From e4fb77390adfa9b0f71662988ecfd788c82699b1 Mon Sep 17 00:00:00 2001 From: ci-bot Date: Mon, 4 Nov 2024 07:37:49 +0000 Subject: [PATCH] Deployed 65473433 to 12.0 with MkDocs 1.6.1 and mike 2.1.3 --- 12.0/config/index.html | 6 +++--- 12.0/search/search_index.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/12.0/config/index.html b/12.0/config/index.html index aa79afba3..20f56897f 100644 --- a/12.0/config/index.html +++ b/12.0/config/index.html @@ -4235,14 +4235,14 @@

The design of configure optionsconfig files
  • via web interface
    • +

    The web interface has the highest priority. It contains a subset of settings that does no require to restart the server. In practise, you can disable settings via web interface for simplicity.

    Environment variables also have three categories:

    • Initialization variables that used to generate config files when Seafile server run for the first time.
    • Variables that shared and used by multiple components of Seafile server.
      • -
    • Variables that used both in generate config files and later also needed for some components that have no corresponding config file.
      • +
    • Variables that used both in generate config files and later also needed for some components that have no corresponding config files.
    -

    The variables in the first category can be deleted after initialization. In the future, we will make more components can read config from environment variables, so that the third category is no longer needed.

    -

    The web interface has the highest priority, then the environment variables, then the config files. In practise, you can disable settings via web interface for simplicity.

    +

    The variables in the first category can be deleted after initialization. In the future, we will make more components to read config from environment variables, so that the third category is no longer needed.

    diff --git a/12.0/search/search_index.json b/12.0/search/search_index.json index 9e8f3c51c..304e56168 100644 --- a/12.0/search/search_index.json +++ b/12.0/search/search_index.json @@ -1 +1 @@ -{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Introduction","text":"

    Seafile is an open source cloud storage system for file sync, share and document collaboration. SeaDoc is an extension of Seafile that providing a lightweight online collaborative document feature.

    "},{"location":"#license","title":"LICENSE","text":"

    The different components of Seafile project are released under different licenses:

    • Seafile iOS client: Apache License v2
    • Seafile Android client: GPLv3
    • Desktop syncing client: GPLv2
    • Seafile Server core: AGPLv3
    • Seahub (Seafile server Web UI): Apache License v2
    "},{"location":"#contact-information","title":"Contact information","text":"
    • Twitter: @seafile https://twitter.com/seafile
    • Forum: https://forum.seafile.com
    "},{"location":"changelog/","title":"Changelog","text":""},{"location":"changelog/#changelogs","title":"Changelogs","text":"
    • Seafile Community Edition
    • Seafile Professional Edition
    • Seafile Sync Client
    • Seafile Drive Client (SeaDrive)
    • Seafile Android Client (Seadroid)
    • Seafile iOS Client
    "},{"location":"administration/","title":"Administration","text":""},{"location":"administration/#enter-the-admin-panel","title":"Enter the admin panel","text":"

    As the system admin, you can enter the admin panel by click System Admin in the popup of avatar.

    "},{"location":"administration/#account-management","title":"Account management","text":"
    • Account management
    "},{"location":"administration/#logs","title":"Logs","text":"
    • The location of log files
    "},{"location":"administration/#backup-and-recovery","title":"Backup and Recovery","text":"

    Backup and recovery:

    • Backup and recovery

    Recover corrupt files after server hard shutdown or system crash:

    • Seafile FSCK

    You can run Seafile GC to remove unused files:

    • Seafile GC
    "},{"location":"administration/#clean-database","title":"Clean database","text":"
    • Clean database
    "},{"location":"administration/#export-report","title":"Export report","text":"
    • Export report
    "},{"location":"administration/account/","title":"Account Management","text":""},{"location":"administration/account/#user-management","title":"User Management","text":"

    When you setup seahub website, you should have setup a admin account. After you logged in a admin, you may add/delete users and file libraries.

    "},{"location":"administration/account/#how-to-change-a-users-id","title":"How to change a user's ID","text":"

    Since version 11.0, if you need to change a user's external ID, you can manually modify database table social_auth_usersocialauth to map the new external ID to internal ID.

    For version below 11.0, if you really want to change a user's ID, you should create a new user then use this admin API to migrate the data from old user to the new user: https://download.seafile.com/published/web-api/v2.1-admin/accounts.md#user-content-Migrate%20Account.

    "},{"location":"administration/account/#resetting-user-password","title":"Resetting User Password","text":"

    Administrator can reset password for a user in \"System Admin\" page.

    In a private server, the default settings doesn't support users to reset their password by email. If you want to enable this, you have first to set up notification email.

    "},{"location":"administration/account/#forgot-admin-account-or-password","title":"Forgot Admin Account or Password?","text":"

    You may run reset-admin.sh script under seafile-server directory. This script would help you reset the admin account and password. Your data will not be deleted from the admin account, this only unlocks and changes the password for the admin account.

    "},{"location":"administration/account/#user-quota-notice","title":"User Quota Notice","text":"

    Under the seafile-server-latest directory, run ./seahub.sh python-env python seahub/manage.py check_user_quota , when the user quota exceeds 90%, an email will be sent. If you want to enable this, you have first to set up notification email.

    "},{"location":"administration/auditing/","title":"Access log and auditing","text":"

    In the Pro Edition, Seafile offers four audit logs in system admin panel:

    • Login log
    • File access log (including access to shared files)
    • File update log
    • Permission change log

    The logging feature is turned off by default before version 6.0. Add the following option to seafevents.conf to turn it on:

    [Audit]\n## Audit log is disabled default.\n## Leads to additional SQL tables being filled up, make sure your SQL server is able to handle it.\nenabled = true\n

    The audit log data is being saved in seahub_db.

    "},{"location":"administration/backup_recovery/","title":"Backup and Recovery","text":""},{"location":"administration/backup_recovery/#overview","title":"Overview","text":"

    There are generally two parts of data to backup

    • Seafile library data
    • Databases

    If you setup seafile server according to our manual, you should have a directory layout like:

    /opt/seafile\n  --seafile-server-9.0.x # untar from seafile package\n  --seafile-data   # seafile configuration and data (if you choose the default)\n  --seahub-data    # seahub data\n  --logs\n  --conf\n

    All your library data is stored under the '/opt/seafile' directory.

    Seafile also stores some important metadata data in a few databases. The names and locations of these databases depends on which database software you use.

    For SQLite, the database files are also under the '/opt/seafile' directory. The locations are:

    • ccnet/PeerMgr/usermgr.db: contains user information
    • ccnet/GroupMgr/groupmgr.db: contains group information
    • seafile-data/seafile.db: contains library metadata
    • seahub.db: contains tables used by the web front end (seahub)

    For MySQL, the databases are created by the administrator, so the names can be different from one deployment to another. There are 3 databases:

    • ccnet_db: contains user and group information
    • seafile_db: contains library metadata
    • seahub_db: contains tables used by the web front end (seahub)
    "},{"location":"administration/backup_recovery/#backup-steps","title":"Backup steps","text":"

    The backup is a three step procedure:

    1. Optional: Stop Seafile server first if you're using SQLite as database.
    2. Backup the databases;
    3. Backup the seafile data directory;
    "},{"location":"administration/backup_recovery/#backup-order-database-first-or-data-directory-first","title":"Backup Order: Database First or Data Directory First","text":"
    • backup data directory first, SQL later: When you're backing up data directory, some new objects are written and they're not backed up. Those new objects may be referenced in SQL database. So when you restore, some records in the database cannot find its object. So the library is corrupted.
    • backup SQL first, data directory later: Since you backup database first, all records in the database have valid objects to be referenced. So the libraries won't be corrupted. But new objects written to storage when you're backing up are not referenced by database records. So some libraries are out of date. When you restore, some new data are lost.

    The second sequence is better in the sense that it avoids library corruption. Like other backup solutions, some new data can be lost in recovery. There is always a backup window. However, if your storage backup mechanism can finish quickly enough, using the first sequence can retain more data.

    We assume your seafile data directory is in /opt/seafile for binary package based deployment (or /opt/seafile-data for docker based deployment). And you want to backup to /backup directory. The /backup can be an NFS or Windows share mount exported by another machine, or just an external disk. You can create a layout similar to the following in /backup directory:

    /backup\n---- databases/  contains database backup files\n---- data/  contains backups of the data directory\n
    "},{"location":"administration/backup_recovery/#backup-and-restore-for-binary-package-based-deployment","title":"Backup and restore for binary package based deployment","text":""},{"location":"administration/backup_recovery/#backing-up-databases","title":"Backing up Databases","text":"

    It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week.

    MySQL

    Assume your database names are ccnet_db, seafile_db and seahub_db. mysqldump automatically locks the tables so you don't need to stop Seafile server when backing up MySQL databases. Since the database tables are usually very small, it won't take long to dump.

    mysqldump -h [mysqlhost] -u[username] -p[password] --opt ccnet_db > /backup/databases/ccnet-db.sql.`date +\"%Y-%m-%d-%H-%M-%S\"`\n\nmysqldump -h [mysqlhost] -u[username] -p[password] --opt seafile_db > /backup/databases/seafile-db.sql.`date +\"%Y-%m-%d-%H-%M-%S\"`\n\nmysqldump -h [mysqlhost] -u[username] -p[password] --opt seahub_db > /backup/databases/seahub-db.sql.`date +\"%Y-%m-%d-%H-%M-%S\"`\n

    SQLite

    SQLite has not supported since Seafile 11.0

    You need to stop Seafile server first before backing up SQLite database.

    sqlite3 /opt/seafile/ccnet/GroupMgr/groupmgr.db .dump > /backup/databases/groupmgr.db.bak.`date +\"%Y-%m-%d-%H-%M-%S\"`\n\nsqlite3 /opt/seafile/ccnet/PeerMgr/usermgr.db .dump > /backup/databases/usermgr.db.bak.`date +\"%Y-%m-%d-%H-%M-%S\"`\n\nsqlite3 /opt/seafile/seafile-data/seafile.db .dump > /backup/databases/seafile.db.bak.`date +\"%Y-%m-%d-%H-%M-%S\"`\n\nsqlite3 /opt/seafile/seahub.db .dump > /backup/databases/seahub.db.bak.`date +\"%Y-%m-%d-%H-%M-%S\"`\n
    "},{"location":"administration/backup_recovery/#backing-up-seafile-library-data","title":"Backing up Seafile library data","text":"

    The data files are all stored in the /opt/seafile directory, so just back up the whole directory. You can directly copy the whole directory to the backup destination, or you can use rsync to do incremental backup.

    To directly copy the whole data directory,

    cp -R /opt/seafile /backup/data/seafile-`date +\"%Y-%m-%d-%H-%M-%S\"`\n

    This produces a separate copy of the data directory each time. You can delete older backup copies after a new one is completed.

    If you have a lot of data, copying the whole data directory would take long. You can use rsync to do incremental backup.

    rsync -az /opt/seafile /backup/data\n

    This command backup the data directory to /backup/data/seafile.

    "},{"location":"administration/backup_recovery/#restore-from-backup","title":"Restore from backup","text":"

    Now supposed your primary seafile server is broken, you're switching to a new machine. Using the backup data to restore your Seafile instance:

    1. Copy /backup/data/seafile to the new machine. Let's assume the seafile deployment location new machine is also /opt/seafile.
    2. Restore the database.
    3. Since database and data are backed up separately, they may become a little inconsistent with each other. To correct the potential inconsistency, run seaf-fsck tool to check data integrity on the new machine. See seaf-fsck documentation.
    "},{"location":"administration/backup_recovery/#restore-the-databases","title":"Restore the databases","text":"

    Now with the latest valid database backup files at hand, you can restore them.

    MySQL

    mysql -u[username] -p[password] ccnet_db < ccnet-db.sql.2013-10-19-16-00-05\nmysql -u[username] -p[password] seafile_db < seafile-db.sql.2013-10-19-16-00-20\nmysql -u[username] -p[password] seahub_db < seahub-db.sql.2013-10-19-16-01-05\n

    SQLite

    SQLite has not supported since Seafile 11.0

    cd /opt/seafile\nmv ccnet/PeerMgr/usermgr.db ccnet/PeerMgr/usermgr.db.old\nmv ccnet/GroupMgr/groupmgr.db ccnet/GroupMgr/groupmgr.db.old\nmv seafile-data/seafile.db seafile-data/seafile.db.old\nmv seahub.db seahub.db.old\nsqlite3 ccnet/PeerMgr/usermgr.db < usermgr.db.bak.xxxx\nsqlite3 ccnet/GroupMgr/groupmgr.db < groupmgr.db.bak.xxxx\nsqlite3 seafile-data/seafile.db < seafile.db.bak.xxxx\nsqlite3 seahub.db < seahub.db.bak.xxxx\n
    "},{"location":"administration/backup_recovery/#backup-and-restore-for-docker-based-deployment","title":"Backup and restore for Docker based deployment","text":""},{"location":"administration/backup_recovery/#structure","title":"Structure","text":"

    We assume your seafile volumns path is in /opt/seafile-data. And you want to backup to /backup directory.

    The data files to be backed up:

    /opt/seafile-data/seafile/conf  # configuration files\n/opt/seafile-data/seafile/seafile-data # data of seafile\n/opt/seafile-data/seafile/seahub-data # data of seahub\n
    "},{"location":"administration/backup_recovery/#backing-up-database","title":"Backing up Database","text":"
    # It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week.\ncd /backup/databases\ndocker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt ccnet_db > ccnet_db.sql\ndocker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt seafile_db > seafile_db.sql\ndocker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt seahub_db > seahub_db.sql\n
    "},{"location":"administration/backup_recovery/#backing-up-seafile-library-data_1","title":"Backing up Seafile library data","text":""},{"location":"administration/backup_recovery/#to-directly-copy-the-whole-data-directory","title":"To directly copy the whole data directory","text":"
    cp -R /opt/seafile-data/seafile /backup/data/\n
    "},{"location":"administration/backup_recovery/#use-rsync-to-do-incremental-backup","title":"Use rsync to do incremental backup","text":"
    rsync -az /opt/seafile-data/seafile /backup/data/\n
    "},{"location":"administration/backup_recovery/#recovery","title":"Recovery","text":""},{"location":"administration/backup_recovery/#restore-the-databases_1","title":"Restore the databases","text":"
    docker cp /backup/databases/ccnet_db.sql seafile-mysql:/tmp/ccnet_db.sql\ndocker cp /backup/databases/seafile_db.sql seafile-mysql:/tmp/seafile_db.sql\ndocker cp /backup/databases/seahub_db.sql seafile-mysql:/tmp/seahub_db.sql\n\ndocker exec -it seafile-mysql /bin/sh -c \"mysql -u[username] -p[password] ccnet_db < /tmp/ccnet_db.sql\"\ndocker exec -it seafile-mysql /bin/sh -c \"mysql -u[username] -p[password] seafile_db < /tmp/seafile_db.sql\"\ndocker exec -it seafile-mysql /bin/sh -c \"mysql -u[username] -p[password] seahub_db < /tmp/seahub_db.sql\"\n
    "},{"location":"administration/backup_recovery/#restore-the-seafile-data","title":"Restore the seafile data","text":"
    cp -R /backup/data/* /opt/seafile-data/seafile/\n
    "},{"location":"administration/clean_database/","title":"Clean Database","text":""},{"location":"administration/clean_database/#seahub","title":"Seahub","text":""},{"location":"administration/clean_database/#session","title":"Session","text":"

    Use the following command to clear expired session records in Seahub database:

    cd <install-path>/seafile-server-latest\n./seahub.sh python-env python3 seahub/manage.py clearsessions\n
    "},{"location":"administration/clean_database/#activity","title":"Activity","text":"

    Use the following command to clear the activity records:

    use seahub_db;\nDELETE FROM Activity WHERE to_days(now()) - to_days(timestamp) > 90;\n

    The corresponding items in UserActivity will deleted automatically by MariaDB when the foreign keys in Activity table are deleted.

    "},{"location":"administration/clean_database/#login","title":"Login","text":"

    Use the following command to clean the login records:

    use seahub_db;\nDELETE FROM sysadmin_extra_userloginlog WHERE to_days(now()) - to_days(login_date) > 90;\n
    "},{"location":"administration/clean_database/#file-access","title":"File Access","text":"

    Use the following command to clean the file access records:

    use seahub_db;\nDELETE FROM FileAudit WHERE to_days(now()) - to_days(timestamp) > 90;\n
    "},{"location":"administration/clean_database/#file-update","title":"File Update","text":"

    Use the following command to clean the file update records:

    use seahub_db;\nDELETE FROM FileUpdate WHERE to_days(now()) - to_days(timestamp) > 90;\n
    "},{"location":"administration/clean_database/#permisson","title":"Permisson","text":"

    Use the following command to clean the permission change audit records:

    use seahub_db;\nDELETE FROM PermAudit WHERE to_days(now()) - to_days(timestamp) > 90;\n
    "},{"location":"administration/clean_database/#file-history","title":"File History","text":"

    Use the following command to clean the file history records:

    use seahub_db;\nDELETE FROM FileHistory WHERE to_days(now()) - to_days(timestamp) > 90;\n
    "},{"location":"administration/clean_database/#command-clean_db_records","title":"Command clean_db_records","text":"

    Use the following command to simultaneously clean up table records of Activity, sysadmin_extra_userloginlog, FileAudit, FileUpdate, FileHistory, PermAudit, FileTrash 90 days ago:

    cd <install-path>/seafile-server-latest\n./seahub.sh python-env python3 seahub/manage.py clean_db_records\n
    "},{"location":"administration/clean_database/#outdated-library-data","title":"Outdated Library Data","text":"

    Since version 6.2, we offer command to clear outdated library records in Seahub database, e.g. records that are not deleted after a library is deleted. This is because users can restore a deleted library, so we can't delete these records at library deleting time.

    cd <install-path>/seafile-server-latest\n./seahub.sh python-env python3 seahub/manage.py clear_invalid_repo_data\n

    This command has been improved in version 10.0, including:

    1. It will clear the invalid data in small batch, avoiding consume too much database resource in a short time.

    2. Dry-run mode: if you just want to see how much invalid data can be deleted without actually deleting any data, you can use the dry-run option, e.g.

    cd <install-path>/seafile-server-latest\n./seahub.sh python-env python3 seahub/manage.py clear_invalid_repo_data --dry-run=true\n
    "},{"location":"administration/clean_database/#library-sync-tokens","title":"Library Sync Tokens","text":"

    There are two tables in Seafile db that are related to library sync tokens.

    • RepoUserToken contains the authentication tokens used for library syncing. Note that a separate token is created for every client (including sync client and SeaDrive.)
    • RepoTokenPeerInfo contains more information about each client token, such as client name, IP address, last sync time etc.

    When you have many sync clients connected to the server, these two tables can have large number of rows. Many of them are no longer actively used. You may clean the tokens that are not used in a recent period, by the following SQL query:

    delete t,i from RepoUserToken t, RepoTokenPeerInfo i where t.token=i.token and sync_time < xxxx;\n

    xxxx is the UNIX timestamp for the time before which tokens will be deleted.

    To be safe, you can first check how many tokens will be removed:

    select * from RepoUserToken t, RepoTokenPeerInfo i where t.token=i.token and sync_time < xxxx;\n
    "},{"location":"administration/export_report/","title":"Export Report","text":"

    Since version 7.0.8 pro, Seafile provides commands to export reports via command line.

    "},{"location":"administration/export_report/#export-user-traffic-report","title":"Export User Traffic Report","text":"
    cd <install-path>/seafile-server-latest\n./seahub.sh python-env python seahub/manage.py export_user_traffic_report --date 201906\n
    "},{"location":"administration/export_report/#export-user-storage-report","title":"Export User Storage Report","text":"
    cd <install-path>/seafile-server-latest\n./seahub.sh python-env python seahub/manage.py export_user_storage_report\n
    "},{"location":"administration/export_report/#export-file-access-log","title":"Export File Access Log","text":"
    cd <install-path>/seafile-server-latest\n./seahub.sh python-env python seahub/manage.py export_file_access_log --start-date 2019-06-01 --end-date 2019-07-01\n
    "},{"location":"administration/logs/","title":"Logs","text":""},{"location":"administration/logs/#log-files-of-seafile-server","title":"Log files of seafile server","text":"
    • seafile.log: logs of seaf-server
    • controller.log: logs of controller
    • seahub.log: logs from Django framework
    • fileserver.log: logs of the golang file server component
    • seafevents.log: logs for background tasks and office file conversion
    • seahub_email_sender.log: logs for periodically email sending of background tasks
    "},{"location":"administration/logs/#log-files-for-seafile-background-node-in-cluster-mode","title":"Log files for seafile background node in cluster mode","text":"
    • seafile.log: logs of seaf-server
    • controller.log: logs of controller
    • seafevents.log: Empty
    • seafile-background-tasks.log: logs for background tasks and office file convertion
    • seahub_email_sender.log: logs for periodically email sending of background tasks
    "},{"location":"administration/seafile_fsck/","title":"Seafile FSCK","text":"

    On the server side, Seafile stores the files in the libraries in an internal format. Seafile has its own representation of directories and files (similar to Git).

    With default installation, these internal objects are stored in the server's file system directly (such as Ext4, NTFS). But most file systems don't assure the integrity of file contents after a hard shutdown or system crash. So if new Seafile internal objects are being written when the system crashes, they can be corrupt after the system reboots. This will make part of the corresponding library not accessible.

    Warning

    If you store the seafile-data directory in a battery-backed NAS (like EMC or NetApp), or use S3 backend available in the Pro edition, the internal objects won't be corrupt.

    We provide a seaf-fsck.sh script to check the integrity of libraries. The seaf-fsck tool accepts the following arguments:

    cd seafile-server-latest\n./seaf-fsck.sh [--repair|-r] [--export|-E export_path] [repo_id_1 [repo_id_2 ...]]\n

    Tip

    If your Seafile server is deployed by Docker, you have to run the above command in the container:

    docker exec -it seafile bash\n# after entering the container\ncd /scripts\n./seaf-fsck.sh [--repair|-r] [--export|-E export_path] [repo_id_1 [repo_id_2 ...]]\n

    There are three modes of operation for seaf-fsck:

    1. checking integrity of libraries.
    2. repairing corrupted libraries.
    3. exporting libraries.
    "},{"location":"administration/seafile_fsck/#checking-integrity-of-libraries","title":"Checking Integrity of Libraries","text":"

    Running seaf-fsck.sh without any arguments will run a read-only integrity check for all libraries.

    cd seafile-server-latest\n./seaf-fsck.sh\n

    If you want to check integrity for specific libraries, just append the library id's as arguments:

    cd seafile-server-latest\n./seaf-fsck.sh [library-id1] [library-id2] ...\n

    The output looks like:

    [02/13/15 16:21:07] fsck.c(470): Running fsck for repo ca1a860d-e1c1-4a52-8123-0bf9def8697f.\n[02/13/15 16:21:07] fsck.c(413): Checking file system integrity of repo fsck(ca1a860d)...\n[02/13/15 16:21:07] fsck.c(35): Dir 9c09d937397b51e1283d68ee7590cd9ce01fe4c9 is missing.\n[02/13/15 16:21:07] fsck.c(200): Dir /bf/pk/(9c09d937) is corrupted.\n[02/13/15 16:21:07] fsck.c(105): Block 36e3dd8757edeb97758b3b4d8530a4a8a045d3cb is corrupted.\n[02/13/15 16:21:07] fsck.c(178): File /bf/02.1.md(ef37e350) is corrupted.\n[02/13/15 16:21:07] fsck.c(85): Block 650fb22495b0b199cff0f1e1ebf036e548fcb95a is missing.\n[02/13/15 16:21:07] fsck.c(178): File /01.2.md(4a73621f) is corrupted.\n[02/13/15 16:21:07] fsck.c(514): Fsck finished for repo ca1a860d.\n

    The corrupted files and directories are reported.

    Sometimes you can see output like the following:

    [02/13/15 16:36:11] Commit 6259251e2b0dd9a8e99925ae6199cbf4c134ec10 is missing\n[02/13/15 16:36:11] fsck.c(476): Repo ca1a860d HEAD commit is corrupted, need to restore to an old version.\n[02/13/15 16:36:11] fsck.c(314): Scanning available commits...\n[02/13/15 16:36:11] fsck.c(376): Find available commit 1b26b13c(created at 2015-02-13 16:10:21) for repo ca1a860d.\n

    This means the \"head commit\" (current state of the library) recorded in database is not consistent with the library data. In such case, fsck will try to find the last consistent state and check the integrity in that state.

    Tip

    If you have many libraries, it's helpful to save the fsck output into a log file for later analysis.

    "},{"location":"administration/seafile_fsck/#repairing-corruption","title":"Repairing Corruption","text":"

    Corruption repair in seaf-fsck basically works in two steps:

    1. If the library state (commit) recorded in database is not found in data directory, find the last available state from data directory.
    2. Check data integrity in that specific state. If files or directories are corrupted, set them to empty files or empty directories. The corrupted paths will be reported, so that the user can recover them from somewhere else.

    Running the following command repairs all the libraries:

    cd seafile-server-latest\n./seaf-fsck.sh --repair\n

    Most of time you run the read-only integrity check first, to find out which libraries are corrupted. And then you repair specific libraries with the following command:

    cd seafile-server-latest\n./seaf-fsck.sh --repair [library-id1] [library-id2] ...\n

    After repairing, in the library history, seaf-fsck includes the list of files and folders that are corrupted. So it's much easier to located corrupted paths.

    "},{"location":"administration/seafile_fsck/#best-practice-for-repairing-a-library","title":"Best Practice for Repairing a Library","text":"

    To check all libraries and find out which library is corrupted, the system admin can run seaf-fsck.sh without any argument and save the output to a log file. Search for keyword \"Fail\" in the log file to locate corrupted libraries. You can run seaf-fsck to check all libraries when your Seafile server is running. It won't damage or change any files.

    When the system admin find a library is corrupted, he/she should run seaf-fsck.sh with \"--repair\" for the library. After the command fixes the library, the admin should inform user to recover files from other places. There are two ways:

    • Upload corrupted files or folders via the web interface
    • If the library was synced to some desktop computer, and that computer has a correct version of the corrupted file, resyncing the library on that computer will upload the corrupted files to the server.
    "},{"location":"administration/seafile_fsck/#speeding-up-fsck-by-not-checking-file-contents","title":"Speeding up FSCK by not checking file contents","text":"

    Starting from Pro edition 7.1.5, an option is added to speed up FSCK. Most of the running time of seaf-fsck is spent on calculating hashes for file contents. This hash will be compared with block object ID. If they're not consistent, the block is detected as corrupted.

    In many cases, the file contents won't be corrupted most of time. Some objects are just missing from the system. So it's enough to only check for object existence. This will greatly speed up the fsck process.

    To skip checking file contents, add the \"--shallow\" or \"-s\" option to seaf-fsck.

    "},{"location":"administration/seafile_fsck/#exporting-libraries-to-file-system","title":"Exporting Libraries to File System","text":"

    You can use seaf-fsck to export all the files in libraries to external file system (such as Ext4). This procedure doesn't rely on the seafile database. As long as you have your seafile-data directory, you can always export your files from Seafile to external file system.

    The command syntax is

    cd seafile-server-latest\n./seaf-fsck.sh --export top_export_path [library-id1] [library-id2] ...\n

    The argument top_export_path is a directory to place the exported files. Each library will be exported as a sub-directory of the export path. If you don't specify library ids, all libraries will be exported.

    Currently only un-encrypted libraries can be exported. Encrypted libraries will be skipped.

    "},{"location":"administration/seafile_gc/","title":"Seafile GC","text":"

    Seafile uses storage de-duplication technology to reduce storage usage. The underlying data blocks will not be removed immediately after you delete a file or a library. As a result, the number of unused data blocks will increase on Seafile server.

    To release the storage space occupied by unused blocks, you have to run a \"garbage collection\" program to clean up unused blocks on your server.

    The GC program cleans up two types of unused blocks:

    1. Blocks that no library references to, that is, the blocks belong to deleted libraries;
    2. If you set history length limit on some libraries, the out-dated blocks in those libraries will also be removed.
    "},{"location":"administration/seafile_gc/#run-gc","title":"Run GC","text":""},{"location":"administration/seafile_gc/#dry-run-mode","title":"Dry-run Mode","text":"

    To see how much garbage can be collected without actually removing any garbage, use the dry-run option:

    seaf-gc.sh --dry-run [repo-id1] [repo-id2] ...\n

    The output should look like:

    [03/19/15 19:41:49] seafserv-gc.c(115): GC version 1 repo My Library(ffa57d93)\n[03/19/15 19:41:49] gc-core.c(394): GC started. Total block number is 265.\n[03/19/15 19:41:49] gc-core.c(75): GC index size is 1024 Byte.\n[03/19/15 19:41:49] gc-core.c(408): Populating index.\n[03/19/15 19:41:49] gc-core.c(262): Populating index for repo ffa57d93.\n[03/19/15 19:41:49] gc-core.c(308): Traversed 5 commits, 265 blocks.\n[03/19/15 19:41:49] gc-core.c(440): Scanning unused blocks.\n[03/19/15 19:41:49] gc-core.c(472): GC finished. 265 blocks total, about 265 reachable blocks, 0 blocks can be removed.\n\n[03/19/15 19:41:49] seafserv-gc.c(115): GC version 1 repo aa(f3d0a8d0)\n[03/19/15 19:41:49] gc-core.c(394): GC started. Total block number is 5.\n[03/19/15 19:41:49] gc-core.c(75): GC index size is 1024 Byte.\n[03/19/15 19:41:49] gc-core.c(408): Populating index.\n[03/19/15 19:41:49] gc-core.c(262): Populating index for repo f3d0a8d0.\n[03/19/15 19:41:49] gc-core.c(308): Traversed 8 commits, 5 blocks.\n[03/19/15 19:41:49] gc-core.c(264): Populating index for sub-repo 9217622a.\n[03/19/15 19:41:49] gc-core.c(308): Traversed 4 commits, 4 blocks.\n[03/19/15 19:41:49] gc-core.c(440): Scanning unused blocks.\n[03/19/15 19:41:49] gc-core.c(472): GC finished. 5 blocks total, about 9 reachable blocks, 0 blocks can be removed.\n\n[03/19/15 19:41:49] seafserv-gc.c(115): GC version 1 repo test2(e7d26d93)\n[03/19/15 19:41:49] gc-core.c(394): GC started. Total block number is 507.\n[03/19/15 19:41:49] gc-core.c(75): GC index size is 1024 Byte.\n[03/19/15 19:41:49] gc-core.c(408): Populating index.\n[03/19/15 19:41:49] gc-core.c(262): Populating index for repo e7d26d93.\n[03/19/15 19:41:49] gc-core.c(308): Traversed 577 commits, 507 blocks.\n[03/19/15 19:41:49] gc-core.c(440): Scanning unused blocks.\n[03/19/15 19:41:49] gc-core.c(472): GC finished. 507 blocks total, about 507 reachable blocks, 0 blocks can be removed.\n\n[03/19/15 19:41:50] seafserv-gc.c(124): === Repos deleted by users ===\n[03/19/15 19:41:50] seafserv-gc.c(145): === GC is finished ===\n\n[03/19/15 19:41:50] Following repos have blocks to be removed:\nrepo-id1\nrepo-id2\nrepo-id3\n

    If you give specific library ids, only those libraries will be checked; otherwise all libraries will be checked.

    repos have blocks to be removed

    Notice that at the end of the output there is a \"repos have blocks to be removed\" section. It contains the list of libraries that have garbage blocks. Later when you run GC without --dry-run option, you can use these libraris ids as input arguments to GC program.

    "},{"location":"administration/seafile_gc/#removing-garbage","title":"Removing Garbage","text":"

    To actually remove garbage blocks, run without the --dry-run option:

    seaf-gc.sh [repo-id1] [repo-id2] ...\n

    If libraries ids are specified, only those libraries will be checked for garbage.

    As described before, there are two types of garbage blocks to be removed. Sometimes just removing the first type of blocks (those that belong to deleted libraries) is good enough. In this case, the GC program won't bother to check the libraries for outdated historic blocks. The \"-r\" option implements this feature:

    seaf-gc.sh -r\n

    Success

    Libraries deleted by the users are not immediately removed from the system. Instead, they're moved into a \"trash\" in the system admin page. Before they're cleared from the trash, their blocks won't be garbage collected.

    "},{"location":"administration/seafile_gc/#removing-fs-objects","title":"Removing FS objects","text":"

    Since Pro server 8.0.6 and community edition 9.0, you can remove garbage fs objects. It should be run without the --dry-run option:

    seaf-gc.sh --rm-fs\n

    Bug reports

    This command has bug before Pro Edition 10.0.15 and Community Edition 11.0.7. It could cause virtual libraries (e.g. shared folders) failing to merge into their parent libraries. Please avoid using this option in the affected versions. Please contact our support team if you are affected by this bug.

    "},{"location":"administration/seafile_gc/#using-multiple-threads-in-gc","title":"Using Multiple Threads in GC","text":"

    You can specify the thread number in GC. By default,

    • If storage backend is S3/Swift/Ceph, 10 threads are started to do the GC work.
    • If storage backend is file system, only 1 thread is started.

    You can specify the thread number in with \"-t\" option. \"-t\" option can be used together with all other options. Each thread will do GC on one library. For example, the following command will use 20 threads to GC all libraries:

    seaf-gc.sh -t 20\n

    Since the threads are concurrent, the output of each thread may mix with each others. Library ID is printed in each line of output.

    "},{"location":"administration/seafile_gc/#run-gc-based-on-library-id-prefix","title":"Run GC based on library ID prefix","text":"

    Since GC usually runs quite slowly as it needs to traverse the entire library history. You can use multiple threads to run GC in parallel. For even larger deployments, it's also desirable to run GC on multiple server in parallel.

    A simple pattern to divide the workload among multiple GC servers is to assign libraries to servers based on library ID. Since Pro edition 7.1.5, this is supported. You can add \"--id-prefix\" option to seaf-gc.sh, to specify the library ID prefix. For example, the below command will only process libraries having \"a123\" as ID prefix.

    seaf-gc.sh --id-prefix a123\n
    "},{"location":"administration/seafile_gc/#gc-in-seafile-docker-container","title":"GC in Seafile docker container","text":"

    To perform garbage collection inside the seafile docker container, you must run the /scripts/gc.sh script. Simply run docker exec <whatever-your-seafile-container-is-called> /scripts/gc.sh.

    "},{"location":"administration/security_features/","title":"Security Questions","text":""},{"location":"administration/security_features/#how-is-the-connection-between-client-and-server-encrypted","title":"How is the connection between client and server encrypted?","text":"

    Seafile uses HTTP(S) to syncing files between client and server (Since version 4.1.0).

    "},{"location":"administration/security_features/#encrypted-library","title":"Encrypted Library","text":"

    Seafile provides a feature called encrypted library to protect your privacy. The file encryption/decryption is performed on client-side when using the desktop client for file synchronization. The password of an encrypted library is not stored on the server. Even the system admin of the server can't view the file contents.

    There are a few limitation about this feature:

    1. File metadata is NOT encrypted. The metadata includes: the complete list of directory and file names, every files size, the history of editors, when, and what byte ranges were altered.
    2. The client side encryption does currently NOT work while using the web browser and the cloud file explorer of the desktop client. When you are browsing encrypted libraries via the web browser or the cloud file explorer, you need to input the password and the server is going to use the password to decrypt the \"file key\" for the library (see description below) and cache the password in memory for one hour. The plain text password is never stored or cached on the server.
    3. If you create an encrypted library on the web interface, the library password and encryption keys will pass through the server. If you want end-to-end protection, you should create encrypted libraries from desktop client only.
    4. For encryption protocol version 3 or newer, each library use its own salt to derive key/iv pairs. However, all files within a library shares the same salt. Likewise, all the files within a library are encrypted with the same key/iv pair. With encryption protocol version <= 2, all libraries use the same salt, but separate key/iv pairs.
    5. Encrypted library doesn't ensure file integrity. For example, the server admin can still partially change the contents of files in an encrypted library. The client is not able to detect such changes to contents.

    The client side encryption works on iOS client since version 2.1.6. The Android client support client side encryption since version 2.1.0.

    "},{"location":"administration/security_features/#how-does-an-encrypted-library-work","title":"How does an encrypted library work?","text":"

    When you create an encrypted library, you'll need to provide a password for it. All the data in that library will be encrypted with the password before uploading it to the server (see limitations above).

    The encryption procedure is:

    1. Generate a 32-byte long cryptographically strong random number. This will be used as the file encryption key (\"file key\").
    2. Encrypt the file key with the user provided password. We first use PBKDF2 algorithm (1000 iterations of SHA256) to derive a key/iv pair from the password, then use AES 256/CBC to encrypt the file key. The result is called the \"encrypted file key\". This encrypted file key will be sent to and stored on the server. When you need to access the data, you can decrypt the file key from the encrypted file key.
    3. All file data is encrypted by the file key with AES 256/CBC. We use PBKDF2 algorithm (1000 iterations of SHA256) to derive key/iv pair from the file key. After encryption, the data is uploaded to the server.

    The above encryption procedure can be executed on the desktop and the mobile client. The Seahub browser client uses a different encryption procedure that happens at the server. Because of this your password will be transferred to the server.

    When you sync an encrypted library to the desktop, the client needs to verify your password. When you create the library, a \"magic token\" is derived from the password and library id. This token is stored with the library on the server side. The client use this token to check whether your password is correct before you sync the library. The magic token is generated by PBKDF2 algorithm with 1000 iterations of SHA256 hash.

    For maximum security, the plain-text password won't be saved on the client side, too. The client only saves the key/iv pair derived from the \"file key\", which is used to decrypt the data. So if you forget the password, you won't be able to recover it or access your data on the server.

    "},{"location":"administration/security_features/#why-fileserver-delivers-every-content-to-everybody-knowing-the-content-url-of-an-unshared-private-file","title":"Why fileserver delivers every content to everybody knowing the content URL of an unshared private file?","text":"

    When a file download link is clicked, a random URL is generated for user to access the file from fileserver. This url can only be access once. After that, all access will be denied to the url. So even if someone else happens to know about the url, he can't access it anymore.

    "},{"location":"administration/security_features/#how-does-seafile-store-user-login-password","title":"How does Seafile store user login password?","text":"

    User login passwords are stored in hash form only. Note that user login password is different from the passwords used in encrypted libraries. In the database, its format is

    PBKDF2SHA256$iterations$salt$hash\n

    The record is divided into 4 parts by the $ sign.

    • The first part is the used hash algorithm. Currently we use PBKDF2 with SHA256. It can be changed to an even stronger algorithm if needed.
    • The second part is the number of iterations of the hash algorithm
    • The third part is the random salt used to generate the hash
    • The fourth part is the final hash generated from the password

    To calculate the hash:

    • First, generate a 32-byte long cryptographically strong random number, use it as the salt.
    • Calculate the hash with PBKDF2(password, salt, iterations). The number of iterations is currently 10000.
    "},{"location":"administration/two_factor_authentication/","title":"Two-Factor Authentication","text":"

    Starting from version 6.0, we added Two-Factor Authentication to enhance account security.

    There are two ways to enable this feature:

    • System admin can tick the check-box at the \"Password\" section of the system settings page, or

    • just add the following settings to seahub_settings.py and restart service. 

      ENABLE_TWO_FACTOR_AUTH = True\nTWO_FACTOR_DEVICE_REMEMBER_DAYS = 30  # optional, default 90 days.\n

    After that, there will be a \"Two-Factor Authentication\" section in the user profile page.

    Users can use the Google Authenticator app on their smart-phone to scan the QR code.

    "},{"location":"changelog/changelog-for-seafile-professional-server-old/","title":"Seafile Professional Server Changelog (old)","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#44","title":"4.4","text":"

    Note: Two new options are added in version 4.4, both are in seahub_settings.py

    • SHOW_TRAFFIC: default is True, set to False if you what to hide public link traffic in profile
    • SHARE_LINK_PASSWORD_MIN_LENGTH: default is 8

    This version contains no database table change.

    "},{"location":"changelog/changelog-for-seafile-professional-server-old/#449-20160229","title":"4.4.9 (2016.02.29)","text":"
    • [fix] Show \u201cout of quota\u201d instead of \u201cDERP\u201d in the case of out of quota when uploading files via web interface
    "},{"location":"changelog/changelog-for-seafile-professional-server-old/#448-20151217","title":"4.4.8 (2015.12.17)","text":"
    • [security] Fix password check for visiting a file in folder sharing link
    "},{"location":"changelog/changelog-for-seafile-professional-server-old/#447-20151120","title":"4.4.7 (2015.11.20)","text":"
    • [fix] Fix viewing PDF files via Office Web App
    • [fix, virus scan] Do not scanning deleted libraries in virus scan
    • [fix, virus scan] Fix showing the virus scan page when libraries containing scanned items are deleted
    • [virus scan] Add more debug information for virus scan
    • [fix] Clean cache when set users' name from web API
    • [fix] Fix a performance problem for generating picture thumbnails from folder sharing link
    "},{"location":"changelog/changelog-for-seafile-professional-server-old/#446-20151109","title":"4.4.6 (2015.11.09)","text":"
    • [security] Fix a XSS problem in raw sharing link
    • [fix] Delete sharing links when deleting a library
    • [fix] Clean Seafile tables when deleting a library
    • [fix] Add tag to the link in upload folder email notification
    • [fix] Fix a bug in creating a library (after submit a wrong password, the submit button is no longer clickable)
    • [fix, pro] Fix a bug in listing FileUpdate audit log
    • [security, pro] Don't online preview for office files in encrypted libraries
      • "},{"location":"changelog/changelog-for-seafile-professional-server-old/#445-20151030","title":"4.4.5 (2015.10.30)","text":"
      • [fix] Fix a bug in deleting sharing link in sharing dialog.
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#444-20151029","title":"4.4.4 (2015.10.29)","text":"
      • [fix] Fix support for syncing old formatted libraries
      • Remove commit and fs objects in GC for deleted libraries
      • Add \"transfer\" operation to library list in \"admin panel->a single user\"
      • [fix] Fix the showing of the folder name for upload link generated from the root of a library
      • [fix] Add access log for online file preview
      • [fix] Fix permission settings for a sub-folder of a shared sub-folder

      LDAP improvements and fixes

      • Only import LDAP users to Seafile internal database upon login
      • Only list imported LDAP users in \"organization->members\"
      • Add option to not import users via LDAP Sync (Only update information for already imported users). The option name is IMPORT_NEW_USER. See document http://manual.seafile.com/deploy/ldap_user_sync.html (url might deprecated)
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#443-20151020","title":"4.4.3 (2015.10.20)","text":"
      • [fix] Remove regenerate secret key in update script
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#442-20151019","title":"4.4.2 (2015.10.19)","text":"
      • [security] Check validity of file object id to avoid a potential attack
      • [fix] Check the validity of system default library template, if it is broken, recreate a new one.
      • [fix] After transfer a library, remove original sharing information
      • [security] Fix possibility to bypass Captcha check
      • [security] More security fixes.
      • [pro] Enable syncing a sub-sub-folder of a shared sub-folder (For example, if you share library-A/sub-folder-B to a group, other group members can selectively sync sub-folder-B/sub-sub-folder-C)
      • [fix, office preview] Handle the case that \"/tmp/seafile-office-output\"is removed by operating system
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#441-beta-20150924","title":"4.4.1 beta (2015.09.24)","text":"
      • [fix] Fix a bug in setting an user's language
      • [fix] Show detailed failed information when sharing libraries failed
      • [api] Add API to list folders in a folder recursively
      • [api] Add API to list only folders in a folder
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#440-beta-20150921","title":"4.4.0 beta (2015.09.21)","text":"

      New features:

      • Allow group names with spaces
      • Enable generating random password when adding an user
      • Add option SHARE_LINK_PASSWORD_MIN_LENGTH
      • Add sorting in share link management page
      • Other UI improvements

      Pro only:

      • Integrate Office Web Apps server
      • Integrate virus scan
      • Support resumable upload (turn off by default)
      • Add option to hide public link traffic in profile (SHOW_TRAFFIC)

      Fixes:

      • [fix] Fix a bug that causing duplications in table LDAPImport
      • set locale when Seahub start to avoid can't start Seahub problem in a few environments.
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#43","title":"4.3","text":"

      Note: this version contains no database table change from v4.2. But the old search index will be deleted and regenerated.

      Note when upgrading from v4.2 and using cluster, a new option COMPRESS_CACHE_BACKEND = 'locmem://' should be added to seahub_settings.py

      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#434-20150914","title":"4.3.4 (2015.09.14)","text":"
      • [fix] Fix a bug in file locking
      • [fix] Fix sub-folder permission check for file rename/move
      • [fix] Fix a bug in active number of users checking
      • Show total/active number of users in admin panel
      • Counts all downloads into traffic statistics
      • [security] Use POST request to handle password reset request to avoid CSRF attack
      • Don't show password reset link for LDAP users
      • [ui] Small improvements
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#433-20150821","title":"4.3.3 (2015.08.21)","text":"
      • [fix, important] Bug-fix and improvements for seaf-fsck
      • [fix, important] Improve I/O error handling for file operations on web interface
      • Update shared information when a sub-folder is renamed
      • [fix] Fix bug of list file revisions
      • [fix] Fix syncing sub-folder of encrypted library
      • Update translations
      • [ui] Small improvements
      • [fix] Fix modification operations for system default library by admin
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#432-20150812","title":"4.3.2 (2015.08.12)","text":"
      • Update translations
      • [fix] Fix bug in showing German translation
      • [fix] Fix bug when remove shared link at library settings page
      • [fix] Fix api error in opCopy/opMove
      • Old library page (used by admin in admin panel): removed 'thumbnail' & 'preview' for image files
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#431-20150731","title":"4.3.1 (2015.07.31)","text":"
      • [fix] Fix generating image thumbnail
      • [ui] Improve UI for sharing link page, login page, file upload link page
      • [security] Clean web sessions when reset an user's password
      • Delete the user's libraries when deleting an user
      • Show link expiring date in sharing link management page
      • [admin] In a user's admin page, showing libraries' size and last modify time
      • [fix, api] Fix star file API
      • [pro, beta] Add \"Open via Client\" to enable calling local program to open a file at the web

      About \"Open via Client\": The web interface will call Seafile desktop client via \"seafile://\" protocol to use local program to open a file. If the file is already synced, the local file will be opened. Otherwise it is downloaded and uploaded after modification. Need client version 4.3.0+

      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#430-20150725","title":"4.3.0 (2015.07.25)","text":"

      Usability improvements

      • [ui] Improve ui for file view page
      • [ui] Improve ui for sorting files and libraries
      • Redesign sharing dialog
      • Enable generating random password for sharing link
      • Remove direct file sharing between users (You can use sharing link instead)

      Pro only features:

      • Add file locking
      • [fix] Fix file name search for Chinese and other Asia language
      • [fix] Support special password for MySQL database in seafevents

      Others

      • [security] Improve permission check in image thumbnail
      • [security] Regenerate Seahub secret key, the old secret key lack enough randomness
      • Remove the support of \".seaf\" format
      • [api] Add API for generating sharing link with password and expiration
      • [api] Add API for generating uploading link
      • [api] Add API for link files in sharing link
      • Don't listen on 10001 and 12001 by default.
      • Change the setting of THUMBNAIL_DEFAULT_SIZE from string to number, i.e., use THUMBNAIL_DEFAULT_SIZE = 24, instead of THUMBNAIL_DEFAULT_SIZE = '24'
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#42","title":"4.2","text":"

      Note: because Seafile has changed the way how office preview work in version 4.2.2, you need to clean the old generated files using the command:

      rm -rf /tmp/seafile-office-output/html/\n
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#424-20150708","title":"4.2.4 (2015.07.08)","text":"
      • More fix on showing share link management page
      • Fix a bug on doc/ppt preview
      • Fix a bug in reading last login time
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#423-20150707","title":"4.2.3 (2015.07.07)","text":"
      • Fix translation problem for German and other language
      • Remove \"open locally\" feature. It needs more testing
      • Fix a problem in showing share link management page
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#422-20150703","title":"4.2.2 (2015.07.03)","text":"
      • [fix] Fix file uploading link
      • Add LDAP user sync
      • Improve preview for office files (doc/docx/ppt/pptx)

      In the old way, the whole file is converted to HTML5 before returning to the client. By converting an office file to HTML5 page by page, the first page will be displayed faster. By displaying each page in a separate frame, the quality for some files is improved too.

      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#421-20150630","title":"4.2.1 (2015.06.30)","text":"

      Improved account management

      • Add global address book and remove the contacts module (You can disable it if you use CLOUD_MODE by adding ENABLE_GLOBAL_ADDRESSBOOK = False in seahub_settings.py)
      • List users imported from LDAP
      • [guest] Enable guest user by default
      • [guest] Guest user can't generate share link
      • Don't count inactive users as licensed users

      Important

      • [fix] Fix viewing sub-folders for password protected sharing
      • [fix] Fix viewing starred files
      • [fix] Fix support of uploading multiple files in clients' cloud file browser
      • Improve security of password resetting link
      • Remove user private message feature

      New features

      • Enable syncing any folder for an encrypted library
      • Add open file locally (open file via desktop client)

      Others

      • [fix] Fix permission checking for sub-folder permissions
      • Change \"quit\" to \"Leave group\"
      • Clean inline CSS
      • Use image gallery module in sharing link for folders containing images
      • [api] Update file details api, fix error
      • Enable share link file download token available for multiple downloads
      • [fix] Fix visiting share link whose original path is deleted
      • Hide enable sub-library option since it is not meaningless for Pro edition
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#420-20150529","title":"4.2.0 (2015.05.29)","text":"

      Pro only updates

      • [new] Support set permission on every sub-folder
      • [search] Support partial match like \"com\" matching \"communication\" in file name
      • [search] The search result page is much clean

      Usability

      • Add direct file download link
      • Remove showing of library description
      • Don't require library description
      • Keep left navigation bar when navigate into a library
      • Generate share link for the root of a library
      • Add loading tip in picture preview page

      Security Improvement

      • Remove access tokens (all clients will log out) when a users password changed
      • Temporary file access tokens can only be used once
      • sudo mode: confirm password before doing sysadmin work

      Platform

      • Use HTTP/HTTPS sync only, no longer use TCP sync protocol
      • Support byte-range requests
      • Automatically clean of trashed libraries
      • [ldap] Save user information into local DB after login via LDAP
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#41","title":"4.1","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#412-20150507","title":"4.1.2 (2015.05.07)","text":"
      • [fix] Fix bug in syncing LDAP groups
      • [fix] Fix bug in viewing PDF/Doc
      • [fix] Fix crash bug when memcache is full
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#411-20150416","title":"4.1.1 (2015.04.16)","text":"
      • [fix] Fix Webdav's port can't be changed to non default port (8082)
      • [fix, searching] Fix handling invalid path name when indexing
      • [fix] Fix seaf-fsck for swift/s3/ceph backend
      • Do not show \"this type of file can't be viewed online\"
      • [fix] Fix showing of activity feed in mobile device
      • [fix] Fix viewing sharing link for deleted directories
      • Log email sending in background task to seahub_email_sender.log
      • Improve shibboleth login by supporting \"next\" parameter in URL
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#410-20150401","title":"4.1.0 (2015.04.01)","text":"

      Pro only updates

      • Support syncing any sub-folder in the desktop client
      • Add audit log, see http://manual.seafile.com/security/auditing.html (url might deprecated). This feature is turned off by default. To turn it on, see http://manual.seafile.com/deploy_pro/configurable_options.html (url might deprecated)
      • Syncing LDAP groups
      • Add permission setting for a sub-folder (beta)

      Updates in community edition too

      • [fix] Fix image thumbnail in sharing link
      • Show detailed time when mouse over a relative time
      • Add trashed libraries (deleted libraries will first be put into trashed libraries where system admin can restore)
      • Improve seaf-gc.sh
      • Redesign fsck.
      • Add API to support logout/login an account in the desktop client
      • Add API to generate thumbnails for images files
      • Clean syncing tokens after deleting an account
      • Change permission of seahub_settings.py, ccnet.conf, seafile.conf to 0600
      • Update Django to v1.5.12
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#40","title":"4.0","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#406-20150306","title":"4.0.6 (2015.03.06)","text":"
      • [fix] Fix the seafevents not shutdown by seafile.sh problem
      • Improved shibboleth support
      • [fix] Fix uploading a directory if the top directory only contains sub-folders (no files)
      • Improve thumbnail API
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#405-20150213","title":"4.0.5 (2015.02.13)","text":"
      • [fix] Fix a crash problem when a client tries to upload corrupted data
      • Add image thumbnails
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#404-20150205","title":"4.0.4 (2015.02.05)","text":"

      Important

      • [fix] Fix transfer library error in sysadmin page
      • [fix] Fix showing of space used in sysadmin page for LDAP users
      • [fix] Fix preview office files in file share links and private share
      • Improved trash listing performance

      Small

      • [webdav] list organisation public libraries
      • Disable non-shibboleth login for shibboleth users
      • [fix] Fix wrong timestamp in file view page for files in sub-library
      • Add Web API for thumbnail
      • Add languages for Thai and Turkish, update a few translations
      • [ldap] Following referrals
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#403-20150115","title":"4.0.3 (2015.01.15)","text":"
      • [fix] Fix memory leak in HTTP syncing
      • Repo owner can restore folders/files from library snapshot
      • Update translations
      • [ldap] Make the \"page result\" support turn off by default to be compatible with community edition.
      • Only repo owner can restore a library to a snapshot
      • [fix] Remote redundant logs in seaf-server
      • [fix] Raise 404 when visiting an non-existing folder
      • [fix] Enable add admin when LDAP is enabled
      • Add API to get server features information (what features are supported by this server)
      • [fix] Fix throttle for /api2/ping
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#402-20150106","title":"4.0.2 (2015.01.06)","text":"
      • [fix] Fix syncing sub-library with HTTP protocol
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#401-20141229","title":"4.0.1 (2014.12.29)","text":"
      • Add Shibboleth support (beta)
      • Improve libraries page loading speed by adding cache for library
      • [fix] Fix performance problem of FUSE when using ceph/swift backend
      • [fix] Fix folder upload by drap&drop
      • [fix] Fix version check for pro edition
      • [fix] Fix performance problem in listing files API
      • [fix] Fix listing files of a large folder
      • [fix] Fix folder sharing link with password protection
      • [fix] Fix deleting broken libraries in the system admin panel
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#400-20141213","title":"4.0.0 (2014.12.13)","text":"
      • Add HTTP syncing support
      • Merge FileServer into seaf-server
      • [web] New upload file dialog
      • [search] Improve the speed of search by removing in-efficient code in calculating file modification time in the search result page.
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#31","title":"3.1","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#3113-20141125","title":"3.1.13 (2014.11.25)","text":"
      • Add WMV video file preview on web
      • Support office documents online preview in cluster deployment
      • [fix] Fix file private sharing bug when file name contains &
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#3112-20141117","title":"3.1.12 (2014.11.17)","text":"
      • Update ElasticSearch to v1.4
      • Limit content search of txt file to 100KB.
      • Fix \"out of memory\" problem.
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#3111-20141103","title":"3.1.11 (2014.11.03)","text":"
      • [fix] Fixed ./seaf-gc.sh to run online GC
      • [fix] Fixed showing libraries with same name in WebDAV extension in some specific Python version
      • [fix] Fixed event timestamp for library creation and library deleting events
      • [fix] Don't allow setting an encrypted library as default library
      • [fix] Don't list unregistered contacts in sharing dialog
      • Don't list inactive users in \"organization->members\"
      • [multi-tenancy] Add webdav support
      • Autoupload files when added in web interface
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#3110-20141027","title":"3.1.10 (2014.10.27)","text":"
      • Online GC: you don't need to shutdown Seafile server to perform GC
      • [fix] Fixed performance problem in WebDAV extension
      • [fix] Fixed quota check in WebDAV extension
      • [fix] Fixed showing libraries with same name in WebDAV extension
      • Add \"clear\" button in a library's trash
      • [fix] Fix small errors when upload files via Web interface
      • [fix] Fix moving/coping files when the select all file checkbox is checked
      • [multi-tenancy] Listing libraries of an organization
      • [multi-tenancy] Enable rename an organization
      • [multi-tenancy] Prevent the deleting of creator account of an organisation
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#319-20141013","title":"3.1.9 (2014.10.13)","text":"
      • [ldap] split LDAP and Database in organization -> pubuser
      • [ldap] Support pagination for loading users from LDAP
      • [multi-tenancy] fix quota related bugs
      • [office preview] Fix seafevents not start bug when using Python v2.6
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#317-318","title":"3.1.7, 3.1.8","text":"
      • Add support for multi-tenancy
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#316-20140916","title":"3.1.6 (2014.09.16)","text":"
      • Add access.log for file download
      • [fix, api] Fix bug in group creation
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#315-20140913","title":"3.1.5 (2014.09.13)","text":"
      • Add multi-tenancy support
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#314-20140911","title":"3.1.4 (2014.09.11)","text":"
      • [fix] Fix bug in uploading >1GB files via Web
      • [fix] Remove assert in Ccnet to avoid denial-of-service attack
      • [fix] Add the missing ./seaf-gc.sh
      • Support two modes of license, life-time and subscription
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#313-20140829","title":"3.1.3 (2014.08.29)","text":"
      • [fix] Fix multi-file upload in upload link and library page
      • [fix] Fix libreoffice file online view
      • Add 'back to top' for pdf file view.
      • [fix] Fix \"create sub-library\" button under some language
      • [fix popup] Fix bug in set single notice as read.
      • Add message content to notification email
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#312-20140827","title":"3.1.2 (2014.08.27)","text":"
      • [fix] Fix support for guest account
      • [fix, security] Fix permission check for PDF full screen view
      • [fix] Fix copy/move multiple files in web
      • Improve UI for group reply notification
      • Improve seaf-fsck, seaf-fsck now can fix commit missing problem
      • [security improve] Access token generated by FileServer can only be used once.
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#311-20140818","title":"3.1.1 (2014.08.18)","text":"
      • [fix] Fix memory leak
      • [fix] Fix a memory not initialized problem which may cause sync problem under heavy load.
      • [fix, search] Closing database connection first before indexing
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#310-20140815","title":"3.1.0 (2014.08.15)","text":"

      Pro edition only:

      • [search] Enable searching directories
      • [search] Enable search groups in organization tab
      • [search] Enable encrypted libraries (filename only)
      • [search, fix] Fix a bug when indexing a large library
      • [preview,fix] Fix document preview for Excel files in sharing links
      • [user] Enable add users as guests. Guests are only able to use libraries shared to him/her.
      • [user] Enable set users password strength requirement
      • [sharing link] Enable set expiring time for sharing links
      • [sharing link] Library owner can manage all share links from this library

      Syncing

      • Improve performance: easily syncing 10k+ files in a library.
      • Don't need to download files if they are moved to another directory.

      Platform

      • Rename HttpServer to FileServer to remove confusing.
      • Support log rotate
      • Use unix domain socket in ccnet to listen for local connections. This isolates the access to ccnet daemon for different users.
      • Delete old PID files when stop Seafile
      • Remove simplejson dependency
      • [fix] fix listing libraries when some libraries are broken
      • Add a bash wrapper for seafile-gc

      Web

      • Enable deleting of personal messages
      • Improved notification
      • Upgrade pdf.js
      • Password protection for sharing links
      • [admin] Create multi-users by uploading a CSV file
      • Sort libraries by name/date
      • Enable users to put an additional message when sending a sharing link
      • Expiring time for sharing links
      • [fix] Send notification to all users participating a group discussion
      • Redesigned file viewing page
      • Remove simplejson dependency
      • Disable the ability to make a group public by default (admin can turn it on in settings)
      • Add \"Back to Top\" button in file view page
      • Improve page refreshing after uploading files
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#30","title":"3.0","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#307","title":"3.0.7","text":"
      • Add support for logrotate
      • [fix] Fix script for migrating from community edition
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#306","title":"3.0.6","text":"
      • Fix seahub failing to start problem when Ceph backend is used
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#305","title":"3.0.5","text":"
      • Add option to enable highlight search keyword in the file view
      • [fix] Fix \"Save to My Library\" in file sharing
      • [fix] Fix API for renaming files containing non-ASCII characters from mobile clients
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#304","title":"3.0.4","text":"
      • Add support for MariaDB Cluster
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#303","title":"3.0.3","text":"

      Web

      • Show a notice when one tries to reset/change the password of a LDAP user
      • Improve the initial size of pdf/office documents online preview
      • Handle languages more gracefully in search
      • Highlight the keywords in the search results
      • [fix] Fixed a web page display problem for French language

      Platform

      • Improve the speed when saving objects to disks
      • Show error messages when seahub.sh script failed to start
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#302","title":"3.0.2","text":"
      • Added Ceph storage backend support
      • Use random ID as avatar file name instead of the file name uploaded by the user
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#301","title":"3.0.1","text":"
      • [fix] Fix an UI bug in selecting multiple contacts in sending message
      • Library browser page: Loading contacts asynchronously to improve initial loading speed
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#300","title":"3.0.0","text":"

      Web

      • Redesigned UI
      • [admin] Add login log
      • [admin] Add share link traffic statistics
      • [fix] Handle loading avatar exceptions to avoid 500 error
      • Fixed a few api errors
      • Improve page loading speed
      • [fix] Fix UI problem when selecting contacts in personal message send form
      • [fix] Add nickname check and escape nickname to prevent XSS attack
      • [fix] Check validity of library name (only allow a valid directory name).

