFO', # Logs when log level is higher than info. Level can be any one of DEBUG, INFO, WARNING, ERROR, CRITICAL.
'disabled': False
},
# This logger recorded logs printed by Django Framework. For example, when you see 5xx page error, you should check the logs recorded by this logger.
'django.request': {
'handlers': ['console', 'syslog'],
'level': 'INFO',
'propagate': False,
},
},
}
```

59
manual/deploy/video_thumbnails.md Normal file
View file

@ -0,0 +1,59 @@
# Video thumbnails
### Install ffmpeg package
You need to install ffmpeg package to let the video thumbnail work correctly:
**Ubuntu 16.04**
```
# Install ffmpeg
apt-get install ffmpeg
# Now we need to install some modules
pip install pillow moviepy
```
**Centos 7**
```
# We need to activate the epel repos
yum -y install epel-release
rpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro
# Then update the repo and install ffmpeg
yum -y install ffmpeg ffmpeg-devel
# Now we need to install some modules
pip install pillow moviepy
```
**Debian Jessie**
```python
# Add backports repo to /etc/apt/sources.list
# e.g. the following repo works (June 2017)
deb http://httpredir.debian.org/debian jessie-backports main non-free
deb-src http://httpredir.debian.org/debian jessie-backports main non-free
# Then update the repo and install ffmpeg
apt-get update
apt-get install ffmpeg
# Now we need to install some modules
pip install pillow moviepy
```
### Configure Seafile to create thumbnails
Now configure accordingly in `seahub_settings.py`
```python
# Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first.
# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html
# NOTE: since version 6.1
ENABLE_VIDEO_THUMBNAIL = True
# Use the frame at 5 second as thumbnail
THUMBNAIL_VIDEO_FRAME_TIME = 5
# Absolute filesystem path to the directory that will hold thumbnail files.
THUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/'
```

68
manual/deploy_pro/README.md Normal file
View file

@ -0,0 +1,68 @@
# Deploy Seafile Pro Edition
Install Seafile Pro Edition
- Method 1: [Deploy Seafile with Docker](deploy_with_docker.md)
- Method 2 (For Debian and CentOS 7): [Deploy Seafile with an installation script](https://github.com/haiwen/seafile-server-installer#auto-install-seafile-server-ce-and-pro). The installer offer a quick and easy way to set up a production ready Seafile Server using MariaDB, Memcached and NGINX as a reverse proxy in under 5 minutes.
- Method 3: [Download and Setup Seafile Professional Server Step by Step](download_and_setup_seafile_professional_server.md)
## LDAP/AD Integration for Pro
- [Configure LDAP in Seafile Pro](using_ldap_pro.md)
- [Syncing Groups from LDAP/AD](ldap_group_sync.md)
- [Syncing Roles from LDAP/AD](ldap_role_sync.md)
## Migration and Upgrading
- [Migrate from Seafile Community Server](migrate_from_seafile_community_server.md)
- [Upgrade Seafile Professional Server](upgrading_seafile_professional_server.md)
## S3/OpenSwift/Ceph Storage Backends
- [Setup Seafile Professional Server With Amazon S3](setup_with_amazon_s3.md)
- [Setup Seafile Professional Server With OpenStack Swift](setup_with_swift.md)
- [Setup Seafile Professional Server With Ceph](setup_with_ceph.md)
- [Migrate from File System to Ceph](migrate_to_ceph.md)
- [Storage Backend Encryption](seaf_encrypt.md)
- [Data migration between different backends](migrate.md)
## Search
- [Details about File Search](details_about_file_search.md)
## Online File Preview and Editing
- [Enable Office/PDF Documents Online Preview](office_documents_preview.md)
- [Integrating with Office Online Server](office_web_app.md)
## Virus Scan
- [Virus Scan](virus_scan.md)
- [Virus Scan With Kav4fs](virus_scan_with_kav4fs.md)
## Cluster
- [Deploy seafile servers in a cluster](deploy_in_a_cluster.md)
- [Enable search and background tasks in a cluster](enable_search_and_background_tasks_in_a_cluster.md)
- [Setup Seafile cluster with NFS](setup_seafile_cluster_with_nfs.md)
- [Upgrade a cluster](upgrade_a_cluster.md)
## Advanced User Management
- [Multi-Institutions Support](multi_institutions.md)
- [Roles and Permissions](roles_permissions.md)
## Advanced Authentication
- [Two-factor Authentication](two_factor_authentication.md)
- [ADFS or SAML 2.0](adfs.md)
- [CAS](cas.md)
## Backup
- [Real-time Backup Server](real_time_backup.md)
## Admin Tools
- [Import Directory to Seafile](seaf_import.md)

228
manual/deploy_pro/adfs.md Normal file
View file

@ -0,0 +1,228 @@
# AD Federation Service or SAML 2.0 Integration
This documentation describes how to integrate to ADFS with SAML 2.0 protocol. The procedure can also be used to integrate with other SAML 2.0 compliant service with minimal change.
## Requirements
To use ADFS to log in to your Seafile, you need the following components:
1. A Winodws Server with [ADFS](https://technet.microsoft.com/en-us/library/hh831502.aspx) installed. For configuring and installing ADFS you can see [this article](https://msdn.microsoft.com/en-us/library/gg188612.aspx).
2. A valid SSL certificate for ADFS server, and here we use **adfs-server.adfs.com** as the domain name example.
3. A valid SSL certificate for Seafile server, and here we use **demo.seafile.com** as the domain name example.
## Prepare Certs File
1、x.509 certs for SP (Service Provider)
You can generate them by:
```
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout sp.key -out sp.crt
```
These x.509 certs are used to sign and encrypt elements like NameID and Metadata for SAML.
**Note: Do not use some special characters when generating a certificate**
2、Then copy these two files to `<seafile-install-path>/seahub-data/certs`. (if the certs folder not exists, create it.)
1. x.509 cert from IdP (Identity Provider)
2. Log into the ADFS server and open the ADFS management.
3. Double click **Service** and choose **Certificates**.
4. Export the **Token-Signing** certificate:
1. Right-click the certificate and select **View Certificate**.
2. Select the **Details** tab.
3. Click **Copy to File** (select **DER encoded binary X.509**).
5. Convert this certificate to PEM format, rename it to **idp.crt**
6. Then copy it to `<seafile-install-path>/seahub-data/certs`.
## Prepare IdP Metadata File
1. Open <https://adfs-server.adfs.com/federationmetadata/2007-06/federationmetadata.xml>
2. Save this xml file, rename it to **idp_federation_metadata.xml**
3. Copy it to `<seafile-install-path>/seahub-data/certs`.
## Install Requirements on Seafile Server
* For Ubuntu 16.04
```
sudo apt install libxmlsec1 xmlsec1
sudo pip install cryptography djangosaml2==0.15.0
```
## Config Seafile
Add the following lines to **seahub_settings.py**
```
from os import path
import saml2
import saml2.saml
CERTS_DIR = '<seafile-install-path>/seahub-data/certs'
SP_SERVICE_URL = 'https://demo.seafile.com'
XMLSEC_BINARY = '/usr/bin/xmlsec1'
ATTRIBUTE_MAP_DIR = '<seafile-install-path>/seafile-server-latest/seahub-extra/seahub_extra/adfs_auth/attribute-maps'
SAML_ATTRIBUTE_MAPPING = {
'DisplayName': ('display_name', ),
'ContactEmail': ('contact_email', ),
'Department': ('department', ),
'Telephone': ('telephone', ),
}
ENABLE_ADFS_LOGIN = True
EXTRA_AUTHENTICATION_BACKENDS = (
'seahub_extra.adfs_auth.backends.Saml2Backend',
)
SAML_USE_NAME_ID_AS_USERNAME = True
LOGIN_REDIRECT_URL = '/saml2/complete/'
SAML_CONFIG = {
# full path to the xmlsec1 binary programm
'xmlsec_binary': XMLSEC_BINARY,
'allow_unknown_attributes': True,
# your entity id, usually your subdomain plus the url to the metadata view
'entityid': SP_SERVICE_URL + '/saml2/metadata/',
# directory with attribute mapping
'attribute_map_dir': ATTRIBUTE_MAP_DIR,
# this block states what services we provide
'service': {
# we are just a lonely SP
'sp' : {
"allow_unsolicited": True,
'name': 'Federated Seafile Service',
'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS,
'endpoints': {
# url and binding to the assetion consumer service view
# do not change the binding or service name
'assertion_consumer_service': [
(SP_SERVICE_URL + '/saml2/acs/',
saml2.BINDING_HTTP_POST),
],
# url and binding to the single logout service view
# do not change the binding or service name
'single_logout_service': [
(SP_SERVICE_URL + '/saml2/ls/',
saml2.BINDING_HTTP_REDIRECT),
(SP_SERVICE_URL + '/saml2/ls/post',
saml2.BINDING_HTTP_POST),
],
},
# attributes that this project need to identify a user
'required_attributes': ["uid"],
# attributes that may be useful to have but not required
'optional_attributes': ['eduPersonAffiliation', ],
# in this section the list of IdPs we talk to are defined
'idp': {
# we do not need a WAYF service since there is
# only an IdP defined here. This IdP should be
# present in our metadata
# the keys of this dictionary are entity ids
'https://adfs-server.adfs.com/federationmetadata/2007-06/federationmetadata.xml': {
'single_sign_on_service': {
saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/idpinitiatedsignon.aspx',
},
'single_logout_service': {
saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/?wa=wsignout1.0',
},
},
},
},
},
# where the remote metadata is stored
'metadata': {
'local': [path.join(CERTS_DIR, 'idp_federation_metadata.xml')],
},
# set to 1 to output debugging information
'debug': 1,
# Signing
'key_file': '',
'cert_file': path.join(CERTS_DIR, 'idp.crt'), # from IdP
# Encryption
'encryption_keypairs': [{
'key_file': path.join(CERTS_DIR, 'sp.key'), # private part
'cert_file': path.join(CERTS_DIR, 'sp.crt'), # public part
}],
'valid_for': 24, # how long is our metadata valid
}
```
**Note: Users running the Seafile program should have permission to read all files under **`seahub-data/certs`**.**
## **Role Map for ADFS**
Since Pro 7.0.9, you are able to set user role with ADFS as with [Shibboleth](https://download.seafile.com/published/seafile-manual/deploy/shibboleth_config.md#user-content-Affiliation%20and%20user%20role). Details about user role, please refer to [role permissions](https://download.seafile.com/published/seafile-manual/deploy_pro/roles_permissions.md).
To enable this, add the following configuration information to `seahub_settings.py` to define the role mapping:
```
SHIBBOLETH_AFFILIATION_ROLE_MAP = {
'role@lian-adfs.local': 'can_generate_upload_link_false',
'role1@lian-adfs.local': 'guest',
'patterns': (
('*@lian-adfs.local', 'guest1'),
('*@*.local', 'guest2'),
('*', 'guest3'),
),
}
```
## Config ADFS Server
1. Add **Relying Party Trust**
Relying Party Trust is the connection between Seafile and ADFS.
1. Log into the ADFS server and open the ADFS management.
2. Double click **Trust Relationships**, then right click **Relying Party Trusts**, select **Add Relying Party Trust…**.
3. Select **Import data about the relying party published online or one a local network**, input `https://demo.seafile.com/saml2/metadata/` in the **Federation metadata address**.
4. Then **Next** until **Finish**.
5. Add **Relying Party Claim Rules**
Relying Party Claim Rules is used for attribute communication between Seafile and users in Windows Domain.
**Important**: Users in Windows domain must have the **E-mail** value setted.
1. Right-click on the relying party trust and select **Edit Claim Rules...**
2. On the Issuance Transform Rules tab select **Add Rules...**
3. Select **Send LDAP Attribute as Claims** as the claim rule template to use.
4. Give the claim a name such as LDAP Attributes.
5. Set the Attribute Store to **Active Directory**, the LDAP Attribute to **E-Mail-Addresses**, and the Outgoing Claim Type to **E-mail Address**.
6. Select **Finish**.
7. Click **Add Rule...** again.
8. Select **Transform an Incoming Claim**.
9. Give it a name such as **Email to Name ID**.
10. Incoming claim type should be **E-mail Address** (it must match the Outgoing Claim Type in rule #1).
11. The Outgoing claim type is **Name ID** (this is requested in Seafile settings policy `'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS`).
12. the Outgoing name ID format is **Email**.
13. **Pass through all claim values** and click **Finish**.
## Test
After re-starting the services, you may open a web browser and type in `https://demo.seafile.com`, there should be a `ADFS` button in login dialog, click that button will redirect you to the ADFS server (adfs-server.adfs.com), if username and password are correct, you will be redirect back to Seafile home page.
For descktop client, simply click "Shibboleth Login" in "Add a new account" window, type in `https://demo.seafile.com`, click OK button will open a new window display ADFS server login page, if username and password are correct, the window will be closed and show Seafile libraries panel.
* <https://support.zendesk.com/hc/en-us/articles/203663886-Setting-up-single-sign-on-using-Active-Directory-with-ADFS-and-SAML-Plus-and-Enterprise->
* <http://wiki.servicenow.com/?title=Configuring_ADFS_2.0_to_Communicate_with_SAML_2.0#gsc.tab=0>
* <https://github.com/rohe/pysaml2/blob/master/src/saml2/saml.py>

46
manual/deploy_pro/admin_roles_permissions.md Normal file
View file

@ -0,0 +1,46 @@
# Roles and Permissions Support
Starting from version 6.2.2, you can add/edit roles and permission for administrators. Seafile has four build-in admin roles:
1. default_admin, has all permissions.
1. system_admin, can only view system info and config system.
1. daily_admin, can only view system info, view statistic, manage library/user/group, view user log.
1. audit_admin, can only view system info and admin log.
All administrators will have `default_admin` role with all permissions by default. If you set an administrator to some other admin role, the administrator will **only have the permissions you configured to `True`**.
Seafile supports eight permissions for now, its configuration is very like common user role, you can custom it by adding the following settings to `seahub_settings.py`.
```
ENABLED_ADMIN_ROLE_PERMISSIONS = {
'system_admin': {
'can_view_system_info': True,
'can_config_system': True,
},
'daily_admin': {
'can_view_system_info': True,
'can_view_statistic': True,
'can_manage_library': True,
'can_manage_user': True,
'can_manage_group': True,
'can_view_user_log': True,
},
'audit_admin': {
'can_view_system_info': True,
'can_view_admin_log': True,
},
'custom_admin': {
'can_view_system_info': True,
'can_config_system': True,
'can_view_statistic': True,
'can_manage_library': True,
'can_manage_user': True,
'can_manage_group': True,
'can_view_user_log': True,
'can_view_admin_log': True,
},
}
```

35
manual/deploy_pro/cas.md Normal file
View file

@ -0,0 +1,35 @@
# Log In By CAS (Deprecated)
> New in 2019: CAS is not recommend way for SSO. The third party Python library is not well maintained. SAML2 is much better.
Since Seafile-pro 6.3.0, Seafile supports CAS single-sign-on protocol.
NOTE: The support for CAS protocol is deprecated due to low maintenance of third-party library. Please use OAuth or SAML protocol.
## Requirements
Supposed you have a usable CAS service, and the service can be accessed by the `https://<CAS-SERVER-IP>:<PORT>/cas/`.
## configure seahub_settings.py
* Add the following lines in `conf/seahub_settings.py`
```
ENABLE_CAS = True
CAS_SERVER_URL = 'https://192.168.99.100:8443/cas/'
CAS_LOGOUT_COMPLETELY = True
# Uncomment following line if CAS server is using self-signed certificate
#CAS_SERVER_CERT_VERIFY = False
```
* Restart the seahub
```
./seahub.sh restart
```
Now, you can login to Seafile web interface with CAS authentication. Please click the "Single Sign-on" on the Seafile's login page.

25
manual/deploy_pro/change_default_java.md Normal file
View file

@ -0,0 +1,25 @@
When you have both Java 6 and Java 7 installed, the default Java may not be Java 7.
Do this by typing `java -version`, and check the output.
- If the output is like **"java version "1.7.0_xx"**, then the default Java is Java 7, which is good.
- If the output is like **"java version "1.6.0_xx"**, then the default Java is Java 6, we need to configure default Java to Java 7.
If the default Java is Java 6, then do
On Debian/Ubuntu:
```
sudo update-alternatives --config java
```
On CentOS/RHEL:
```
sudo alternatives --config java
```
The above command will ask you to choose one of the installed Java versions as default. You should choose Java 7 here.
After that, re-run `java -version` to make sure the change has taken effect.
[Reference link](http://unix.stackexchange.com/questions/35185/installing-openjdk-7-jdk-does-not-update-java-which-is-still-version-1-6)

221
manual/deploy_pro/config_seafile_with_ADFS.md Normal file
View file

@ -0,0 +1,221 @@
### Requirements
To use ADFS to log in to your Seafile, you need the following components:
1. A Winodws Server with [ADFS](https://technet.microsoft.com/en-us/library/hh831502.aspx) installed. For configuring and installing ADFS you can see [this article](https://msdn.microsoft.com/en-us/library/gg188612.aspx).
1. A valid SSL certificate for ADFS server, and here we use **adfs-server.adfs.com** as the domain name example.
1. A valid SSL certificate for Seafile server, and here we use **demo.seafile.com** as the domain name example.
### Prepare Certs File
1. x.509 certs for SP (Service Provider)
You can generate them by:
```
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout sp.key -out sp.crt
```
These x.509 certs are used to sign and encrypt elements like NameID and Metadata for SAML.
Then copy these two files to **<seafile-install-path>/seahub-data/certs**. (if the certs folder not exists, create it.)
