DB-hub Technology 未分类 How to install Seafile on your Raspberry Pi 4

How to install Seafile on your Raspberry Pi 4

1.Requirements and high level steps

Requirements
Ubuntu 22.04 LTS — CentOS 8 is no longer supported.
MySQL 8.0
python3.10
Nginx 1.18.0
Seafile 9.0.x

Steps
Download and write the Ubuntu server 64 bit image to a micro SD card
Install Ubuntu server 64 bit OS on RPi
Configure External Storage
Install MySQL
Install Seafile

2.Install Ubuntu server 64 bit

2.1.write the Ubuntu image to SD Card

download: ubuntu-22.04.1-preinstalled-server-arm64+raspi.img

The default username is “ ubuntu “. The default password is “ ubuntu “. When you first log in using these details, you will be asked to change the password to something more secure. Enter a secure alternative password to continue using the operating system.

2.2.update Ubuntu

sudo apt update
sudo apt upgrade

Running kernel seems to be up-to-date.

Failed to check for processor microcode upgrades.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.

All these messages came from needrestart application which purpose is: check which daemons need to be restarted after library upgrades.
This application have several modules. The processor microcode module supports only AMD and Intel processors. So it knows nothing about ARM in the RaspberryPi, so it shows the mentioned error message.
If you do not want to get such messages, then remove this application by:

sudo apt-get purge needrestart

Python3.10 installed by default.PIP3 not installed by default.

sudo apt-get install -y python3-pip

2.3.Set or Change Timezone

timedatectl list-timezones
sudo timedatectl set-timezone  America/Toronto

2.4.Install some optional apps

vim, htop, unzip, make and net-tools

sudo apt-get install vim
sudo apt-get install htop
sudo apt-get install net-tools
sudo apt-get install unzip
#install gcc, g++ and make
sudo apt install build-essential

2.5.Add user

groupadd nas
useradd -m -d /home/nas -g nas -s /bin/bash  nas

2.6.Disable IPv6

Step1: Check your IP address in Ubuntu

ip a

you should see an IPv6 address if it is enabled

Step2: To disable IPv6 you only have to input 3 commands:

sudo sysctl -w net.ipv6.conf.all.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.default.disable_ipv6=1
sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=1

Step3: check if it worked

ip a

this only temporarily disables IPv6.

Step4: Modify /etc/sysctl.conf
Add the following lines to the file:

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

Step5: For the settings to take effect use:

sudo sysctl -p

Step6: create (with root privileges) the file /etc/rc.local and fill it with:

#!/bin/bash
# /etc/rc.local

/etc/sysctl.d
/etc/init.d/procps restart

exit 0

Step7: make the file executable

sudo chmod 755 /etc/rc.local

Step7: edit /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

2.7.Change Host Name

1.Type the following command to edit /etc/hostname using text editor:

vi /etc/hostname

Delete the old name and setup new name.

2.Edit the /etc/hosts file:

vi /etc/hosts

add new line:

127.0.0.1 <your host name>

3.Reboot the system to changes take effect:

2.8.Install PWM fan control script

For ubuntu mate / ubuntun desktop / ubuntu server
Test this script based on the following OS:

  • ubuntu-mate-20.04.1-desktop
  • ubuntu server 21.04
  • ubuntu-21.04-preinstalled-desktop-arm64+raspi

install

cd ~
sudo apt-get update
sudo apt-get upgrade

sudo apt-get install -y unzip make gcc python git wiringpi python3-pigpio python-setuptools python3-rpi.gpio
sudo apt-get install -y python3-distutils

#install pigpio library, also refer to http://abyz.me.uk/rpi/pigpio/download.html
wget https://github.com/joan2937/pigpio/archive/master.zip
unzip master.zip
cd pigpio-master
sudo make
sudo make install

cd ~
git clone https://github.com/geekworm-com/x-c1
cd x-c1
sudo chmod +x *.sh
sudo bash install-ubuntu.sh

echo "alias xoff='sudo /usr/local/bin/x-c1-softsd.sh'" >> ~/.bashrc
sudo reboot

Test safe shutdown

xoff
  • Please run ‘xoff’ to shut down or press the on-board button switch to shut down. DON’T run the ‘shutdown’ linux command to shut down, otherwise the power of X-C1 will not be shut down.
  • press button switch 1-2 seconds to reboot
  • press button switch 3 seconds to safe shutdown,
  • press 7-8 seconds to force shutdown.

uninstall

sudo ./uninstall-ubuntu.sh

2.9.Configure firewall

Step 1 – To view status of ufw, type:

sudo ufw status

Step 2 – Open SSH TCP port 22

sudo ufw allow ssh

Step 3 – Turn on firewall

sudo ufw enable

Step 4 – Open specific incoming connections/ports

sudo ufw allow 443/tcp comment 'accept HTTPS connections'