      Platform

      • Separate the storage of libraries
      • Record files' last modification time directly
      • Keep file timestamp during syncing
      • Allow changing password of an encrypted library
      • Allow config httpserver bind address
      • Improved device (desktop and mobile clients) management

      Misc

      • [fix] Fix API for uploading files from iOS in an encrypted library.
      • [fix] Fix API for getting groups messages containing multiple file attachments
      • [fix] Fix bug in HttpServer when file block is missing
      • [fix] Fix login error for some kind of Android
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#22","title":"2.2","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#221","title":"2.2.1","text":"
      • Add more checking for the validity of users' Email
      • Use random salt and PBKDF2 algorithm to store users' password.
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#21","title":"2.1","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#215","title":"2.1.5","text":"
      • Add correct mime types for mp4 files when downloading
      • [important] set correct file mode bit after uploading a file from web.
      • Show meaningful message instead of \"auto merged by system\" for file merges
      • Improve file history calculation for files which were renamed

      WebDAV

      • Return last modified time of files
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#214-1","title":"2.1.4-1","text":"
      • [fix] fixed the pro.py search --clear command
      • [fix] fixed full text search for office/pdf files
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#214","title":"2.1.4","text":"
      • Improved Microsoft Excel files online preview
      • [fix] Fixed file share link download issue on some browsers.
      • [wiki] Enable create index for wiki.
      • Hide email address in avatar.
      • Show \"create library\" button on Organization page.
      • [fix] Further improve markdown filter to avoid XSS attack.
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#213","title":"2.1.3","text":"
      • Fixed a problem of Seafile WebDAV server
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#212","title":"2.1.2","text":"
      • Fixed a problem of requiring python boto library even if it's not needed.
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#211","title":"2.1.1","text":"

      Platform

      • Added FUSE support, currently read-only
      • Added WebDAV support
      • A default library would be created for new users on first login to seahub
      • Upgrade scripts support MySQL databases now

      Web

      • Redesigned Web UI
      • Redesigned notification module
      • Uploadable share links
      • [login] Added captcha to prevent brute force attack
      • [login] Allow the user to choose the expiration of the session when login
      • [login] Change default session expiration age to 1 day
      • [fix] Fixed a bug of \"trembling\" when scrolling file lists
      • [sub-library] User can choose whether to enable sub-library
      • Improved error messages when upload fails
      • Set default browser file upload size limit to unlimited

      Web for Admin

      • Improved admin UI
      • More flexible customization options
      • Support specify the width of height of custom LOGO
      • Online help is now bundled within Seahub
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#20","title":"2.0","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#205","title":"2.0.5","text":"
      • Support S3-compatible storage backends like Swift
      • Support use existing elasticsearch server
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#204","title":"2.0.4","text":"
      • [fix] set the utf8 charset when connecting to database
      • Use users from both database and LDAP
      • [admin] List database and LDAP users in sysadmin
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#203","title":"2.0.3","text":"
      • [fix] Speed up file syncing when there are lots of small files
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#201","title":"2.0.1","text":"
      • [fix] Elasticsearch now would not be started if search is not enabled
      • [fix] Fix CIFS support.
      • [fix] Support special characters like '@' in MySQL password
      • [fix] Fix create library from desktop client when deploy Seafile with Apache.
      • [fix] Fix sql syntax error in ccnet.log, issue #400 (https://github.com/haiwen/seafile/issues/400).
      • [fix] Return organization libraries to the client.
      • Update French, German and Portuguese (Brazil) languages.
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#200","title":"2.0.0","text":"

      Platform

      • New crypto scheme for encrypted libraries
      • A fsck utility for checking data integrity

      Web

      • Change owner of a library/group
      • Move/delete/copy multiple files
      • Automatically save draft during online editing
      • Add \"clear format\" to .seaf file online editing
      • Support user delete its own account
      • Hide Wiki module by default
      • Remove the concept of sub-library

      Web for Admin

      • Change owner of a library
      • Search user/library

      API

      • Add list/add/delete user API
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#18","title":"1.8","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#183","title":"1.8.3","text":"
      • Improve seahub.sh
      • Improve license checking
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#182","title":"1.8.2","text":"
      • fixed 'cannot enter space' bug for .seaf file online edit
      • add paginating for repo files list
      • fixed a bug for empty repo
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#181","title":"1.8.1","text":"
      • Remove redundant log messages
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#180","title":"1.8.0","text":"

      Web

      • Improve online file browsing and uploading
      • Redesigned interface
      • Use ajax for file operations
      • Support selecting of multiple files in uploading
      • Support drag/drop in uploading
      • Improve file syncing and sharing
      • Syncing and sharing a sub-directory of an existing library.
      • Directly sharing files between two users (instead of generating public links)
      • User can save shared files to one's own library
      • [wiki] Add frame and max-width to images
      • Use 127.0.0.1 to read files (markdown, txt, pdf) in file preview
      • [bugfix] Fix pagination in library snapshot page
      • Set the max length of message reply from 128 characters to 2000 characters.

      API

      • Add creating/deleting library API

      Platform

      • Improve HTTPS support, now HTTPS reverse proxy is the recommend way.
      • Add LDAP filter and multiple DN
      • Case insensitive login
      • Move log files to a single directory
      • [security] Add salt when saving user's password
      • [bugfix] Fix a bug in handling client connection
      • Add a script to automate setup seafile with MySQL
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#17","title":"1.7","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#1704","title":"1.7.0.4","text":"
      • Fixed a bug in file activities module
      "},{"location":"changelog/changelog-for-seafile-professional-server-old/#170","title":"1.7.0","text":"
      • First release of Seafile Professional Server
      "},{"location":"changelog/changelog-for-seafile-professional-server/","title":"Seafile Professional Server Changelog","text":"

      You can check Seafile release table to find the lifetime of each release and current supported OS: https://cloud.seatable.io/dtable/external-links/a85d4221e41344c19566/?tid=0000&vid=0000

      "},{"location":"changelog/changelog-for-seafile-professional-server/#110","title":"11.0","text":"

      Upgrade

      Please check our document for how to upgrade to 11.0

      "},{"location":"changelog/changelog-for-seafile-professional-server/#11016-2024-11-04","title":"11.0.16 (2024-11-04)","text":"
      • The storage migration script now does not allow migration to the original bucket
      • [Security] Do not allow .. as a file directory name
      • [fix] Search results now show the first 20 entries and the user can click more to jump to the page dedicated to search
      • [fix] Fixed SSE_C support
      • Added an option USE_LDAP_SYNC_ONLY to meet the case that using LDAP to sync users to Seafile and let users to login via SSO only
      • [fix] Hide the print button when opening with office online server for preview only the folder share
      • [fix] Do not send file lock notifications to notification server if notification server is not configured for golang fileserver
      • [fix] Sending Links with Passwords has no HTML escape
      • [fix] Fix preview support for TIFF images
      "},{"location":"changelog/changelog-for-seafile-professional-server/#11015-2024-10-17","title":"11.0.15 (2024-10-17)","text":"
      • [fix] Check the length of email in login form, preventing too long input
      • [fix] Use user name instead of user ID in email content
      • [fix] auth-token API also prevent brute force attack
      • [fix] Fix invite people in multi-tenancy mode
      • [fix] Add option SSO_LDAP_USE_SAME_UID
      "},{"location":"changelog/changelog-for-seafile-professional-server/#11014-2024-08-22","title":"11.0.14 (2024-08-22)","text":"
      • [fix] Fix a bug that system admin can not share a library in admin panel
      • [fix] Fix a bug when syncing user role in LDAP sync
      • [fix] Fix S3 support configuration
      • [fix] Add redis package in Docker image
      • [fix] Improve client side SSO via local browser
      "},{"location":"changelog/changelog-for-seafile-professional-server/#11013-2024-08-14","title":"11.0.13 (2024-08-14)","text":"
      • Update translations
      "},{"location":"changelog/changelog-for-seafile-professional-server/#11012-2024-08-07","title":"11.0.12 (2024-08-07)","text":"
      • [fix] [important] Fix a security bug in WebDAV
      • [fix] Fix S3 backend with V4 protocal and path_style_request
      • [fix] Use user's name in reset password email instead of internal ID
      • [fix] Fix invited guest cannot be revoke
      • [fix] Fix keyerror when using backup code in two-factor auth
      • [fix] Do not print warning in seaf-server.log when a LDAP user login
      "},{"location":"changelog/changelog-for-seafile-professional-server/#11011-2024-07-24","title":"11.0.11 (2024-07-24)","text":"
      • Remove unnecessary warning in seahub_email_sender.log
      • [fix] Fix a performance issue in sending file activities notification via email
      • Remove REPLACE_FROM_EMAIL setting as most email server does not support it
      • [fix] Fix a bug in LDAP login with multiple OU
      "},{"location":"changelog/changelog-for-seafile-professional-server/#11010-2024-07-09","title":"11.0.10 (2024-07-09)","text":"
      • [fix] Fix system admin users page when institution feature is enabled
      • Improving logging of search index
      • [fix] Support using contact email in OCM sharing
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1109-2024-06-25","title":"11.0.9 (2024-06-25)","text":"
      • [fix] Fix a crash problem in golang file server introduced in version 11.0.8
      • Add a new role permission \"can_share_repo\"
      • Add rate control for password reset for a user
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1108-2024-06-20","title":"11.0.8 (2024-06-20)","text":"
      • support named groups in SAML claim
      • [fix] Fix CollaboraOnline integration for read-only shares and share links
      • [fix] Fix display issue for ADDITIONAL_SHARE_DIALOG_NOTE
      • [fix] Fix buckets check for ceph and swift backend
      • [fix] Use contact_email in user freeze notifications for system admins
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1107-2024-06-03","title":"11.0.7 (2024-06-03)","text":"

      Seafile

      • Improve accessibility
      • Support open ODG files with LibreOffice (Collabora Online)
      • Support showing last modified time for folders in WebDAV
      • [fix] Fix \"remember me\" in 2FA
      • Enable transfering a library to department in system admin panel
      • [fix] Fix a bug in SAML single logout

      SDoc editor 0.8

      • Support automatically adjusting table width to fit page width
      • Improve comments feature
      • Improve documents shown on mobile
      • More UI fixes and improvements
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1106-beta-2024-04-19","title":"11.0.6 beta (2024-04-19)","text":"

      Seafile

      • Support log rotate for golang file server and notification server
      • Update UI for upload link
      • Support OnlyOffice version feature
      • Show files' original path in the trash
      • Fix traffic statistics
      • Fix an error in LDAP user sync
      • Add an option DISABLE_ADFS_USER_PWD_LOGIN to prevent SAML users login via email/password

      SDoc editor 0.7

      • Improve file comment feature
      • Improve file diff showing
      • Support print a document
      • Improve table editing
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1105-beta-2024-03-20","title":"11.0.5 beta (2024-03-20)","text":"
      • Forbid generating share links for a library if the user has invisible/cloud-read-only permission on the library
      • [fix] Fix a configuration error for Ceph storage (if you don't use S3 interface)
      • [fix] Fix a bug in traffic statistic in golang file server
      • Support use different index names for ElasticSearch
      • Fix column view is limited to 100 items
      • Fix LDAP user login for WebDAV
      • Remove the configuration item \"ENABLE_FILE_COMMENT\" as it is no longer needed
      • Enable copy/move files between encrypted and non-encrypted libraries
      • Forbid creating libraries with Emoji in name
      • Fix some letters in the file name do not fit in height in some dialogs
      • Fix a performance issue in sending file updates report
      • Some other UI fixes and improvements

      SDoc editor 0.6

      • Support convert docx file to sdoc file
      • Support Markdown format in comments
      • Support drag rows/columns in table element and other improvements for table elements
      • Other UI fixes and improvements
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1104-beta-and-sdoc-editor-05-2024-02-01","title":"11.0.4 beta and SDoc editor 0.5 (2024-02-01)","text":"

      Major changes

      • Use a virtual ID to identify a user
      • LDAP login update
      • SAML/Shibboleth/OAuth login update
      • Update Django to version 4.2
      • Update SQLAlchemy to version 2.x
      • Add SeaDoc

      UI Improvements

      • Improve UI of PDF view page
      • Update folder icon
      • The activities page support filter records based on modifiers
      • Add indicator for folders that has been shared out
      • Use file type icon as favicon for file preview pages
      • Support preview of JFIF image format

      Pro edition only changes

      • Support S3 SSE-C encryption
      • Support a new invisible sub-folder permission
      • Update of online read-write permission, online read-write permission now support the shared user to update/rename/delete files online, making it consistent with normal read-write permission

      Other changes

      • Remove file comment features as they are used very little (except for SeaDoc)
      • Add move dir/file, copy dir/file, delete dir/file, rename dir/file APIs for library token based API
      • Use user's current language when create Office files in OnlyOffice
      "},{"location":"changelog/changelog-for-seafile-professional-server/#100","title":"10.0","text":"

      Upgrade

      Please check our document for how to upgrade to 10.0.

      "},{"location":"changelog/changelog-for-seafile-professional-server/#10018-2024-11-01","title":"10.0.18 (2024-11-01)","text":"
      • [fix] Prevent the creating of files with name \"..\"
      "},{"location":"changelog/changelog-for-seafile-professional-server/#10017-2024-10-23","title":"10.0.17 (2024-10-23)","text":"

      This release is for Docker image only

      • [fix] Update the version of sqlalchemy to make \"activities\" page work. The bug was introduced in v10.0.16.
      "},{"location":"changelog/changelog-for-seafile-professional-server/#10016-2024-06-21","title":"10.0.16 (2024-06-21)","text":"
      • [fix] Fix CollaboraOnline integration for read-only shares and share links
      "},{"location":"changelog/changelog-for-seafile-professional-server/#10015-2024-03-21","title":"10.0.15 (2024-03-21)","text":"
      • [Fix] Fix a bug in seaf-gc for FS object
      "},{"location":"changelog/changelog-for-seafile-professional-server/#10014-2024-02-27","title":"10.0.14 (2024-02-27)","text":"
      • Update some translations
      • [Fix] Fix a bug in OnlyOffice desktop editor integration
      • [Fix] Fix a bug in moving file dialog
      "},{"location":"changelog/changelog-for-seafile-professional-server/#10013-2024-02-05","title":"10.0.13 (2024-02-05)","text":"
      • [security] Upgrade pillow dependency from 9.0 to 10.0.

      Note, after upgrading to this version, you need to upgrade the Python libraries in your server \"pillow==10.2.* captcha==0.5.* django_simple_captcha==0.5.20\"

      "},{"location":"changelog/changelog-for-seafile-professional-server/#10012-2024-01-16","title":"10.0.12 (2024-01-16)","text":"
      • Improved WOPI-integration of Collabora Online
      • Fix \"Share Admin->Links->Share Links\" crash when shared link file does not exist anymore
      "},{"location":"changelog/changelog-for-seafile-professional-server/#10011-2023-11-09","title":"10.0.11 (2023-11-09)","text":"
      • [fix] Improve error message in SAML login when the IdP have a connection problem
      • [fix] Fix a bug that go fileserver causing client to generate empty commit
      • [fix] Add missing max number of files for a library when uploading via WebDAV
      • [fix] Show which users cannot be imported when importing users to group
      "},{"location":"changelog/changelog-for-seafile-professional-server/#10010-2023-10-17","title":"10.0.10 (2023-10-17)","text":"
      • [fix] Fix a bug in golang file server that cannot handle sharing permission correctly for departments
      • [fix] Fix a bug Share Link Email Verification cannot work for Italy language
      • [fix] Fix notification server support in golang file server
      • [fix] Fix a bug in search library by ID in admin panel
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1009-2023-08-25","title":"10.0.9 (2023-08-25)","text":"
      • Add an option (library_file_limit in seafile.conf) to support setting the maximum number of files in a single library
      • [fix] Support for virus scan in golang file server when uploading files via upload links
      • Some UI fixes and improvements
      • Improve script clear_invalid_repo_data.py
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1008-2023-08-01","title":"10.0.8 (2023-08-01)","text":"
      • [fix] Fix a bug in worker pool management in golang file server
      • Improve error message when a user log in via SAML in multi-tenancy mode
      • [fix] Fix a bug that causing fsck crash
      • Improve the way how cluster_shared folder is cleaned up
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1007-2023-07-25","title":"10.0.7 (2023-07-25)","text":"
      • [fix] Fix a memory leak in golang file server
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1006-2023-06-27","title":"10.0.6 (2023-06-27)","text":"
      • [fix] Fix \"all notifications\" page link broken when notification server is used
      • [fix] Fix UI bug of notifications dialog
      • [fix] Fix a bug in listing shared out libraries/folders in multi-tenancy mode
      • [fix] Fix a bug in sending emails to admin when finding virus
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1005-2023-06-12","title":"10.0.5 (2023-06-12)","text":"
      • [fix] Fix display of tags in the file details side bar
      • [fix] Fix a file name encoding bug in golang file server
      • [fix] Fix a UI bug in setting expiration time for a sharing link
      • Update included POI java library which is used to extracting contents of doc/docx files in indexing
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1004-2023-05-17","title":"10.0.4 (2023-05-17)","text":"
      • Add \"Undo\" action in the notification toast after deleting files and folders
      • Improve UI of system admin -> department page
      • Support online preview of more audio file formats
      • Support TLS connection to MySQL/MariaDB server
      • [fix] Fix a few bugs in notification server
      • Some other UI improvements
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1003-beta-2023-04-12","title":"10.0.3 beta (2023-04-12)","text":"
      • [fix] Fix a performance issue when displaying many share links for a single file
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1002-beta-2023-04-12","title":"10.0.2 beta (2023-04-12)","text":"
      • Support generating multiple share links for a file and a folder
      • [fix] Fix a bug in golang file server when zip-downloading a folder in encrypted library
      • [fix] Fix a bug in upgrading script when there is no configuration for Nginx
      • Video player support changing playback speed
      • [fix] Fix a few bugs in notification server
      • [multi-tenancy] Support org admin to changing logo for each organization
      "},{"location":"changelog/changelog-for-seafile-professional-server/#1000-beta-2023-04-12","title":"10.0.0 beta (2023-04-12)","text":"
      • Update Python dependencies and support Ubuntu 22.04 and Debian 11
      • Update ElasticSearch to 8.0
      • [new] Add a new notification server (document will be provided later)
      • [new] Support downloading/uploading rate limit for a user
      • [new] Watch and get notifications for libraries
      • [new] Support each organization to have its own SAML login in multi-tenancy mode
      • Update WebDAV password to use one-way hash
      • Remove SQL sub queries to improve SQL query speed in seaf-server
      • Show number of shared users/groups if any when deleting a folder
      • Support online playing of .wav files
      "},{"location":"changelog/changelog-for-seafile-professional-server/#90","title":"9.0","text":"

      Upgrade

      Please check our document for how to upgrade to 9.0.

      "},{"location":"changelog/changelog-for-seafile-professional-server/#9016-2023-03-22","title":"9.0.16 (2023-03-22)","text":"
      • [fix] Fix a bug in clear_invalid_repo_data with virtual repos
      "},{"location":"changelog/changelog-for-seafile-professional-server/#9015-2023-03-01","title":"9.0.15 (2023-03-01)","text":"
      • [fix] Fix a bug in seaf-gc for fs object
      • [fix] Fix some bugs in golang fileserver
      "},{"location":"changelog/changelog-for-seafile-professional-server/#9014-2023-01-06","title":"9.0.14 (2023-01-06)","text":"
      • [fix] Fix some bugs in golang fileserver
      "},{"location":"changelog/changelog-for-seafile-professional-server/#9013-2022-11-11","title":"9.0.13 (2022-11-11)","text":"
      • [multi-tenancy] Add device management for organization admin
      • [multi-tenancy] Add statistics for organization admin
      • [multi-tenancy] Support import users from xlsx
      • [fix] Prevent system admin creating libraries with invalid name in admin panel
      • Add \"create\" permission in custome sharing permission
      • Improve performance in golang file server
      "},{"location":"changelog/changelog-for-seafile-professional-server/#9012-2022-11-04","title":"9.0.12 (2022-11-04)","text":"
      • Enable 'zoom in/out by pinch' for mobile in pdf file view page
      • [fix] Fix recording device information for desktop clients login with SSO
      "},{"location":"changelog/changelog-for-seafile-professional-server/#9011-2022-10-27","title":"9.0.11 (2022-10-27)","text":"
      • [fix] Fix file accessed by seadrive cannot be correctly logged in access log
      • [fix] Fix \"document convertion failed\u201d error visiting a shared document with preview only
      • [fix] Fix memory leak when block cache is enabled
      • [fix] Add unique index to repo_id_file_path_md5 in table onlyoffice_onlyofficedockey
      • [fix] Fix the default created ElasticSearch(v7.x) index has only one shard
      • [fix] Fix search in move files dialog not working
      "},{"location":"changelog/changelog-for-seafile-professional-server/#9010-2022-10-12","title":"9.0.10 (2022-10-12)","text":"
      • Admin list all users API now return last_login and last_access_time
      • [fix] Fix a bug in displaying markdown file in sharing link
      • [fix] Fix notification mails are sent to inactive users
      • [fix] Fix viewing a file in an old snapshot leads to server hickup
      • [fix] Fix an HTTP/500 \"Internal server error\" when the user sets password containing non-latin characters for sharing links
      "},{"location":"changelog/changelog-for-seafile-professional-server/#909-2022-09-22","title":"9.0.9 (2022-09-22)","text":"
      • [fix] Fix a memory leak problem
      • [fix] Fix a bug that will lead to seaf-fsck crash
      • [fix] Fix a stored XSS problem for library names
      • [fix] Disable open a file in OnlyOffice for encrypted libraries when open from trash
      • [fix] Fix library template feature cannot work for department libraries
      • [fix] Fix file locking display on client for shared sub-folder
      • [fix] Fix a memcached problem in go fileserver
      "},{"location":"changelog/changelog-for-seafile-professional-server/#908-2022-09-09","title":"9.0.8 (2022-09-09)","text":"
      • [fix] Fix a UI bug in sending sharing link by email
      • [fix] Markdown editor does not properly filter javscript URIs from the href attribute, which results in stored XSS
      • [fix] Fix a bug in OCM sharing
      • [fix] Fix a bug in un-linking a device in admin panel
      • [fix] Adding URL security check in /accounts/login redirect by ?next= parameter
      • Improve Onlyoffice document info cache handling
      • [fix] Fix a performance problem in go fileserver
      • When a Custom Sharing Permissions is deleted, removing corresponding shares
      • [fix] Don't show auto-deletion menu item when the feature is not enabled
      • [fix] Fix a bug in reading a role's quota when a user login with SSO
      "},{"location":"changelog/changelog-for-seafile-professional-server/#907-20220811","title":"9.0.7 (2022/08/11)","text":"

      Note: included lxml library is removed for some compatiblity reason. The library is used in published libraries feature and WebDAV feature. You need to install lxml manually after upgrade to 9.0.7. Use command pip3 install lxml to install it.

      • A page in published libraries is rendered at the server side to improve loading speed.
      • Upgrade Django from 3.2.6 to 3.2.14
      • Fix a bug in collaboration notice sending via email to users' contact email
      • Support OnlyOffice oform/docxf files
      • Improve user search when sharing a library
      • Admin panel support searching a library via ID prefix
      • [fix] Fix preview PSD images
      • [fix] Fix a bug that office files can't be opened in sharing links via OnlyOffice
      • [fix] Go fileserver: Folder or File is not deletable when there is a spurious utf-8 char inside the filename
      • [fix] Fix file moving in WebDAV
      • ElasticSearch now support https
      • Support advanced permissions like cloud-preview only, cloud read-write only when shareing a department library
      • [fix] Fix a bug in get library sharing info in multi-tenancy mode
      • [fix] Fix a bug in library list cache used by syncing client
      "},{"location":"changelog/changelog-for-seafile-professional-server/#906-20220706","title":"9.0.6 (2022/07/06)","text":"
      • Support using custom permission when shareing a department library
      • [fix] Fix a bug in go file-server when working with online GC
      • Add cache for getting locked files and getting folder permission (reduce server load caused by sycing client)
      • Show table of contents in Markdown sharing link
      • Check if quota exceeded before file uploading in upload sharing link
      • Support import group member via contact email
      • [fix] Fix a bug that sometimes a shared subfolder is unshared automatically by database access error
      • [fix] Fix a bug in work with Python 3.10+
      • [fix] Fix a bug in smart link redirect to the file page
      • [fix] Fix a UI bug when drag and drop a file
      • Improve UI of file comments
      • [fix] Fix permission check in deleting/editing a file comment
      • Support editing of expire time for sharing links
      • Show ISO date and time in file history page instead of showing relative time
      • Add \"Visit related snapshot\" in the dropdown menu of an entry in file history
      "},{"location":"changelog/changelog-for-seafile-professional-server/#905-20220321","title":"9.0.5 (2022/03/21)","text":"
      • Remove unused \"related files\" feature
      • [fix] Fix zip downloading a folder not having .zip suffix when using golang file server
      • UI improvement of file label feature
      • Show file labels in folder sharing links
      • Improve performance when deleting virtual repos when original repo is deleted
      • [fix, security] Fix permission check in deleting/editing a file comment
      "},{"location":"changelog/changelog-for-seafile-professional-server/#904-20220124","title":"9.0.4 (2022/01/24)","text":"
      • Users can save files or folders in shared folder link to their own libraries
      • [fix] Fix markdown file print
      "},{"location":"changelog/changelog-for-seafile-professional-server/#903-beta-20211228","title":"9.0.3 beta (2021/12/28)","text":"
      • Upgrade ElasticSearch to version 7.x
      • Improve UI of file moving/copying dialog to show folders with long names
      • Expand to the current folder when open file moving/copying dialog
      • [fix] Fix a bug in golang file server log rotate support
      • [fix] Fix a bug in folder download-link and try to download files/folders as zip using golang file server
      • Preserve keyword when expanding search dialog to a separate search page
      "},{"location":"changelog/changelog-for-seafile-professional-server/#902-beta-20211215","title":"9.0.2 beta (2021/12/15)","text":"
      • Upgrade Django to 3.2
      • Enable showing password for encrypted sharing links
      • Rewrite HTTP service in seaf-server with golang and move it to a separate component (turn off by default)
      • Upgrade PDFjs to new version, support viewing of password protected PDF
      • Use database to store OnlyOffice cache keys
      • Supporting converting files like doc to docx using OnlyOffice for online editing
      • In sharing link with edit permission, anonymous users can set his/her name in OnlyOffice editing
      • Move SERVICE_URL configuration from ccnet.conf to seahub_settings.py

      The new file-server written in golang serves HTTP requests to upload/download/sync files. It provides three advantages:

      • The performance is better in a high-concurrency environment and it can handle long requests. Now you can sync libraries with large number of files.
      • Now file zipping and downloading can be done simutaneously. When zip downloading a folder, you don't need to wait until zip is done.
      • Support rate control for file uploading and downloading.

      You can turn golang file-server on by adding following configuration in seafile.conf

      [fileserver]\nuse_go_fileserver = true\n
      "},{"location":"changelog/changelog-for-seafile-professional-server/#901","title":"9.0.1","text":"

      Deprecated

      "},{"location":"changelog/changelog-for-seafile-professional-server/#900","title":"9.0.0","text":"

      Deprecated

      "},{"location":"changelog/changelog-for-seafile-professional-server/#80","title":"8.0","text":"

      Upgrade

      Please check our document for how to upgrade to 8.0.

      "},{"location":"changelog/changelog-for-seafile-professional-server/#8017-20220110","title":"8.0.17 (2022/01/10)","text":"
      • [fix] Remove JndiManager.class, JmsAppender.class and SmtpAppender.class from log4j jar in bundled ElasticSearch
      • [fix] Fix a bug in insert file from library in Markdown editor
      • [fix] Fix a crash bug in real-time backup service
      "},{"location":"changelog/changelog-for-seafile-professional-server/#8016-20211228","title":"8.0.16 (2021/12/28)","text":"
      • [fix] Remove JndiLookup.class from log4j jar in bundled ElasticSearch
      • [fix] Fix a memory leak in seaf-server
      • Use contact email and name in guest invitation revoking email
      • Upgrade bundled mariadb connector c to 3.2.5
      "},{"location":"changelog/changelog-for-seafile-professional-server/#8015-20211206","title":"8.0.15 (2021/12/06)","text":"
      • If a custom admin role is not found in admin role list, a role with minimal permissions (\"audit_admin\") will be assigned to the user
      • [fix] Fix a security issue in token check in file syncing
      "},{"location":"changelog/changelog-for-seafile-professional-server/#8014-20211117","title":"8.0.14 (2021/11/17)","text":"
      • [fix] Fix hanlding of user disconnect and connect messages from OnlyOffice
      • [fix] Fix OnlyOffice editing support for anonymous users in sharing links
      "},{"location":"changelog/changelog-for-seafile-professional-server/#8012-20211103","title":"8.0.12 (2021/11/03)","text":"
      • Improve the way to download scan code for sharing links
      • Group admins can search group members now
      "},{"location":"changelog/changelog-for-seafile-professional-server/#8011-20210926","title":"8.0.11 (2021/09/26)","text":"
      • [fix] Fix a bug in LDAP group sync when using OpenLDAP
      "},{"location":"changelog/changelog-for-seafile-professional-server/#8010-20210909","title":"8.0.10 (2021/09/09)","text":"
      • [fix] Fix a bug in LDAP sync
      "},{"location":"changelog/changelog-for-seafile-professional-server/#809-20210826","title":"8.0.9 (2021/08/26)","text":"
      • Improve title of guest invitation email
      • [fix] Fix a bug that page \"admin panel -> logs -> permissions\" can't be displayed
      • [fix] Fix a bug in admin search users
      "},{"location":"changelog/changelog-for-seafile-professional-server/#808-20210806","title":"8.0.8 (2021/08/06)","text":"
      • [multi-tenancy] Support system Admin to add additional admins to a specific org
      • [fix] Fix zip downloading for large files in cluster
      • [fix] Fix online editing for files with very long names
      • Improve performance for listing deleted files in trash
      • [fix] Update expire date for new guest invitation if there is an old expired invitation
      • [fix] Fix FORCE_PASSWORD_CHANGE does not force the new user to change their password if the user is added by admin
      • [fix] Fix setting a webdav password when 2FA enabled
      "},{"location":"changelog/changelog-for-seafile-professional-server/#807-20210719","title":"8.0.7 (2021/07/19)","text":"
      • Add missing accessibility labels for some links and buttons in file details page
      • [fix] Fix a bug in file zip download when the size of files exceed limit
      • [fix] Fix long WebDAV Secret Yields 500 Error
      "},{"location":"changelog/changelog-for-seafile-professional-server/#806-20210715","title":"8.0.6 (2021/07/15)","text":"
      • [fix] Fix a cache problem in OnlyOffice integration when automatically saving is used
      • [fix] Once a user quota have been set, I can not set it back to 0 (unlimited)
      • [fix] Fix collabora integration
      • User's can manage his/her Web API Auth Token in profile page
      • A group admin can now leave a group
      • [fix] Fix Lazy loading / pagination breaks image viewer (https://forum.seafile.com/t/lazy-loading-pagination-breaks-image-viewer/14655)
      • seaf-gc can now clean fs object
      • Update included libradios to version 16
      "},{"location":"changelog/changelog-for-seafile-professional-server/#805-20210625","title":"8.0.5 (2021/06/25)","text":"
      • Add compatibility with IE11
      • [fix] Fix a bug in seaf-gc for libraries with sub-libraies
      • Enable deleting devices in admin panel
      • Enable setting a user's quota back to 0 (unlimited)
      • Users can now manage its own Web API auth token in profile page
      • Enable a group admin leave a group
      • [fix] Disable editing via sharing link when a file is locked
      • [fileserver] Add block cache option when downloading file from web or API
      "},{"location":"changelog/changelog-for-seafile-professional-server/#804-20210520","title":"8.0.4 (2021/05/20)","text":"
      • [fix] Add back virus scan support in uploading link
      • [fix] Fix a bug in seaf-gc
      • [fix] Fix a bug in library list cache
      • [fix] Fix a bug that a libary can't be synced immidiately after creating
      • [fix] Do not show watermark when editing files with Office Online Server
      "},{"location":"changelog/changelog-for-seafile-professional-server/#803-20210427","title":"8.0.3 (2021/04/27)","text":"
      • [fix] Fix SAML2 authentication
      • [fix] Fix file locking
      • [fix] Fix anothoer bug in upload files to a sharing link with upload permission

      Potential breaking change in Seafile Pro 8.0.3: You can set the maximum number of files contained in a library that can be synced by the Seafile client. The default is 100000. When you download a repo, Seafile client will request fs id list, and you can control the timeout period of this request through fs_id_list_request_timeout configuration, which defaults to 5 minutes. These two options are added to prevent long fs-id-list requests from overloading the server. If you have large libraries on the server, this can cause \"internal server error\" returned to the client. You have to set a large enough limit for these two options.

      [fileserver]\nmax_sync_file_count = 100000\nfs_id_list_request_timeout = 300\n
      "},{"location":"changelog/changelog-for-seafile-professional-server/#802-20210421","title":"8.0.2 (2021/04/21)","text":"
      • [fix] Fix upload files to sub-folders in a sharing link with upload permission
      • [fix] Enable sending collabration notification emails by default
      • [fix] Recreate a department if it is deleted in LDAP syncing
      • [fix] Fix compatibility with old MariaDB in upgrading SQL statements from version 7.1 to 8.0
      • [fix] Fix deleting libraries without owner in admin panel
      • Add an API to change a user's email
      • [fix] Fix a bug in storage migration script
      • [fix] Fix a bug that will cause fsck crash
      • [fix] Fix a XSS problem in notification
      "},{"location":"changelog/changelog-for-seafile-professional-server/#801-20210407","title":"8.0.1 (2021/04/07)","text":"
      • Users can set whether to receive email notifications in the setting page
      • [fix] Fix a bug that sometimes traffic statistics are not correct
      • Improve file locking handling for OnlyOffice and Office Online Server integration
      • [fix] Fix a bug in seaf-gc
      • [fix] Fix wrong links of files in library history details dialog
      • Add \"Open via Client\" button in file view page
      • Add an admin API to change a user's email
      "},{"location":"changelog/changelog-for-seafile-professional-server/#800-beta-20210302","title":"8.0.0 beta (2021/03/02)","text":"
      • Add open cloud mesh feature
      • Upgrade Django to 2.2 version
      • Remove ccnet-server component
      • Users can use secret key to access WebDAV after enabling two-factor authentication
      • Add QR code for sharing links
      • Rewrite upload link page to use React technology
      • Improve GC performance
      • Update help page
      • Release v4 encrypted library format to enhance security for v3 encrypted format
      "},{"location":"changelog/changelog-for-seafile-professional-server/#71","title":"7.1","text":"

      Upgrade

      Please check our document for how to upgrade to 7.1.

      "},{"location":"changelog/changelog-for-seafile-professional-server/#7122-20210729","title":"7.1.22 (2021/07/29)","text":"
      • [fix] Fix a UI bug for setting sharing permission
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7121-20210713","title":"7.1.21 (2021/07/13)","text":"
      • Make file download link generated for OnlyOffice can be used by multiple times
      • Improve OnlyOffice integration logs
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7120-20210702","title":"7.1.20 (2021/07/02)","text":"
      • [fix] Fix a cache bug for OnlyOffice integration.
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7119-20210604","title":"7.1.19 (2021/06/04)","text":"
      • [fix] Fix a bug that some threads are set as daemon in seafevents
      • [fix] Improve performance in system admin listing users by removing some redundent code in fetching users' last active time
      • [fix] Fix a bug in password protected sharing link with direct download set (?dl=1)
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7118-20210513","title":"7.1.18 (2021/05/13)","text":"
      • [fix] Fix a bug in library list cache
      • [fix] Fix a webdav crash bug
      • [fix] Fix a library can't be synced immidiately after creating
      • [fix] disable max_sync_file_count and fs_id_list_request_timeout options by default
      • [fix] Fix office files can't be viewd with builtin office file preview (caused by incompatible JWT library version)
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7117-20210426","title":"7.1.17 (2021/04/26)","text":"
      • [fix] Fix manual file lock can't work
      • [fix] Fix webdav file range request
      • Improve OnlyOffice cache handling
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7116-20210419","title":"7.1.16 (2021/04/19)","text":"
      • [fix] Fix deleting libraries without owner in admin panel
      • Add an API to change a user's email
      • [fix] Fix a bug in storage migration script
      • [fix] Fix a bug that will cause fsck crash
      • [fix] Fix a XSS problem in notification

      Potential breaking change in Seafile Pro 7.1.16: You can set the maximum number of files contained in a library that can be synced by the Seafile client. The default is 100000. When you download a repo, Seafile client will request fs id list, and you can control the timeout period of this request through fs_id_list_request_timeout configuration, which defaults to 5 minutes. These two options are added to prevent long fs-id-list requests from overloading the server. If you have large libraries on the server, this can cause \"internal server error\" returned to the client. You have to set a large enough limit for these two options.

      [fileserver]\nmax_sync_file_count = 100000\nfs_id_list_request_timeout = 300\n
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7115-20210318","title":"7.1.15 (2021/03/18)","text":"
      • [fix] Fix sometimes uploading via API returning 400 error
      • Improve file locking handlering for OnlyOffice and Office Online integration
      • [fix] Fix sometimes traffic statistics not correct
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7114-20210226","title":"7.1.14 (2021/02/26)","text":"
      • Add importing group members via a xlsx file
      • [fix] Fix a bug in login via Shibboleth
      • [fix] Fix remote wipe
      • [fix] Fix setting a role's default quota via ADFS login
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7113-20210208","title":"7.1.13 (2021/02/08)","text":"
      • [fix] Fix file audit logs are not recorded if seaf-server restarted
      • [fix] Fix a crash bug in seaf-server
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7112-20210203","title":"7.1.12 (2021/02/03)","text":"
      • [fix] Fix listing more than 100+ users in group member management dialog
      • [fix] Fix guest invitation email sending problem
      • ccnet-server and seaf-server close database connection when there are errors
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7111-20210128","title":"7.1.11 (2021/01/28)","text":"
      • Add cache for listing libraries request from drive clients
      • Show users' last active time in admin panel
      • Library owner can unlock a file
      • Show image thumbnail in search result
      • WebDAV support range request
      • [fix] Fix WebDAV can't be used with secret when 2FA is enabled
      • [fix] Fix SSO users are not created after login when LDAP is also enabled
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7110-20200111","title":"7.1.10 (2020/01/11)","text":"
      • [fix] Fix user can't login in WebDAV via secret key after two-fa is turned on
      • [fix] Enable copy multiple folders/files in read-only libraries
      • [fix] Add back filter functions in admin file access logs
      • Enable setting work number in realtime backup
      • [fix] Fix a bug in multi-tenancy mode when transfer a library from a user to a department
      "},{"location":"changelog/changelog-for-seafile-professional-server/#719-20201202","title":"7.1.9 (2020/12/02)","text":"
      • [new] Add pagination when listing group/department members
      • [fix] Disable webdav for users that have 2fa enabled
      • [fix] Fix OnlyOffice JWT broken for public shared links / PR for fix available
      • [fix] Fix database crash will causing clients to unsync libraries
      • [fix] Fix webdav LOCK issue
      • [new, OnlyOffice] Pass user id to OnlyOffice
      • [fix] Fix check_user_quote command for LDAP users
      • [fix] Fix LIBRARY_TEMPLATES support
      • [fix] Fix Markdown print in Firefox
      • [fix] Fix a bug in OAuth
      • [fix] Remove unused rest_framework files
      • [fix] Fix a bug in getting file history
      • [new] Admin can delete pending invitations
      • [fix] Fix can not save markdown/text file for shared libraries with advanced permission control
      • [fix, multi-tenancy] Fix organization traffic stats seem to not work correctly
      • [fix, multi-tenancy] Fix orginization admin update user status error
      • [fix] Fix Affiliation-Role-Mapping not working
      "},{"location":"changelog/changelog-for-seafile-professional-server/#718-20201012","title":"7.1.8 (2020/10/12)","text":"
      • [fix] Fix user name encoding for Shibboleth SSO
      • [fix] Add back the remote wipe feature when deleting a linked devices in admin panel
      • [fix] Fix sorting problem in some tables in admin panel
      • [fix] Fix auto-reactive user when a user deleted from LDAP and then added back
      • [fix] Fix a few bugs in organization admin panel in multi-tenancy mode
      • [fix] Fix libraries unsynced in a client if database crash at the server side
      "},{"location":"changelog/changelog-for-seafile-professional-server/#717-20200828","title":"7.1.7 (2020/08/28)","text":"
      • [fix] Fix a bug in returned group library permission for SeaDrive client
      • Support pagination when listing libraries in a group
      • Update wsgidav used in WebDAV
      • Remove redundent logs in seafile.log
      • [fix] Fix \"save to...\" in share link
      • Add an option to show a user's email in sharing dialog (ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER)
      • [fix] Fix virus scan results page can't be opened in system admin panel
      "},{"location":"changelog/changelog-for-seafile-professional-server/#716-20200728","title":"7.1.6 (2020/07/28)","text":"
      • Add database connection pool to reduce database connection usage
      • [fix] Fix WebDAV error if a file is moved immediately after uploading
      • Enable generating internal links for files in an encrypted library
      "},{"location":"changelog/changelog-for-seafile-professional-server/#715-20200630","title":"7.1.5 (2020/06/30)","text":"
      • Indexing LibreOffice files in file search
      • Support setting the expire date time of a share link to a specific date time
      • GC add --id-prefix option to scan a specific range of libraries
      • fsck add an option to not check block integrity to speed up scanning
      • [fix] ccnet no longer listen on port 10001
      • [fix] Fix virus scan via upload link not work
      • [fix] Fix WebDAV failed login via WebDAV secret
      • [fix] Fix some bugs in LDAP sync
      • [fix] Fix term and condition feature
      • [fix] Fix support for institution feature
      • Other UI fixes
      "},{"location":"changelog/changelog-for-seafile-professional-server/#714-20200514","title":"7.1.4 (2020/05/14)","text":"
      • [fix] Fix listing LDAP imported users when number of users is greater than 500
      • [fix] Fix visiting folder share links with password and default path
      • Use preview-and-download as default permission when generating share links
      • Support selecting and downloading multiple files in a sharing link
      • Show share link expiration time in system admin
      • [multi-tenancy] Support sorting for users and libraries in organization admin panel
      • FUSE extension now support multiple storage backends
      • [fix] Fix file download links in public libraries
      • [fix] fix seaf-backup-cmd.sh
      • Other UI improvements and fixes
      "},{"location":"changelog/changelog-for-seafile-professional-server/#713-20200408","title":"7.1.3 (2020/04/08)","text":"
      • A library admin can see all the shared links for a library
      • Sort libraries and users in admin panel
      • Delete all the users and libraries in an organization when deleting that organization
      • [fix] Fix some bugs in multiple storage backend feature
      • Other UI fixes
      "},{"location":"changelog/changelog-for-seafile-professional-server/#711-beta-20200227","title":"7.1.1 Beta (2020/02/27)","text":"
      • Fix full text search
      • Fix office file preview in cluster mode
      "},{"location":"changelog/changelog-for-seafile-professional-server/#710-beta-20200219","title":"7.1.0 Beta (2020/02/19)","text":"
      • Rewrite the system admin pages with React
      • Upgrade to Python3
      • Add library API Token, you can now generate API tokens for a library and use them in third party programs.
      • Add a feature abuse report for reporting abuse for download links.
      • Improved guest invitation: you can now invite a guest and share a library to the guest in one step.
      "},{"location":"changelog/changelog-for-seafile-professional-server/#70","title":"7.0","text":"

      Since seafile-pro 7.0.0, we have upgraded Elasticsearch to 5.6. As Elasticsearch 5.6 relies on the Java 8 environment and can't run with root, you need to run Seafile with a non-root user and upgrade the Java version.

      Please check our document for how to upgrade to 7.0.

      "},{"location":"changelog/changelog-for-seafile-professional-server/#7019-20200907","title":"7.0.19 (2020/09/07)","text":"
      • Fix translation
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7018-20200521","title":"7.0.18 (2020/05/21)","text":"
      • Fix a bug in adding tag for files using context menu
      • Add missing translations for French language
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7017-20200428","title":"7.0.17 (2020/04/28)","text":"
      • Fix bug for EXTRA_ABOUT_DIALOG_LINKS
      • Modify the default permission to \"Download and preview\" for share links
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7016-20200401","title":"7.0.16 (2020/04/01)","text":"
      • Add progress dialog when moving files across libraries
      • Add more customization options (EXTRA_SHARE_DIALOG_NOTE, EXTRA_APP_BOTTOM_LINKS, EXTRA_ABOUT_DIALOG_LINKS)
      • [fix] Fix a bug with domain-name that contains \"file\" when previewing markdown file via share link
      • [fix] Do not show download link for a preview-only share link
      • [fix] Fix searching files in a public library for login users
      • Some UI improvements
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7015-deprecated","title":"7.0.15 (Deprecated)","text":""},{"location":"changelog/changelog-for-seafile-professional-server/#7014-20200306","title":"7.0.14 (2020/03/06)","text":"
      • [fix] Fix seaf-server crash problem when calculating library size for a corrupted library
      • [fix] Fix a bug when sending file update notice
      • Write virus scan log to file virus_scan.log
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7013-20200116","title":"7.0.13 (2020/01/16)","text":"
      • Fix Shibboleth login bug (added in 7.0.12)
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7012-20200110","title":"7.0.12 (2020/01/10)","text":"
      • Fix department support in multi-tenancy mode
      • Fix a performance problem when deleting cache files for resume file upload
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7011-20191115","title":"7.0.11 (2019/11/15)","text":"
      • set jvm.options in ElasticSearch to -Xms1g -Xmx1g
      • [fix] Fix revert library button missing in multi-tenancy mode
      • [fix] Remove redundant log OnlineOffice file lock is expired
      • [fix] Fix S3 support in multiple storage backend feature
      • [LDAP Sync] Support setting default permission for automatically created library for department
      • [LDAP Sync] Support get department name from a configured attribute
      • [fix] Fix support for Shibboleth single log out
      • [fix] Fix support for sharing a sub-folder in a department library
      "},{"location":"changelog/changelog-for-seafile-professional-server/#7010-20191022","title":"7.0.10 (2019/10/22)","text":"
      • [fix] Fix showing NaN when uploading a file with 0 size.
      • [fix] Fix email notifications for file changes not sent
      • [fix] Remove two redundant logs in seafile.log
      • [fix] Fix opening a shared library with special characters
      • [fix] Fix duplicated two-scrollbars when browsing a published library in Windows using Firefox
      • [fix] Users can now create sharing links for files with permission \"online-preview only\" and \"online-read-write\".
      • [fix] Fix links in email notification for a shared folder
      • [fix] Fix the path shown for public share links of folders
      • [fix] Fix a bug in loading a file's history
      • [fix] Fix a case when using SAML login with LDAP configured
      • [fix] Fix a bug that a broken library can't be deleted via web UI
      "},{"location":"changelog/changelog-for-seafile-professional-server/#709-20190920","title":"7.0.9 (2019/09/20)","text":"
      • [fix] Add institution admin back
      • [fix] Fix '\\n' in system wide notification will lead to blank page
      • [fix] Remove all metadata in docx template
      • [fix] Fix redirection after login
      • [fix] Fix group order is not alphabetic
      • [fix] Fix download button in sharing link
      • Mobile UI Improvement (Now all major pages can be used in Mobile smoothly)
      "},{"location":"changelog/changelog-for-seafile-professional-server/#708-20190826","title":"7.0.8 (2019/08/26)","text":"
      • Inviter can cancel invitation after the user has accepted the invitation. The user will be set as inactive.
      • Improve organization admin panel in multi-tenancy mode
      • Add notification when a user try to leave a page during file transfer
      • Add UI waiting notification when resetting a user's password in admin panel
      • Add generating internal link (smart-link) for folders
      • Add command line tool for admin to export reports
      • [fix] Fix file drag and drop in IE and Firefox
      • [fix] Add back the feature of letting user to select storage backend
      • Improve UI for file uploading, support re-upload after error
      • [fix] Fix devices login via Shibboleth not show in devices list
      • [fix] Fix support of OnlyOffice force-save option
      • [fix] Fix zip download when user selecting a long list of files
      • Other UI fixes
      "},{"location":"changelog/changelog-for-seafile-professional-server/#707-20190729","title":"7.0.7 (2019/07/29)","text":"
      • [fix] Fix a bug in multiple storage backend support
      • Fix avatar problem when deployed under non-root domain
      • Add get internal link in share dialog
      • Fix newly created DOCX files are not empty and have a Chinese font set as default font
      • Fix system does not send email to new user when adding new user in system admin
      • Fix thumbnail for TIFF files
      • Fix direct download link for sharing links
      • Fix report in statictics module has no file extension when downloading in Firefox
      • Fix \"Preview-only\" share link
      • Fix file comment
      • Other UI fixes
      "},{"location":"changelog/changelog-for-seafile-professional-server/#706-20190722","title":"7.0.6 (2019/07/22)","text":"
      • [fix] Fix a memcache bug when using S3 backend
      "},{"location":"changelog/changelog-for-seafile-professional-server/#705-20190716","title":"7.0.5 (2019/07/16)","text":"
      • [fix] Fix Zip download multiple files
      • [fix] Fix a bug in \"System Admin -> Logs -> File Update -> details\"
      • [fix] Fix there is an extra history item for newly created docs/pptx
      • [fix] Fix a bug in traffic statistics
      • [fix] Fix file modification report email are not sent out
      • Support show department libraries in fuse
      • Add expiring date for upload link
      • Add search feature in pubished libraries for anonymous users
      "},{"location":"changelog/changelog-for-seafile-professional-server/#704-20190705","title":"7.0.4 (2019/07/05)","text":"
      • UI Improvement and fixes
      • Fix file upload button with Safari, IE edge
      • Support setting history and cleaning trash for department libraries
      • Fix compatibility with \"Open library in web\" from the old version desktop client
      • Support \".\" in group name
      • Add back \"can edit\" permission for sharing links for office file
      • Add back \"send link\" for upload links
      • Add back grid view for folder sharing links
      • Support creating encrypted libraries for department libraries
      • Fix preview for PSD, TIFF files
      • Fix deleting of favorate items when they are shared items but the sharing are revoked
      • Fix avatar broken problem when using a non-stardard port
      • Fix resumable file uploading
      "},{"location":"changelog/changelog-for-seafile-professional-server/#703-20190613","title":"7.0.3 (2019/06/13)","text":"
      • UI fixes
      • Support index.md in published library
      • Add sub-folder permission for deparment libraries
      • Enable new file history by default
      • Make published library feature turned on by default
      • Fix IE Edge support
      • Fix LDAP group sync
      "},{"location":"changelog/changelog-for-seafile-professional-server/#702-beta-20190517","title":"7.0.2 beta (2019/05/17)","text":"
      • UI fixes
      • Support using different salt for each encrypted libraries
      • Add back sub-folder permission feature
      • Improved user's settings page and file search page
      • Support transfer personal library to department
      • Add pubishing library to role permission
      • [wopi] Pass last modified time to WOPI
      • Improve image resizing in Markdown
      "},{"location":"changelog/changelog-for-seafile-professional-server/#701-beta-20190418","title":"7.0.1 beta (2019/04/18)","text":"
      • Improved Markdown editor
      • Add columns view mode (Wiki view mode)
      • Add context menu
      • Realtime search
      • Support search libraries
      • Record file history to database for Markdown, Text and Docx, xlsx, pptx files
      • Redesigned activities page
      • Add preview-edit-on-cloud, preview-on-cloud permissions
      • Redesigned file tags
      • Support editing share link permission after creating a link
      "},{"location":"changelog/changelog-for-seafile-professional-server/#63","title":"6.3","text":"

      In version 6.3, Django is upgraded to version 1.11. Django 1.8, which is used in version 6.2, is deprecated in 2018 April.

      With this upgrade, the fast-cgi mode is no longer supported. You need to config Seafile behind Nginx/Apache in WSGI mode.

      The way to run Seahub in another port is also changed. You need to modify the configuration file conf/gunicorn.conf instead of running ./seahub.sh start <another-port>.

      Version 6.3 also changed the database table for file comments, if you have used this feature, you need migrate old file comments using the following commends after upgrading to 6.3:

      ./seahub.sh python-env seahub/manage.py migrate_file_comment\n

      Note, this command should be run while Seafile server is running.

      Version 6.3 changed '/shib-login' to '/sso'. If you use Shibboleth, you need to to update your Apache/Nginx config. Please check the updated document: shibboleth config v6.3

      Version 6.3 add a new option for file search (seafevents.conf):

      [INDEX FILES]\n...\nhighlight = fvh\n...\n

      This option will make search speed improved significantly (10x) when the search result contains large pdf/doc files. But you need to rebuild search index if you want to add this option.

      "},{"location":"changelog/changelog-for-seafile-professional-server/#6314-20190521","title":"6.3.14 (2019/05/21)","text":"
      • [fix] Fix a bug in LDAP group sync
      "},{"location":"changelog/changelog-for-seafile-professional-server/#6313-20190320","title":"6.3.13 (2019/03/20)","text":"
      • [fix] Fix some bugs in accessing S3 for some special configurations
      • [fix] Fix OnlyOffice integration when OnlyOffice using invalid CA
      • [fix] Fix sometimes users can't login into WebDAV
      • [fix] Fix a crash bug in realtime backup server
      • [fix] Fix the last modified time is not updated for shared sub-folders
      • [fix] Keep last modified time when moving or copying files from on library to another
      • [fix] Fix can't sync a sub-folder of a shared sub-folder
      • [fix] Fix URL in email notification for sub-folder shared event
      "},{"location":"changelog/changelog-for-seafile-professional-server/#6312-20190221","title":"6.3.12 (2019/02/21)","text":"
      • [fix] Fix using WebDAV with Single Sign On
      • [fix] Fix a bug in importing users via excel file
      • Redirect users to home page after setting up 2FA
      • [fix] Fix can't send email when non-ascii symbols in filename in virus scan
      • [fix] Fix a bug in syncing LDAP when a user belong to multiple groups
      • Add slow log for accessing object storage for debugging purpose
      • [fix] Fix a SQL bug in multi-tenancy mode
      • Set the chunk size to 8MB during uploading files via chunk to speed up file transfer
      "},{"location":"changelog/changelog-for-seafile-professional-server/#6311-20190115","title":"6.3.11 (2019/01/15)","text":"
      • [fix] Fix support for two-factor authentication using SMS
      • [fix] Fix support for traffic statistics
      • [fix] Improve performance for getting group library list
      • [fix] Fix file access audit log
      • Remove file count and size count for directories as it will lead to performance problem
      "},{"location":"changelog/changelog-for-seafile-professional-server/#6310-20190102","title":"6.3.10 (2019/01/02)","text":"
      • [fix] Fix folder upload problem
      • [fix] Fix file audit page can't be load
      • [fix] Fix MIME type for .xls
      • Add RPC slow log
      • Add admin API for manage organizations in multi-tenancy mode
      • Add warning when close page during file uploading
      "},{"location":"changelog/changelog-for-seafile-professional-server/#639-20181213","title":"6.3.9 (2018/12/13)","text":"
      • Fix a seaf-server crash problem
      "},{"location":"changelog/changelog-for-seafile-professional-server/#638-20181210","title":"6.3.8 (2018/12/10)","text":"
      • Improve online PDF view for large PDF files (In the old version, a large PDF file consumes a lot of memory)
      • Admin can force a user to use two-factor authentication
      • Improve performance of upgdating a library's size and file numbers
      • Don't print a lot of \"Repo size compute queue is 0\"
      • Enable using WebDAV with Single Sign On (A new option ENABLE_WEBDAV_SECRET)
      • Enable login to WebDAV via contact email
      • [fix] A shared empty folder name will be updated if the folder's name is changed
      • Support preview for PSD and AI files
      • [fix] Fix license information display problem
      • [fix] Fix video preview for shared link on mobile browsers
      • Redirect old wiki URL to new wiki URL
      • Hide save as button for files viewed by Office Online Server
      • When a library be transfer to another user, don't clear the syncing tokens
      • Support syncing both department and groups at the same time in LDAP sync (deprecating old config options for department sync)
      • Set default quota for department synced from LDAP
      • Allow more independent LDAP configurations for multi-LDAP server sync
      • [fix] Fix problems when downloading large list of files via Zip download
      • [fix] Fix a performance problem when get the list of all groups
      • [fix] Can change history settings for library in admin area even if the change of history settings is disable for normal users
      • Make multi-threads mode as default for Seahub
      "},{"location":"changelog/changelog-for-seafile-professional-server/#637-20181016","title":"6.3.7 (2018/10/16)","text":"
      • [fix] Fix a bug of lock by online office
      • Anyone that can write a file can unlock the file if it is locked by online office
      • [fix] Fix a bug in sending mails in background node
      • [fix] Remove forcesave option in OnlyOffice since it have a bug
      • [fix] Fix a bug that wiki page can't be loaded
      • Add traffic statistics
      • [fix] Remove unnecessary logs in virus scan
      "},{"location":"changelog/changelog-for-seafile-professional-server/#636-20180921","title":"6.3.6 (2018/09/21)","text":"
      • [fix] Fix a bug in user defined role
      • [fix] Editable share link can be edited by anonymous user
      "},{"location":"changelog/changelog-for-seafile-professional-server/#635-20180918","title":"6.3.5 (2018/09/18)","text":"
      • [fix, security] Fix a security issue in Shibboleth authentication
      • [fix] Fix sometimes Web UI will not autoload a >100 item directory view
      • [fix] Fix sending notification emails in backend node
      • Showing user's name instead of email in web interface
      • [fix] Fix desktop client can't login if using ADFS

      New features

      • Add a new sharing link permission \"can edit\" for docx/excel. Any login users can edit the file via share link.
      • [multi-tenancy] Support department and department owned library
      • Add system traffic statistics (showing the daily web download/web upload/sync traffic)
      "},{"location":"changelog/changelog-for-seafile-professional-server/#634-20180816","title":"6.3.4 (2018/08/16)","text":"
      • [fix] Fix a bug in creating group-owned library
      "},{"location":"changelog/changelog-for-seafile-professional-server/#633-20180815","title":"6.3.3 (2018/08/15)","text":"
      • [fix] Fix some bugs in sharing group-owned libraries
      • [fix] Fix a bug in setting folder permission
      • Update Django to 1.11.11
      • Support login via contact email
      • Support sharing a sub-folder in a group-owned library
      "},{"location":"changelog/changelog-for-seafile-professional-server/#632-20180730","title":"6.3.2 (2018/07/30)","text":"
      • [fix] Fix sometimes get group listing will cause ccnet-server crash
      • [fix] Fix built in office file preview can't works
      • Redirect '/shib-login' to '/sso'
      • Other small fixes
      "},{"location":"changelog/changelog-for-seafile-professional-server/#631-20180725","title":"6.3.1 (2018/07/25)","text":"
      • Add generating of internal links
      • Lock office files when editing via online office suite
      • Support setting organization quota, delete an organization via Web API
      • Support Swift storage backend Identity v3.0 API
      • Improve markdown editor
      • Several fixes
      "},{"location":"changelog/changelog-for-seafile-professional-server/#630-beta-20180628","title":"6.3.0 Beta (2018/06/28)","text":"
      • Support nested group and group-owned libraries
      • Keep sharing link when file or folder moved or renamed
      • Update Django to 1.11, remove fast-cgi support
      • Update jQuery to version 3.3.1
      • Update pdf.js, use pdf.js for preview pdf files
      • Docx files are converted to PDFs and preview via pdf.js in builtin preview
      • Support multiple storage backend to be used in a single server
      • [fix] Fix some bugs with OnlyOffice and CollaboraOffice
      • [fix] Use mobile version of OnlyOffice if viewed via mobile devices
      • Shared sub-folders can be searched
      • Show terms and condition link if terms and condition is enabled
      • Remove login log after delete a user
      • [admin] Support customize site title, site name, CSS via Web UI
      • [fix] Fix a bug that causing seaf-fsck crash
      • [fix] Cancel Zip download task at the server side when user close zip download dialog
      • [fix] Fix crash when seaf-fsck, seaf-gc receive wrong arguments
      • [fix] Fix a few bugs in realtime backup server
      • [beta] Wiki, users can create public wikis
      • Some other UI improvements
      "},{"location":"changelog/changelog-for-seafile-professional-server/#62","title":"6.2","text":"

      From 6.2, It is recommended to use proxy mode for communication between Seahub and Nginx/Apache. Two steps are needed if you'd like to switch to WSGI mode:

      1. Change the config file of Nginx/Apache.
      2. Restart Seahub with ./seahub.sh start instead of ./seahub.sh start-fastcgi

      The configuration of Nginx is as following:

      location / {\n         proxy_pass         http://127.0.0.1:8000;\n         proxy_set_header   Host $host;\n         proxy_set_header   X-Real-IP $remote_addr;\n         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n         proxy_set_header   X-Forwarded-Host $server_name;\n         proxy_read_timeout  1200s;\n\n         # used for view/edit office file via Office Online Server\n         client_max_body_size 0;\n\n         access_log      /var/log/nginx/seahub.access.log;\n         error_log       /var/log/nginx/seahub.error.log;\n    }\n

      The configuration of Apache is as following:

          # seahub\n    SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n    ProxyPass / http://127.0.0.1:8000/\n    ProxyPassReverse / http://127.0.0.1:8000/\n
      "},{"location":"changelog/changelog-for-seafile-professional-server/#6213-2018518","title":"6.2.13 (2018.5.18)","text":"
      • [new] Support only return files or folders when search file via api.
      • [fix] Fix notification display behavior bug on some page.
      • [fix] Recreate folder when failed because of file already exists error for the first time.
      • [fix] Fix bug of saving file via onlyoffice.
      • [fix] Fix bug when set user\u2019s reference id to \u2018\u2019 via admin api.
      • [fix] Fix bug of group info page display in organization admin panel.
      • [improve] Disable full email search if current user is a guest user.
      • [improve] Return library type when search file via api.
      • [improve] Add user auth info to cookie when login via OAuth.
      • [improve] Return timestamp instead of time string when get user clean up library trash event via api.
      • [improve] Check quota when copy/move file/folder.
      • [improve] Distinguish file or folder when send library/folder share notice/email.
      • [improve] Sort by parent folder\u2019s name when get file/folder recursively.
      • [improve] Remove unused Python imports in ADFS module.
      • [improve] Optimizate library udpate event.
      • [improve] Remove seahub gunicorn access log.
      "},{"location":"changelog/changelog-for-seafile-professional-server/#6212-2018420","title":"6.2.12 (2018.4.20)","text":"
      • [fix] Fix a bug in seafevents
      "},{"location":"changelog/changelog-for-seafile-professional-server/#6211-2018419","title":"6.2.11 (2018.4.19)","text":"
      • Update multi storage backend feature, add STORAGE_CLASS_MAPPING_POLICY setting.
      • [fix] Fix bug when search file by path.
      • [fix] A user that can't create a library can sync a sub-folder of a library now.
      • Add title when view file via OOS.
      • Check if enable LIBRARY_TEMPLATES feature when creating library.
      • [api] Enable return all files recursively under a folder.
      • Preserve share links when admin transfer a library from a user to another user.
      • Add setting to disable user change password.
      • Add setting to disable group dissussion.
      • Add setting to disable file comment.
      • Restart both ccnet-server and seaf-server if seaf-server is down.
      • Fix a bug that some cases elasticsearch be started repeatly.
      • Don\u2019t start seafile if failed to mount http-temp dir.
      • Don\u2019t deactive user if failed to get users from ldap server.
      • [fix] Fix online preview can't work in background node caused by wrong Python path.
      "},{"location":"changelog/changelog-for-seafile-professional-server/#6210-2018320","title":"6.2.10 (2018.3.20)","text":"
      • Improve performance of file search
      • [fix] Fix a bug in daily active user statistics
      • [fix] Fix copy files larger than 2GB via seaf-fuse
      • Show 403 error when visit share link if share link creator no longer has access permission to library.
      • [api] Add api for uploading file via upload share link.
      • [api] Support search file/folder in a specific library and folder via api.
      • [fix] Fix bug in folder renaming operation list on activities page.
      • [fix] Fix bug when creating personal/group wiki.
      • [fix] Fix bug when searching specific extension file.
      • [fix] Fix a bug in Two-Factor Authentication.
      • [fix] Fix bug when getting encrypted library history.
      • [fix] Fix UI bug of \"New Library\" and \"More\" buttons.
      • [fix] Fix bug of using truncated image file as avatar.
      • Change value of per_page parameter to 10 when search file via api.
      • Support indexing files in background after file uploading via API
      • Add user clean library trash event to activities
      • Use inner fileserver url to save file when edit office via OOS.
      "},{"location":"changelog/changelog-for-seafile-professional-server/#629-20180210","title":"6.2.9 (2018.02.10)","text":"
      • [fix] Support setting region for Swift backend
      • [fix] Notify the admin when an invited people registered
      • [new, api] Add API for cleaning trash
      • [fix, api] Fix permission check in search API
      • [fix] Remove redundant warning message in seahub.log
      • [fix] Add API for upload files via upload link
      • [fix] Fix inconsistency in showing user's space usage in multi-tenancy mode
      • [new] Add online preview for SVG files
      "},{"location":"changelog/changelog-for-seafile-professional-server/#628-20180202","title":"6.2.8 (2018.02.02)","text":"
      • [fix] Fix command pro/pro.py --test
      • All logs that went to seahub_django_request.log go to seahub.log
      • Print gunicorn error to runtime/error.log
      • [fix] Don't allow to generate share links via API for encrypted libraries
      • [new] Support online preview for tiff and eps files
      • [new, api] Add api to allow admin to copy files between libraries
      • [new] Allow system admin to share a library as \"admin\" to another user in admin panel
      • Other UI fixes and improvements
      "},{"location":"changelog/changelog-for-seafile-professional-server/#627-20180122","title":"6.2.7 (2018.01.22)","text":"
      • [fix, important] Fix a performance bug in search index
      • [fix, important] Fix a memory leak in listing folder with locked files
      • [fix] Fix creating of demo account
      • [new] Notify the inviter when a guest register
      • [new] Add the feature \"remember this device\" after two-factor authentication
      • [new] Don't allow to move, delete or rename a file when a file is locked
      • [new] Add option to notify the admin after new user registration (NOTIFY_ADMIN_AFTER_REGISTRATION)
      • [new, ui] Support inviting multiple guests at once
      • [new] Support customize the list of groups that a user can see when sharing a library
      • [new, api] Support search files in my libraries, shared libraries, shared to all libraries
      • [fix] Fix OAuth bug
      • [fix] Fix a bug that file preview can't work in Debian 9
      • [fix, multi-tenancy] Fix permission of a shared sub-folder can't be changed
      • [fix] Fix a bug in modify permission for a shared sub-folder
      • [fix] Improve performance in checking folder permission and file lock
      • [fix] Improve the performance of returning a user's all group libraries
      • [fix] Fix support for uploading 500+ files via web interface (caused by API rate throttle)
      • [fix] Fix API get_shared_repo_by_path()
      • [fix] Add more log when failed to zip a file
      • Don't use memcache when read object in the Python part
      • Update license file check
      • [multi-tenancy, api] Return origin_repo_name when listing libraries
      • Add cancel zip download API
      • [fix] Fix some configuration bugs in seafevents module
      "},{"location":"changelog/changelog-for-seafile-professional-server/#625-626-deprecated","title":"6.2.5, 6.2.6 (deprecated)","text":""},{"location":"changelog/changelog-for-seafile-professional-server/#624-20171220","title":"6.2.4 (2017.12.20)","text":"
      • [fix] Fix a bug in file search index clearing command
      "},{"location":"changelog/changelog-for-seafile-professional-server/#623-20171219","title":"6.2.3 (2017.12.19)","text":"
      • [fix] Fix a bug in file search indexing.
      • [fix, admin] Fix a bug of statistic module in a cluster.
      • [new, admin] Support search share link.
      • [improve, ui] Add transition to show/hide of feedback messages.
      • Other small UI improvements.
      "},{"location":"changelog/changelog-for-seafile-professional-server/#622-20171212","title":"6.2.2 (2017.12.12)","text":"
      • [improve] Improve performance of file history page.
      • [improve] show be shared folders when copy/move file/folder to \u201cOther Libraries\u201d.
      • [improve] Remove the white edge of webpage when previewing file via OnlyOffice.
      • [improve] Show two file history records at least.
      • [multi-tenancy] fix bug when listing libraries/folders shared to group.
      • [multi-tenancy] fix bug when deleting an organization.
      • [fix] fix bug when previewing excel file with \u201c&\u201d character in its name.
      • [fix] Don\u2019t check if user exists when deleting a group memeber in admin panel.
      • [oauth] Don\u2019t overwrite public registration settings when login an unexisted user.
      • [audit] Recording file access/update log when preview/edit a file via OnlyOffice.
      "},{"location":"changelog/changelog-for-seafile-professional-server/#621-beta-20171122","title":"6.2.1 beta (2017.11.22)","text":"
      • [new] Support OAuth.
      • [new] Support Swift v1 protocol.
      • [new, admin] Add option to turn on statistic module
      • [new] Enable publish library update events to message queue (like Redis)
      • [improve, ui] Add \"click to select\" feature for download/upload links.
      • [improve, ui] improved accessibility for some form elements, such as login inputs, and etc.
      • [improve, api] Add repo_owner field to library search web api.
      • [improve, admin] Show/edit contact email in admin panel.
      • [improve, admin] Show upload links in admin panel.
      • [improve, admin] Improve license display.
      • [improve, admin] Share with admin permission recorded in audit log.
      • [improve, admin] Add permission audit log when remove library from group.
      • [improve, search] Set timeout for extracting contents from doc/pdf.
      • [improve, search] Search indexing no longer depend on Seafile service. It reads information from database directly.
      • [fix] Fix Shibboleth login redirection issue, see https://forum.seafile.com/t/shared-links-via-shibboleth/4067/19
      • [fix] In some case failed to unshare a folder.
      • [fix] LDAP search issue.
      • [fix] Fix Safari downloaded file names are encoded like 'test-%2F%4B.doc' if it contains special characters.
      • [fix] Disable client encrypt library creation when creating encrypt library is disabled on server.
      • [fix] Failed to get snapshot labels when libraries are deleted.
      "},{"location":"changelog/changelog-for-seafile-professional-server/#620-beta-20171016","title":"6.2.0 beta (2017.10.16)","text":"
      • Add report charts for daily active users, daily file operations, and usage space
      • Add \"admin\" permision when sharing a library to another user/group
      • Redesign login page, adding a background image.
      • Clean the list of languages
      • Add the ability of tagging a snapshot of a library (Use ENABLE_REPO_SNAPSHOT_LABEL = True to turn the feature on)
      • [admin] Add an option to enable users to share a library to any groups in the system.
      • Use WSGI as the default mode for deploying Seahub.
      • Add a field Reference ID to support changing users primary ID in Shibboleth or LDAP
      • Improved performance of loading library list
      • Use multi-threads in search indexing
      • [fix] Fix a bug when indexing a PDF larger than 10MB
      • Support adding a custom user search function (https://github.com/haiwen/seafile-docs/commit/115f5d85cdab7dc272da81bcc8e8c9b91d85506e)
      • Other small UI improvements
      • [fix] Fix ADFS support
      "},{"location":"changelog/changelog-for-seafile-professional-server/#61","title":"6.1","text":"

      You can follow the document on minor upgrade.

      "},{"location":"changelog/changelog-for-seafile-professional-server/#619-20170928","title":"6.1.9 \uff082017.09.28\uff09","text":"
      • [fix] Fix some bugs in realtime backup server
      • Add option to set up Seafile HTTP server thread number
      • [fix] Fix create new file API when create a file with a same name with exist file
      • [fix] Fix a bug in permission check in file syncing
      • Add more detailed log information when permission check error
      • [fix] Add log to the size of queue of library size calculation
      • [fix] Use customized logo when sending email notifications
      "},{"location":"changelog/changelog-for-seafile-professional-server/#618-20170818","title":"6.1.8 (2017.08.18)","text":"
      • [fix] Fix license checking
      "},{"location":"changelog/changelog-for-seafile-professional-server/#617-20170817","title":"6.1.7 (2017.08.17)","text":"
      • [fix] Fix a bug when concurrent uploading/creating files (in the old version, when a user uploading/deleting multiple files in cloud file browser, it had a high chance to get \u201cinternal server error\u201d message)
      • [fix] Fix thumbnails for some images that 90 degrees rotated
      • [fix] Fix support for resumable file upload
      • [fix] Fix MySQL connection pool in Ccnet
      • [fix] Use original GIF file when view GIF files
      • [fix, api] Check if name is valid when creating folder/file
      • Remove deleted libraries in search index
      • Use 30MB as the default value of THUMBNAIL_IMAGE_SIZE_LIMIT
      • [api] Improve performance when move or copy multiple files/folders
      • [admin] Support syncing user role from AD/LDAP attribute (ldap role sync)
      • [admin] Support deleting all outdated invitations at once
      • [admin] Improve access log
      • [admin] Support upload seafile-license.txt via web interface (only for single machine deployment)
      • [admin] Admin can cancel two-factor authentication of a user
      • [admin, role] Show user\u2019s role in LDAP(Imported) table
      • [admin, role] Add wildcard support in role mapping for Shibboleth login
      • [admin] Improve performance in getting total file number, used space and total number of devices
      • [admin] Admin can add users to an institution via Web UI
      • [admin] Admin can choose a user\u2019s role when creating a user
      "},{"location":"changelog/changelog-for-seafile-professional-server/#614-20170711","title":"6.1.4 (2017.07.11)","text":"
      • [api] Improve performance of getting unread notifications.
      • Delete deleted libraries in search index
      • Use user's languange as lang setting for OnlyOffice
      "},{"location":"changelog/changelog-for-seafile-professional-server/#613-20170706","title":"6.1.3 (2017.07.06)","text":"
      • Add context menu \"details\" to libraries and folders, so you can get how many files in a library or a folder.
      • Improve search result accuracy
      • [fix] Fix a bug in zip downloading an empty folder
      • Improve performance of multiple file copy and move
      • Admin can delete out-dated guest invitations
      • [fix] Fix a bug in seafile-gc \"dry run\" option
      • Users can restore deleted libraries by their own
      • Change default block size for files uploaded via web browser to 8MB.
      "},{"location":"changelog/changelog-for-seafile-professional-server/#612-deprecated","title":"6.1.2 (deprecated)","text":""},{"location":"changelog/changelog-for-seafile-professional-server/#611-20170619","title":"6.1.1 (2017.06.19)","text":"
      • Add \"online preview only\" option to share links
      • Enable setting favicon and logo via admin panel
      "},{"location":"changelog/changelog-for-seafile-professional-server/#610-beta-20170606","title":"6.1.0 beta (2017.06.06)","text":"

      Web UI Improvement:

      1. Add thumbnail for video files (turn off by default)
      2. Improved image file view, using thumbnail to view pictures
      3. Move items by drap & drop
      4. Add create docx/xlsx/pptx in web interface
      5. Add OnlyOffice integration
      6. Show which client modify a file in history, this will help to find which client accidentally modified a file or deleted a file.

      Improvement for admins:

      1. Admin can set default quota for each role
      2. Admin can set user\u2019s quote, delete users in bulk in admin panel
      3. Support using admin panel in mobile platform
      4. Add translation for settings page
      5. Add admin operation logs
      6. Admin can change users' login_id in web interface
      7. Admin can create libraries in admin panel
      8. Admin can set logo and favicon in admin panel

      System changes:

      1. Remove wiki by default (to turn it on, set ENABLE_WIKI = True in seahub_settings.py)
      2. Upgrade Django to 1.8.18
      3. Clean Ajax API
      4. Increase share link token length to 20 characters
      5. Upgrade jstree to latest version
      6. Update ElasticSearch to 2.4.5
      "},{"location":"changelog/changelog-for-seafile-professional-server/#60","title":"6.0","text":"

      You can follow the document on minor upgrade.

      Special note for upgrading a cluster:

      In version 6.0, the folder download mechanism has been updated. This requires that, in a cluster deployment, seafile-data/httptemp folder must be in an NFS share. You can make this folder a symlink to the NFS share.

      cd /data/haiwen/\nln -s /nfs-share/seafile-httptemp seafile-data/httptemp\n

      The httptemp folder only contains temp files for downloading/uploading file on web UI. So there is no reliability requirement for the NFS share. You can export it from any node in the cluster.

      "},{"location":"changelog/changelog-for-seafile-professional-server/#6013-20170508","title":"6.0.13 (2017.05.08)","text":"
      • [fix] Fix in file moving/copying dialog, self-owned libraries are not listed
      • [fix] Fix files in self-owned libraries are not listed when searching files in all libraries
      • Update timestamp in about dialog
      "},{"location":"changelog/changelog-for-seafile-professional-server/#6012-20170417","title":"6.0.12 (2017.04.17)","text":"
      • Improve performance when checking group shared library permission
      • [fix] Fix image popup in favourite page
      • [fix] Fix generating sharing link with expiring time in file detailed view page
      • [fix] Don't allow to create library with '/' in name
      • [fix] Fix two-factor authentication
      • Add script to migrate between different storage backend
      "},{"location":"changelog/changelog-for-seafile-professional-server/#6011-deprecated","title":"6.0.11 (Deprecated)","text":""},{"location":"changelog/changelog-for-seafile-professional-server/#6010-20170407","title":"6.0.10 (2017.04.07)","text":"
      • [fix] Fix a bug in listing libraries in admin panel
      "},{"location":"changelog/changelog-for-seafile-professional-server/#609-20170401","title":"6.0.9 (2017.04.01)","text":"
      • Show user' name instead of user's email in notifications sent out by email
      • Add config items for setting favicon, disable wiki feature
      • Add css id to easily hide user password reset and delete account button
      • [fix] Fix UI bug in restoring a file from snapshot
      • [fix] Fix after renaming a file, the old versions before file rename can't be downloaded
      • [security] Fix XSS problem of the \"go back\" button in history page and snapshot view page
      • [fix] Fix crash problem of seaf-import
      • Add API to create/delete/modify an account in Org
      • [ad/ldap sync] Support import posix group
      • [fix] Fix Office Web App co-authoring problems when opening file in a shared sub-folder
      • [fix] Fix \"IE 9 not supported\" popup message not showing
      "},{"location":"changelog/changelog-for-seafile-professional-server/#608-20170223","title":"6.0.8 (2017.02.23)","text":"

      Improvement for admin

      • Admin can add/delete group members
      • Admin can create group in admin panel
      • Force users to change password if imported via csv
      • Support set user's quota, name when import user via csv
      • Set user's quota in user list page
      • Add search group by group name
      • Use ajax when deleting a user's library in admin panel
      • Support logrotate for controller.log
      • Add a log when a user can't be find in LDAP during login, so that the system admin can know whether it is caused by password error or the user can't be find
      • Delete shared libraries information when deleting a user
      • Add admin API to create default library for a user
      • [ldap-sync] Support syncing users from AD/LDAP as inactive user

      Other

      • [fix] Fix user search when global address book is disabled in CLOUD_MODE
      • [fix] Avoid timeout in some cases when showing a library trash
      • Show \"the account is inactive\" when an inactive account try to login
      • [security] Remove viewer.js to show open document files (ods, odt) because viewer.js is not actively maintained and may have potential security bugs
      • [fix] Exclude virtual libraries from storage size statistics
      • [fix] Fix mysql gone away problem in seafevents
      • Add region config option for Swift storage backend
      • [anti-virus] Send notification to the library owner if a virus is found
      "},{"location":"changelog/changelog-for-seafile-professional-server/#607-20170118","title":"6.0.7 (2017.01.18)","text":"
      • Set users role from Shibboleth affiliation attribute (shibboleth config, search \"Affiliation and user role\")
      • [fix] Uploading files with special names lets seaf-server crash
      • [fix] Fix reading database connection pool setting from ccnet.conf and seafile.conf
      • [fix] Fix total storage integer overflow, which is shown at the info page of admin panel)
      • [fix] Fix the password reset email gets send to the primary account email instead of the contact email of the profile.
      • [fix] Do not check path existence when delete user/group folder permission
      • Support ADFS
      • [fix] Invitation email subject does not get translated
      "},{"location":"changelog/changelog-for-seafile-professional-server/#606-20170111","title":"6.0.6 (2017.01.11)","text":"
      • Guest invitation: Prevent the same address can be invited multiple times by the same inviter and by multiple inviters
      • Guest invitation: Add an regex to prevent certain email addresses be invited (see roles permissions)
      • Office online: support co-authoring
      • Admin can set users' department and name when creating users
      • Show total number of files and storage in admin info page
      • Show total number of devices and recently connected devices in admin info page
      • Delete shared libraries information when deleting a user
      • Upgrade Django to 1.8.17
      • Admin can create group in admin panel
      • [fix] Fix quota check: users can't upload a file if the quota will be exceeded after uploading the file
      • [fix] Fix quota check when copy file from one library to another
      • Add # -*- coding: utf-8 -*- to seahub_settings.py, so that admin can use non-ascii characters in the file.
      • [fix] Prevent admin from access group's wiki
      • [fix] Prevent transfering libraries to guest account
      • [fix] Prevent guest accout to create share link via API v2
      • Add a log when a user can't be find in LDAP during login, so that the system admin can know whether it is caused by password error or the user can't be find
      • Ingore white space character in the end of lines in ccnet.conf
      "},{"location":"changelog/changelog-for-seafile-professional-server/#605-20161219","title":"6.0.5 (2016.12.19)","text":"
      • [fix] Fix generating of password protected link in file view page
      • [fix] Fix .jpg/.JPG image display in IE10
      • Export quota usage in export Excel in user list admin page
      • [fix] Fix admin can't delete broken libraries
      • Add \"back to previous page\" link in trash page, history page
      • [fix] Fix file encoding for text file editing online
      • [fix] Don't show operation buttons for broken libraries in normal users page
      • [fix] Support both [Audit] and [AUDIT] in seafevent.conf
      • [fix] Support utf-8 characters in filename when preview in MSOffice WebApp
      • Support Collabora Online 2.0
      "},{"location":"changelog/changelog-for-seafile-professional-server/#604-20161129","title":"6.0.4 (2016.11.29)","text":"
      • [fix] Fix list_inner_pub_repos error in cloud mode
      • [fix] Improve logo show in About dialog
      • [fix] Fix file/folder upload in Firefox 50
      • [fix] Fix groups not shown in admin panel when there are more than 100 groups
      "},{"location":"changelog/changelog-for-seafile-professional-server/#603-20161117","title":"6.0.3 (2016.11.17)","text":"
      • [fix] Fix the shared folder link in the notification message when a user share a folder to another user
      • [fix] Update Django version from 1.8.10 to 1.8.16
      • [fix] Fix the shared folder name is not changed after removing the old share, renaming the folder and re-sharing the folder
      • [fix] Fix sub-folder accidentially show the files in parent folder when the parent folder contains more than 100 files
      • [fix] Fix image preview navigation when there are more than 100 entries in a folder
      • [fix] Fix jpeg image display in IE10
      • [fix] Fix bug when admin searching unexisting user
      • Add support for online view of mov video files
      • Make web access token expiring time configurable
      • Add an option on server to control block size for web upload files
      • [fix] Failed to cache (set/get) WOPI_ACCESS_TOKEN_EXPIRATION due to memcached key length limit
      • [fix] Not allow user to set the permissions onto unshared folder. Because it is useless.
      • [fix] Fix condition check when display share icon for guest user
      • Support full-text search and audit log by default
      • [fix] Fix permission dialog bug when the corresponding user/group deleted
      "},{"location":"changelog/changelog-for-seafile-professional-server/#602-20161020","title":"6.0.2 (2016.10.20)","text":"
      • [fix] Virus scan fails when the keystone token has expired https://github.com/haiwen/seafile/issues/1737
      • [fix] If you share a sub-folder to a group, the sub-folder will appear as a library in that group page. Don't show \"permission\" menu item for such a shared sub-folder on the group page, because setting permissions on this shared sub-folder not work. The user should set permissions on the original library directly.
      • [fix] Fix API for uploading file by blocks (Used by iOS client when uploading a large file)
      • [fix] Fix a database connection problem in ccnet-server
      • [fix] Fix moved files are still present in local folder until refresh
      • [fix] Fix admin panel can't show deleted libraries
      "},{"location":"changelog/changelog-for-seafile-professional-server/#601-beta","title":"6.0.1 beta","text":"
      • Enable create a library from a template
      • Enable office preview by default in installation script
      • [fix] Fix not able to move files via WebDAV interface
      • Check whether the quota will exceed before saving the uploaded file to Seafile via Web UI or API
      • [fix] Fix owner can't restore a deleted file or folder in snapshot
      • [fix] Fix UI of personal profile page
      • [fix] Fix in some cases mobile devices can't be unlinked
      • [fix] Fix connection problem for the latest MariaDB in initialisation script
      • Make maxNumberOfFiles configurable
      • [fix] Remember the sorting of libraries
      • Add Finnish translation
      • Video + audio no longer be limited by max preview size
      "},{"location":"changelog/changelog-for-seafile-professional-server/#600-beta","title":"6.0.0 beta","text":"
      • Add full screen Web UI
      • Add file comment
      • Improve zip downloading by adding zip progress
      • Change of navigation labels
      • Support Seafile Drive client
      • [admin] Add group transfer function in admin panel
      • [admin] Admin can set library permissions in admin panel
      • Improve checking the user running Seafile must be the owner of seafile-data. If seafile-data is symbolic link, check the destination folder instead of the symbolic link.
      • [ui] Improve rename operation
      • Show name/contact email in admin panel and enable search user by name/contact email
      • Add printing style for markdown and doc/pdf
      • The \u201cSeafile\u201d in \"Welcome to Seafile\" message can be customised by SITE_NAME
      • Improve sorting of files with numbers
      • [api] Add admin API to only return LDAP imported user list
      • Code clean and update Web APIs
      • Remove number of synced libraries in devices page for simplify the interface and concept
      • Update help pages
      • [online preview] The online preview size limit setting FILE_PREVIEW_MAX_SIZE will not affect videos and audio files. So videos and audio with any size can be previewed online.
      • [online preview] Add printing style for markdown

      Pro only features

      • Support LibreOffice online/Collabora Office online
      • Add two-factor authentication
      • Remote wipe (need desktop client 6.0.0)
      • [anti-virus] Support parallel scan
      • [anti-virus] Add option to only scan a file with size less than xx MB
      • [anti-virus] Add option to specific which file types to scan
      • [anti-virus] Add scanning virus instantly when user upload files via upload link
      • [online preivew] Add printing style for doc/pdf
      • [online preivew] Warn user if online preview only show 50 pages for doc/pdf with more than 50 pages
      • [fix] Fix search only work on the first page of search result pages
      "},{"location":"changelog/client-changelog/","title":"Seafile Client Changelog","text":""},{"location":"changelog/client-changelog/#90","title":"9.0","text":""},{"location":"changelog/client-changelog/#908-20240812","title":"9.0.8 (2024/08/12)","text":"
      • [win] Fix a potential crash bug when downloading files
      • [linux] Fix a few issues in AppImage
      • [linux] Support using AppImageUpdate to check updates
      "},{"location":"changelog/client-changelog/#907-20240723","title":"9.0.7 (2024/07/23)","text":"
      • Checkout files directly without writing to cache folder first
      • Use user name when creating conflict files
      • Display user name in shared library list
      • Fix \"Copy move is already in progress\" error in cloud file browser
      • Support server addresses with special characters
      • Fix help links
      • [mac] Fix crash on first run for Apple Silicon CPUs
      • [linux] Use AppImage format for release
      • [linux] Disable deletion confirmation for CLI client
      "},{"location":"changelog/client-changelog/#906-20240523","title":"9.0.6 (2024/05/23)","text":"
      • Fix sync error icon in main window
      • Handle filename case conflicts better when downloading (don't download file with case conflicts)
      • Improve conflict handling in cloud file browser
      • Add sort library feature in main window
      • Support username and password when use SOCKS5 proxy
      • Requires at least version 2 encryption protocol when creating an encrypted library (Thanks to Jonas Hofmann and Kien Tuong Truong from ETH Zurich)
      • Change local file permission when recieving unlock event from notification server
      • [mac] Update system tray icon
      • [linux] ensure only one seaf-daemon running for each account
      • [linux] Support reading parameters from configuration file
      "},{"location":"changelog/client-changelog/#905-20240305","title":"9.0.5 (2024/03/05)","text":"
      • Support Single-Sign-On with desktop browsers
      • Optimize confilct handling in cloud file browser
      • Improve share link generation UI
      • Use system proxy setting by default
      • [win] Display warning when syncing a library to network drive or windows share
      • [mac] Adapt to system style for tray area icons
      • [mac] Persist notifications to notification area
      • [linux] Check daemon running when start
      "},{"location":"changelog/client-changelog/#904-20230913","title":"9.0.4 (2023/09/13)","text":"
      • [win] Upgrade to Qt 6.5.2 and OpenSSL 3.0
      • Record an error when fail to checkout a file
      • [linux] Supports notification server
      • Handles new errors returned by newer servers
      "},{"location":"changelog/client-changelog/#903-20230705","title":"9.0.3 (2023/07/05)","text":"
      • [macOS] Provide universial package for Apple Silicon and Intel
      • Some UI improvements
      • Support file number limits for libraries on server
      • Fix error when getting links with extension menu from library root
      "},{"location":"changelog/client-changelog/#902-20230427","title":"9.0.2 (2023/04/27)","text":"
      • [macOS] Fix UTF-8 encoding issue for file names
      • Persist file sync errors in the UI
      • Fix an issue when removing large number of files from encrypted libraries
      • Remove client version checking
      • Fix resyncing libraries with non-default location
      • Fix UI issue for 2FA
      "},{"location":"changelog/client-changelog/#901-20230324","title":"9.0.1 (2023/03/24)","text":"
      • [win] Update app signing certificate
      "},{"location":"changelog/client-changelog/#900-20230320","title":"9.0.0 (2023/03/20)","text":"
      • Support notification server to update libraries and locked files more timely
      • Support Windows 7/8 again
      • Fix a progress dialog bug in cloud file browser when uploading file larger than 100MB
      "},{"location":"changelog/client-changelog/#80","title":"8.0","text":""},{"location":"changelog/client-changelog/#8010-20221228","title":"8.0.10 (2022/12/28)","text":"
      • Improve handling of moving large folders to avoid potential false deletion of files
      • Ask for user confirmation when deleting more than 500 files at once
      "},{"location":"changelog/client-changelog/#809-20221114","title":"8.0.9 (2022/11/14)","text":"
      • Add events.log to debug local file changes
      • Change commit process on restart, to avoid potential corruption state
      "},{"location":"changelog/client-changelog/#808-20220705","title":"8.0.8 (2022/07/05)","text":"
      • Allow login with password after loging out an SSO account
      • Add additional log messages when failing to start upload/download
      "},{"location":"changelog/client-changelog/#807-20220429","title":"8.0.7 (2022/04/29)","text":"
      • Fix \"Another copy or move operation is in progress\" error when copying items in cloud file browser
      • Fix folder timestamp when all items under a folder is removed
      "},{"location":"changelog/client-changelog/#806-20220304","title":"8.0.6 (2022/03/04)","text":"
      • Improve some permission error messages
      • Show errors when fails to create share link or upload link
      • Support compiling with Qt 6.2
      "},{"location":"changelog/client-changelog/#805-20211118","title":"8.0.5 (2021/11/18)","text":"
      • [Win] Improve German and French translations for context menus
      • [Linux] Fix crash bug when hovering mouse on the settings button
      "},{"location":"changelog/client-changelog/#804-20210922","title":"8.0.4 (2021/09/22)","text":"
      • Add a Settings button in the main panel
      • [CLI] Add an option to use API token for login, instead of password. This is useful for SSO login in CLI.
      • Fix problem recording file sync errors
      • Send proper content-type headers in http requests
      • A few UI fixes
      • [Linux] Support Debian 11
      "},{"location":"changelog/client-changelog/#803-20210703","title":"8.0.3 (2021/07/03)","text":"
      • [Mac,Linux] Add option to not show Windows incompatible path notifications
      • [Linux] Fix compatibility to new GLib versions
      "},{"location":"changelog/client-changelog/#802-20210521","title":"8.0.2 (2021/05/21)","text":"
      • [Mac] Fix dark mode support
      • Fix bug for updating server address
      • [Mac] Improve Finder context menu
      • [Win] Support setting password and expiration when creating links from context menu
      • [Win] Avoid consuming too much Windows Explorer CPU when copying large folders into library
      • [Mac, Linux] Pop-up notification when uploading files whose names are invalid on Windows
      • [Cli] Add --json option for listing libraries
      "},{"location":"changelog/client-changelog/#801-20201215","title":"8.0.1 (2020/12/15)","text":"
      • [Win] Fix compatibility to previously synced libraries
      • [Win] Fix failing to run issue
      • Don't stop syncing a library when local folder is unavailable, if option is set
      • [Win] Fix files with invalid names reappearing problem
      • Use SOCKS5 proxy to resolve domain names
      "},{"location":"changelog/client-changelog/#800-beta-20201128","title":"8.0.0 beta (2020/11/28)","text":"
      • [Win] Build with Visual Studio 2019 instead of MinGW
      • [Win/Mac] Upgrade Qt version to 5.15.1 (which supports TLS 1.3)
      • Add V4 encryption library support, which will be available in server 8.0
      "},{"location":"changelog/client-changelog/#70","title":"7.0","text":""},{"location":"changelog/client-changelog/#7010-20201016","title":"7.0.10 (2020/10/16)","text":"
      • Fix sync error when downloading duplicated files from a library
      • Fix crash bug when downloading files with very long names
      "},{"location":"changelog/client-changelog/#709-20200730","title":"7.0.9 (2020/07/30)","text":"
      • Avoid downloading existing blocks during sync download
      • Fix crash when cancel syncing before a library is synced
      • Fix incorrect error message in some error situations
      "},{"location":"changelog/client-changelog/#708-20200603","title":"7.0.8 (2020/06/03)","text":"
      • Fix GUI crash on start
      • Avoid redundant notification when downloading updates from a read-only library
      "},{"location":"changelog/client-changelog/#707-20200403","title":"7.0.7 (2020/04/03)","text":"
      • Use new API to copy/move files from one library to another in cloud file browser
      • [fix] Fix SSO problem after logout and login again
      • [mac] Ignore files start with ._
      • [fix] Fix deleting of multiple sync error logs
      "},{"location":"changelog/client-changelog/#706-20200214","title":"7.0.6 (2020/02/14)","text":"
      • Enable to config block size at the client side
      • Do not refresh explorer when restart
      • Can clean sync error records in sync errors dialog
      • [fix] Do not popup the sync errors dialog when click a sync notification popup
      "},{"location":"changelog/client-changelog/#705-20200114","title":"7.0.5 (2020/01/14)","text":"
      • Fix some right click menu do not work
      • Fix \"View on cloud\" function
      • Fix sign in file name break \"view file history\"
      • Support get upload link for folders
      • [mac] Fix SSO in MacOS 10.15
      "},{"location":"changelog/client-changelog/#704-20191120","title":"7.0.4 (2019/11/20)","text":"
      • Fix showing syncing error \"!\" in the system tray icon after restarting the client
      • Don't clean modified files in cloud file browser
      • Improve seaf-cli
      • [mac] Add support for MacOS 10.15
      • [mac] Drop support for MacOS 10.12, 10.11 and 10.10
      "},{"location":"changelog/client-changelog/#703-20191031","title":"7.0.3 (2019/10/31)","text":"
      • Official repo for CentOS or RHEL is ready. Currently only CentOS/RHEL 7 is supported.
      • Seaf-cli now support both Python2 and Python3.
      • Re-enable the old style seafile internal links (seafile://openfile?repo_id=\u2026)
      • Improve error message display
      • Fix a bug that local added files are deleted if the folder is removed or renamed by another user simultaneously.
      • Improve progress percentage display during syncing downloading.
      • Users can check who locked a file now
      "},{"location":"changelog/client-changelog/#702-20190812","title":"7.0.2 (2019/08/12)","text":"
      • Improve notifications when user editing files in read-only libraries
      • [fix] Fix seaf-cli syncing problem
      "},{"location":"changelog/client-changelog/#701-20190711","title":"7.0.1 (2019/07/11)","text":"
      • Fix a bug that causing GUI to crash when seaf-daemon dead
      • Fix a bug that cloud file browser does not show file status correctly
      • Do not show lots of \"Failed to index file\" messages
      "},{"location":"changelog/client-changelog/#700-20190604","title":"7.0.0 (2019/06/04)","text":"
      • Improve error notifications
      • Support new version of encrypted libraries if server version is 7.0.0+
      • Starred items support libraries and folders
      • Support new version of file activities
      • Fix the error of \"Failed to remove local repos sync token\" during client shutdown
      • Add menu to repair Windows Explorer extension
      "},{"location":"changelog/client-changelog/#62","title":"6.2","text":""},{"location":"changelog/client-changelog/#6210-20190115","title":"6.2.10 (2019/01/15)","text":"
      • [fix] Fix support for Windows user name containting non-ascii characters
      • Remove seacloud.cc from the default server list
      • Remove description from library detail dialog
      "},{"location":"changelog/client-changelog/#629-20181210","title":"6.2.9 (2018/12/10)","text":"
      • [fix] Fix background index when upload files via cloud file browser
      • Don't call ping and account-info every 5 minutes
      "},{"location":"changelog/client-changelog/#628-20181205","title":"6.2.8 (2018/12/05)","text":"
      • [fix] Don't refresh activity list automatically
      • [fix] Fix view on Web link for starred items
      "},{"location":"changelog/client-changelog/#627-20181122","title":"6.2.7 (2018/11/22)","text":"
      • Handle library permission change for synced libraries
      • Don't retry forever when error occur during first time downloading
      • [mac] Fix dark mode support on Mac Mojave
      • Show user's name instead of email in account switching popup
      "},{"location":"changelog/client-changelog/#625-20180914","title":"6.2.5 (2018/09/14)","text":"
      • More robust deleting folder locally if it is deleted on the server
      • Show file modifier in cloud file browser
      • [fix, win] Fix avatar with jpg format can't be displayed problem
      • Support getting internal link
      • [fix, win] Fix support for some SSL CA
      "},{"location":"changelog/client-changelog/#624-20180803","title":"6.2.4 (2018/08/03)","text":"
      • [fix] Fix a bug that causing Windows Explorer crash
      "},{"location":"changelog/client-changelog/#623-20180730","title":"6.2.3 (2018/07/30)","text":"
      • Prevent multiple seaf-daemon running
      • [fix] Support preconfigured Shibboleth Url
      • Restart seaf-daemon automatically if it is dead
      "},{"location":"changelog/client-changelog/#622-621-beta-20180713","title":"6.2.2 6.2.1 Beta (2018/07/13)","text":"
      • [fix] Fix initialization problem in first time launching
      • Improve file syncing notification message
      "},{"location":"changelog/client-changelog/#620-beta-20180703","title":"6.2.0 Beta (2018/07/03)","text":"
      • [mac] Add automatical locking support for Office files
      • [mac] Don't update local office file if it is editing locally while simultaneously edited remotely
      • [win] Enable using both syncing client and drive client while keep the Explorer file status icon work for both
      • [win] Remove ccnet component to make running multiple-instances on a single machine possible
      • Don't send unneccesary \"api2/events\" requests
      • [cloud file browser] Fix uploading retrying
      • [fix] Fix .eml files can't be deleted
      "},{"location":"changelog/client-changelog/#61","title":"6.1","text":""},{"location":"changelog/client-changelog/#618-20180508","title":"6.1.8 (2018/05/08)","text":"
      • [fix] Fix display of library search box
      "},{"location":"changelog/client-changelog/#617-20180329","title":"6.1.7 (2018/03/29)","text":"
      • [fix] Fix file searching
      • [cloud file browser] Support showing indexing progress after uploading a large file
      "},{"location":"changelog/client-changelog/#616-20180313","title":"6.1.6 (2018/03/13)","text":"
      • [fix] Fix crash during login
      • [cloud file browser] Only show search button when the server is pro edition
      • Show detailed path when a library can't be synced because a file is locked
      • [fix] Fix a crash during file syncing caused by files with illegal file name
      • [fix] Fix a bug that causing crash during loading libraries
      "},{"location":"changelog/client-changelog/#615-20180206","title":"6.1.5 (2018/02/06)","text":"
      • Add \"trust this device\" function to two-step authentication
      • Add search files inside a library
      • Some UI improvements
      "},{"location":"changelog/client-changelog/#614-20171220","title":"6.1.4 (2017/12/20)","text":"

      cloud file browser

      • Don't use resumable upload feature when updating a file
      • Show an icon to indicate that a file is cached
      • Show a warning icon when a file failed to upload to the server after changing
      • User can re-upload a local modified file that failed to upload
      • Add a command to open local cache folder
      • Improve error messages when uploading a file or a folder
      • [mac] Fix a bug that a doc/xls file uploaded automatically after downloading
      • Some ui fixes and improvements

      others

      • Don't show the connection status of 127.0.0.1
      • Disable editing of local syncing path, users can only choose a path
      • Some ui fixes and improvements
      "},{"location":"changelog/client-changelog/#613-20171103","title":"6.1.3 (2017/11/03)","text":"
      • [fix] Fix system tray icon
      • Change \"Shibbeloth Login\" to \"Single Sign On\"
      • [fix] Fix MacOS client using discrete GPU
      • [cloud file browser] Improve file uploading after modification
      • [cloud file browser, fix] Don't show quota exceeded when server return 502 error
      • [cloud file browser] Show number of files in current folder
      "},{"location":"changelog/client-changelog/#612-20171028","title":"6.1.2 (2017/10/28)","text":"
      • [win] Update system tray icon
      • Return error if repo name contains invalid characters when syncing a library
      • Update local folder name when repo name is changed.
      • Leave a shared library
      • [fix] Fix open cloud file browser from activity view
      • [fix] Fix loading more events in activity tab
      • [fix, cloud file browser] Always watching local cached files after uploading failed when file changed
      • [fix, cloud file browser] Use local cached version if it is changed locally
      "},{"location":"changelog/client-changelog/#611-20170920","title":"6.1.1 (2017/09/20)","text":"
      • Improve support for syncing EML files (Don't sync EML files if only timestamp changed)
      • Improve support for Copy/Paste files in cloud file browser
      • [mac] Fix opening file history from Mac
      • [fix] Fix memory leak in Windows extension handler
      • [fix] Fix re-login with Shibboleth
      • UI/UX improvements for cloud file browser
      • [fix, windows] Fix a bug in detecting whether there is an old instance of Seafile running
      "},{"location":"changelog/client-changelog/#610-20170802","title":"6.1.0 (2017/08/02)","text":"
      • [fix] Fix a bug that library name will be changed back when it is changed in the server
      • [fix] Fix a bug that uploading progress exceeding 100%.
      • [fix] Fix selectively synced subfolder disappear after logout and login again
      • Use new library icons
      • [fix] Fix showing of avatars
      • [fix] Improve UI in Windows with high DPI screens
      • Only allow https for Shibboleth login
      • Clean unused logs in applet.log
      • Remove the function of map a library to a network drive
      • [fix] Fix an issue when uploading a deep empty folder like \"A/B/C\"
      • Change default block size to 8MB
      • [fix, mac] Popup a notification after user clicking the \"Check new version\" button in about dialog if the current version is the latest version
      "},{"location":"changelog/client-changelog/#60","title":"6.0","text":""},{"location":"changelog/client-changelog/#607-20170623","title":"6.0.7 (2017/06/23)","text":"
      • [fix] Fix auto-completion in sharing dialog
      • Show contact avatars in auto-completion of sharing dialog
      • [fix] Fix mis-leading error message when uploading a file to a read-only library via cloud file browser
      • Add highlight background color when drag and drop a file/folder to a library
      • [fix] Fix connection error in libcurl
      • [fix] Fix sorting by time in cloud file browser
      • [fix] Fix sorting by name case sensitive in cloud file browser
      • [fix] Fix drag more than one folder to cloud file browser
      • Add loading more in activity tab and search tab
      • \"View sync error\" can only be clicked when there are sync errors
      • Move seafile.log, applet.log to seafile.log.old, applet.log.old if they become too large
      • Remove the \"?\" icon in creating new folder dialog title bar
      "},{"location":"changelog/client-changelog/#606-20170508","title":"6.0.6 (2017/05/08)","text":"
      • Sort files by numbers if numbers contained in the file name, so \"1, 10, 2, 11, 3\" will be sorted as \"1, 2, 3, 10, 11\".
      • Use native system window for Seafile main windown and cloud file browser window.
      • Fix progress overflow when uploading large file using cloud file browser
      • Improve the tip when removing an account in the client
      • Don't show download button when select folders in cloud file browser
      • Clean cache data of cloud file browser when logout an account or restart the client
      • [fix] Fix display problem for high screen Windows in win10
      • [fix] Fix libssl compatibility problem in Debain Stretch
      • Add auto-update check
      "},{"location":"changelog/client-changelog/#604-20170221","title":"6.0.4 (2017/02/21)","text":"
      • [fix] Fix Shibboleth login support
      • Improve network connection check
      • Don't log \"read pipe error\" into log file
      • [fix] Fix the link for help page
      • Improve library sharing dialog (pro edition only feature)
      "},{"location":"changelog/client-changelog/#603-20170211","title":"6.0.3 (2017/02/11)","text":"
      • Add a dialog to list all sync errors
      • Don't popup file is locked by other users error message
      • Make sync error message more accurate
      • [win] Support intermediate CA
      • [cloud file browser] Show correct error message when quota is exceeded during file upload
      • Show the server address during Shibboleth login
      • Support pre-config Shibboleth server address in seafile.ini
      • [fix] Show the recent shared user in sharing dialog
      • \"open folder\" changed to \"open local folder\"
      "},{"location":"changelog/client-changelog/#602-deprecated","title":"6.0.2 (deprecated)","text":"

      This version has a few bugs. We will fix it soon.

      "},{"location":"changelog/client-changelog/#601-20161207","title":"6.0.1 (2016/12/07)","text":"
      • Don't generate case conflict file/folder
      • [fix] Fix popup style for Mac Sierra
      • Show image thumbnail in cloud file browser
      • Change label \"organization\" to \"shared with all\", \"private shares\" to \"shared with me\"
      "},{"location":"changelog/client-changelog/#600-20161014","title":"6.0.0 (2016/10/14)","text":"
      • [fix] Fix a conflict problem with ESET anti-virus program
      • Fix client name and add client version in modification history
      • Add remote wipe support
      • [fix] Fix sub-folder permission support
      "},{"location":"changelog/client-changelog/#51","title":"5.1","text":""},{"location":"changelog/client-changelog/#514-20160729","title":"5.1.4 (2016/07/29)","text":"
      • [fix] Fix seaf-daemon crash if root dir is corrupted
      • [fix, pro] Fix auto-completion in sharing a folder to a user if the user name contains a space
      "},{"location":"changelog/client-changelog/#513-20160627","title":"5.1.3 (2016/06/27)","text":"
      • Support syncing any sub-folder with a community server
      • [fix, win] Fix automatically unlocking office files
      • [fix, pro] Fix auto-completion in sharing a folder to a user
      • auto-login for open file history in web
      • Prevent generating too many \"case conflict\" files
      "},{"location":"changelog/client-changelog/#512-20160607","title":"5.1.2 (2016/06/07)","text":"
      • Add context menu to view file history in web
      • [fix, pro] Fix user auto-completion in folder sharing dialog
      • [linux] Fix tray icon not shown in KDE 5 https://github.com/haiwen/seafile-client/issues/697
      • [win 10, fix] Fix explorer context menu has no right arrow
      • [win, fix] Can't create new files/folders in \"My Library\" Shortcut
      • [win, fix] Fix on Windows 10 sometimes the seafile client main window exceeds the height of the screen.
      "},{"location":"changelog/client-changelog/#511-20160504","title":"5.1.1 (2016/05/04)","text":"
      • Add \u201cGroups\u201d category in the client\u2019s library view
      • Click notification pop up now open the exact folder containing the modified file.
      • Change \"Get Seafile Share Link\" to \"Get Seafile Download Link\"
      • [fix] Use case-insensitive sorting in cloud file browser
      • [fix] Don't sync a folder in Windows if it contains invalid characters instead of creating an empty folder with invalid name
      • [fix] Fix a rare bug where sometimes files are synced as zero length files. This happens when another software doesn't change the file timestamp after changing the content of the file.
      "},{"location":"changelog/client-changelog/#510-20160411","title":"5.1.0 (2016/04/11)","text":"

      Note: Seafile client now support HiDPI under Windows, you should remove QT_DEVICE_PIXEL_RATIO settings if you had set one previous.

      • Update to QT5.6
      • Add HiDPI support
      • Remove corrupted local metadata when unsync or resync a library
      "},{"location":"changelog/client-changelog/#50","title":"5.0","text":""},{"location":"changelog/client-changelog/#507-20160329","title":"5.0.7 (2016/03/29)","text":"
      • [fix, mac] Enable multi-users running Seafile on Mac
      • [win, pro] auto-lock office files (doc/ppt/excel) when open, require Seafile pro edition v5.1.0+
      • Enable using system proxy setting
      • Auto login when viewing unread notifications
      • Record device name to modification history
      "},{"location":"changelog/client-changelog/#506-20160308","title":"5.0.6 (2016/03/08)","text":"
      • [fix, mac] Fix deleted folder get re-uploaded if with .DS_Store inside
      • [fix] Fix loading proxy configuration during start-up
      • [fix] Fix a crash bug when using libcurl with multiplt https connection
      • [fix] Fix sync problem when the network connection is slow
      • Use GB/MB/KB instead of GiB/MiB/KiB (1GB = 1000MB = 1,000,000KB)
      • [fix] Fix disappear of synced sub-folder from the main window
      • Small UI improvements
      "},{"location":"changelog/client-changelog/#505-20160220","title":"5.0.5 (2016/02/20)","text":"
      • [fix] Fix a crash bug in multi-threaded file download/upload
      "},{"location":"changelog/client-changelog/#504-20160126","title":"5.0.4 (2016/01/26)","text":"
      • Add crash report support
      • [win] Add mapping a synced library as a network drive
      "},{"location":"changelog/client-changelog/#503-20160113","title":"5.0.3 (2016/01/13)","text":"
      • [fix] Fix German translation
      "},{"location":"changelog/client-changelog/#502-20160111","title":"5.0.2 (2016/01/11)","text":"
      • [fix] Fix compatibility issue with F-Secure
      • Add setting sync interval for a library
      • Showing progress when downloading file list during the first-time syncing
      "},{"location":"changelog/client-changelog/#501-20151221","title":"5.0.1 (2015/12/21)","text":"
      • [fix] Fix a memory leak
      • Show user name instead of email in the profile area
      • [pro] For pro users, you can manage the library sharing from the client now.
      "},{"location":"changelog/client-changelog/#500-20151125","title":"5.0.0 (2015/11/25)","text":"
      • Show storage usage
      • Support login via username
      • Set current tab icon color to orange
      • Send notifications when sync error happens for some files
      • Improve file locking for Microsoft Office files
      • [fix] Fix preventing syncing with any folder if it is prevented by the server
      • [windows] Set TCP send buffer size and TCP_NODELAY options
      • [fix] Keep ignore files when deleting a folder (https://github.com/haiwen/seafile/issues/1383)
      "},{"location":"changelog/client-changelog/#44","title":"4.4","text":""},{"location":"changelog/client-changelog/#442-20151020","title":"4.4.2 (2015/10/20)","text":"
      • [fix] Fix showing data transfer percentage in syncing.
      • Add open containing folder in search result
      "},{"location":"changelog/client-changelog/#441-20151014","title":"4.4.1 (2015/10/14)","text":"
      • [fix, win] Fix a rare bug in file sync on Windows related to multi-thread downloading
      "},{"location":"changelog/client-changelog/#440-20150918","title":"4.4.0 (2015/09/18)","text":"
      • Fix bugs in file ignore feature
      • Fix popup two password input dialogs when visit an encrypted library
      • Popup a tip when file conflicts happen
      • Don't send the password to server when creating an encrypted library
      • [mac] Fix support for TLS 1.2
      • [win, extension] Add context menu \"get internal link\"
      • Enable uploading of an empty folder in cloud file browser
      • [pro] Enable customization of app name and logo for the main window (See https://github.com/haiwen/seafile-docs/blob/master/config/seahub_customization.md#customize-the-logo-and-name-displayed-on-seafile-desktop-clients-seafile-professional-only)
      • A few small UI improvements
      "},{"location":"changelog/client-changelog/#43","title":"4.3","text":""},{"location":"changelog/client-changelog/#434-20150914","title":"4.3.4 (2015/09/14)","text":"
      • Fix a bug in refresh file locking status icon
      • Use 3 threads instead of 10 threads when syncing files to reduce load on server
      "},{"location":"changelog/client-changelog/#433-20150825","title":"4.3.3 (2015/08/25)","text":"
      • Fix one more syncing issues introduced in v4.3.0
      • Improve the file lock icon
      • Improve cloud file browser
      • Fix icon overlay problem in win10
      • Add back sync with existing folder
      "},{"location":"changelog/client-changelog/#432-20150819","title":"4.3.2 (2015/08/19)","text":"
      • Fix more syncing issues introduced in v4.3.0
      • Update translation
      • Fix ignore feature
      • Add HiDPI icons for cloud file browser
      "},{"location":"changelog/client-changelog/#431-20150811","title":"4.3.1 (2015/08/11)","text":"
      • Fix syncing issues.
      "},{"location":"changelog/client-changelog/#430-beta-20150803","title":"4.3.0 beta (2015/08/03)","text":"
      • [fix, windows] Fix a bug that causes freeze of Seafile UI
      • [sync] Improve index performance after a file is modified
      • [sync] Use multi-threads to upload/download file blocks
      • [admin] Enable config Seafile via seafile.rc in Mac/Linux or seafile.ini in Windows (https://github.com/haiwen/seafile-user-manual/blob/master/en/faq.md)
      • [admin] Enable uninstall Seafile without popup \"deleting config files\" dialog
      • Add file lock
      • [mac, extension] Add getting Seafile internal link
      • [mac, extension] Improve performance of showing sync status
      "},{"location":"changelog/client-changelog/#42","title":"4.2","text":""},{"location":"changelog/client-changelog/#428-20150711","title":"4.2.8 (2015/07/11)","text":"
      • [win] Another fix on the explorer extension
      • Improve the ui for downloading the encrypted library
      • filebrowser: fix a crash when closed while context menu pop up
      • explorer extension: show read-only badge when a file is read-only
      "},{"location":"changelog/client-changelog/#427-20150708","title":"4.2.7 (2015/07/08)","text":"
      • [win] Fixed another bug that will cause crash of explorer extension
      • [win] Add executable file version information for the client
      • [mac] Use OS X native notification when possible (OS X >= 10.8)
      • [mac] Implement sync status improvement for every files
      • filebrowser: fix uploading failures in the folders with permission set
      • filebrowser: support \"save as\" multiple files simultaneously
      • filebrowser: fix the sorting of folders
      • filebrowser: implement get seafile internal link
      • shibboleth: popup ShiLoginDialog when doing relogin
      • [ui] disable the inputablity of computer name when doing login
      "},{"location":"changelog/client-changelog/#426-20150625","title":"4.2.6 (2015/06/25)","text":"
      • [win] Fixed more memory problem that will cause crash of explorer extension
      "},{"location":"changelog/client-changelog/#425-20150624","title":"4.2.5 (2015/06/24)","text":"
      • [win] Fixed a possible memory corruption in explorer extension
      • [win] Add icon for readonly state in explorer extension
      • [win] unconfigured clients now can hide the configuration wizard
      • [win] ui: improve set password dialog
      • [win] fix broken local DNS resolve
      • [mac] add \"seafile://\" protocol support
      • [ui] tweak search tab item padding
      • Add a menu item to open seafile folder
      • [ui] don't change current account after logout
      • [ui] fix some bugs on account-view
      • [ui] improve account management
      • filebrowser: support readonly directories
      • [fix] Fix creating subfolder for password-protected repo
      • [fix] Fix file size integer overflow in search results
      "},{"location":"changelog/client-changelog/#424-20150611","title":"4.2.4 (2015/06/11)","text":"
      • [win] add workarounds with auto update bugs in cloud browser
      • [win] add the missing support for ipv6 (curl)
      • [pro] add new tab to searching files
      • [osx] fix the regularly disappearance tray icon (Qt5.4.2)
      • [osx] fix broken network connection sometimes after resume (Qt5.4.2)
      • add an option to syncing with an existing folder with a different name
      • avoid race condition when quiting
      • fix a bug with opening password-protected repo in cloud browser
      • ui: tweak paddings in the event activities
      • filebrowser: show file type correctly along with icons
      • ui: improve repo item category
      • ui: show download link in share link dialog
      • ui: enhance event details
      "},{"location":"changelog/client-changelog/#423-20150529","title":"4.2.3 (2015/05/29)","text":"
      • Improve self-signed CA support
      • Auto login when click \"view on cloud\"
      • [fix] Fix bugs with open directory from modification details dialog (pro)
      • [fix] Fix incorrect transfer rates for each sync task
      • [fix] Fix auto uploaded modified files in cloud file browser for some office files
      "},{"location":"changelog/client-changelog/#422-20150526","title":"4.2.2 (2015/05/26)","text":"
      • [win] Use Openssl to handle HTTPS connection
      • [mac] Load trusted CA certificates from Keychain
      • [fix] Fix logout/login issue (libraries stay at waiting for sync)
      • [fix] Fix a file deletion problem in Mac client
      • Ignore the others of ssl errors if we have dealt with one
      • Expand env variable in preconfigure seafile directory
      • Hide explorer extension option on other platforms than windows
      • Cloud file browser: fix broken title bar when minimized on windows
      • Remove unused option in setting dialog
      "},{"location":"changelog/client-changelog/#421-20150514","title":"4.2.1 (2015/05/14)","text":"
      • [fix] Fix \"Waiting for synchronization\" problem
      • [win] Fixed encoding problem in the explorer extension
      • [win] Prefer home for seafile data dir when it is on the largest drive
      • [win] Adopt preconfigure directory for initialization if any
      • [win] Adopt preconfigure server addr for adding accounts if any
      • [win] Open current repo worktree when clicking ballon message
      • [mac] Fix some memory leaks
      • Description is no longer required when creating repositories
      • [fix] Fix webview url for server version >= 4.2.0
      • redesign the event list in activity tab (pro)
      • [fix] Fix window focus when creating repository from drag and drop
      • [fix] filebrowser: fix sorting column kind for non-English users
      • network: disable weak ciphers explicitly
      • [fix] Fix a issue synced subfolders are not shown when client starts
      • [fix] Remember the used server addresses for convenience
      • [fix] Fix the ssl handshake errors with custom CA seafile servers
      "},{"location":"changelog/client-changelog/#420-20150507","title":"4.2.0 (2015/05/07)","text":"
      • [win] Support overlay icons for files based on the sync status
      • Use http syncing only
      • Auto detect existing folders and prompt \"syncing with existing folder\" in first time syncing
      • [win] Open desktop icon popup the main window if Seafile is already running
      • Respect umask on Linux
      • [fix] Fix main window stay outside screens problem
      • [fix] Fix a few small syncing issues.
      • [osx] Allow sharing root directory from finder extension
      • Auto login from the client when click the server URL (need v4.2 server)
      • Auto logout when the authorization is expired (require server supports)
      • Auto detect existing folders in first time syncing
      • Save server info persistently
      • More miscellaneous fixes
      "},{"location":"changelog/client-changelog/#41","title":"4.1","text":""},{"location":"changelog/client-changelog/#416-20150421","title":"4.1.6 (2015/04/21)","text":"
      • [win] add overlay icon to show sync status at the library level
      • [win] add an option to enable/disable explorer extension support
      • [mac] add finder sync extension (need OSX 10.10.x)
      • [mac] fix the broken hide-the-dock option in some cases
      • [linux] fix the bug that we have two title bar for some desktop environment
      • Update shibboleth support
      • [cloud file browser] Pop notifications when new versions of cached files uploaded
      • [cloud file browser] Add a save_as action
      • [cloud file browser] Improve file browser's UI
      • [fix] Fix a rare case of login failure by using complex password, a regression from 4.1.0
      • [fix] Fix a rare case of program crash when changing accounts
      • Update avatars automatically
      • More miscellaneous fixes
      "},{"location":"changelog/client-changelog/#415-20150409","title":"4.1.5 (2015/04/09)","text":"
      • Add Shibboleth login support
      • Reset local modified files to the state in Server when resyncing a read-only library.
      • [fix] Fix unable to unsync a library when it is in the state of uploading files
      • [fix, win] handle file/directory locking more gracefully
      • Add http user agent for better logging in Apache/Nginx
      • [fix] Fix timeout problem in first time syncing for large libraries
      "},{"location":"changelog/client-changelog/#414-20150327","title":"4.1.4 (2015/03/27)","text":"
      • [fix, win] Fix Windows explore crash by seafile extension when right clicking on \"Libraries->Documents\" at the right side
      "},{"location":"changelog/client-changelog/#413-20150323","title":"4.1.3 (2015/03/23)","text":"
      • [fix] Fix unable to sync bug (permission denial) if the Windows system user name contains space like \"test 123\" introduced in v4.1.2
      • [win] Update version of OpenSSL to 1.0.2a
      "},{"location":"changelog/client-changelog/#412-20150319-deprecated","title":"4.1.2 (2015/03/19) (deprecated)","text":"
      • Add logout/login support (need server 4.1.0+)
      • fix proxy password disappearance after restarting issue
      • mask proxy password in the setting dialog
      • [fix] fix unexpected disconnection with proxy servers
      • [fix] fix a conflicting case when we have read-only sharing repository to a group
      • update translations
      • support darkmode (OS X)
      • and other minor fixes
      "},{"location":"changelog/client-changelog/#411-20150303","title":"4.1.1 (2015/03/03)","text":"
      • Add network proxy support for HTTP sync
      • [mac] Add more complete support for retina screen
      • Improve UI
      • Add option for killing old Seafile instance when starting a new one
      • Add experimental support for HiDPI screen on Windows and Linux
      • Showing shared from for private shared libraries
      • Use API token v2 for shibbloeth login
      • [fix] Fix some bugs in uploading file from cloud file browser
      • fix a bug of uploading directory from cloud file browser (pro version)
      "},{"location":"changelog/client-changelog/#410-beta-20150129","title":"4.1.0 beta (2015/01/29)","text":"
      • Add support for HDPI screen by using QT5
      • [win] Add context menu for generating share link
      • Enable changing of interface language
      • Make http syncing the default option (will fall back to non-http sync automatically if the server does not support it)
      • [fix] Fix a problem in handling long path in Windows
      "},{"location":"changelog/client-changelog/#40","title":"4.0","text":""},{"location":"changelog/client-changelog/#407-20150122","title":"4.0.7 (2015/01/22)","text":"
      • [win] support for file path greater than 260 characters.

      In the old version, you will sometimes see strange directory such as \"Documents~1\" synced to the server, this because the old version did not handle long path correctly.

      "},{"location":"changelog/client-changelog/#406-20150109","title":"4.0.6 (2015/01/09)","text":"
      • [fix] Fix a timeout problem during file syncing (Which also cause program crash sometimes).
      "},{"location":"changelog/client-changelog/#405-20141224","title":"4.0.5 (2014/12/24)","text":"
      • [mac] More on fixing mac syncing problem
      • [linux, mac] Do not ignore files with invalid name in Windows
      • [fix] Fix \"sync now\"
      • [fix] Handle network problems during first time sync
      • [file browser] Support create folders
      • [file browser] Improve interface
      • [file browser] Support multiple file selection and operation
      "},{"location":"changelog/client-changelog/#404-20141215","title":"4.0.4 (2014/12/15)","text":"
      • [mac] Fix a syncing problem when library name contains \"\u00e8\" characters
      • [windows] Gracefully handle file lock issue.