2. x.509 cert from IdP (Identity Provider)
1. Log into the ADFS server and open the ADFS management.
1. Double click **Service** and choose **Certificates**.
1. Export the **Token-Signing** certificate:
1. Right-click the certificate and select **View Certificate**.
1. Select the **Details** tab.
1. Click **Copy to File** (select **DER encoded binary X.509**).
1. Convert this certificate to PEM format, rename it to **idp.crt**
1. Then copy it to **<seafile-install-path>/seahub-data/certs**.
### Prepare IdP Metadata File
1. Open https://adfs-server.adfs.com/federationmetadata/2007-06/federationmetadata.xml
1. Save this xml file, rename it to **idp_federation_metadata.xml**
1. Copy it to **<seafile-install-path>/seahub-data/certs**.
### Install Requirements on Seafile Server
- For Ubuntu 16.04
```
sudo apt install xmlsec1
sudo pip install cryptography djangosaml2==0.15.0
```
### Config Seafile
Add the following lines to **seahub_settings.py**
```
from os import path
import saml2
import saml2.saml
# update following lines according to your situation
CERTS_DIR = '<seafile-install-path>/seahub-data/certs'
SP_SERVICE_URL = 'https://demo.seafile.com'
XMLSEC_BINARY = '/usr/local/bin/xmlsec1'
ATTRIBUTE_MAP_DIR = '<seafile-install-path>/seafile-server-latest/seahub-extra/seahub_extra/adfs_auth/attribute-maps'
SAML_ATTRIBUTE_MAPPING = {
'DisplayName': ('display_name', ),
'ContactEmail': ('contact_email', ),
'Deparment': ('department', ),
'Telephone': ('telephone', ),
}
# update the 'idp' section in SAMPL_CONFIG according to your situation, and leave others as default
ENABLE_ADFS_LOGIN = True
EXTRA_AUTHENTICATION_BACKENDS = (
'seahub_extra.adfs_auth.backends.Saml2Backend',
)
SAML_USE_NAME_ID_AS_USERNAME = True
LOGIN_REDIRECT_URL = '/saml2/complete/'
SAML_CONFIG = {
# full path to the xmlsec1 binary programm
'xmlsec_binary': XMLSEC_BINARY,
'allow_unknown_attributes': True,
# your entity id, usually your subdomain plus the url to the metadata view
'entityid': SP_SERVICE_URL + '/saml2/metadata/',
# directory with attribute mapping
'attribute_map_dir': ATTRIBUTE_MAP_DIR,
# this block states what services we provide
'service': {
# we are just a lonely SP
'sp' : {
"allow_unsolicited": True,
'name': 'Federated Seafile Service',
'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS,
'endpoints': {
# url and binding to the assetion consumer service view
# do not change the binding or service name
'assertion_consumer_service': [
(SP_SERVICE_URL + '/saml2/acs/',
saml2.BINDING_HTTP_POST),
],
# url and binding to the single logout service view
# do not change the binding or service name
'single_logout_service': [
(SP_SERVICE_URL + '/saml2/ls/',
saml2.BINDING_HTTP_REDIRECT),
(SP_SERVICE_URL + '/saml2/ls/post',
saml2.BINDING_HTTP_POST),
],
},
# attributes that this project need to identify a user
'required_attributes': ["uid"],
# attributes that may be useful to have but not required
'optional_attributes': ['eduPersonAffiliation', ],
# in this section the list of IdPs we talk to are defined
'idp': {
# we do not need a WAYF service since there is
# only an IdP defined here. This IdP should be
# present in our metadata
# the keys of this dictionary are entity ids
'https://adfs-server.adfs.com/federationmetadata/2007-06/federationmetadata.xml': {
'single_sign_on_service': {
saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/idpinitiatedsignon.aspx',
},
'single_logout_service': {
saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/?wa=wsignout1.0',
},
},
},
},
},
# where the remote metadata is stored
'metadata': {
'local': [path.join(CERTS_DIR, 'idp_federation_metadata.xml')],
},
# set to 1 to output debugging information
'debug': 1,
# Signing
'key_file': '',
'cert_file': path.join(CERTS_DIR, 'idp.crt'), # from IdP
# Encryption
'encryption_keypairs': [{
'key_file': path.join(CERTS_DIR, 'sp.key'), # private part
'cert_file': path.join(CERTS_DIR, 'sp.crt'), # public part
}],
'valid_for': 24, # how long is our metadata valid
}
```
### Config ADFS Server
1. Add **Relying Party Trust**
Relying Party Trust is the connection between Seafile and ADFS.
1. Log into the ADFS server and open the ADFS management.
1. Double click **Trust Relationships**, then right click **Relying Party Trusts**, select **Add Relying Party Trust…**.
1. Select **Import data about the relying party published online or one a local network**, input `https://demo.seafile.com/saml2/metadata/ ` in the **Federation metadata address**.
1. Then **Next** until **Finish**.
1. Add **Relying Party Claim Rules**
Relying Party Claim Rules is used for attribute communication between Seafile and users in Windows Domain.
**Important**: Users in Windows domain must have the **E-mail** value setted.
1. Right-click on the relying party trust and select **Edit Claim Rules...**
1. On the Issuance Transform Rules tab select **Add Rules...**
1. Select **Send LDAP Attribute as Claims** as the claim rule template to use.
1. Give the claim a name such as LDAP Attributes.
1. Set the Attribute Store to **Active Directory**, the LDAP Attribute to **E-Mail-Addresses**, and the Outgoing Claim Type to **E-mail Address**.
1. Select **Finish**.
1. Click **Add Rule...** again.
1. Select **Transform an Incoming Claim**.
1. Give it a name such as **Email to Name ID**.
1. Incoming claim type should be **E-mail Address** (it must match the Outgoing Claim Type in rule #1).
1. The Outgoing claim type is **Name ID** (this is requested in Seafile settings policy ` 'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS`).
1. the Outgoing name ID format is **Email**.
1. **Pass through all claim values** and click **Finish**.
----
- https://support.zendesk.com/hc/en-us/articles/203663886-Setting-up-single-sign-on-using-Active-Directory-with-ADFS-and-SAML-Plus-and-Enterprise-
- http://wiki.servicenow.com/?title=Configuring_ADFS_2.0_to_Communicate_with_SAML_2.0#gsc.tab=0
- https://github.com/rohe/pysaml2/blob/master/src/saml2/saml.py

148
manual/deploy_pro/deploy_clamav_as_daemon.md Normal file
View file

@ -0,0 +1,148 @@
# Run ClamAV as a Daemon
## For Ubuntu 16.04
### Install clamav-daemon & clamav-freshclam
```
apt-get install clamav-daemon clamav-freshclam
```
You should run Clamd with a root permission to scan any files.
Edit the conf `/etc/clamav/clamd.conf`,change the following line:
```
LocalSocketGroup root
User root
```
### Start the clamav-daemon
```
systemctl start clamav-daemon
```
* Test the software
```
$ curl https://www.eicar.org/download/eicar.com.txt | clamdscan -
```
The output must include:
```
stream: Eicar-Test-Signature FOUND
```
## For CentOS 7
### Install Clamd
```
yum install epel-release
yum install clamav-server clamav-data clamav-filesystem clamav-lib clamav-update clamav clamav-devel
```
### Run freshclam
* Configure the freshclam to updating database
```
cp /etc/freshclam.conf /etc/freshclam.conf.bak
sed -i '/^Example/d' /etc/freshclam.conf
```
* Create the init script
```
cat > /usr/lib/systemd/system/clam-freshclam.service << 'EOF'
# Run the freshclam as daemon
[Unit]
Description = freshclam scanner
After = network.target
[Service]
Type = forking
ExecStart = /usr/bin/freshclam -d -c 4
Restart = on-failure
PrivateTmp = true
[Install]
WantedBy=multi-user.target
EOF
```
* Boot up
```
systemctl enable clam-freshclam.service
systemctl start clam-freshclam.service
```
### Configure Clamd
```
cp /usr/share/clamav/template/clamd.conf /etc/clamd.conf
sed -i '/^Example/d' /etc/clamd.conf
```
You should run Clamd with a root permission to scan any files.
Edit the `/etc/clamd.conf`,change the following line:
```
User root
...
LocalSocket /var/run/clamd.sock
```
### Run Clamd
* Create the init script
```
cat > /etc/init.d/clamd << 'EOF'
case "$1" in
start)
echo -n "Starting Clam AntiVirus Daemon... "
/usr/sbin/clamd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/clamd
;;
stop)
echo -n "Stopping Clam AntiVirus Daemon... "
pkill clamd
rm -f /var/run/clamav/clamd.sock
rm -f /var/run/clamav/clamd.pid
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/clamd
;;
esac
EOF
```
```
chmod +x /etc/init.d/clamd
```
* Boot up
```
chkconfig clamd on
service clamd start
```
* Test the software
```
$ curl https://www.eicar.org/download/eicar.com.txt | clamdscan -
```
The output must include:
```
stream: Eicar-Test-Signature FOUND
```

397
manual/deploy_pro/deploy_in_a_cluster.md Normal file
View file

@ -0,0 +1,397 @@
# Deploy in a cluster
**Update**: Since Seafile Pro server 6.0.0, cluster deployment requires "sticky session" settings in the load balancer. Otherwise sometimes folder download on the web UI can't work properly. Read the "Load Balancer Setting" section below for details
## Architecture
The Seafile cluster solution employs a 3-tier architecture:
* Load balancer tier: Distribute incoming traffic to Seafile servers. HA can be achieved by deploying multiple load balancer instances.
* Seafile server cluster: a cluster of Seafile server instances. If one instance fails, the load balancer will stop handing traffic to it. So HA is achieved.
* Backend storage: Distributed storage cluster, e.g. S3, Openstack Swift or Ceph.
This architecture scales horizontally. That means, you can handle more traffic by adding more machines. The architecture is visualized in the following picture.
![seafile-cluster](../images/seafile-cluster-arch.png)
There are two main components on the Seafile server node: web server (Nginx/Apache) and Seafile app server. The web server passes requests from the clients to Seafile app server. The Seafile app servers work independently. They don't know about each other's state. That means each app server can fail independently without affecting other app server instances. The load balancer is responsible for detecting failure and re-routing requests.
Even though Seafile app servers work independently, they still have to share some session information. All shared session information is stored in memcached. Thus, all Seafile app servers have to connect to the same memcached server (cluster). More details about memcached configuration is available later.
The background server is the workhorse for various background tasks, including full-text indexing, office file preview, virus scanning, LDAP syncing. It should usually be run on a dedicated server for better performance. Currently only one background task server can be running in the entire cluster. If more than one background servers are running, they may conflict with each others when doing some tasks. If you need HA for background task server, you can consider using [Keepalived](http://www.keepalived.org/) to build a hot backup for it. More details can be found in [background server setup](enable_search_and_background_tasks_in_a_cluster.md).
All Seafile app servers access the same set of user data. The user data has two parts: One in the MySQL database and the other one in the backend storage cluster (S3, Ceph etc.). All app servers serve the data equally to the clients.
All app servers have to connect to the same database or database cluster. We recommend to use MariaDB Galera Cluster if you need a database cluster.
There are a few steps to deploy a Seafile cluster:
1. Prepare hardware, operating systems, memcached and database
2. Setup a single Seafile server node
3. Copy the deployment to other Seafile nodes
4. Setup Nginx/Apache and firewall rules
5. Setup load balancer
6. [Setup backgroup task node](enable_search_and_background_tasks_in_a_cluster.md)
## Preparation
### Hardware, Database, Memcached
At least 3 Linux server with at least 4 cores, 8GB RAM. Two servers work as frontend servers, while one server works as background task server. Virtual machines are sufficient for most cases.
In small cluster, you can re-use the 3 Seafile servers to run memcached cluster and MariaDB cluster. For larger clusters, you can have 3 more dedicated server to run memcached cluster and MariaDB cluster. Because the load on these two clusters are not high, they can share the hardware to save cost. Documentation about how to setup memcached cluster and MariaDB cluster can be found [here](memcached_mariadb_cluster.md)
### Install Python libraries
On each mode, you need to install some python libraries.
First make sure your have installed Python 2.7, then:
```
sudo easy_install pip
sudo pip install boto
```
If you receive an error stating "Wheel installs require setuptools >= ...", run this between the pip and boto lines above
```
sudo pip install setuptools --no-use-wheel --upgrade
```
## Configure a Single Node
You should make sure the config files on every Seafile server are consistent.
### Get the license
Put the license you get under the top level diretory. In our wiki, we use the diretory `/data/haiwen/` as the top level directory.
### Download/Uncompress Seafile Professional Server
```
tar xf seafile-pro-server_6.1.3_x86-64.tar.gz
```
Now you have:
```
haiwen
├── seafile-license.txt
└── seafile-pro-server-6.1.3/
```
### Setup Seafile
Please follow [Download and Setup Seafile Professional Server With MySQL](download_and_setup_seafile_professional_server.md) to setup a single Seafile server node.
Note: **Use the load balancer's address or domain name for the server address. Don't use the local IP address of each Seafile server machine. This assures the user will always access your service via the load balancers.**
After the setup process is done, you still have to do a few manual changes to the config files.
#### seafile.conf
If you use a single memcached server, you have to add the following configuration to `seafile.conf`
```
[cluster]
enabled = true
memcached_options = --SERVER=192.168.1.134 --POOL-MIN=10 --POOL-MAX=100
```
If you use memcached cluster, the way you setup the memcached cluster and the way to configure it in seafile.conf depend on your Seafile server version. The recommended way to setup memcached clusters can be found [here](memcached_mariadb_cluster.md).
**Memcached Configuration before Seafile Pro 6.2.11**
For Seafile server older than 6.2.11, you need to specify all the memcached server addresses in seafile.conf. The format is
```
[cluster]
enabled = true
memcached_options = --SERVER=192.168.1.134 --SERVER=192.168.1.135 --SERVER=192.168.1.136 --POOL-MIN=10 --POOL-MAX=100 --RETRY-TIMEOUT=3600
```
Notice that there is a `--RETRY-TIMEOUT=3600` option in the above config. This option is important for dealing with memcached server failures. After a memcached server in the cluster fails, Seafile server will stop trying to use it for "RETRY-TIMEOUT" (in seconds). You should set this timeout to relatively long time, to prevent Seafile from retrying the failed server frequently, which may lead to frequent request errors for the clients.
**Memcached Configuration after Seafile Pro 6.2.11**
Since version 6.2.11, the recommended way to setup memcached cluster has been changed. You'll setup two memcached server, in active/standby mode. A floating IP address will be assigned to the current active memcached node. So you have to configure the address in seafile.conf accordingly.
```
[cluster]
enabled = true
memcached_options = --SERVER=<floating IP address> --POOL-MIN=10 --POOL-MAX=100
```
(Optional) The Seafile server also opens a port for the load balancers to run health checks. Seafile by default uses port 11001. You can change this by adding the following config option to `seafile.conf`
```
[cluster]
health_check_port = 12345
```
#### seahub_settings.py
You must setup and use memcached when deploying Seafile cluster. Refer to ["add memcached"](../deploy/add_memcached.md) to use memcached in Seahub.
Also add following options to seahub_setting.py. These settings tell Seahub to store avatar in database and cache avatar in memcached, and store css CACHE to local memory.
```
AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage'
```
#### seafevents.conf
Add following to `seafevents.conf` to disable file indexing service on the local server. The file indexing service should be started on a dedicated background server.
```
[INDEX FILES]
external_es_server = true
```
Here is an example `[INDEX FILES]` section:
```
[INDEX FILES]
enabled = true
interval = 10m
highlight = fvh # This configuration is only available for Seafile 6.3.0 pro and above.
index_office_pdf = true
external_es_server = true
es_host = background.seafile.com
es_port = 9200
```
Note: `enable = true` should be left unchanged. For versions older than 6.1, `es_port` was 9500.
### Update Seahub Database
In cluster environment, we have to store avatars in the database instead of in a local disk.
```
CREATE TABLE `avatar_uploaded` (`filename` TEXT NOT NULL, `filename_md5` CHAR(32) NOT NULL PRIMARY KEY, `data` MEDIUMTEXT NOT NULL, `size` INTEGER NOT NULL, `mtime` datetime NOT NULL);
```
### Backend Storage Settings
You also need to add the settings for backend cloud storage systems to the config files.
* For NFS: [Setup Seafile cluster with NFS](setup_seafile_cluster_with_nfs.md)
* For S3: [Setup With Amazon S3](setup_with_amazon_s3.md)
* For OpenStack Swift: [Setup With OpenStackSwift](setup_with_openstackswift.md)
* For Ceph: [Setup With Ceph](setup_with_ceph.md)
### Run and Test the Single Node
Once you have finished configuring this single node, start it to test if it runs properly:
```
cd /data/haiwen/seafile-server-latest
./seafile.sh start
./seahub.sh start
```
_Note:_ The first time you start seahub, the script would prompt you to create an admin account for your Seafile server.
Open your browser, visit <http://ip-address-of-this-node:8000> and login with the admin account.
## Configure other nodes
Now you have one node working fine, let's continue to configure more nodes.
### Copy the config to all Seafile servers
Supposed your Seafile installation directory is `/data/haiwen`, compress this whole directory into a tarball and copy the tarball to all other Seafile server machines. You can simply uncompress the tarball and use it.
On each node, run `./seafile.sh` and `./seahub.sh` to start Seafile server.
## Setup Nginx/Apache and Https
You'll usually want to use Nginx/Apache and https for web access. You need to set it up on each machine running Seafile server. **Make sure the certificate on all the servers are the same.**
* For Nginx:
* [Config Seahub with Nginx](../deploy/deploy_with_nginx.md)
* [Enabling Https with Nginx](../deploy/https_with_nginx.md)
* For Apache:
* [Config Seahub with Apache](../deploy/deploy_with_apache.md)
* [Enabling Https with Apache](../deploy/https_with_apache.md)
## Start Seafile Service on boot
It would be convenient to setup Seafile service to start on system boot. Follow [this documentation](../deploy/start_seafile_at_system_bootup.md) to set it up on **all nodes**.
## Firewall Settings
Beside [standard ports of a seafile server](../deploy/using_firewall.md), there are 2 firewall rule changes for Seafile cluster:
* On each Seafile server machine, you should open the health check port (default 11001);
* On the memcached server, you should open the port 11211. For security resons only the Seafile servers should be allowed to access this port.
## Load Balancer Setting
Now that your cluster is already running, fire up the load balancer and welcome your users. Since version 6.0.0, Seafile Pro requires "sticky session" settings in the load balancer. You should refer to the manual of your load balancer for how to set up sticky sessions.
### AWS Elastic Load Balancer (ELB)
In the AWS ELB management console, after you've added the Seafile server instances to the instance list, you should do two more configurations.
First you should setup HTTP(S) listeners. Ports 443 and 80 of ELB should be forwarded to the ports 80 or 443 of the Seafile servers.
Then you setup health check
![elb-health-check](../images/elb-health-check.png)
Refer to [AWS documentation](http://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-sticky-sessions.html) about how to setup sticky sessions.