Step 5 – Verify status of UFW

sudo ufw status

Step 6 – Other command used to configure firewall

UFW delete rules

sudo ufw status numbered
sudo ufw delete 6

Reset the ufw

sudo ufw reset

Reload the ufw

sudo ufw reload

3.Configure External Storage

3.1.check hard drive health

smartmontools package is available in the repositories of all the major Linux distributions

sudo apt-get update && sudo apt-get install smartmontools

Checking if SMART is enabled on the device

sudo smartctl -i /dev/sda

Get location of the disk

sudo blkid
/dev/sdb1: UUID="c5fe051a-bfc3-40a3-81b3-c83045748e3e" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="114b305a-4af1-4ace-8853-9d1854a14d18"
/dev/mmcblk0p1: LABEL_FATBOOT="system-boot" LABEL="system-boot" UUID="D7E2-9D99" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="b0a6845e-01"
/dev/mmcblk0p2: LABEL="writable" UUID="b09bb4c8-de4d-4ce6-a93f-30c4c9241a58" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="b0a6845e-02"
/dev/sda1: UUID="5bcd4331-7026-4851-9af3-aa92cf0de456" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="fa0c1cff-64ee-4203-b23e-0d9d1c36fcaf"

sudo smartctl -i /dev/sda
smartctl 7.2 2020-12-30 r5155 [aarch64-linux-5.15.0-1015-raspi] (local build)
Copyright (C) 2002-20, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Device Model:     WDC WD10SPCX-24HWST1
Serial Number:    WD-WX71A8592K04
Firmware Version: 80103060
User Capacity:    1,000,204,886,016 bytes [1.00 TB]
Sector Size:      512 bytes logical/physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   ATA/ATAPI-7 (minor revision not indicated)
Local Time is:    Sat Oct  1 15:19:56 2022 UTC
SMART support is: Available - device has SMART capability.
SMART support is: Enabled



sudo smartctl -i /dev/sdb
smartctl 7.2 2020-12-30 r5155 [aarch64-linux-5.15.0-1015-raspi] (local build)
Copyright (C) 2002-20, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family:     Western Digital Blue Mobile
Device Model:     WDC WD10JPVX-08JC3T6
Serial Number:    WD-WX41A1717U04
LU WWN Device Id: 5 0014ee 6b2101739
Firmware Version: 08.01A08
User Capacity:    1,000,204,886,016 bytes [1.00 TB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Rotation Rate:    5400 rpm
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   ACS-2 (minor revision not indicated)
SATA Version is:  SATA 3.0, 6.0 Gb/s (current: 6.0 Gb/s)
Local Time is:    Sat Oct  1 15:20:51 2022 UTC
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

If SMART is disabled, run this command:

sudo smartctl -s on /dev/sda

To get all the available SMART information about a storage device

sudo smartctl -a /dev/sda

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   200   200   051    Pre-fail  Always       -       12
  3 Spin_Up_Time            0x0027   190   183   021    Pre-fail  Always       -       1475
  4 Start_Stop_Count        0x0032   098   098   000    Old_age   Always       -       2229
  5 Reallocated_Sector_Ct   0x0033   185   185   140    Pre-fail  Always       -       646
  7 Seek_Error_Rate         0x002f   200   200   051    Pre-fail  Always       -       0
  9 Power_On_Hours          0x0032   098   098   000    Old_age   Always       -       2093
 10 Spin_Retry_Count        0x0032   100   100   000    Old_age   Always       -       0
 11 Calibration_Retry_Count 0x0032   100   100   000    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   099   099   000    Old_age   Always       -       1168
192 Power-Off_Retract_Count 0x0032   200   200   000    Old_age   Always       -       72
193 Load_Cycle_Count        0x0032   199   199   000    Old_age   Always       -       5864
194 Temperature_Celsius     0x0022   115   095   000    Old_age   Always       -       32
196 Reallocated_Event_Count 0x0032   138   138   000    Old_age   Always       -       62
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0030   100   253   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       120
200 Multi_Zone_Error_Rate   0x0008   200   200   000    Old_age   Offline      -       0
240 Head_Flying_Hours       0x0032   099   099   000    Old_age   Always       -       1395

Read SMART Error Log failed: scsi error aborted command

Read SMART Self-test Log failed: scsi error aborted command

Read SMART Selective Self-test Log failed: scsi error aborted command




sudo smartctl -a /dev/sdb
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   200   200   051    Pre-fail  Always       -       0
  3 Spin_Up_Time            0x0027   187   183   021    Pre-fail  Always       -       1641
  4 Start_Stop_Count        0x0032   001   001   000    Old_age   Always       -       118119
  5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x002f   200   200   051    Pre-fail  Always       -       0
  9 Power_On_Hours          0x0032   094   094   000    Old_age   Always       -       4890
 10 Spin_Retry_Count        0x0032   100   100   000    Old_age   Always       -       0
 11 Calibration_Retry_Count 0x0032   100   100   000    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   098   098   000    Old_age   Always       -       2648
192 Power-Off_Retract_Count 0x0032   199   199   000    Old_age   Always       -       876
193 Load_Cycle_Count        0x0032   147   147   000    Old_age   Always       -       159557
194 Temperature_Celsius     0x0022   111   094   000    Old_age   Always       -       36
196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0030   100   253   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x0008   100   253   000    Old_age   Offline      -       0
240 Head_Flying_Hours       0x0032   098   098   000    Old_age   Always       -       2173

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Interrupted (host reset)      90%         3         -

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

Very important parameters to check are, among the others, “Reallocated_Sector_Ct” and “Current_Pending_Sector”. In both cases if the RAW_VALUE is something other than 0, we should be very careful and start to backup data on the hard drive. The Reallocated_Sector_Ct is the count of sectors on the block device which cannot be used correctly.