      In the previous version, when you open an office file in Windows, it is locked by the operating system. If another person modify this file in another computer, the syncing will be stopped until you close the locked file. In this new version, the syncing process will continue. The locked file will not be synced to local computer, but other files will not be affected.

      "},{"location":"changelog/client-changelog/#403-20141203","title":"4.0.3 (2014/12/03)","text":"
      • [mac] Fix a syncing problem when library name contains \"\u00e8\" characters
      • [fix] Fix another bug in syncing with HTTP protocol
      "},{"location":"changelog/client-changelog/#402-20141129","title":"4.0.2 (2014/11/29)","text":"
      • [fix] Fix bugs in syncing with HTTP protocol
      "},{"location":"changelog/client-changelog/#401-20141118","title":"4.0.1 (2014/11/18)","text":"
      • [fix] Fix crash problem
      "},{"location":"changelog/client-changelog/#400-20141110","title":"4.0.0 (2014/11/10)","text":"
      • Add http syncing support
      • Add cloud file browser
      "},{"location":"changelog/client-changelog/#31","title":"3.1","text":""},{"location":"changelog/client-changelog/#3112-20141201","title":"3.1.12 (2014/12/01)","text":"
      • [fix] Fix a syncing problem for files larger than 100MB.
      "},{"location":"changelog/client-changelog/#3111-20141115","title":"3.1.11 (2014/11/15)","text":"
      • [fix] Fix \"sometimes deleted folder reappearing problem\" on Windows.

      You have to update all the clients in all the PCs. If one PC does not use the v3.1.11, when the \"deleting folder\" information synced to this PC, it will fail to delete the folder completely. And the folder will be synced back to other PCs. So other PCs will see the folder reappear again.

      "},{"location":"changelog/client-changelog/#3110-20141113","title":"3.1.10 (2014/11/13)","text":"
      • [fix] Fix conflict problem when rename the case of a folder
      • [fix] Improve the deleted folder reappearing problem if it contains ignored files
      • [fix] Add \"resync\" action
      "},{"location":"changelog/client-changelog/#318-20141028","title":"3.1.8 (2014/10/28)","text":"
      • Better support read-only sync. Now local changes will be ignored.
      • [mac,fix] Fix detection of local changes.
      "},{"location":"changelog/client-changelog/#317-20140928","title":"3.1.7 (2014/09/28)","text":"
      • [fix] Fix another not sync problem when adding a big file (>100M) and several other files.
      "},{"location":"changelog/client-changelog/#316-20140919","title":"3.1.6 (2014/09/19)","text":"
      • Add option to sync MSOffice/Libreoffice template files
      • Add back choosing the \"Seafile\" directory when install Seafile client.
      • Add option to change the address of a server
      • Add menu item for open logs directory
      • [mac] Add option for hide dock icon
      • Show read-only icon for read-only libraries
      • Show detailed information if SSL certification is not valid
      • Do not show \"Seafile was closed unexpectedly\" message when turning down of Windows
      • Don't refresh libraries/starred files when the window is not visible
      • Move local file to conflict file when syncing with existing folder
      • Add more log information when file conflicts happen
      • [fix] Fix sync error when deleting all files in a library
      • [fix] Fix not sync problem when adding a big file (>100M) and several small files together.
      • [fix] Fix Windows client doesn't save advanced settings
      "},{"location":"changelog/client-changelog/#315-20140814","title":"3.1.5 (2014/08/14)","text":"
      • Do not ignore libreoffice lock files
      • [fix] Fix possible crash when network condition is not good.
      • [fix] Fix problem in syncing a large library with an existing folder
      • Add option \"do not unsync a library even it is deleted in the server\"
      • [mac] upgrade bundled openssl to 1.0.1i
      • [mac] remove unused ossp-uuid dependency
      • [mac] fix code sign issue under OSX 10.10
      "},{"location":"changelog/client-changelog/#314-20140805","title":"3.1.4 (2014/08/05)","text":"
      • [fix, mac] Fix case conflict problem under Mac
      "},{"location":"changelog/client-changelog/#313-20140804","title":"3.1.3 (2014/08/04)","text":"
      • [fix] Fix showing bubble
      • [mac] More UI improvements
      • Do not ignore 'TMP', 'tmp' files
      "},{"location":"changelog/client-changelog/#312-20140801","title":"3.1.2 (2014/08/01)","text":"
      • Do not show rotate icon when checking update for a library
      • Do not show activity tab if server not supported
      • [mac] show unread messages tray icon on Mac
      • [mac] Improve UI for Mac
      • [fix] Support rename files from upper case to lower case or vice versa.
      "},{"location":"changelog/client-changelog/#311-20140728","title":"3.1.1 (2014/07/28)","text":"
      • [win] Fix crash problems
      • [win] Fix interface freeze problem when restoring the window from the minimized state
      • Remove the need of selecting Seafile directory
      "},{"location":"changelog/client-changelog/#310-20140724","title":"3.1.0 (2014/07/24)","text":"
      • Add starred files and activity history
      • Notification on unread messages
      • Improve icons for Retina screen
      • Load and show avatar from server
      • Use new and better icons
      "},{"location":"changelog/client-changelog/#30","title":"3.0","text":""},{"location":"changelog/client-changelog/#304","title":"3.0.4","text":"
      • [fix] Fix a syncing bug
      "},{"location":"changelog/client-changelog/#303","title":"3.0.3","text":"
      • [fix] Fix syncing problem when update from version 2.x
      • [fix] Fix UI when syncing an encrypted library
      "},{"location":"changelog/client-changelog/#302","title":"3.0.2","text":"
      • [fix] Fix a syncing issue.
      "},{"location":"changelog/client-changelog/#301","title":"3.0.1","text":"
      • Improved ssl check
      • Imporved ui of sync library dialog
      • Send device name to the server
      • [fix] Fixed system shutdown problem
      • [fix] Fixed duplicate entries in recently updated libraries list
      • Remove ongoing library download tasks when removing an account
      • Updated translation
      • [fix] Fix file ID calculation
      "},{"location":"changelog/client-changelog/#300","title":"3.0.0","text":"
      • Adjust settings dialog hint text size
      • Improved login dialog
      "},{"location":"changelog/client-changelog/#22","title":"2.2","text":""},{"location":"changelog/client-changelog/#220","title":"2.2.0","text":"
      • Add check for the validity of servers' SSL Certification
      "},{"location":"changelog/client-changelog/#21","title":"2.1","text":""},{"location":"changelog/client-changelog/#212","title":"2.1.2","text":"
      • Show proper error message when failed to login
      • Show an error message in the main window when failed to get libraries list
      • Open seahub in browser when clicking the account url
      • Add an option \"Do not automatically unsync a library\"
      • Improve sync status icons for libraries
      • Show correct repo sync status icon even if global auto sync is turned off
      • Show more useful notification than \"Auto merge by system\" when conflicts were merged
      "},{"location":"changelog/client-changelog/#211","title":"2.1.1","text":"
      • Make the main window resizable
      • [windows] Improved tray icons
      • Show detailed network error when login failed
      • Show sub-libraries
      • [windows] Use the name of the default library as the name of the virtual disk
      "},{"location":"changelog/client-changelog/#210","title":"2.1.0","text":"
      • Redesigned the UI of the main window
      • [windows] Download the default library, and creates a virtual disk for it in \"My Computer\"
      • Support drag and drop a folder to sync
      • Automatically check for new version on startup
      • Support of file syncing from both inside and outside the LAN
      • [fix] Fix a bug of clicking the tray icon during initialization
      • [fix] fixed a few bugs in merge and handling of empty folders
      • [mac] Fixed the alignment in settings dialog
      "},{"location":"changelog/client-changelog/#20","title":"2.0","text":""},{"location":"changelog/client-changelog/#208","title":"2.0.8","text":"
      • [fix] Fix UI freeze problem during file syncing
      • Improve syncing speed (More improvements will be carried out in our next version)
      "},{"location":"changelog/client-changelog/#207-dont-use-it","title":"2.0.7 (Don't use it)","text":"

      Note: This version contains a bug that you can't login into your private servers.

      • [fix] Fix a bug which may lead to crash when exiting client
      • show library download progress in the library list
      • add official server addresses to the login dialog
      • improve library sync status icons
      • [windows] use the same tray icon for all windows version later than Vista
      • translate the bubble notification details to Chinese
      "},{"location":"changelog/client-changelog/#206","title":"2.0.6","text":"
      • [windows] Fix handling daylight saving time
      • Improve library details dialog
      • [fix] Fix a bug in api request
      • Improve the handling of \"Organization\" libraries
      • [fix] Fix the settings of upload/download rate limit
      • [fix] Update French/German translations
      • [cli] Support the new encryption scheme
      "},{"location":"changelog/client-changelog/#205","title":"2.0.5","text":"
      • Improve UI
      • Fix a bug in French translation
      "},{"location":"changelog/client-changelog/#204","title":"2.0.4","text":"
      • Improve memory usage during syncing
      • [windows] Change system tray icons
      • [windows] Hide seafile-data under Seafile folder
      • [fix] Fix remember main window's location
      • Improve the dialog for adding account
      • Add setting for showing main windows on seafile start up
      • Open local folder when double click on a library
      • Show warning dialog when login to a server with untrusted ssl certification
      "},{"location":"changelog/client-changelog/#203","title":"2.0.3","text":"
      • sync empty folder
      • support seafile crypto v2
      • show warning in system tray when some servers not connected
      • add German/French/Hungarian translations
      • change system tray icons for Windows
      • show \"recent updated libraries\"
      • reduce cpu usage
      • [fix] fixed a bug when login with password containing characters like \"+\" \"#\"
      • ask the user about untrusted ssl certs when login
      • add Edit->Settings and \"view online help\" menu item
      "},{"location":"changelog/client-changelog/#202","title":"2.0.2","text":"
      • [fix] Fix compatibility with server v1.8
      • [fix] the bug of closing the settings dialog
      • Add Chinese translation
      • Show error detail when login failed
      • Remember main window position and size
      • Improve library detail dialog
      • Add unsync a library
      "},{"location":"changelog/client-changelog/#200","title":"2.0.0","text":"
      • Re-implement GUI with Qt
      "},{"location":"changelog/client-changelog/#18","title":"1.8","text":"

      1.8.1

      • [bugfix] Fix a bug in indexing files

      1.8.0

      • [bugfix] Skip chunking error
      • Improve local web interface
      • Remove link to official Seafile server
      • Ignore all temporary files created by Microsoft Office
      • Add French and Slovak translation
      "},{"location":"changelog/client-changelog/#17","title":"1.7","text":"

      1.7.3

      • [bugfix] Fix a small syncing bug.

      1.7.2

      • [bugfix] Fix a bug in un-syncing library. https://github.com/haiwen/seafile/issues/270

      1.7.1

      • [win] Fix selecting of Seafile directory

      1.7.0

      • [win] Enable selecting of Seafile directory
      • Enable setting of upload/download speed
      • Use encrypted transfer by default
      • Support ignore certain files by seafile-ignore.txt
      "},{"location":"changelog/client-changelog/#16","title":"1.6","text":"

      1.6.2

      • [bugfix,mac] Fix a bug in supporting directory names with accents

      1.6.1

      • [bugfix] Prevent running of multiple seaf-daemon instance
      • Improve the efficiency of start-up GC for libraries in merge stage
      • [mac,win] Handle case-conflict files by renaming

      1.6.0

      • [linux,mac] Support symbolic links
      • [seaf-cli] clean logs
      • Do not re-download file blocks when restart Seafile during file syncing
      • [bugfix] Fix treating files as deleted when failed to create it due to reasons like disk full.
      • [bugfix] Fix several bugs when shutdown Seafile during some syncing operation.
      "},{"location":"changelog/client-changelog/#15","title":"1.5","text":"

      1.5.3

      • Log the version of seafile client when start-up.
      • [bugfix] Fix a bug when simultaneously creating an empty folder with same name in server and client.
      • [bugfix] Always use IPv4 address to connect a server.

      1.5.2

      • [bug] Fix a memory-access bug when showing \"Auto merge by seafile system\" in bubble

      1.5.1

      • [seaf-cli] Fix a bug in initializing the config dir.
      • [bugfix] Improve the robustness of DNS looking-up. Use standard DNS looking-up instead of libevent's non-blocking version.

      1.5.0

      • Add Seaf-cli
      • Check the correctness of password in the beginning of downloading a encrypted library.
      • Show detailed information in bubble
      • Enable change the server's address in the client
      • [linux] Do not popup the browser when start up
      • Remove seafile-web.log
      "},{"location":"changelog/drive-client-changelog/","title":"SeaDrive Client Changelog","text":""},{"location":"changelog/drive-client-changelog/#3011-20240910","title":"3.0.11 (2024/09/10)","text":"
      • [win] Reuse cache folder when resync account
      • [win] Don't download files with case conflicts in file names
      • [mac] Remove local library metadata when deleting account
      • [mac] Support uploading app package files
      • [mac] Support latest TLS protocol
      • [mac] Fix crash when first start on Apple Silicon
      • [mac] Fix sync issue when creating a new folder and putting files into it
      • Use usernames as suffix for conflict files, instead of emails
      "},{"location":"changelog/drive-client-changelog/#3010-20240618","title":"3.0.10 (2024/06/18)","text":"
      • [mac] Fix support for using mulitple accounts after macOS 14.4
      • Support accessing libraries with cloud-only sub-folders
      • Support username and password for SOCKS5 proxy
      • Record sync error when fail to download file
      "},{"location":"changelog/drive-client-changelog/#309-20240425","title":"3.0.9 (2024/04/25)","text":"
      • Improve handling of exceptional file/folder operations, e.g. creating files in root folder, read-only folders
      • Fixed some crash issues
      • [mac] Hide \"Do not sync\" menu item from context menu
      • [mac] Improved tray icon
      • [mac] Improved mechanism for preventing more than one seadrive file provider processes from running
      "},{"location":"changelog/drive-client-changelog/#308-20240221","title":"3.0.8 (2024/02/21)","text":"
      • Support Single-Sign-On with desktop browser
      • [win] Delete invalid placeholders when re-login to an account
      • [mac] Adjust the color and size of icons in system tray area
      • [mac] Upload file execution permission
      • [mac] Keep messages in notification area
      • [mac] Fix some syncing issues
      "},{"location":"changelog/drive-client-changelog/#307-20231204","title":"3.0.7 (2023/12/04)","text":"
      • Support accessing libraries with invisible sub-folder permissions
      • [mac] Don't remove cache folders when removing accounts
      • [mac] Always start extension when restarting the SeaDrive app
      • [win] Avoid a case that can create empty commits
      • [win] Make modifying cache location work again
      • Use system proxy settings by default
      "},{"location":"changelog/drive-client-changelog/#306-20230915","title":"3.0.6 (2023/09/15)","text":"
      • [win] Upgrade Qt to 6.5.2 and OpenSSL 3.0
      • [win] Add a tip that re-syncing an account will create a new sync root folder
      • [mac] Fix a bug that uncaching a file will make it 0-sized
      "},{"location":"changelog/drive-client-changelog/#305-20230815","title":"3.0.5 (2023/08/15)","text":"
      • [win] Fix thumbnail orientation issue
      • [mac] Add confirmation when move/copy files into root or category folders
      • [mac] Fix unix socket name too long issue
      • Fix bug when removing folder group permissions when notification server is used
      • Support some new errors returned by newer servers
      "},{"location":"changelog/drive-client-changelog/#304-20230610","title":"3.0.4 (2023/06/10)","text":"
      • [mac] Fix crash bug when adding new account
      • [mac] Fix crash bug of GUI due to file descriptor leakage
      • Fix status icon display issue
      "},{"location":"changelog/drive-client-changelog/#303-20230525","title":"3.0.3 (2023/05/25)","text":"
      • [win] Support image thumbnails
      • [win] Add resync account function, to help fix invalid placeholder issues
      • [win] Remove entry in explorer when remove an account
      • [win] Only convert file to placeholder after it's uploaded
      • [win] Fix a bug that opening a file returns all zeros
      • [win] Fix a bug that syncing doesn't work when restart SeaDrive with no network connection
      • [win] Fix seafile_ext64.dll permission
      • Require user confirmation when deleting a library
      • Always display \"File Sync Errors\" menu item in system tray icon menu
      • [mac] (Beta) Provide native Apple Silicon binary
      • [mac] (Beta) Upgrade Qt to 6.2.4
      • [mac] (Beta) Fix a bug that after downloading file with web browser to SeaDrive, file modification time becomes 1970.
      • [mac] (Beta) Add more actions to right-click menu in Finder
      "},{"location":"changelog/drive-client-changelog/#302-beta-20230324","title":"3.0.2 Beta (2023/03/24)","text":"
      • [mac] Use File Provider API to implement virtual drive
      • Allow syncing multiple accounts at the same time
      • Support notification server, which makes library and locked files update more timely
      "},{"location":"changelog/drive-client-changelog/#2027-for-windows-20230324","title":"2.0.27 for Windows (2023/03/24)","text":"
      • [win] Update app signing certificate
      • [win] Fix a potential crash issue
      "},{"location":"changelog/drive-client-changelog/#2026-20221228","title":"2.0.26 (2022/12/28)","text":"
      • Ask for user confirmation when deleting more than 500 files at once
      "},{"location":"changelog/drive-client-changelog/#2025-windows-20221203","title":"2.0.25 (Windows) (2022/12/03)","text":"
      • Disable removing invalid placeholders logic, to avoid mistakenly removing placeholders
      • Fix a crash issue when fails to register sync root
      • Avoid a potential case where empty commits are created
      "},{"location":"changelog/drive-client-changelog/#2024-windows-20221114","title":"2.0.24 (Windows) (2022/11/14)","text":"
      • Add events.log for debugging local file changes
      • Remove invalid placeholders after re-login (when corresponsiding files were removed on server)
      • Resume creating placehooders when the first sync process was interrupted
      "},{"location":"changelog/drive-client-changelog/#2024-macos-20221109","title":"2.0.24 (macOS) (2022/11/09)","text":"
      • Support macOS 13
      "},{"location":"changelog/drive-client-changelog/#2023-20220818","title":"2.0.23 (2022/08/18)","text":"
      • [Win] Fix problems when renaming libraries in the client
      "},{"location":"changelog/drive-client-changelog/#2022-20220623","title":"2.0.22 (2022/06/23)","text":"
      • [Win] Fix a placeholder size not updated issue.
      • Improving moving files/folders with special characters in names
      • [Linux] Fix CMake error
      "},{"location":"changelog/drive-client-changelog/#2021-windows-20220321","title":"2.0.21 (Windows) (2022/03/21)","text":"
      • Don't remove cache folder when logout and remove account, to prevent unintended removal of files.
      • Disallow changing cases for library names.
      • Retry when failed to convert a file/folder to placeholder.
      "},{"location":"changelog/drive-client-changelog/#2020-20220304","title":"2.0.20 (2022/03/04)","text":"
      • [Win] Avoid creating empty change records
      • [Win] Fix a bug in cache cleaning: Don't clean files not uploaded yet.
      • Support cache path that contains empty spaces
      • Improve a few permission error messages
      • Show errors when fails to create share links or upload links
      • Support compiling with Qt 6.2
      "},{"location":"changelog/drive-client-changelog/#2019-windows-20211229","title":"2.0.19 (Windows) (2021/12/29)","text":"
      • Ignore timestamp changes to .eml files
      • Unregister sync root when user choose to remove account data in uninstallation
      "},{"location":"changelog/drive-client-changelog/#2018-macos-20211029","title":"2.0.18 (macOS) (2021/10/29)","text":"
      • Add support for macOS 12
      "},{"location":"changelog/drive-client-changelog/#2018-windows-20211026","title":"2.0.18 (Windows) (2021/10/26)","text":"
      • Improve library loading speed on restart
      "},{"location":"changelog/drive-client-changelog/#2017-20210930","title":"2.0.17 (2021/09/30)","text":"
      • [Win] Fix unable to rename libraries
      • [Win] Avoid repetitively removing and re-downloading libraries in some rare cases
      • [Win] Add notification when all libraries are loaded on restart
      • [Win] Fix bug when a library is both shared personally and to a group
      "},{"location":"changelog/drive-client-changelog/#2016-2021813","title":"2.0.16 (2021/8/13)","text":"
      • [Win] Fix failure to delete placeholder files
      • [Win] Fix failure to create placeholder files when there are duplicate file names with different cases
      • Set Content-Type header in http requests
      "},{"location":"changelog/drive-client-changelog/#2015-2021720","title":"2.0.15 (2021/7/20)","text":"
      • [Win] Fix wrong status icon after a folder is moved to another library
      • [Win] Fix one more potential isssue that can cause \"cloud operation invalid\" error
      • [Win] Fix pinning a file in device
      • [Win] Pop-up notifications when a folder is moved to the category folder
      • [Linux] Fix build with latest GLib
      "},{"location":"changelog/drive-client-changelog/#2014-2021526","title":"2.0.14 (2021/5/26)","text":"
      • [Win] Fix crash issue when have multiple accounts with the same user names
      • [Win] Fix potential \"cloud operation invalid\" error when downloading a file
      • [Win] Avoid creating unwanted conflict files on restart
      • [Win] Handle renaming of invalid folder name
      • [Win] Support auto cleaning cache space
      • [Win,Mac] Support \"seafile://\" protocol for opening file with client
      • Report nicer error message when a library is too large to sync
      "},{"location":"changelog/drive-client-changelog/#2013-2021323","title":"2.0.13 (2021/3/23)","text":"
      • [Win] Fix crash issue when multiple accounts with the same name are used
      • [Win] Improve download speed for large files
      • [Win] Improvement and bug fixes for context menu
      • [Win] A few UI fixes
      • [Win] Support preconfigure cache folder location
      • [Mac] Fix bug for cleaning cached file/folder
      "},{"location":"changelog/drive-client-changelog/#2012-2021129","title":"2.0.12 (2021/1/29)","text":"
      • [Win] Fix crash issue when repeatedly download and cancel download some files
      • [Win] Fix some cases for creating unexpected conflict files
      • [Win] Automatically download new files for pinned folders
      • Don't create commits for read-only libraries. Avoid unexpected permission errors.
      • [Win] Add user names to the shortcut in File Explorer
      • [Win] Pop notifications when files are created in a category folder
      • [Win] Make the columns in transfer progress dialog resizable
      "},{"location":"changelog/drive-client-changelog/#2010-20201229","title":"2.0.10 (2020/12/29)","text":"
      • [Win] Add context menu
      • [Mac] Support Apple Silicon M1 CPU
      • [Linux] Unmount on exit
      "},{"location":"changelog/drive-client-changelog/#209-20201120","title":"2.0.9 (2020/11/20)","text":"
      • [Mac] Fix failure to load kernel extension on macOS 11 Big Sur
      "},{"location":"changelog/drive-client-changelog/#208-20201114","title":"2.0.8 (2020/11/14)","text":"
      • [Mac] Support macOS 11
      • [Win] Fix moving multiple files/folders across different folders
      "},{"location":"changelog/drive-client-changelog/#207-20201031","title":"2.0.7 (2020/10/31)","text":"
      • [Win] Avoid unintended file deletions when removing seafile account
      • [Mac] Fix some application compatibility issues caused by extended file attributes handling
      "},{"location":"changelog/drive-client-changelog/#206-20200924","title":"2.0.6 (2020/09/24)","text":"
      • [Win] Remove invalid characters from sync root folder name
      • [Win] Increase request timeout for rename library, delete library, create library, move folders
      • [Win] Avoid creating redundant sync root folders on restart
      • [Win] Support pre-configuration registry keys
      "},{"location":"changelog/drive-client-changelog/#1012-20200825","title":"1.0.12 (2020/08/25)","text":"
      • Fix occasional \"permission denied\" error when syncing a library
      "},{"location":"changelog/drive-client-changelog/#205-20200730","title":"2.0.5 (2020/07/30)","text":"
      • Fix occasional \"permission denied\" error when syncing a library
      • [Win] Remove explorer shortcut when uninstall SeaDrive or change cache folder location
      "},{"location":"changelog/drive-client-changelog/#204-20200713","title":"2.0.4 (2020/07/13)","text":"
      • [Win] Use username for cache folder name instead of a hash value
      • [Win] Retry download files when pinning a folder
      • [Win] Retry rename category folder when switching language
      • [Win] Only allow install on Windows 10 1709 or later
      • [Mac] Disable \"search in Finder\" option
      • Fix tray icon sync error status
      "},{"location":"changelog/drive-client-changelog/#203-20200617","title":"2.0.3 (2020/06/17)","text":"
      • [Win] Fix crash on Windows 10 1709 - 1803
      • [Win] Show SeaDrive shortcut when opening files in 32-bit applications (e.g. Word)
      • [Win] Avoid creating unnecessary conflict files
      • [Win] Improve error message of opening placeholder files when SeaDrive is not running
      • [Win] Support removing account information when uninstall
      "},{"location":"changelog/drive-client-changelog/#202-20200523","title":"2.0.2 (2020/05/23)","text":"
      • [Mac] Support syncing encrypted libraries
      • [Win] Support change cache location
      • [Win] Improve account switching behaviors
      • [Win] Other bug fixes
      "},{"location":"changelog/drive-client-changelog/#201-for-windows-20200413","title":"2.0.1 for Windows (2020/04/13)","text":"
      • Fix issues when switching languages
      • Fix issues for legacy Windows \"8.3 format\" paths
      • Improve speed of creating placeholders
      • Don't add SeaDrive cache folder to Windows search index
      • Use short hash instead of \"servername_account\" for cache folder name
      • Prevent the old Explorer extension from calling new SeaDrive (avoiding high CPU usage)
      • Fix small issues in encrypted library support
      • Change installation location from \"Seafile Ltd\" to \"Seafile\"
      • Add SeaDrive entry to Windows start menu
      • Change \"seadrive\" to \"SeaDrive\" in Explorer navigation pane
      • Fix SSO re-login failure
      "},{"location":"changelog/drive-client-changelog/#200-for-windows-20200320","title":"2.0.0 for Windows (2020/03/20)","text":"
      • Use Windows 10 native API to implement the virtual drive
      • Support syncing encrypted libraries
      "},{"location":"changelog/drive-client-changelog/#1011-20200207","title":"1.0.11 (2020/02/07)","text":"
      • Fix a bug that logout and login will lead to file deletion
      • [mac] Fix a bug in SSO
      "},{"location":"changelog/drive-client-changelog/#1010-20191223","title":"1.0.10 (2019/12/23)","text":"
      • Fix a bug that sometimes SeaDrive is empty when network unavailable
      • Fix generating too many tokens when library downloading failed
      • Fix sometimes files should be ignored are uploaded
      • Automatically re-sync a library if local metadata is broken
      • [mac] Add support for MacOS 10.15
      • [mac] Drop support for MacOS 10.12
      "},{"location":"changelog/drive-client-changelog/#108-20191105","title":"1.0.8 (2019/11/05)","text":"
      • Support French and Germany language for top level folder name
      • Fix a compatible issue with Excel
      • Fix a problem in cleaning local cache
      • Support delete library in category My Libraries
      • Ignore .fuse_hidden file in Mac
      • Rotate seadrive.log
      "},{"location":"changelog/drive-client-changelog/#107-20190821","title":"1.0.7 (2019/08/21)","text":"
      • [mac] Improve finder extension
      "},{"location":"changelog/drive-client-changelog/#106-20190701","title":"1.0.6 (2019/07/01)","text":"
      • [fix, win] Fix a problem when uninstall or upgrade the drive client when the client is running.
      • [fix] Fix a crash problem when file path containing invalid character
      "},{"location":"changelog/drive-client-changelog/#105-20190611","title":"1.0.5 (2019/06/11)","text":"
      • [fix] Fix lots of \"Creating partial commit after adding\" in the log
      • [fix] Fix permission at the client is wrong when a library shared to different groups with different permissions
      • [fix] Don't show libraries with online preview or online read-write permission
      • [mac] Add Mac Finder preview plugin to prevent automatically downloading of files
      "},{"location":"changelog/drive-client-changelog/#104-20190423","title":"1.0.4 (2019/04/23)","text":"
      • [fix] Fix file locking
      • [fix] Fix support of detecting pro edition when first time login
      • Support Kerberos authentication
      "},{"location":"changelog/drive-client-changelog/#103-20190318","title":"1.0.3 (2019/03/18)","text":"
      • [fix] Fix copy folders with properties into SeaDrive
      • [fix] Fix a possible crash bug when listing libraries
      "},{"location":"changelog/drive-client-changelog/#101-20190114","title":"1.0.1 (2019/01/14)","text":"
      • Update included Dokany drive
      • Improve notification when user try to delete a library in the client
      • [fix] Fix getting internal link for folders
      • [fix] Fix problem after changing the cache directory
      • [fix] Fix support for guest users that have no storage capacity
      • [fix] Fix timeout when loading a library with a lot of files
      "},{"location":"changelog/drive-client-changelog/#100-20181119","title":"1.0.0 (2018/11/19)","text":"
      • [fix] Allow a guest user to copy files into shared library
      • Support pause sync
      • [win] Add option to only allow current user to view the virtual disk
      • [win] Don't let the Windows to search into the internal cache folder
      • [win] Install the explorer extension to system path to allow multiple users to use the extension
      • [mac] Add option to allow search in Finder (disabled by default)
      • [mac] Update kernel drive to support Mac Mojave
      • [mac] Support office file automatically lock
      "},{"location":"changelog/drive-client-changelog/#095-20180910","title":"0.9.5 (2018/09/10)","text":"
      • [fix, win] Fix support for some SSL CA
      • Redirect to https if user accidentally input server's address with http but the server is actually use http
      • [fix, win] Show a tooltip that the Windows system maybe rebooted during upgrading drive client
      • [fix, mac] Fix permission problems during installation on Mac 10.13+
      "},{"location":"changelog/drive-client-changelog/#094-20180818","title":"0.9.4 (2018/08/18)","text":"
      • [win] No longer depends on .Net framework
      • [mac] Support file search in Finder
      • [win] Fix loading of HTTPS certifications
      "},{"location":"changelog/drive-client-changelog/#093-20180619","title":"0.9.3 (2018/06/19)","text":"
      • [win] Show syncing status at the top level folders
      • [fix] Fix sometimes logout/login lead to empty drive folder
      • Support change cache folder
      • Add \"open file/open folder\" in search window
      • Set automatically login to true in SSO mode
      • [mac] Fix compatibility with AirDrop
      "},{"location":"changelog/drive-client-changelog/#092-20180505","title":"0.9.2 (2018/05/05)","text":"
      • Fix a bug that causing SeaDrive crash
      "},{"location":"changelog/drive-client-changelog/#091-20180424","title":"0.9.1 (2018/04/24)","text":"
      • Fix a bug that causing crash when file search menu is clicked
      "},{"location":"changelog/drive-client-changelog/#090-20180424","title":"0.9.0 (2018/04/24)","text":"
      • Libraries are displayed under three folders \"My Libraries\", \"Group Libraries\", \"Shared libraries\"
      • [fix] Fix a bug in cleaning cache
      • [win] Update the kernel drive
      • Improve syncing notification messages
      • [mac] Include the kernel drive with the SeaDrive package
      • [mac] Add Finder sidebar shortcut
      • Add file search
      "},{"location":"changelog/drive-client-changelog/#086-20180319","title":"0.8.6 (2018/03/19)","text":"
      • [fix] Fix compatibility with Visio and other applications by implementing a missing system API
      "},{"location":"changelog/drive-client-changelog/#085-20180103","title":"0.8.5 (2018/01/03)","text":"
      • [fix] Fix SeaDrive over RDP in Windows 10/7
      • [fix] Fix SeaDrive shell extension memory leak
      • [fix] Fix duplicated folder/files shown in Finder.app (macOS)
      • [fix] Fix file cache status icon for MacOS
      "},{"location":"changelog/drive-client-changelog/#084-20171201","title":"0.8.4 (2017/12/01)","text":"
      • [fix] Fix Word/Excel files can't be saved in Windows 10
      • Add \"download\" context menu to explicitly download a file
      • Change \"Shibboleth\" to \"Single Sign On\"
      "},{"location":"changelog/drive-client-changelog/#083-20171124","title":"0.8.3 (2017/11/24)","text":"
      • [fix] Fix deleted folder recreated issue
      • Improve UI of downloading/uploading list dialog
      "},{"location":"changelog/drive-client-changelog/#081-20171103","title":"0.8.1 (2017/11/03)","text":"
      • Use \"REMOVABLE\" when mount the drive disk
      • Prevent creating \"System Volume Information\"
      • Some UI fixes
      "},{"location":"changelog/drive-client-changelog/#080-20170916","title":"0.8.0 (2017/09/16)","text":"
      • [fix] Reuse old drive letter after SeaDrive crash
      • [fix] Fix rename library back to old name when it is changed in the server
      • [fix] Fix sometimes network can not reconnected after network down
      • Change default block size to 8MB
      • Make auto-login as default
      • Remount SeaDrive when it is unmounted after Windows hibernate
      "},{"location":"changelog/drive-client-changelog/#071-20170623","title":"0.7.1 (2017/06/23)","text":"
      • [fix] Fix a bug that causing client crash
      "},{"location":"changelog/drive-client-changelog/#070-20170607","title":"0.7.0 (2017/06/07)","text":"
      • Add support for multi-users using SeaDrive on a single desktop. But different users must choose different drive letters.
      • Improve write performance
      • [fix] When a non-cached file is locked in the server, the \"lock\" icon will be shown instead of the \"cloud\" icon.
      • Add \"automatically login\" option in login dialog
      • Add file transfer status dialog.
      "},{"location":"changelog/drive-client-changelog/#062-20170422","title":"0.6.2 (2017/04/22)","text":"
      • [fix] Fix after moving a file to a newly created sub folder, the file reappear when logout and login
      • Refresh current folder and the destination folder after moving files from one library to another library
      • [fix] Fix file locking not work
      • [fix] Fix sometimes files can't be saved
      "},{"location":"changelog/drive-client-changelog/#061-20170327","title":"0.6.1 (2017/03/27)","text":"
      • [fix] Don't show a popup notification to state that a file can't be created in S: because a few programs will automatically try to create files in S:
      "},{"location":"changelog/drive-client-changelog/#060-20170325","title":"0.6.0 (2017/03/25)","text":"
      • Improve syncing status icons
      • Show error in the interface when there are syncing errors
      • Don't show rorate icon when downloading/uploading metadata
      • [fix] Don't download files when the network is not connected
      "},{"location":"changelog/drive-client-changelog/#052-20170309","title":"0.5.2 (2017/03/09)","text":"
      • [fix] Rename a non-cached folder or file will lead to sync error.
      "},{"location":"changelog/drive-client-changelog/#051-20170216","title":"0.5.1 (2017/02/16)","text":"
      • [fix] Fix copying exe files to SeaDrive on Win 7 will freeze the explorer
      • The mounted drive is only visible to the current user
      • Add popup notification when syncing is done
      • [fix] Fix any change in the settings leads to a drive letter change
      "},{"location":"changelog/drive-client-changelog/#050-20170118","title":"0.5.0 (2017/01/18)","text":"
      • Improve stability
      • Support file locking
      • Support sub-folder permission
      • [fix] Fix 1TB limitation
      • User can choose disk letter in settings dialog
      • Support remote wipe
      • [fix] Use proxy server when login
      • Click system tray icon open SeaDrive folder
      • Support application auto-upgrade
      "},{"location":"changelog/drive-client-changelog/#042-20161216","title":"0.4.2 (2016/12/16)","text":"
      • [fix] Fix SeaDrive initialization error during Windows startup
      "},{"location":"changelog/drive-client-changelog/#041-20161107","title":"0.4.1 (2016/11/07)","text":"
      • [fix] Fix a bug that lead to empty S: drive after installation.
      "},{"location":"changelog/drive-client-changelog/#040-20161105","title":"0.4.0 (2016/11/05)","text":"
      • [fix] Fix a bug that leads to generation of conflict files when editing
      • Add translations
      • Update included Dokany library to 1.0
      • Don't show encrypted libraries even in command line
      • Show permission error when copy a file to the root
      • Show permission error when try to modify a read-only folder
      • Show permission error when try to delete a folder in the root folder
      "},{"location":"changelog/drive-client-changelog/#031-20161022","title":"0.3.1 (2016/10/22)","text":"
      • Fix link for license terms
      • Use new system tray icon
      • Add notification for cross-libraries file move
      "},{"location":"changelog/drive-client-changelog/#030-20161014","title":"0.3.0 (2016/10/14)","text":"
      • Support selecting Drive letter
      • Don't create folders like msiS50.tmp on Windows
      • [fix] Fix cache size limit settings
      • Correctly show the storage space if the space is unlimited on the server side.
      "},{"location":"changelog/drive-client-changelog/#020-20160915","title":"0.2.0 (2016/09/15)","text":"
      • Add shibboleth support
      • Show a dialog notify the client is downloading file list from the server during initialisation
      • Show transfer rate
      • [fix] Fix a bug that lead to the file modification time to be empty
      • [fix] Fix a bug that lead to files not be uploaded
      "},{"location":"changelog/drive-client-changelog/#010-20160902","title":"0.1.0 (2016/09/02)","text":"
      • Initial release
      "},{"location":"changelog/server-changelog-old/","title":"Seafile Server Changelog (old)","text":""},{"location":"changelog/server-changelog-old/#50","title":"5.0","text":"

      Note when upgrade to 5.0 from 4.4

      You can follow the document on major upgrade (http://manual.seafile.com/deploy/upgrade.html) (url might deprecated)

      In Seafile 5.0, we have moved all config files to folder conf, including:

      • seahub_settings.py -> conf/seahub_settings.py
      • ccnet/ccnet.conf -> conf/ccnet.conf
      • seafile-data/seafile.conf -> conf/seafile.conf
      • [pro only] pro-data/seafevents.conf -> conf/seafevents.conf

      If you want to downgrade from v5.0 to v4.4, you should manually copy these files back to the original place, then run minor_upgrade.sh to upgrade symbolic links back to version 4.4.

      The 5.0 server is compatible with v4.4 and v4.3 desktop clients.

      Common issues (solved) when upgrading to v5.0:

      • DatabaseError after Upgrade to 5.0 https://github.com/haiwen/seafile/issues/1429#issuecomment-153695240
      "},{"location":"changelog/server-changelog-old/#505-20160302","title":"5.0.5 (2016.03.02)","text":"
      • Get name, institution, contact_email field from Shibboleth
      • [webdav] Don't show sub-libraries
      • Enable LOGIN_URL to be configured, user need to add LOGIN_URL to seahub_settings.py explicitly if deploy at non-root domain, e.g. LOGIN_URL = '//accounts/login/'.
      • Add ENABLE_USER_CREATE_ORG_REPO to enable/disable organization repo creation.
      • Change the Chinese translation of \"organization\"
      • Use GB/MB/KB instead of GiB/MiB/KiB in quota calculation and quota setting (1GB = 1000MB = 1,000,000KB)
      • Show detailed message if sharing a library failed.
      • [fix] Fix JPG Preview in IE11
      • [fix] Show \"out of quota\" instead of \"DERP\" in the case of out of quota when uploading files via web interface
      • [fix] Fix empty nickname during shibboleth login.
      • [fix] Fix default repo re-creation bug when web login after desktop.
      • [fix] Don't show sub-libraries at choose default library page, seafadmin page and save shared file to library page
      • [fix] Seafile server daemon: write PID file before connecting to database to avoid a problem when the database connection is slow
      • [fix] Don't redirect to old library page when restoring a folder in snapshot page
        • "},{"location":"changelog/server-changelog-old/#504-20160113","title":"5.0.4 (2016.01.13)","text":"
        • [fix] Fix unable to set a library to keep full history when the globally default keep_days is set.
        • [fix] Improve the performance of showing library trash
        • [fix] Improve share icon
        • Search user by name in case insensitive way
        • Show broken libraries in user's library page (so they can contact admin for help)
        • [fix] Fix cache for thumbnail in sharing link
        • [fix] Enable copy files from read-only shared libraries to other libraries
        • [fix] Open image gallery popup in grid view when clicking the thumbnail image
        "},{"location":"changelog/server-changelog-old/#503-20151217","title":"5.0.3 (2015.12.17)","text":"
        • [ui] Improve UI of all groups page
        • Don't allow sharing library to a non-existing user
        • [fix, admin] Fix deleting a library when the owner does not exist anymore
        • [fix] Keep file last modified time when copy files between libraries
        • Enable login via username in API
        • [ui] Improve markdown editor

        Improve seaf-fsck

        • Do not set \"repaired\" mark
        • Clean syncing tokens for repaired libraries so the user are forced to resync the library
        • Record broken file paths in the modification message

        Sharing link

        • Remember the \"password has been checked\" information in session instead of memcached
        • [security] Fix password check for visiting a file in password protected sharing link.
        • Show file last modified time
        • [fix] Fix image thumbnail in grid view
        • [ui] Improve UI of grid view mode
        "},{"location":"changelog/server-changelog-old/#502-20151204","title":"5.0.2 (2015.12.04)","text":"
        • [admin] Show the list of groups an user joined in user detail page
        • [admin] Add exporting user/group statistics into Excel file
        • Showing libraries list in \"All Groups\" page
        • Add importing group members from CSV file
        • [fix] Fix the performance problem in showing thumbnails in folder sharing link page
        • [fix] Clear cache when set user name via API
        • [fix, admin] Fix searching libraries by name when some libraries are broken
        "},{"location":"changelog/server-changelog-old/#501-beta-20151112","title":"5.0.1 beta (2015.11.12)","text":"
        • [fix] Fix start up parameters for seaf-fuse, seaf-server, seaf-fsck
        • Update Markdown editor and viewer. The update of the markdown editor and parser removed support for the Seafile-specific wiki syntax: Linking to other wikipages isn't possible anymore using [[ Pagename]].
        • Add tooltip in admin panel->library->Trash: \"libraries deleted 30 days before will be cleaned automatically\"
        • Include fixes in v4.4.6
        "},{"location":"changelog/server-changelog-old/#500-beta-20151103","title":"5.0.0 beta (2015.11.03)","text":"

        UI changes:

        • change most png icons to icon font
        • UI change of file history page
        • UI change of library history page
        • UI change of trash page
        • UI change of sharing link page
        • UI change of rename operation
        • Add grid view for folder sharing link
        • Don't open a new page when click the settings, trash and history icons in the library page
        • other small UI improvements

        Config changes:

        • Move all config files to folder conf
        • Add web UI to config the server. The config items are saved in database table (seahub-dab/constance_config). They have a higher priority over the items in config files.

        Trash:

        • A trash for every folder, showing deleted items in the folder and sub-folders. Others changes

        Admin:

        • Admin can see the file numbers of a library
        • Admin can disable the creation of encrypted library

        Security:

        • Change most GET requests to POST to increase security
        "},{"location":"changelog/server-changelog-old/#44","title":"4.4","text":""},{"location":"changelog/server-changelog-old/#446-20151109","title":"4.4.6 (2015.11.09)","text":"
        • [security] Fix a XSS problem in raw sharing link
        • [fix] Delete sharing links when deleting a library
        • [fix] Clean Seafile tables when deleting a library
        • [fix] Add tag to the link in upload folder email notification
        • [fix] Fix a bug in creating a library (after submit a wrong password, the submit button is no longer clickable)
          • "},{"location":"changelog/server-changelog-old/#445-20151031","title":"4.4.5 (2015.10.31)","text":"
          • [fix] Fix a bug in deleting sharing link in sharing dialog.
          "},{"location":"changelog/server-changelog-old/#444-20151027","title":"4.4.4 (2015.10.27)","text":"
          • [fix] Fix support for syncing old formatted libraries
          • Only import LDAP users to Seafile internal database upon login
          • Only list imported LDAP users in \"organization->members\"
          • Remove commit and fs objects in GC for deleted libraries
          • Improve error log for LDAP
          • Add \"transfer\" operation to library list in \"admin panel->a single user\"
          • [fix] Fix the showing of the folder name for upload link generated from the root of a library
          "},{"location":"changelog/server-changelog-old/#443-20151015","title":"4.4.3 (2015.10.15)","text":"
          • [security] Check validity of file object id to avoid a potential attack
          • [fix] Check the validity of system default library template, if it is broken, recreate a new one.
          • [fix] After transfer a library, remove original sharing information
          • [security] Fix possibility to bypass Captcha check
          • [security] More security fixes.
          "},{"location":"changelog/server-changelog-old/#442-20151012","title":"4.4.2 (2015.10.12)","text":"
          • [fix] Fix sometimes a revision is missing from a file's version history
          • [security] Use HTTP POST instead of GET to remove libraries
          • [fix] Fix a problem that sharing dialog not popup in IE10
          • A few other small UI improvements
          "},{"location":"changelog/server-changelog-old/#441-20150924","title":"4.4.1 (2015.09.24)","text":"
          • [fix] Fix a bug in setting an user's language
          • [fix] Show detailed failed information when sharing libraries failed
          • Update translations
          • [api] Add API to list folders in a folder recursively
          • [api] Add API to list only folders in a folder
          "},{"location":"changelog/server-changelog-old/#440-20150916","title":"4.4.0 (2015.09.16)","text":"

          New features:

          • Allow group names with spaces
          • Enable generating random password when adding an user
          • Add option SHARE_LINK_PASSWORD_MIN_LENGTH
          • Add sorting in share link management page
          • Show total/active number of users in admin panel
          • Other UI improvements

          Fixes:

          • [fix] Fix a bug that causing duplications in table LDAPImport
          • [security] Use POST request to handle password reset request to avoid CSRF attack
          • Don't show password reset link for LDAP users
          • set locale when Seahub start to avoid can't start Seahub problem in a few environments.
          "},{"location":"changelog/server-changelog-old/#43","title":"4.3","text":""},{"location":"changelog/server-changelog-old/#432-20150820","title":"4.3.2 (2015.08.20)","text":"
          • [fix, important] Bug-fix and improvements for seaf-fsck
          • [fix, important] Improve I/O error handling for file operations on web interface
          • Update shared information when a sub-folder is renamed
          • [fix] Fix bug of list file revisions
          • Update translations
          • [ui] Small improvements
          • [fix] Fix api error in opCopy/opMove
          • Old library page (used by admin in admin panel): removed 'thumbnail' & 'preview' for image files
          • [fix] Fix modification operations for system default library by admin
          "},{"location":"changelog/server-changelog-old/#431-20150729","title":"4.3.1 (2015.07.29)","text":"
          • [fix] Fix generating image thumbnail
          • [ui] Improve UI for sharing link page, login page, file upload link page
          • [security] Clean web sessions when reset an user's password
          • Delete the user's libraries when deleting an user
          • Show link expiring date in sharing link management page
          • [admin] In a user's admin page, showing libraries' size and last modify time
          "},{"location":"changelog/server-changelog-old/#430-20150721","title":"4.3.0 (2015.07.21)","text":"

          Usability Improvement

          • [ui] Improve ui for file view page
          • [ui] Improve ui for sorting files and libraries
          • Redesign sharing dialog
          • Enable generating random password for sharing link
          • Remove private message module
          • Remove direct single file sharing between users (You can still sharing folders)
          • Change \"Quit\" to \"Leave group\" in group members page

          Others

          • Improve user management for LDAP
          • [fix] Fix a bug that client can't detect a library has been deleted in the server
          • [security] Improve permission check in image thumbnail
          • [security] Regenerate Seahub secret key, the old secret key lack enough randomness
          • Remove the support of \".seaf\" format
          • [api] Add API for generating sharing link with password and expiration
          • [api] Add API for generating uploading link
          • [api] Add API for link files in sharing link
          • Don't listen in 10001 and 12001 by default.
          • Add an option to disable sync with any folder feature in clients
          • Change the setting of THUMBNAIL_DEFAULT_SIZE from string to number, i.e., use THUMBNAIL_DEFAULT_SIZE = 24, instead of THUMBNAIL_DEFAULT_SIZE = '24'
          "},{"location":"changelog/server-changelog-old/#42","title":"4.2","text":"

          Note when upgrade to 4.2 from 4.1:

          If you deploy Seafile in a non-root domain, you need to add the following extra settings in seahub_settings.py:

          COMPRESS_URL = MEDIA_URL\nSTATIC_URL = MEDIA_URL + '/assets/'\n
          "},{"location":"changelog/server-changelog-old/#423-20150618","title":"4.2.3 (2015.06.18)","text":"
          • Add global address book and remove the contacts module (You can disable it if you use CLOUD_MODE by adding ENABLE_GLOBAL_ADDRESSBOOK = False in seahub_settings.py)
          • Use image gallery module in sharing link for folders containing images
          • [fix] Fix missing library names (show as none) in 32bit version
          • [fix] Fix viewing sub-folders for password protected sharing
          • [fix] Fix viewing starred files
          • [fix] Fix supporting of uploading multi-files in clients' cloud file browser
          • Improve security of password resetting link
          "},{"location":"changelog/server-changelog-old/#422-20150529","title":"4.2.2 (2015.05.29)","text":"
          • [fix] Fix picture preview in sharing link of folders
          • Improve add library button in organization tab
          "},{"location":"changelog/server-changelog-old/#421-20150527","title":"4.2.1 (2015.05.27)","text":"
          • Add direct file download link
          • [fix] Fix group library creation bug
          • [fix] Fix library transfer bug
          • [fix] Fix markdown file/wiki bug
          • Don't show generating sharing link for encrypted libraries
          • Don't show the list of sub-libraries if user do not enable sub-library
          • Enable adding existing libraries to organization
          • Add loading tip in picture preview page
          "},{"location":"changelog/server-changelog-old/#420-beta-20150513","title":"4.2.0 beta (2015.05.13)","text":"

          Usability

          • Remove showing of library description
          • Don't require library description
          • Keep left navigation bar when navigate into a library
          • Generate share link for the root of a library

          Security Improvement

          • Remove access tokens (all clients will log out) when a users password changed
          • Temporary file access tokens can only be used once
          • sudo mode: confirm password before doing sysadmin work

          Platform

          • Use HTTP/HTTPS sync only, no longer use TCP sync protocol
          • read/write permission on sub-folders (Pro)
          • Support byte-range requests
          • Automatically clean of trashed libraries
          • [ldap] Save user information into local DB after login via LDAP
          "},{"location":"changelog/server-changelog-old/#41","title":"4.1","text":""},{"location":"changelog/server-changelog-old/#412-20150331","title":"4.1.2 (2015.03.31)","text":"
          • [fix] Fix several packaging related bugs (missing some python libraries)
          • [fix] Fix webdav issue
          • [fix] Fix image thumbnail in sharing link
          • [fix] Fix permission mode of seaf-gc.sh
          • Show detailed time when mouse over a relative time
          "},{"location":"changelog/server-changelog-old/#411-20150325","title":"4.1.1 (2015.03.25)","text":"
          • Add trashed libraries (deleted libraries will first be put into trashed libraries where system admin can restore)
          • [fix] Fix upgrade script for SQLite
          • Improve seaf-gc.sh
          • Do not support running on CentOS 5.
          "},{"location":"changelog/server-changelog-old/#410-beta-20150318","title":"4.1.0 beta (2015.03.18)","text":"
          • Shibboleth authentication support.
          • Redesign fsck.
          • Add image thumbnail in folder sharing link
          • Add API to support logout/login an account in the desktop client
          • Add API to generate thumbnails for images files
          • Clean syncing tokens after deleting an account
          • Change permission of seahub_settings.py, ccnet.conf, seafile.conf to 0600
          • Update Django to v1.5.12
          "},{"location":"changelog/server-changelog-old/#40","title":"4.0","text":""},{"location":"changelog/server-changelog-old/#406-20150204","title":"4.0.6 (2015.02.04)","text":"

          Important

          • [fix] Fix transfer library error in sysadmin page
          • [fix] Fix showing of space used in sysadmin page for LDAP users
          • Improved trash listing performance

          Small

          • [webdav] list organisation public libraries
          • Disable non-shibboleth login for shibboleth users
          • [fix] Fix wrong timestamp in file view page for files in sub-library
          • Add Web API for thumbnail
          • Add languages for Thai and Turkish, update a few translations
          "},{"location":"changelog/server-changelog-old/#405-20150114","title":"4.0.5 (2015.01.14)","text":"

          Important

          • [fix] Fix memory leak in HTTP syncing
          • Repo owner can restore folders/files from library snapshot
          • Update translations
          • Only repo owner can restore a library to a snapshot

          Small improvements

          • [fix] Remote redundant logs in seaf-server
          • [fix] Raise 404 when visiting an non-existing folder
          • [fix] Enable add admin when LDAP is enabled
          • Add API to get server features information (what features are supported by this server)
          • [fix] Fix throttle for /api2/ping
          "},{"location":"changelog/server-changelog-old/#404-20150106","title":"4.0.4 (2015.01.06)","text":"
          • [fix] Fix syncing sub-library with HTTP protocol
          • [fix] Fix a bug in setup-seafile-mysql.sh
          "},{"location":"changelog/server-changelog-old/#403-20141230","title":"4.0.3 (2014.12.30)","text":"
          • [fix] Fix unable to share library to another user
          "},{"location":"changelog/server-changelog-old/#402-20141226","title":"4.0.2 (2014.12.26)","text":"
          • Add image thumbnail
          • Add Shibboleth support (beta)
          • [fix] Fix performance problem in listing files API
          • [fix] Fix listing files of a large folder
          • [fix] Fix folder sharing link with password protection
          • [fix] Fix deleting broken libraries in the system admin panel
          "},{"location":"changelog/server-changelog-old/#401-20141129","title":"4.0.1 (2014.11.29)","text":"
          • [fix] Fix bugs in syncing with HTTP protocol
          • Add upgrading script (from v3.1 to v4.0)
          "},{"location":"changelog/server-changelog-old/#400-20141110","title":"4.0.0 (2014.11.10)","text":"
          • Add HTTP syncing support
          • Merge FileServer into seaf-server
          "},{"location":"changelog/server-changelog-old/#31","title":"3.1","text":""},{"location":"changelog/server-changelog-old/#317-20141020","title":"3.1.7 (2014.10.20)","text":"
          • [fix] Fixed performance problem in WebDAV extension
          • [fix] Fixed quota check in WebDAV extension
          • [fix] Fixed showing libraries with same name in WebDAV extension
          • Add \"clear\" button in a library's trash
          • Support upload a folder in web interface when using Chrome
          • [fix] Improve small errors when upload files via Web interface
          • [fix] Fix moving/coping files when the select all file checkbox is checked
          "},{"location":"changelog/server-changelog-old/#316-20140911","title":"3.1.6 (2014.09.11)","text":"
          • [fix] Fix bug in uploading >1GB files via Web
          • [fix] Remove assert in Ccnet to avoid denial-of-service attack
          • Revert the work \"access token generated by FileServer can only be used once\" because this leads to several problems
          "},{"location":"changelog/server-changelog-old/#315-20140829","title":"3.1.5 (2014.08.29)","text":"
          • [fix] Fix multi-file upload in upload link and library page
          • [fix] Fix libreoffice file online view
          • Add 'back to top' for pdf file view.
          • [fix] Fix \"create sub-library\" button under some language
          • [fix popup] Fix bug in set single notice as read.
          "},{"location":"changelog/server-changelog-old/#314-20140826","title":"3.1.4 (2014.08.26)","text":"
          • [fix, security] Fix permission check for PDF full screen view
          • [fix] Fix copy/move multiple files in web
          • Improve UI for group reply notification
          • Improve seaf-fsck, seaf-fsck now can fix commit missing problem
          • [security improve] Access token generated by FileServer can only be used once.
          "},{"location":"changelog/server-changelog-old/#313-20140818","title":"3.1.3 (2014.08.18)","text":"
          • [fix] fix memory leak
          • [fix] fix a memory not initialized problem which may cause sync problem under heavy load.
          • [fix] fix creating personal wiki
          "},{"location":"changelog/server-changelog-old/#312-20140807","title":"3.1.2 (2014.08.07)","text":"
          • Use unix domain socket in ccnet to listen for local connections. This isolates the access to ccnet daemon for different users. Thanks to Kimmo Huoman and Henri Salo for reporting this issue.
          "},{"location":"changelog/server-changelog-old/#311-20140801","title":"3.1.1 (2014.08.01)","text":"
          • Add a bash wrapper for seafile-gc
          • [fix] fix listing libraries when some libraries are broken
          • Remove simplejson dependency
          • Update translations
          • Add \"Back to Top\" button in file view page
          • Improve page refreshing after uploading files
          "},{"location":"changelog/server-changelog-old/#310-20140724","title":"3.1.0 (2014.07.24)","text":"

          Syncing

          • Improve performance: easily syncing 10k+ files in a library.
          • Don't need to download files if they are moved to another directory.