### HAProxy
This is a sample `/etc/haproxy/haproxy.cfg`:
(Assume your health check port is `11001`)
```
global
log 127.0.0.1 local1 notice
maxconn 4096
user haproxy
group haproxy
defaults
log global
mode http
retries 3
maxconn 2000
timeout connect 10000
timeout client 300000
timeout server 300000
listen seafile 0.0.0.0:80
mode http
option httplog
option dontlognull
option forwardfor
cookie SERVERID insert indirect nocache
server seafileserver01 192.168.1.165:80 check port 11001 cookie seafileserver01
server seafileserver02 192.168.1.200:80 check port 11001 cookie seafileserver02
```
## See how it runs
Now you should be able to test your cluster. Open <https://seafile.example.com> in your browser and enjoy. You can also synchronize files with Seafile clients.
If the above works, the next step would be [Enable search and background tasks in a cluster](enable_search_and_background_tasks_in_a_cluster.md).
## The final configuration of the front-end nodes
Here is the summary of configurations at the front-end node that related to cluster setup.
### 7.0 or older versions
For **seafile.conf**:
```
[cluster]
enabled = true
memcached_options = --SERVER=<IP of memcached node> --POOL-MIN=10 --POOL-MAX=100
```
The `enabled` option will prevent the start of background tasks by `./seafile.sh start` in the front-end node. The tasks should be explicitly started by `./seafile-background-tasks.sh start` at the back-end node.
For **seahub_settings.py**:
```
AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage'
OFFICE_CONVERTOR_ROOT = 'http://<ip of node background>'
```
For **seafevents.conf**:
```
[INDEX FILES]
enabled = true
interval = 10m
highlight = fvh # This configuration is only available for Seafile 6.3.0 pro and above.
external_es_server = true
es_host = <IP of background node>
es_port = 9200
[OFFICE CONVERTER]
enabled = true
workers = 1
## how many pages are allowed to be previewed online. Default is 50 pages
max-pages = 50
## the max size of documents allowed to be previewed online, in MB. Default is 10 MB
## Previewing a large file (for example >30M) online is likely going to freeze the browser.
max-size = 10
```
The `[INDEX FILES]` section is needed to let the front-end node know the file search feature is enabled. The `external_es_server = true` is to tell the front-end node not to start the ElasticSearch but to use the ElasticSearch server at the back-end node.
The `[OFFICE CONVERTER]` section is needed to let the front-end node know the office preview feature is enabled.
### 7.1+
For **seafile.conf**:
```
[cluster]
enabled = true
memcached_options = --SERVER=<IP of memcached node> --POOL-MIN=10 --POOL-MAX=100
```
The `enabled` option will prevent the start of background tasks by `./seafile.sh start` in the front-end node. The tasks should be explicitly started by `./seafile-background-tasks.sh start` at the back-end node.
For **seahub_settings.py**:
```
AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage'
OFFICE_CONVERTOR_ROOT = 'http://<ip of node background>:6000'
```
For **seafevents.conf**:
```
[INDEX FILES]
enabled = true
interval = 10m
highlight = fvh # This configuration is for improving searching speed
external_es_server = true
es_host = <IP of background node>
es_port = 9200
[OFFICE CONVERTER]
enabled = true
workers = 1
## the max size of documents allowed to be previewed online, in MB. Default is 10 MB
## Previewing a large file (for example >30M) online is likely going to freeze the browser.
max-size = 10
host = <ip of node background>
port = 6000
```
The `[INDEX FILES]` section is needed to let the front-end node know the file search feature is enabled. The `external_es_server = true` is to tell the front-end node not to start the ElasticSearch but to use the ElasticSearch server at the back-end node.
The `[OFFICE CONVERTER]` section is needed to let the front-end node know the office preview feature is enabled.

261
manual/deploy_pro/deploy_with_docker.md Normal file
View file

@ -0,0 +1,261 @@
## About
* [Docker](https://docker.com/) is an open source project to pack, ship and run any Linux application in a lighter weight, faster container than a traditional virtual machine.
* Docker makes it much easier to deploy [a Seafile server](https://github.com/haiwen/seafile) on your servers and keep it updated.
* The base image configures Seafile with the Seafile team's recommended optimal defaults.
If you are not familiar with docker commands, please refer to [docker documentation](https://docs.docker.com/engine/reference/commandline/cli/).
## For seafile 7.x.x
Starting with 7.0, we have adjusted seafile-docker image to use multiple containers. The old image runs MariaDB-Server、Memcached and Elasticsearch in the same container with Seafile server. Now, we strip the MariaDB-Server、Memcached and Elasticsearch from the Seafile image and run them in their respective containers.
If you plan to deploy seafile 7.0, you should refer to the [Deploy Documentation](<../docker/pro-edition/Deploy Seafile-pro with Docker.md>).
If you plan to upgrade 6.3 to 7.0, you can refer to the [Upgrade Documentation](<../docker/pro-edition/6.3 upgrade to 7.0.md>).
## For seafile 6.x.x
### Getting Started
Login the Seafile private registry:
```sh
docker login {host}
```
You can find the private registry information on the [customer center download page](https://customer.seafile.com/downloads/)
To run the seafile server container:
```sh
docker run -d --name seafile \
-e SEAFILE_SERVER_HOSTNAME=seafile.example.com \
-v /opt/seafile-data:/shared \
-p 80:80 \
{host}/seafileltd/seafile-pro:latest
```
Wait for a few minutes for the first time initialization, then visit `http://seafile.example.com` to open Seafile Web UI.
This command will mount folder `/opt/seafile-data` at the local server to the docker instance. You can find logs and other data under this folder.
### Put your licence file
If you have a `seafile-license.txt` licence file, simply put it in the folder `/opt/seafile-data/seafile/`. In your host machine:
```sh
mkdir -p /opt/seafile-data/seafile/
cp /path/to/seafile-license.txt /opt/seafile-data/seafile/
```
Then restart the container.
```sh
docker restart seafile
```
### More configuration Options
#### Custom Admin Username and Password
The default admin account is `me@example.com` and the password is `asecret`. You can use a different password by setting the container's environment variables:
e.g.
```sh
docker run -d --name seafile \
-e SEAFILE_SERVER_HOSTNAME=seafile.example.com \
-e SEAFILE_ADMIN_EMAIL=me@example.com \
-e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \
-v /opt/seafile-data:/shared \
-p 80:80 \
{host}/seafileltd/seafile-pro:latest
```
If you forget the admin password, you can add a new admin account and then go to the sysadmin panel to reset user password.
#### Let's encrypt SSL certificate
If you set `SEAFILE_SERVER_LETSENCRYPT` to `true`, the container would request a letsencrypt-signed SSL certificate for you automatically.
e.g.
```sh
docker run -d --name seafile \
-e SEAFILE_SERVER_LETSENCRYPT=true \
-e SEAFILE_SERVER_HOSTNAME=seafile.example.com \
-e SEAFILE_ADMIN_EMAIL=me@example.com \
-e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \
-v /opt/seafile-data:/shared \
-p 80:80 \
-p 443:443 \
{host}/seafileltd/seafile-pro:latest
```
If you want to use your own SSL certificate:
* create a folder `/opt/seafile-data/ssl`, and put your certificate and private key under the ssl directory.
* Assume your site name is `seafile.example.com`, then your certificate must have the name `seafile.example.com.crt`, and the private key must have the name `seafile.example.com.key`.
#### Modify Seafile Server Configurations
The config files are under `shared/seafile/conf`. You can modify the configurations according to [Seafile manual](https://download.seafile.com/published/seafile-manual/home.md)
After modification, you need to restart the container:
```sh
docker restart seafile
```
#### Find logs
The seafile logs are under `/shared/logs/seafile` in the docker, or `/opt/seafile-data/logs/seafile` in the server that run the docker.
The system logs are under `/shared/logs/var-log`, or `/opt/seafile-data/logs/var-log` in the server that run the docker.
#### Add a new Admin
Ensure the container is running, then enter this command:
```sh
docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh
```
Enter the username and password according to the prompts. You now have a new admin account.
### Directory Structure
#### `/shared`
Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various logfiles and upload directory outside. This allows you to rebuild containers easily without losing important information.
* /shared/db: This is the data directory for mysql server
* /shared/seafile: This is the directory for seafile server configuration and data.
* /shared/logs: This is the directory for logs.
* /shared/logs/var-log: This is the directory that would be mounted as `/var/log` inside the container. For example, you can find the nginx logs in `shared/logs/var-log/nginx/`.
* /shared/logs/seafile: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in `shared/logs/seafile/seafile.log`.
* /shared/ssl: This is directory for certificate, which does not exist by default.
### Upgrading Seafile Server
If you plan to upgrade 6.3 to 7.0, you can refer to the [Upgrade Documentation](<../docker/pro-edition/6.3 upgrade to 7.0.md>).
To upgrade to the latest version of seafile 6.3:
```sh
docker pull {host}/seafileltd/seafile-pro:latest
docker rm -f seafile
docker run -d --name seafile \
-e SEAFILE_SERVER_LETSENCRYPT=true \
-e SEAFILE_SERVER_HOSTNAME=seafile.example.com \
-e SEAFILE_ADMIN_EMAIL=me@example.com \
-e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \
-v /opt/seafile-data:/shared \
-p 80:80 \
-p 443:443 \
{host}/seafileltd/seafile-pro:latest
```
If you are one of the early users who use the `launcher` script, you should refer to [upgrade from old format](https://github.com/haiwen/seafile-docker/blob/master/upgrade_from_old_format.md) document.
### Backup and Recovery
#### Struct
We assume your seafile volumns path is in `/shared`. And you want to backup to `/backup` directory.
You can create a layout similar to the following in /backup directory:
```struct
/backup
---- databases/ contains database backup files
---- data/ contains backups of the data directory
```
The data files to be backed up:
```struct
/shared/seafile/conf # configuration files
/shared/seafile/pro-data # data of es
/shared/seafile/seafile-data # data of seafile
/shared/seafile/seahub-data # data of seahub
```
#### Backup
Steps:
1. Backup the databases;
2. Backup the seafile data directory;
[Backup Order: Database First or Data Directory First](../maintain/backup_recovery.md)
* backing up Database:
```bash
# It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week.
cd /backup/databases
docker exec -it seafile mysqldump -uroot --opt ccnet_db > ccnet_db.sql
docker exec -it seafile mysqldump -uroot --opt seafile_db > seafile_db.sql
docker exec -it seafile mysqldump -uroot --opt seahub_db > seahub_db.sql
```
* Backing up Seafile library data:
* To directly copy the whole data directory
```bash
cp -R /shared/seafile /backup/data/
cd /backup/data && rm -rf ccnet
```
* Use rsync to do incremental backup
```bash
rsync -az /shared/seafile /backup/data/
cd /backup/data && rm -rf ccnet
```
#### Recovery
* Restore the databases:
```bash
cp /backup/data/ccnet_db.sql /shared/ccnet_db.sql
cp /backup/data/seafile_db.sql /shared/seafile_db.sql
cp /backup/data/seahub_db.sql /shared/seahub_db.sql
docker exec -it seafile /bin/sh -c "mysql -uroot ccnet_db < /shared/ccnet_db.sql"
docker exec -it seafile /bin/sh -c "mysql -uroot seafile_db < /shared/seafile_db.sql"
docker exec -it seafile /bin/sh -c "mysql -uroot seahub_db < /shared/seahub_db.sql"
```
* Restore the seafile data:
```bash
cp -R /backup/data/* /shared/seafile/
```
### Troubleshooting
You can run docker commands like "docker exec" to find errors.
```sh
docker exec -it seafile /bin/bash
```

127
manual/deploy_pro/details_about_file_search.md Normal file
View file

@ -0,0 +1,127 @@
# Details about File Search
**Note**: Since Seafile Professional Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md).
## Search Options
The following options can be set in **seafevents.conf** to control the behaviors of file search. You need to restart seafile and seahub to make them take effect.
```
[INDEX FILES]
## must be "true" to enable search
enabled = true
## The interval the search index is updated. Can be s(seconds), m(minutes), h(hours), d(days)
interval=10m
## If true, indexes the contents of office/pdf files while updating search index
## Note: If you change this option from "false" to "true", then you need to clear the search index and update the index again.
index_office_pdf=false
```
## Enable full text search for Office/PDF files
Full text search is not enabled by default to save system resources. If you want to enable it, you need to follow the instructions below.
First you have to set the value of `index_office_pdf` option in `seafevents.conf` to `true`.
Then restart seafile server
```
cd /data/haiwen/seafile-pro-server-1.7.0/
./seafile.sh restart
```
You need to delete the existing search index and recreate it.
```
./pro/pro.py search --clear
./pro/pro.py search --update
```
## Use existing ElasticSearch server
The search module uses an Elasticsearch server bundled with the Seafile Professional Server. However, you may have an existing Elasticsearch server or cluster running in your company. In this situation, you can change the config file to use your existing ES server or cluster.
This feature was added in Seafile Professional Server 2.0.5.
### Modify the config file
* Edit `seafevents.conf`, add settings in the section **\[index files]** to specify your ES server host and port:
```
[INDEX FILES]
...
external_es_server = true
es_host = 192.168.1.101
es_port = 9200
```
* `external_es_server`: set to `true` so seafile would not start its own elasticsearch server
* `es_host`: The ip address of your ES server
* `es_port`: The listening port of ES server RESTful API. By default it should be `9200`
## Common problems
### How to rebuild the index if something went wrong
You can rebuild search index by running:
```
./pro/pro.py search --clear
./pro/pro.py search --update
```
If this does not work, you can try the following steps:
1. Stop Seafile
2. Remove the old search index `rm -rf pro-data/search`
3. Restart Seafile
4. Wait one minute then run `./pro/pro.py search --update`
### I get no result when I search a keyword
The search index is updated every 10 minutes by default. So before the first index update is performed, you get nothing no matter what you search.
To be able to search immediately,
* Make sure you have started Seafile Server
* Update the search index manually:
```
cd haiwen/seafile-pro-server-2.0.4
./pro/pro.py search --update
```
### Encrypted files cannot be searched
This is because the server cannot index encrypted files, since they are encrypted.
### Increase the heap size for the java search process
The search functionality is based on Elasticsearch, which is a java process. You can modify the memory size by modifying the jvm configuration file. For example, modify to 2G memory. Modify the following configuration in the `seafile-server-latest/pro/elasticsearch/config/jvm.options` file:
```sh
-Xms2g # Minimum available memory
-Xmx2g # Maximum available memory
### It is recommended to set the values of the above two configurations to the same size.
```
Restart the seafile service to make the above changes take effect:
```
./seafile.sh restart
./seahub.sh restart
```

201
manual/deploy_pro/download_and_setup_seafile_professional_server.md Normal file
View file

@ -0,0 +1,201 @@
# Download and Setup Seafile Professional Server
## Preparation
Now when we release a new version, we will always provide 2 compressed files, for example:
* _seafile-pro-server_7.1.3_x86-64_Ubuntu.tar.gz_, is compiled in Ubuntu 18.04 enviroment.
* _seafile-pro-server_7.1.3_x86-64_CentOS.tar.gz_, is compiled in CentOS 7 enviroment.
If you are using Ubuntu/Debian server, please use _seafile-pro-server_7.1.3_x86-64_Ubuntu.tar.gz_, for CentOS please use _seafile-pro-server_7.1.3_x86-64.tar.gz_.
### Install thirdpart Requirements
The Seafile server package requires the following packages to be installed on your system:
**For Seafile 7.0.x**
```
# on Ubuntu 16.04
apt-get update
apt-get install python2.7 python-setuptools python-mysqldb python-urllib3 python-ldap -y
```
```
# on CentOS 7
yum install python python-setuptools MySQL-python python-urllib3 python-ldap -y
```
**For Seafile 7.1.x**
```
# on Debian 10/Ubuntu 18.04
apt-get update
apt-get install python3 python3-setuptools python3-pip -y
pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \
django-pylibmc django-simple-captcha python3-ldap
```
```
# on CentOS 8
yum install python3 python3-setuptools python3-pip -y
pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy \
django-pylibmc django-simple-captcha python3-ldap
```
For more information please see bellow.
### Minimum System Requirements
* A Linux server with 2GB RAM
### Install Java Runtime Environment (JRE)
On Debian:
```
sudo apt-get install openjdk-8-jre
```
On Ubuntu 16.04:
```
sudo apt-get install openjdk-8-jre
sudo ln -sf /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java /usr/bin/
```
On CentOS/Red Hat:
```
sudo yum install java-1.8.0-openjdk
```
### Install poppler-utils
The package poppler-utils is required for full text search of pdf files.
On Ubuntu/Debian:
```
sudo apt-get install poppler-utils
```
On CentOS/Red Hat:
```
sudo yum install poppler-utils
```
### Install Python libraries
First make sure your have installed Python 2.7
```
sudo easy_install pip
sudo pip install boto
```
If you receive an error about "Wheel installs require setuptools >= ...", run this between the pip and boto lines above
```
sudo pip install setuptools --no-use-wheel --upgrade
```
### Install all libraries required by the Community Edition
See [Download and Setup Seafile Server With MySQL](../deploy/using_mysql.md).
## Download and Setup Seafile Professional Server
### Get the license
Put the license you got under the top level diretory. In our wiki, we use the diretory `/data/haiwen/` as the top level directory. If you're using the free Pro Edition with three users you don't need a license file.
### Download & uncompress Seafile Professional Server
```
tar xf seafile-pro-server_7.0.7_x86-64.tar.gz
```
Now you have:
```
haiwen
├── seafile-license.txt
└── seafile-pro-server-7.0.7/
```
---
You should notice the difference between the names of the Community Server and Professional Server. Take the 7.0.7 64bit version as an example:
* Seafile Community Server tarball is `seafile-server_7.0.7_x86-86.tar.gz`; After uncompressing, the folder is `seafile-server-7.0.7`
* Seafile Professional Server tarball is `seafile-pro-server_7.0.7_x86-86.tar.gz`; After uncompressing, the folder is `seafile-pro-server-7.0.7`
### Setup
The setup process of Seafile Professional Server is the same as the Seafile Community Server. See [Download and Setup Seafile Server With MySQL](../deploy/using_mysql.md).
If you have any problem with setting up the service, please check [Common problems in setting up Seafile server](../deploy/common_problems_for_setting_up_server.md).