Create Partition

fdisk /dev/sda

create ext4 filesystem

mkfs.ext4 /dev/sda1

3.2.Mount the HDD

Make a target directory

mkdir -p /mnt/hdd1
mkdir -p /mnt/hdd2
mount /dev/sda1 /mnt/hdd1
mount /dev/sdb1 /mnt/hdd2
vi /etc/fstab

/dev/sda1 /mnt/hdd1 ext4 defaults 0 0
/dev/sdb1 /mnt/hdd2 ext4 defaults 0 0

Reboot and verify the drive is being automatically mounted.

sudo reboot
ls /mnt/hdd1

4.Installing prerequisites

4.1.Install Django

sudo apt-get install libffi-dev
sudo apt-get install -y libmysqlclient-dev
sudo apt-get install -y memcached libmemcached-dev
git clone https://gitcode.net/imagine-miracle/cffi.git
cd cffi
ls
cffi-1.14.0.tar.gz cffi-1.15.0.tar.gz README.md

tar -xf cffi-1.14.0.tar.gz
tar -xf cffi-1.15.0.tar.gz
ls
cffi-1.14.0 cffi-1.14.0.tar.gz cffi-1.15.0 cffi-1.15.0.tar.gz README.md


cd cffi-1.14.0/
~/cffi/cffi-1.14.0# ls
AUTHORS cffi demo LICENSE PKG-INFO setup_base.py setup.py
c cffi.egg-info doc MANIFEST.in README.md setup.cfg testing

~/cffi/cffi-1.14.0# cp ../cffi-1.15.0/c/_cffi_backend.c ./c/

sudo python3 setup.py install
Finished processing dependencies for cffi==1.14.0
sudo pip3 install --timeout=3600 django==3.2.* Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \
    django-pylibmc django-simple-captcha python3-ldap mysqlclient pycryptodome==3.12.0 cffi==1.14.0 lxml


Successfully installed captcha-0.4 django-ranged-response-0.2.0 django-simple-captcha-0.5.17 sqlalchemy-1.3.8

4.2.Install MySQL

sudo apt-get update
sudo apt-get install mysql-server
sudo systemctl start mysql.service

netstat -tag | grep mysql
sudo systemctl status mysql.service

Set root password

sudo mysql
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<root_password>';

Configure MySQL

sudo mysql_secure_installation

Would you like to setup VALIDATE PASSWORD component? Yes
Change the password for root ? No
Remove anonymous users? Y
Disallow root login remotely? No
Remove test database and access to it? Y
Reload privilege tables now? Y

add the following to your MySQL file:
/etc/mysql/my.cnf

[mysqld]
default_authentication_plugin=mysql_native_password

Restart MySQL server

service mysql stop
service mysql start

4.3.Install Java Running environment

sudo apt-get install openjdk-8-jre -y
sudo ln -sf /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java /usr/bin/

4.4.Install poppler-utils

Require for PDF Full text search.

sudo apt-get install poppler-utils -y

5.Installation

5.1.Creating the program directory

The standard directory for Seafile’s program files is /opt/seafile. Create this directory and change into it:

mkdir /opt/seafile
cd /opt/seafile

5.2.Creating user seafile

It is good practice not to run applications as root.

Create a new user and follow the instructions on the screen:

sudo adduser seafile

Change ownership of the created directory to the new user:

chown -R seafile: /opt/seafile

All the following steps are done as user seafile.

Change to user seafile:

su seafile

5.3.Download and uncompress the installation package

cd /opt/seafile

wget https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_9.0.9_x86-64.tar.gz

tar xf seafile-server_9.0.9_x86-64.tar.gz
tree -L 2
.
├── seafile-server-9.0.9
│   ├── check_init_admin.py
│   ├── reset-admin.sh
│   ├── runtime
│   ├── seaf-fsck.sh
│   ├── seaf-fuse.sh
│   ├── seaf-gc.sh
│   ├── seafile
│   ├── seafile.sh
│   ├── seahub
│   ├── seahub.sh
│   ├── setup-seafile-mysql.py
│   ├── setup-seafile-mysql.sh
│   ├── setup-seafile.sh
│   ├── sql
│   └── upgrade
└── seafile-server_9.0.9_x86-64.tar.gz

5.4.Set up seafile

“setup-seafile-mysql.sh” creates the required directories and extracts all files in the right place. It can also create a MySQL user and the three databases that Seafile’s components require :

  • ccnet server
  • seafile server
  • seahub

Run the script as user seafile:

cd seafile-server-9.0.9/
pip3 install PyMySQL[rsa]
pip3 install mysql-connector-python
./setup-seafile-mysql.sh

Configure your Seafile Server by specifying the following three parameters:

Checking python on this machine ...