          Platform

          • Rename HttpServer to FileServer to remove confusing.
          • Support log rotate
          • Delete old PID files when stop Seafile

          Web

          • Enable deleting of personal messages
          • Improved notification
          • Upgrade pdf.js
          • Password protection for sharing links
          • [admin] Create multi-users by uploading a CSV file
          • Sort libraries by name/date
          • Enable users to put an additional message when sending a sharing link
          • Expiring time for sharing links
          • [fix] Send notification to all users participating a group discussion
          • Redesigned file viewing page
          • Remove simplejson dependency
          • Disable the ability to make a group public by default (admin can turn it on in settings)
          "},{"location":"changelog/server-changelog-old/#30","title":"3.0","text":""},{"location":"changelog/server-changelog-old/#304-20140607","title":"3.0.4 (2014.06.07)","text":"
          • [api] Add replace if exist into upload-api
          • Show detailed error message when Gunicorn failed to start
          • Improve object and block writting performance
          • Add retry when failed getting database connection
          • [fix] Use hash value for avatar file names to avoid invalid file name
          • [fix] Add cache for repo_crypto.js to improve page speed
          • [fix] Show error message when change/reset password of LDAP users
          • [fix] Fix \"save to my library\" when viewing a shared file
          • [fix, api] Fix rename file names with non-ascii characters
          "},{"location":"changelog/server-changelog-old/#303","title":"3.0.3","text":"
          • [fix] Fix an UI bug in selecting multiple contacts in sending message
          • Library browser page: Loading contacts asynchronously to improve initial loading speed
          "},{"location":"changelog/server-changelog-old/#302","title":"3.0.2","text":"
          • [fix] Fix a bug in writing file metadata to disk, which causing \"file information missing error\" in clients.
          • [fix] Fix API for uploading files from iOS in an encrypted library.
          • [fix] Fix WebDAV
          • [fix] Fix API for getting groups messages containing multiple file attachments
          • [fix] Fix bug in HttpServer when file block is missing
          • [fix] Fix login error for some kind of Android
          "},{"location":"changelog/server-changelog-old/#301","title":"3.0.1","text":"
          • [fix] Fix showing bold/italic text in .seaf format
          • [fix] Fix UI problem when selecting contacts in personal message send form
          • [fix] Add nickname check and escape nickname to prevent XSS attack
          • [fix] Check validity of library name (only allow a valid directory name).
          "},{"location":"changelog/server-changelog-old/#300","title":"3.0.0","text":"

          Web

          • Lots of small improvements in UI
          • Translations
          • [fix] Handle loading avatar exceptions to avoid 500 error

          Platform

          • Use random salt and PBKDF2 algorithm to store users' password. (You need to manually upgrade the database if you using 3.0.0 beta2 with MySQL backend.)
          "},{"location":"changelog/server-changelog-old/#300-beta2","title":"3.0.0 beta2","text":"

          Web

          • Handle 413 error of file upload
          • Support cross library files copy/move
          • Fixed a few api errors

          Platform

          • Allow config httpserver bind address
          • [fix] Fix file ID calculation
          • Improved device (desktop and mobile clients) management
          • Add back webdav support
          • Add upgrade script
          "},{"location":"changelog/server-changelog-old/#300-beta","title":"3.0.0 beta","text":"

          Platform

          • Separate the storage of libraries
          • Record files' last modification time directly
          • Keep file timestamp during syncing
          • Allow changing password of an encrypted library

          Web

          • Redesigned UI
          • Improve page loading speed
          "},{"location":"changelog/server-changelog-old/#22","title":"2.2","text":""},{"location":"changelog/server-changelog-old/#221","title":"2.2.1","text":"
          • [fix] Fixed creation of admin account
          "},{"location":"changelog/server-changelog-old/#220","title":"2.2.0","text":"
          • Add more checking for the validity of users' Email
          • Use random salt and PBKDF2 algorithm to store users' password.
          "},{"location":"changelog/server-changelog-old/#21","title":"2.1","text":""},{"location":"changelog/server-changelog-old/#215","title":"2.1.5","text":"
          • Add correct mime types for mp4 files when downloading
          • [important] set correct file mode bit after uploading a file from web.
          • Show meaningful message instead of \"auto merged by system\" for file merges
          • Improve file history calculation for files which were renamed

          WebDAV

          • Return last modified time of files
          "},{"location":"changelog/server-changelog-old/#214","title":"2.1.4","text":"
          • [fix] Fix file share link download issue on some browsers.
          • [wiki] Enable create index for wiki.
          • Hide email address in avatar.
          • Show \"create library\" button on Organization page.
          • [fix] Further improve markdown filter to avoid XSS attack.
          "},{"location":"changelog/server-changelog-old/#213","title":"2.1.3","text":"
          • [api] Add more web APIs
          • Incorporate Viewer.js to display opendocument formats
          • [fix] Add user email validation to avoid SQL injection
          • [fix] Only allow <a>, <table>, <img> and a few other html elements in markdown to avoid XSS attack.
          • Return sub-libraries to the client when the feature is enabled.
          "},{"location":"changelog/server-changelog-old/#212","title":"2.1.2","text":"
          • [fix] Fixed a bug in update script
          "},{"location":"changelog/server-changelog-old/#211","title":"2.1.1","text":"
          • Allow the user to choose the expiration of the session when login
          • Change default session expiration age to 1 day
          • [fix] Fixed a bug of copying/moving files on web browsers
          • [fix] Don't allow script in markdown files to avoid XSS attacks
          • Disable online preview of SVG files to avoid potential XSS attacks
          • [custom] Support specify the width of height of custom LOGO
          • Upgrade scripts support MySQL databases now
          "},{"location":"changelog/server-changelog-old/#210","title":"2.1.0","text":"

          Platform

          • Added FUSE support, currently read-only
          • Added WebDAV support
          • A default library would be created for new users on first login to seahub

          Web

          • Redesigned Web UI
          • Redesigned notification module
          • Uploadable share links
          • [login] Added captcha to prevent brute force attack
          • [fix] Fixed a bug of \"trembling\" when scrolling file lists
          • [sub-library] User can choose whether to enable sub-library
          • Improved error messages when upload fails
          • Set default browser file upload size limit to unlimited

          Web for Admin

          • Improved admin UI
          • More flexible customization options
          • Online help is now bundled within Seahub
          "},{"location":"changelog/server-changelog-old/#20","title":"2.0","text":""},{"location":"changelog/server-changelog-old/#204","title":"2.0.4","text":"
          • [fix] set the utf8 charset when connecting to database
          • Getting users from both database and LDAP
          • [web] List all contacts when sharing libraries
          • [admin] List database and LDAP users in sysadmin
          "},{"location":"changelog/server-changelog-old/#203","title":"2.0.3","text":"
          • [fix] Speed up file syncing when there are lots of small files
          "},{"location":"changelog/server-changelog-old/#202","title":"2.0.2","text":"
          • [fix] Fix CIFS support.
          • [fix] Support special characters like '@' in MySQL password
          • [fix] Fix create library from desktop client when deploy Seafile with Apache.
          • [fix] Fix sql syntax error in ccnet.log, issue #400 (https://github.com/haiwen/seafile/issues/400).
          • [fix] Return organization libraries to the client.
          • Update French, German and Portuguese (Brazil) languages.
          "},{"location":"changelog/server-changelog-old/#201","title":"2.0.1","text":"
          • [fix] Fix a bug in sqlite3 upgrade script
          • Add Chinese translation
          "},{"location":"changelog/server-changelog-old/#200","title":"2.0.0","text":"

          Platform

          • New crypto scheme for encrypted libraries
          • A fsck utility for checking data integrity

          Web

          • Change owner of a library/group
          • Move/delete/copy multiple files
          • Automatically save draft during online editing
          • Add \"clear format\" to .seaf file online editing
          • Support user delete its own account
          • Hide Wiki module by default
          • Remove the concept of sub-library

          Web for Admin

          • Change owner of a library
          • Search user/library

          API

          • Add list/add/delete user API
          "},{"location":"changelog/server-changelog-old/#18","title":"1.8","text":""},{"location":"changelog/server-changelog-old/#185","title":"1.8.5","text":"
          • [bugfix] Fix \"can't input space\" bug in .seaf files
          • Add pagination for online file browsing
          "},{"location":"changelog/server-changelog-old/#183","title":"1.8.3","text":"
          • [bugfix] Fix bug in setup-seafile-mysql.sh
          • Make reset-admin script work for MySQL
          • Remove redundant log messages
          • Fixed bugs in web API
          "},{"location":"changelog/server-changelog-old/#182","title":"1.8.2","text":"
          • Add script for setting up MySQL
          • [bugfix] Fixed a bug when sharing a library to another user without sending HTTP_REFERER
          "},{"location":"changelog/server-changelog-old/#181","title":"1.8.1","text":"
          • [bugfix] Fixed a bug when generating shared link
          "},{"location":"changelog/server-changelog-old/#180","title":"1.8.0","text":"

          Web

          • Improve online file browsing and uploading
          • Redesigned interface
          • Use ajax for file operations
          • Support selecting of multiple files in uploading
          • Support drag/drop in uploading
          • Improve file syncing and sharing
          • Syncing and sharing a sub-directory of an existing library.
          • Directly sharing files between two users (instead of generating public links)
          • User can save shared files to one's own library
          • [wiki] Add frame and max-width to images
          • Use 127.0.0.1 to read files (markdown, txt, pdf) in file preview
          • [bugfix] Fix pagination in library snapshot page
          • Set the max length of message reply from 128 characters to 2000 characters.
          • Improved performance for home page and group page
          • [admin] Add administration of public links

          API

          • Add creating/deleting library API

          Platform

          • Improve HTTPS support, now HTTPS reverse proxy is the recommend way.
          • Add LDAP filter and multiple DN
          • Case insensitive login
          • Move log files to a single directory
          • [security] Add salt when saving user's password
          • [bugfix] Fix a bug in handling client connection
          "},{"location":"changelog/server-changelog-old/#17","title":"1.7","text":""},{"location":"changelog/server-changelog-old/#1702-for-linux-32-bit","title":"1.7.0.2 for Linux 32 bit","text":"
          • [bugfix] Fix \"Page Unavailable\" when view doc/docx/ppt.
          "},{"location":"changelog/server-changelog-old/#1701-for-linux-32-bit","title":"1.7.0.1 for Linux 32 bit","text":"
          • [bugfix] Fix PostgreSQL support.
          "},{"location":"changelog/server-changelog-old/#170","title":"1.7.0","text":"

          Web

          • Upgrade to Django 1.5
          • Add personal messaging
          • Support cloud_mode to hide the \"organization\" tab
          • Support listing/revoking syncing clients
          • [bugfix] Fix a bug in Markdown undo/redo
          • [pro-edition] Searching in a library
          • [pro-edition] Redesign file activities
          • [pro-edition] Redesign doc/ppt/pdf preview with pdf2htmlEX

          Daemon

          • Support PostgreSQL
          • [bugfix] fix bugs in GC
          "},{"location":"changelog/server-changelog-old/#16","title":"1.6","text":""},{"location":"changelog/server-changelog-old/#161","title":"1.6.1","text":"

          Web

          • [bugfix] Fix showing personal Wiki under French translation
          • [bugfix] Fix showing markdown tables in Wiki
          • [bugfix] Fixed wiki link parsing bug when page alias contains dot.
          • Disable sharing link for encrypted libraries
          • [admin] improved user-add, set/revoke admin, user-delete

          Daemon

          • [controller] Add monitor for httpserver
          "},{"location":"changelog/server-changelog-old/#160","title":"1.6.0","text":"

          Web

          • Separate group functions into Library/Discuss/Wiki tabs
          • Redesign Discussion module
          • Add Wiki module
          • Improve icons
          • Can make a group public
          • [editing] Add toolbar and help page for Markdown files
          • [editing] A stable rich document editor for .seaf files
          • [bugfix] Keep encryption property when change library name/desc.

          For Admin

          • Add --dry-run option to seafserv-gc.
          • Support customize seafile-data location in seafile-admin
          • Do not echo the admin password when setting up Seafile server
          • seahub/seafile no longer check each other in start/stop scripts

          API

          • Show file modification time
          • Add update file API
          "},{"location":"changelog/server-changelog-old/#15","title":"1.5","text":""},{"location":"changelog/server-changelog-old/#152","title":"1.5.2","text":"
          • [daemon] Fix problem in DNS lookup for LDAP server
          "},{"location":"changelog/server-changelog-old/#151","title":"1.5.1","text":"
          • [web] Fix password reset bug in Seafile Web
          • [daemon] Fix memory leaks in Seafile server
          "},{"location":"changelog/server-changelog-old/#150","title":"1.5.0","text":"

          Seafile Web

          • Video/Audio playback with MediaElement.js (Contributed by Phillip Thelen)
          • Edit library title/description
          • Public Info & Public Library page are combined into one
          • Support selection of file encoding when viewing online
          • Improved online picture view (Switch to prev/next picture with keyboard)
          • Fixed a bug when doing diff for a newly created file.
          • Sort starred files by last-modification time.

          Seafile Daemon

          • Fixed bugs for using httpserver under https
          • Fixed performance bug when checking client's credential during sync.
          • LDAP support
          • Enable setting of the size of the thread pool.

          API

          • Add listing of shared libraries
          • Add unsharing of a library.
          "},{"location":"changelog/server-changelog/","title":"Seafile Server Changelog","text":"

          You can check Seafile release table to find the lifetime of each release and current supported OS: https://cloud.seatable.io/dtable/external-links/a85d4221e41344c19566/?tid=0000&vid=0000

          "},{"location":"changelog/server-changelog/#110","title":"11.0","text":"

          Upgrade

          Please check our document for how to upgrade to 11.0

          "},{"location":"changelog/server-changelog/#11012-2024-08-14","title":"11.0.12 (2024-08-14)","text":"
          • Update translations
          "},{"location":"changelog/server-changelog/#11011-2024-08-07","title":"11.0.11 (2024-08-07)","text":"
          • [fix] [important] Fix a security bug in WebDAV
          "},{"location":"changelog/server-changelog/#11010-2024-08-06","title":"11.0.10 (2024-08-06)","text":"

          Seafile

          • [fix] Use user's name in reset password email instead of internal ID
          • [fix] Fix SeaDoc incompatible with go fileserver
          • [fix] Fix invited guest cannot be revoke
          • [fix] Fix keyerror when using backup code in two-factor auth
          • [fix] Do not print warning in seaf-server.log when a LDAP user login
          "},{"location":"changelog/server-changelog/#1109-2024-05-30","title":"11.0.9 (2024-05-30)","text":"

          Seafile

          • Improve accessibility
          • Support open ODG files with LibreOffice (Collabora Online)
          • Support showing last modified time for folders in WebDAV
          • [fix] Fix \"remember me\" in 2FA

          SDoc editor 0.8

          • Support automatically adjusting table width to fit page width
          • Improve comments feature
          • Improve documents shown on mobile
          • More UI fixes and improvements
          "},{"location":"changelog/server-changelog/#1108-2024-04-22","title":"11.0.8 (2024-04-22)","text":"
          • Fix a bug in generating sharing links
          "},{"location":"changelog/server-changelog/#1107-2024-04-18","title":"11.0.7 (2024-04-18)","text":"

          Seafile

          • Support log rotate for golang file server and notification server
          • Update UI for upload link
          • Support OnlyOffice version feature
          • Show files' original path in the trash

          SDoc editor 0.7

          • Improve file comment feature
          • Improve file diff showing
          • Support print a document
          • Improve table editing
          "},{"location":"changelog/server-changelog/#1106-2024-03-14","title":"11.0.6 (2024-03-14)","text":"

          Seafile

          • Fix column view is limited to 100 items
          • Fix LDAP user login for WebDAV
          • Remove the configuration item \"ENABLE_FILE_COMMENT\" as it is no longer needed
          • Enable copy/move files between encrypted and non-encrypted libraries
          • Forbid creating libraries with Emoji in name
          • Fix some letters in the file name do not fit in height in some dialogs
          • Some other UI fixes and improvements
          • Fix a performance issue in sending file updates report

          SDoc editor 0.6

          • Support convert docx file to sdoc file
          • Support Markdown format in comments
          • Support drag rows/columns in table element and other improvements for table elements
          • Other UI fixes and improvements
          "},{"location":"changelog/server-changelog/#1105-2024-01-31","title":"11.0.5 (2024-01-31)","text":"

          Seafile

          • Fix captcha showing issue
          "},{"location":"changelog/server-changelog/#1104-2024-01-26","title":"11.0.4 (2024-01-26)","text":"

          Seafile

          • Add move dir/file, copy dir/file, delete dir/file, rename dir/file APIs for library token based API
          • Support preview of JFIF image format
          • Use user's current language when create Office files in OnlyOffice
          • More UI fixes and improvements

          SDoc editor 0.5

          • Support convert sdoc to docx format
          • Improve UX for internal document linking
          • Support icons in callout element
          • Add Search/Replace feature
          • More UI fixes and improvements
          "},{"location":"changelog/server-changelog/#1103-2023-12-19","title":"11.0.3 (2023-12-19)","text":"

          Seafile

          • Use file type icon as favicon for file preview pages
          • More UI fixes and improvements
          • [fix] seafdav.conf workers parameters does not to be used

          SDoc editor 0.4

          • Add templates with predefined stypes for tables
          • Support combining table cells
          • Add callout element
          • Support drag and drop elements
          • Improve file comments
          • Improve file history display by grouping history items
          • More UI fixes and improvements
          "},{"location":"changelog/server-changelog/#1102-2023-11-20","title":"11.0.2 (2023-11-20)","text":"

          Seafile

          • Update folder icon
          • The activities page support filter records based on modifiers
          • Add indicator for folders that has been shared out
          • Some small UI fixes
          • [fix] Fix some small bugs in golang file server
          • [fix] Fix LDAP users cannot login via desktop client
          • Add login ID field when exporting users in admin panel

          SDoc editor 0.3

          • Improved file comment feature
          • Improved revision and review feature
          • Support file tags
          • Better support editing list/table/code/image element
          • Support getting link for header element
          "},{"location":"changelog/server-changelog/#1101-beta-2023-10-18","title":"11.0.1 beta (2023-10-18)","text":"

          Seafile

          • Improve UI of notifications dialog
          • Improve UI of dropdown menus for libraries and files
          • Improve UI for file tags
          • Remove file comment features as they are used very little

          SDoc editor 0.2

          • All major elements like tables, lists are now supported
          • The editor is basically stable to use. Everyone is welcome to try it out.
          "},{"location":"changelog/server-changelog/#1100-beta-cancelled","title":"11.0.0 beta (cancelled)","text":"
          • Use a virtual ID to identify a user
          • LDAP login update
          • SAML/Shibboleth/OAuth login update
          • Update Django to version 4.2
          • Update SQLAlchemy to version 2.x
          • Improve UI of PDF view page
          • Add seafevents component
          "},{"location":"changelog/server-changelog/#100","title":"10.0","text":"

          Upgrade

          Please check our document for how to upgrade to 10.0.

          "},{"location":"changelog/server-changelog/#1001-2023-04-11","title":"10.0.1 (2023-04-11)","text":"
          • Support generating multiple share links for a file and a folder
          • [fix] Fix a bug in golang file server when zip-downloading a folder in encrypted library
          • [fix] Fix a bug in upgrading script when there is no configuration for Nginx
          • Video player support changing playback speed
          • [fix] Fix a few bugs in notification server
          "},{"location":"changelog/server-changelog/#1000-beta-2023-02-22","title":"10.0.0 beta (2023-02-22)","text":"
          • Update Python dependencies and support Ubuntu 22.04 and Debian 11
          • Add a new notification server (document will be provided later)
          • Update WebDAV password to use one-way hash
          • Remove SQL sub queries to improve SQL query speed in seaf-server
          • Show number of shared users/groups if any when deleting a folder
          • Support online playing of .wav files
          "},{"location":"changelog/server-changelog/#90","title":"9.0","text":""},{"location":"changelog/server-changelog/#9010-2022-12-07","title":"9.0.10 (2022-12-07)","text":"
          • Admin list all users API now return last_login and last_access_time
          • [fix] Fix a bug in displaying markdown file in sharing link
          • [fix] Fix notification mails are sent to inactive users
          • [fix] Fix viewing a file in an old snapshot leads to server hickup
          • [fix] Fix an HTTP/500 \"Internal server error\" when the user sets password containing non-latin characters for sharing links
          • [fix] Fix \"document convertion failed\u201d error visiting a shared document with preview only
          • [fix] Fix memory leak when block cache is enabled
          • Enable 'zoom in/out by pinch' for mobile in pdf file view page
          • [fix] Prevent system admin creating libraries with invalid name in admin panel
          • Improve performance in golang file server
          "},{"location":"changelog/server-changelog/#909-2022-09-22","title":"9.0.9 (2022-09-22)","text":"
          • [fix] Fix a memory leak problem
          • [fix] Fix a bug that will lead to seaf-fsck crash
          • [fix] Fix a stored XSS problem for library names
          • [fix] Disable open a file in OnlyOffice for encrypted libraries when open from trash
          "},{"location":"changelog/server-changelog/#908-2022-09-07","title":"9.0.8 (2022-09-07)","text":"
          • [fix] Fix a UI bug in sending sharing link by email
          • [fix] Markdown editor does not properly filter javscript URIs from the href attribute, which results in stored XSS
          • [fix] Fix a bug in OCM sharing
          • [fix] Fix a bug in un-linking a device in admin panel
          • [fix] Adding URL security check in /accounts/login redirect by ?next= parameter
          "},{"location":"changelog/server-changelog/#907-2022-08-10","title":"9.0.7 (2022-08-10)","text":"

          Note: included lxml library is removed for some compatiblity reason. The library is used in published libraries feature and WebDAV feature. You need to install lxml manually after upgrade to 9.0.7. Use command pip3 install lxml to install it.

          • A page in published libraries is rendered at the server side to improve loading speed.
          • Upgrade Django from 3.2.6 to 3.2.14
          • Fix a bug in collaboration notice sending via email to users' contact email
          • Support OnlyOffice oform/docxf files
          • Improve user search when sharing a library
          • Admin panel support searching a library via ID prefix
          • [fix] Fix preview PSD images
          • [fix] Fix a bug that office files can't be opened in sharing links via OnlyOffice
          • [fix] Go fileserver: Folder or File is not deletable when there is a spurious utf-8 char inside the filename
          "},{"location":"changelog/server-changelog/#906-2022-06-22","title":"9.0.6 (2022-06-22)","text":"
          • Show table of contents in Markdown sharing link
          • Check if quota exceeded before file uploading in upload sharing link
          • Support import group member via contact email
          "},{"location":"changelog/server-changelog/#905-2022-05-13","title":"9.0.5 (2022-05-13)","text":"
          • [fix] Fix a bug that sometimes a shared subfolder is unshared automatically by database access error
          • [fix] Fix a bug in work with Python 3.10+
          • [fix] Fix a bug in smart link redict to the file page
          • [fix] Fix a UI bug when drag and drop a file
          • [fix] Fix zip downloading a folder not having .zip suffix when using golang file server
          • Improve UI for file tags
          • Show file tags in sharing links
          • Improve UI of file comments
          • [fix] Fix permission check in deleting/editing a file comment
          • Remove the feature of related files as it is not used
          • Support editing of expire time for sharing links
          • Improve SQL performance when deleting a library
          • Show ISO date and time in file history page instead of showing relative time
          • Add \"Visit related snapshot\" in the dropdown menu of an entry in file history
          "},{"location":"changelog/server-changelog/#904-2022-02-21","title":"9.0.4 (2022-02-21)","text":"
          • [fix] Fix a UI bug in file moving/copying dialog
          • Support admin enforcing a strong password in WebDAV secret
          • [fix] Fix WebDAV error while filename contains special chars
          "},{"location":"changelog/server-changelog/#903-2022-02-15","title":"9.0.3 (2022-02-15)","text":"
          • Enable deleting fs objects in GC
          • Users can save files or folders in shared folder link to their own libraries
          • [fix] Fix language in calendar UI component used when picking date in sharing dialog
          • [fix] Fix markdown file print
          • Improve UI of file moving/copying dialog to show folders with long names
          • Expand to the current folder when open file moving/copying dialog
          • [fix] Fix a bug in golang file server log rotate support
          • [fix] Fix a bug in folder download-link and try to download files/folders as zip using golang file server
          • Show current number of shared users and groups when deleting a library
          • [fix] Fix support for customizing of favicon
          • [fix] Fix printing support of Markdown file
          • [fix] Fix zip-downloading in sharing links when golang file server is used
          "},{"location":"changelog/server-changelog/#902-2021-12-10","title":"9.0.2 (2021-12-10)","text":"
          • Fix OnlyOffice/Collabora integration when golang http server
          • Enable showing password for encrypted sharing links
          "},{"location":"changelog/server-changelog/#901-beta-2021-11-20","title":"9.0.1 beta (2021-11-20)","text":"
          • Fix OnlyOffice integration
          "},{"location":"changelog/server-changelog/#900-beta-2021-11-11","title":"9.0.0 beta (2021-11-11)","text":"
          • Upgrade Django to 3.2
          • Rewrite HTTP service in seaf-server with golang and move it to a separate component (turn off by default)
          • Upgrade PDFjs to new version, support viewing of password protected PDF
          • Use database to store OnlyOffice cache keys
          • Supporting converting files like doc to docx using OnlyOffice for online editing
          • Move SERVICE_URL configuration from ccnet.conf to seahub_settings.py

          The new file-server written in golang serves HTTP requests to upload/download/sync files. It provides three advantages:

          • The performance is better in a high-concurrency environment and it can handle long requests. Now you can sync libraries with large number of files.
          • Now file zipping and downloading can be done simutaneously. When zip downloading a folder, you don't need to wait until zip is done.
          • Support rate control for file uploading and downloading.

          You can turn golang file-server on by adding following configuration in seafile.conf

          [fileserver]\nuse_go_fileserver = true\n
          "},{"location":"changelog/server-changelog/#80","title":"8.0","text":"

          Please check our document for how to upgrade to 8.0.

          "},{"location":"changelog/server-changelog/#808-20211206","title":"8.0.8 (2021/12/06)","text":"
          • [fix] Fix a security issue in token check in file syncing
          • [fix] Fix URL encoding problem when view a file's history for files with special characters in file name.
          "},{"location":"changelog/server-changelog/#807-20210809","title":"8.0.7 (2021/08/09)","text":"
          • Improve performance for listing deleted files in trash
          • [fix] Fix FORCE_PASSWORD_CHANGE does not force the new user to change the password if the user is added by admin
          • [fix] Fix setting a webdav password when 2FA enabled
          • [fix] Fix search in a shared sub-folder
          • [fix] Remove watermark shown in Collabora integration
          "},{"location":"changelog/server-changelog/#806-20210714","title":"8.0.6 (2021/07/14)","text":"
          • [fix] Fix a cache problem in OnlyOffice integration when automatically saving is used
          • Admin can delete devices in the admin panel
          • [fix] Once a user quota have been set, I can not set it back to 0 (unlimited)
          • [fix] Fix collabora integration
          • User's can manage his/her Web API Auth Token in profile page
          • A group admin can now leave a group
          • [fix] Fix Lazy loading / pagination breaks image viewer (https://forum.seafile.com/t/lazy-loading-pagination-breaks-image-viewer/14655)
          "},{"location":"changelog/server-changelog/#805-20210514","title":"8.0.5 (2021/05/14)","text":"
          • Add \"Open via Client\" button in file view page
          • Add an admin API to change a user's email
          • [fix] Fix a bug in seaf-gc
          • [fix] Fix wrong links of files in library history details dialog
          • [fix] Fix deleting libraries without owner in admin panel
          • [fix] Fix a XSS problem in notification
          • [fix] Fix JWT token support in OnlyOffice integration
          • [fix] Fix sometimes webdav cache files are not cleaned
          "},{"location":"changelog/server-changelog/#804-20210325","title":"8.0.4 (2021/03/25)","text":"
          • [fix] Fix a permission denial problem in OCM, if a library is shared to more than two users in another server
          • [fix] Fix a bug in password protected upload link
          • [fix] Fix running seafile-controller with \"seafile-controller -t\"
          • [fix] Fix user search in \"Transfering a library\" dialog
          • Add \"Open via Client\" button in file view page
          • Add an admin API to change a user's email
          "},{"location":"changelog/server-changelog/#803-20210127","title":"8.0.3 (2021/01/27)","text":"
          • Users can use secret key to access WebDAV after enabling two-factor authentication
          • Fix fuse
          • Fix navigation side panel in public library on mobile
          • Improve UI of file search
          • Add QR code for sharing links
          • Fix OnlyOffice integration when JWT is enabled
          "},{"location":"changelog/server-changelog/#802-20210104","title":"8.0.2 (2021/01/04)","text":"
          • Fix LDAP problem
          • Fix upgrade script
          "},{"location":"changelog/server-changelog/#801-beta-20210104","title":"8.0.1 beta (2021/01/04)","text":"
          • Update translations for help pages
          • Add missing upgrade script
          • Add open cloud mesh feature
          "},{"location":"changelog/server-changelog/#800-beta-20201127","title":"8.0.0 beta (2020/11/27)","text":"
          • Support searching file in a library
          • Rewrite upload link page to use React technology
          • Improve GC performance
          • Upgrade Django to 2.2 version
          • Remove ccnet-server component
          • Update help page
          • Release v4 encrypted library format to enhance security for v3 encrypted format
          "},{"location":"changelog/server-changelog/#71","title":"7.1","text":"

          Feature changes

          Progresql support is dropped as we have rewritten the database access code to remove copyright issue.

          Upgrade

          Please check our document for how to upgrade to 7.1.

          "},{"location":"changelog/server-changelog/#715-20200922","title":"7.1.5 (2020/09/22)","text":"
          • [fix] Fix a bug in returned group library permission for SeaDrive client
          • [fix] Fix files preview using OnlyOffice in public shared links
          • Support pagination when listing libraries in a group
          • Update wsgidav used in WebDAV
          • [fix] Fix WebDAV failed login via WebDAV secret
          • [fix] Fix WebDAV error if a file is moved immediately after uploading
          • Remove redundent logs in seafile.log
          • [fix] Fix \"save to...\" in share link
          • Add an option to show a user's email in sharing dialog (ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER)
          • Add database connection pool to reduce database connection usage
          • Enable generating internal links for files in an encrypted library
          • Support setting the expire date time of a share link to a specific date time
          • GC add --id-prefix option to scan a specific range of libraries
          • fsck add an option to not check block integrity to speed up scanning
          • [fix] ccnet no longer listen on port 10001
          "},{"location":"changelog/server-changelog/#714-20200519","title":"7.1.4 (2020/05/19)","text":"
          • [fix] Fix page error in \"System Admin-> Users -> A User -> Groups\"
          • [fix] Fix listing LDAP imported users when number of users is greater than 500
          • Support selecting and downloading multiple files in a sharing link
          • Show share link expiration time in system admin
          • [fix] Fix file download links in public libraries
          • Other UI fixes
          "},{"location":"changelog/server-changelog/#713-20200326","title":"7.1.3 (2020/03/26)","text":"
          • Support sort libraries by size and number of files in admin panel
          • Support sort users by used storage in admin panel
          • [fix] Fix Markdown print for markdown with more than 1 page
          • Other UI fixes
          "},{"location":"changelog/server-changelog/#712-beta-20200305","title":"7.1.2 beta (2020/03/05)","text":"
          • [fix] Fix HTTP/2 support
          • Markdown page can now be printed using browser's \"Print...\"
          • Add zoom buttons for PDF page
          • Add sort function to directory share link page
          • Add support for JSON web tokens in OnlyOffice integration
          • UI improvements for pages in admin panel
          "},{"location":"changelog/server-changelog/#711-beta-20191223","title":"7.1.1 beta (2019/12/23)","text":"
          • [fix] Fix Gunicorn warning
          • [fix] Fix SQLite upgrade script
          • [fix] Fix Seahub can't started problem on Debian 10
          • [fix] For for Excel and PPT, the default fonts are Chinese font sets.
          • Some other UI fixes and improvements
          "},{"location":"changelog/server-changelog/#710-beta-20191205","title":"7.1.0 beta (2019/12/05)","text":"
          • Rewrite the system admin pages with React
          • Upgrade to Python3
          • Add library API Token, you can now generate API tokens for a library and use them in third party programs.
          • Add a feature abuse report for reporting abuse for download links.
          "},{"location":"changelog/server-changelog/#70","title":"7.0","text":"

          Feature changes

          In version 6.3, users can create public or private Wikis. In version 7.0, private Wikis is replaced by column mode view. Every library has a column mode view. So users don't need to explicitly create private Wikis.

          Public Wikis are now renamed to published libraries.

          Upgrade

          Just follow our document on major version upgrade. No special steps are needed.

          "},{"location":"changelog/server-changelog/#705-20190923","title":"7.0.5 (2019/09/23)","text":"
          • [fix] Fix '\\n' in system wide notification will lead to blank page
          • [fix] Remove all metadata in docx template
          • [fix] Fix redirection after login
          • [fix] Fix group order is not alphabetic
          • [fix] Fix download button in sharing link
          • Mobile UI Improvement (Now all major pages can be used in Mobile smoothly)
          • Add notification when a user try to leave a page during file transfer
          • Add UI waiting notification when resetting a user's password in admin panel
          • Add generating internal link (smart-link) for folders
          • [fix] Fix file drag and drop in IE and Firefox
          • Improve UI for file uploading, support re-upload after error
          • [fix] Fix devices login via Shibboleth not show in devices list
          • Support of OnlyOffice auto-save option
          • [fix] Fix zip download when user selecting a long list of files
          • Other UI fixes
          "},{"location":"changelog/server-changelog/#704-20190726","title":"7.0.4 (2019/07/26)","text":"
          • Fix avatar problem when deployed under non-root domain
          • Add get internal link in share dialog
          • Fix newly created DOCX files are not empty and have a Chinese font set as default font
          • Fix system does not send email to new user when adding new user in system admin
          • Fix thumbnail for TIFF files
          • Fix direct download link for sharing links
          "},{"location":"changelog/server-changelog/#703-20190705","title":"7.0.3 (2019/07/05)","text":"
          • UI Improvements and fixes
          • Fix file upload button with Safari, IE edge
          • Fix compatibility with \"Open library in web\" from the old version desktop client
          • Support \".\" in group name
          • Add back \"send link\" for upload links
          • Add back grid view for folder sharing links
          • Fix preview for PSD, TIFF files
          • Fix deleting of favorate items when they are shared items but the sharing are revoked
          • Fix avatar broken problem when using a non-stardard port
          • Fix resumable file uploading
          "},{"location":"changelog/server-changelog/#702-20190613","title":"7.0.2 (2019/06/13)","text":"
          • UI fixes
          • Support index.md in published library
          • Fix IE Edge support
          "},{"location":"changelog/server-changelog/#701-beta-20190531","title":"7.0.1 beta (2019/05/31)","text":"
          • [fix] Fix database upgrade problem
          • [fix] Fix WebDAV can't be started
          • [fix] Some UI fixes
          "},{"location":"changelog/server-changelog/#700-beta-20190523","title":"7.0.0 beta (2019/05/23)","text":"
          • Upgraded Web UI with React framework. The look and feel of the new UI is much better.
          • Improved Markdown editor
          • Add columns view mode (tree view like in the Windows Explorer)
          • Add context menu to manipulate files
          • Move files via drag and drop
          • Redesigned file tags
          • Support editing share link permission after creating a link
          "},{"location":"changelog/server-changelog/#63","title":"6.3","text":"

          In version 6.3, Django is upgraded to version 1.11. Django 1.8, which is used in version 6.2, is deprecated in 2018 April.

          With this upgrade, the fast-cgi mode is no longer supported. You need to config Seafile behind Nginx/Apache in WSGI mode.

          The way to run Seahub in another port is also changed. You need to modify the configuration file conf/gunicorn.conf instead of running ./seahub.sh start <another-port>.

          Version 6.3 also changed the database table for file comments, if you have used this feature, you need migrate old file comments using the following commends after upgrading to 6.3:

          ./seahub.sh python-env seahub/manage.py migrate_file_comment\n

          Note, this command should be run while Seafile server is running.

          "},{"location":"changelog/server-changelog/#634-20180915","title":"6.3.4 (2018/09/15)","text":"
          • [fix] Fix a security issue in Shibboleth authentication
          • [fix] Fix sometimes Web UI will not autoload a >100 item directory view
          "},{"location":"changelog/server-changelog/#633-20180907","title":"6.3.3 (2018/09/07)","text":"
          • Add generating of internal links
          • Support copy a file to its own parent folder, creating a file with a suffix like test-1.docx
          • Support setting the language list
          • Redirect '/shib-login' to '/sso'
          • Change \"Unknown error\" to \"network error\" when uploading failed caused by network error
          • [fix] Fix groups not shown in system admin panel
          • Support files be manually saved in OnlyOffice
          • Improve performance when getting users quota usage
          • Improve Markdown editor
          • The new Wiki feature is ready
          • Update Django to 1.11.11
          "},{"location":"changelog/server-changelog/#632-20180709","title":"6.3.2 (2018/07/09)","text":"
          • [fix] Fix error when public wiki be viewed by anonymous users
          • Remove department field in users' profile page
          • [fix] Print warning instead of exit when there are errors in database table upgrade
          • [fix] Send notification to the upload link creator after there are files uploaded
          • [fix] Fix customize css via \"custom/custom.css\"
          • [api] return the last modifier in file detail API
          • [fix] Fix ZIP download can't work in some languages
          "},{"location":"changelog/server-changelog/#631-20180624","title":"6.3.1 (2018/06/24)","text":"
          • Allow fullscreen presentation when view ppt(x) file via CollaboraOffice.
          • Support mobile UI style when view file via OnlyOffice.
          • Some UI improvement.
          • Show terms and condition link if terms and condition is enabled
          • [fix] Update OnlyOffice callback func (save file when status is 6).
          • [fix] Show library\u2019s first commit\u2019s desc on library history page.
          • [fix] Check if is an deleted library when admin restore a deleted library.
          • [fix] Removed dead 'quota doc' link on user info popup.
          • [fix] Fix bug of OnlyOffice file co-authoring.
          • [api] Add starred field to file detail api.
          • Use ID instead of email on sysadmin user page.
          • [fix] Fix database upgrade problems
          • [fix] Fix support for sqlite3
          • [fix] Fix crash when seaf-fsck, seaf-gc receive wrong arguments
          "},{"location":"changelog/server-changelog/#630-beta-20180526","title":"6.3.0 beta (2018/05/26)","text":"
          • UI Improvements: moving buttons to top bar, improve scrolling in file/library list
          • Update Django to 1.11, remove fast-cgi support
          • Update jQuery to version 3.3.1
          • Update pdf.js
          • Add invite people link to share dialog if the feature is enabled
          • Remove login log after delete a user
          • [admin] Support customize site title, site name, CSS via Web UI
          • [beta] Wiki, users can create public wikis
          • Add an option to define the listening address for WSGI mode
          • [fix] Fix a bug that causing seaf-fsck crash
          • [fix] Fix support for uploading folder via \u2018Cloud file browser\u2019
          • [fix] Cancel Zip download task at the server side when user close zip download dialog
          • Other fixes
          "},{"location":"changelog/server-changelog/#62","title":"6.2","text":"

          From 6.2, It is recommended to use WSGI mode for communication between Seahub and Nginx/Apache. Two steps are needed if you'd like to switch to WSGI mode:

          1. Change the config file of Nginx/Apache.
          2. Restart Seahub with ./seahub.sh start instead of ./seahub.sh start-fastcgi

          The configuration of Nginx is as following:

          location / {\n         proxy_pass         http://127.0.0.1:8000;\n         proxy_set_header   Host $host;\n         proxy_set_header   X-Real-IP $remote_addr;\n         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n         proxy_set_header   X-Forwarded-Host $server_name;\n         proxy_read_timeout  1200s;\n\n         # used for view/edit office file via Office Online Server\n         client_max_body_size 0;\n\n         access_log      /var/log/nginx/seahub.access.log;\n         error_log       /var/log/nginx/seahub.error.log;\n    }\n

          The configuration of Apache is as following:

              # seahub\n    SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n    ProxyPass / http://127.0.0.1:8000/\n    ProxyPassReverse / http://127.0.0.1:8000/\n
          "},{"location":"changelog/server-changelog/#625-20180123","title":"6.2.5 (2018/01/23)","text":"
          • [fix] Fix OAuth bug
          • [fix] Improve the performance of returning a user's all group libraries
          • [new] Support customize the list of groups that a user can see when sharing a library
          "},{"location":"changelog/server-changelog/#624-20180116","title":"6.2.4 (2018/01/16)","text":"
          • [new] Add the feature \"remember this device\" after two-factor authentication
          • [new] Add option to notify the admin after new user registration (NOTIFY_ADMIN_AFTER_REGISTRATION)
          • [fix] Fix a bug in modify permission for a a shared sub-folder
          • [fix] Fix support for PostgreSQL
          • [fix] Fix a bug in SQLite database support
          • [fix] Fix support for uploading 500+ files via web interface (caused by API rate throttle)
          • [improve, ui] Add transition to show/hide of feedback messages.
          • [improve] Improve performance of file history page.
          • [improve] Show two file history records at least.
          • [fix] show shared sub-folders when copy/move file/folder to \u201cOther Libraries\u201d.
          • [fix] Remove the white edge of webpage when previewing file via OnlyOffice.
          • [fix] Don\u2019t check if user exists when deleting a group member in admin panel.
          • [fix, oauth] Don\u2019t overwrite public registration settings when login a nonexistent user.
          • Other UI improvements.
          "},{"location":"changelog/server-changelog/#623-20171115","title":"6.2.3 (2017/11/15)","text":"
          • Support OAuth.
          • WSGI uses 5 processors by default instead of 3 processors each with 5 threads
          • [share] Add \"click to select\" feature for download/upload links.
          • [admin] Show/edit contact email in admin panel.
          • [admin] Show upload links in admin panel.
          • [fix] Fix Shibboleth login redirection issue, see https://forum.seafile.com/t/shared-links-via-shibboleth/4067/19
          • [fix] In some case failed to unshare a folder.
          • [fix] LDAP search issue.
          • [fix] Fix Safari downloaded file names are encoded like 'test-%2F%4B.doc' if it contains special characters.
          • [fix] Disable client encrypt library creation when creating encrypt library is disabled on server.
          "},{"location":"changelog/server-changelog/#622-20170925","title":"6.2.2 (2017/09/25)","text":"
          • [fix] Fix register button can't be clicked in login page
          • [fix] Fix login_success field not exist in sysadmin_extra_userloginlog
          "},{"location":"changelog/server-changelog/#621-20170922","title":"6.2.1 (2017/09/22)","text":"
          • [fix] Fix upgrade script for SQLite database
          • Add Czech language
          • [ui] Move password setting to a separate section
          • [ui] Add divider to file operation menu
          • [ui] Use high DPI icon in favorites page
          • [ui] Focus on password fields by default
          • [ui] Show feedback message when restore a library to a snapshot
          • [fix] Don't import settings in seafile.conf to database
          "},{"location":"changelog/server-changelog/#620-beta-20170914","title":"6.2.0 beta (2017/09/14)","text":"
          • Redesign login page, adding a background image.
          • Add two factor authentication
          • Clean the list of languages
          • Add the ability of tagging a snapshot of a library (Use ENABLE_REPO_SNAPSHOT_LABEL = True to turn the feature on)
          • [admin] Add an option to enable users to share a library to any groups in the system.
          • Use WSGI as the default mode for deploying Seahub.
          • Add a field Reference ID to support changing users primary ID in Shibboleth or LDAP
          • Improved performance of loading library list
          • Support adding a custom user search function (https://github.com/haiwen/seafile-docs/commit/115f5d85cdab7dc272da81bcc8e8c9b91d85506e)
          • Other small UI improvements
          "},{"location":"changelog/server-changelog/#61","title":"6.1","text":"

          If you upgrade from 6.0 and you'd like to use the feature video thumbnail, you need to install ffmpeg package:

          # for ubuntu 16.04\napt-get install ffmpeg\npip install pillow moviepy\n\n# for Centos 7\nyum -y install epel-release\nrpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro\nyum -y install ffmpeg ffmpeg-devel\npip install pillow moviepy\n
          "},{"location":"changelog/server-changelog/#612-20170815","title":"6.1.2 (2017.08.15)","text":"
          • Use user's language as lang setting for OnlyOffice
          • Improve performance for getting user\u2019s unread messages
          • Fix error when uploading files to system default library template
          • Users can restore their own deleted libraries
          • Improve performance when move or copy multiple files/folders
          • Add \u201cdetails\u201d for libraries, folders and files to show information like how many files in a library/folder
          • [fix] Fix a bug in seaf-gc
          • [fix, api] Fix a bug in creating folder API
          • [admin] Improve performance in getting total file number, used space and total number of devices
          • [fix] Fix MySQL connection pool in Ccnet
          "},{"location":"changelog/server-changelog/#611-20170615","title":"6.1.1 (2017.06.15)","text":"
          • Disable thumbnail for video files in default
          • Enable fixing the email for share link to be fixed in certain language (option SHARE_LINK_EMAIL_LANGUAGE in seahub_setting.py). So admin can force the language for a email of a share link to be always in English, regardless of what language the sender is using.
          • The language of the interface of CollaboraOffice/OnlyOffice will be determined by the language of the current user.
          • Display the correct image thumbnails in favorites instead of the generic one
          • Enable set favicon and logo via admin panel
          • Admin can add libraries in admin panel
          "},{"location":"changelog/server-changelog/#610-beta-20170511","title":"6.1.0 beta (2017.05.11)","text":"

          Web UI Improvement:

          1. Add thumbnail for video files
          2. Improved image file view, using thumbnail to view pictures
          3. Improve pdf preview in community edition
          4. Move items by drap & drop
          5. Add create docx/xlsx/pptx in web interface
          6. Add OnlyOffice integration
          7. Add Collabora integration
          8. Support folder upload in community edition
          9. Show which client modify a file in history, this will help to find which client accidentally modified a file or deleted a file.

          Improvement for admins:

          1. Admin can set user\u2019s quote, delete users in bulk
          2. Support using admin panel in mobile platform
          3. Add translation for settings page

          System changes:

          1. Remove wiki by default
          2. Upgrade Django to 1.8.18
          3. Clean Ajax API
          4. Increase share link token length to 20 characters
          5. Upgrade jstree to latest version
          "},{"location":"changelog/server-changelog/#60","title":"6.0","text":"

          Note: If you ever used 6.0.0 or 6.0.1 or 6.0.2 with SQLite as database and encoutered a problem with desktop/mobile client login, follow https://github.com/haiwen/seafile/pull/1738 to fix the problem.

          "},{"location":"changelog/server-changelog/#609-20170330","title":"6.0.9 (2017.03.30)","text":"
          • Show user' name instead of user's email in notifications sent out by email
          • Add config items for setting favicon, disable wiki feature
          • Add css id to easily hide user password reset and delete account button
          • [fix] Fix UI bug in restoring a file from snapshot
          • [fix] Fix after renaming a file, the old versions before file rename can't be downloaded
          • [security] Fix XSS problem of the \"go back\" button in history page and snapshot view page
          "},{"location":"changelog/server-changelog/#608-20170216","title":"6.0.8 (2017.02.16)","text":"

          Improvement for admin

          • Admin can add/delete group members
          • Admin can create group in admin panel
          • Show total storage, total number of files, total number of connected devices in the info page of admin panel
          • Force users to change password if imported via csv
          • Support set user's quota, name when import user via csv
          • Set user's quota in user list page
          • Add search group by group name
          • Use ajax when deleting a user's library in admin panel
          • Support logrotate for controller.log
          • Add # -*- coding: utf-8 -*- to seahub_settings.py, so that admin can use non-ascii characters in the file.
          • Ingore white space character in the end of lines in ccnet.conf
          • Add a log when a user can't be find in LDAP during login, so that the system admin can know whether it is caused by password error or the user can't be find
          • Delete shared libraries information when deleting a user

          Other

          • [fix] Uploading files with special names lets seaf-server crash
          • [fix] Fix user search when global address book is disabled in CLOUD_MODE
          • [fix] Avoid timeout in some cases when showing a library trash
          • Show \"the account is inactive\" when an inactive account try to login
          • [security] Remove viewer.js to show open document files (ods, odt) because viewer.js is not actively maintained and may have potential security bugs (Thanks to Lukas Reschke from Nextcloud GmbH to report the issue)
          • [fix] Fix PostgreSQL support
          • Update Django to 1.8.17
          • Change time_zone to UTC as default
          • [fix] Fix quota check: users can't upload a file if the quota will be exceeded after uploading the file
          • [fix] Fix quota check when copy file from one library to another
          • [fix] Prevent admin from access group's wiki
          • [fix] Fix a bug when download folder in grid view
          "},{"location":"changelog/server-changelog/#607-20161216","title":"6.0.7 (2016.12.16)","text":"
          • [fix] Fix generating of password protected link in file view page
          • [fix] Fix .jpg/.JPG image display in IE10
          • Export quota usage in export Excel in user list admin page
          • [fix] Fix admin can't delete broken libraries
          • Add \"back to previous page\" link in trash page, history page
          • [fix] Improve logo show in About page
          • [fix] Fix file encoding for text file editing online
          • [fix] Don't show operation buttons for broken libraries in normal users page
          "},{"location":"changelog/server-changelog/#606-20161116","title":"6.0.6 (2016.11.16)","text":"
          • [fix] Fix the shared folder link in the notification message when a user share a folder to another user
          • [fix] Update Django version from 1.8.10 to 1.8.16
          • [fix] Fix support for PostgreSQL
          • [fix] Fix SQLite database locking problem
          • [fix] Fix the shared folder name is not changed after removing the old share, renaming the folder and re-sharing the folder
          • [fix] Fix sub-folder accidentially show the files in parent folder when the parent folder contains more than 100 files
          • [fix] Fix image preview navigation when there are more than 100 entries in a folder
          • [fix] Fix bug when admin searching unexisting user
          • [fix] Fix jpeg image display in IE10
          • Add support for online view of mov video files
          • Make web access token expiring time configurable
          • Add an option on server to control block size for web upload files
          "},{"location":"changelog/server-changelog/#605-20161017","title":"6.0.5 (2016.10.17)","text":"
          • [fix] Fix API for uploading file by blocks (Used by iOS client when uploading a large file)
          • [fix] Fix a database connection problem in ccnet-server
          • [fix] Fix moved files are still present in local folder until refresh
          • [fix] Fix admin panel can't show deleted libraries
          "},{"location":"changelog/server-changelog/#604-20160922","title":"6.0.4 (2016.09.22)","text":"
          • [fix] Fix not able to move files via WebDAV interface
          • Check whether the quota will exceed before saving the uploaded file to Seafile via Web UI or API
          • [fix] Fix owner can't restore a deleted file or folder in snapshot
          • [fix] Fix UI of personal profile page
          • [fix] Fix in some cases mobile devices can't be unlinked
          • [fix] Fix connection problem for the latest MariaDB in initialisation script
          • [fix] PNG Thumbnail creation broken in 6.0.3 (getexif failes)
          • Make maxNumberOfFiles configurable
          • [fix] Remember the sorting of libraries
          • Add Finnish translation
          • Video + audio no longer be limited by max preview size
          "},{"location":"changelog/server-changelog/#603-20160903","title":"6.0.3 (2016.09.03)","text":"
          • [fix] Fix a bug in sqlite database upgrade script
          • [fix] Fix a bug in database connection pool
          • [fix] Fix a bug in file comment
          "},{"location":"changelog/server-changelog/#602-20160902","title":"6.0.2 (2016.09.02)","text":"
          • [fix] Fix a bug in sqlite database table locking
          • Update translations
          • Support create libraries for Seafile Drive client
          "},{"location":"changelog/server-changelog/#601-beta-20160822","title":"6.0.1 beta (2016.08.22)","text":"
          • [fix] Fix default value of created_at in table api2_tokenv2. This bug leads to login problems for desktop and mobile clients.
          • [fix] Fix a bug in generating a password protected share link
          • Improve checking the user running Seafile must be the owner of seafile-data. If seafile-data is symbolic link, check the destination folder instead of the symbolic link.
          • [ui] Improve rename operation
          • Admin can set library permissions in admin panel
          • Show name/contact email in admin panel and enable search user by name/contact email
          • Add printing style for markdown
          • The \u201cSeafile\u201d in \"Welcome to Seafile\" message can be customised by SITE_NAME
          • Improve sorting of files with numbers
          • [fix] Fix can't view more than 100 files
          • [api] Add admin API to only return LDAP imported user list
          "},{"location":"changelog/server-changelog/#600-beta-20160802","title":"6.0.0 beta (2016.08.02)","text":"
          • Add full screen Web UI
          • Code clean and update Web APIs
          • Add file comment
          • Improve zip downloading by adding zip progress
          • Change of navigation labels
          • [admin] Add group transfer function in admin panel
          • Remove number of synced libraries in devices page for simplify the interface and concept
          • Update help pages
          "},{"location":"changelog/server-changelog/#51","title":"5.1","text":"

          Warning:

          • The concept of sub-library is removed in version 5.1. You can do selective sync with the latest desktop client
          • The group message reply function is removed, and the old reply messages will not be shown with the new UI

          Note: when upgrade from 5.1.3 or lower version to 5.1.4+, you need to install python-urllib3 (or python2-urllib3 for Arch Linux) manually:

          # for Ubuntu\nsudo apt-get install  python-urllib3\n# for CentOS\nsudo yum install python-urllib3\n
          "},{"location":"changelog/server-changelog/#514-20160723","title":"5.1.4 (2016.07.23)","text":"
          • [fix] Fix seaf-fsck.sh --export fails without database
          • [fix] Fix users with Umlauts in their display name breaks group management and api2/account/info on some special Linux distribution
          • Remove user from groups when a user is deleted.
          • [fix] Fix can't generate shared link for read-only shared library
          • [fix] Fix can still view file history after library history is set to \"no history\".
          • [fix] Fix after moving or deleting multiple selected items in the webinterface, the buttons are lost until reloading
          • Check user before start seafile. The user must be the owner of seafile-data directory
          • Don't allow emails with very special characters that may containing XSS string to register
          • [fix] During downloading multiple files/folders, show \"Total size exceeds limits\" instead of \"internal server error\" when selected items exceeds limits.
          • [fix] When delete a share, only check whether the be-shared user exist or not. This is to avoid the situation that share to a user can't be deleted after the user be deleted.
          • Add a notificition to a user if he/she is added to a group
          • Improve UI for password change page when forcing password change after admin reset a user's password
          • [fix] Fix duplicated files show in Firefox if the folder name contains single quote '
          "},{"location":"changelog/server-changelog/#513-20160530","title":"5.1.3 (2016.05.30)","text":"
          • [security] Fix permission checking for generating share links
          • Add an option (ENABLE_SETTINGS_VIA_WEB) to ignore settings via Web UI (system admin->settings)
          • [fix] Making user search (used in auto-completion) case insensitive
          "},{"location":"changelog/server-changelog/#512-20160513","title":"5.1.2 (2016.05.13)","text":"
          • [fix] Fix group rename
          • [fix] Fix group transfer
          • Send notifications to members when a new library is shared to a group
          • Download multiple selected files from Seahub as a ZIP-file
          • Use seafile-data/http-temp to store zip file when downloading a dir
          • [ui] Remember the expanded status of groups in the left hand nav bar
          • [accessibility] Improve accessiblity of library trash/history page by making links for operations selectable by tab.
          • [accessibility] Improve accessiblity of dialogs, add missing labelledby properties for the whole dialog.
          • [accessibility] Improve file/folder upload menu
          • list all devices in admin panel
          • Add syslog support for seafile.log
          "},{"location":"changelog/server-changelog/#511-20160408","title":"5.1.1 (2016.04.08)","text":"

          Note: downloading multiple files at once will be added in the next release.

          • A few UI Improvement and fixes
          • Add group-discussion (warning: the group message reply function is removed, and the old reply messages will not be shown with the new UI)
          • Add an option for disable forcing users to change password (FORCE_PASSWORD_CHANGE, default is True)
          • Support new Shibboleth users be created as inactive and activated via Admin later (SHIB_ACTIVATE_AFTER_CREATION , default is True)
          • Update jquery to v1.11
          "},{"location":"changelog/server-changelog/#510-beta-20160322","title":"5.1.0 beta (2016.03.22)","text":"

          Note: in this version, the group discussion is not re-implement yet. It will be available when the stable verison is released.

          • Redesign navigation
          • Rewrite group management
          • Improve sorting for large folder
          • Remember the sorting option for folder
          • Improve devices page
          • Update icons for libraries and files
          • Remove library settings page, re-implement them with dialogs
          • Remove group avatar
          • Don't show share menu in top bar when multiple item selected
          • Auto-focus on username field when loading the login page
          • Remove self-introduction in user profile
          • Upgrade to django 1.8
          • Force the user to change password if adding by admin or password reset by admin
          • disable add non-existing user to a group
          "},{"location":"config/","title":"Server Configuration and Customization","text":""},{"location":"config/#config-files","title":"Config Files","text":"

          The config files used in Seafile include:

          • environment variables: contains environment variables, the items here are shared between different components.
          • ccnet.conf: contains some settings for connection to ccnet_db.
          • seafile.conf: contains settings for seafile daemon and fileserver.
          • seahub_settings.py: contains settings for Seahub
          • seafevents.conf: contains settings for background tasks and file search.

          You can also modify most of the config items via web interface.The config items are saved in database table (seahub-db/constance_config). They have a higher priority over the items in config files.

          "},{"location":"config/#the-design-of-configure-options","title":"The design of configure options","text":"

          There are now three places you can config Seafile server:

          • environment variables
          • config files
          • via web interface

          Environment variables also have three categories:

          • Initialization variables that used to generate config files when Seafile server run for the first time.
          • Variables that shared and used by multiple components of Seafile server.
          • Variables that used both in generate config files and later also needed for some components that have no corresponding config file.

          The variables in the first category can be deleted after initialization. In the future, we will make more components can read config from environment variables, so that the third category is no longer needed.

          The web interface has the highest priority, then the environment variables, then the config files. In practise, you can disable settings via web interface for simplicity.

          "},{"location":"config/admin_roles_permissions/","title":"Roles and Permissions Support","text":"

          You can add/edit roles and permission for administrators. Seafile has four build-in admin roles:

          1. default_admin, has all permissions.

          2. system_admin, can only view system info and config system.

          3. daily_admin, can only view system info, view statistic, manage library/user/group, view user log.

          4. audit_admin, can only view system info and admin log.

          All administrators will have default_admin role with all permissions by default. If you set an administrator to some other admin role, the administrator will only have the permissions you configured to True.

          Seafile supports eight permissions for now, its configuration is very like common user role, you can custom it by adding the following settings to seahub_settings.py.

          ENABLED_ADMIN_ROLE_PERMISSIONS = {\n    'system_admin': {\n        'can_view_system_info': True,\n        'can_config_system': True,\n    },\n    'daily_admin': {\n        'can_view_system_info': True,\n        'can_view_statistic': True,\n        'can_manage_library': True,\n        'can_manage_user': True,\n        'can_manage_group': True,\n        'can_view_user_log': True,\n    },\n    'audit_admin': {\n        'can_view_system_info': True,\n        'can_view_admin_log': True,\n    },\n    'custom_admin': {\n        'can_view_system_info': True,\n        'can_config_system': True,\n        'can_view_statistic': True,\n        'can_manage_library': True,\n        'can_manage_user': True,\n        'can_manage_group': True,\n        'can_view_user_log': True,\n        'can_view_admin_log': True,\n    },\n}\n
          "},{"location":"config/auth_switch/","title":"Switch authentication type","text":"

          Seafile Server supports the following external authentication types:

          • LDAP (Auth and Sync)
          • OAuth
          • Shibboleth
          • SAML

          Since 11.0 version, switching between the types is possible, but any switch requires modifications of Seafile's databases.

          Note

          Before manually manipulating your database, make a database backup, so you can restore your system if anything goes wrong!

          See more about make a database backup.

          "},{"location":"config/auth_switch/#migrating-from-local-user-database-to-external-authentication","title":"Migrating from local user database to external authentication","text":"

          As an organisation grows and its IT infrastructure matures, the migration from local authentication to external authentication like LDAP, SAML, OAUTH is common requirement. Fortunately, the switch is comparatively simple.

          "},{"location":"config/auth_switch/#general-procedure","title":"General procedure","text":"

          1. Configure and test the desired external authentication. Note the name of the provider you use in the config file. The user to be migrated should already be able to log in with this new authentication type, but he will be created as a new user with a new unique identifier, so he will not have access to his existing libraries. Note the uid from the social_auth_usersocialauth table. Delete this new, still empty user again.

          2. Determine the ID of the user to be migrated in ccnet_db.EmailUser. For users created before version 11, the ID should be the user's email, for users created after version 11, the ID should be a string like xxx@auth.local.

          3. Replace the password hash with an exclamation mark.

          4. Create a new entry in social_auth_usersocialauth with the xxx@auth.local, your provider and the uid.

          The login with the password stored in the local database is not possible anymore. After logging in via external authentication, the user has access to all his previous libraries.

          "},{"location":"config/auth_switch/#example","title":"Example","text":"

          This example shows how to migrate the user with the username 12ae56789f1e4c8d8e1c31415867317c@auth.local from local database authentication to OAuth. The OAuth authentication is configured in seahub_settings.py with the provider name authentik-oauth. The uid of the user inside the Identity Provider is HR12345.

          This is what the database looks like before these commands must be executed:

          mysql> select email,left(passwd,25) from EmailUser where email = '12ae56789f1e4c8d8e1c31415867317c@auth.local';\n+---------------------------------------------+------------------------------+\n| email                                       | left(passwd,25)              |\n+---------------------------------------------+------------------------------+\n| 12ae56789f1e4c8d8e1c31415867317c@auth.local | PBKDF2SHA256$10000$4cdda6... |\n+---------------------------------------------+------------------------------+\n\nmysql> update EmailUser set passwd = '!' where email = '12ae56789f1e4c8d8e1c31415867317c@auth.local';\n\nmysql> insert into `social_auth_usersocialauth` (`username`, `provider`, `uid`, `extra_data`) values ('12ae56789f1e4c8d8e1c31415867317c@auth.local', 'authentik-oauth', 'HR12345', '');\n

          Note

          The extra_data field store user's information returned from the provider. For most providers, the extra_data field is usually an empty character. Since version 11.0.3-Pro, the default value of the extra_data field is NULL.

          Afterwards the databases should look like this:

          mysql> select email,passwd from EmailUser where email = '12ae56789f1e4c8d8e1c31415867317c@auth.local';\n+---------------------------------------------+------- +\n| email                                       | passwd |\n+---------------------------------------------+--------+\n| 12ae56789f1e4c8d8e1c31415867317c@auth.local | !      |\n+---------------------------------------------+--------+\n\nmysql> select username,provider,uid from social_auth_usersocialauth where username = '12ae56789f1e4c8d8e1c31415867317c@auth.local';\n+---------------------------------------------+-----------------+---------+\n| username                                    | provider        | uid     |\n+---------------------------------------------+-----------------+---------+\n| 12ae56789f1e4c8d8e1c31415867317c@auth.local | authentik-oauth | HR12345 |\n+---------------------------------------------+-----------------+---------+\n
          "},{"location":"config/auth_switch/#migrating-from-one-external-authentication-to-another","title":"Migrating from one external authentication to another","text":"

          First configure the two external authentications and test them with a dummy user. Then, to migrate all the existing users you only need to make changes to the social_auth_usersocialauth table. No entries need to be deleted or created. You only need to modify the existing ones. The xxx@auth.local remains the same, you only need to replace the provider and the uid.

          "},{"location":"config/auth_switch/#migrating-from-external-authentication-to-local-user-database","title":"Migrating from external authentication to local user database","text":"

          First, delete the entry in the social_auth_usersocialauth table that belongs to the particular user.

          Then you can reset the user's password, e.g. via the web interface. The user will be assigned a local password and from now on the authentication against the local database of Seafile will be done.

          More details about this option will follow soon.

          "},{"location":"config/auto_login_seadrive/","title":"Auto Login to SeaDrive on Windows","text":"

          Kerberos is a widely used single sign on (SSO) protocol. Supporting of auto login will use a Kerberos service. For server configuration, please read remote user authentication documentation. You have to configure Apache to authenticate with Kerberos. This is out of the scope of this documentation. You can for example refer to this webpage.

          "},{"location":"config/auto_login_seadrive/#technical-details","title":"Technical Details","text":"

          The client machine has to join the AD domain. In a Windows domain, the Kerberos Key Distribution Center (KDC) is implemented on the domain service. Since the client machine has been authenticated by KDC when a Windows user logs in, a Kerberos ticket will be generated for current user without needs of another login in the browser.

          When a program using the WinHttp API tries to connect a server, it can perform a login automatically through the Integrated Windows Authentication. Internet Explorer and SeaDrive both use this mechanism.

          The details of Integrated Windows Authentication is described below:

          1. Decide whether or not to use IWA according to the address and Internet Options. (more in next section)
          2. Send a request to the server (e.g. http://test.seafile.com/sso)
          3. The server returns an HTTP 401 unauthorized response with the Negotiate header which includes an authentication protocol.
          4. The WinHttp API will try to use Kerberos first, if there is a valid ticket from KDC. The request will be sent again, together with the ticket in an HTTP header.
          5. Then, Apache can check the ticket with KDC, and extract the username from it. The username will be passed to SeaHub for a successful auto login.
          6. If the WinHttp API failed to get a ticket, it will then try the NTLM protocol by sending an HTTP request with Negotiate NTLMSSP token in the header. Without supporting the NTLM protocol, Apache shall returns an HTTP 401 unauthorized response and stops negotiation. At this point, the browser will pop up a login dialog, which means an auto login failure.

          In short:

          1. The client machine has to join the AD domain.
          2. The Internet Options has to be configured properly.
          3. The WinHttp API should be able to get a valid ticket from KDC. Make sure you use the correct server address (e.g. test.seafile.com) when you generate keytab file on the domain controller.
          "},{"location":"config/auto_login_seadrive/#auto-login-on-internet-explorer","title":"Auto Login on Internet Explorer","text":"

          The Internet Options has to be configured as following:

          Open \"Internet Options\", select \"Security\" tab, select \"Local Intranet\" zone.

          1. \"Sites\" -> \"Advanced\" -> \"Add this website to zone\". This is the place where we fill the address (e.g. http://test.seafile.com)
          2. \"Security level for this zone\" -> \"Custom level...\" -> \"Automatic log-on with current username and password\".

          Note

          Above configuration requires a reboot to take effect.