After you have succesfully setup Seafile Professional Server, you have a directory layout like this:
```
#tree haiwen -L 2
haiwen
├── seafile-license.txt # license file
├── ccnet # configuration files
│ ├── mykey.peer
│ ├── PeerMgr
│ └── seafile.ini
├── conf
│ └── ccnet.conf
│ └── seafile.conf
│ └── seahub_settings.py
│ └── seafevents.conf
├── pro-data # data specific for professional version
├── seafile-data
├── seafile-pro-server-7.0.7
│ ├── reset-admin.sh
│ ├── runtime
│ ├── seafile
│ ├── seafile.sh
│ ├── seahub
│ ├── seahub-extra
│ ├── seahub.sh
│ ├── setup-seafile.sh
│ ├── setup-seafile-mysql.py
│ ├── setup-seafile-mysql.sh
│ └── upgrade
├── seahub-data
│ └── avatars # for user avatars
├── seahub.db
```
## Performance tuning
If you have more than 50 Seafile users, we highly recommend to [add memcached](../deploy/add_memcached.md). This is going to speedup Seahub (the web front end) significantly.
## Done
At this point, the basic setup of Seafile Professional Server is done.
You may want to read more about Seafile Professional Server:
* [FAQ For Seafile Professional Server](faq_for_seafile_pro_server.md)

341
manual/deploy_pro/enable_search_and_background_tasks_in_a_cluster.md Normal file
View file

@ -0,0 +1,341 @@
_Note:_ Before you try to deploy file search office documents preview, make sure other parts of your seafile cluster are already working, e.g upload/download files in a web browser. Make sure memcached is configured as described in ["Deploy in a cluster"](./deploy_in_a_cluster.md).
# Enable search and background tasks in a cluster
In the seafile cluster, only one server should run the background tasks, including:
* indexing files for search
* email notification
* office documents converts service
* LDAP sync
* virus scan
Let's assume you have three nodes in your cluster: A, B, and C.
* Node A is backend node that run background tasks.
* Node B and C are frontend nodes that serving requests from clients.
![cluster-nodes](../images/cluster-nodes.png)
## 7.0 or before
### Configuring Node A (the backend node)
If you following the steps on settings up a cluster, node B and node C should have already be configed as frontend node. You can copy the configuration of node B as a base for node A. Then do the following steps:
#### Install Dependencies (Java, LibreOffice, poppler)
On Ubuntu/Debian:
```shell
sudo apt-get install openjdk-8-jre libreoffice poppler-utils python-uno # or python3-uno for ubuntu 16.04+
```
On CentOS/Red Hat:
```shell
sudo yum install java-1.8.0-openjdk
sudo yum install libreoffice libreoffice-headless libreoffice-pyuno
sudo yum install poppler-utils
```
Edit **seafevents.conf** and ensure this line does NOT exist:
```
external_es_server = true
```
Edit **seahub_settings.py** and add a line:
```python
OFFICE_CONVERTOR_NODE = True
```
Edit **seafile.conf** to enable virus scan according to [virus scan document](virus_scan.md)
#### Edit the firewall rules
In your firewall rules for node A, you should open the port 9200 (for search requests). For versions older than 6.1, `es_port` was 9500.
### Configure Other Nodes
On nodes B and C, you need to:
* Edit `seafevents.conf`, add the following lines:
```
[INDEX FILES]
external_es_server = true
es_host = <ip of node A>
es_port = 9200
```
Edit **seahub_settings.py** and add a line:
```python
OFFICE_CONVERTOR_ROOT = 'http://<ip of node A>'
```
Make sure requests to http\://<ip of node A> is also handled by Seahub. For example, you may need to add this Nginx configuration in the background node:
```
server {
listen 80;
server_name <IP of node A>;
location / {
proxy_pass http://127.0.0.1:8000;
...
}
```
As a simple test, you can use this command to test if you set it up correctly.
```shell
curl -v http://<IP of node A>/office-convert/internal/status/
```
It should say "400 Bad Request" when you have Nginx config updated.
### Start the background node
Type the following commands to start the background node (Note, one additional command `seafile-background-tasks.sh` is needed)
```shell
./seafile.sh start
./seahub.sh start # or "./seahub.sh start-fastcgi" if you're using fastcgi
./seafile-background-tasks.sh start
```
To stop the background node, type:
```shell
./seafile-background-tasks.sh stop
./seafile.sh stop
./seahub.sh stop
```
You should also configure Seafile background tasks to start on system bootup. For systemd based OS, you can add `/etc/systemd/system/seafile-background-tasks.service`:
```
[Unit]
Description=Seafile Background Tasks Server
After=network.target seahub.service
[Service]
Type=forking
ExecStart=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh start
ExecStop=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh stop
User=root
Group=root
[Install]
WantedBy=multi-user.target
```
Then enable this task in systemd:
```
systemctl enable seafile-background-tasks.service
```
### The final configuration of the background node
Here is the summary of configurations at the background node that related to clustering setup.
For **seafile.conf**:
```
[cluster]
enabled = true
memcached_options = --SERVER=<IP of memcached node> --POOL-MIN=10 --POOL-MAX=100
```
For **seahub_settings.py**:
```
OFFICE_CONVERTOR_NODE = True
AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage'
COMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache'
```
For **seafevents.conf**:
```
[INDEX FILES]
enabled = true
interval = 10m
[OFFICE CONVERTER]
enabled = true
workers = 1
## the max size of documents allowed to be previewed online, in MB. Default is 10 MB
## Previewing a large file (for example >30M) online is likely going to freeze the browser.
max-size = 10
```
## 7.1+
### Configuring Node A (the backend node)
If you following the steps on settings up a cluster, node B and node C should have already be configed as frontend node. You can copy the configuration of node B as a base for node A. Then do the following steps:
#### Install Dependencies (Java, LibreOffice)
On Ubuntu/Debian:
```shell
sudo apt-get install openjdk-8-jre libreoffice python-uno # or python3-uno for ubuntu 16.04+
```
On CentOS/Red Hat:
```shell
sudo yum install java-1.8.0-openjdk
sudo yum install libreoffice libreoffice-headless libreoffice-pyuno
```
Edit **seafevents.conf** and ensure this line does NOT exist:
```
external_es_server = true
```
Edit **seafevents.conf**, adding the following configuration:
```
[OFFICE CONVERTER]
enabled = true
host = <ip of node background>
port = 6000
```
host is the IP address of background node, make sure the front end nodes can access the background node via IP:6000 .
Edit **seafile.conf** to enable virus scan according to [virus scan document](virus_scan.md)
#### Edit the firewall rules
In your firewall rules for node A, you should open the port 9200 (for search requests) and port 6000 for office converter. For versions older than 6.1, `es_port` was 9500.
### Configure Other Nodes
On nodes B and C, you need to:
Edit `seafevents.conf`, add the following lines:
```
[INDEX FILES]
external_es_server = true
es_host = <ip of node A>
es_port = 9200
[OFFICE CONVERTER]
enabled = true
host = <ip of node background>
port = 6000
```
Edit **seahub_settings.py** and add a line:
```python
OFFICE_CONVERTOR_ROOT = 'http://<ip of node background>:6000'
```
### Start the background node
Type the following commands to start the background node (Note, one additional command `seafile-background-tasks.sh` is needed)
```shell
./seafile.sh start
./seafile-background-tasks.sh start
```
To stop the background node, type:
```shell
./seafile-background-tasks.sh stop
./seafile.sh stop
```
You should also configure Seafile background tasks to start on system bootup. For systemd based OS, you can add `/etc/systemd/system/seafile-background-tasks.service`:
```
[Unit]
Description=Seafile Background Tasks Server
After=network.target seahub.service
[Service]
Type=forking
ExecStart=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh start
ExecStop=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh stop
User=root
Group=root
[Install]
WantedBy=multi-user.target
```
Then enable this task in systemd:
```
systemctl enable seafile-background-tasks.service
```
### The final configuration of the background node
Here is the summary of configurations at the background node that related to clustering setup.
For **seafile.conf**:
```
[cluster]
enabled = true
memcached_options = --SERVER=<IP of memcached node> --POOL-MIN=10 --POOL-MAX=100
```
For **seafevents.conf**:
```
[INDEX FILES]
enabled = true
interval = 10m
highlight = fvh # this is for improving the search speed
[OFFICE CONVERTER]
enabled = true
host = <ip of node background>
port = 6000
```

148
manual/deploy_pro/ldap_group_sync.md Normal file
View file

@ -0,0 +1,148 @@
# Importing Groups from LDAP/AD
Since version 4.1.0, the Pro Edition supports importing (syncing) groups from LDAP or Active Directory.
## How It Works
The importing or syncing process maps groups from LDAP directory server to groups in Seafile's internal database. This process is one-way.
* Any changes to groups in the database won't propagate back to LDAP;
* Any changes to groups in the database, except for "setting a member as group admin", will be overwritten in the next LDAP sync operation. If you want to add or delete members, you can only do that on LDAP server.
* The creator of imported groups will be set to the system admin.
There are two modes of operation:
* Periodical: the syncing process will be executed in a fixed interval
* Manual: there is a script you can run to trigger the syncing once
## Prerequisite
You have to install python-ldap library in your system.
For Debian or Ubuntu
```
sudo apt-get install python-ldap
```
For CentOS or RedHat
```
sudo yum install python-ldap
```
## Syncing Groups
### Configuration
Before enabling LDAP group sync, you should have configured LDAP authentication. See [Configure Seafile to use LDAP](using_ldap_pro.md) for details.
The following are LDAP group sync related options. They're in the "\[ldap_sync]" section of [ccnet.conf](../config/ccnet-conf.md).
Below are summary of options for syncing groups:
* **ENABLE_GROUP_SYNC**: set to "true" if you want to enable ldap group syncing
* **GROUP_OBJECT_CLASS**: This is the name of the class used to search for group objects. In Active Directory, it's usually "group"; in OpenLDAP or others, you may use "groupOfNames","groupOfUniqueNames" or "posixGroup", depends on your LDAP server. The default value is "group".
* **SYNC_INTERVAL**: The interval to sync. Unit is minutes. You can set it to 60, which means that data is synchronized from the LDAP/AD server every 60 minutes.
* **GROUP_FILTER**: An additional filter to use when searching group objects. If it's set, the final filter used to run search is "(&(objectClass=GROUP_OBJECT_CLASS)(GROUP_FILTER))"; otherwise the final filter would be "(objectClass=GROUP_OBJECT_CLASS)".
* **GROUP_MEMBER_ATTR**: The attribute field to use when loading the group's members. For most directory servers, the attributes is "member", which is the default value.For "posixGroup", it should be set to "memberUid".
* **USER_ATTR_IN_MEMBERUID**: The user attribute set in 'memberUid' option, which is used in "posixGroup".The default value is "uid".
* **DEL_GROUP_IF_NOT_FOUND**: set to "true", will deleted the groups if not found it in LDAP/AD server; need Seafile-pro-6.3.0 and above version
* **SYNC_GROUP_AS_DEPARTMENT**: In 6.3.8 version, a new option SYNC_GROUP_AS_DEPARTMENT is added. If this option is set to "true", the groups will be synced as top-level departments in Seafile, instead of simple groups. Learn more about departments in Seafile [here](https://help.seafile.com/en/sharing_collaboration/departments.html).
* **CREATE_DEPARTMENT_LIBRARY**: If you decide to sync the group as a department, you can set this option to "true". In this way, when the group is synchronized for the first time, a library is automatically created for the department, and the library's name is the department's name.
* **DEFAULT_DEPARTMENT_QUOTA**: If you decide to sync the group as a department, you can set a default space quota for each department when you synchronize a group for the first time. The quota is set to unlimited if this option is not set. Unit is MB.
* **DEPT_NAME_ATTR**: Get the department name. You can set this configuration item to an AD field that represents the "department" name, such as "description". The name of the department created by Seafile will be the department name set in the AD field instead of the OU name. Requires Seafile-pro-7.0.11 and above.
* **DEPT_REPO_PERM: **Set the permissions of the department repo. The default permission is 'rw'. Set permissions for the department repo created during AD synchronization. Requires Seafile-pro-7.0.11 and above.
The search base for groups is the "BASE_DN" set in "\[ldap]" section of ccnet.conf.
Some LDAP server, such as Active Directory, allows a group to be a member of another group. This is called "group nesting". If we find a nested group B in group A, we should recursively add all the members from group B into group A. And group B should still be imported a separate group. That is, all members of group B are also members in group A.
In some LDAP server, such as OpenLDAP, it's common practice to use Posix groups to store group membership. To import Posix groups as Seafile groups, set GROUP_OBJECT_CLASS option to posixGroup . A posixGroup object in LDAP usually contains a multi-value attribute for the list of member UIDs. The name of this attribute can be set with the GROUP_MEMBER_ATTR option. It's MemberUid by default. The value of the MemberUid attribute is an ID that can be used to identify a user, which corresponds to an attribute in the user object. The name of this ID attribute is usually uid , but can be set via the USER_ATTR_IN_MEMBERUID option. Note that posixGroup doesn't support nested groups.
### Example Configurations
Here is an example configuration for syncing nested groups in Active Directory:
```
[LDAP]
HOST = ldap://192.168.1.123/
BASE = cn=users,dc=example,dc=com
USER_DN = administrator@example.local
PASSWORD = secret
LOGIN_ATTR = mail
[LDAP_SYNC]
ENABLE_GROUP_SYNC = true
SYNC_INTERVAL = 60
```
For AD, you usually don't need to configure other options except for "ENABLE_GROUP_SYNC". That's because the default values for other options are the usual values for AD. If you have special settings in your LDAP server, just set the corresponding options.
Here is an example configuration for syncing nested groups (but not PosixGroups) in OpenLDAP:
```
[LDAP]
HOST = ldap://192.168.1.123/
BASE = ou=users,dc=example,dc=com
USER_DN = cn=admin,dc=example,dc=com
PASSWORD = secret
LOGIN_ATTR = mail
[LDAP_SYNC]
ENABLE_GROUP_SYNC = true
SYNC_INTERVAL = 60
GROUP_OBJECT_CLASS = groupOfNames
```
## Sync OU as Departments
A department in Seafile is a special group. In addition to what you can do with a group, there are two key new features for departments:
* Department supports hierarchy. A department can have any levels of sub-departments.
* Department can have storage quota.
Seafile supports syncing OU (Organizational Units) from AD/LDAP to departments. The sync process keeps the hierarchical structure of the OUs.
Options for syncing departments from OU:
* **SYNC_DEPARTMENT_FROM_OU**: set to "true" to enable syncing departments from OU.
* **SYNC_INTERVAL**: The interval to sync. Unit is minutes. You can set it to 60, which means that data is synchronized from the LDAP/AD server every 60 minutes.
* **DEL_DEPARTMENT_IF_NOT_FOUND**: If set to "true", sync process will delete a department if the corresponding OU is not found in AD/LDAP server.
* **CREATE_DEPARTMENT_LIBRARY**: set to "true", if you want to automatically create a department library with the OU name.
* **DEFAULT_DEPARTMENT_QUOTA**: default quota for the imported departments in MB. The quota is set to unlimited if this option is not set.
* **DEPT_NAME_ATTR**: Get the department name. You can set this configuration item to an AD field that represents the "department" name, such as "description". The name of the department created by Seafile will be the department name set in the AD field instead of the OU name. Requires Seafile-pro-7.0.11 and above.
* **DEPT_REPO_PERM: **Set the permissions of the department repo. The default permission is 'rw'. Set permissions for the department repo created during AD synchronization. Requires Seafile-pro-7.0.11 and above.
**NOTE**: Before 6.3.8, an old configuration syntax is used for syncing OU as departments. That syntax is no long supported. The old syntax cannot support syncing both groups and OU from AD/LDAP at the same time. However this is necessary for many situations. With the new syntax, you can sync both.
## Periodical and Manual Sync
Periodical sync won't happen immediately after you restart seafile server. It gets scheduled after the first sync interval. For example if you set sync interval to 30 minutes, the first auto sync will happen after 30 minutes you restarts. To sync immediately, you need to manually trigger it.
After the sync is run, you should see log messages like the following in logs/seafevents.log. And you should be able to see the groups in system admin page.
```
[2015-03-30 18:15:05,109] [DEBUG] create group 1, and add dn pair CN=DnsUpdateProxy,CN=Users,DC=Seafile,DC=local<->1 success.
[2015-03-30 18:15:05,145] [DEBUG] create group 2, and add dn pair CN=Domain Computers,CN=Users,DC=Seafile,DC=local<->2 success.
[2015-03-30 18:15:05,154] [DEBUG] create group 3, and add dn pair CN=Domain Users,CN=Users,DC=Seafile,DC=local<->3 success.
[2015-03-30 18:15:05,164] [DEBUG] create group 4, and add dn pair CN=Domain Admins,CN=Users,DC=Seafile,DC=local<->4 success.
[2015-03-30 18:15:05,176] [DEBUG] create group 5, and add dn pair CN=RAS and IAS Servers,CN=Users,DC=Seafile,DC=local<->5 success.
[2015-03-30 18:15:05,186] [DEBUG] create group 6, and add dn pair CN=Enterprise Admins,CN=Users,DC=Seafile,DC=local<->6 success.
[2015-03-30 18:15:05,197] [DEBUG] create group 7, and add dn pair CN=dev,CN=Users,DC=Seafile,DC=local<->7 success.
```
To trigger LDAP sync manually,
```
cd seafile-server-lastest
./pro/pro.py ldapsync
```

45
manual/deploy_pro/ldap_role_sync.md Normal file
View file

@ -0,0 +1,45 @@
# Importing Roles from LDAP/AD
Since version 6.1.5, the Pro Edition supports syncing roles from LDAP or Active Directory.
To enable this feature, add config option `ROLE_NAME_ATTR` to ccnet.conf
```
[LDAP_SYNC]
ROLE_NAME_ATTR = title
```
`ROLE_NAME_ATTR` is the attribute field to configure roles in LDAP .
We provide a user-defined function to map the roleCreate `custom_functions.py` under conf/ and edit it like:
```
#coding=utf-8
import sys
reload(sys)
sys.setdefaultencoding('utf8')
def ldap_role_mapping(role):
if 'staff' in role:
return 'Staff'
if 'guest' in role:
return 'Guest'
if 'manager' in role:
return 'Manager'
```
you can rewrite this function (in python) to make your own mapping rules. If the file or function doesn't exist, all roles in `ROLE_NAME_ATTR` will be synced.
** NOTE: **Make sure that ccnet-server keeps running while doing LDAP role sync.
Note: If you are using 7.1 version or later, and with Python 3, you should remove the following code from \`custom_functions.py\`:
```
import sys
reload(sys)
sys.setdefaultencoding('utf8')
```

172
manual/deploy_pro/memcached_mariadb_cluster.md Normal file
View file

@ -0,0 +1,172 @@
# Setup Memcached Cluster and MariaDB Galera Cluster
For high availability, it is recommended to set up a memcached cluster and MariaDB Galera cluster for Seafile cluster. This documentation will provide information on how to do this with 3 servers. You can either use 3 dedicated servers or use the 3 Seafile server nodes.