-----------------------------------------------------------------
This script will guide you to setup your seafile server using MySQL.
Make sure you have read seafile server manual at

        https://download.seafile.com/published/seafile-manual/home.md

Press ENTER to continue
-----------------------------------------------------------------

What is the name of the server? It will be displayed on the client.
3 - 15 letters or digits
[ server name ] NASPi

What is the ip or domain of the server?
For example: www.mycompany.com, 192.168.1.101
[ This server's ip or domain ] 192.168.1.54

Which port do you want to use for the seafile fileserver?
[ default "8082" ]

-------------------------------------------------------
Please choose a way to initialize seafile databases:
-------------------------------------------------------

[1] Create new ccnet/seafile/seahub databases
[2] Use existing ccnet/seafile/seahub databases

[ 1 or 2 ] 1

What is the host of mysql server?
[ default "localhost" ]

What is the port of mysql server?
[ default "3306" ]

What is the password of the mysql root user?
[ root password ]

verifying password of user root ...  done

Enter the name for mysql user of seafile. It would be created if not exists.
[ default "seafile" ]

Enter the password for mysql user "seafile":
[ password for seafile ]

Enter the database name for ccnet-server:
[ default "ccnet-db" ]

Enter the database name for seafile-server:
[ default "seafile-db" ]

Enter the database name for seahub:
[ default "seahub-db" ]

---------------------------------
This is your configuration
---------------------------------

    server name:            NASPi
    server ip/domain:       192.168.1.54

    seafile data dir:       /home/seafile/seafile-data
    fileserver port:        8082

    database:               create new
    ccnet database:         ccnet-db
    seafile database:       seafile-db
    seahub database:        seahub-db
    database user:          seafile



---------------------------------
Press ENTER to continue, or Ctrl-C to abort
---------------------------------

If the setup is successful, you see the following output:

-----------------------------------------------------------------
Your seafile server configuration has been finished successfully.
-----------------------------------------------------------------

run seafile server:     ./seafile.sh { start | stop | restart }
run seahub  server:     ./seahub.sh  { start <port> | stop | restart <port> }

-----------------------------------------------------------------
If you are behind a firewall, remember to allow input/output of these tcp ports:
-----------------------------------------------------------------

port of seafile fileserver:   8082
port of seahub:               8000

The directory layout then looks as follows:

tree /opt/seafile -L 2
/opt/seafile
├── ccnet
├── conf
│   ├── ccnet.conf
│   ├── gunicorn.conf.py
│   ├── seafdav.conf
│   ├── seafile.conf
│   └── seahub_settings.py
├── seafile-data
│   └── library-template
├── seafile-server-9.0.9
│   ├── check_init_admin.py
│   ├── reset-admin.sh
│   ├── runtime
│   ├── seaf-fsck.sh
│   ├── seaf-fuse.sh
│   ├── seaf-gc.sh
│   ├── seafile
│   ├── seafile.sh
│   ├── seahub
│   ├── seahub.sh
│   ├── setup-seafile-mysql.py
│   ├── setup-seafile-mysql.sh
│   ├── setup-seafile.sh
│   ├── sql
│   └── upgrade
├── seafile-server-latest -> seafile-server-9.0.9
└── seahub-data
    └── avatars -> ../../../seahub-data/avatars

The folder seafile-server-latest is a symbolic link to the current Seafile Server folder. When later you upgrade to a new version, the upgrade scripts update this link to point to the latest Seafile Server folder.

5.5.Tweaking conf file

Seafile’s config files as created by the setup script are prepared for Seafile running behind a reverse proxy.

To access Seafile’s web interface and to create working sharing links without a reverse proxy, you need to modify two configuration files in /opt/seafile/conf:

seahub_settings.py (if you use 9.0.x): Add port 8000 to the SERVICE_URL (i.e., SERVICE_URL = ‘http://1.2.3.4:8000/’).

gunicorn.conf.py: Change the bind to “0.0.0.0:8000” (i.e., bind = “0.0.0.0:8000”)

5.6.Starting Seafile Server

Run the following commands in /opt/seafile-server-latest:

./seafile.sh start # starts seaf-server
./seahub.sh start  # starts seahub

6.Seafile configuration

By now, the host in can only pass through IP:Port to access web pages , you cannot upload or download files.
We have to do more configurations.

6.1.MySQL Configuration

sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf

Comment out these two lines:

bind-address            = 127.0.0.1
mysqlx-bind-address     = 127.0.0.1

restart mysql.service

sudo systemctl status mysql.service

6.2.MySQL seafile User Settings

sudo mysql -u root -p
use mysql;
select user, host from user;

users can only login to localhost to access the database, that’s why you can’t upload and download files.

update user set host='%' where user='seafile';
flush privileges;

Now, seafile user can connect to the database with domain name or IP address.

Change seafile authentication.