          Next, we shall test the auto login function on Internet Explorer: visit the website and click \"Single Sign-On\" link. It should be able to log in directly, otherwise the auto login is malfunctioned.

          Note

          The address in the test must be same as the address specified in the keytab file. Otherwise, the client machine can't get a valid ticket from Kerberos.

          "},{"location":"config/auto_login_seadrive/#auto-login-on-seadrive","title":"Auto Login on SeaDrive","text":"

          SeaDrive will use the Kerberos login configuration from the Windows Registry under HKEY_CURRENT_USER/SOFTWARE/SeaDrive.

          Key   : PreconfigureServerAddr\nType  : REG_SZ\nValue : <the url of seafile server>\n\nKey   : PreconfigureUseKerberosLogin\nType  : REG_SZ\nValue : <0|1> // 0 for normal login, 1 for SSO login\n

          The system wide configuration path is located at HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/SeaDrive.

          "},{"location":"config/auto_login_seadrive/#seadrive-silent-installation","title":"SeaDrive Silent Installation","text":"

          SeaDrive can be installed silently with the following command (requires admin privileges):

          msiexec /i seadrive.msi /quiet /qn /log install.log\n
          "},{"location":"config/auto_login_seadrive/#auto-login-via-group-policy","title":"Auto Login via Group Policy","text":"

          The configuration of Internet Options : https://docs.microsoft.com/en-us/troubleshoot/browsers/how-to-configure-group-policy-preference-settings

          The configuration of Windows Registry : https://thesolving.com/server-room/how-to-deploy-a-registry-key-via-group-policy/

          "},{"location":"config/ccnet-conf/","title":"ccnet.conf","text":"

          Ccnet is the internal RPC framework used by Seafile server and also manages the user database. A few useful options are in ccnet.conf.

          Note

          Ccnet component is merged into seaf-server in version 7.1, but the configuration file are still needed

          "},{"location":"config/ccnet-conf/#changing-mysql-connection-pool-size","title":"Changing MySQL Connection Pool Size","text":"

          When you configure ccnet to use MySQL, the default connection pool size is 100, which should be enough for most use cases. You can change this value by adding following options to ccnet.conf:

          [Database]\n......\n# Use larger connection pool\nMAX_CONNECTIONS = 200\n
          "},{"location":"config/ccnet-conf/#using-encrypted-connections","title":"Using Encrypted Connections","text":"

          Since Seafile 10.0.2, you can enable the encrypted connections to the MySQL server by adding the following configuration options:

          [Database]\nUSE_SSL = true\nSKIP_VERIFY = false\nCA_PATH = /etc/mysql/ca.pem\n

          When set use_ssl to true and skip_verify to false, it will check whether the MySQL server certificate is legal through the CA configured in ca_path. The ca_path is a trusted CA certificate path for signing MySQL server certificates. When skip_verify is true, there is no need to add the ca_path option. The MySQL server certificate won't be verified at this time.

          "},{"location":"config/config_seafile_with_ADFS/","title":"config seafile with ADFS","text":""},{"location":"config/config_seafile_with_ADFS/#requirements","title":"Requirements","text":"

          To use ADFS to log in to your Seafile, you need the following components:

          1. A Winodws Server with ADFS installed. For configuring and installing ADFS you can see this article.

          2. A valid SSL certificate for ADFS server, and here we use adfs-server.adfs.com as the domain name example.

          3. A valid SSL certificate for Seafile server, and here we use demo.seafile.com as the domain name example.

          "},{"location":"config/config_seafile_with_ADFS/#prepare-certs-file","title":"Prepare Certs File","text":"
          1. x.509 certs for SP (Service Provider)

          You can generate them by:

          ``` openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout sp.key -out sp.crt 

           These x.509 certs are used to sign and encrypt elements like NameID and Metadata for SAML. \n\n Then copy these two files to **<seafile-install-path>/seahub-data/certs**. (if the certs folder not exists, create it.)\n\n2. x.509 cert from IdP (Identity Provider)\n\n 1. Log into the ADFS server and open the ADFS management.\n\n 1. Double click **Service** and choose **Certificates**.\n\n 1. Export the **Token-Signing** certificate:\n\n    1. Right-click the certificate and select **View Certificate**.\n    1. Select the **Details** tab.\n    1. Click **Copy to File** (select **DER encoded binary X.509**).\n\n 1. Convert this certificate to PEM format, rename it to **idp.crt**\n\n 1. Then copy it to **<seafile-install-path>/seahub-data/certs**.\n\n### Prepare IdP Metadata File\n\n1. Open https://adfs-server.adfs.com/federationmetadata/2007-06/federationmetadata.xml\n\n1. Save this xml file, rename it to **idp_federation_metadata.xml**\n\n1. Copy it to **<seafile-install-path>/seahub-data/certs**.\n\n### Install Requirements on Seafile Server\n\n- For Ubuntu 16.04\n
          sudo apt install xmlsec1 sudo pip install cryptography djangosaml2==0.15.0 
          ### Config Seafile\n\nAdd the following lines to **seahub_settings.py**\n
          from os import path import saml2 import saml2.saml

          "},{"location":"config/config_seafile_with_ADFS/#update-following-lines-according-to-your-situation","title":"update following lines according to your situation","text":"

          CERTS_DIR = '/seahub-data/certs' SP_SERVICE_URL = 'https://demo.seafile.com' XMLSEC_BINARY = '/usr/local/bin/xmlsec1' ATTRIBUTE_MAP_DIR = '/seafile-server-latest/seahub-extra/seahub_extra/adfs_auth/attribute-maps' SAML_ATTRIBUTE_MAPPING = { 'DisplayName': ('display_name', ), 'ContactEmail': ('contact_email', ), 'Deparment': ('department', ), 'Telephone': ('telephone', ), }"},{"location":"config/config_seafile_with_ADFS/#update-the-idp-section-in-sampl_config-according-to-your-situation-and-leave-others-as-default","title":"update the 'idp' section in SAMPL_CONFIG according to your situation, and leave others as default","text":"

          ENABLE_ADFS_LOGIN = True EXTRA_AUTHENTICATION_BACKENDS = ( 'seahub_extra.adfs_auth.backends.Saml2Backend', ) SAML_USE_NAME_ID_AS_USERNAME = True LOGIN_REDIRECT_URL = '/saml2/complete/' SAML_CONFIG = { # full path to the xmlsec1 binary programm 'xmlsec_binary': XMLSEC_BINARY,

          'allow_unknown_attributes': True,\n\n# your entity id, usually your subdomain plus the url to the metadata view\n'entityid': SP_SERVICE_URL + '/saml2/metadata/',\n\n# directory with attribute mapping\n'attribute_map_dir': ATTRIBUTE_MAP_DIR,\n\n# this block states what services we provide\n'service': {\n    # we are just a lonely SP\n    'sp' : {\n        \"allow_unsolicited\": True,\n        'name': 'Federated Seafile Service',\n        'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS,\n        'endpoints': {\n            # url and binding to the assetion consumer service view\n            # do not change the binding or service name\n            'assertion_consumer_service': [\n                (SP_SERVICE_URL + '/saml2/acs/',\n                 saml2.BINDING_HTTP_POST),\n            ],\n            # url and binding to the single logout service view\n            # do not change the binding or service name\n            'single_logout_service': [\n                (SP_SERVICE_URL + '/saml2/ls/',\n                 saml2.BINDING_HTTP_REDIRECT),\n                (SP_SERVICE_URL + '/saml2/ls/post',\n                 saml2.BINDING_HTTP_POST),\n            ],\n        },\n\n        # attributes that this project need to identify a user\n        'required_attributes': [\"uid\"],\n\n        # attributes that may be useful to have but not required\n        'optional_attributes': ['eduPersonAffiliation', ],\n\n        # in this section the list of IdPs we talk to are defined\n        'idp': {\n            # we do not need a WAYF service since there is\n            # only an IdP defined here. This IdP should be\n            # present in our metadata\n\n            # the keys of this dictionary are entity ids\n            'https://adfs-server.adfs.com/federationmetadata/2007-06/federationmetadata.xml': {\n                'single_sign_on_service': {\n                    saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/idpinitiatedsignon.aspx',\n                },\n              'single_logout_service': {\n                  saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/?wa=wsignout1.0',\n              },\n            },\n        },\n    },\n},\n\n# where the remote metadata is stored\n'metadata': {\n    'local': [path.join(CERTS_DIR, 'idp_federation_metadata.xml')],\n},\n\n# set to 1 to output debugging information\n'debug': 1,\n\n# Signing\n'key_file': '', \n'cert_file': path.join(CERTS_DIR, 'idp.crt'),  # from IdP\n\n# Encryption\n'encryption_keypairs': [{\n    'key_file': path.join(CERTS_DIR, 'sp.key'),  # private part\n    'cert_file': path.join(CERTS_DIR, 'sp.crt'),  # public part\n}],\n\n'valid_for': 24,  # how long is our metadata valid\n

          }

          ```

          "},{"location":"config/config_seafile_with_ADFS/#config-adfs-server","title":"Config ADFS Server","text":"
          1. Add Relying Party Trust

          Relying Party Trust is the connection between Seafile and ADFS.

          1. Log into the ADFS server and open the ADFS management.

          2. Double click Trust Relationships, then right click Relying Party Trusts, select Add Relying Party Trust\u2026.

          3. Select Import data about the relying party published online or one a local network, input https://demo.seafile.com/saml2/metadata/ in the Federation metadata address.

          4. Then Next until Finish.

          5. Add Relying Party Claim Rules

          Relying Party Claim Rules is used for attribute communication between Seafile and users in Windows Domain.

          Important: Users in Windows domain must have the E-mail value setted.

          1. Right-click on the relying party trust and select Edit Claim Rules...

          2. On the Issuance Transform Rules tab select Add Rules...

          3. Select Send LDAP Attribute as Claims as the claim rule template to use.

          4. Give the claim a name such as LDAP Attributes.

          5. Set the Attribute Store to Active Directory, the LDAP Attribute to E-Mail-Addresses, and the Outgoing Claim Type to E-mail Address.

          6. Select Finish.

          7. Click Add Rule... again.

          8. Select Transform an Incoming Claim.

          9. Give it a name such as Email to Name ID.

          10. Incoming claim type should be E-mail Address (it must match the Outgoing Claim Type in rule #1).

          11. The Outgoing claim type is Name ID (this is required in Seafile settings policy 'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS).

          12. the Outgoing name ID format is Email.

          13. Pass through all claim values and click Finish.

          • https://support.zendesk.com/hc/en-us/articles/203663886-Setting-up-single-sign-on-using-Active-Directory-with-ADFS-and-SAML-Plus-and-Enterprise-

          • http://wiki.servicenow.com/?title=Configuring_ADFS_2.0_to_Communicate_with_SAML_2.0#gsc.tab=0

          • https://github.com/rohe/pysaml2/blob/master/src/saml2/saml.py

          "},{"location":"config/customize_email_notifications/","title":"Customize Email Notifications","text":"

          Note: Subject line may vary between different releases, this is based on Release 2.0.1. Restart Seahub so that your changes take effect.

          "},{"location":"config/customize_email_notifications/#user-reset-hisher-password","title":"User reset his/her password","text":"

          Subject

          seahub/seahub/auth/forms.py line:103

          Body

          seahub/seahub/templates/registration/password_reset_email.html

          Note: You can copy password_reset_email.html to seahub-data/custom/templates/registration/password_reset_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

          "},{"location":"config/customize_email_notifications/#system-admin-add-new-member","title":"System admin add new member","text":"

          Subject

          seahub/seahub/views/sysadmin.py line:424

          Body

          seahub/seahub/templates/sysadmin/user_add_email.html

          Note: You can copy user_add_email.html to seahub-data/custom/templates/sysadmin/user_add_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

          "},{"location":"config/customize_email_notifications/#system-admin-reset-user-password","title":"System admin reset user password","text":"

          Subject

          seahub/seahub/views/sysadmin.py line:368

          Body

          seahub/seahub/templates/sysadmin/user_reset_email.html

          Note: You can copy user_reset_email.html to seahub-data/custom/templates/sysadmin/user_reset_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

          "},{"location":"config/customize_email_notifications/#user-send-filefolder-share-link","title":"User send file/folder share link","text":"

          Subject

          seahub/seahub/share/views.py line:668

          Body

          seahub/seahub/templates/shared_link_email.html

          "},{"location":"config/details_about_file_search/","title":"Details about File Search","text":""},{"location":"config/details_about_file_search/#search-options","title":"Search Options","text":"

          The following options can be set in seafevents.conf to control the behaviors of file search. You need to restart seafile and seahub to make them take effect.

          [INDEX FILES]\n## must be \"true\" to enable search\nenabled = true\n\n## The interval the search index is updated. Can be s(seconds), m(minutes), h(hours), d(days)\ninterval=10m\n\n## this is for improving the search speed\nhighlight = fvh                              \n\n## If true, indexes the contents of office/pdf files while updating search index\n## Note: If you change this option from \"false\" to \"true\", then you need to clear the search index and update the index again.\nindex_office_pdf=false\n\n## From 9.0.7 pro, Seafile supports connecting to Elasticsearch through username and password, you need to configure username and password for the Elasticsearch server\nusername = elastic           # username to connect to Elasticsearch\npassword = elastic_password  # password to connect to Elasticsearch\n\n## From 9.0.7 pro, Seafile supports connecting to elasticsearch via HTTPS, you need to configure HTTPS for the Elasticsearch server\nscheme = https               # The default is http. If the Elasticsearch server is not configured with HTTPS, the scheme and cafile do not need to be configured\ncafile = path/to/cert.pem    # The certificate path for user authentication. If the Elasticsearch server does not enable certificate authentication, do not need to be configured\n\n## From version 11.0.5 Pro, you can custom ElasticSearch index names for distinct instances when intergrating multiple Seafile servers to a single ElasticSearch Server.\nrepo_status_index_name = your-repo-status-index-name  # default is `repo_head`\nrepo_files_index_name = your-repo-files-index-name    # default is `repofiles`\n
          "},{"location":"config/details_about_file_search/#enable-full-text-search-for-officepdf-files","title":"Enable full text search for Office/PDF files","text":"

          Full text search is not enabled by default to save system resources. If you want to enable it, you need to follow the instructions below.

          "},{"location":"config/details_about_file_search/#modify-seafeventsconf","title":"Modify seafevents.conf","text":"Deploy in DockerDeploy from binary packages 
          cd /opt/seafile-data/seafile/conf\nnano seafevents.conf\n
          cd /opt/seafile/conf\nnano seafevents.conf\n

          set index_office_pdf to true

          ...\n[INDEX FILES]\n...\nindex_office_pdf=true\n...\n
          "},{"location":"config/details_about_file_search/#restart-seafile-server","title":"Restart Seafile server","text":"Deploy in DockerDeploy from binary packages 
          docker exec -it seafile bash\ncd /scripts\n./seafile.sh restart\n\n# delete the existing search index and recreate it\n./pro/pro.py search --clear\n./pro/pro.py search --update\n
          cd /opt/seafile/seafile-server-latest\n./seafile.sh restart\n\n# delete the existing search index and recreate it\n./pro/pro.py search --clear\n./pro/pro.py search --update\n
          "},{"location":"config/details_about_file_search/#common-problems","title":"Common problems","text":""},{"location":"config/details_about_file_search/#how-to-rebuild-the-index-if-something-went-wrong","title":"How to rebuild the index if something went wrong","text":"

          You can rebuild search index by running:

          Deploy in DockerDeploy from binary packages 
          docker exec -it seafile bash\ncd /scripts\n./pro/pro.py search --clear\n./pro/pro.py search --update\n
          cd /opt/seafile/seafile-server-latest\n./pro/pro.py search --clear\n./pro/pro.py search --update\n

          Tip

          If this does not work, you can try the following steps:

          1. Stop Seafile
          2. Remove the old search index rm -rf pro-data/search
          3. Restart Seafile
          4. Wait one minute then run ./pro/pro.py search --update
          "},{"location":"config/details_about_file_search/#access-the-aws-elasticsearch-service-using-https","title":"Access the AWS elasticsearch service using HTTPS","text":"

          1. Create an elasticsearch service on AWS according to the documentation.

          2. Configure the seafevents.conf:

          [INDEX FILES]\nenabled = true\ninterval = 10m\nindex_office_pdf=true\nes_host = your domain endpoint(for example, https://search-my-domain.us-east-1.es.amazonaws.com)\nes_port = 443\nscheme = https\nusername = master user\npassword = password\nhighlight = fvh\nrepo_status_index_name = your-repo-status-index-name  # default is `repo_head`\nrepo_files_index_name = your-repo-files-index-name    # default is `repofiles`\n

          Note

          The version of the Python third-party package elasticsearch cannot be greater than 7.14.0, otherwise the elasticsearch service cannot be accessed: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/samplecode.html#client-compatibility, https://github.com/elastic/elasticsearch-py/pull/1623.

          "},{"location":"config/details_about_file_search/#i-get-no-result-when-i-search-a-keyword","title":"I get no result when I search a keyword","text":"

          The search index is updated every 10 minutes by default. So before the first index update is performed, you get nothing no matter what you search.

          To be able to search immediately,

          • Make sure you have started Seafile Server
          • Update the search index manually:
          Deploy in DockerDeploy from binary packages 
          docker exec -it seafile bash\ncd /scripts\n./pro/pro.py search --update\n
          cd /opt/seafile/seafile-server-latest\n./pro/pro.py search --update\n
          "},{"location":"config/details_about_file_search/#encrypted-files-cannot-be-searched","title":"Encrypted files cannot be searched","text":"

          This is because the server cannot index encrypted files, since they are encrypted.

          "},{"location":"config/details_about_file_search/#increase-the-heap-size-for-the-java-search-process","title":"Increase the heap size for the java search process","text":"

          The search functionality is based on Elasticsearch, which is a java process. You can modify the memory size by modifying the jvm configuration file. For example, modify to 2G memory. Modify the following configuration in the seafile-server-latest/pro/elasticsearch/config/jvm.options file:

          -Xms2g # Minimum available memory\n-Xmx2g # Maximum available memory\n### It is recommended to set the values of the above two configurations to the same size.\n

          Restart the seafile service to make the above changes take effect:

          Deploy in DockerDeploy from binary packages 
          docker compose restart\n
          cd /opt/seafile/seafile-server-latest\n./seafile.sh restart\n./seahub.sh restart\n
          "},{"location":"config/env/","title":".env","text":"

          The .env file will be used to specify the components used by the Seafile-docker instance and the environment variables required by each component. The default contents list in below

          COMPOSE_FILE='seafile-server.yml,caddy.yml'\nCOMPOSE_PATH_SEPARATOR=','\n\n\nSEAFILE_IMAGE=docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest\nSEAFILE_DB_IMAGE=mariadb:10.11\nSEAFILE_MEMCACHED_IMAGE=memcached:1.6.29\nSEAFILE_ELASTICSEARCH_IMAGE=elasticsearch:8.15.0 # pro edition only\nSEAFILE_CADDY_IMAGE=lucaslorentz/caddy-docker-proxy:2.9\n\nSEAFILE_VOLUME=/opt/seafile-data\nSEAFILE_MYSQL_VOLUME=/opt/seafile-mysql/db\nSEAFILE_ELASTICSEARCH_VOLUME=/opt/seafile-elasticsearch/data # pro edition only\nSEAFILE_CADDY_VOLUME=/opt/seafile-caddy\n\nSEAFILE_MYSQL_DB_HOST=db\nINIT_SEAFILE_MYSQL_ROOT_PASSWORD=ROOT_PASSWORD\nSEAFILE_MYSQL_DB_USER=seafile\nSEAFILE_MYSQL_DB_PASSWORD=PASSWORD\n\nTIME_ZONE=Etc/UTC\n\nJWT_PRIVATE_KEY=\n\nSEAFILE_SERVER_HOSTNAME=example.seafile.com\nSEAFILE_SERVER_PROTOCOL=https\n\nINIT_SEAFILE_ADMIN_EMAIL=me@example.com\nINIT_SEAFILE_ADMIN_PASSWORD=asecret\n\n\nSEADOC_IMAGE=seafileltd/sdoc-server:1.0-latest\nSEADOC_VOLUME=/opt/seadoc-data\n\nENABLE_SEADOC=false\nSEADOC_SERVER_URL=http://example.seafile.com/sdoc-server\n
          "},{"location":"config/env/#seafile-docker-configurations","title":"Seafile-docker configurations","text":""},{"location":"config/env/#components-configurations","title":"Components configurations","text":"
          • COMPOSE_FILE: .yml files for components of Seafile-docker, each .yml must be separated by the symbol defined in COMPOSE_PATH_SEPARATOR. The core components are involved in seafile-server.yml and caddy.yml which must be taken in this term.
          • COMPOSE_PATH_SEPARATOR: The symbol used to separate the .yml files in term COMPOSE_FILE, default is ','.
          "},{"location":"config/env/#docker-images-configurations","title":"Docker images configurations","text":"
          • SEAFILE_IMAGE: The image of Seafile-server, default is docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest.
          • SEAFILE_DB_IMAGE: Database server image, default is mariadb:10.11.
          • SEAFILE_MEMCACHED_IMAGE: Cached server image, default is memcached:1.6.29
          • SEAFILE_ELASTICSEARCH_IMAGE: Only valid in pro edition. The elasticsearch image, default is elasticsearch:8.15.0.
          • SEAFILE_CADDY_IMAGE: Caddy server image, default is lucaslorentz/caddy-docker-proxy:2.9.
          • SEADOC_IMAGE: Only valid after integrating SeaDoc. SeaDoc server image, default is seafileltd/sdoc-server:1.0-latest.
          "},{"location":"config/env/#persistent-volume-configurations","title":"Persistent Volume Configurations","text":"
          • SEAFILE_VOLUME: The volume directory of Seafile data, default is /opt/seafile-data.
          • SEAFILE_MYSQL_VOLUME: The volume directory of MySQL data, default is /opt/seafile-mysql/db.
          • SEAFILE_CADDY_VOLUME: The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's, default is /opt/seafile-caddy.
          • SEAFILE_ELASTICSEARCH_VOLUME: Only valid in pro edition. The volume directory of Elasticsearch data, default is /opt/seafile-elasticsearch/data.
          • SEADOC_VOLUME: Only valid after integrating SeaDoc. The volume directory of SeaDoc server data, default is /opt/seadoc-data.
          "},{"location":"config/env/#mysql-configurations","title":"MySQL configurations","text":"
          • SEAFILE_MYSQL_DB_HOST: The host address of Mysql, default is the pre-defined service name db in Seafile-docker instance.
          • INIT_SEAFILE_MYSQL_ROOT_PASSWORD: The root password of MySQL.
          • SEAFILE_MYSQL_DB_USER: The user of MySQL (database - user can be found in conf/seafile.conf).
          • SEAFILE_MYSQL_DB_PASSWORD: The user seafile password of MySQL.
          "},{"location":"config/env/#seafile-server-configurations","title":"Seafile-server configurations","text":"
          • SEAFILE_MYSQL_DB_PASSWORD: The user seafile password of MySQL
          • JWT: JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters, generate example: pwgen -s 40 1
          • SEAFILE_SERVER_HOSTNAME: Seafile server hostname or domain
          • SEAFILE_SERVER_PROTOCOL: Seafile server protocol (http or https)
          • TIME_ZONE: Time zone (default UTC)
          • INIT_SEAFILE_ADMIN_EMAIL: Admin username
          • INIT_SEAFILE_ADMIN_PASSWORD: Admin password
          "},{"location":"config/env/#seadoc-configurations-only-valid-after-integrating-seadoc","title":"SeaDoc configurations (only valid after integrating SeaDoc)","text":"
          • ENABLE_SEADOC: Enable the SeaDoc server or not, default is false.
          • SEADOC_SERVER_URL: Only valid in ENABLE_SEADOC=true. Url of Seadoc server (e.g., http://example.seafile.com/sdoc-server).
          "},{"location":"config/ldap_in_11.0_ce/","title":"Configure Seafile to use LDAP","text":"

          This documentation is for the Community Edition. If you're using Pro Edition, please refer to the Seafile Pro documentation

          "},{"location":"config/ldap_in_11.0_ce/#how-does-ldap-user-management-work-in-seafile","title":"How does LDAP User Management work in Seafile","text":"

          When Seafile is integrated with LDAP, users in the system can be divided into two tiers:

          • Users within Seafile's internal user database. Some attributes are attached to these users, such as whether it's a system admin user, whether it's activated.

          • Users in LDAP server. These are all the intended users of Seafile inside the LDAP server. Seafile doesn't manipulate these users directly. It has to import them into its internal database before setting attributes on them.

          When Seafile counts the number of users in the system, it only counts the activated users in its internal database.

          "},{"location":"config/ldap_in_11.0_ce/#basic-ldap-integration","title":"Basic LDAP Integration","text":"

          The only requirement for Seafile to use LDAP for authentication is that there must be a unique identifier for each user in the LDAP server. This id should also be user-friendly as the users will use it as username when login. Below are some usual options for this unique identifier:

          • Email address: this is the most common choice. Most organizations assign unique email address for each member.
          • UserPrincipalName: this is a user attribute only available in Active Directory. It's format is user-login-name@domain-name, e.g. john@example.com. It's not a real email address, but it works fine as the unique identifier.

          The identifier is stored in table social_auth_usersocialauth to map the identifier to internal user ID in Seafile. When this ID is changed in LDAP for a user, you only need to update social_auth_usersocialauth table

          "},{"location":"config/ldap_in_11.0_ce/#basic-configuration-items","title":"Basic configuration items","text":"

          Add the following options to seahub_settings.py. Examples are as follows:

          ENABLE_LDAP = True\nLDAP_SERVER_URL = 'ldap://192.168.0.1'       \nLDAP_BASE_DN = 'ou=test,dc=seafile,dc=ren'                     \nLDAP_ADMIN_DN = 'administrator@example.com'  \nLDAP_ADMIN_PASSWORD = 'yourpassword'         \nLDAP_PROVIDER = 'ldap'                                     \nLDAP_LOGIN_ATTR = 'email'                                                            \nLDAP_CONTACT_EMAIL_ATTR = ''                \nLDAP_USER_ROLE_ATTR = ''                     \nLDAP_USER_FIRST_NAME_ATTR = 'givenName'     \nLDAP_USER_LAST_NAME_ATTR = 'sn'              \nLDAP_USER_NAME_REVERSE = False               \nLDAP_FILTER = 'memberOf=CN=testgroup,OU=test,DC=seafile,DC=ren' \n

          Meaning of some options:

          variable description LDAP_SERVER_URL The URL of LDAP server LDAP_BASE_DN The root node of users who can log in to Seafile in the LDAP server LDAP_ADMIN_DN DN of the administrator used to query the LDAP server for information. For OpenLDAP, it may be cn=admin,dc=example,dc=com LDAP_ADMIN_PASSWORD Password of LDAP_ADMIN_DN LDAP_PROVIDER Identify the source of the user, used in the table social_auth_usersocialauth, defaults to 'ldap' LDAP_LOGIN_ATTR User's attribute used to log in to Seafile. It should be a unique identifier for the user in LDAP server. Learn more about this id from the descriptions at the beginning of this section. LDAP_CONTACT_EMAIL_ATTR LDAP user's contact_email attribute LDAP_USER_ROLE_ATTR LDAP user's role attribute LDAP_USER_FIRST_NAME_ATTR Attribute for user's first name. It's \"givenName\" by default. LDAP_USER_LAST_NAME_ATTR Attribute for user's last name. It's \"sn\" by default. LDAP_USER_NAME_REVERSE In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it. LDAP_FILTER Additional filter conditions. Users who meet the filter conditions can log in, otherwise they cannot log in.

          Tips for choosing LDAP_BASE_DN and LDAP_ADMIN_DN:

          • To determine the LDAP_BASE_DN, you first have to navigate your organization hierachy on the domain controller GUI.

            • If you want to allow all users to use Seafile, you can use cn=users,dc=yourdomain,dc=com as LDAP_BASE_DN (with proper adjustment for your own needs).

            • If you want to limit users to a certain OU (Organization Unit), you run dsquery command on the domain controller to find out the DN for this OU. For example, if the OU is staffs, you can run dsquery ou -name staff. More information can be found here.

          • AD supports user@domain.name format for the LDAP_ADMIN_DN option. For example you can use administrator@example.com for LDAP_ADMIN_DN. Sometime the domain controller doesn't recognize this format. You can still use dsquery command to find out user's DN. For example, if the user name is 'seafileuser', run dsquery user -name seafileuser. More information here.

          "},{"location":"config/ldap_in_11.0_ce/#advanced-ldap-integration-options","title":"Advanced LDAP Integration Options","text":""},{"location":"config/ldap_in_11.0_ce/#multiple-base","title":"Multiple BASE","text":"

          Multiple base DN is useful when your company has more than one OUs to use Seafile. You can specify a list of base DN in the LDAP_BASE_DN option. The DNs are separated by \";\", e.g.

          LDAP_BASE_DN = 'ou=developers,dc=example,dc=com;ou=marketing,dc=example,dc=com'\n
          "},{"location":"config/ldap_in_11.0_ce/#additional-search-filter","title":"Additional Search Filter","text":"

          Search filter is very useful when you have a large organization but only a portion of people want to use Seafile. The filter can be given by setting LDAP_FILTER option. The value of this option follows standard LDAP search filter syntax (https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx).

          The final filter used for searching for users is (&($LOGIN_ATTR=*)($LDAP_FILTER)). $LOGIN_ATTR and $LDAP_FILTER will be replaced by your option values.

          For example, add below option to seahub_settings.py:

          LDAP_FILTER = 'memberOf=CN=group,CN=developers,DC=example,DC=com'\n

          The final search filter would be (&(mail=*)(memberOf=CN=group,CN=developers,DC=example,DC=com))

          Note that the case of attribute names in the above example is significant. The memberOf attribute is only available in Active Directory.

          "},{"location":"config/ldap_in_11.0_ce/#limiting-seafile-users-to-a-group-in-active-directory","title":"Limiting Seafile Users to a Group in Active Directory","text":"

          You can use the LDAP_FILTER option to limit user scope to a certain AD group.

          1. First, you should find out the DN for the group. Again, we'll use the dsquery command on the domain controller. For example, if group name is 'seafilegroup', run dsquery group -name seafilegroup.

          2. Add below option to seahub_settings.py:

          LDAP_FILTER = 'memberOf={output of dsquery command}'\n
          "},{"location":"config/ldap_in_11.0_ce/#using-tls-connection-to-ldap-server","title":"Using TLS connection to LDAP server","text":"

          If your LDAP service supports TLS connections, you can configure LDAP_SERVER_URL as the access address of the ldaps protocol to use TLS to connect to the LDAP service, for example:

          LDAP_SERVER_URL = 'ldaps://192.168.0.1:636/'\n
          "},{"location":"config/ldap_in_11.0_pro/","title":"Configure Seafile Pro Edition to use LDAP","text":""},{"location":"config/ldap_in_11.0_pro/#how-does-ldap-user-management-work-in-seafile","title":"How does LDAP User Management work in Seafile","text":"

          When Seafile is integrated with LDAP, users in the system can be divided into two tiers:

          • Users within Seafile's internal user database. Some attributes are attached to these users, such as whether it's a system admin user, whether it's activated.

          • Users in LDAP server. These are all the intended users of Seafile inside the LDAP server. Seafile doesn't manipulate these users directly. It has to import them into its internal database before setting attributes on them.

          When Seafile counts the number of users in the system, it only counts the activated users in its internal database.

          "},{"location":"config/ldap_in_11.0_pro/#basic-ldap-integration","title":"Basic LDAP Integration","text":"

          The only requirement for Seafile to use LDAP for authentication is that there must be a unique identifier for each user in the LDAP server. This id should also be user-friendly as the users will use it as username when login. Below are some usual options for this unique identifier:

          • Email address: this is the most common choice. Most organizations assign unique email address for each member.
          • UserPrincipalName: this is a user attribute only available in Active Directory. It's format is user-login-name@domain-name, e.g. john@example.com. It's not a real email address, but it works fine as the unique identifier.

          The identifier is stored in table social_auth_usersocialauth to map the identifier to internal user ID in Seafile. When this ID is changed in LDAP for a user, you only need to update social_auth_usersocialauth table

          "},{"location":"config/ldap_in_11.0_pro/#integration-configuration","title":"Integration Configuration","text":"

          Add the following options to seahub_settings.py. Examples are as follows:

          ENABLE_LDAP = True\nLDAP_SERVER_URL = 'ldap://192.168.0.1'       \nLDAP_BASE_DN = 'ou=test,dc=seafile,dc=ren'                     \nLDAP_ADMIN_DN = 'administrator@example.com'  \nLDAP_ADMIN_PASSWORD = 'yourpassword'         \nLDAP_PROVIDER = 'ldap'                                     \nLDAP_LOGIN_ATTR = 'email'                                                            \nLDAP_CONTACT_EMAIL_ATTR = ''                \nLDAP_USER_ROLE_ATTR = ''                     \nLDAP_USER_FIRST_NAME_ATTR = 'givenName'     \nLDAP_USER_LAST_NAME_ATTR = 'sn'              \nLDAP_USER_NAME_REVERSE = False               \nLDAP_FILTER = 'memberOf=CN=testgroup,OU=test,DC=seafile,DC=ren' \n

          Meaning of some options:

          variable description LDAP_SERVER_URL The URL of LDAP server LDAP_BASE_DN The root node of users who can log in to Seafile in the LDAP server LDAP_ADMIN_DN DN of the administrator used to query the LDAP server for information. For OpenLDAP, it may be cn=admin,dc=example,dc=com LDAP_ADMIN_PASSWORD Password of LDAP_ADMIN_DN LDAP_PROVIDER Identify the source of the user, used in the table social_auth_usersocialauth, defaults to 'ldap' LDAP_LOGIN_ATTR User's attribute used to log in to Seafile. It should be a unique identifier for the user in LDAP server. Learn more about this id from the descriptions at the beginning of this section. LDAP_CONTACT_EMAIL_ATTR LDAP user's contact_email attribute LDAP_USER_ROLE_ATTR LDAP user's role attribute LDAP_USER_FIRST_NAME_ATTR Attribute for user's first name. It's \"givenName\" by default. LDAP_USER_LAST_NAME_ATTR Attribute for user's last name. It's \"sn\" by default. LDAP_USER_NAME_REVERSE In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it. LDAP_FILTER Additional filter conditions. Users who meet the filter conditions can log in, otherwise they cannot log in.

          Tips for choosing LDAP_BASE_DN and LDAP_ADMIN_DN:

          • To determine the LDAP_BASE_DN, you first have to navigate your organization hierachy on the domain controller GUI.

            • If you want to allow all users to use Seafile, you can use cn=users,dc=yourdomain,dc=com as LDAP_BASE_DN (with proper adjustment for your own needs).

            • If you want to limit users to a certain OU (Organization Unit), you run dsquery command on the domain controller to find out the DN for this OU. For example, if the OU is staffs, you can run dsquery ou -name staff. More information can be found here.

          • AD supports user@domain.name format for the LDAP_ADMIN_DN option. For example you can use administrator@example.com for LDAP_ADMIN_DN. Sometime the domain controller doesn't recognize this format. You can still use dsquery command to find out user's DN. For example, if the user name is 'seafileuser', run dsquery user -name seafileuser. More information here.

          "},{"location":"config/ldap_in_11.0_pro/#setting-up-ldap-user-sync-optional","title":"Setting Up LDAP User Sync (optional)","text":"

          In Seafile Pro, except for importing users into internal database when they log in, you can also configure Seafile to periodically sync user information from LDAP server into the internal database.

          User's full name, department and contact email address can be synced to internal database. Users can use this information to more easily search for a specific user. User's Windows or Unix login id can be synced to the internal database. This allows the user to log in with its familiar login id. When a user is removed from LDAP, the corresponding user in Seafile will be deactivated. Otherwise, he could still sync files with Seafile client or access the web interface. After synchronization is complete, you can see the user's full name, department and contact email on its profile page.

          "},{"location":"config/ldap_in_11.0_pro/#sync-configuration-items","title":"Sync configuration items","text":"

          Add the following options to seahub_settings.py. Examples are as follows:

          # Basic configuration items\nENABLE_LDAP = True\n......\n\n# ldap user sync options.\nLDAP_SYNC_INTERVAL = 60                  \nENABLE_LDAP_USER_SYNC = True             \nLDAP_USER_OBJECT_CLASS = 'person'\nLDAP_DEPT_ATTR = ''                      \nLDAP_UID_ATTR = ''                               \nLDAP_AUTO_REACTIVATE_USERS = True        \nLDAP_USE_PAGED_RESULT = False           \nIMPORT_NEW_USER = True                   \nACTIVATE_USER_WHEN_IMPORT = True         \nDEACTIVE_USER_IF_NOTFOUND = False        \nENABLE_EXTRA_USER_INFO_SYNC = True       \n

          Meaning of some options:

          Variable Description LDAP_SYNC_INTERVAL The interval to sync. Unit is minutes. Defaults to 60 minutes. ENABLE_LDAP_USER_SYNC set to \"true\" if you want to enable ldap user synchronization LDAP_USER_OBJECT_CLASS This is the name of the class used to search for user objects. In Active Directory, it's usually \"person\". The default value is \"person\". LDAP_DEPT_ATTR Attribute for department info. LDAP_UID_ATTR Attribute for Windows login name. If this is synchronized, users can also log in with their Windows login name. In AD, the attribute sAMAccountName can be used as UID_ATTR. The attribute will be stored as login_id in Seafile (in seahub_db.profile_profile table). LDAP_AUTO_REACTIVATE_USERS Whether to auto activate deactivated user, default by 'true' LDAP_USE_PAGED_RESULT Whether to use pagination extension. It is useful when you have more than 1000 users in LDAP server. IMPORT_NEW_USER Whether to import new users when sync user. ACTIVE_USER_WHEN_IMPORT Whether to activate the user automatically when imported. DEACTIVE_USER_IF_NOTFOUND set to \"true\" if you want to deactivate a user when he/she was deleted in AD server. ENABLE_EXTRA_USER_INFO_SYNC Enable synchronization of additional user information, including user's full name, department, and Windows login name, etc."},{"location":"config/ldap_in_11.0_pro/#importing-users-without-activating-them","title":"Importing Users without Activating Them","text":"

          The users imported with the above configuration will be activated by default. For some organizations with large number of users, they may want to import user information (such as user full name) without activating the imported users. Activating all imported users will require licenses for all users in LDAP, which may not be affordable.

          Seafile provides a combination of options for such use case. You can modify below option in seahub_settings.py:

          ACTIVATE_USER_WHEN_IMPORT = False\n

          This prevents Seafile from activating imported users. Then, add below option to seahub_settings.py:

          ACTIVATE_AFTER_FIRST_LOGIN = True\n

          This option will automatically activate users when they login to Seafile for the first time.

          "},{"location":"config/ldap_in_11.0_pro/#reactivating-users","title":"Reactivating Users","text":"

          When you set the DEACTIVE_USER_IF_NOTFOUND option, a user will be deactivated when he/she is not found in LDAP server. By default, even after this user reappears in the LDAP server, it won't be reactivated automatically. This is to prevent auto reactivating a user that was manually deactivated by the system admin.

          However, sometimes it's desirable to auto reactivate such users. You can modify below option in seahub_settings.py:

          LDAP_AUTO_REACTIVATE_USERS = True\n
          "},{"location":"config/ldap_in_11.0_pro/#manually-trigger-synchronization","title":"Manually Trigger Synchronization","text":"

          To test your LDAP sync configuration, you can run the sync command manually.

          To trigger LDAP sync manually:

          cd seafile-server-latest\n./pro/pro.py ldapsync\n

          For Seafile Docker

          docker exec -it seafile /opt/seafile/seafile-server-latest/pro/pro.py ldapsync\n
          "},{"location":"config/ldap_in_11.0_pro/#setting-up-ldap-group-sync-optional","title":"Setting Up LDAP Group Sync (optional)","text":""},{"location":"config/ldap_in_11.0_pro/#how-it-works","title":"How It Works","text":"

          The importing or syncing process maps groups from LDAP directory server to groups in Seafile's internal database. This process is one-way.

          • Any changes to groups in the database won't propagate back to LDAP;

          • Any changes to groups in the database, except for \"setting a member as group admin\", will be overwritten in the next LDAP sync operation. If you want to add or delete members, you can only do that on LDAP server.

          • The creator of imported groups will be set to the system admin.

          There are two modes of operation:

          • Periodical: the syncing process will be executed in a fixed interval

          • Manual: there is a script you can run to trigger the syncing once

          "},{"location":"config/ldap_in_11.0_pro/#configuration","title":"Configuration","text":"

          Before enabling LDAP group sync, you should have configured LDAP authentication. See Basic LDAP Integration for details.

          The following are LDAP group sync related options:

          # ldap group sync options.\nENABLE_LDAP_GROUP_SYNC = True            # Whether to enable group sync\nLDAP_GROUP_OBJECT_CLASS = 'group'        # This is the name of the class used to search for group objects.\nLDAP_GROUP_MEMBER_ATTR = 'member'        # The attribute field to use when loading the group's members. \n                                         # For most directory servers, the attributes is \"member\" \n                                         # which is the default value.For \"posixGroup\", it should be set to \"memberUid\".\nLDAP_USER_ATTR_IN_MEMBERUID = 'uid'      # The user attribute set in 'memberUid' option, \n                                         # which is used in \"posixGroup\".The default value is \"uid\".\nLDAP_GROUP_UUID_ATTR = 'objectGUID'      # Used to uniquely identify groups in LDAP\nLDAP_GROUP_FILTER = ''                   # An additional filter to use when searching group objects.\n                                         # If it's set, the final filter used to run search is \"(&(objectClass=GROUP_OBJECT_CLASS)(GROUP_FILTER))\";\n                                         # otherwise the final filter would be \"(objectClass=GROUP_OBJECT_CLASS)\".\nLDAP_USE_GROUP_MEMBER_RANGE_QUERY = False   # When a group contains too many members, \n                                         # AD will only return part of them. Set this option to TRUE\n                                         # to make LDAP sync work with large groups.\nDEL_GROUP_IF_NOT_FOUND = False           # Set to \"true\", sync process will delete the group if not found it in LDAP server.\nLDAP_SYNC_GROUP_AS_DEPARTMENT = False    # Whether to sync groups as top-level departments in Seafile.\n                                         # Learn more about departments in Seafile [here](https://help.seafile.com/sharing_collaboration/departments/).\nLDAP_DEPT_NAME_ATTR = ''                 # Used to get the department name.\n

          Meaning of some options:

          variable description ENABLE_LDAP_GROUP_SYNC Whether to enable group sync. LDAP_GROUP_OBJECT_CLASS This is the name of the class used to search for group objects. LDAP_GROUP_MEMBER_ATTR The attribute field to use when loading the group's members. For most directory servers, the attribute is \"member\" which is the default value. For \"posixGroup\", it should be set to \"memberUid\". LDAP_USER_ATTR_IN_MEMBERUID The user attribute set in 'memberUid' option, which is used in \"posixGroup\". The default value is \"uid\". LDAP_GROUP_UUID_ATTR Used to uniquely identify groups in LDAP. LDAP_GROUP_FILTER An additional filter to use when searching group objects. If it's set, the final filter used to run search is (&(objectClass=GROUP_OBJECT_CLASS)(GROUP_FILTER)); otherwise the final filter would be (objectClass=GROUP_OBJECT_CLASS). LDAP_USER_GROUP_MEMBER_RANGE_QUERY When a group contains too many members, AD will only return part of them. Set this option to TRUE to make LDAP sync work with large groups. DEL_GROUP_IF_NOT_FOUND Set to \"true\", sync process will delete the group if not found in the LDAP server. LDAP_SYNC_GROUP_AS_DEPARTMENT Whether to sync groups as top-level departments in Seafile. Learn more about departments in Seafile here. LDAP_DEPT_NAME_ATTR Used to get the department name.

          Tip

          • The search base for groups is the option LDAP_BASE_DN.

          • Some LDAP server, such as Active Directory, allows a group to be a member of another group. This is called \"group nesting\". If we find a nested group B in group A, we should recursively add all the members from group B into group A. And group B should still be imported a separate group. That is, all members of group B are also members in group A.

          • In some LDAP server, such as OpenLDAP, it's common practice to use Posix groups to store group membership. To import Posix groups as Seafile groups, set LDAP_GROUP_OBJECT_CLASS option to posixGroup. A posixGroup object in LDAP usually contains a multi-value attribute for the list of member UIDs. The name of this attribute can be set with the LDAP_GROUP_MEMBER_ATTR option. It's MemberUid by default. The value of the MemberUid attribute is an ID that can be used to identify a user, which corresponds to an attribute in the user object. The name of this ID attribute is usually uid, but can be set via the LDAP_USER_ATTR_IN_MEMBERUID option. Note that posixGroup doesn't support nested groups.

          "},{"location":"config/ldap_in_11.0_pro/#sync-ou-as-departments","title":"Sync OU as Departments","text":"

          A department in Seafile is a special group. In addition to what you can do with a group, there are two key new features for departments:

          • Department supports hierarchy. A department can have any levels of sub-departments.

          • Department can have storage quota.

          Seafile supports syncing OU (Organizational Units) from AD/LDAP to departments. The sync process keeps the hierarchical structure of the OUs.

          Options for syncing departments from OU:

          LDAP_SYNC_DEPARTMENT_FROM_OU = True      # Whether to enable sync departments from OU.\nLDAP_DEPT_NAME_ATTR = 'description'      # Used to get the department name.\nLDAP_CREATE_DEPARTMENT_LIBRARY = False   # If you decide to sync the group as a department,\n                                         # you can set this option to \"true\". In this way, when \n                                         # the group is synchronized for the first time, a library\n                                         # is automatically created for the department, and the \n                                         # library's name is the department's name.\nLDAP_DEPT_REPO_PERM = 'rw'               # Set the permissions of the department repo, default permission is 'rw'.\nLDAP_DEFAULT_DEPARTMENT_QUOTA = -2       # You can set a default space quota for each department\n                                         # when you synchronize a group for the first time. The \n                                         # quota is set to unlimited if this option is not set.\n                                         # Unit is MB.\nDEL_DEPARTMENT_IF_NOT_FOUND = False      # Set to \"true\", sync process will deleted the department if not found it in LDAP server.\n
          "},{"location":"config/ldap_in_11.0_pro/#periodical-and-manual-sync","title":"Periodical and Manual Sync","text":"

          Periodical sync won't happen immediately after you restart seafile server. It gets scheduled after the first sync interval. For example if you set sync interval to 30 minutes, the first auto sync will happen after 30 minutes you restarts. To sync immediately, you need to manually trigger it.

          After the sync is run, you should see log messages like the following in logs/seafevents.log. And you should be able to see the groups in system admin page.

          [2023-03-30 18:15:05,109] [DEBUG] create group 1, and add dn pair CN=DnsUpdateProxy,CN=Users,DC=Seafile,DC=local<->1 success.\n[2023-03-30 18:15:05,145] [DEBUG] create group 2, and add dn pair CN=Domain Computers,CN=Users,DC=Seafile,DC=local<->2 success.\n[2023-03-30 18:15:05,154] [DEBUG] create group 3, and add dn pair CN=Domain Users,CN=Users,DC=Seafile,DC=local<->3 success.\n[2023-03-30 18:15:05,164] [DEBUG] create group 4, and add dn pair CN=Domain Admins,CN=Users,DC=Seafile,DC=local<->4 success.\n[2023-03-30 18:15:05,176] [DEBUG] create group 5, and add dn pair CN=RAS and IAS Servers,CN=Users,DC=Seafile,DC=local<->5 success.\n[2023-03-30 18:15:05,186] [DEBUG] create group 6, and add dn pair CN=Enterprise Admins,CN=Users,DC=Seafile,DC=local<->6 success.\n[2023-03-30 18:15:05,197] [DEBUG] create group 7, and add dn pair CN=dev,CN=Users,DC=Seafile,DC=local<->7 success.\n

          To trigger LDAP sync manually,

          cd seafile-server-latest\n./pro/pro.py ldapsync\n

          For Seafile Docker

          docker exec -it seafile /opt/seafile/seafile-server-latest/pro/pro.py ldapsync\n
          "},{"location":"config/ldap_in_11.0_pro/#advanced-ldap-integration-options","title":"Advanced LDAP Integration Options","text":""},{"location":"config/ldap_in_11.0_pro/#multiple-base","title":"Multiple BASE","text":"

          Multiple base DN is useful when your company has more than one OUs to use Seafile. You can specify a list of base DN in the LDAP_BASE_DN option. The DNs are separated by \";\", e.g.

          LDAP_BASE_DN = 'ou=developers,dc=example,dc=com;ou=marketing,dc=example,dc=com'\n
          "},{"location":"config/ldap_in_11.0_pro/#additional-search-filter","title":"Additional Search Filter","text":"

          Search filter is very useful when you have a large organization but only a portion of people want to use Seafile. The filter can be given by setting LDAP_FILTER option. The value of this option follows standard LDAP search filter syntax (https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx).

          The final filter used for searching for users is (&($LOGIN_ATTR=*)($LDAP_FILTER)). $LOGIN_ATTR and $LDAP_FILTER will be replaced by your option values.

          For example, add below option to seahub_settings.py:

          LDAP_FILTER = 'memberOf=CN=group,CN=developers,DC=example,DC=com'\n

          The final search filter would be (&(mail=*)(memberOf=CN=group,CN=developers,DC=example,DC=com))

          The case of attribute names in the above example is significant. The memberOf attribute is only available in Active Directory

          "},{"location":"config/ldap_in_11.0_pro/#limiting-seafile-users-to-a-group-in-active-directory","title":"Limiting Seafile Users to a Group in Active Directory","text":"

          You can use the LDAP_FILTER option to limit user scope to a certain AD group.

          1. First, you should find out the DN for the group. Again, we'll use the dsquery command on the domain controller. For example, if group name is 'seafilegroup', run dsquery group -name seafilegroup.

          2. Add below option to seahub_settings.py:

          LDAP_FILTER = 'memberOf={output of dsquery command}'\n
          "},{"location":"config/ldap_in_11.0_pro/#using-tls-connection-to-ldap-server","title":"Using TLS connection to LDAP server","text":"

          If your LDAP service supports TLS connections, you can configure LDAP_SERVER_URL as the access address of the ldaps protocol to use TLS to connect to the LDAP service, for example:

          LDAP_SERVER_URL = 'ldaps://192.168.0.1:636/'\n
          "},{"location":"config/ldap_in_11.0_pro/#use-paged-results-extension","title":"Use paged results extension","text":"

          LDAP protocol version 3 supports \"paged results\" (PR) extension. When you have large number of users, this option can greatly improve the performance of listing users. Most directory server nowadays support this extension.

          In Seafile Pro Edition, add this option to seahub_settings.py to enable PR:

          LDAP_USE_PAGED_RESULT = True\n
          "},{"location":"config/ldap_in_11.0_pro/#follow-referrals","title":"Follow referrals","text":"

          Seafile Pro Edition supports auto following referrals in LDAP search. This is useful for partitioned LDAP or AD servers, where users may be spreaded on multiple directory servers. For more information about referrals, you can refer to this article.

          To configure, add below option to seahub_settings.py, e.g.:

          LDAP_FOLLOW_REFERRALS = True\n
          "},{"location":"config/ldap_in_11.0_pro/#configure-multi-ldap-servers","title":"Configure Multi-ldap Servers","text":"

          Seafile Pro Edition supports multi-ldap servers, you can configure two ldap servers to work with seafile. Multi-ldap servers mean that, when get or search ldap user, it will iterate all configured ldap servers until a match is found; When listing all ldap users, it will iterate all ldap servers to get all users; For Ldap sync it will sync all user/group info in all configured ldap servers to seafile.

          Currently, only two LDAP servers are supported.

          If you want to use multi-ldap servers, please replace LDAP in the options with MULTI_LDAP_1, and then add them to seahub_settings.py, for example:

          # Basic config options\nENABLE_LDAP = True\n......\n\n# Multi ldap config options\nENABLE_MULTI_LDAP_1 = True\nMULTI_LDAP_1_SERVER_URL = 'ldap://192.168.0.2'\nMULTI_LDAP_1_BASE_DN = 'ou=test,dc=seafile,dc=top'\nMULTI_LDAP_1_ADMIN_DN = 'administrator@example.top'\nMULTI_LDAP_1_ADMIN_PASSWORD = 'Hello@123'\nMULTI_LDAP_1_PROVIDER = 'ldap1'\nMULTI_LDAP_1_LOGIN_ATTR = 'userPrincipalName'\n\n# Optional configs\nMULTI_LDAP_1_USER_FIRST_NAME_ATTR = 'givenName'\nMULTI_LDAP_1_USER_LAST_NAME_ATTR = 'sn'\nMULTI_LDAP_1_USER_NAME_REVERSE = False\nENABLE_MULTI_LDAP_1_EXTRA_USER_INFO_SYNC = True\n\nMULTI_LDAP_1_FILTER = 'memberOf=CN=testgroup,OU=test,DC=seafile,DC=ren' \nMULTI_LDAP_1_USE_PAGED_RESULT = False\nMULTI_LDAP_1_FOLLOW_REFERRALS = True\nENABLE_MULTI_LDAP_1_USER_SYNC = True\nENABLE_MULTI_LDAP_1_GROUP_SYNC = True\nMULTI_LDAP_1_SYNC_DEPARTMENT_FROM_OU = True\n\nMULTI_LDAP_1_USER_OBJECT_CLASS = 'person'\nMULTI_LDAP_1_DEPT_ATTR = ''\nMULTI_LDAP_1_UID_ATTR = ''\nMULTI_LDAP_1_CONTACT_EMAIL_ATTR = ''\nMULTI_LDAP_1_USER_ROLE_ATTR = ''\nMULTI_LDAP_1_AUTO_REACTIVATE_USERS = True\n\nMULTI_LDAP_1_GROUP_OBJECT_CLASS = 'group'\nMULTI_LDAP_1_GROUP_FILTER = ''\nMULTI_LDAP_1_GROUP_MEMBER_ATTR = 'member'\nMULTI_LDAP_1_GROUP_UUID_ATTR = 'objectGUID'\nMULTI_LDAP_1_CREATE_DEPARTMENT_LIBRARY = False\nMULTI_LDAP_1_DEPT_REPO_PERM = 'rw'\nMULTI_LDAP_1_DEFAULT_DEPARTMENT_QUOTA = -2\nMULTI_LDAP_1_SYNC_GROUP_AS_DEPARTMENT = False\nMULTI_LDAP_1_USE_GROUP_MEMBER_RANGE_QUERY = False\nMULTI_LDAP_1_USER_ATTR_IN_MEMBERUID = 'uid'\nMULTI_LDAP_1_DEPT_NAME_ATTR = ''\n......\n

          !!! note: There are still some shared config options are used for all LDAP servers, as follows:

          ```python\n# Common user sync options\nLDAP_SYNC_INTERVAL = 60\nIMPORT_NEW_USER = True                   # Whether to import new users when sync user\nACTIVATE_USER_WHEN_IMPORT = True         # Whether to activate the user when importing new user\nDEACTIVE_USER_IF_NOTFOUND = False        # Set to \"true\" if you want to deactivate a user \n                                        # when he/she was deleted in AD server.\n\n# Common group sync options\nDEL_GROUP_IF_NOT_FOUND = False           # Set to \"true\", sync process will delete the group if not found it in LDAP server.\nDEL_DEPARTMENT_IF_NOT_FOUND = False      # Set to \"true\", sync process will deleted the department if not found it in LDAP server.\n```\n
          "},{"location":"config/ldap_in_11.0_pro/#sso-and-ldap-users-use-the-same-uid","title":"SSO and LDAP users use the same uid","text":"

          If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set

          SSO_LDAP_USE_SAME_UID = True\n

          Here the UID means the unique user ID, in LDAP it is the attribute you use for LDAP_LOGIN_ATTR (not LDAP_UID_ATTR), in ADFS it is uid attribute. You need make sure you use the same attribute for the two settings

          "},{"location":"config/ldap_in_11.0_pro/#importing-roles-from-ldap","title":"Importing Roles from LDAP","text":"

          Seafile Pro Edition supports syncing roles from LDAP or Active Directory.

          To enable this feature, add below option to seahub_settings.py, e.g.

          LDAP_USER_ROLE_ATTR = 'title'\n

          LDAP_USER_ROLE_ATTR is the attribute field to configure roles in LDAP. You can write a custom function to map the role by creating a file seahub_custom_functions.py under conf/ and edit it like:

          # -*- coding: utf-8 -*-\n\n# The AD roles attribute returns a list of roles (role_list).\n# The following function use the first entry in the list.\ndef ldap_role_mapping(role):\n    if 'staff' in role:\n        return 'Staff'\n    if 'guest' in role:\n        return 'Guest'\n    if 'manager' in role:\n        return 'Manager'\n\n# From version 11.0.11-pro, you can define the following function\n# to calculate a role from the role_list.\ndef ldap_role_list_mapping(role_list):\n    if not role_list:\n        return ''\n    for role in role_list:\n        if 'staff' in role:\n            return 'Staff'\n        if 'guest' in role:\n            return 'Guest'\n        if 'manager' in role:\n            return 'Manager'\n

          You should only define one of the two functions

          You can rewrite the function (in python) to make your own mapping rules. If the file or function doesn't exist, the first entry in role_list will be synced.

          "},{"location":"config/multi_institutions/","title":"Multiple Organization/Institution User Management","text":"

          Starting from version 5.1, you can add institutions into Seafile and assign users into institutions. Each institution can have one or more administrators. This feature is to ease user administration when multiple organizations (universities) share a single Seafile instance. Unlike multi-tenancy, the users are not-isolated. A user from one institution can share files with another institution.

          "},{"location":"config/multi_institutions/#turn-on-the-feature","title":"Turn on the feature","text":"

          In seahub_settings.py, add MULTI_INSTITUTION = True to enable multi-institution feature. And add

          Seafile 7.1.22 or olderSeafile 8.0.0 or newer 
          EXTRA_MIDDLEWARE_CLASSES += (\n    'seahub.institutions.middleware.InstitutionMiddleware',\n)\n
          EXTRA_MIDDLEWARE += (\n    'seahub.institutions.middleware.InstitutionMiddleware',\n)\n

          Please replease += to = if EXTRA_MIDDLEWARE_CLASSES or EXTRA_MIDDLEWARE is not defined

          "},{"location":"config/multi_institutions/#add-institutions-and-institution-admins","title":"Add institutions and institution admins","text":"

          After restarting Seafile, a system admin can add institutions by adding institution name in admin panel. He can also click into an institution, which will list all users whose profile.institution match the name.

          "},{"location":"config/multi_institutions/#assign-users-to-institutions","title":"Assign users to institutions","text":"

          If you are using Shibboleth, you can map a Shibboleth attribute into institution. For example, the following configuration maps organization attribute to institution.

          SHIBBOLETH_ATTRIBUTE_MAP = {\n    \"givenname\": (False, \"givenname\"),\n    \"sn\": (False, \"surname\"),\n    \"mail\": (False, \"contact_email\"),\n    \"organization\": (False, \"institution\"),\n}\n
          "},{"location":"config/multi_tenancy/","title":"Multi-Tenancy Support","text":"

          Multi-tenancy feature is designed for hosting providers that what to host several customers in a single Seafile instance. You can create multi-organizations. Organizations is separated from each other. Users can't share libraries between organizations.

          "},{"location":"config/multi_tenancy/#seafile-config","title":"Seafile Config","text":""},{"location":"config/multi_tenancy/#seafileconf","title":"seafile.conf","text":"
          [general]\nmulti_tenancy = true\n
          "},{"location":"config/multi_tenancy/#seahub_settingspy","title":"seahub_settings.py","text":"
          CLOUD_MODE = True\nMULTI_TENANCY = True\n\nORG_MEMBER_QUOTA_ENABLED = True\n\nORG_ENABLE_ADMIN_CUSTOM_NAME = True  # Default is True, meaning organization name can be customized\nORG_ENABLE_ADMIN_CUSTOM_LOGO = False  # Default is False, if set to True, organization logo can be customized\n\nENABLE_MULTI_ADFS = True  # Default is False, if set to True, support per organization custom ADFS/SAML2 login\nLOGIN_REDIRECT_URL = '/saml2/complete/'\nSAML_ATTRIBUTE_MAPPING = {\n    'name': ('display_name', ),\n    'mail': ('contact_email', ),\n    ...\n}\n
          "},{"location":"config/multi_tenancy/#usage","title":"Usage","text":"

          An organization can be created via system admin in \u201cadmin panel->organization->Add organization\u201d.

          Every organization has an URL prefix. This field is for future usage. When a user create an organization, an URL like org1 will be automatically assigned.

          After creating an organization, the first user will become the admin of that organization. The organization admin can add other users. Note, the system admin can't add users.

          "},{"location":"config/multi_tenancy/#adfssaml-single-sign-on-integration-in-multi-tenancy","title":"ADFS/SAML single sign-on integration in multi-tenancy","text":""},{"location":"config/multi_tenancy/#preparation-for-adfssaml","title":"Preparation for ADFS/SAML","text":"

          The system admin has to complete the following works.