## Setup Memcached Cluster
Seafile servers share session information within memcached. So when you set up a Seafile cluster, there needs to be a memcached server (cluster) running.
The simplest way is to use a single-node memcached server. But when this server fails, some functions in the web UI of Seafile cannot work. So for HA, it's usually desirable to have more than one memcached servers.
### For Seafile Server bofore 6.2.11 version
For Seafile servers before 6.2.11 version, we recommend to use an architecture in which the cache items are distributed across all memcached nodes.
Unlike other cluster architecture, when you create a memcached cluster with multiple nodes, the key distribution in memcached cluster is controlled by the memcached clients. So there is no special configuration on the memcached server for building a cluster. But there are a few things to take care when building a memcached cluster:
- Make sure all the seafile server nodes connects to all the memcached nodes. The memcached servers should be listed in the same order in Seafile's config files.
- After one memcached server gets shut down and restarted, sometimes the Seafile servers' views on the memcached cluster will become inconsistent. This is due to limitation of the memcached cluster architecture. You may notice some errors in the web UI functionalities. You have to restart the Seafile server processes to make their views consistent again. Typical error messages you can find in seafile.log are:
* `SERVER HAS FAILED AND IS DISABLED UNTIL TIMED RETRY`
* `SERVER IS MARKED DEAD`
Seafile servers, work as memcached clients, are designed to automatically migrate keys to living memcached nodes when a memcached node fails. But there are some tricky cases when the Seafile servers cannot automatically recover from errors of memcahced servers. That's why we change the recommended architecture since 6.3 version.
### Seafile server 6.2.11 or newer
In this new recommended architecture, you setup two independent memcached servers, in active/standby mode. A floating IP address (or Virtual IP address in some context) is assigned to the current active node. When the active node goes down, Keepalived will migrate the virtual IP to the standby node. So you actually use a single node memcahced, but use Keepalived (or other alternatives) to provide high availability.
After installing memcahced on each server, you need to make some modification to the memcached config file.
```
# Under Ubuntu
vi /etc/memcached.conf
# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
# Note that the daemon will grow to this size, but does not start out holding this much
# memory
# -m 64
-m 256
# Specify which IP address to listen on. The default is to listen on all IP addresses
# This parameter is one of the only security measures that memcached has, so make sure
# it's listening on a firewalled interface.
-l 0.0.0.0
service memcached restart
```
```
# Under CentOS 7
vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 0.0.0.0 -m 256"
systemctl restart memcached
systemctl enable memcached
```
**NOTE: Please configure memcached to start on system startup.**
Install and configure Keepalived.
```
# For Ubuntu
sudo apt-get install keepalived -y
# For CentOS
sudo yum install keepalived -y
```
Modify keepalived config file `/etc/keepalived/keepalived.conf`.
On active node
```
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node1
vrrp_mcast_group4 224.0.100.19
}
vrrp_script chk_memcached {
script "killall -0 memcached && exit 0 || exit 1"
interval 1
weight -5
}
vrrp_instance VI_1 {
state MASTER
interface ens33
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass hello123
}
virtual_ipaddress {
192.168.1.113/24 dev ens33
}
track_script {
chk_memcached
}
}
```
On standby node
```
cat /etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from keepalived@localhost
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id node2
vrrp_mcast_group4 224.0.100.19
}
vrrp_script chk_memcached {
script "killall -0 memcached && exit 0 || exit 1"
interval 1
weight -5
}
vrrp_instance VI_1 {
state BACKUP
interface ens33
virtual_router_id 51
priority 98
advert_int 1
authentication {
auth_type PASS
auth_pass hello123
}
virtual_ipaddress {
192.168.1.113/24 dev ens33
}
track_script {
chk_memcached
}
}
```
**NOTE: Please adjust the network device names accordingly. virtual_ipaddress is the floating IP address in use.**
### Setup MariaDB Cluster
MariaDB cluster helps you to remove single point of failure from the cluster architecture. Every update in the database cluster is synchronously replicated to all instances.
You can choose between two different setups:
- For a small cluster with 3 nodes, you can run MariaDB cluster directly on the Seafile server nodes. Each Seafile server access its local instance of MariaDB.
- For larger clusters, it's preferable to have 3 dedicated MariaDB nodes to form a cluster. You have to set up a HAProxy in front of the MariaDB cluster. Seafile will access database via HAProxy.
We refer to the documentation from MariaDB team:
- [Setting up MariaDB cluster on CentOS 7](https://mariadb.com/resources/blog/setting-mariadb-enterprise-cluster-part-2-how-set-mariadb-cluster)
- [Setting up HAProxy for MariaDB Galera Cluster](https://mariadb.com/resources/blog/setup-mariadb-enterprise-cluster-part-3-setup-ha-proxy-load-balancer-read-and-write-pools). Note that Seafile doesn't use read/write isolation techniques. So you don't need to setup read and write pools.

112
manual/deploy_pro/migrate.md Normal file
View file

@ -0,0 +1,112 @@
# Migrate data between different backends
Seafile supports data migration between filesystem, s3, ceph, swift and Alibaba oss (migrating from swift is not supported yet, this support will be added in the future). If you enabled storage backend encryption feature, migration is not supported at the moment.
Data migration takes 3 steps:
1. Create a new temporary seafile.conf
2. Run migrate.sh to initially migrate objects
3. Run final migration
4. Replace the original seafile.conf
## Create a new temporary seafile.conf
We need to add new backend configurations to this file (including `[block_backend]`, `[commit_object_backend]`, `[fs_object_backend]` options) and save it under a readable path.
Let's assume that we are migrating data to S3 and create temporary seafile.conf under `/opt`
```
cat > seafile.conf << EOF
[commit_object_backend]
name = s3
bucket = seacomm
key_id = ******
key = ******
[fs_object_backend]
name = s3
bucket = seafs
key_id = ******
key = ******
[block_backend]
name = s3
bucket = seablk
key_id = ******
key = ******
EOF
mv seafile.conf /opt
```
Repalce the configurations with your own choice.
## Migrating large number of objects
If you have millions of objects in the storage (especially fs objects), it may take quite long time to migrate all objects. More than half of the time is spent on checking whether an object exists in the destination storage. **Since Pro edition 7.0.8**, a feature is added to speed-up the checking.
Before running the migration script, please set this env variable:
```
export OBJECT_LIST_FILE_PATH=/path/to/object/list/file
```
3 files will be created: `/path/to/object/list/file.commit`,`/path/to/object/list/file.fs`, `/path/to/object/list/file.blocks`.
When you run the script for the first time, the object list file will be filled with existing objects in the destination. Then, when you run the script for the second time, it will load the existing object list from the file, instead of querying the destination. And newly migrated objects will also be added to the file. During migration, the migration process checks whether an object exists by checking the pre-loaded object list, instead of asking the destination, which will greatly speed-up the migration process.
It's suggested that you don't interrupt the script during the "fetch object list" stage when you run it for the first time. Otherwise the object list in the file will be incomplete.
Another trick to speed-up the migration is to increase the number of worker threads and size of task queue in the migration script. You can modify the `nworker` and `maxsize` variables in the following code:
```
class ThreadPool(object):
def __init__(self, do_work, nworker=20):
self.do_work = do_work
self.nworker = nworker
self.task_queue = Queue.Queue(maxsize = 2000)
```
The number of workers can be set to relatively large values, since they're mostly waiting for I/O operations to finished.
## Run migrate.sh to initially migrate objects
This step will migrate **most of** objects from the source storage to the destination storage. You don't need to stop Seafile service at this stage as it may take quite long time to finish. Since the service is not stopped, some new objects may be added to the source storage during migration. Those objects will be handled in the next step.
We assume you have installed seafile pro server under `~/haiwen`, enter `~/haiwen/seafile-server-latest` and run migrate.sh with parent path of temporary seafile.conf as parameter, here is `/opt`.
```
cd ~/haiwen/seafile-server-latest
./migrate.sh /opt
```
Please note that this script is completely reentrant. So you can stop and restart it, or run it many times. It will check whether an object exists in the destination before sending it.
## Run final migration
New objects added during the last migration step will be migrated in this step. To prevent new objects being added, you have to stop Seafile service during the final migration operation. This usually take short time. If you have large number of objects, please following the optimization instruction in previous section.
You just have to stop Seafile and Seahub service, then run the migration script again.
```
cd ~/haiwen/seafile-server-latest
./migrate.sh /opt
```
## Replace the original seafile.conf
After running the script, we need replace the original seafile.conf with new one:
```
mv /opt/seafile.conf ~/haiwen/conf
```
now we only have configurations about backend, more config options, e.g. memcache and quota, can then be copied from the original seafile.conf file.
After replacing seafile.conf, you can restart seafile server and access the data on the new backend.

196
manual/deploy_pro/migrate_from_seafile_community_server.md Normal file
View file

@ -0,0 +1,196 @@
# Migrate from Seafile Community Server
## Restriction
It's quite likely you have deployed the Seafile Community Server and want to switch to the [Professional Server](http://seafile.com/en/product/private_server/), or vice versa. But there are some restrictions:
* You can only switch between Community Server and Professional Server of the same minor version.
That means, if you are using Community Server version 1.6, and want to switch to the Professional Server 1.7, you must first upgrade to Community Server version 1.7, and then follow the guides below to switch to the Professional Server 1.7. (The last tiny version number in 1.7.x is not important.)
## Preparation
### Install Java Runtime Environment (JRE)
Java 8 or higher is required.
On Ubuntu/Debian:
```
sudo apt-get install openjdk-8-jre
```
On CentOS/Red Hat:
```
sudo yum install java-1.8.0-openjdk
```
_Note_: Since version 7.0.0, java 1.8 is required, please check your java version by `java -version`.
### Install poppler-utils
The package poppler-utils is required for full text search of pdf files.
On Ubuntu/Debian:
```
sudo apt-get install poppler-utils
```
On CentOS/Red Hat:
```
sudo yum install poppler-utils
```
## Do the migration
We assume you already have deployed Seafile Community Server 1.8.0 under `/data/haiwen/seafile-server-1.8.0`.
### Get the license
Put the license file you get under the top level directory of your Seafile installation. In our example, it is `/data/haiwen/`.
### Download & uncompress Seafile Professional Server
You should uncompress the tarball to the top level directory of your installation, in our example it is `/data/haiwen`.
```
tar xf seafile-pro-server_1.8.0_x86-64.tar.gz
```
Now you have:
```
haiwen
├── seafile-license.txt
├── seafile-pro-server-1.8.0/
├── seafile-server-1.8.0/
├── ccnet/
├── seafile-data/
├── seahub-data/
├── seahub.db
└── seahub_settings.py
```
---
You should notice the difference between the names of the Community Server and Professional Server. Take the 1.8.0 64bit version as an example:
* Seafile Community Server tarball is `seafile-server_1.8.0_x86-86.tar.gz`; After uncompressing, the folder is `seafile-server-1.8.0`
* Seafile Professional Server tarball is `seafile-pro-server_1.8.0_x86-86.tar.gz`; After uncompressing, the folder is `seafile-pro-server-1.8.0`
### Do the migration
* Stop Seafile Community Server if it's running
```
cd haiwen/seafile-server-1.8.0
./seafile.sh stop
./seahub.sh stop
```
* Run the migration script
```
cd haiwen/seafile-pro-server-1.8.0/
./pro/pro.py setup --migrate
```
The migration script is going to do the following for you:
* ensure your have all the prerequisites met
* create necessary extra configurations
* update the avatar directory
* create extra database tables
Now you have:
```
haiwen
├── seafile-license.txt
├── seafile-pro-server-1.8.0/
├── seafile-server-1.8.0/
├── ccnet/
├── seafile-data/
├── seahub-data/
├── seahub.db
├── seahub_settings.py
└── pro-data/
```
> **!Note:** If you upgraded from CE 6.3 to CE 7.0 first, then migrated to Pro 7.0. You also need to log in to MySQL server and create the following data tables in `seafile-db` .
```
FileLockTimestamp
FileLocks
FolderGroupPerm
FolderPermTimestamp
FolderUserPerm
GCID
LastGCID
OrgGroupRepo
OrgInnerPubRepo
OrgRepo
OrgSharedRepo
RepoStorageId
RoleQuota
```
For the table statement, please check [table statement](./seafile-sql.md).
### Start Seafile Professional Server
```
cd haiwen/seafile-pro-server-1.8.0
./seafile.sh start
./seahub.sh start
```
## Switch Back to Community Server
* Stop Seafile Professional Server if it's running
```
cd haiwen/seafile-pro-server-1.8.0/
./seafile.sh stop
./seahub.sh stop
```
* Update the avatar directory link just like in [Minor Upgrade](https://github.com/haiwen/seafile/wiki/Upgrading-Seafile-Server#minor-upgrade-like-from-150-to-151)
```
cd haiwen/seafile-server-1.8.0/
./upgrade/minor-upgrade.sh
```
* Start Seafile Community Server
```
cd haiwen/seafile-server-1.8.0/
./seafile.sh start
./seahub.sh start
```

191
manual/deploy_pro/migrate_to_ceph.md Normal file
View file

@ -0,0 +1,191 @@
# Migrate from File System Backend to Ceph
Ceph is a scalable distributed storage system. Seafile can use Ceph's RADOS object storage layer for storage backend.
By default, a typical Seafile server deployment uses file system as storage backend (e.g. Ext4). Later you may want to switch to more scalable storage solution like Ceph. This documentation shows you how to migrate your existing date from file system to Ceph and connect to Ceph. If you're deploying a fresh install with Ceph backend, please refer to [setup with Ceph](setup_with_ceph.md).
## Copy ceph conf file and client keyring
Seafile acts as a client to Ceph/RADOS, so it needs to access ceph cluster's conf file and keyring. You have to copy these files from a ceph admin node's /etc/ceph directory to the seafile machine.
```
seafile-machine# sudo scp user@ceph-admin-node:/etc/ceph/ /etc
```
## Install and enable memcached
For best performance, Seafile requires install memcached and enable memcache for objects.
We recommend to allocate 128MB memory for memcached. Edit /etc/memcached.conf
```
# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
# Note that the daemon will grow to this size, but does not start out holding this much
# memory
# -m 64
-m 128
```
## Install Python Ceph Library
File search and WebDAV functions rely on Python Ceph library installed in the system.
On Debian/Ubuntu:
```
sudo apt-get install python-ceph
```
On RedHat/CentOS:
```
sudo yum install python-rados
```
## Create Pools for Seafile in Ceph
It's recommended to create separate pools for commit, fs, and block objects.
```
ceph-admin-node# rados mkpool seafile-blocks
ceph-admin-node# rados mkpool seafile-commits
ceph-admin-node# rados mkpool seafile-fs
```
## Migrate Existing Data to Ceph
The migration process involves 3 steps:
1. Create a Seafile config folder for Ceph
2. Run the migration script
3. Update seafile.conf
### Create a Seafile Config Folder for Ceph
In the Seafile installation folder (e.g. `haiwen`),
```
cd haiwen
mkdir ceph-conf
cp conf/seafile.conf ceph-conf
```
Edit `ceph-conf/seafile.conf`, add the following lines:
```
[block_backend]
name = ceph
ceph_config = /etc/ceph/ceph.conf
pool = seafile-blocks
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
[commit_object_backend]
name = ceph
ceph_config = /etc/ceph/ceph.conf
pool = seafile-commits
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
[fs_object_backend]
name = ceph
ceph_config = /etc/ceph/ceph.conf
pool = seafile-fs
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
```
Now there are two seafile.conf files, one under `conf` folder and the other under `ceph-conf` folder.
### Run Migration Script
From Pro edition 6.0.0 on, the migration scripts are included in the package. For older versions, you have to download the two scripts into `seafile-server-latest` folder:
- https://github.com/haiwen/seafile-server/blob/master/scripts/seafobj_migrate.py
- https://github.com/haiwen/seafile-server/blob/master/scripts/migrate-to-ceph.sh
You can run the migration script when your Seafile server is still running.
```
cd haiwen/seafile-server-latest
./migrate-to-ceph.sh ../ceph-conf
```
If there is any error in the migration process, the script will stop. After you check and fix the errors, you can run the script again. The script is designed to be idempotent to multiple runs. It only copies non-existing objects to Ceph. The script won't delete any objects from the file system backend.
***After the initial migration completes successfully, you need to shutdown the Seafile server and run the script again to migrate the data that's added when you run the initial migration.*** Since the script won't migrate objects that have been migrated, this phase should finish in a short time.
### Update seafile.conf
After migration is done. You need to update `conf/seafile.conf` to make Seafile server use Ceph as backend in the future.
```
cp -R conf conf-backup
cp ceph-conf/seafile.conf conf/seafile.conf
```
After restart, Seafile server will use Ceph as backend.
### Using memcached cluster
In a cluster environment, you may want to use a memcached cluster. In the above configuration, you have to specify all the memcached server node addresses in seafile.conf
```
memcached_options = --SERVER=192.168.1.134 --SERVER=192.168.1.135 --SERVER=192.168.1.136 --POOL-MIN=10 --POOL-MAX=100 --RETRY-TIMEOUT=3600
```
Notice that there is a `--RETRY-TIMEOUT=3600` option in the above config. This option is important for dealing with memcached server failures. After a memcached server in the cluster fails, Seafile server will stop trying to use it for "RETRY-TIMEOUT" (in seconds). You should set this timeout to relatively long time, to prevent Seafile from retrying the failed server frequently, which may lead to frequent request errors for the clients.
## Notes for Ubuntu 16.04
Since version 5.1.0 version, we upgraded the bundled Ceph rados library to 0.94.6. On Ubuntu 16.04, this causes some incompatibility. To work around this issue, you have to install librados 0.94.6 in the Ubuntu system (from Ceph's official repositories) and let Seafile use the library from system. To do this, you have to remove a few bundled libraries:
```
cd seafile-server-latest/seafile/lib
rm librados.so.2 libstdc++.so.6 libnspr4.so
```
## Use arbitary Ceph user
The above configuration will use the default (client.admin) user to connect to Ceph.
You may want to use some other Ceph user to connect. This is supported in Seafile.