ALTER USER 'seafile'@'%' IDENTIFIED WITH mysql_native_password by '<user password>';
flush privileges;

Then user’s authentication plug-in is mysql_native_password.

6.3.Databases configuration

ccnet, seafile and seahub databases can access from donmain name or IP address from Internet.

GRANT ALL PRIVILEGES ON `ccnet_db`.* to `seafile`@'%';
GRANT ALL PRIVILEGES ON `seafile_db`.* to `seafile`@'%';
GRANT ALL PRIVILEGES ON `seahub_db`.* to `seafile`@'%';
flush privileges;

restart mysql.service

sudo systemctl restart mysql.service

7.Enabling HTTPS with Nginx

HTTPS requires a SSL certificate from a Certificate Authority (CA). Unless you already have a SSL certificate, we recommend that you get your SSL certificate from Let’s Encrypt using Certbot.

A second requirement is a reverse proxy supporting SSL. Nginx, a popular and resource-friendly web server and reverse proxy, is a good option. Nginx’s documentation is available at http://nginx.org/en/docs/.

7.1.Install Nginx From Ubuntu Repositories

sudo apt-get install nginx

nginx -v
nginx version: nginx/1.18.0 (Ubuntu)


sudo systemctl start nginx
sudo systemctl enable nginx
sudo systemctl status nginx

delete the default Nginx server block

cd sites-available
mv default /home/<your_user_name>/sites-available.default

cd sites-enabled
mv default /home/<your_user_name>/sites-enabled.default

7.2.Allow Nginx Traffic

7.3.Prepare Nginx

Create a configuration file for seafile in /etc/nginx/sites-available/:

touch /etc/nginx/sites-available/seafile.conf

Create a symbolic link:

ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf

7.4.Configuring Nginx

Copy the following sample Nginx config file into the just created seafile.conf and modify the content to fit your needs:

log_format seafileformat 'http_x_forwarded_forremote_addr [time_local] "request" statusbody_bytes_sent "http_referer" "http_user_agent" upstream_response_time';

server {
    listen 80;
    server_name <enter your domain here>;

    proxy_set_header X-Forwarded-Forremote_addr;

    location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host host;
         proxy_set_header   X-Real-IPremote_addr;
         proxy_set_header   X-Forwarded-For proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Hostserver_name;
         proxy_read_timeout  1200s;

         # used for view/edit office file via Office Online Server
         client_max_body_size 200M;

         access_log      /var/log/nginx/seahub.access.log seafileformat;
         error_log       /var/log/nginx/seahub.error.log;
    }

    location /seafhttp {
        rewrite ^/seafhttp(.*)1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;

        send_timeout  36000s;

        access_log      /var/log/nginx/seafhttp.access.log seafileformat;
        error_log       /var/log/nginx/seafhttp.error.log;
    }
    location /media {
        root /opt/seafile/seafile-server-latest/seahub;
    }
}

The following options must be modified in the CONF file:

  • Server name (server_name)

Optional customizable options in the seafile.conf are:

  • Server listening port (listen) – if Seafile server should be available on a non-standard port
  • Proxy pass for location / – if Seahub is configured to start on a different port than 8000
  • Proxy pass for location /seafhttp – if seaf-server is configured to start on a different port than 8082
  • Maximum allowed size of the client request body (client_max_body_size)
  • The default value for client_max_body_size is 1M. Uploading larger files will result in an error message HTTP error code 413 (“Request Entity Too Large”). It is recommended to syncronize the value of client_max_body_size with the parameter max_upload_size in section [fileserver] of $installation_dir/conf/seafile.conf. Optionally, the value can also be set to 0 to disable this feature. Client uploads are only partly effected by this limit. With a limit of 100 MiB they can safely upload files of any size.

Example: in conf/seafile.conf

max_upload_size=200 # Set maximum download directory size to 200M

Set the default quota for all users:
Example: in conf/seafile.conf

[quota]
# default user quota in GB, integer only
default = 2

7.5.Getting a Let’s Encrypt certificate

Getting a Let’s Encrypt certificate is straightforward thanks to Certbot. Certbot is a free, open source software tool for requesting, receiving, and renewing Let’s Encrypt certificates.

Firstly, go to the Certbot website and choose your webserver and OS.

Secondly, follow the detailed instructions then shown.

7.6.Modifying Nginx configuration file

log_format seafileformat 'http_x_forwarded_forremote_addr [time_local] "request" statusbody_bytes_sent "http_referer" "http_user_agent" upstream_response_time';

server {
    listen       80;
    server_name  seafile.example.com;
    rewrite ^ https://http_hostrequest_uri? permanent;    # Forced redirect from HTTP to HTTPS

    server_tokens off;      # Prevents the Nginx version from being displayed in the HTTP response header
}

server {
    listen 443;
    ssl on;
    ssl_certificate /etc/letsencrypt/live/seafile.example.com/fullchain.pem;    # Path to your fullchain.pem
    ssl_certificate_key /etc/letsencrypt/live/seafile.example.com/privkey.pem;  # Path to your privkey.pem
    server_name seafile.example.com;
    server_tokens off;

    location / {
        proxy_pass         http://127.0.0.1:8000;
        proxy_set_header   Hosthost;
        proxy_set_header   X-Real-IP remote_addr;
        proxy_set_header   X-Forwarded-Forproxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Host $server_name;
        proxy_read_timeout 1200s;

        proxy_set_header   X-Forwarded-Proto https;