          Fisrt, install xmlsec1 package:

          $ apt update\n$ apt install xmlsec1\n

          Second, prepare SP(Seafile) certificate directory and SP certificates:

          Create sp certs dir

          $ mkdir -p /opt/seafile/seahub-data/certs\n

          The SP certificate can be generated by the openssl command, or you can apply to the certificate manufacturer, it is up to you. For example, generate the SP certs using the following command:

          $ cd /opt/seafile/seahub-data/certs\n$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout sp.key -out sp.crt\n

          The days option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly

          Finally, add the following configuration to seahub_settings.py and then restart Seafile:

          ENABLE_MULTI_ADFS = True\nLOGIN_REDIRECT_URL = '/saml2/complete/'\nSAML_ATTRIBUTE_MAPPING = {\n    'name': ('display_name', ),\n    'mail': ('contact_email', ),\n    ...\n}\n

          Note

          • If the xmlsec1 binary is not located in /usr/bin/xmlsec1, you need to add the following configuration in seahub_settings.py:
          SAML_XMLSEC_BINARY_PATH = '/path/to/xmlsec1'\n

          View where the xmlsec1 binary is located:

          $ which xmlsec1\n
          - If certificates are not placed in /opt/seafile/seahub-data/certs, you need to add the following configuration in seahub_settings.py:

          SAML_CERTS_DIR = '/path/to/certs'\n
          "},{"location":"config/multi_tenancy/#integration-with-adfssaml-single-sign-on","title":"Integration with ADFS/SAML single sign-on","text":"

          Please refer to this document.

          "},{"location":"config/oauth/","title":"OAuth Authentication","text":""},{"location":"config/oauth/#oauth","title":"OAuth","text":"

          Since CE version 6.2.3, Seafile supports user login via OAuth.

          Before using OAuth, Seafile administrator should first register an OAuth2 client application on your authorization server, then add some configurations to seahub_settings.py.

          "},{"location":"config/oauth/#register-an-oauth2-client-application","title":"Register an OAuth2 client application","text":"

          Here we use Github as an example. First you should register an OAuth2 client application on Github, official document from Github is very detailed.

          "},{"location":"config/oauth/#configuration","title":"Configuration","text":"

          Add the folllowing configurations to seahub_settings.py:

          ENABLE_OAUTH = True\n\n# If create new user when he/she logs in Seafile for the first time, defalut `True`.\nOAUTH_CREATE_UNKNOWN_USER = True\n\n# If active new user when he/she logs in Seafile for the first time, defalut `True`.\nOAUTH_ACTIVATE_USER_AFTER_CREATION = True\n\n# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an \"oauthlib.oauth2.rfc6749.errors.InsecureTransportError\". Set this to `True` to avoid this error.\nOAUTH_ENABLE_INSECURE_TRANSPORT = True\n\n# Client id/secret generated by authorization server when you register your client application.\nOAUTH_CLIENT_ID = \"your-client-id\"\nOAUTH_CLIENT_SECRET = \"your-client-secret\"\n\n# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.\nOAUTH_REDIRECT_URL = 'http{s}://example.com/oauth/callback/'\n\n# The following should NOT be changed if you are using Github as OAuth provider.\nOAUTH_PROVIDER_DOMAIN = 'github.com' \nOAUTH_PROVIDER = 'github.com'\n\nOAUTH_AUTHORIZATION_URL = 'https://github.com/login/oauth/authorize'\nOAUTH_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nOAUTH_USER_INFO_URL = 'https://api.github.com/user'\nOAUTH_SCOPE = [\"user\",]\nOAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, \"email\"),  # Please keep the 'email' option unchanged to be compatible with the login of users of version 11.0 and earlier.\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),\n    \"uid\": (True, \"uid\"),   # Seafile v11.0 + \n}\n

          More explanations about the settings

          • OAUTH_PROVIDER / OAUTH_PROVIDER_DOMAIN

          OAUTH_PROVIDER_DOMAIN will be deprecated, and it can be replaced by OAUTH_PROVIDER. This variable is used in the database to identify third-party providers, either as a domain or as an easy-to-remember string less than 32 characters.

          • OAUTH_ATTRIBUTE_MAP

          This variables describes which claims from the response of the user info endpoint are to be filled into which attributes of the new Seafile user. The format is showing like below:

          OAUTH_ATTRIBUTE_MAP = {\n    <:Attribute in the OAuth provider>: (<:Is required or not in Seafile?>, <:Attribute in Seafile >)\n}\n

          If the remote resource server, like Github, uses email to identify an unique user too, Seafile will use Github id directorily, the OAUTH_ATTRIBUTE_MAP setting for Github should be like this:

          OAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, \"email\"), # it is deprecated\n    \"uid / id / username\": (True, \"uid\") \n\n    # extra infos you want to update to Seafile\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),  \n}\n

          The key part id stands for an unique identifier of user in Github, this tells Seafile which attribute remote resoure server uses to indentify its user. The value part True stands for if this field is mandatory by Seafile.

          Since 11.0 version, Seafile use uid as the external unique identifier of the user. It stores uid in table social_auth_usersocialauth and map it to internal unique identifier used in Seafile. Different OAuth systems have different attributes, which may be: id or uid or username, etc. And the id/email config id: (True, email) is deprecated.

          If you upgrade from a version below 11.0, you need to have both fields configured, i.e., you configuration should be like:

          OAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, \"email\"),\n    \"uid\": (True, \"uid\") ,\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),  \n}\n

          In this way, when a user login, Seafile will first use \"id -> email\" map to find the old user and then create \"uid -> uid\" map for this old user. After all users login once, you can delete the configuration \"id\": (True, \"email\").

          If you use a newly deployed 11.0 Seafile instance, you don't need the \"id\": (True, \"email\") item. Your configuration should be like:

          OAUTH_ATTRIBUTE_MAP = {\n    \"uid\": (True, \"uid\") ,\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),  \n}\n
          "},{"location":"config/oauth/#sample-settings","title":"Sample settings","text":"GoogleGithubGitLabAzure Cloud 
          ENABLE_OAUTH = True\nOAUTH_ENABLE_INSECURE_TRANSPORT = True\n\nOAUTH_CLIENT_ID = \"your-client-id\"\nOAUTH_CLIENT_SECRET = \"your-client-secret\"\nOAUTH_REDIRECT_URL = 'http{s}://example.com/oauth/callback/'\n\n# The following shoud NOT be changed if you are using Google as OAuth provider.\nOAUTH_PROVIDER_DOMAIN = 'google.com'\nOAUTH_AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\nOAUTH_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token'\nOAUTH_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v1/userinfo'\nOAUTH_SCOPE = [\n    \"openid\",\n    \"https://www.googleapis.com/auth/userinfo.email\",\n    \"https://www.googleapis.com/auth/userinfo.profile\",\n]\nOAUTH_ATTRIBUTE_MAP = {\n    \"sub\": (True, \"uid\"),\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),\n}\n

          Note

          For Github, email is not the unique identifier for an user, but id is in most cases, so we use id as settings example in our manual. As Seafile uses email to identify an unique user account for now, so we combine id and OAUTH_PROVIDER_DOMAIN, which is github.com in your case, to an email format string and then create this account if not exist.

          ENABLE_OAUTH = True\nOAUTH_ENABLE_INSECURE_TRANSPORT = True\n\nOAUTH_CLIENT_ID = \"your-client-id\"\nOAUTH_CLIENT_SECRET = \"your-client-secret\"\nOAUTH_REDIRECT_URL = 'http{s}://example.com/oauth/callback/'\n\nOAUTH_PROVIDER_DOMAIN = 'github.com'\nOAUTH_AUTHORIZATION_URL = 'https://github.com/login/oauth/authorize'\nOAUTH_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nOAUTH_USER_INFO_URL = 'https://api.github.com/user'\nOAUTH_SCOPE = [\"user\",]\nOAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, 'uid'),\n    \"email\": (False, \"contact_email\"),\n    \"name\": (False, \"name\"),\n}\n

          Note

          To enable OAuth via GitLab. Create an application in GitLab (under Admin area->Applications).

          Fill in required fields:

          • Name: a name you specify

          • Redirect URI: The callback url see below OAUTH_REDIRECT_URL

          • Trusted: Skip confirmation dialog page. Select this to not ask the user if he wants to authorize seafile to receive access to his/her account data.

          • Scopes: Select openid and read_user in the scopes list.

          Press submit and copy the client id and secret you receive on the confirmation page and use them in this template for your seahub_settings.py

          ENABLE_OAUTH = True\nOAUTH_CLIENT_ID = \"your-client-id\"\nOAUTH_CLIENT_SECRET = \"your-client-secret\"\nOAUTH_REDIRECT_URL = \"https://your-seafile/oauth/callback/\"\n\nOAUTH_PROVIDER_DOMAIN = 'your-domain'\nOAUTH_AUTHORIZATION_URL = 'https://gitlab.your-domain/oauth/authorize'\nOAUTH_TOKEN_URL = 'https://gitlab.your-domain/oauth/token'\nOAUTH_USER_INFO_URL = 'https://gitlab.your-domain/api/v4/user'\nOAUTH_SCOPE = [\"openid\", \"read_user\"]\nOAUTH_ATTRIBUTE_MAP = {\n    \"email\": (True, \"uid\"),\n    \"name\": (False, \"name\")\n}\n

          Note

          For users of Azure Cloud, as there is no id field returned from Azure Cloud's user info endpoint, so we use a special configuration for OAUTH_ATTRIBUTE_MAP setting (others are the same as Github/Google). Please see this tutorial for the complete deployment process of OAuth against Azure Cloud.

          OAUTH_ATTRIBUTE_MAP = {\n    \"email\": (True, \"uid\"),\n    \"name\": (False, \"name\")\n}\n
          "},{"location":"config/ocm/","title":"Open Cloud Mesh","text":"

          From 8.0.0, Seafile supports OCM protocol. With OCM, user can share library to other server which enabled OCM too.

          Seafile currently supports sharing between Seafile servers with version greater than 8.0, and sharing from NextCloud to Seafile since 9.0.

          These two functions cannot be enabled at the same time

          "},{"location":"config/ocm/#configuration","title":"Configuration","text":"

          Add the following configuration to seahub_settings.py.

          Sharing between Seafile serversSharing from NextCloud to Seafile 
          # Enable OCM\nENABLE_OCM = True\nOCM_PROVIDER_ID = '71687320-6219-47af-82f3-32012707a5ae' # the unique id of this server\nOCM_REMOTE_SERVERS = [\n    {\n        \"server_name\": \"dev\",\n        \"server_url\": \"https://seafile-domain-1/\", # should end with '/'\n    },\n    {\n        \"server_name\": \"download\",\n        \"server_url\": \"https://seafile-domain-2/\", # should end with '/'\n    },\n]\n
          # Enable OCM\nENABLE_OCM_VIA_WEBDAV = True\nOCM_PROVIDER_ID = '71687320-6219-47af-82f3-32012707a5ae' # the unique id of this server\nOCM_REMOTE_SERVERS = [\n    {\n        \"server_name\": \"nextcloud\",\n        \"server_url\": \"https://nextcloud-domain-1/\", # should end with '/'\n    }\n]\n

          OCM_REMOTE_SERVERS is a list of servers that you allow your users to share libraries with

          "},{"location":"config/ocm/#usage","title":"Usage","text":""},{"location":"config/ocm/#share-library-to-other-server","title":"Share library to other server","text":"

          In the library sharing dialog jump to \"Share to other server\", you can share this library to users of another server with \"Read-Only\" or \"Read-Write\" permission. You can also view shared records and cancel sharing.

          "},{"location":"config/ocm/#view-be-shared-libraries","title":"View be shared libraries","text":"

          You can jump to \"Shared from other servers\" page to view the libraries shared by other servers and cancel the sharing.

          And enter the library to view, download or upload files.

          "},{"location":"config/remote_user/","title":"SSO using Remote User","text":"

          Starting from 7.0.0, Seafile can integrate with various Single Sign On systems via a proxy server. Examples include Apache as Shibboleth proxy, or LemonLdap as a proxy to LDAP servers, or Apache as Kerberos proxy. Seafile can retrieve user information from special request headers (HTTP_REMOTE_USER, HTTP_X_AUTH_USER, etc.) set by the proxy servers.

          After the proxy server (Apache/Nginx) is successfully authenticated, the user information is set to the request header, and Seafile creates and logs in the user based on this information.

          Make sure that the proxy server has a corresponding security mechanism to protect against forgery request header attacks

          Please add the following settings to conf/seahub_settings.py to enable this feature.

          ENABLE_REMOTE_USER_AUTHENTICATION = True\n\n# Optional, HTTP header, which is configured in your web server conf file,\n# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.\nREMOTE_USER_HEADER = 'HTTP_REMOTE_USER'\n\n# Optional, when the value of HTTP_REMOTE_USER is not a valid email address\uff0c\n# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'\n# and this domain, e.g. user1@example.com.\nREMOTE_USER_DOMAIN = 'example.com'\n\n# Optional, whether to create new user in Seafile system, default value is True.\n# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.\n# The admin has to first import the users from external systems like LDAP.\nREMOTE_USER_CREATE_UNKNOWN_USER = True\n\n# Optional, whether to activate new user in Seafile system, default value is True.\n# If this setting is disabled, user will be unable to login by default.\n# the administrator needs to manually activate this user.\nREMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True\n\n# Optional, map user attribute in HTTP header and Seafile's user attribute.\nREMOTE_USER_ATTRIBUTE_MAP = {\n    'HTTP_DISPLAYNAME': 'name',\n    'HTTP_MAIL': 'contact_email',\n\n    # for user info\n    \"HTTP_GIVENNAME\": 'givenname',\n    \"HTTP_SN\": 'surname',\n    \"HTTP_ORGANIZATION\": 'institution',\n\n    # for user role\n    'HTTP_Shibboleth-affiliation': 'affiliation',\n}\n\n# Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP,\n# it is not restricted to Shibboleth\nSHIBBOLETH_AFFILIATION_ROLE_MAP = {\n    'employee@uni-mainz.de': 'staff',\n    'member@uni-mainz.de': 'staff',\n    'student@uni-mainz.de': 'student',\n    'employee@hu-berlin.de': 'guest',\n    'patterns': (\n        ('*@hu-berlin.de', 'guest1'),\n        ('*@*.de', 'guest2'),\n        ('*', 'guest'),\n    ),\n}\n

          Then restart Seafile.

          "},{"location":"config/roles_permissions/","title":"Roles and Permissions Support","text":"

          You can add/edit roles and permission for users. A role is just a group of users with some pre-defined permissions, you can toggle user roles in user list page at admin panel. For most permissions, the meaning can be easily obtained from the variable name. The following is a further detailed introduction to some variables.

          • role_quota is used to set quota for a certain role of users. For example, we can set the quota of employee to 100G by adding 'role_quota': '100g', and leave other role of users to the default quota.

          • can_add_public_repo is to set whether a role can create a public library, default is False.

            Since version 11.0.9 pro, can_share_repo is added to limit users' ability to share a library

            The can_add_public_repo option will not take effect if you configure global CLOUD_MODE = True

          • storage_ids permission is used for assigning storage backends to users with specific role. More details can be found in multiple storage backends.

          • upload_rate_limit and download_rate_limit are added to limit upload and download speed for users with different roles.

            Note

            After configured the rate limit, run the following command in the seafile-server-latest directory to make the configuration take effect:

            ./seahub.sh python-env python3 seahub/manage.py set_user_role_upload_download_rate_limit\n

          Seafile comes with two build-in roles default and guest, a default user is a normal user with permissions as followings:

          New in 12.0

          • can_drag_drop_folder_to_sync: allow or deny user to sync folder by draging and droping
          • can_export_files_via_mobile_client: allow or deny user to export files in using mobile client
              'default': {\n        'can_add_repo': True,\n        'can_share_repo': True,\n        'can_add_group': True,\n        'can_view_org': True,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': True,\n        'can_generate_share_link': True,\n        'can_generate_upload_link': True,\n        'can_send_share_link_mail': True,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': True,\n        'can_connect_with_android_clients': True,\n        'can_connect_with_ios_clients': True,\n        'can_connect_with_desktop_clients': True,\n        'can_export_files_via_mobile_client': True,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': True,\n        'upload_rate_limit': 0,  # unit: kb/s\n        'download_rate_limit': 0,\n    },\n

          While a guest user can only read files/folders in the system, here are the permissions for a guest user: 

              'guest': {\n        'can_add_repo': False,\n        'can_share_repo': False,\n        'can_add_group': False,\n        'can_view_org': False,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': False,\n        'can_generate_share_link': False,\n        'can_generate_upload_link': False,\n        'can_send_share_link_mail': False,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': False,\n        'can_connect_with_android_clients': False,\n        'can_connect_with_ios_clients': False,\n        'can_connect_with_desktop_clients': False,\n        'can_export_files_via_mobile_client': False,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': False,\n        'upload_rate_limit': 0,\n        'download_rate_limit': 0,\n    },\n

          "},{"location":"config/roles_permissions/#edit-build-in-roles","title":"Edit build-in roles","text":"

          If you want to edit the permissions of build-in roles, e.g. default users can invite guest, guest users can view repos in organization, you can add following lines to seahub_settings.py with corresponding permissions set to True.

          ENABLED_ROLE_PERMISSIONS = {\n    'default': {\n        'can_add_repo': True,\n        'can_share_repo': True,\n        'can_add_group': True,\n        'can_view_org': True,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': True,\n        'can_generate_share_link': True,\n        'can_generate_upload_link': True,\n        'can_send_share_link_mail': True,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': True,\n        'can_connect_with_android_clients': True,\n        'can_connect_with_ios_clients': True,\n        'can_connect_with_desktop_clients': True,\n        'can_export_files_via_mobile_client': True,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': True,\n        'upload_rate_limit': 2000,  # unit: kb/s\n        'download_rate_limit': 4000,\n    },\n    'guest': {\n        'can_add_repo': False,\n        'can_share_repo': False,\n        'can_add_group': False,\n        'can_view_org': False,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': False,\n        'can_generate_share_link': False,\n        'can_generate_upload_link': False,\n        'can_send_share_link_mail': False,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': False,\n        'can_connect_with_android_clients': False,\n        'can_connect_with_ios_clients': False,\n        'can_connect_with_desktop_clients': False,\n        'can_export_files_via_mobile_client': False,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': False,\n        'upload_rate_limit': 100,\n        'download_rate_limit': 200,\n    }\n}\n
          "},{"location":"config/roles_permissions/#more-about-guest-invitation-feature","title":"More about guest invitation feature","text":"

          An user who has can_invite_guest permission can invite people outside of the organization as guest.

          In order to use this feature, in addition to granting can_invite_guest permission to the user, add the following line to seahub_settings.py,

          ENABLE_GUEST_INVITATION = True\n\n# invitation expire time\nINVITATIONS_TOKEN_AGE = 72 # hours\n

          After restarting, users who have can_invite_guest permission will see \"Invite People\" section at sidebar of home page.

          Users can invite a guest user by providing his/her email address, system will email the invite link to the user.

          Tip

          If you want to block certain email addresses for the invitation, you can define a blacklist, e.g.

          INVITATION_ACCEPTER_BLACKLIST = [\"a@a.com\", \"*@a-a-a.com\", r\".*@(foo|bar).com\", ]\n

          After that, email address \"a@a.com\", any email address ends with \"@a-a-a.com\" and any email address ends with \"@foo.com\" or \"@bar.com\" will not be allowed.

          "},{"location":"config/roles_permissions/#add-custom-roles","title":"Add custom roles","text":"

          If you want to add a new role and assign some users with this role, e.g. new role employee can invite guest and can create public library and have all other permissions a default user has, you can add following lines to seahub_settings.py

          ENABLED_ROLE_PERMISSIONS = {\n    'default': {\n        'can_add_repo': True,\n        'can_share_repo': True,\n        'can_add_group': True,\n        'can_view_org': True,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': True,\n        'can_generate_share_link': True,\n        'can_generate_upload_link': True,\n        'can_send_share_link_mail': True,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': True,\n        'can_connect_with_android_clients': True,\n        'can_connect_with_ios_clients': True,\n        'can_connect_with_desktop_clients': True,\n        'can_export_files_via_mobile_client': True,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': True,\n        'upload_rate_limit': 2000,  # unit: kb/s\n        'download_rate_limit': 4000,\n    },\n    'guest': {\n        'can_add_repo': False,\n        'can_share_repo': False,\n        'can_add_group': False,\n        'can_view_org': False,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': False,\n        'can_generate_share_link': False,\n        'can_generate_upload_link': False,\n        'can_send_share_link_mail': False,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': False,\n        'can_connect_with_android_clients': False,\n        'can_connect_with_ios_clients': False,\n        'can_connect_with_desktop_clients': False,\n        'can_export_files_via_mobile_client': False,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': False,\n        'upload_rate_limit': 100,\n        'download_rate_limit': 200,\n    },\n    'employee': {\n        'can_add_repo': True,\n        'can_share_repo': True,\n        'can_add_group': True,\n        'can_view_org': True,\n        'can_add_public_repo': True,\n        'can_use_global_address_book': True,\n        'can_generate_share_link': True,\n        'can_generate_upload_link': True,\n        'can_send_share_link_mail': True,\n        'can_invite_guest': True,\n        'can_drag_drop_folder_to_sync': True,\n        'can_connect_with_android_clients': True,\n        'can_connect_with_ios_clients': True,\n        'can_connect_with_desktop_clients': True,\n        'can_export_files_via_mobile_client': True,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': True,\n        'upload_rate_limit': 500,\n        'download_rate_limit': 800,\n    },\n}\n
          "},{"location":"config/saml2_in_10.0/","title":"SAML 2.0 in version 10.0+","text":"

          In this document, we use Microsoft Azure SAML single sign-on app and Microsoft on-premise ADFS to show how Seafile integrate SAML 2.0. Other SAML 2.0 provider should be similar.

          "},{"location":"config/saml2_in_10.0/#preparations-for-saml-20","title":"Preparations for SAML 2.0","text":"

          First, install xmlsec1 package:

          $ apt update\n$ apt install xmlsec1\n$ apt install dnsutils  # For multi-tenancy feature\n

          Second, prepare SP(Seafile) certificate directory and SP certificates:

          Create certs dir

          $ mkdir -p /opt/seafile/seahub-data/certs\n

          The SP certificate can be generated by the openssl command, or you can apply to the certificate manufacturer, it is up to you. For example, generate the SP certs using the following command:

          $ cd /opt/seafile/seahub-data/certs\n$ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sp.key -out sp.crt\n

          The days option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly

          "},{"location":"config/saml2_in_10.0/#integration-with-adfssaml-single-sign-on","title":"Integration with ADFS/SAML single sign-on","text":""},{"location":"config/saml2_in_10.0/#microsoft-azure-saml-single-sign-on-app","title":"Microsoft Azure SAML single sign-on app","text":"

          If you use Microsoft Azure SAML app to achieve single sign-on, please follow the steps below:

          First, add SAML single sign-on app and assign users, refer to: add an Azure AD SAML application, create and assign users.

          Second, setup the Identifier, Reply URL, and Sign on URL of the SAML app based on your service URL, refer to: enable single sign-on for saml app. The format of the Identifier, Reply URL, and Sign on URL are: https://example.com/saml2/metadata/, https://example.com/saml2/acs/, https://example.com/, e.g.:

          Next, edit saml attributes & claims. Keep the default attributes & claims of SAML app unchanged, the uid attribute must be added, the mail and name attributes are optional, e.g.:

          Next, download the base64 format SAML app's certificate and rename to idp.crt:

          and put it under the certs directory(/opt/seafile/seahub-data/certs).

          Next, copy the metadata URL of the SAML app:

          and paste it into the SAML_REMOTE_METADATA_URL option in seahub_settings.py, e.g.:

          SAML_REMOTE_METADATA_URL = 'https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxx'   # copy from SAML app\n

          Next, add ENABLE_ADFS_LOGIN, LOGIN_REDIRECT_URL and SAML_ATTRIBUTE_MAPPING options to seahub_settings.py, and then restart Seafile, e.g:

          ENABLE_ADFS_LOGIN = True\nLOGIN_REDIRECT_URL = '/saml2/complete/'\nSAML_ATTRIBUTE_MAPPING = {\n    'name': ('display_name', ),\n    'mail': ('contact_email', ),\n    'seafile_groups': ('', ), # Optional, set this attribute if you need to synchronize groups/departments.\n    ...\n\n}\nSAML_REMOTE_METADATA_URL = 'https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxx'   # copy from SAML app\n

          Note

          • If the xmlsec1 binary is not located in /usr/bin/xmlsec1, you need to add the following configuration in seahub_settings.py:
          SAML_XMLSEC_BINARY_PATH = '/path/to/xmlsec1'\n

          View where the xmlsec1 binary is located:

          $ which xmlsec1\n
          • If certificates are not placed in /opt/seafile/seahub-data/certs, you need to add the following configuration in seahub_settings.py:
          SAML_CERTS_DIR = '/path/to/certs'\n

          Finally, open the browser and enter the Seafile login page, click Single Sign-On, and use the user assigned to SAML app to perform a SAML login test.

          "},{"location":"config/saml2_in_10.0/#on-premise-adfs","title":"On-premise ADFS","text":"

          If you use Microsoft ADFS to achieve single sign-on, please follow the steps below:

          First, please make sure the following preparations are done:

          1. A Windows Server with ADFS installed. For configuring and installing ADFS you can see this article.

          2. A valid SSL certificate for ADFS server, and here we use temp.adfs.com as the domain name example.

          3. A valid SSL certificate for Seafile server, and here we use demo.seafile.com as the domain name example.

          Second, download the base64 format certificate and upload it:

          • Navigate to the AD FS management window. In the left sidebar menu, navigate to Services > Certificates.

          • Locate the Token-signing certificate. Right-click the certificate and select View Certificate.

          • In the dialog box, select the Details tab.

          • Click Copy to File.

          • In the Certificate Export Wizard that opens, click Next.

          • Select Base-64 encoded X.509 (.CER), then click Next.

          • Named it idp.crt, then click Next.

          • Click Finish to complete the download.

          • And then put it under the certs directory(/opt/seafile/seahub-data/certs).

          Next, add the following configurations to seahub_settings.py and then restart Seafile:

          ENABLE_ADFS_LOGIN = True\nLOGIN_REDIRECT_URL = '/saml2/complete/'\nSAML_ATTRIBUTE_MAPPING = {\n    'name': ('display_name', ),\n    'mail': ('contact_email', ),\n    'seafile_groups': ('', ), # Optional, set this attribute if you need to synchronize groups/departments.\n    ...\n}\nSAML_REMOTE_METADATA_URL = 'https://temp.adfs.com/federationmetadata/2007-06/federationmetadata.xml'   # The format of the ADFS federation metadata URL is: `https://{your ADFS domain name}/federationmetadata/2007-06/federationmetadata.xml`\n

          Next, add relying party trust:

          • Log into the ADFS server and open the ADFS management.

          • Under Actions, click Add Relying Party Trust.

          • On the Welcome page, choose Claims aware and click Start.

          • Select Import data about the relying party published online or on a local network, type your metadate url in Federation metadata address (host name or URL), and then click Next. Your metadate url format is: https://example.com/saml2/metadata/, e.g.:

          • On the Specify Display Name page type a name in Display name, e.g. Seafile, under Notes type a description for this relying party trust, and then click Next.

          • In the Choose an access control policy window, select Permit everyone, then click Next.

          • Review your settings, then click Next.

          • Click Close.

          Next, create claims rules:

          • Open the ADFS management, click Relying Party Trusts.

          • Right-click your trust, and then click Edit Claim Issuance Policy.

          • On the Issuance Transform Rules tab click Add Rules.

          • Click the Claim rule template dropdown menu and select Send LDAP Attributes as Claims, and then click Next.

          • In the Claim rule name field, type the display name for this rule, such as Seafile Claim rule. Click the Attribute store dropdown menu and select Active Directory. In the LDAP Attribute column, click the dropdown menu and select User-Principal-Name. In the Outgoing Claim Type column, click the dropdown menu and select UPN. And then click Finish.

          • Click Add Rule again.

          • Click the Claim rule template dropdown menu and select Transform an Incoming Claim, and then click Next.

          • In the Claim rule name field, type the display name for this rule, such as UPN to Name ID. Click the Incoming claim type dropdown menu and select UPN(It must match the Outgoing Claim Type in rule Seafile Claim rule). Click the Outgoing claim type dropdown menu and select Name ID. Click the Outgoing name ID format dropdown menu and select Email. And then click Finish.

          • Click OK to add both new rules.

          When creating claims rule, you can also select other LDAP Attributes, such as E-Mail-Addresses, depending on your ADFS service

          Finally, open the browser and enter the Seafile login page, click Single Sign-On to perform ADFS login test.

          "},{"location":"config/seafevents-conf/","title":"Configurable Options","text":"

          In the file seafevents.conf:

          [DATABASE]\ntype = mysql\nhost = 192.168.0.2\nport = 3306\nusername = seafile\npassword = password\nname = seahub_db\n\n[STATISTICS]\n## must be \"true\" to enable statistics\nenabled = false\n\n[SEAHUB EMAIL]\n## must be \"true\" to enable user email notifications when there are new unread notifications\nenabled = true\n\n## interval of sending Seahub email. Can be s(seconds), m(minutes), h(hours), d(days)\ninterval = 30m\n\n[FILE HISTORY]\nenabled = true\nthreshold = 5\nsuffix = md,txt,...\n\n## From seafile 7.0.0\n## Recording file history to database for fast access is enabled by default for 'Markdown, .txt, ppt, pptx, doc, docx, xls, xlsx'. \n## After enable the feature, the old histories version for markdown, doc, docx files will not be list in the history page.\n## (Only new histories that stored in database will be listed) But the users can still access the old versions in the library snapshots.\n## For file types not listed in the suffix , histories version will be scanned from the library history as before.\n## The feature default is enable. You can set the 'enabled = false' to disable the feature.\n\n## The 'threshold' is the time threshold for recording the historical version of a file, in minutes, the default is 5 minutes. \n## This means that if the interval between two adjacent file saves is less than 5 minutes, the two file changes will be merged and recorded as a historical version. \n## When set to 0, there is no time limit, which means that each save will generate a separate historical version.\n\n## If you need to modify the file list format, you can add 'suffix = md, txt, ...' configuration items to achieve.\n
          "},{"location":"config/seafevents-conf/#the-following-configurations-for-pro-edition-only","title":"The following configurations for Pro Edition only","text":"
          [AUDIT]\n## Audit log is disabled default.\n## Leads to additional SQL tables being filled up, make sure your SQL server is able to handle it.\nenabled = true\n\n[INDEX FILES]\n## must be \"true\" to enable search\nenabled = true\n\n## The interval the search index is updated. Can be s(seconds), m(minutes), h(hours), d(days)\ninterval=10m\n\n## From Seafile 6.3.0 pro, in order to speed up the full-text search speed, you should setup\nhighlight = fvh\n\n## If true, indexes the contents of office/pdf files while updating search index\n## Note: If you change this option from \"false\" to \"true\", then you need to clear the search index and update the index again.\n## Refer to file search manual for details.\nindex_office_pdf=false\n\n## The default size limit for doc, docx, ppt, pptx, xls, xlsx and pdf files. Files larger than this will not be indexed.\n## Since version 6.2.0\n## Unit: MB\noffice_file_size_limit = 10\n\n## From 9.0.7 pro, Seafile supports connecting to Elasticsearch through username and password, you need to configure username and password for the Elasticsearch server\nusername = elastic           # username to connect to Elasticsearch\npassword = elastic_password  # password to connect to Elasticsearch\n\n## From 9.0.7 pro, Seafile supports connecting to elasticsearch via HTTPS, you need to configure HTTPS for the Elasticsearch server\nscheme = https               # The default is http. If the Elasticsearch server is not configured with HTTPS, the scheme and cafile do not need to be configured\ncafile = path/to/cert.pem    # The certificate path for user authentication. If the Elasticsearch server does not enable certificate authentication, do not need to be configured\n\n## From version 11.0.5 Pro, you can custom ElasticSearch index names for distinct instances when intergrating multiple Seafile servers to a single ElasticSearch Server.\nrepo_status_index_name = your-repo-status-index-name  # default is `repo_head`\nrepo_files_index_name = your-repo-files-index-name    # default is `repofiles`\n\n## The default loglevel is `warning`.\n## Since version 11.0.4\nloglevel = info\n\n[EVENTS PUBLISH]\n## must be \"true\" to enable publish events messages\nenabled = false\n## message format: repo-update\\t{{repo_id}}}\\t{{commit_id}}\n## Currently only support redis message queue\nmq_type = redis\n\n[REDIS]\n## redis use the 0 database and \"repo_update\" channel\nserver = 192.168.1.1\nport = 6379\npassword = q!1w@#123\n\n[AUTO DELETION]\nenabled = true     # Default is false, when enabled, users can use file auto deletion feature\ninterval = 86400   # The unit is second(s), the default frequency is one day, that is, it runs once a day\n
          "},{"location":"config/seafile-conf/","title":"Seafile.conf settings","text":"

          Important

          Every entry in this configuration file is case-sensitive.

          You need to restart seafile and seahub so that your changes take effect.

          ./seahub.sh restart\n./seafile.sh restart\n
          "},{"location":"config/seafile-conf/#storage-quota-setting","title":"Storage Quota Setting","text":"

          You may set a default quota (e.g. 2GB) for all users. To do this, just add the following lines to seafile.conf file

          [quota]\n# default user quota in GB, integer only\ndefault = 2\n

          This setting applies to all users. If you want to set quota for a specific user, you may log in to seahub website as administrator, then set it in \"System Admin\" page.

          Since Pro 10.0.9 version, you can set the maximum number of files allowed in a library, and when this limit is exceeded, files cannot be uploaded to this library. There is no limit by default.

          [quota]\nlibrary_file_limit = 100000\n
          "},{"location":"config/seafile-conf/#default-history-length-limit","title":"Default history length limit","text":"

          If you don't want to keep all file revision history, you may set a default history length limit for all libraries.

          [history]\nkeep_days = days of history to keep\n
          "},{"location":"config/seafile-conf/#default-trash-expiration-time","title":"Default trash expiration time","text":"

          The default time for automatic cleanup of the libraries trash is 30 days.You can modify this time by adding the following configuration\uff1a

          [library_trash]\nexpire_days = 60\n
          "},{"location":"config/seafile-conf/#system-trash","title":"System Trash","text":"

          Seafile uses a system trash, where deleted libraries will be moved to. In this way, accidentally deleted libraries can be recovered by system admin.

          "},{"location":"config/seafile-conf/#cache-pro-edition-only","title":"Cache (Pro Edition Only)","text":"

          Seafile Pro Edition uses memory caches in various cases to improve performance. Some session information is also saved into memory cache to be shared among the cluster nodes. Memcached or Reids can be use for memory cache.

          If you use memcached:

          [memcached]\n# Replace `localhost` with the memcached address:port if you're using remote memcached\n# POOL-MIN and POOL-MAX is used to control connection pool size. Usually the default is good enough.\nmemcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100\n

          If you use redis:

          [redis]\n# your redis server address\nredis_host = 127.0.0.1\n# your redis server port\nredis_port = 6379\n# size of connection pool to redis, default is 100\nmax_connections = 100\n

          Redis support is added in version 11.0. Currently only single-node Redis is supported. Redis Sentinel or Cluster is not supported yet.

          "},{"location":"config/seafile-conf/#seafile-fileserver-configuration","title":"Seafile fileserver configuration","text":"

          The configuration of seafile fileserver is in the [fileserver] section of the file seafile.conf

          [fileserver]\n# bind address for fileserver\n# default to 0.0.0.0, if deployed without proxy: no access restriction\n# set to 127.0.0.1, if used with local proxy: only access by local\nhost = 127.0.0.1\n# tcp port for fileserver\nport = 8082\n

          Since Community Edition 6.2 and Pro Edition 6.1.9, you can set the number of worker threads to server http requests. Default value is 10, which is a good value for most use cases.

          [fileserver]\nworker_threads = 15\n

          Change upload/download settings.

          [fileserver]\n# Set maximum upload file size to 200M.\n# If not configured, there is no file size limit for uploading.\nmax_upload_size=200\n\n# Set maximum download directory size to 200M.\n# Default is 100M.\nmax_download_dir_size=200\n

          After a file is uploaded via the web interface, or the cloud file browser in the client, it needs to be divided into fixed size blocks and stored into storage backend. We call this procedure \"indexing\". By default, the file server uses 1 thread to sequentially index the file and store the blocks one by one. This is suitable for most cases. But if you're using S3/Ceph/Swift backends, you may have more bandwidth in the storage backend for storing multiple blocks in parallel. We provide an option to define the number of concurrent threads in indexing:

          [fileserver]\nmax_indexing_threads = 10\n

          When users upload files in the web interface (seahub), file server divides the file into fixed size blocks. Default blocks size for web uploaded files is 8MB. The block size can be set here.

          [fileserver]\n#Set block size to 2MB\nfixed_block_size=2\n

          When users upload files in the web interface, file server assigns an token to authorize the upload operation. This token is valid for 1 hour by default. When uploading a large file via WAN, the upload time can be longer than 1 hour. You can change the token expire time to a larger value.

          [fileserver]\n#Set uploading time limit to 3600s\nweb_token_expire_time=3600\n

          You can download a folder as a zip archive from seahub, but some zip software on windows doesn't support UTF-8, in which case you can use the \"windows_encoding\" settings to solve it.

          [zip]\n# The file name encoding of the downloaded zip file.\nwindows_encoding = iso-8859-1\n

          The \"httptemp\" directory contains temporary files created during file upload and zip download. In some cases the temporary files are not cleaned up after the file transfer was interrupted. Starting from 7.1.5 version, file server will regularly scan the \"httptemp\" directory to remove files created long time ago.

          [fileserver]\n# After how much time a temp file will be removed. The unit is in seconds. Default to 3 days.\nhttp_temp_file_ttl = x\n# File scan interval. The unit is in seconds. Default to 1 hour.\nhttp_temp_scan_interval = x\n

          New in Seafile Pro 7.1.16 and Pro 8.0.3: You can set the maximum number of files contained in a library that can be synced by the Seafile client. The default is 100000. When you download a repo, Seafile client will request fs id list, and you can control the timeout period of this request through fs_id_list_request_timeout configuration, which defaults to 5 minutes. These two options are added to prevent long fs-id-list requests from overloading the server.

          Since Pro 8.0.4 version, you can set both options to -1, to allow unlimited size and timeout.

          Tip

          This configuration is only effective for downloading files through web page or API, but not for syncing files

          [fileserver]\nmax_sync_file_count = 100000\nfs_id_list_request_timeout = 300\n

          If you use object storage as storage backend, when a large file is frequently downloaded, the same blocks need to be fetched from the storage backend to Seafile server. This may waste bandwith and cause high load on the internal network. Since Seafile Pro 8.0.5 version, we add block caching to improve the situation.

          • To enable this feature, set use_block_cache option in the [fileserver] group. It's not enabled by default.
          • The block_cache_size_limit option is used to limit the size of the cache. Its default value is 10GB. The blocks are cached in seafile-data/block-cache directory. When the total size of cached files exceeds the limit, seaf-server will clean up older files until the size reduces to 70% of the limit. The cleanup interval is 5 minutes. You have to have a good estimate on how much space you need for the cache directory. Otherwise on frequent downloads this directory can be quickly filled up.
          • The block_cache_file_types configuration is used to choose the file types that are cached. block_cache_file_types the default value is mp4;mov.

          [fileserver]\nuse_block_cache = true\n# Set block cache size limit to 100MB\nblock_cache_size_limit = 100\nblock_cache_file_types = mp4;mov\n
          When a large number of files are uploaded through the web page and API, it will be expensive to calculate block IDs based on the block contents. Since Seafile-pro-9.0.6, you can add the skip_block_hash option to use a random string as block ID.

          Warning

          This option will prevent fsck from checking block content integrity. You should specify --shallow option to fsck to not check content integrity.

          [fileserver]\nskip_block_hash = true\n

          If you want to limit the type of files when uploading files, since Seafile Pro 10.0.0 version, you can set file_ext_white_list option in the [fileserver] group. This option is a list of file types, only the file types in this list are allowed to be uploaded. It's not enabled by default. 

          [fileserver]\nfile_ext_white_list = md;mp4;mov\n

          Since seafile 10.0.1, when you use go fileserver, you can set upload_limit and download_limit option in the [fileserver] group to limit the speed of file upload and download. It's not enabled by default. 

          [fileserver]\n# The unit is in KB/s.\nupload_limit = 100\ndownload_limit = 100\n

          Since Seafile 11.0.7 Pro, you can ask file server to check virus for every file uploaded with web APIs. Find more options about virus scanning at virus scan.

          [fileserver]\n# default is false\ncheck_virus_on_web_upload = true\n
          "},{"location":"config/seafile-conf/#database-configuration","title":"Database configuration","text":"

          The configurations of database are stored in the [database] section.

          From Seafile 11.0, the SQLite is not supported

          [database]\ntype=mysql\nhost=127.0.0.1\nuser=root\npassword=root\ndb_name=seafile_db\nconnection_charset=utf8\nmax_connections=100\n

          When you configure seafile server to use MySQL, the default connection pool size is 100, which should be enough for most use cases.

          Since Seafile 10.0.2, you can enable the encrypted connections to the MySQL server by adding the following configuration options:

          [database]\nuse_ssl = true\nskip_verify = false\nca_path = /etc/mysql/ca.pem\n

          When set use_ssl to true and skip_verify to false, it will check whether the MySQL server certificate is legal through the CA configured in ca_path. The ca_path is a trusted CA certificate path for signing MySQL server certificates. When skip_verify is true, there is no need to add the ca_path option. The MySQL server certificate won't be verified at this time.

          "},{"location":"config/seafile-conf/#file-locking-pro-edition-only","title":"File Locking (Pro edition only)","text":"

          The Seafile Pro server auto expires file locks after some time, to prevent a locked file being locked for too long. The expire time can be tune in seafile.conf file.

          [file_lock]\ndefault_expire_hours = 6\n

          The default is 12 hours.

          Since Seafile-pro-9.0.6, you can add cache for getting locked files (reduce server load caused by sync clients).

          [file_lock]\nuse_locked_file_cache = true\n

          At the same time, you also need to configure the following memcache options for the cache to take effect:

          [memcached]\nmemcached_options = --SERVER=<the IP of Memcached Server> --POOL-MIN=10 --POOL-MAX=100\n
          "},{"location":"config/seafile-conf/#storage-backends","title":"Storage Backends","text":"

          You may configure Seafile to use various kinds of object storage backends.

          • S3 or S3-compatible object storage
          • Ceph RADOS
          • Alibaba Cloud OSS
          • OpenStack Swift

          You may also configure Seafile to use multiple storage backends at the same time.

          "},{"location":"config/seafile-conf/#cluster","title":"Cluster","text":"

          When you deploy Seafile in a cluster, you should add the following configuration:

          [cluster]\nenabled = true\n
          "},{"location":"config/seafile-conf/#enable-slow-log","title":"Enable Slow Log","text":"

          Since Seafile-pro-6.3.10, you can enable seaf-server's RPC slow log to do performance analysis.The slow log is enabled by default.

          If you want to configure related options, add the options to seafile.conf:

          [slow_log]\n# default to true\nenable_slow_log = true\n# the unit of all slow log thresholds is millisecond.\n# default to 5000 milliseconds, only RPC queries processed for longer than 5000 milliseconds will be  logged.\nrpc_slow_threshold = 5000\n

          You can find seafile_slow_rpc.log in logs/slow_logs. You can also use log-rotate to rotate the log files. You just need to send SIGUSR2 to seaf-server process. The slow log file will be closed and reopened.

          Since 9.0.2 Pro, the signal to trigger log rotation has been changed to SIGUSR1. This signal will trigger rotation for all log files opened by seaf-server. You should change your log rotate settings accordingly.

          "},{"location":"config/seafile-conf/#enable-access-log","title":"Enable Access Log","text":"

          Even though Nginx logs all requests with certain details, such as url, response code, upstream process time, it's sometimes desirable to have more context about the requests, such as the user id for each request. Such information can only be logged from file server itself. Since 9.0.2 Pro, access log feature is added to fileserver.

          To enable access log, add below options to seafile.conf:

          [fileserver]\n# default to false. If enabled, fileserver-access.log will be written to log directory.\nenable_access_log = true\n

          The log format is as following:

          start time - user id - url - response code - process time\n

          You can use SIGUSR1 to trigger log rotation.

          "},{"location":"config/seafile-conf/#go-fileserver","title":"Go Fileserver","text":"

          Seafile 9.0 introduces a new fileserver implemented in Go programming language. To enable it, you can set the options below in seafile.conf:

          [fileserver]\nuse_go_fileserver = true\n

          Go fileserver has 3 advantages over the traditional fileserver implemented in C language:

          1. Better performance when syncing libraries with large number of files. With C fileserver, syncing large libraries may consume all the worker threads in the server and make the service slow. There is a config option max_sync_file_count to limit the size of library to be synced. The default is 100K. With Go fileserver you can set this option to a much higher number, such as 1 million.
          2. Downloading zipped folders on the fly. And there is no limit on the size of the downloaded folder. With C fileserver, the server has to first create a zip file for the downloaded folder then send it to the client. With Go fileserver, the zip file can be created while transferring to the client. The option max_download_dir_size is thus no longer needed by Go fileserver.
          3. Since version 10.0 you can also set upload/download rate limits.

          Go fileserver caches fs objects in memory. On the one hand, it avoids repeated creation and destruction of repeatedly accessed objects; on the other hand it will also slow down the speed at which objects are released, which will prevent go's gc mechanism from consuming too much CPU time. You can set the size of memory used by fs cache through the following options.

          [fileserver]\n# The unit is in M. Default to 2G.\nfs_cache_limit = 100\n
          "},{"location":"config/seafile-conf/#profiling-go-fileserver-performance","title":"Profiling Go Fileserver Performance","text":"

          Since Seafile 9.0.7, you can enable the profile function of go fileserver by adding the following configuration options:

          # profile_password is required, change it for your need\n[fileserver]\nenable_profiling = true\nprofile_password = 8kcUz1I2sLaywQhCRtn2x1\n

          This interface can be used through the pprof tool provided by Go language. See https://pkg.go.dev/net/http/pprof for details. Note that you have to first install Go on the client that issues the below commands. The password parameter should match the one you set in the configuration.

          go tool pprof http://localhost:8082/debug/pprof/heap?password=8kcUz1I2sLaywQhCRtn2x1\ngo tool pprof http://localhost:8082/debug/pprof/profile?password=8kcUz1I2sLaywQhCRtn2x1\n
          "},{"location":"config/seafile-conf/#notification-server-configuration","title":"Notification server configuration","text":"

          Since Seafile 10.0.0, you can enable the notification server by adding the following configuration options:

          # jwt_private_key are required.You should generate it manually.\n[notification]\nenabled = true\n# the listen IP of notification server. (Do not modify the host when using Nginx or Apache, as Nginx or Apache will proxy the requests to this address)\nhost = 127.0.0.1\n# the port of notification server\nport = 8083\n# the log level of notification server\nlog_level = info\n# jwt_private_key is used to generate jwt token and authenticate seafile server\njwt_private_key = M@O8VWUb81YvmtWLHGB2I_V7di5-@0p(MF*GrE!sIws23F\n

          You can generate jwt_private_key with the following command\uff1a

          # generate jwt_private_key\nopenssl rand -base64 32\n

          If you use nginx, then you also need to add the following configuration for nginx:

          server {\n    ...\n\n    location /notification/ping {\n        proxy_pass http://127.0.0.1:8083/ping;\n        access_log      /var/log/nginx/notification.access.log seafileformat;\n        error_log       /var/log/nginx/notification.error.log;\n    }\n    location /notification {\n        proxy_pass http://127.0.0.1:8083/;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n        access_log      /var/log/nginx/notification.access.log seafileformat;\n        error_log       /var/log/nginx/notification.error.log;\n    }\n\n    ...\n}\n

          Or add the configuration for Apache:

              ProxyPass /notification/ping  http://127.0.0.1:8083/ping/\n    ProxyPassReverse /notification/ping  http://127.0.0.1:8083/ping/\n\n    ProxyPass /notification  ws://127.0.0.1:8083/\n    ProxyPassReverse /notification ws://127.0.0.1:8083/\n
          "},{"location":"config/seahub_customization/","title":"Seahub customization","text":""},{"location":"config/seahub_customization/#customize-seahub-logo-and-css","title":"Customize Seahub Logo and CSS","text":"

          Create customize folder

          Deploy in DockerDeploy from binary packages 
          mkdir -p /opt/seafile-data/seahub/media/custom\n
          mkdir /opt/seafile/seafile-server-latest/seahub/media/custom\n

          During upgrading, Seafile upgrade script will create symbolic link automatically to preserve your customization.

          "},{"location":"config/seahub_customization/#customize-logo","title":"Customize Logo","text":"

          Add your logo file to custom/

          Overwrite LOGO_PATH in seahub_settings.py

          LOGO_PATH = 'custom/mylogo.png'\n

          Default width and height for logo is 149px and 32px, you may need to change that according to yours.

          LOGO_WIDTH = 149\nLOGO_HEIGHT = 32\n
          "},{"location":"config/seahub_customization/#customize-favicon","title":"Customize Favicon","text":"

          Add your favicon file to custom/

          Overwrite FAVICON_PATH in seahub_settings.py

          LOGO_PATH = 'custom/favicon.png'\n
          "},{"location":"config/seahub_customization/#customize-seahub-css","title":"Customize Seahub CSS","text":"

          Add your css file to custom/, for example, custom.css

          Overwrite BRANDING_CSS in seahub_settings.py

          LOGO_PATH = 'custom/custom.css'\n
          "},{"location":"config/seahub_customization/#customize-help-page","title":"Customize help page","text":"Deploy in DockerDeploy from binary packages 
          mkdir -p /opt/seafile-data/seahub/media/custom/templates/help/\ncd /opt/seafile-data/seahub/media/custom\ncp ../../help/templates/help/install.html templates/help/\n
          mkdir /opt/seafile/seafile-server-latest/seahub/media/custom/templates/help/\ncd /opt/seafile/seafile-server-latest/seahub/media/custom\ncp ../../help/templates/help/install.html templates/help/\n

          Modify the templates/help/install.html file and save it. You will see the new help page.

          "},{"location":"config/seahub_customization/#add-an-extra-note-in-sharing-dialog","title":"Add an extra note in sharing dialog","text":"

          You can add an extra note in sharing dialog in seahub_settings.py

          ADDITIONAL_SHARE_DIALOG_NOTE = {\n    'title': 'Attention! Read before shareing files:',\n    'content': 'Do not share personal or confidential official data with **.'\n}\n

          Result:

          "},{"location":"config/seahub_customization/#add-custom-navigation-items","title":"Add custom navigation items","text":"

          Since Pro 7.0.9, Seafile supports adding some custom navigation entries to the home page for quick access. This requires you to add the following configuration information to the conf/seahub_settings.py configuration file:

          CUSTOM_NAV_ITEMS = [\n    {'icon': 'sf2-icon-star',\n     'desc': 'Custom navigation 1',\n     'link': 'https://www.seafile.com'\n    },\n    {'icon': 'sf2-icon-wiki-view',\n     'desc': 'Custom navigation 2',\n     'link': 'https://www.seafile.com/help'\n    },\n    {'icon': 'sf2-icon-wrench',\n     'desc': 'Custom navigation 3',\n     'link': 'http://www.example.com'\n    },\n]\n

          Note

          The icon field currently only supports icons in Seafile that begin with sf2-icon. You can find the list of icons here:

          Then restart the Seahub service to take effect.

          Once you log in to the Seafile system homepage again, you will see the new navigation entry under the Tools navigation bar on the left.

          "},{"location":"config/seahub_customization/#add-more-links-to-the-bottom-bar","title":"Add more links to the bottom bar","text":"
          ADDITIONAL_APP_BOTTOM_LINKS = {\n    'seafile': 'https://example.seahub.com/seahub',\n    'dtable-web': 'https://example.seahub.com/web'\n}\n

          Result:

          "},{"location":"config/seahub_customization/#add-more-links-to-about-dialog","title":"Add more links to about dialog","text":"
          ADDITIONAL_ABOUT_DIALOG_LINKS = {\n    'seafile': 'https://example.seahub.com/seahub',\n    'dtable-web': 'https://example.seahub.com/dtable-web'\n}\n

          Result:

          "},{"location":"config/seahub_settings_py/","title":"Seahub Settings","text":"

          Tip

          You can also modify most of the config items via web interface. The config items are saved in database table (seahub-db/constance_config). They have a higher priority over the items in config files. If you want to disable settings via web interface, you can add ENABLE_SETTINGS_VIA_WEB = False to seahub_settings.py.

          "},{"location":"config/seahub_settings_py/#sending-email-notifications-on-seahub","title":"Sending Email Notifications on Seahub","text":"

          Refer to email sending documentation.

          "},{"location":"config/seahub_settings_py/#cache","title":"Cache","text":"

          Seahub caches items(avatars, profiles, etc) on file system by default(/tmp/seahub_cache/). You can replace with Memcached or Redis.

          MemcachedRedis 
          # on Debian/Ubuntu 18.04+\napt-get install memcached libmemcached-dev -y\npip3 install --timeout=3600 pylibmc django-pylibmc\n\nsystemctl enable --now memcached\n

          Add the following configuration to seahub_settings.py.

          CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '127.0.0.1:11211',\n    },\n}\n

          Redis supported is added in Seafile version 11.0

          1. Install Redis with package installers in your OS.

          2. Please refer to Django's documentation about using Redis cache.

          "},{"location":"config/seahub_settings_py/#security-settings","title":"Security settings","text":"
          # For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com'].\n# Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.\nALLOWED_HOSTS = ['.myseafile.com']\n\n\n# Whether to use a secure cookie for the CSRF cookie\n# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-secure\nCSRF_COOKIE_SECURE = True\n\n# The value of the SameSite flag on the CSRF cookie\n# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-samesite\nCSRF_COOKIE_SAMESITE = 'Strict'\n\n# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-trusted-origins\nCSRF_TRUSTED_ORIGINS = ['https://www.myseafile.com']\n
          "},{"location":"config/seahub_settings_py/#user-management-options","title":"User management options","text":"

          The following options affect user registration, password and session.

          # Enalbe or disalbe registration on web. Default is `False`.\nENABLE_SIGNUP = False\n\n# Activate or deactivate user when registration complete. Default is `True`.\n# If set to `False`, new users need to be activated by admin in admin panel.\nACTIVATE_AFTER_REGISTRATION = False\n\n# Whether to send email when a system admin adding a new member. Default is `True`.\nSEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True\n\n# Whether to send email when a system admin resetting a user's password. Default is `True`.\nSEND_EMAIL_ON_RESETTING_USER_PASSWD = True\n\n# Send system admin notify email when user registration is complete. Default is `False`.\nNOTIFY_ADMIN_AFTER_REGISTRATION = True\n\n# Remember days for login. Default is 7\nLOGIN_REMEMBER_DAYS = 7\n\n# Attempt limit before showing a captcha when login.\nLOGIN_ATTEMPT_LIMIT = 3\n\n# deactivate user account when login attempts exceed limit\n# Since version 5.1.2 or pro 5.1.3\nFREEZE_USER_ON_LOGIN_FAILED = False\n\n# mininum length for user's password\nUSER_PASSWORD_MIN_LENGTH = 6\n\n# LEVEL based on four types of input:\n# num, upper letter, lower letter, other symbols\n# '3' means password must have at least 3 types of the above.\nUSER_PASSWORD_STRENGTH_LEVEL = 3\n\n# default False, only check USER_PASSWORD_MIN_LENGTH\n# when True, check password strength level, STRONG(or above) is allowed\nUSER_STRONG_PASSWORD_REQUIRED = False\n\n# Force user to change password when admin add/reset a user.\n# Added in 5.1.1, deafults to True.\nFORCE_PASSWORD_CHANGE = True\n\n# Age of cookie, in seconds (default: 2 weeks).\nSESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2\n\n# Whether a user's session cookie expires when the Web browser is closed.\nSESSION_EXPIRE_AT_BROWSER_CLOSE = False\n\n# Whether to save the session data on every request. Default is `False`\nSESSION_SAVE_EVERY_REQUEST = False\n\n# Whether enable the feature \"published library\". Default is `False`\n# Since 6.1.0 CE\nENABLE_WIKI = True\n\n# In old version, if you use Single Sign On, the password is not saved in Seafile.\n# Users can't use WebDAV because Seafile can't check whether the password is correct.\n# Since version 6.3.8, you can enable this option to let user's to specific a password for WebDAV login.\n# Users login via SSO can use this password to login in WebDAV.\n# Enable the feature. pycryptodome should be installed first.\n# sudo pip install pycryptodome==3.12.0\nENABLE_WEBDAV_SECRET = True\nWEBDAV_SECRET_MIN_LENGTH = 8\n\n# LEVEL for the password, based on four types of input:\n# num, upper letter, lower letter, other symbols\n# '3' means password must have at least 3 types of the above.\nWEBDAV_SECRET_STRENGTH_LEVEL = 1\n\n\n# Since version 7.0.9, you can force a full user to log in with a two factor authentication.\n# The prerequisite is that the administrator should 'enable two factor authentication' in the 'System Admin -> Settings' page.\n# Then you can add the following configuration information to the configuration file.\nENABLE_FORCE_2FA_TO_ALL_USERS = True\n
          "},{"location":"config/seahub_settings_py/#library-snapshot-label-feature","title":"Library snapshot label feature","text":"
          # Turn on this option to let users to add a label to a library snapshot. Default is `False`\nENABLE_REPO_SNAPSHOT_LABEL = False\n
          "},{"location":"config/seahub_settings_py/#library-options","title":"Library options","text":"

          Options for libraries:

          # if enable create encrypted library\nENABLE_ENCRYPTED_LIBRARY = True\n\n# version for encrypted library\n# should only be `2` or `4`.\n# version 3 is insecure (using AES128 encryption) so it's not recommended any more.\nENCRYPTED_LIBRARY_VERSION = 2\n\n# mininum length for password of encrypted library\nREPO_PASSWORD_MIN_LENGTH = 8\n\n# force use password when generate a share/upload link (since version 8.0.9)\nSHARE_LINK_FORCE_USE_PASSWORD = False\n\n# mininum length for password for share link (since version 4.4)\nSHARE_LINK_PASSWORD_MIN_LENGTH = 8\n\n# LEVEL for the password of a share/upload link\n# based on four types of input:\n# num, upper letter, lower letter, other symbols\n# '3' means password must have at least 3 types of the above. (since version 8.0.9)\nSHARE_LINK_PASSWORD_STRENGTH_LEVEL = 3\n\n# Default expire days for share link (since version 6.3.8)\n# Once this value is configured, the user can no longer generate an share link with no expiration time.\n# If the expiration value is not set when the share link is generated, the value configured here will be used.\nSHARE_LINK_EXPIRE_DAYS_DEFAULT = 5\n\n# minimum expire days for share link (since version 6.3.6)\n# SHARE_LINK_EXPIRE_DAYS_MIN should be less than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).\nSHARE_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.\n\n# maximum expire days for share link (since version 6.3.6)\n# SHARE_LINK_EXPIRE_DAYS_MIN should be greater than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).\nSHARE_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.\n\n# Default expire days for upload link (since version 7.1.6)\n# Once this value is configured, the user can no longer generate an upload link with no expiration time.\n# If the expiration value is not set when the upload link is generated, the value configured here will be used.\nUPLOAD_LINK_EXPIRE_DAYS_DEFAULT = 5\n\n# minimum expire days for upload link (since version 7.1.6)\n# UPLOAD_LINK_EXPIRE_DAYS_MIN should be less than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).\nUPLOAD_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.\n\n# maximum expire days for upload link (since version 7.1.6)\n# UPLOAD_LINK_EXPIRE_DAYS_MAX should be greater than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).\nUPLOAD_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.\n\n# force user login when view file/folder share link (since version 6.3.6)\nSHARE_LINK_LOGIN_REQUIRED = True\n\n# enable water mark when view(not edit) file in web browser (since version 6.3.6)\nENABLE_WATERMARK = True\n\n# Disable sync with any folder. Default is `False`\n# NOTE: since version 4.2.4\nDISABLE_SYNC_WITH_ANY_FOLDER = True\n\n# Enable or disable library history setting\nENABLE_REPO_HISTORY_SETTING = True\n\n# Enable or disable user share library to any group\n# Since version 6.2.0\nENABLE_SHARE_TO_ALL_GROUPS = True\n\n# Enable or disable user to clean trash (default is True)\n# Since version 6.3.6\nENABLE_USER_CLEAN_TRASH = True\n\n# Add a report abuse button on download links. (since version 7.1.0)\n# Users can report abuse on the share link page, fill in the report type, contact information, and description.\n# Default is false.\nENABLE_SHARE_LINK_REPORT_ABUSE = True\n

          Options for online file preview:

          # Online preview maximum file size, defaults to 30M.\nFILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024\n\n# Extensions of previewed text files.\n# NOTE: since version 6.1.1\nTEXT_PREVIEW_EXT = \"\"\"ac, am, bat, c, cc, cmake, cpp, cs, css, diff, el, h, html,\nhtm, java, js, json, less, make, org, php, pl, properties, py, rb,\nscala, script, sh, sql, txt, text, tex, vi, vim, xhtml, xml, log, csv,\ngroovy, rst, patch, go\"\"\"\n\n\n# Seafile only generates thumbnails for images smaller than the following size.\n# Since version 6.3.8 pro, suport the psd online preview.\nTHUMBNAIL_IMAGE_SIZE_LIMIT = 30 # MB\n\n# Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first.\n# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html\n# NOTE: this option is deprecated in version 7.1\nENABLE_VIDEO_THUMBNAIL = False\n\n# Use the frame at 5 second as thumbnail\n# NOTE: this option is deprecated in version 7.1\nTHUMBNAIL_VIDEO_FRAME_TIME = 5\n\n# Absolute filesystem path to the directory that will hold thumbnail files.\nTHUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/'\n\n# Default size for picture preview. Enlarge this size can improve the preview quality.\n# NOTE: since version 6.1.1\nTHUMBNAIL_SIZE_FOR_ORIGINAL = 1024\n
          "},{"location":"config/seahub_settings_py/#cloud-mode","title":"Cloud Mode","text":"

          You should enable cloud mode if you use Seafile with an unknown user base. It disables the organization tab in Seahub's website to ensure that users can't access the user list. Cloud mode provides some nice features like sharing content with unregistered users and sending invitations to them. Therefore you also want to enable user registration. Through the global address book (since version 4.2.3) you can do a search for every user account. So you probably want to disable it.

