Seafile Community
Seafile file syncing service is installed on the [[smarthome]] VM. The professional version is used which offers more features and is free for up to 3 users.
QNAS NFS Share¶
Make sure a share has been created in QNAS with the name Seafile .
Uncheck Enable Windows Previous Versions.
Check Instant sync to disks when requested by SMB clients.
Uncheck Enable Folder Aggregation on the Folder Aggregation tab.
Create a seafile user. Add this user to the group services.
Remove all application privileges from this user since none are needed for NFS only.
Configure NFS for this share on QNAS:
Select permission type: `NFS host access`
Check `Access right` and `sync` with `wdelay`
Allowed IP Address or Domain Name: `192.168.1.19/32` (smarthome VM), security: `sys`, Squash Option: `read/write`, `Squash all users`, Anonymous Group: `services`, Anonymous User: `seafile`
Grant the user seafile access to the Seafile share.
Guest OS preparation¶
Install NFS on the smarthome VM:
sudo apt-get update
sudo apt-get install portmap nfs-common
Configure the share:
sudo mkdir /mnt/qnas-seafile
Create an entry in /etc/fstab:
192.168.1.12:Seafile /mnt/qnas-seafile nfs rw,bg,rsize=32768,wsize=32768,noatime,hard,timeo=600,retrans=3,tcp,_netdev 0 0
Mount the share:
sudo mount -a
Docker compose setup¶
The installation follows the official guide. 2 cores and 2 GB RAM are the minimum requirements.
Download the latest docker-compose.yaml (URL might change with newer versions):
mkdir seafile && cd seafile
wget -O "docker-compose.yaml" "https://manual.seafile.com/11.0/docker/docker-compose/ce/11.0/docker-compose.yml"
Update the compose file as needed: move secrets into an .env file, update the directory paths, switch the main port to 3333.
The .env file should look similar to this:
DOCKERDIR=/home/davosian/sf-test2
NASDIR=/mnt/qnas-seafile
HOSTIP=192.168.1.19
TZ=Europe/Zurich
MYSQL_ROOT_PASSWORD=somepw
SEAFILE_ADMIN_EMAIL=seafile@davosian.com
SEAFILE_ADMIN_PASSWORD=somepw
SEAFILE_SERVER_HOSTNAME=smarthome
Add an entry for the correct timezone to every container:
...
environment:
- TZ=${TZ}
...
Start up the container and watch for error messages:
docker compose up
The initial startup creates the necessary files and database tables. However, since not everything is ready from the get-go, some post installation steps are necessary.
Enabling non-root process¶
Shut down the container:
docker compose down
Then update the permissions:
sudo chmod -R a+rwx $PWD/sf-data/seafile/
Move the seafile-data directory over onto the nfs share:
sudo mv $PWD/sf-data/seafile/seafile-data /mnt/qnas-seafile
You will get a few errors since nfs does not support the user permissions with squash all users enabled. Ignore them.
Prepare non-root permissions: uncomment or add the environment flag - NON_ROOT=true in docker-compose.yaml. Also, add a second volume entry pointing to the /mnt/qnas-seafile share:
seafile:
...
volumes:
- ${DOCKERDIR}/sf-data:/shared
- ${NASDIR}/seafile-data:/shared/seafile/seafile-data
environment:
- TZ=${TZ}
...
- NON_ROOT=true
...
Recreate the container:
docker compose up -d && docker compose logs -f
Enable notifications¶
Source: https://manual.seafile.com/latest/deploy/notification-server/
This helps with improving the performance.
Generate a jwt token with the following command:
openssl rand -base64 32
Add it into $PWD/sf-data/seafile/conf/seafile.conf and make sure notifications are enabled:
[notification]
enabled = true
...
jwt_private_key = LSaCwxnHt+t3u/QhgFD3JouvEv0T1iBjOtqHheWL16Y=
Restart the server:
docker compose restart
Note: the reboot can take about 10 minutes.
Test the notification server by going to https://files.siebensprung.ch/notification/ping.
Enable e-mail sending¶
Source: https://manual.seafile.com/latest/config/sending_email/
Add the following lines to seahub_settings.py to enable email sending.
EMAIL_USE_TLS = True
EMAIL_HOST = 'smtp.eu.mailgun.org' # smtp server
EMAIL_HOST_USER = 'seafile@mail.davosian.net' # username and domain
EMAIL_HOST_PASSWORD = 'password' # password from https://start.1password.com/open/i?a=7ZOAIC2B6RAYLJ2Y4AGDZ3JEOY&v=pmqldrwi4lbv4opojaf6u4hlwu&i=jgirot63gegr4yh4nxlfppp3na&h=staigers.1password.com
EMAIL_PORT = 587
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
SERVER_EMAIL = EMAIL_HOST_USER
Note: you cannot configure this information in two places simultaniously: through the configuration file as well as through the Web UI.
Add external access¶
Follow the setup from Tailscale to expose the service through Caddy running on Hetzner by adding a configuration block to the Caddyfile.
First, make sure the domain points to the IP of the Hetzer VPS with Cloudflare by creating an A-record:
A sf 138.201.185.144 Proxy: DNS only
Check that the entry propagates correctly:
nslookup sf.davosian.ch
Now update the Caddyfile:
- friendly_name: files
fqdn: files.siebensprung.ch
upstream: "smarthome:3333"
tls_insecure: false
tls_provider: cloudflare
Make sure that the terraform user's API token for Cloudflare includes the domain you want to use: https://dash.cloudflare.com/profile/api-tokens
Deploy the changes and wait a bit for the SSL certificate to be created:
just run caddy
Go to the web interface through Tailscale at http://smarthome:3333/sys/web-settings/ and modify the two entries:
SERVICE_URL: https://files.siebensprung.ch
FILE_SERVER_ROOT: https://files.siebensprung.ch/seafhttp
Back on the seafile box, configure the server by adding/updating the following to $PWD/sf-data/seafile/conf/seahub_settings.py:
SERVICE_URL = "https://files.siebensprung.ch"
FILE_SERVER_ROOT = "https://files.siebensprung.ch/seafhttp"
CSRF_TRUSTED_ORIGINS = ["https://files.siebensprung.ch"]
Reboot the server:
docker compose restart
Note: the reboot can take about 10 minutes.
Creating users¶
Go to http://smarthome:3333/sys/users/ and create the required users (davosian and greenfrog).
Fine tuning¶
Modify the information on http://smarthome:3333/sys/web-settings/ to get a nice fit.
Importing data¶
Source: https://manual.seafile.com/latest/deploy_pro/seaf_import/
Existing files can be imported using the seaf-import.sh script but only when using the Pro edition. Therefore, we need to do a manual import by mounting the smb share for Nextcloud and copying the files over to the Seafile share.