... # No changes beyond this point compared to the Nginx configuration without HTTPS

Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect:

nginx -t
nginx -s reload

7.7.Enabling HTTP Strict Transport Security

Enable HTTP Strict Transport Security (HSTS) to prevent man-in-the-middle-attacks by adding this directive:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

HSTS instructs web browsers to automatically use HTTPS. That means, after the first visit of the HTTPS version of Seahub, the browser will only use https to access the site.

7.8.Using Perfect Forward Secrecy

Enable Diffie-Hellman (DH) key-exchange. Generate DH parameters and write them in a .pem file using the following command:

openssl dhparam 2048 > /etc/nginx/dhparam.pem  # Generates DH parameter of length 2048 bits

The generation of the the DH parameters may take some time depending on the server’s processing power.

Add the following directive in the HTTPS server block:

ssl_dhparam /etc/nginx/dhparam.pem;

7.9.Modifying SERVICE_URL

In System Admininstration > Settings

SERVICE_URL https://your_domain.com:8443

FILE_SERVER_ROOT https://your_domain.com:8443/seafhttp

cd /tmp/seahub_cache
rm *

restart seafile and seahub

7.10.Large file uploads

Tip for uploading very large files (> 4GB): By default Nginx will buffer large request body in temp file. After the body is completely received, Nginx will send the body to the upstream server (seaf-server in our case). But it seems when file size is very large, the buffering mechanism dosen’t work well. It may stop proxying the body in the middle. So if you want to support file upload larger for 4GB, we suggest you install Nginx version >= 1.8.0 and add the following options to Nginx config file:

location /seafhttp {
        ... ...
        proxy_request_buffering off;
    }

If you have WebDAV enabled it is recommended to add the same:

location /seafdav {
        ... ...
        proxy_request_buffering off;
    }

7.11.Change storage path

./seafile.sh stop
./seahub.sh stop
rm -r /opt/seafile/seafile-data
ln -s /mnt/hdd2/seafile /opt/seafile/seafile-data
./seafile.sh start
./seahub.sh start

8.Installation Issues

Issue 1:c/_cffi_backend.c Source file error

Install cffi 1.14.0 and cffi 1.15.0 with source code.
We will use version 15 source code to rewrite version 14’s.

git clone https://gitcode.net/imagine-miracle/cffi.git
cd cffi
ls
cffi-1.14.0.tar.gz cffi-1.15.0.tar.gz README.md

tar -xf cffi-1.14.0.tar.gz
tar -xf cffi-1.15.0.tar.gz
ls
cffi-1.14.0 cffi-1.14.0.tar.gz cffi-1.15.0 cffi-1.15.0.tar.gz README.md


cd cffi-1.14.0/
cffi-1.14.0$ ls
AUTHORS cffi demo LICENSE PKG-INFO setup_base.py setup.py
c cffi.egg-info doc MANIFEST.in README.md setup.cfg testing

sudo python3 setup.py install
aarch64-linux-gnu-gcc -Wno-unused-result -Wsign-compare -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -g -fwrapv -O2 -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -DUSE__THREAD -DHAVE_SYNC_SYNCHRONIZE -I/usr/include/ffi -I/usr/include/libffi -I/usr/include/python3.10 -c c/_cffi_backend.c -o build/temp.linux-aarch64-3.10/c/_cffi_backend.o
c/_cffi_backend.c: In function ‘ctypedescr_dealloc’:
c/_cffi_backend.c:407:23: error: lvalue required as left operand of assignment
  407 |         Py_REFCNT(ct) = 43;
      |                       ^
c/_cffi_backend.c:410:23: error: lvalue required as left operand of assignment
  410 |         Py_REFCNT(ct) = 0;
      |                       ^
c/_cffi_backend.c: In function ‘prepare_callback_info_tuple’:
c/_cffi_backend.c:6185:5: warning: ‘PyEval_InitThreads’ is deprecated [-Wdeprecated-declarations]
 6185 |     PyEval_InitThreads();
      |     ^~~~~~~~~~~~~~~~~~
In file included from /usr/include/python3.10/Python.h:130,
                 from c/_cffi_backend.c:2:
/usr/include/python3.10/ceval.h:122:37: note: declared here
  122 | Py_DEPRECATED(3.9) PyAPI_FUNC(void) PyEval_InitThreads(void);
      |                                     ^~~~~~~~~~~~~~~~~~
c/_cffi_backend.c: In function ‘b_callback’:
c/_cffi_backend.c:6245:5: warning: ‘ffi_prep_closure’ is deprecated: use ffi_prep_closure_loc instead [-Wdeprecated-declarations]
 6245 |     if (ffi_prep_closure(closure, &cif_descr->cif,
      |     ^~
In file included from c/_cffi_backend.c:15:
/usr/include/aarch64-linux-gnu/ffi.h:347:1: note: declared here
  347 | ffi_prep_closure (ffi_closure*,
      | ^~~~~~~~~~~~~~~~
error: command '/usr/bin/aarch64-linux-gnu-gcc' failed with exit code 1