To specify the Ceph user, you have to add a `ceph_client_id` option to seafile.conf, as the following:
```
[block_backend]
name = ceph
ceph_config = /etc/ceph/ceph.conf
# Sepcify Ceph user for Seafile here
ceph_client_id = seafile
pool = seafile-blocks
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
[commit_object_backend]
name = ceph
ceph_config = /etc/ceph/ceph.conf
# Sepcify Ceph user for Seafile here
ceph_client_id = seafile
pool = seafile-commits
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
[fs_object_backend]
name = ceph
ceph_config = /etc/ceph/ceph.conf
# Sepcify Ceph user for Seafile here
ceph_client_id = seafile
pool = seafile-fs
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
```
You can create a ceph user for seafile on your ceph cluster like this:
```
ceph auth add client.seafile \
mds 'allow' \
mon 'allow r' \
osd 'allow rwx pool=seafile-blocks, allow rwx pool=seafile-commits, allow rwx pool=seafile-fs'
```
You also have to add this user's keyring path to /etc/ceph/ceph.conf:
```
[client.seafile]
keyring = <path to user's keyring file>
```

40
manual/deploy_pro/multi_institutions.md Normal file
View file

@ -0,0 +1,40 @@
# Multiple Organization/Institution User Management
Starting from version 5.1, you can add institutions into Seafile and assign users into institutions. Each institution can have one or more administrators. This feature is to ease user administration when multiple organizations (universities) share a single Seafile instance. Unlike multi-tenancy, the users are not-isolated. A user from one institution can share files with another institution.
## Turn on the feature
In `seahub_settings.py`, add `MULTI_INSTITUTION = True` to enable multi-institution feature. And add
```
EXTRA_MIDDLEWARE_CLASSES += (
'seahub.institutions.middleware.InstitutionMiddleware',
)
```
or
```
EXTRA_MIDDLEWARE_CLASSES = (
'seahub.institutions.middleware.InstitutionMiddleware',
)
```
if `EXTRA_MIDDLEWARE_CLASSES` is not defined.
## Add institutions and institution admins
After restarting Seafile, a system admin can add institutions by adding institution name in admin panel. He can also click into an institution, which will list all users whose `profile.institution` match the name.
## Assign users to institutions
If you are using Shibboleth, you can map a Shibboleth attribute into institution. For example, the following configuration maps organization attribute to institution.
```
SHIBBOLETH_ATTRIBUTE_MAP = {
"givenname": (False, "givenname"),
"sn": (False, "surname"),
"mail": (False, "contact_email"),
"organization": (False, "institution"),
}
```

27
manual/deploy_pro/multi_tenancy.md Normal file
View file

@ -0,0 +1,27 @@
Multi-tenancy feature is designed for hosting providers that what to host several customers in a single Seafile instance. You can create multi-organizations. Organizations is separated from each other. Users can't share libraries between organizations.
## Seafile Config ##
#### seafile.conf
```
[general]
multi_tenancy = true
```
#### seahub_settings.py
```
CLOUD_MODE = True
MULTI_TENANCY = True
ORG_MEMBER_QUOTA_ENABLED = True
```
## Usage
An organization can be created via system admin in “admin panel->organization->Add organization”.
Every organization has an URL prefix. This field is *for future usage*. When a user create an organization, an URL like org1 will be automatically assigned.
After creating an organization, the first user will become the admin of that organization. The organization admin can add other users. Note, the system admin can't add users.

230
manual/deploy_pro/multiple_storage_backends.md Normal file
View file

@ -0,0 +1,230 @@
# Multiple Storage Backend
There are some use cases that supporting multiple storage backends in Seafile server is needed. Such as:
1. Store different types of files into different storage backends. For example, normal files can be stored in primary storage (disks, SSD); Archived files can be stored in cold storage (tapes or other backup systems).
2. Combine multiple storage backends to extend storage scalability. For example, a single NFS volume may be limited by size; a single S3 bucket of Ceph RGW may suffer performance decrease when the number of objects become very large.
The library data in Seafile server are spreaded into multiple storage backends in the unit of libraries. All the data in a library will be located in the same storage backend. The mapping from library to its storage backend is stored in a database table. Different mapping policies can be chosen based on the use case.
To use this feature, you need to:
1. Define storage classes in seafile.conf.
2. Enable multiple backend feature in seahub and choose a mapping policy.
## Defining Storage Classes
In Seafile server, a storage backend is represented by the concept of "storage class". A storage class is defined by specifying the following information:
* `storage_id`: an internal string ID to identify the storage class. It's not visible to users. For example "primary storage".
* `name`: A user visible name for the storage class.
* `is_default`: whether this storage class is the default. This option are effective in two cases:
* If the chosen mapping policy allows users to choose storage class for a library, this would be the default if the user doesn't choose one.
* For other mapping policies, this option only takes effect when you have some existing libraries before enabling multiple storage backend feature. For existing libraries, the system will automatically map them to the default storage backend. So in this case you have to set the existing storage backend as the default one.
* `commits`the storage for storing the commit objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3.
* `fs`the storage for storing the fs objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3.
* `blocks`the storage for storing the block objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3.
commit, fs, and blocks can be stored in different storages. This provides the most flexible way to define storage classes.
As Seafile server before 6.3 version doesn't support multiple storage classes, you have to explicitely enable this new feature and define storage classes with a different syntax than how we define storage backend before.
First, you have to enable this feature in seafile.conf.
```
[storage]
enable_storage_classes = true
storage_classes_file = /opt/seafile_storage_classes.json
[memcached]
memcached_options = --SERVER=<the IP of Memcached Server> --POOL-MIN=10 --POOL-MAX=100
```
* enable_storage_classes If this is set to true, storage class feature is enabled. You have to define the storage classes in a JSON file provided in the next configuration option.
* storage_classes_fileSpecifies the path for the JSON file that contains storage class definition.
The JSON file is an array of objects. Each object defines a storage class. The fields in the definition corresponds to the information we need to specify for a storage class. Below is an example:
```
[
{
"storage_id": "hot_storage",
"name": "Hot Storage",
"is_default": true,
"commits": {"backend": "s3", "bucket": "seafile-commits", "key": "ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09", "key_id": "AKIAIOT3GCU5VGCCL44A"},
"fs": {"backend": "s3", "bucket": "seafile-fs", "key": "ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09", "key_id": "AKIAIOT3GCU5VGCCL44A"},
"blocks": {"backend": "s3", "bucket": "seafile-blocks", "key": "ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09", "key_id": "AKIAIOT3GCU5VGCCL44A"}
},
{
"storage_id": "cold_storage",
"name": "Cold Storage",
"is_default": false,
"fs": {"backend": "fs", "dir": "/storage/seafile/seafile-data"},
"commits": {"backend": "fs", "dir": "/storage/seafile/seafile-data"},
"blocks": {"backend": "fs", "dir": "/storage/seafile/seaflle-data"}
},
{
"storage_id": "swift_storage",
"name": "Swift Storage",
"fs": {"backend": "swift", "tenant": "adminTenant", "user_name": "admin", "password": "openstack", "container": "seafile-commits", "auth_host": "192.168.56.31:5000", "auth_ver": "v2.0"},
"commits": {"backend": "swift", "tenant": "adminTenant", "user_name": "admin", "password": "openstack", "container": "seafile-fs", "auth_host": "192.168.56.31:5000", "auth_ver": "v2.0"},
"blocks": {"backend": "swift", "tenant": "adminTenant", "user_name": "admin", "password": "openstack", "container": "seafile-blocks", "auth_host": "192.168.56.31:5000", "auth_ver": "v2.0", "region": "RegionTwo"}
}
{
"storage_id": "ceph_storage",
"name": "ceph Storage",
"fs": {"backend": "ceph", "ceph_config": "/etc/ceph/ceph.conf", "pool": "seafile-fs"},
"commits": {"backend": "ceph", "ceph_config": "/etc/ceph/ceph.conf", "pool": "seafile-commits"},
"blocks": {"backend": "ceph", "ceph_config": "/etc/ceph/ceph.conf", "pool": "seafile-blocks"}
}
]
```
As you may have seen, the `commits`, `fs` and `blocks` information syntax is similar to what used in `[commit_object_backend]`, `[fs_object_backend]` and `[block_backend]` section of seafile.conf.
If you use file system as storage for `fs`, `commits` or `blocks`, you have to explicitely provide the path for the `seafile-data` directory. The objects will be stored in `storage/commits`, `storage/fs`, `storage/blocks` under this path.
_Note_: Currently file system, S3 and Swift backends are supported. Ceph/RADOS is supported since version 7.0.14.
## Library Mapping Policies
Library mapping policies decide the storage class a library uses. Currently we provide 3 policies for 3 different use cases. The storage class of a library is decided on creation and stored in a database table. The storage class of a library won't change if the mapping policy is changed later.
Before choosing your mapping policy, you need to enable storage classes feature in seahub_settings.py:
```
ENABLE_STORAGE_CLASSES = True
```
### User Chosen
This policy lets the users to choose which storage class to use when creating a new library. The users can select any storage class that's been defined in the JSON file.
To use this policy, add following options in seahub_settings.py:
```
STORAGE_CLASS_MAPPING_POLICY = 'USER_SELECT'
```
If you enable storage class support but don't explicitely set `STORAGE_CLASS_MAPPING_POLIICY` in seahub_settings.py, this policy is used by default.
### Role-based Mapping
Due to storage cost or management consideration, sometimes system admin wants to make different type of users to use different storage backends (or classes). You can configure user's storage classes based on their roles.
A new option `storage_ids` is added to the role configuration in `seahub_settings.py` to assign storage classes to each role. If only one storage class is assigned to a role, the users with this role cannot choose storage class for libraries; otherwise, the users can choose storage class if more than one classes are assigned. If no storage class is assigned to a role, the default class specified in the JSON file will be used.
Here is sample options in seahub_settings.py to use this policy:
```
ENABLE_STORAGE_CLASSES = True
STORAGE_CLASS_MAPPING_POLICY = 'ROLE_BASED'
ENABLED_ROLE_PERMISSIONS = {
'default': {
'can_add_repo': True,
'can_add_group': True,
'can_view_org': True,
'can_use_global_address_book': True,
'can_generate_share_link': True,
'can_generate_upload_link': True,
'can_invite_guest': True,
'can_connect_with_android_clients': True,
'can_connect_with_ios_clients': True,
'can_connect_with_desktop_clients': True,
'storage_ids': ['old_version_id', 'hot_storage', 'cold_storage', 'a_storage'],
},
'guest': {
'can_add_repo': True,
'can_add_group': False,
'can_view_org': False,
'can_use_global_address_book': False,
'can_generate_share_link': False,
'can_generate_upload_link': False,
'can_invite_guest': False,
'can_connect_with_android_clients': False,
'can_connect_with_ios_clients': False,
'can_connect_with_desktop_clients': False,
'storage_ids': ['hot_storage', 'cold_storage'],
},
}
```
### Library ID Based Mapping
This policy maps libraries to storage classes based on its library ID. The ID of a library is an UUID. In this way, the data in the system can be evenly districuted among the storage classes.
Note that this policy is not a designed to be a complete distributed storage solution. It doesn't handle automatical migration of library data between storage classes. If you need to add more storage classes to the configuration, existing libraries will stay in their original storage classes. New libraries can be distributed among the new storage classes (backends). You still have to plan about the total storage capacity of your system at the beginning.
To use this policy, you first add following options in seahub_settings.py:
```
STORAGE_CLASS_MAPPING_POLICY = 'REPO_ID_MAPPING'
```
Then you can add option `for_new_library` to the backends which are expected to store new libraries in json file:
```
[
{
"storage_id": "new_backend",
"name": "New store",
"for_new_library": true,
"is_default": false,
"fs": {"backend": "fs", "dir": "/storage/seafile/new-data"},
"commits": {"backend": "fs", "dir": "/storage/seafile/new-data"},
"blocks": {"backend": "fs", "dir": "/storage/seafile/new-data"}
}
]
```
## Multiple Storage Backend Data Migration
Run the `migrate-repo.sh` script to migrate library data between different storage backends.
```
./migrate-repo.sh [repo_id] origin_storage_id destination_storage_id
```
* repo_id: migrated library id
* origin_storage_id: migrated origin storage id
* destination_storage_id: migrated destination storage id
repo_id is optional, if not specified, all libraries will be migrated.
Before running the migration script, you can set the `OBJECT_LIST_FILE_PATH` environment variable to specify a path prefix to store the migrated object list.
For example:
```
export OBJECT_LIST_FILE_PATH=/opt/test
```
This will create three files in the specified path (/opt): `test_4c731e5c-f589-4eaa-889f-14c00d4893cb.fs` `test_4c731e5c-f589-4eaa-889f-14c00d4893cb.commits` `test_4c731e5c-f589-4eaa-889f-14c00d4893cb.blocks`
Setting the `OBJECT_LIST_FILE_PATH` environment variable has two purposes:
1. If the migrated library is very large, you need to run the migration script multiple times. Setting this environment variable can skip the previously migrated objects.
2. After the migration is complete, if you need to delete the objects in the origin storage, you must set this environment variable.
### Delete All Objects In a Library In The Specified Storage Backend
Run the `remove-objs.sh` script (before migration, you need to set the OBJECT_LIST_FILE_PATH environment variable) to delete all objects in a library in the specified storage backend.
```
./remove-objs.sh repo_id storage_id
```

219
manual/deploy_pro/office_documents_preview.md Normal file
View file

@ -0,0 +1,219 @@
# Office Documents Preview with LibreOffice
Seafile Professional Server supports previewing office documents online by converting them to PDF. You can follow these steps to use the feature. If you'd like to edit office files online, you can integrate Seafile with Microsoft Office Online server, LibreOffice online or OnlyOffice.
## Version 7.0 or below
### Install Libreoffice/UNO
Libreoffice 4.1+ and Python-uno library are required to enable office files online preview.
On Ubuntu/Debian:
```bash
sudo apt-get install libreoffice libreoffice-script-provider-python
```
> For older version of Ubuntu: `sudo apt-get install libreoffice python-uno`
On Centos/RHEL:
```bash
sudo yum install libreoffice libreoffice-headless libreoffice-pyuno
```
For other Linux distributions: [Installation of LibreOffice on Linux](https://wiki.documentfoundation.org/Documentation/Install/Linux#Terminal-Based_Install)
Also, you may need to install fonts for your language, especially for Asians, otherwise the office/pdf document may not display correctly.
For example, Chinese users may wish to install the WenQuanYi series of truetype fonts:
```bash
# For ubuntu/debian
sudo apt-get install ttf-wqy-microhei ttf-wqy-zenhei xfonts-wqy
```
### Install poppler-utils
The package poppler-utils is also required.
On Ubuntu/Debian:
```bash
sudo apt-get install poppler-utils
```
On CentOS/Red Hat:
```bash
sudo yum install poppler-utils
```
### Enable Office Preview
1. Open file `seafevents.conf`, in the `OFFICE CONVERTER` section:
```conf
[OFFICE CONVERTER]
enabled = true
```
1. After modifying and saving `seafevents.conf`, restart seafile server by `./seafile.sh restart`
2. Open a doc/ppt/xls/pdf file on seahub, you should be about the previewing it in your browser.
### Other Configurable Options
Here are full list of options you can fine tune:
```conf
[OFFICE CONVERTER]
## must be "true" to enable office/pdf file online preview
enabled = true
## How many libreoffice worker processes to run concurrenlty
workers = 1
## where to store the converted office/pdf files. Deafult is /tmp/.
outputdir = /tmp/
```
## Version 7.1+
### Install Libreoffice/UNO
Libreoffice 4.1+ and Python-uno library are required to enable office files online preview.
On Ubuntu/Debian:
```bash
sudo apt-get install libreoffice libreoffice-script-provider-python
```
> For older version of Ubuntu: `sudo apt-get install libreoffice python-uno`
On Centos/RHEL, you need to first remove the default libreoffice in the distribution:
```
yum remove --setopt=clean_requirements_on_remove=0 libreoffice-*
```
Then install version 6.4 or newer ([Installation of LibreOffice on Linux](https://wiki.documentfoundation.org/Documentation/Install/Linux#Terminal-Based_Install)).
Also, you may need to install fonts for your language, especially for Asians, otherwise the office document may not display correctly.
### Enable Office Preview
Open file `seafevents.conf`, in the `OFFICE CONVERTER` section:
```conf
[OFFICE CONVERTER]
enabled = true
host = 127.0.0.1
port = 6000
```
After modifying and saving `seafevents.conf`, restart seafile server by `./seafile.sh restart`
The office converter process will be started and listen on 127.0.0.1:6000
In `seahub_settings.py`, add the following config
```
OFFICE_CONVERTOR_ROOT = 'http://127.0.0.1:6000/'
```
Open a doc/ppt/xls file on Seahub, you should be about the previewing it in your browser.
### Other Configurable Options
Here are full list of options you can fine tune:
```conf
[OFFICE CONVERTER]
## must be "true" to enable office file online preview
enabled = true
## How many libreoffice worker processes to run concurrenlty
workers = 1
## where to store the converted office/pdf files. Deafult is /tmp/.
outputdir = /tmp/
host = 127.0.0.1
port = 6000
```
## FAQ about Office document preview
* Document preview doesn't work, where to find more information?
You can check the log at logs/seafevents.log
* My server is CentOS, and I see errors like "/usr/lib64/libreoffice/program/soffice.bin X11 error: Can't open display", how could I fix it?
This error indicates you have not installed the `libreoffice-headless` package. Install it by `"sudo yum install libreoffice-headless"`.
* Document preview doesn't work on my Ubuntu/Debian server, what can I do?
Current office online preview works with libreoffice 4.0-4.2. If the version of libreoffice installed by `apt-get` is too old or too new, you can solve this by:
Remove the installed libreoffice:
```
sudo apt-get remove libreoffice* python-uno python3-uno
```
Download libreoffice packages from [libreoffice official site](https://downloadarchive.documentfoundation.org/libreoffice/old/)
Install the downloaded pacakges:
```
tar xf LibreOffice_4.1.6_Linux_x86-64_deb.tar.gz
cd LibreOffice_4.1.6.2_Linux_x86-64_deb
cd DEBS
sudo dpkg -i *.deb
```
Restart your seafile server and try again. It should work now.
```
./seafile.sh restart
```
* The browser displays "document conversion failed", and in the logs I see messages like `[WARNING] failed to convert xxx to ...`, what should I do?
Sometimes the libreoffice process need to be restarted, especially if it's the first time seafile server is running on the server.
Try to kill the libreoffice process:
```sh
pkill -f soffice.bin
```
Now try re-opening the preview page in the brower again.