Here you can see the error. It is the same as reporting error during installation. It’s cause by c/cffi_backend.c file and it had been fixed in version 15.

ubuntu@ubuntu:~/cffi/cffi-1.14.0$ cp ../cffi-1.15.0/c/_cffi_backend.c ./c/

sudo python3 setup.py install

Finished processing dependencies for cffi==1.14.0

Issue 2: Error: Failed to connect to mysql database ccnet-db

Error: Failed to connect to mysql database ccnet-db: ‘cryptography’ package is required for sha256_password or caching_sha2_password auth methods

Per MySQL 8 documentation https://dev.mysql.com/doc/refman/8.0/en/upgrading-from-previous-series.html#upgrade-caching-sha2-password, easiest way to fix this is to add the following to your MySQL file -> restart MySQL server.

[mysqld]
#add the following file to your MySQLd file
    default_authentication_plugin=mysql_native_password

Issue 3: ModuleNotFoundError: No module named ‘seaserv’

./seafile.sh start

Starting seafile server, please wait ...
** Message: 20:12:46.683: seafile-controller.c(621): No seafevents.

Seafile server started

Done.
seafile@NASPi:/opt/seafile/seafile-server-9.0.2$ ./seahub.sh start

LC_ALL is not set in ENV, set to en_US.UTF-8
Starting seahub at port 8000 ...
Traceback (most recent call last):
  File "/opt/seafile/seafile-server-9.0.2/check_init_admin.py", line 19, in <module>
    from seaserv import ccnet_api
ModuleNotFoundError: No module named 'seaserv'

Cause:
python3 used as the path in script.

Solution:

cd <seafile install path>/seafile/lib
mv python3.6 python3

Issue 4: Error:Seahub failed to start. cannot import name ‘mysql’

./seahub.sh start

LC_ALL is not set in ENV, set to en_US.UTF-8
Starting seahub at port 8000 ...

----------------------------------------
It's the first time you start the seafile server. Now let's create the admin account
----------------------------------------

What is the email for the admin account?
[ admin email ]
What is the email for the admin account?
[ admin email ] ted.liu.2030@gmail.com

What is the password for the admin account?
[ admin password ]

Enter the password again:
[ admin password again ]



----------------------------------------
Successfully created seafile admin
----------------------------------------



Error:Seahub failed to start.
Please try to run "./seahub.sh start" again

Debug:

./seahub.sh start-fastcgi

LC_ALL is not set in ENV, set to en_US.UTF-8
Starting seahub (fastcgi) at 127.0.0.1:8000 ...
Traceback (most recent call last):
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/MySQLdb/__init__.py", line 18, in <module>
    from . import _mysql
ImportError: cannot import name '_mysql' from partially initialized module 'MySQLdb' (most likely due to a circular import) (/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/MySQLdb/__init__.py)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/opt/seafile/seafile-server-9.0.2/seahub/manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/core/management/__init__.py", line 419, in execute_from_command_line
    utility.execute()
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/core/management/__init__.py", line 395, in execute
    django.setup()
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/__init__.py", line 24, in setup
    apps.populate(settings.INSTALLED_APPS)
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/apps/registry.py", line 114, in populate
    app_config.import_models()
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/apps/config.py", line 301, in import_models
    self.models_module = import_module(models_module_name)
  File "/usr/lib/python3.10/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1050, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1027, in _find_and_load
  File "<frozen importlib._bootstrap>", line 1006, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 688, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 883, in exec_module
  File "<frozen importlib._bootstrap>", line 241, in _call_with_frames_removed
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/contrib/sessions/models.py", line 1, in <module>
    from django.contrib.sessions.base_session import (
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/contrib/sessions/base_session.py", line 26, in <module>
    class AbstractBaseSession(models.Model):
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/db/models/base.py", line 122, in __new__
    new_class.add_to_class('_meta', Options(meta, app_label))
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/db/models/base.py", line 326, in add_to_class
    value.contribute_to_class(cls, name)
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/db/models/options.py", line 207, in contribute_to_class
    self.db_table = truncate_name(self.db_table, connection.ops.max_name_length())
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/utils/connection.py", line 15, in __getattr__
    return getattr(self._connections[self._alias], item)
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/utils/connection.py", line 62, in __getitem__
    conn = self.create_connection(alias)
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/db/utils.py", line 204, in create_connection
    backend = load_backend(db['ENGINE'])
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/db/utils.py", line 111, in load_backend
    return import_module('%s.base' % backend_name)
  File "/usr/lib/python3.10/importlib/__init__.py", line 126, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/django/db/backends/mysql/base.py", line 15, in <module>
    import MySQLdb as Database
  File "/opt/seafile/seafile-server-9.0.2/seahub/thirdpart/MySQLdb/__init__.py", line 24, in <module>
    version_info, _mysql.version_info, _mysql.__file__
NameError: name '_mysql' is not defined
Error:Seahub failed to start.