Also if you are deploying seafile in cluster mode, make sure memcached is working on each server.
* The above solution does not solve my problem.
Please check whether the user you run Seafile can correctly start the libreoffice process. There may be permission problems. For example, if you use www-data user to run Seafile, make sure www-data has a home directory and can write to the home directory.

82
manual/deploy_pro/office_web_app.md Normal file
View file

@ -0,0 +1,82 @@
# Office Online Server
In Seafile Professional Server Version 4.4.0 (or above), you can use Microsoft Office Online Server (formerly named Office Web Apps) to preview documents online. Office Online Server provides the best preview for all Office format files. It also support collaborative editing of Office files directly in the web browser. For organizations with Microsoft Office Volume License, it's free to use Office Online Server. For more information about Office Online Server and how to deploy it, please refer to <https://technet.microsoft.com/en-us/library/jj219455(v=office.16).aspx>.
**Notice**: Seafile only supports Office Online Server 2016 and above.
Seafile's own Office file preview is still the default. To use Office Online Server for preview, please add following config option to seahub_settings.py.
```python
# Enable Office Online Server
ENABLE_OFFICE_WEB_APP = True
# Url of Office Online Server's discovery page
# The discovery page tells Seafile how to interact with Office Online Server when view file online
# You should change `http://example.office-web-app.com` to your actual Office Online Server server address
OFFICE_WEB_APP_BASE_URL = 'http://example.office-web-app.com/hosting/discovery'
# Expiration of WOPI access token
# WOPI access token is a string used by Seafile to determine the file's
# identity and permissions when use Office Online Server view it online
# And for security reason, this token should expire after a set time period
WOPI_ACCESS_TOKEN_EXPIRATION = 60 * 60 * 24 # seconds
# List of file formats that you want to view through Office Online Server
# You can change this value according to your preferences
# And of course you should make sure your Office Online Server supports to preview
# the files with the specified extensions
OFFICE_WEB_APP_FILE_EXTENSION = ('ods', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt',
'pptm', 'pptx', 'doc', 'docm', 'docx')
# Enable edit files through Office Online Server
ENABLE_OFFICE_WEB_APP_EDIT = True
# types of files should be editable through Office Online Server
# Note, Office Online Server 2016 is needed for editing docx
OFFICE_WEB_APP_EDIT_FILE_EXTENSION = ('xlsx', 'pptx', 'docx')
# HTTPS authentication related (optional)
# Server certificates
# Path to a CA_BUNDLE file or directory with certificates of trusted CAs
# NOTE: If set this setting to a directory, the directory must have been processed using the c_rehash utility supplied with OpenSSL.
OFFICE_WEB_APP_SERVER_CA = '/path/to/certfile'
# Client certificates
# You can specify a single file (containing the private key and the certificate) to use as client side certificate
OFFICE_WEB_APP_CLIENT_PEM = 'path/to/client.pem'
# or you can specify these two file path to use as client side certificate
OFFICE_WEB_APP_CLIENT_CERT = 'path/to/client.cert'
OFFICE_WEB_APP_CLIENT_KEY = 'path/to/client.key'
```
Then restart
```
./seafile.sh restart
./seahub.sh restart
```
After you click the document you specified in seahub_settings.py, you will see the new preview page.
![office-web-app](../images/office-web-app.png)
## Trouble shooting
Understanding how the web app integration works is going to help you debugging the problem. When a user visits a file page:
1. (seahub->browser) Seahub will generate a page containing an iframe and send it to the browser
2. (browser->office online server) With the iframe, the browser will try to load the file preview page from the office online server
3. (office online server->seahub) office online server receives the request and sends a request to Seahub to get the file content
4. (office online server->browser) office online server sends the file preview page to the browser.
Please check the Nginx log for Seahub (for step 3) and Office Online Server to see which step is wrong.
### Notes on Windows paging files
You should make sure you have configured at least a few GB of paging files in your Windows system. Otherwise the IIS worker processes may die randomly when handling Office Online requests.

184
manual/deploy_pro/real_time_backup.md Normal file
View file

@ -0,0 +1,184 @@
# Seafile Real-Time Backup Server
Backup is the procedure that copies data from a primary server (which is running production service) to a backup server.
Backup is an important procedure to keep data safe. The basic backup procedure described in [this documentation](../maintain/backup_recovery.md) has a few drawbacks:
- The backup is done in fixed "backup windows" (once per day or a few times per day). The latest data written between two backup windows will be lost if the primary server storage is damaged.
- The backup procedure backup database and data directory separately. In the backup server, some entries in the database may become inconsistent with the data directory. This causes some libraries become "corrupted" after restore.
The real-time backup server uses a syncing algorithm similar to the Seafile desktop client to retrieve data from the primary server. It works as follows:
- Whenever a library is updated, the primary server notifies the backup server to retrieve the changed data. With a delta syncing algorithm, this procedure runs quickly and updates the backup server in nearly real-time.
- The backup server also checks all libraries on the primary server at a fixed period. Any new or updated libraries will be synced to the backup server. This will pick up any legged updates due to glitches in the above real-time sync procedure.
- The backup server always keep the database and data directory consistent. So no libraries on the backup server will be in corrupted state (unless they're already corrupted on the primary server).
- The full history of all libraries will be backed up. This is not like the desktop client, which only syncs the latest state of a library.
There are two sets of data that need to be backup:
- The seafile-data directory and the core library metadata tables in the seafile database. This data is the core data structures of the libraries in Seafile. They're synced to the backup server with Seafile's syncing algorithm. In this procedure, the metadata tables are kept consistent with the seafile-data directory.
- All other tables in the database (including seafile, ccnet and seahub databases) are backup with mysqldump. mysqldump can't backup the database in real time. You can setup a crontab for mysqldump at regular intervals. The latency of backup for these tables doesn't affect the integrity of library data.
In the following discussion, we'll use "primary server" and "master server", "backup server" and "slave server" interchangeably.
## Configure Real-Time Backup Server
We assume you already have a primary server running, and now you want to setup a backup server.
The steps to setup the backup server are:
1. Install Seafile on the backup server
2. Configure Seafile syncing between the primary server and the backup server
3. Backup the tables in the database by `mysqldump` at regular intervals
### Install Seafile on the Backup Server
You should install Seafile Pro Edition on the backup server according to [this documentation](../deploy_pro/download_and_setup_seafile_professional_server.md). Since the real-time backup feature is only available for 5.1.0 or later, you also have to upgrade your primary server to 5.1.0 version or later.
When installing Seafile on the backup server, you have to notice:
- The database names (ccnet, seafile and seahub database) should be the same as the names on the primary server.
- You don't need to enable other Pro features, such as Office file preview, search indexing, file auditing etc.
- You can't start the seahub progress on backup server. It means that usually the Seafile backup server can't provide service.
### Configure Real-time Backup in Seafile
On the primary server, add following options to seafile.conf:
```
[backup]
backup_url = http://backup-server
sync_token = c7a78c0210c2470e14a20a8244562ab8ad509734
```
On the backup server, add following options to seafile.conf:
```
[backup]
primary_url = http://primary-server
sync_token = c7a78c0210c2470e14a20a8244562ab8ad509734
sync_poll_interval = 3
```
- `backup_url`: the backup server's address in url format. You can use http or https.
- `primary_url`: the primary server's address in url format.
- `sync_token`: a secret that shared between the primary and backup server. It's 40 character SHA1 generated by the system admin. You can use `uuidgen | openssl sha1` command to generate a random token.
- `sync_poll_interval`: The backup server polls all libraries of the primary server periodically. You can set the poll interval in the unit of hours. The default interval is 1 hour, which mean the backup server will poll the primary every hour. You should choose larger intervals if you have large number of libraries.
If you use https to sync between primary and backup servers, you have to use the correct Seafile server package for your system. If you run CentOS, you should use the Seafile package named without "Ubuntu" suffix; if you run Debian or Ubuntu, you should use the Seafile package named with "Ubuntu" suffix. Otherwise you may meet CA error in https requests.
After saving the configuration, restart seafile service on the primary and backup servers. The backup server will automatically start backup on restart.
**Note**: Don't start the seahub progress on the Seafile backup server.
### Backup the Databases
Backup data from the databases on the primary server's MySQL with mysqldump:
```
mysqldump -u <user> -p<password> --databases \
--ignore-table=<seafile_db>.Repo \
--ignore-table=<seafile_db>.Branch \
--ignore-table=<seafile_db>.RepoHead \
<seafile_db> <ccnet_db> <seahub_db> > dbdump.sql
```
You should replace `<user>`, `<password>` with your MySQL admin user and password. You should replace `<seafile_db>`, `<seahub_db>` and `<ccnet_db>` with your database names.
The three ignored tables are core tables related to library data and are synced by Seafile backup server in a real-time manner. They're kept in the seafile database of the backup server and are separated from the mysqldump process.
**You should setup crontab to run the mysqldump at regular intervals.**
If you want to backup the tables (except for the 3 tables synced by Seafile) in a more real-time manner, you can deploy the master-slave replication for the MySQL/MariaDB database from the primary node to another database server. **The database running on the backup server must not be used as the target of this replication.** Otherwise you'll end up with replication conflicts, since the db on backup server will also be updated by Seafile backup process too.
### Checking Backup Status
After the above setup, you should now have the below layout of your backup data:
* Library data is backed up and managed by Seafile backup server. The data can be stored on external storage, object storage, or local disk, depending on your setup for the backup server.
* Database tables are splited into two parts:
* 3 core library tables are backup in real-time to the backup node's MySQL database.
* Other tables are regularly dumped to a file with mysqldump. The backup files are stored somewhere other than the primary server.
`seaf-backup-cmd.sh` provides `status` command to view the backup status. The output is like:
```
# ./seaf-backup-cmd.sh status
Total number of libraries: xxx
Number of synchronized libraries: xxx
Number of libraries waiting for sync: xxx
Number of libraries syncing: xxx
Number of libraries failed to sync: xxx
List of syncing libraries:
xxx
xxx
List of libraries failed to sync:
xxx
xxx
```
There are a few reasons that may fail the backup of a library:
- Some data in the primary server is corrupted. The data may be in the latest state or in history. Since the backup procedure syncs the full history, corruption in history will fail the backup.
- The primary server has run seaf-fsck, which may restore a library back to an older state.
## Restore from the Backup Server
In the unfortunate situation of severe data corruptoin happens on the primary server, you can restore your service quickly directly on the backup server. The recovered service can directly be run on the backup server.
There are tow steps to restore on the backup server:
- Import the latest mysql dump file into the Seafile backup server's MySQL database.
- Enable other Pro features on the Seafile backup server, and start seahub progress `./seahub.sh start`.
#### Step1: Import mysql dump file into backup server
Importing the latest mysql dump file into the backup server's database:
```
mysql -u <user> -p<pass> < dbdump.sql
```
Replace `<user>` and `<pass>` with your MySQL admin user name and password.
#### Step2: Start the backup server's seahub
Copy the seafile's configuration to the backup server, then start the seahub progress on the backup server.
```
./seahub.sh start
```
## Setup Backup Server for Seafile Cluster
If your primary service runs as a Seafile cluster, you have two points to notice when setting up a backup server:
1. You should only use one MySQL instance as the replication master, if you're using MariaDB cluster.
2. You have to change seafile.conf and set the `backup_url` and `sync_token` options on each Seafile node. The configuration on all primary Seafile node should be the same. They all point to the same backup server.
Currently you cannot deploy the backup service **as** a cluster. That is, you can only use a single node as backup server. This support may be added in the future.
## Managing the Real-time Backup Server
`seaf-backup-cmd.sh` script is the tool for managing the backup server. The `seaf-backup-cmd.sh` script provides the following commands:
### Manually Trigger Syncing a Library
You can use the `sync` command to manually schedule backup of a library:
```
# ./seaf-backup-cmd.sh sync <library id>
```
The command will block until the backup is finished.
### Handling Backup Errors
The `--force` option of `sync` command can be used to force failing backup to complete. Permanent backup failures are usually caused by data corruption of a library in the primary server. The `--force` option asks the backup to skip corrupted objects and finish the backup.
When you find a backup error, follow two steps:
1. Run seaf-fsck on the primary server, for the failing libraries. Fsck fixes any corruption for the latest state of the libraries.
2. Run `seaf-backup-cmd.sh sync --force <library id>` on the backup server.

159
manual/deploy_pro/roles_permissions.md Normal file
View file

@ -0,0 +1,159 @@
# Roles and Permissions Support
Starting from version 6.0, you can add/edit roles and permission for users. A role is just a group of users with some pre-defined permissions, you can toggle user roles in user list page at admin panel.
In version 6.0, we support 10 permissions, more permissions will be added later.
In version 6.1, we added a new permission `role_quota` which can be used to set quota for a certain role of users. For example, we can set the quota of employee to 100G by adding `'role_quota': '100g'`, and leave other role of users to the default quota.
Since version 6.3.6, we added a new permission `can_add_public_repo`(whether or not you can create a public library, default is "False").
**Note:**The `can_add_public_repo` option will not take effect if you configure global `CLOUD_MODE = True`.
Seafile comes with two build-in roles `default` and `guest`, a default user is a normal user with permissions as followings:
```
'default': {
'can_add_repo': True,
'can_add_group': True,
'can_view_org': True,
'can_use_global_address_book': True,
'can_generate_share_link': True,
'can_generate_upload_link': True,
'can_invite_guest': False,
'can_connect_with_android_clients': True,
'can_connect_with_ios_clients': True,
'can_connect_with_desktop_clients': True,
'role_quota': '',
'can_publish_repo': True,
},
```
While a guest user can only read files/folders in the system, here are the permissions for a guest user:
```
'guest': {
'can_add_repo': False,
'can_add_group': False,
'can_view_org': False,
'can_use_global_address_book': False,
'can_generate_share_link': False,
'can_generate_upload_link': False,
'can_invite_guest': False,
'can_connect_with_android_clients': False,
'can_connect_with_ios_clients': False,
'can_connect_with_desktop_clients': False,
'role_quota': '',
'can_publish_repo': False,
},
```
## Edit build-in roles
If you want to edit the permissions of build-in roles, e.g. default users can invite guest, guest users can view repos in organization, you can add following lines to `seahub_settings.py` with corresponding permissions set to `True`.
```
ENABLED_ROLE_PERMISSIONS = {
'default': {
'can_add_repo': True,
'can_add_group': True,
'can_view_org': True,
'can_use_global_address_book': True,
'can_generate_share_link': True,
'can_generate_upload_link': True,
'can_invite_guest': True,
'can_connect_with_android_clients': True,
'can_connect_with_ios_clients': True,
'can_connect_with_desktop_clients': True,
'role_quota': '',
'can_publish_repo': True,
},
'guest': {
'can_add_repo': False,
'can_add_group': False,
'can_view_org': True,
'can_use_global_address_book': False,
'can_generate_share_link': False,
'can_generate_upload_link': False,
'can_invite_guest': False,
'can_connect_with_android_clients': False,
'can_connect_with_ios_clients': False,
'can_connect_with_desktop_clients': False,
'role_quota': '',
'can_publish_repo': False,
}
}
```
### More about guest invitation feature
An user who has `can_invite_guest` permission can invite people outside of the organization as guest.
In order to use this feature, in addition to granting `can_invite_guest` permission to the user, add the following line to `seahub_settings.py`,
```
ENABLE_GUEST_INVITATION = True
```
After restarting, users who have `can_invite_guest` permission will see "Invite People" section at sidebar of home page.
Users can invite a guest user by providing his/her email address, system will email the invite link to the user.
**Tip:** If you want to block certain email addresses for the invitation, you can define a blacklist, e.g.
```
INVITATION_ACCEPTER_BLACKLIST = ["a@a.com", "*@a-a-a.com", r".*@(foo|bar).com", ]
```
After that, email address "a@a.com", any email address ends with "@a-a-a.com" and any email address ends with "@foo.com" or "@bar.com" will not be allowed.
## Add custom roles
If you want to add a new role and assign some users with this role, e.g. new role `employee` can invite guest and can create public library and have all other permissions a default user has, you can add following lines to `seahub_settings.py`
```
ENABLED_ROLE_PERMISSIONS = {
'default': {
'can_add_repo': True,
'can_add_group': True,
'can_view_org': True,
'can_use_global_address_book': True,
'can_generate_share_link': True,
'can_generate_upload_link': True,
'can_invite_guest': False,
'can_connect_with_android_clients': True,
'can_connect_with_ios_clients': True,
'can_connect_with_desktop_clients': True,
'role_quota': '',
'can_publish_repo': True,
},
'guest': {
'can_add_repo': False,
'can_add_group': False,
'can_view_org': False,
'can_use_global_address_book': False,
'can_generate_share_link': False,
'can_generate_upload_link': False,
'can_invite_guest': False,
'can_connect_with_android_clients': False,
'can_connect_with_ios_clients': False,
'can_connect_with_desktop_clients': False,
'role_quota': '',
'can_publish_repo': False,
},
'employee': {
'can_add_repo': True,
'can_add_group': True,
'can_view_org': True,
'can_use_global_address_book': True,
'can_generate_share_link': True,
'can_generate_upload_link': True,
'can_invite_guest': True,
'can_connect_with_android_clients': True,
'can_connect_with_ios_clients': True,
'can_connect_with_desktop_clients': True,
'role_quota': '',
'can_add_public_repo': True,
'can_publish_repo': True,
},
}
```

91
manual/deploy_pro/seaf_encrypt.md Normal file
View file

@ -0,0 +1,91 @@
# Seafile Storage Encryption Backend
Since Seafile Professional Server 5.1.3, we support storage enryption backend functionality. When enabled, all seafile objects (commit, fs, block) will be encrypted with AES 256 CBC algorithm, before writing them to the storage backend. Currently supported backends are: file system, Ceph, Swift and S3.
Note that all objects will be encrypted with the same global key/iv pair. The key/iv pair has to be generated by the system admin and stored safely. If the key/iv pair is lost, all data cannot be recovered.
## Configure Storage Backend Encryption
### Generate Key and IV
Go to <INSTALL_PATH>/seafile-server-latest, execute `./seaf-gen-key.sh -h`. it will print the following usage information:
```
usage :
seaf-gen-key.sh
-p <file path to write key iv, default ./seaf-key.txt>
```
By default, the key/iv pair will be saved to a file named seaf-key.txt in the current directory. You can use '-p' option to change the path.
### Configure a freshly installed Seafile Server
Add the following configuration to seafile.conf:
```
[store_crypt]
key_path = <the key file path generated in previous section>
```
Now the encryption feature should be working.