Solution:

cd /opt/seafile/seafile-server-9.0.2/seahub/thirdpart
mv PIL PIL.bak
/opt/seafile/seafile-server-latest$ ./seahub.sh start

LC_ALL is not set in ENV, set to en_US.UTF-8
Starting seahub at port 8000 ...

Seahub is started

Done.

Issue 5: Unknown command: ‘runfcgi’

 ./seahub.sh start-fastcgi

LC_ALL is not set in ENV, set to en_US.UTF-8
Starting seahub (fastcgi) at 127.0.0.1:8000 ...
Unknown command: 'runfcgi'
Type 'manage.py help' for usage.
Error:Seahub failed to start.

Seahub now needs to be started with ./seahub.sh start
And the proxy has to pass http instead of fastcgi requests.

Issue 6: seafile CSRF verification failed.

location / {
proxy_pass          http://127.0.0.1:8000;
proxy_set_header    Host $host:CUSTOMPORT;

Replace CUSTOMPORT with the port you’re running your nginx on.

Issue 7: File Upload Failed – Network Error

Login to your Seafile web UI, click on your avatar, got ot “System Admin” > Settings > FILE_SERVER_ROOT > and here you should put your seafile URL or IP address like this:
“hxxp://{YOUR_SERVER_URL}/seafhttp”
For exmple, my server URL is “seafile-test.com” so I put
https://seafile-test.com/seafhttp

Issue 8: Upload slow

Tested upload speed about 20Mbps

1.Test Network speed
iperf is one of the useful utilities to test point-to-point bandwidth.

iperf is a tool for active measurements of the maximum achievable bandwidth on IP networks. It supports tuning of various parameters related to timing, protocols, and buffers. For each test it reports the measured throughput / bitrate, loss, and other parameters.

For more information see: https://software.es.net/iperf
Source code and issue tracker: https://github.com/esnet/iperf
Discussion forums: https://github.com/esnet/iperf/discussions
Downloads of iperf3 are available at: https://downloads.es.net/pub/iperf/

wget https://downloads.es.net/pub/iperf/iperf-3.12.tar.gz
tar -zxvf iperf-3.12.tar.gz

cd iperf-3.12
./configure -prefix /usr; make; make install

How to use iPerf3 to measure throughput?

First,Type the following command:

iperf3 -s -p 7000

This command tells this instance of iPerf3 that it will be functioning as a server — or waiting to receive data. By default, the iPerf3 server will listen on port 5001. You may need to know this to configure your firewall to map traffic for the iPerf3 port to your iPerf3 server.

Second, Type the following command on client server:

iperf3 -c 192.168.1.100 -p 7000

The -c tells the iPerf3 instance to function as a client station.
By default, the benchmark will run for 20 seconds. Then, it will present the average throughput for the run.

2.Test Disk read speed
“hdparm” is a Linux command-line tool that can be used to derive a sequential read speed of a storage device.

Step 1: Install hdparm

#CentOS, RHEL distributions:
sudo yum install hdparm


#Mint, Ubuntu, Debian:
apt-get install hdparm

Step 2: Run hdparm

hdparm -Tt /dev/sda

/dev/sda:
 Timing cached reads:   1554 MB in  2.00 seconds = 778.44 MB/sec
 Timing buffered disk reads: 188 MB in  3.06 seconds =  61.51 MB/sec


hdparm -Tt /dev/sdb

/dev/sdb:
 Timing cached reads:   1562 MB in  2.00 seconds = 782.02 MB/sec
 Timing buffered disk reads: 252 MB in  3.16 seconds =  79.84 MB/sec

2.Test Disk write speed

dd if=/dev/zero of=/mnt/hdd1/tmp/output bs=8k count=10k;
10240+0 records in
10240+0 records out
83886080 bytes (84 MB, 80 MiB) copied, 0.782689 s, 107 MB/s

rm -f /mnt/hdd1/tmp/output


dd if=/dev/zero of=/mnt/hdd2/tmp/output bs=8k count=10k
10240+0 records in
10240+0 records out
83886080 bytes (84 MB, 80 MiB) copied, 0.445875 s, 188 MB/s

rm -f /mnt/hdd2/tmp/output

Several factors affect speed of SFTP transfer:

  • Encryption. Though symmetric encryption is fast, it’s not that fast to be unnoticed. If you comparing speeds on fast network (100mbit or larger), encryption becomes a break for your process.
  • Hash calculation and checking.
  • Buffer copying. SFTP running on top of SSH causes each data block to be copied at least 6 times (3 times on each side) more comparing to plain FTP where data in best cases can be passed to network interface without being copied at all. And block copy takes a bit of time as well.

SFTP: 20MB/s
FTP: 110MB/s

Leave a Reply

您的邮箱地址不会被公开。 必填项已用 * 标注

Related Post