### Migrating Existing Seafile Server
If you have existing data in the Seafile server, you have to migrate/encrypt the existing data. **You must stop Seafile server before migrating the data.**
#### Create Directories for Encrypted Data
Create new configuration and data directories for the encrypted data.
```
cd seafile-server-latest
cp -r conf conf-enc
mkdir seafile-data-enc
cp -r seafile-data/library-template seafile-data-enc
# If you use SQLite database
cp seafile-data/seafile.db seafile-data-enc/
```
#### Edit Config Files
If you configured S3/Swift/Ceph backend, edit <INSTALL_PATH>/conf-enc/seafile.conf. You must use a different bucket/container/pool to store the encrypted data.
Then add the following configuration to <INSTALL_PATH>/conf-enc/seafile.conf
```
[store_crypt]
key_path = <the key file path generated in previous section>
```
#### Migrate the Data
Go to <INSTALL_PATH>/seafile-server-latest, use the seaf-encrypt.sh script to migrate the data.
Run `./seaf-encrypt.sh -f ../conf-enc -e ../seafile-data-enc`,
```
Starting seaf-encrypt, please wait ...
[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 57 block among 12 repo.
[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 102 fs among 12 repo.
[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all fs.
[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 66 commit among 12 repo.
[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all commit.
[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all block.
seaf-encrypt run done
Done.
```
If there are error messages after executing seaf-encrypt.sh, you can fix the problem and run the script again. Objects that have already been migrated will not be copied again.
#### Clean Up
Go to <INSTALL_PATH>, execute following commands:
```
mv conf conf-bak
mv seafile-data seafile-data-bak
mv conf-enc conf
mv seafile-data-enc seafile-data
```
Restart Seafile Server. If everything works okay, you can remove the backup directories.

30
manual/deploy_pro/seaf_import.md Normal file
View file

@ -0,0 +1,30 @@
# Import Directory To Seafile
Since seafile 5.1.3 pro edition, we support importing a local directory on the server to seafile. It's a handy tool for the system admin to import files from existing file servers (NFS, Samba etc.).
To import a directory, use the `seaf-import.sh` script in seafile-server-latest directory.
```
usage :
seaf-import.sh
-p <import dir path, must set>
-n <repo name, must set>
-u <repo owner, must set>
```
The specified directory will be imported into Seafile as a library. You can set the name and owner of the imported library.
Run `./seaf-import.sh -p <dir you want to import> -n <repo name> -u <repo owner>`,
```
Starting seaf-import, please wait ...
[04/26/16 03:36:23] seaf-import.c(79): Import file ./runtime/seahub.pid successfully.
[04/26/16 03:36:23] seaf-import.c(79): Import file ./runtime/error.log successfully.
[04/26/16 03:36:23] seaf-import.c(79): Import file ./runtime/seahub.conf successfully.
[04/26/16 03:36:23] seaf-import.c(79): Import file ./runtime/access.log successfully.
[04/26/16 03:36:23] seaf-import.c(183): Import dir ./runtime/ to repo 5ffb1f43 successfully.
run done
Done.
```
Login to seafile server with the specified library owner, you will find a new library with the specified name.

114
manual/deploy_pro/seafile-sql.md Normal file
View file

@ -0,0 +1,114 @@
```
CREATE TABLE IF NOT EXISTS FileLockTimestamp (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
repo_id CHAR(40),
update_time BIGINT NOT NULL,
UNIQUE INDEX(repo_id)
);
CREATE TABLE IF NOT EXISTS FileLocks (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
repo_id CHAR(40) NOT NULL,
path TEXT NOT NULL,
user_name VARCHAR(255) NOT NULL,
lock_time BIGINT,
expire BIGINT,
KEY(repo_id)
) ENGINE=INNODB;
CREATE TABLE IF NOT EXISTS FolderGroupPerm (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
repo_id CHAR(36) NOT NULL,
path TEXT NOT NULL,
permission CHAR(15),
group_id INTEGER NOT NULL,
INDEX(repo_id)
) ENGINE=INNODB;
CREATE TABLE IF NOT EXISTS FolderPermTimestamp (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
repo_id CHAR(36),
timestamp BIGINT,
UNIQUE INDEX(repo_id)
) ENGINE=INNODB;
CREATE TABLE IF NOT EXISTS FolderUserPerm (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
repo_id CHAR(36) NOT NULL,
path TEXT NOT NULL,
permission CHAR(15),
user VARCHAR(255) NOT NULL,
INDEX(repo_id)
) ENGINE=INNODB;
CREATE TABLE IF NOT EXISTS GCID (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
repo_id CHAR(36),
gc_id CHAR(36),
UNIQUE INDEX(repo_id)
) ENGINE=INNODB;
CREATE TABLE IF NOT EXISTS LastGCID (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
repo_id CHAR(36),
client_id VARCHAR(128),
gc_id CHAR(36),
UNIQUE INDEX(repo_id, client_id)
) ENGINE=INNODB;
CREATE TABLE IF NOT EXISTS OrgGroupRepo (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
org_id INTEGER,
repo_id CHAR(37),
group_id INTEGER,
owner VARCHAR(255),
permission CHAR(15),
UNIQUE INDEX(org_id, group_id, repo_id),
INDEX (repo_id), INDEX (owner)
) ENGINE=INNODB;
CREATE TABLE IF NOT EXISTS OrgInnerPubRepo (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
org_id INTEGER,
repo_id CHAR(37),
UNIQUE INDEX(org_id, repo_id),
permission CHAR(15)
) ENGINE=INNODB;
CREATE TABLE IF NOT EXISTS OrgRepo (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
org_id INTEGER,
repo_id CHAR(37),
user VARCHAR(255),
UNIQUE INDEX(org_id, repo_id),
UNIQUE INDEX (repo_id),
INDEX (org_id, user),
INDEX(user)
) ENGINE=INNODB;
CREATE TABLE IF NOT EXISTS OrgSharedRepo (
id INTEGER NOT NULL PRIMARY KEY AUTO_INCREMENT,
org_id INT,
repo_id CHAR(37) ,
from_email VARCHAR(255),
to_email VARCHAR(255),
permission CHAR(15),
INDEX(repo_id),
INDEX (org_id, repo_id),
INDEX(from_email), INDEX(to_email)
) ENGINE=INNODB;
CREATE TABLE IF NOT EXISTS RepoStorageId (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
repo_id CHAR(40) NOT NULL,
storage_id VARCHAR(255) NOT NULL,
UNIQUE INDEX(repo_id)
) ENGINE=INNODB;
CREATE TABLE IF NOT EXISTS RoleQuota (
id BIGINT NOT NULL PRIMARY KEY AUTO_INCREMENT,
role VARCHAR(255),
quota BIGINT,
UNIQUE INDEX(role)
) ENGINE=INNODB;
```

54
manual/deploy_pro/seafile_professional_sdition_software_license_agreement.md Normal file
View file

@ -0,0 +1,54 @@
# Seafile Professional Edition Software License Agreement
Seafile Professional Edition
SOFTWARE LICENSE AGREEMENT
NOTICE: READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY BEFORE YOU DOWNLOAD, INSTALL OR USE Seafile Ltd.'S PROPRIETARY SOFTWARE. BY INSTALLING OR USING THE SOFTWARE, YOU AGREE TO BE BOUND BY THE FOLLOWING TERMS AND CONDITIONS. IF YOU DO NOT AGREE TO THE FOLLOWING TERMS AND CONDITIONS, DO NOT INSTALL OR USE THE SOFTWARE.
## 1. DEFINITIONS
"Seafile Ltd." means Seafile Ltd.
"You and Your" means the party licensing the Software hereunder.
"Software" means the computer programs provided under the terms of this license by Seafile Ltd. together with any documentation provided therewith.
## 2. GRANT OF RIGHTS
### 2.1 General
The License granted for Software under this Agreement authorizes You on a non-exclusive basis to use the Software. The Software is licensed, not sold to You and Seafile Ltd. reserves all rights not expressly granted to You in this Agreement. The License is personal to You and may not be assigned by You to any third party.
### 2.2 License Provisions
Subject to the receipt by Seafile Ltd. of the applicable license fees, You have the right use the Software as follows:
* You may use and install the Software on an unlimited number of computers that are owned, leased, or controlled by you.
* Nothing in this Agreement shall permit you, or any third party to disclose or otherwise make available to any third party the licensed Software, source code or any portion thereof.
* You agree to indemnify, hold harmless and defend Seafile Ltd. from and against any claims or lawsuits, including attorney's fees, that arise as a result from the use of the Software;
* You do not permit further redistribution of the Software by Your end-user customers
## 3. NO DERIVATIVE WORKS
The inclusion of source code with the License is explicitly not for your use to customize a solution or re-use in your own projects or products. The benefit of including the source code is for purposes of security auditing. You may modify the code only for emergency bug fixes that impact security or performance and only for use within your enterprise. You may not create or distribute derivative works based on the Software or any part thereof. If you need enhancements to the software features, you should suggest them to Seafile Ltd. for version improvements.
## 4. OWNERSHIP
You acknowledge that all copies of the Software in any form are the sole property of Seafile Ltd.. You have no right, title or interest to any such Software or copies thereof except as provided in this Agreement.
## 5. CONFIDENTIALITY
You hereby acknowledge and agreed that the Software constitute and contain valuable proprietary products and trade secrets of Seafile Ltd., embodying substantial creative efforts and confidential information, ideas, and expressions. You agree to treat, and take precautions to ensure that your employees and other third parties treat, the Software as confidential in accordance with the confidentiality requirements herein.
## 6. DISCLAIMER OF WARRANTIES
EXCEPT AS OTHERWISE SET FORTH IN THIS AGREEMENT THE SOFTWARE IS PROVIDED TO YOU "AS IS", AND Seafile Ltd. MAKES NO EXPRESS OR IMPLIED WARRANTIES WITH RESPECT TO ITS FUNCTIONALITY, CONDITION, PERFORMANCE, OPERABILITY OR USE. WITHOUT LIMITING THE FOREGOING, Seafile Ltd. DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR FREEDOM FROM INFRINGEMENT. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. THE LIMITED WARRANTY HEREIN GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM ONE JURISDICTION TO ANOTHER.
## 7. LIMITATION OF LIABILITY
YOU ACKNOWLEDGE AND AGREE THAT THE CONSIDERATION WHICH Seafile Ltd. IS CHARGING HEREUNDER DOES NOT INCLUDE ANY CONSIDERATION FOR ASSUMPTION BY Seafile Ltd. OF THE RISK OF YOUR CONSEQUENTIAL OR INCIDENTAL DAMAGES WHICH MAY ARISE IN CONNECTION WITH YOUR USE OF THE SOFTWARE. ACCORDINGLY, YOU AGREE THAT Seafile Ltd. SHALL NOT BE RESPONSIBLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS-OF-PROFIT, LOST SAVINGS, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF A LICENSING OR USE OF THE SOFTWARE.
## 8. INDEMNIFICATION
You agree to defend, indemnify and hold Seafile Ltd. and its employees, agents, representatives and assigns harmless from and against any claims, proceedings, damages, injuries, liabilities, costs, attorney's fees relating to or arising out of Your use of the Software or any breach of this Agreement.
## 9. TERMINATION
Your license is effective until terminated. You may terminate it at any time by destroying the Software or returning all copies of the Software to Seafile Ltd.. Your license will terminate immediately without notice if You breach any of the terms and conditions of this Agreement, including non or incomplete payment of the license fee. Upon termination of this Agreement for any reason: You will uninstall all copies of the Software; You will immediately cease and desist all use of the Software; and will destroy all copies of the software in your possession.
## 10. UPDATES AND SUPPORT
Seafile Ltd. has the right, but no obligation, to periodically update the Software, at its complete discretion, without the consent or obligation to You or any licensee or user.
YOU HEREBY ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, UNDERSTAND IT AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS.

27
manual/deploy_pro/setup_seafile_cluster_with_nfs.md Normal file
View file

@ -0,0 +1,27 @@
# Setup Seafile cluster with NFS
In a Seafile cluster, one common way to share data among the Seafile server instances is to use NFS. You should only share the files objects on NFS. Here we'll provide a tutorial about how and what to share.
How to setup nfs server and client is beyond the scope of this wiki. Here are few references:
* Ubuntu: https://help.ubuntu.com/community/SettingUpNFSHowTo
* CentOS: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-nfs.html
Supposed your seafile server installation directory is `/data/haiwen`, after you run the setup script there should be a `seafile-data` directory in it. And supposed you mount the NFS drive on `/seafile-nfs`, you should follow a few steps:
* Move the `seafile-data` folder to `/seafile-nfs`:
```
mv /data/haiwen/seafile-data /seafile-nfs/
```
* On every node in the cluster, make a symbolic link to the shared seafile-data folder
```
cd /data/haiwen
ln -s /seafile-nfs/seafile-data /data/haiwen/seafile-data
```
This way the instances will share the same `seafile-data` folder. All other config files and log files will remain independent.

160
manual/deploy_pro/setup_with_amazon_s3.md Normal file
View file

@ -0,0 +1,160 @@
# Setup With Amazon S3
**Note**: Since Seafile Server 5.0.0, all config files are moved to the central **conf** folder. [Read More](../deploy/new_directory_layout_5_0_0.md).
## Prepare
To setup Seafile Professional Server with Amazon S3:
- Setup the basic Seafile Professional Server following the guide on [Download and setup Seafile Professional Server](download_and_setup_seafile_professional_server.md)
- Install the python `boto` library. It's needed to access S3 service.
```
sudo easy_install boto
```
- Install and configure memcached. For best performance, Seafile requires install memcached and enable memcache for objects. We recommend to allocate 128MB memory for memcached. Edit /etc/memcached.conf
```
# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
# Note that the daemon will grow to this size, but does not start out holding this much
# memory
# -m 64
-m 128
```
## Modify Seafile.conf
Edit `seafile.conf`, add the following lines:
```
[commit_object_backend]
name = s3
# bucket name can only use lowercase characters, numbers, periods and dashes. Period cannot be used in Frankfurt region.
bucket = my-commit-objects
key_id = your-key-id
key = your-secret-key
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
[fs_object_backend]
name = s3
# bucket name can only use lowercase characters, numbers, periods and dashes. Period cannot be used in Frankfurt region.
bucket = my-fs-objects
key_id = your-key-id
key = your-secret-key
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
[block_backend]
name = s3
# bucket name can only use lowercase characters, numbers, periods and dashes. Period cannot be used in Frankfurt region.
bucket = my-block-objects
key_id = your-key-id
key = your-secret-key
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
```
It's recommended to create separate buckets for commit, fs, and block objects.
The key_id and key are required to authenticate you to S3. You can find the key_id and key in the "security credentials" section on your AWS account page.
When creating your buckets on S3, please first read [S3 bucket naming rules][1]. Note especially not to use **UPPERCASE** letters in bucket names (don't use camel style names, such as MyCommitOjbects).
### Use S3 in newer regions
After Januaray 2014, new regions of AWS will only support authentication signature version 4 for S3. At this time, new region includes Frankfurt and China.
To use S3 backend in these regions, add following options to commit_object_backend, fs_object_backend and block_backend section in seafile.conf
```
use_v4_signature = true
# eu-central-1 for Frankfurt region
aws_region = eu-central-1
```
For file search and webdav to work with the v4 signature mechanism, you need to add following lines to ~/.boto
```
[s3]
use-sigv4 = True
```
### Using memcached cluster
In a cluster environment, you may want to use a memcached cluster. In the above configuration, you have to specify all the memcached server node addresses in seafile.conf
```
memcached_options = --SERVER=192.168.1.134 --SERVER=192.168.1.135 --SERVER=192.168.1.136 --POOL-MIN=10 --POOL-MAX=100 --RETRY-TIMEOUT=3600
```
Notice that there is a `--RETRY-TIMEOUT=3600` option in the above config. This option is important for dealing with memcached server failures. After a memcached server in the cluster fails, Seafile server will stop trying to use it for "RETRY-TIMEOUT" (in seconds). You should set this timeout to relatively long time, to prevent Seafile from retrying the failed server frequently, which may lead to frequent request errors for the clients.
### Use HTTPS connections to S3
Since Pro 5.0.4, you can use HTTPS connections to S3. Add the following options to seafile.conf:
```
[commit_object_backend]
name = s3
......
use_https = true
[fs_object_backend]
name = s3
......
use_https = true
[block_backend]
name = s3
......
use_https = true
```
Because the server package is built on CentOS 6, if you're using Debian/Ubuntu, you have to copy the system CA bundle to CentOS's CA bundle path. Otherwise Seafile can't find the CA bundle so that the SSL connection will fail.
```
sudo mkdir -p /etc/pki/tls/certs
sudo cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt
sudo ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/cert.pem
```
Another important note is that you **must not use '.' in your bucket names**. Otherwise the wildcard certificate for AWS S3 cannot be resolved. This is a limitation on AWS.
## Use S3-compatible Object Storage
Many object storage systems are now compatible with the S3 API, such as OpenStack Swift and Ceph's RADOS Gateway. You can use these S3-compatible storage systems as backend for Seafile. Here is an example config:
```
[commit_object_backend]
name = s3
bucket = my-commit-objects
key_id = your-key-id
key = your-secret-key
host = 192.168.1.123:8080
path_style_request = true
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
[fs_object_backend]
name = s3
bucket = my-fs-objects
key_id = your-key-id
key = your-secret-key
host = 192.168.1.123:8080
path_style_request = true
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
[block_backend]
name = s3
bucket = my-block-objects
key_id = your-key-id
key = your-secret-key
host = 192.168.1.123:8080
path_style_request = true
memcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100
```
`host` is the address and port of the S3-compatible service. You cannot prepend "http" or "https" to the `host` option. By default it'll use http connections. If you want to use https connection, please set `use_https = true` option.
`path_style_request` asks Seafile to use URLs like `https://192.168.1.123:8080/bucketname/object` to access objects. In Amazon S3, the default URL format is in virtual host style, such as `https://bucketname.s3.amazonaws.com/object`. But this style relies on advanced DNS server setup. So most S3-compatible storage systems only implement the path style format.
## Run and Test ##
Now you can start Seafile by `./seafile.sh start` and `./seahub.sh start` and visit the website.
[1]: http://docs.aws.amazon.com/AmazonS3/latest/dev/BucketRestrictions.html "the bucket naming rules"

Some files were not shown because too many files have changed in this diff Show more