          # Enable cloude mode and hide `Organization` tab.\nCLOUD_MODE = True\n\n# Disable global address book\nENABLE_GLOBAL_ADDRESSBOOK = False\n
          "},{"location":"config/seahub_settings_py/#single-sign-on","title":"Single Sign On","text":"
          # Enable authentication with ADFS\n# Default is False\n# Since 6.0.9\nENABLE_ADFS_LOGIN = True\n\n# Force user login through ADFS instead of email and password\n# Default is False\n# Since 11.0.7\nDISABLE_ADFS_USER_PWD_LOGIN = True\n\n# Enable authentication wit Kerberos\n# Default is False\nENABLE_KRB5_LOGIN = True\n\n# Enable authentication with Shibboleth\n# Default is False\nENABLE_SHIBBOLETH_LOGIN = True\n\n# Enable client to open an external browser for single sign on\n# When it is false, the old buitin browser is opened for single sign on\n# When it is true, the default browser of the operation system is opened\n# The benefit of using system browser is that it can support hardware 2FA\n# Since 11.0.0, and sync client 9.0.5, drive client 3.0.8\nCLIENT_SSO_VIA_LOCAL_BROWSER = True   # default is False\nCLIENT_SSO_UUID_EXPIRATION = 5 * 60   # in seconds\n
          "},{"location":"config/seahub_settings_py/#other-options","title":"Other options","text":"
          # This is outside URL for Seahub(Seafile Web). \n# The domain part (i.e., www.example.com) will be used in generating share links and download/upload file via web.\n# Note: SERVICE_URL is moved to seahub_settings.py since 9.0.0\n# Note: SERVICE_URL is no longer used since version 12.0\n# SERVICE_URL = 'https://seafile.example.com:'\n\n# Disable settings via Web interface in system admin->settings\n# Default is True\n# Since 5.1.3\nENABLE_SETTINGS_VIA_WEB = False\n\n# Choices can be found here:\n# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name\n# although not all choices may be available on all operating systems.\n# If running in a Windows environment this must be set to the same as your\n# system time zone.\nTIME_ZONE = 'UTC'\n\n# Language code for this installation. All choices can be found here:\n# http://www.i18nguy.com/unicode/language-identifiers.html\n# Default language for sending emails.\nLANGUAGE_CODE = 'en'\n\n# Custom language code choice.\nLANGUAGES = (\n    ('en', 'English'),\n    ('zh-cn', '\u7b80\u4f53\u4e2d\u6587'),\n    ('zh-tw', '\u7e41\u9ad4\u4e2d\u6587'),\n)\n\n# Set this to your website/company's name. This is contained in email notifications and welcome message when user login for the first time.\nSITE_NAME = 'Seafile'\n\n# Browser tab's title\nSITE_TITLE = 'Private Seafile'\n\n# If you don't want to run seahub website on your site's root path, set this option to your preferred path.\n# e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/.\nSITE_ROOT = '/'\n\n# Max number of files when user upload file/folder.\n# Since version 6.0.4\nMAX_NUMBER_OF_FILES_FOR_FILEUPLOAD = 500\n\n# Control the language that send email. Default to user's current language.\n# Since version 6.1.1\nSHARE_LINK_EMAIL_LANGUAGE = ''\n\n# Interval for browser requests unread notifications\n# Since PRO 6.1.4 or CE 6.1.2\nUNREAD_NOTIFICATIONS_REQUEST_INTERVAL = 3 * 60 # seconds\n\n# Whether to allow user to delete account, change login password or update basic user\n# info on profile page.\n# Since PRO 6.3.10\nENABLE_DELETE_ACCOUNT = False\nENABLE_UPDATE_USER_INFO = False\nENABLE_CHANGE_PASSWORD = False\n\n# Get web api auth token on profile page.\nENABLE_GET_AUTH_TOKEN_BY_SESSION = True\n\n# Since 8.0.6 CE/PRO version.\n# Url redirected to after user logout Seafile.\n# Usually configured as Single Logout url.\nLOGOUT_REDIRECT_URL = 'http{s}://www.example-url.com'\n\n\n# Enable system admin add T&C, all users need to accept terms before using. Defaults to `False`.\n# Since version 6.0\nENABLE_TERMS_AND_CONDITIONS = True\n\n# Enable two factor authentication for accounts. Defaults to `False`.\n# Since version 6.0\nENABLE_TWO_FACTOR_AUTH = True\n\n# Enable user select a template when he/she creates library.\n# When user select a template, Seafile will create folders releated to the pattern automaticly.\n# Since version 6.0\nLIBRARY_TEMPLATES = {\n    'Technology': ['/Develop/Python', '/Test'],\n    'Finance': ['/Current assets', '/Fixed assets/Computer']\n}\n\n# Enable a user to change password in 'settings' page. Default to `True`\n# Since version 6.2.11\nENABLE_CHANGE_PASSWORD = True\n\n# If show contact email when search user.\nENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER = True\n
          "},{"location":"config/seahub_settings_py/#pro-edition-only-options","title":"Pro edition only options","text":"
          # Whether to show the used traffic in user's profile popup dialog. Default is True\nSHOW_TRAFFIC = True\n\n# Allow administrator to view user's file in UNENCRYPTED libraries\n# through Libraries page in System Admin. Default is False.\nENABLE_SYS_ADMIN_VIEW_REPO = True\n\n# For un-login users, providing an email before downloading or uploading on shared link page.\n# Since version 5.1.4\nENABLE_SHARE_LINK_AUDIT = True\n\n# Check virus after upload files to shared upload links. Defaults to `False`.\n# Since version 6.0\nENABLE_UPLOAD_LINK_VIRUS_CHECK = True\n\n# Send email to these email addresses when a virus is detected.\n# This list can be any valid email address, not necessarily the emails of Seafile user.\n# Since version 6.0.8\nVIRUS_SCAN_NOTIFY_LIST = ['user_a@seafile.com', 'user_b@seafile.com']\n
          "},{"location":"config/seahub_settings_py/#restful-api","title":"RESTful API","text":"
          # API throttling related settings. Enlarger the rates if you got 429 response code during API calls.\nREST_FRAMEWORK = {\n    'DEFAULT_THROTTLE_RATES': {\n        'ping': '600/minute',\n        'anon': '5/minute',\n        'user': '300/minute',\n    },\n    'UNICODE_JSON': False,\n}\n\n# Throtting whitelist used to disable throttle for certain IPs.\n# e.g. REST_FRAMEWORK_THROTTING_WHITELIST = ['127.0.0.1', '192.168.1.1']\n# Please make sure `REMOTE_ADDR` header is configured in Nginx conf according to https://manual.seafile.com/12.0/setup_binary/ce/deploy_with_nginx.html.\nREST_FRAMEWORK_THROTTING_WHITELIST = []\n
          "},{"location":"config/seahub_settings_py/#seahub-custom-functions","title":"Seahub Custom Functions","text":"

          Since version 6.2, you can define a custom function to modify the result of user search function.

          For example, if you want to limit user only search users in the same institution, you can define custom_search_user function in {seafile install path}/conf/seahub_custom_functions/__init__.py

          Code example:

          import os\nimport sys\n\ncurrent_path = os.path.dirname(os.path.abspath(__file__))\nseahub_dir = os.path.join(current_path, \\\n        '../../seafile-server-latest/seahub/seahub')\nsys.path.append(seahub_dir)\n\nfrom seahub.profile.models import Profile\ndef custom_search_user(request, emails):\n\n    institution_name = ''\n\n    username = request.user.username\n    profile = Profile.objects.get_profile_by_user(username)\n    if profile:\n        institution_name = profile.institution\n\n    inst_users = [p.user for p in\n            Profile.objects.filter(institution=institution_name)]\n\n    filtered_emails = []\n    for email in emails:\n        if email in inst_users:\n            filtered_emails.append(email)\n\n    return filtered_emails\n

          You should NOT change the name of custom_search_user and seahub_custom_functions/__init__.py

          Since version 6.2.5 pro, if you enable the ENABLE_SHARE_TO_ALL_GROUPS feather on sysadmin settings page, you can also define a custom function to return the groups a user can share library to.

          For example, if you want to let a user to share library to both its groups and the groups of user test@test.com, you can define a custom_get_groups function in {seafile install path}/conf/seahub_custom_functions/__init__.py

          Code example:

          import os\nimport sys\n\ncurrent_path = os.path.dirname(os.path.abspath(__file__))\nseaserv_dir = os.path.join(current_path, \\\n        '../../seafile-server-latest/seafile/lib64/python2.7/site-packages')\nsys.path.append(seaserv_dir)\n\ndef custom_get_groups(request):\n\n    from seaserv import ccnet_api\n\n    groups = []\n    username = request.user.username\n\n    # for current user\n    groups += ccnet_api.get_groups(username)\n\n    # for 'test@test.com' user\n    groups += ccnet_api.get_groups('test@test.com')\n\n    return groups\n

          You should NOT change the name of custom_get_groups and seahub_custom_functions/__init__.py

          Tip

          • You need to restart seahub so that your changes take effect.
          Deploy in DockerDeploy from binary packages 
          docker compose restart\n
          cd /opt/seafile/seafile-server-latest\n./seahub.sh restart\n
          • If your changes don't take effect, You may need to delete 'seahub_setting.pyc'. (A cache file)
          "},{"location":"config/sending_email/","title":"Sending Email Notifications on Seahub","text":""},{"location":"config/sending_email/#types-of-email-sending-in-seafile","title":"Types of Email Sending in Seafile","text":"

          There are currently five types of emails sent in Seafile:

          • User resets his/her password
          • System admin adds new member
          • System admin resets user password
          • User sends file/folder share and upload link
          • Reminder of unread notifications

          The first four types of email are sent immediately. The last type is sent by a background task running periodically.

          "},{"location":"config/sending_email/#options-of-email-sending","title":"Options of Email Sending","text":"

          Please add the following lines to seahub_settings.py to enable email sending.

          EMAIL_USE_TLS = True\nEMAIL_HOST = 'smtp.example.com'        # smpt server\nEMAIL_HOST_USER = 'username@example.com'    # username and domain\nEMAIL_HOST_PASSWORD = 'password'    # password\nEMAIL_PORT = 587\nDEFAULT_FROM_EMAIL = EMAIL_HOST_USER\nSERVER_EMAIL = EMAIL_HOST_USER\n

          Note

          • If your email service still does not work, you can checkout the log file logs/seahub.log to see what may cause the problem. For a complete email notification list, please refer to email notification list.

          • If you want to use the email service without authentication leaf EMAIL_HOST_USER and EMAIL_HOST_PASSWORD blank (''). (But notice that the emails then will be sent without a From: address.)

          • About using SSL connection (using port 465)

            • Port 587 is being used to establish a connection using STARTTLS and port 465 is being used to establish an SSL connection. Starting from Django 1.8, it supports both.
            • If you want to use SSL on port 465, set EMAIL_USE_SSL = True instead of EMAIL_USE_TLS.
          "},{"location":"config/sending_email/#change-reply-to-of-email","title":"Change reply to of email","text":"

          You can change the reply to field of email by add the following settings to seahub_settings.py. This only affects email sending for file share link.

          # Set reply-to header to user's email or not, defaults to ``False``. For details,\n# please refer to http://www.w3.org/Protocols/rfc822/\nADD_REPLY_TO_HEADER = True\n
          "},{"location":"config/sending_email/#config-background-email-sending-task","title":"Config background email sending task","text":"

          The background task will run periodically to check whether an user have new unread notifications. If there are any, it will send a reminder email to that user. The background email sending task is controlled by seafevents.conf.

          [SEAHUB EMAIL]\n\n## must be \"true\" to enable user email notifications when there are new unread notifications\nenabled = true\n\n## interval of sending seahub email. Can be s(seconds), m(minutes), h(hours), d(days)\ninterval = 30m\n
          "},{"location":"config/sending_email/#customize-email-messages","title":"Customize email messages","text":"

          The simplest way to customize the email messages is setting the SITE_NAME variable in seahub_settings.py. If it is not enough for your case, you can customize the email templates.

          Tip

          Subject line may vary between different releases, this is based on Release 5.0.0. Restart Seahub so that your changes take effect.

          "},{"location":"config/sending_email/#the-email-base-template","title":"The email base template","text":"

          seahub/seahub/templates/email_base.html

          Tip

          You can copy email_base.html to seahub-data/custom/templates/email_base.html and modify the new one. In this way, the customization will be maintained after upgrade.

          "},{"location":"config/sending_email/#user-resets-hisher-password","title":"User resets his/her password","text":"

          Subject

          seahub/seahub/auth/forms.py line:127

                  send_html_email(_(\"Reset Password on %s\") % site_name,\n                  email_template_name, c, None, [user.username])\n

          Body

          seahub/seahub/templates/registration/password_reset_email.html

          Tip

          You can copy password_reset_email.html to seahub-data/custom/templates/registration/password_reset_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

          "},{"location":"config/sending_email/#system-admin-adds-new-member","title":"System admin adds new member","text":"

          Subject

          seahub/seahub/views/sysadmin.py line:424

          send_html_email(_(u'Password has been reset on %s') % SITE_NAME,\n            'sysadmin/user_reset_email.html', c, None, [email])\n

          Body

          seahub/seahub/templates/sysadmin/user_add_email.html

          Tip

          You can copy user_add_email.html to seahub-data/custom/templates/sysadmin/user_add_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

          "},{"location":"config/sending_email/#system-admin-resets-user-password","title":"System admin resets user password","text":"

          Subject

          seahub/seahub/views/sysadmin.py line:1224

          send_html_email(_(u'Password has been reset on %s') % SITE_NAME,\n            'sysadmin/user_reset_email.html', c, None, [email])\n

          Body

          seahub/seahub/templates/sysadmin/user_reset_email.html

          Tip

          You can copy user_reset_email.html to seahub-data/custom/templates/sysadmin/user_reset_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

          "},{"location":"config/sending_email/#user-sends-filefolder-share-link","title":"User sends file/folder share link","text":"

          Subject

          seahub/seahub/share/views.py line:913

          try:\n    if file_shared_type == 'f':\n        c['file_shared_type'] = _(u\"file\")\n        send_html_email(_(u'A file is shared to you on %s') % SITE_NAME,\n                        'shared_link_email.html',\n                        c, from_email, [to_email],\n                        reply_to=reply_to\n                        )\n    else:\n        c['file_shared_type'] = _(u\"directory\")\n        send_html_email(_(u'A directory is shared to you on %s') % SITE_NAME,\n                        'shared_link_email.html',\n                        c, from_email, [to_email],\n                        reply_to=reply_to)\n

          Body

          seahub/seahub/templates/shared_link_email.html

          seahub/seahub/templates/shared_upload_link_email.html

          Tip

          You can copy shared_link_email.html to seahub-data/custom/templates/shared_link_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

          "},{"location":"config/sending_email/#reminder-of-unread-notifications","title":"Reminder of unread notifications","text":"

          Subject

          send_html_email(_('New notice on %s') % settings.SITE_NAME,\n                                'notifications/notice_email.html', c,\n                                None, [to_user])\n

          Body

          seahub/seahub/notifications/templates/notifications/notice_email.html

          "},{"location":"config/shibboleth_authentication/","title":"Shibboleth Authentication","text":"

          Shibboleth is a widely used single sign on (SSO) protocol. Seafile supports authentication via Shibboleth. It allows users from another organization to log in to Seafile without registering an account on the service provider.

          In this documentation, we assume the reader is familiar with Shibboleth installation and configuration. For introduction to Shibboleth concepts, please refer to https://shibboleth.atlassian.net/wiki/spaces/CONCEPT/overview .

          Shibboleth Service Provider (SP) should be installed on the same server as the Seafile server. The official SP from https://shibboleth.net/ is implemented as an Apache module. The module handles all Shibboleth authentication details. Seafile server receives authentication information (username) from HTTP request. The username then can be used as login name for the user.

          Seahub provides a special URL to handle Shibboleth login. The URL is https://your-seafile-domain/sso. Only this URL needs to be configured under Shibboleth protection. All other URLs don't go through the Shibboleth module. The overall workflow for a user to login with Shibboleth is as follows:

          1. In the Seafile login page, there is a separate \"Single Sign-On\" login button. When the user clicks the button, she/he will be redirected to https://your-seafile-domain/sso.
          2. Since that URL is controlled by Shibboleth, the user will be redirected to IdP for login. After the user logs in, she/he will be redirected back to https://your-seafile-domain/sso.
          3. This time the Shibboleth module passes the request to Seahub. Seahub reads the user information from the request(HTTP_REMOTE_USER header) and brings the user to her/his home page.
          4. All later access to Seahub will not pass through the Shibboleth module. Since Seahub keeps session information internally, the user doesn't need to login again until the session expires.

          Since Shibboleth support requires Apache, if you want to use Nginx, you need two servers, one for non-Shibboleth access, another configured with Apache to allow Shibboleth login. In a cluster environment, you can configure your load balancer to direct traffic to different server according to URL. Only the URL https://your-seafile-domain/sso needs to be directed to Apache.

          The configuration includes 3 steps:

          1. Install and configure Shibboleth Service Provider;
          2. Configure Apache;
          3. Configure Seahub.
          "},{"location":"config/shibboleth_authentication/#install-and-configure-shibboleth-service-provider","title":"Install and Configure Shibboleth Service Provider","text":"

          We use CentOS 7 as example.

          "},{"location":"config/shibboleth_authentication/#configure-apache","title":"Configure Apache","text":"

          You should create a new virtual host configuration for Shibboleth. And then restart Apache.

          <IfModule mod_ssl.c>\n    <VirtualHost _default_:443>\n        ServerName your-seafile-domain\n        DocumentRoot /var/www\n        Alias /media /opt/seafile/seafile-server-latest/seahub/media\n\n        ErrorLog ${APACHE_LOG_DIR}/seahub.error.log\n        CustomLog ${APACHE_LOG_DIR}/seahub.access.log combined\n\n        SSLEngine on\n        SSLCertificateFile  /path/to/ssl-cert.pem\n        SSLCertificateKeyFile /path/to/ssl-key.pem\n\n        <Location /Shibboleth.sso>\n            SetHandler shib\n            AuthType shibboleth\n            ShibRequestSetting requireSession 1\n            Require valid-user\n        </Location>\n\n        <Location /sso>\n            SetHandler shib\n            AuthType shibboleth\n            ShibUseHeaders On\n            ShibRequestSetting requireSession 1\n            Require valid-user\n        </Location>\n\n        RewriteEngine On\n        <Location /media>\n            Require all granted\n        </Location>\n\n        # seafile fileserver\n        ProxyPass /seafhttp http://127.0.0.1:8082\n        ProxyPassReverse /seafhttp http://127.0.0.1:8082\n        RewriteRule ^/seafhttp - [QSA,L]\n\n        # seahub\n        SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n        ProxyPass / http://127.0.0.1:8000/\n        ProxyPassReverse / http://127.0.0.1:8000/\n\n        # for http\n        # RequestHeader set REMOTE_USER %{REMOTE_USER}e\n        # for https\n        RequestHeader set REMOTE_USER %{REMOTE_USER}s\n    </VirtualHost>\n</IfModule>\n
          "},{"location":"config/shibboleth_authentication/#install-and-configure-shibboleth","title":"Install and Configure Shibboleth","text":"

          Installation and configuration of Shibboleth is out of the scope of this documentation. You can refer to the official Shibboleth document.

          "},{"location":"config/shibboleth_authentication/#configure-shibbolethsp","title":"Configure Shibboleth(SP)","text":""},{"location":"config/shibboleth_authentication/#shibboleth2xml","title":"shibboleth2.xml","text":"

          Open /etc/shibboleth/shibboleth2.xml and change some property. After you have done all the followings, don't forget to restart Shibboleth(SP)

          "},{"location":"config/shibboleth_authentication/#applicationdefaults-element","title":"ApplicationDefaults element","text":"

          Change entityID and REMOTE_USER property:

          <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->\n<ApplicationDefaults entityID=\"https://your-seafile-domain/sso\"\n    REMOTE_USER=\"mail\"\n    cipherSuites=\"DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1\">\n

          Seahub extracts the username from the REMOTE_USER environment variable. So you should modify your SP's shibboleth2.xml config file, so that Shibboleth translates your desired attribute into REMOTE_USER environment variable.

          In Seafile, only one of the following two attributes can be used for username: eppn, and mail. eppn stands for \"Edu Person Principal Name\". It is usually the UserPrincipalName attribute in Active Directory. It's not necessarily a valid email address. mail is the user's email address. You should set REMOTE_USER to either one of these attributes.

          "},{"location":"config/shibboleth_authentication/#sso-element","title":"SSO element","text":"

          Change entityID property:

          <!--\nConfigures SSO for a default IdP. To properly allow for >1 IdP, remove\nentityID property and adjust discoveryURL to point to discovery service.\nYou can also override entityID on /Login query string, or in RequestMap/htaccess.\n-->\n<SSO entityID=\"https://your-IdP-domain\">\n     <!--discoveryProtocol=\"SAMLDS\" discoveryURL=\"https://wayf.ukfederation.org.uk/DS\"-->\n  SAML2\n</SSO>\n
          "},{"location":"config/shibboleth_authentication/#metadataprovider-element","title":"MetadataProvider element","text":"

          Change url and backingFilePath property:

          <!-- Example of remotely supplied batch of signed metadata. -->\n<MetadataProvider type=\"XML\" validate=\"true\"\n            url=\"http://your-IdP-metadata-url\"\n      backingFilePath=\"your-IdP-metadata.xml\" maxRefreshDelay=\"7200\">\n    <MetadataFilter type=\"RequireValidUntil\" maxValidityInterval=\"2419200\"/>\n    <MetadataFilter type=\"Signature\" certificate=\"fedsigner.pem\" verifyBackup=\"false\"/>\n
          "},{"location":"config/shibboleth_authentication/#attribute-mapxml","title":"attribute-map.xml","text":"

          Open /etc/shibboleth/attribute-map.xml and change some property. After you have done all the followings, don't forget to restart Shibboleth(SP)

          "},{"location":"config/shibboleth_authentication/#attribute-element","title":"Attribute element","text":"

          Uncomment attribute elements for getting more user info:

          <!-- Older LDAP-defined attributes (SAML 2.0 names followed by SAML 1 names)... -->\n<Attribute name=\"urn:oid:2.16.840.1.113730.3.1.241\" id=\"displayName\"/>\n<Attribute name=\"urn:oid:0.9.2342.19200300.100.1.3\" id=\"mail\"/>\n\n<Attribute name=\"urn:mace:dir:attribute-def:displayName\" id=\"displayName\"/>\n<Attribute name=\"urn:mace:dir:attribute-def:mail\" id=\"mail\"/>\n
          "},{"location":"config/shibboleth_authentication/#upload-shibbolethsps-metadata","title":"Upload Shibboleth(SP)'s metadata","text":"

          After restarting Apache, you should be able to get the Service Provider metadata by accessing https://your-seafile-domain/Shibboleth.sso/Metadata. This metadata should be uploaded to the Identity Provider (IdP) server.

          "},{"location":"config/shibboleth_authentication/#configure-seahub","title":"Configure Seahub","text":"

          Add the following configuration to seahub_settings.py.

          ENABLE_SHIB_LOGIN = True\nSHIBBOLETH_USER_HEADER = 'HTTP_REMOTE_USER'\n# basic user attributes\nSHIBBOLETH_ATTRIBUTE_MAP = {\n    \"HTTP_DISPLAYNAME\": (False, \"display_name\"),\n    \"HTTP_MAIL\": (False, \"contact_email\"),\n}\nEXTRA_MIDDLEWARE = (\n    'shibboleth.middleware.ShibbolethRemoteUserMiddleware',\n)\nEXTRA_AUTHENTICATION_BACKENDS = (\n    'shibboleth.backends.ShibbolethRemoteUserBackend',\n)\n

          Seahub can process additional user attributes from Shibboleth. These attributes are saved into Seahub's database, as user's properties. They're all not mandatory. The internal user properties Seahub now supports are:

          • givenname
          • surname
          • contact_email: used for sending notification email to user if username is not a valid email address (like eppn).
          • institution: used to identify user's institution

          You can specify the mapping between Shibboleth attributes and Seahub's user properties in seahub_settings.py:

          SHIBBOLETH_ATTRIBUTE_MAP  = {\n    \"HTTP_GIVENNAME\": (False, \"givenname\"),\n    \"HTTP_SN\": (False, \"surname\"),\n    \"HTTP_MAIL\": (False, \"contact_email\"),\n    \"HTTP_ORGANIZATION\": (False, \"institution\"),\n}\n

          In the above config, the hash key is Shibboleth attribute name, the second element in the hash value is Seahub's property name. You can adjust the Shibboleth attribute name for your own needs.

          You may have to change attribute-map.xml in your Shibboleth SP, so that the desired attributes are passed to Seahub. And you have to make sure the IdP sends these attributes to the SP

          We also added an option SHIB_ACTIVATE_AFTER_CREATION (defaults to True) which control the user status after shibboleth connection. If this option set to False, user will be inactive after connection, and system admins will be notified by email to activate that account.

          "},{"location":"config/shibboleth_authentication/#affiliation-and-user-role","title":"Affiliation and user role","text":"

          Shibboleth has a field called affiliation. It is a list like: employee@uni-mainz.de;member@uni-mainz.de;faculty@uni-mainz.de;staff@uni-mainz.de.

          We are able to set user role from Shibboleth. Details about user role, please refer to Roles and Permissions

          To enable this, modify SHIBBOLETH_ATTRIBUTE_MAP above and add Shibboleth-affiliation field, you may need to change Shibboleth-affiliation according to your Shibboleth SP attributes.

          SHIBBOLETH_ATTRIBUTE_MAP  = {\n    \"HTTP_GIVENNAME\": (False, \"givenname\"),\n    \"HTTP_SN\": (False, \"surname\"),\n    \"HTTP_MAIL\": (False, \"contact_email\"),\n    \"HTTP_ORGANIZATION\": (False, \"institution\"),\n    \"HTTP_Shibboleth-affiliation\": (False, \"affiliation\"),\n}\n

          Then add new config to define affiliation role map,

          SHIBBOLETH_AFFILIATION_ROLE_MAP = {\n    'employee@uni-mainz.de': 'staff',\n    'member@uni-mainz.de': 'staff',\n    'student@uni-mainz.de': 'student',\n    'employee@hu-berlin.de': 'guest',\n    'patterns': (\n        ('*@hu-berlin.de', 'guest1'),\n        ('*@*.de', 'guest2'),\n        ('*', 'guest'),\n    ),\n}\n

          After Shibboleth login, Seafile should calcualte user's role from affiliation and SHIBBOLETH_AFFILIATION_ROLE_MAP.

          "},{"location":"config/shibboleth_authentication/#verify","title":"Verify","text":"

          After restarting Apache and Seahub service (./seahub.sh restart), you can then test the shibboleth login workflow.

          "},{"location":"config/shibboleth_authentication/#debug","title":"Debug","text":"

          If you encountered problems when login, follow these steps to get debug info (for Seafile pro 6.3.13).

          "},{"location":"config/shibboleth_authentication/#add-this-setting-to-seahub_settingspy","title":"Add this setting to seahub_settings.py","text":"
          DEBUG = True\n
          "},{"location":"config/shibboleth_authentication/#change-seafiles-code","title":"Change Seafile's code","text":"

          Open seafile-server-latest/seahub/thirdpart/shibboleth/middleware.py

          Insert the following code in line 59

              assert False\n

          Insert the following code in line 65

          if not username:\n    assert False\n

          The complete code after these changes is as follows:

          #Locate the remote user header.\n# import pprint; pprint.pprint(request.META)\ntry:\n    username = request.META[SHIB_USER_HEADER]\nexcept KeyError:\n    assert False\n    # If specified header doesn't exist then return (leaving\n    # request.user set to AnonymousUser by the\n    # AuthenticationMiddleware).\n    return\n\nif not username:\n    assert False\n\np_id = ccnet_api.get_primary_id(username)\nif p_id is not None:\n    username = p_id\n

          Then restart Seafile and relogin, you will see debug info in web page.

          "},{"location":"config/single_sign_on/","title":"Single Sign On support in Seafile","text":"

          Seafile supports most of the popular single-sign-on authentication protocols. Some are included in Community Edition, some are only in Pro Edition.

          In the Community Edition:

          • Shibboleth
          • OAuth
          • Remote User (Proxy Server)
          • Auto Login to SeaDrive on Windows

          Kerberos authentication can be integrated by using Apache as a proxy server and follow the instructions in Remote User Authentication and Auto Login SeaDrive on Windows.

          In Pro Edition:

          • ADFS or SAML 2.0
          "},{"location":"develop/","title":"Develop Documents","text":"

          Build Seafile

          • How to Build Seafile
          • How to Setup Development Environment

          Seafile Open API

          • Seafile Web API
          • Seafile PHP API

          Seafile Implement Details

          • Seafile Data Model
          "},{"location":"develop/build_seafile/","title":"How to Build Seafile","text":"

          You can build Seafile from our source code package or from the Github repo directly.

          Client

          • Linux
          • Max OS X
          • Windows

          Server

          • Build Seafile server
          "},{"location":"develop/data_model/","title":"Data Model","text":"

          Seafile internally uses a data model similar to GIT's. It consists of Repo, Commit, FS, and Block.

          Seafile's high performance comes from the architectural design: stores file metadata in object storage (or file system), while only stores small amount of metadata about the libraries in relational database. An overview of the architecture can be depicted as below. We'll describe the data model in more details.

          "},{"location":"develop/data_model/#repo","title":"Repo","text":"

          A repo is also called a library. Every repo has an unique id (UUID), and attributes like description, creator, password.

          The metadata for a repo is stored in seafile_db database and the commit objects (see description in later section).

          There are a few tables in the seafile_db database containing important information about each repo.

          • Repo: contains the ID for each repo.
          • RepoOwner: contains the owner id for each repo.
          • RepoInfo: it is a \"cache\" table for fast access to repo metadata stored in the commit object. It includes repo name, update time, last modifier.
          • RepoSize: the total size of all files in the repo.
          • RepoFileCount: the file count in the repo.
          • RepoHead: contains the \"head commit ID\". This ID points to the head commit in the storage, which will be described in the next section.
          "},{"location":"develop/data_model/#commit","title":"Commit","text":"

          Commit objects save the change history of a repo. Each update from the web interface, or sync upload operation will create a new commit object. A commit object contains the following information: commit ID, library name, creator of this commit (a.k.a. the modifier), creation time of this commit (a.k.a. modification time), root fs object ID, parent commit ID.

          The root fs object ID points to the root FS object, from which we can traverse a file system snapshot for the repo.

          The parent commit ID points to the last commit previous to the current commit. The RepoHead table contains the latest head commit ID for each repo. From this head commit, we can traverse the repo history.

          If you use file system as storage backend, commit objects are stored in the path seafile-data/storage/commits/<repo_id>. If you use object storage, commit objects are stored in the commits bucket.

          "},{"location":"develop/data_model/#fs","title":"FS","text":"

          There are two types of FS objects, SeafDir Object and Seafile Object. SeafDir Object represents a directory, and Seafile Object represents a file.

          The SeafDir object contains metadata for each file/sub-folder, which includes name, last modification time, last modifier, size, and object ID. The object ID points to another SeafDir or Seafile object. The Seafile object contains a block list, which is a list of block IDs for the file.

          The FS object IDs are calculated based on the contents of the object. That means if a folder or a file is not changed, the same objects will be reused across multiple commits. This allow us to create snapshots very efficiently.

          If you use file system as storage backend, commit objects are stored in the path seafile-data/storage/fs/<repo_id>. If you use object storage, commit objects are stored in the fs bucket.

          "},{"location":"develop/data_model/#block","title":"Block","text":"

          A file is further divided into blocks with variable lengths. We use Content Defined Chunking algorithm to divide file into blocks. A clear overview of this algorithm can be found at http://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf. On average, a block's size is around 8MB.

          This mechanism makes it possible to deduplicate data between different versions of frequently updated files, improving storage efficiency. It also enables transferring data to/from multiple servers in parallel.

          If you use file system as storage backend, commit objects are stored in the path seafile-data/storage/blocks/<repo_id>. If you use object storage, commit objects are stored in the blocks bucket.

          "},{"location":"develop/data_model/#virtual-repo","title":"Virtual Repo","text":"

          A \"virtual repo\" is a special repo that will be created in the cases below:

          • A folder in a library is shared.
          • A folder in a library is synced selectively from the sync client.

          A virtual repo can be understood as a view for part of the data in its parent library. For example, when sharing a folder, the virtual repo only provides access to the shared folder in that library. Virtual repo use the same underlying data as the parent library. So virtual repos use the same fs and blocks storage location as its parent.

          Virtual repo has its own change history. So it has separate commits storage location from its parent. The changes in virtual repo and its parent repo will be bidirectional merged. So that changes from each side can be seen from another.

          There is a VirtualRepo table in seafile_db database. It contains the folder path in the parent repo for each virtual repo.

          "},{"location":"develop/linux/","title":"Linux","text":""},{"location":"develop/linux/#preparation","title":"Preparation","text":"

          The following list is what you need to install on your development machine. You should install all of them before you build Seafile.

          Package names are according to Ubuntu 14.04. For other Linux distros, please find their corresponding names yourself.

          • autoconf/automake/libtool
          • libevent-dev ( 2.0 or later )
          • libcurl4-openssl-dev (1.0.0 or later)
          • libgtk2.0-dev ( 2.24 or later)
          • uuid-dev
          • intltool (0.40 or later)
          • libsqlite3-dev (3.7 or later)
          • valac (only needed if you build from git repo)
          • libjansson-dev
          • qtchooser
          • qtbase5-dev
          • libqt5webkit5-dev
          • qttools5-dev
          • qttools5-dev-tools
          • valac
          • cmake
          • python-simplejson (for seaf-cli)
          • libssl-dev
          • libargon2-dev
          UbuntuFedora 20/23 
          sudo apt-get install autoconf automake libtool libevent-dev libcurl4-openssl-dev libgtk2.0-dev uuid-dev intltool libsqlite3-dev valac libjansson-dev cmake qtchooser qtbase5-dev libqt5webkit5-dev qttools5-dev qttools5-dev-tools libssl-dev libargon2-dev\n
          $ sudo yum install wget gcc libevent-devel openssl-devel gtk2-devel libuuid-devel sqlite-devel jansson-devel intltool cmake libtool vala gcc-c++ qt5-qtbase-devel qt5-qttools-devel qt5-qtwebkit-devel libcurl-devel openssl-devel argon2-devel\n
          "},{"location":"develop/linux/#building","title":"Building","text":"

          First you should get the latest source of libsearpc/ccnet/seafile/seafile-client:

          Download the source tarball of the latest tag from

          • https://github.com/haiwen/libsearpc/tags (use v3.2-latest)
          • https://github.com/haiwen/seafile/tags
          • https://github.com/haiwen/seafile-client/tags

          For example, if the latest released seafile client is 8.0.0, then just use the v8.0.0 tags of the four projects. You should get four tarballs:

          • libsearpc-v3.2-latest.tar.gz
          • seafile-8.0.0.tar.gz
          • seafile-client-8.0.0.tar.gz
          # without alias wget= might not work\nshopt -s expand_aliases\n\nexport version=8.0.0\nalias wget='wget --content-disposition -nc'\nwget https://github.com/haiwen/libsearpc/archive/v3.2-latest.tar.gz\nwget https://github.com/haiwen/ccnet/archive/v${version}.tar.gz \nwget https://github.com/haiwen/seafile/archive/v${version}.tar.gz\nwget https://github.com/haiwen/seafile-client/archive/v${version}.tar.gz\n

          Now uncompress them:

          tar xf libsearpc-3.2-latest.tar.gz\ntar xf ccnet-${version}.tar.gz\ntar xf seafile-${version}.tar.gz\ntar xf seafile-client-${version}.tar.gz\n

          To build Seafile client, you need first build libsearpc and ccnet, seafile.

          "},{"location":"develop/linux/#set-paths","title":"set paths","text":"
          export PREFIX=/usr\nexport PKG_CONFIG_PATH=\"$PREFIX/lib/pkgconfig:$PKG_CONFIG_PATH\"\nexport PATH=\"$PREFIX/bin:$PATH\"\n
          "},{"location":"develop/linux/#libsearpc","title":"libsearpc","text":"
          cd libsearpc-3.2-latest\n./autogen.sh\n./configure --prefix=$PREFIX\nmake\nsudo make install\ncd ..\n
          "},{"location":"develop/linux/#seafile","title":"seafile","text":"

          In order to support notification server, you need to build libwebsockets first. 

          git clone --branch=v4.3.0 https://github.com/warmcat/libwebsockets\ncd libwebsockets\nmkdir build\ncd build\ncmake ..\nmake\nsudo make install\ncd ..\n

          You can set --enable-ws to no to disable notification server. After that, you can build seafile:

          cd seafile-${version}/\n./autogen.sh\n./configure --prefix=$PREFIX --disable-fuse\nmake\nsudo make install\ncd ..\n
          "},{"location":"develop/linux/#seafile-client","title":"seafile-client","text":"
          cd seafile-client-${version}\ncmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=$PREFIX .\nmake\nsudo make install\ncd ..\n
          "},{"location":"develop/linux/#custom-prefix","title":"custom prefix","text":"

          when installing to a custom $PREFIX, i.e. /opt, you may need a script to set the path variables correctly

          cat >$PREFIX/bin/seafile-applet.sh <<END\n#!/bin/bash\nexport LD_LIBRARY_PATH=\"$PREFIX/lib:$LD_LIBRARY_PATH\"\nexport PATH=\"$PREFIX/bin:$PATH\"\nexec seafile-applet $@\nEND\ncat >$PREFIX/bin/seaf-cli.sh <<END\nexport LD_LIBRARY_PATH=\"$PREFIX/lib:$LD_LIBRARY_PATH\"\nexport PATH=\"$PREFIX/bin:$PATH\"\nexport PYTHONPATH=$PREFIX/lib/python2.7/site-packages\nexec seaf-cli $@\nEND\nchmod +x $PREFIX/bin/seafile-applet.sh $PREFIX/bin/seaf-cli.sh\n

          you can now start the client with $PREFIX/bin/seafile-applet.sh.

          "},{"location":"develop/osx/","title":"macOS","text":""},{"location":"develop/osx/#environment-setup","title":"Environment Setup","text":"

          The following setups are required for building and packaging Sync Client on macOS:

          • XCode 13.2 (or later)
            • After installing XCode, you can start XCode once so that it automatically installs the rest of the components.
          • Qt 6.2
          • MacPorts
            • Modify /opt/local/etc/macports/macports.conf to add configuration universal_archs arm64 x86_64. Specifies the architecture on which MapPorts is compiled.
            • Modify /opt/local/etc/macports/variants.conf to add configuration +universal. MacPorts installs universal versions of all ports.
            • Install other dependencies: sudo port install autoconf automake pkgconfig libtool glib2 libevent vala openssl git jansson cmake libwebsockets argon2.
          • Certificates
            • Create certificate signing requests for certification, see https://developer.apple.com/help/account/create-certificates/create-a-certificate-signing-request.
            • Create a Developer ID Application certificate and a Developer ID Installer certificate, see https://developer.apple.com/help/account/create-certificates/create-developer-id-certificates. Install them to the login keychain.
            • Install the Developer ID Intermediate Certificate (Developer ID - G2), from https://www.apple.com/certificateauthority/
          • dropDMG
          • bash environments
            • add following lines to the ~/.bash_profile file:
              export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/opt/local/lib/pkgconfig:/usr/local/lib/pkgconfig\nexport PATH=/opt/local/bin:/usr/local/bin:/opt/local/Library/Frameworks/Python.framework/Versions/3.10/bin:$PATH\nexport LDFLAGS=\"-L/opt/local/lib -L/usr/local/lib\"\nexport CFLAGS=\"-I/opt/local/include -I/usr/local/include\"\nexport CPPFLAGS=\"-I/opt/local/include -I/usr/local/include\"\nexport LD_LIBRARY_PATH=/opt/lib:/usr/local/lib:/opt/local/lib/:/usr/local/lib/:$LD_LIBRARY_PATH\n\nQT_BASE=$HOME/Qt/6.2.4/macos\nexport PATH=$QT_BASE/bin:$PATH\nexport PKG_CONFIG_PATH=$QT_BASE/lib/pkgconfig:$PKG_CONFIG_PATH\nexport NOTARIZE_APPLE_ID=\"Your notarize account\"\nexport NOTARIZE_PASSWORD=\"Your notarize password\"\nexport NOTARIZE_TEAM_ID=\"Your notarize team id\"\n
          "},{"location":"develop/osx/#building-sync-client","title":"Building Sync Client","text":"

          Following directory structures are expected when building Sync Client:

          seafile-workspace/\nseafile-workspace/libsearpc/\nseafile-workspace/seafile/\nseafile-workspace/seafile-client/\n

          The source code of these projects can be downloaded at github.com/haiwen/libsearpc, github.com/haiwen/seafile, and github.com/haiwen/seafile-client.

          "},{"location":"develop/osx/#building","title":"Building","text":"

          Note: the building commands have been included in the packaging script, you can skip building commands while packaging.

          To build libsearpc:

          $ cd seafile-workspace/libsearpc/\n$ ./autogen.sh\n$ ./configure --disable-compile-demo --enable-compile-universal=yes\n$ make\n$ make install\n

          To build seafile:

          $ cd seafile-workspace/seafile/\n$ ./autogen.sh\n$ ./configure --disable-fuse --enable-compile-universal=yes\n$ make\n$ make install\n

          To build seafile-client:

          $ cd seafile-workspace/seafile-client/\n$ cmake -GXcode -B. -S.\n$ xcodebuild -target seafile-applet -configuration Release\n
          "},{"location":"develop/osx/#packaging","title":"Packaging","text":"
          1. Update the CERT_ID in seafile-workspace/seafile/scripts/build/build-mac-local-py3.py to the ID of Developer ID Application.
          2. Run the packaging script: python3 build-mac-local-py3.py --brand=\"\" --version=1.0.0 --nostrip --universal
          "},{"location":"develop/rpi/","title":"How to Build Seafile Server Release Package","text":"

          From Seafile 11.0, you can build Seafile release package with seafile-build script. You can check the README.md file in the same folder for detailed instructions.

          The seafile-build.sh compatible with more platforms, including Raspberry Pi, arm-64, x86-64.

          Old version is below:

          Table of contents:

          • Setup the build environment
          • Install packages
          • Compile development libraries
          • Install Python libraries
          • Prepare source code
          • Fetch git tags and prepare source tarballs
          • Run the packaging script
          • Test the built package
          • Test a fresh install
          • Test upgrading
          "},{"location":"develop/rpi/#setup-the-build-environment","title":"Setup the build environment","text":"

          Requirements:

          • A raspberry pi with raspian distribution installed.
          "},{"location":"develop/rpi/#install-packages","title":"Install packages","text":"
          sudo apt-get install build-essential\nsudo apt-get install libevent-dev libcurl4-openssl-dev libglib2.0-dev uuid-dev intltool libsqlite3-dev libmysqlclient-dev libarchive-dev libtool libjansson-dev valac libfuse-dev re2c flex python-setuptools cmake\n
          "},{"location":"develop/rpi/#compile-development-libraries","title":"Compile development libraries","text":""},{"location":"develop/rpi/#libevhtp","title":"libevhtp","text":"

          libevhtp is a http server libary on top of libevent. It's used in seafile file server.

          git clone https://www.github.com/haiwen/libevhtp.git\ncd libevhtp\ncmake -DEVHTP_DISABLE_SSL=ON -DEVHTP_BUILD_SHARED=OFF .\nmake\nsudo make install\n

          After compiling all the libraries, run ldconfig to update the system libraries cache:

          sudo ldconfig\n
          "},{"location":"develop/rpi/#install-python-libraries","title":"Install python libraries","text":"

          Create a new directory /home/pi/dev/seahub_thirdpart:

          mkdir -p ~/dev/seahub_thirdpart\n

          Download these tarballs to /tmp/:

          • pytz
          • Django
          • django-statici18n
          • djangorestframework
          • django_compressor
          • jsonfield
          • django-post_office
          • gunicorn
          • flup
          • chardet
          • python-dateutil
          • six
          • django-picklefield
          • django-constance
          • jdcal
          • et_xmlfile
          • openpyxl
          • futures
          • django-formtools
          • qrcode

          Install all these libaries to /home/pi/dev/seahub_thirdpart:

          cd ~/dev/seahub_thirdpart\nexport PYTHONPATH=.\npip install -t ~/dev/seahub_thirdpart/ /tmp/pytz-2016.1.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/Django-1.8.10.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/django-statici18n-1.1.3.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/djangorestframework-3.3.2.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/django_compressor-1.4.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/jsonfield-1.0.3.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/django-post_office-2.0.6.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/gunicorn-19.4.5.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/flup-1.0.2.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/chardet-2.3.0.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/python-dateutil-1.5.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/six-1.9.0.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/django-picklefield-0.3.2.tar.gz\nwget -O /tmp/django_constance.zip https://github.com/haiwen/django-constance/archive/bde7f7c.zip\npip install -t ~/dev/seahub_thirdpart/ /tmp/django_constance.zip\npip install -t ~/dev/seahub_thirdpart/ /tmp/jdcal-1.2.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/et_xmlfile-1.0.1.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/openpyxl-2.3.0.tar.gz\n
          "},{"location":"develop/rpi/#prepare-seafile-source-code","title":"Prepare seafile source code","text":"

          To build seafile server, there are four sub projects involved:

          • libsearpc
          • ccnet-server
          • seafile-server
          • seahub

          The build process has two steps:

          • First, fetch the tags of each projects, and make a soruce tarball for each of them.
          • Then run a build-server.py script to build the server package from the source tarballs.
          "},{"location":"develop/rpi/#fetch-git-tags-and-prepare-source-tarballs","title":"Fetch git tags and prepare source tarballs","text":"

          Seafile manages the releases in tags on github.

          Assume we are packaging for seafile server 6.0.1, then the tags are:

          • ccnet-server, seafile-server, and seahub would all have a v6.0.1-sever tag.
          • libsearpc would have the v3.0-latest tag (libsearpc has been quite stable and basically has no further development, so the tag is always v3.0-latest)

          First setup the PKG_CONFIG_PATH enviroment variable (So we don't need to make and make install libsearpc/ccnet/seafile into the system):

          export PKG_CONFIG_PATH=/home/pi/dev/seafile/lib:$PKG_CONFIG_PATH\nexport PKG_CONFIG_PATH=/home/pi/dev/libsearpc:$PKG_CONFIG_PATH\nexport PKG_CONFIG_PATH=/home/pi/dev/ccnet:$PKG_CONFIG_PATH\n
          "},{"location":"develop/rpi/#libsearpc","title":"libsearpc","text":"
          cd ~/dev\ngit clone https://github.com/haiwen/libsearpc.git\ncd libsearpc\ngit reset --hard v3.0-latest\n./autogen.sh\n./configure\nmake dist\n
          "},{"location":"develop/rpi/#ccnet","title":"ccnet","text":"
          cd ~/dev\ngit clone https://github.com/haiwen/ccnet-server.git\ncd ccnet\ngit reset --hard v6.0.1-server\n./autogen.sh\n./configure\nmake dist\n
          "},{"location":"develop/rpi/#seafile","title":"seafile","text":"
          cd ~/dev\ngit clone https://github.com/haiwen/seafile-server.git\ncd seafile\ngit reset --hard v6.0.1-server\n./autogen.sh\n./configure\nmake dist\n
          "},{"location":"develop/rpi/#seahub","title":"seahub","text":"
          cd ~/dev\ngit clone https://github.com/haiwen/seahub.git\ncd seahub\ngit reset --hard v6.0.1-server\n./tools/gen-tarball.py --version=6.0.1 --branch=HEAD\n
          "},{"location":"develop/rpi/#seafobj","title":"seafobj","text":"
          cd ~/dev\ngit clone https://github.com/haiwen/seafobj.git\ncd seafobj\ngit reset --hard v6.0.1-server\nmake dist\n
          "},{"location":"develop/rpi/#seafdav","title":"seafdav","text":"
          cd ~/dev\ngit clone https://github.com/haiwen/seafdav.git\ncd seafdav\ngit reset --hard v6.0.1-server\nmake\n
          "},{"location":"develop/rpi/#copy-the-source-tar-balls-to-the-same-folder","title":"Copy the source tar balls to the same folder","text":"
          mkdir ~/seafile-sources\ncp ~/dev/libsearpc/libsearpc-<version>-tar.gz ~/seafile-sources\ncp ~/dev/ccnet/ccnet-<version>-tar.gz ~/seafile-sources\ncp ~/dev/seafile/seafile-<version>-tar.gz ~/seafile-sources\ncp ~/dev/seahub/seahub-<version>-tar.gz ~/seafile-sources\n\ncp ~/dev/seafobj/seafobj.tar.gz ~/seafile-sources\ncp ~/dev/seafdav/seafdav.tar.gz ~/seafile-sources\n
          "},{"location":"develop/rpi/#run-the-packaging-script","title":"Run the packaging script","text":"

          Now we have all the tarballs prepared, we can run the build-server.py script to build the server package.

          mkdir ~/seafile-server-pkgs\n~/dev/seafile/scripts/build-server.py --libsearpc_version=<libsearpc_version> --ccnet_version=<ccnet_version> --seafile_version=<seafile_version> --seahub_version=<seahub_version> --srcdir=  --thirdpartdir=/home/pi/dev/seahub_thirdpart --srcdir=/home/pi/seafile-sources --outputdir=/home/pi/seafile-server-pkgs\n

          After the script finisheds, we would get a seafile-server_6.0.1_pi.tar.gz in ~/seafile-server-pkgs folder.

          "},{"location":"develop/rpi/#test-the-built-package","title":"Test the built package","text":""},{"location":"develop/rpi/#test-a-fresh-install","title":"Test a fresh install","text":"

          The test should cover these steps at least:

          • The setup process is ok
          • After seafile.sh start and seahub.sh start, you can login from a browser.
          • Uploading/Downloading files through a web browser works correctly.
          • Seafile WebDAV server works correctly
          "},{"location":"develop/rpi/#test-upgrading-from-a-previous-version","title":"Test upgrading from a previous version","text":"
          • Download the package of the previous version seafile server, and setup it.
          • Upgrading according to the manual
          • After the upgrade, check the functionality is ok:
          • Uploading/Downloading files through a web browser works correctly.
          • Seafile WebDAV server works correctly
          "},{"location":"develop/server/","title":"Server development","text":"

          This is the document for deploying Seafile open source development environment in Ubuntu 2204 docker container.

          "},{"location":"develop/server/#create-persistent-directories","title":"Create persistent directories","text":"

          Login a linux server as root user, then:

          mkdir -p /root/seafile-ce-docker/source-code\nmkdir -p /root/seafile-ce-docker/conf\nmkdir -p /root/seafile-ce-docker/logs\nmkdir -p /root/seafile-ce-docker/mysql-data\nmkdir -p /root/seafile-ce-docker/seafile-data/library-template\n
          "},{"location":"develop/server/#run-a-container","title":"Run a container","text":"

          After install docker, start a container to deploy seafile open source development environment.

          docker run --mount type=bind,source=/root/seafile-ce-docker/source-code,target=/root/dev/source-code \\\n           --mount type=bind,source=/root/seafile-ce-docker/conf,target=/root/dev/conf \\\n           --mount type=bind,source=/root/seafile-ce-docker/logs,target=/root/dev/logs \\\n           --mount type=bind,source=/root/seafile-ce-docker/seafile-data,target=/root/dev/seafile-data \\\n           --mount type=bind,source=/root/seafile-ce-docker/mysql-data,target=/var/lib/mysql \\\n           -it -p 8000:8000 -p 8082:8082 -p 3000:3000 --name seafile-ce-env ubuntu:22.04 bash\n

          Note, the following commands are all executed in the seafile-ce-env docker container.

          "},{"location":"develop/server/#update-source-and-install-dependencies","title":"Update Source and Install Dependencies.","text":"

          Update base system and install base dependencies:

          apt-get update && apt-get upgrade -y\n\napt-get install -y ssh libevent-dev libcurl4-openssl-dev libglib2.0-dev uuid-dev intltool libsqlite3-dev libmysqlclient-dev libarchive-dev libtool libjansson-dev valac libfuse-dev python3-dateutil cmake re2c flex sqlite3 python3-pip python3-simplejson git libssl-dev libldap2-dev libonig-dev vim vim-scripts wget cmake gcc autoconf automake mysql-client librados-dev libxml2-dev curl sudo telnet netcat unzip netbase ca-certificates apt-transport-https build-essential libxslt1-dev libffi-dev libpcre3-dev libz-dev xz-utils nginx pkg-config poppler-utils libmemcached-dev sudo ldap-utils libldap2-dev libjwt-dev\n

          Install Node 16 from nodesource:

          curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg\necho \"deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_16.x nodistro main\" | sudo tee /etc/apt/sources.list.d/nodesource.list\napt-get install -y nodejs\n

          Install other Python 3 dependencies:

          apt-get install -y python3 python3-dev python3-pip python3-setuptools python3-ldap\n\npython3 -m pip install --upgrade pip\n\npip3 install Django==4.2.* django-statici18n==2.3.* django_webpack_loader==1.7.* django_picklefield==3.1 django_formtools==2.4 django_simple_captcha==0.6.* djangosaml2==1.5.* djangorestframework==3.14.* python-dateutil==2.8.* pyjwt==2.6.* pycryptodome==3.16.* python-cas==1.6.* pysaml2==7.2.* requests==2.28.* requests_oauthlib==1.3.* future==0.18.* gunicorn==20.1.* mysqlclient==2.1.* qrcode==7.3.* pillow==10.2.* chardet==5.1.* cffi==1.15.1 captcha==0.5.* openpyxl==3.0.* Markdown==3.4.* bleach==5.0.* python-ldap==3.4.* sqlalchemy==2.0.18 redis mock pytest pymysql configparser pylibmc django-pylibmc nose exam splinter pytest-django\n
          "},{"location":"develop/server/#install-mariadb-and-create-databases","title":"Install MariaDB and Create Databases","text":"
          apt-get install -y mariadb-server\nservice mariadb start\nmysqladmin -u root password your_password\n

          sql for create databases

          mysql -uroot -pyour_password -e \"CREATE DATABASE ccnet CHARACTER SET utf8;\"\nmysql -uroot -pyour_password -e \"CREATE DATABASE seafile CHARACTER SET utf8;\"\nmysql -uroot -pyour_password -e \"CREATE DATABASE seahub CHARACTER SET utf8;\"\n
          "},{"location":"develop/server/#download-source-code","title":"Download Source Code","text":"
          cd ~/\ncd ~/dev/source-code\n\ngit clone https://github.com/haiwen/libevhtp.git\ngit clone https://github.com/haiwen/libsearpc.git\ngit clone https://github.com/haiwen/seafile-server.git\ngit clone https://github.com/haiwen/seafevents.git\ngit clone https://github.com/haiwen/seafobj.git\ngit clone https://github.com/haiwen/seahub.git\n\ncd libevhtp/\ngit checkout tags/1.1.7 -b tag-1.1.7\n\ncd ../libsearpc/\ngit checkout tags/v3.3-latest -b tag-v3.3-latest\n\ncd ../seafile-server\ngit checkout tags/v11.0.5-server -b tag-v11.0.5-server\n\ncd ../seafevents\ngit checkout tags/v11.0.5-server -b tag-v11.0.5-server\n\ncd ../seafobj\ngit checkout tags/v11.0.5-server -b tag-v11.0.5-server\n\ncd ../seahub\ngit checkout tags/v11.0.5-server -b tag-v11.0.5-server\n
          "},{"location":"develop/server/#compile-and-install-seaf-server","title":"Compile and Install seaf-server","text":"
          cd ../libevhtp\ncmake -DEVHTP_DISABLE_SSL=ON -DEVHTP_BUILD_SHARED=OFF .\nmake\nmake install\nldconfig\n\ncd ../libsearpc\n./autogen.sh\n./configure\nmake\nmake install\nldconfig\n\ncd ../seafile-server\n./autogen.sh\n./configure --disable-fuse\nmake\nmake install\nldconfig\n
          "},{"location":"develop/server/#create-conf-files","title":"Create Conf Files","text":"
          cd ~/dev/conf\n\ncat > ccnet.conf  <<EOF\n[Database]\nENGINE = mysql\nHOST = localhost\nPORT = 3306\nUSER = root\nPASSWD = 123456\nDB = ccnet\nCONNECTION_CHARSET = utf8\nCREATE_TABLES = true\nEOF\n\ncat > seafile.conf  <<EOF\n[database]\ntype = mysql\nhost = localhost\nport = 3306\nuser = root\npassword = 123456\ndb_name = seafile\nconnection_charset = utf8\ncreate_tables = true\nEOF\n\ncat > seafevents.conf  <<EOF\n[DATABASE]\ntype = mysql\nusername = root\npassword = 123456\nname = seahub\nhost = localhost\nEOF\n\ncat > seahub_settings.py  <<EOF\nDATABASES = {\n    'default': {\n        'ENGINE': 'django.db.backends.mysql',\n        'NAME': 'seahub',\n        'USER': 'root',\n        'PASSWORD': '123456',\n        'HOST': 'localhost',\n        'PORT': '3306',\n    }\n}\nFILE_SERVER_ROOT = 'http://127.0.0.1:8082'\nSERVICE_URL = 'http://127.0.0.1:8000'\nEOF\n
          "},{"location":"develop/server/#start-seaf-server","title":"Start seaf-server","text":"
          seaf-server -F /root/dev/conf -d /root/dev/seafile-data -l /root/dev/logs/seafile.log >> /root/dev/logs/seafile.log 2>&1 &\n
          "},{"location":"develop/server/#start-seafevents-and-seahub","title":"Start seafevents and seahub","text":""},{"location":"develop/server/#prepare-environment-variables","title":"Prepare environment variables","text":"
          export CCNET_CONF_DIR=/root/dev/conf\nexport SEAFILE_CONF_DIR=/root/dev/seafile-data\nexport SEAFILE_CENTRAL_CONF_DIR=/root/dev/conf\nexport SEAHUB_DIR=/root/dev/source-code/seahub\nexport SEAHUB_LOG_DIR=/root/dev/logs\nexport PYTHONPATH=/usr/local/lib/python3.10/dist-packages/:/usr/local/lib/python3.10/site-packages/:/root/dev/source-code/:/root/dev/source-code/seafobj/:/root/dev/source-code/seahub/thirdpart:$PYTHONPATH\n
          "},{"location":"develop/server/#start-seafevents","title":"Start seafevents","text":"
          cd /root/dev/source-code/seafevents/\npython3 main.py --loglevel=debug --logfile=/root/dev/logs/seafevents.log --config-file /root/dev/conf/seafevents.conf >> /root/dev/logs/seafevents.log 2>&1 &\n
          "},{"location":"develop/server/#start-seahub","title":"Start seahub","text":""},{"location":"develop/server/#create-seahub-database-tables","title":"Create seahub database tables","text":"
          cd /root/dev/source-code/seahub/\npython3 manage.py migrate\n
          "},{"location":"develop/server/#create-user","title":"Create user","text":"
          python3 manage.py createsuperuser\n
          "},{"location":"develop/server/#start-seahub_1","title":"Start seahub","text":"
          python3 manage.py runserver 0.0.0.0:8000\n

          Then, you can visit http://127.0.0.1:8000/ to use Seafile.

          "},{"location":"develop/server/#the-final-directory-structure","title":"The Final Directory Structure","text":""},{"location":"develop/server/#more","title":"More","text":""},{"location":"develop/server/#deploy-frontend-development-environment","title":"Deploy Frontend Development Environment","text":"

          For deploying frontend development enviroment, you need:

          1, checkout seahub to master branch

          cd /root/dev/source-code/seahub\n\ngit fetch origin master:master\ngit checkout master\n

          2, add the following configration to /root/dev/conf/seahub_settings.py

          import os\nPROJECT_ROOT = '/root/dev/source-code/seahub'\nWEBPACK_LOADER = {\n    'DEFAULT': {\n        'BUNDLE_DIR_NAME': 'frontend/',\n        'STATS_FILE': os.path.join(PROJECT_ROOT,\n                                   'frontend/webpack-stats.dev.json'),\n    }\n}\nDEBUG = True\n

          3, install js modules

          cd /root/dev/source-code/seahub/frontend\n\nnpm install\n

          4, npm run dev

          cd /root/dev/source-code/seahub/frontend\n\nnpm run dev\n

          5, start seaf-server and seahub

          "},{"location":"develop/translation/","title":"Translation","text":""},{"location":"develop/translation/#seahub-seafile-server-71-and-above","title":"Seahub (Seafile Server 7.1 and above)","text":""},{"location":"develop/translation/#translate-and-try-locally","title":"Translate and try locally","text":"

          1. Locate the translation files in the seafile-server-latest/seahub directory:

          • For Seahub (except Markdown editor): /locale/<lang-code>/LC_MESSAGES/django.po\u00a0 and \u00a0/locale/<lang-code>/LC_MESSAGES/djangojs.po
          • For Markdown editor: /media/locales/<lang-code>/seafile-editor.json

          For example, if you want to improve the Russian translation, find the corresponding strings to be edited in either of the following three files:

          • /seafile-server-latest/seahub/locale/ru/LC_MESSAGES/django.po
          • /seafile-server-latest/seahub/locale/ru/LC_MESSAGES/djangojs.po
          • /seafile-server-latest/seahub/media/locales/ru/seafile-editor.json

          If there is no translation for your language, create a new folder matching your language code and copy-paste the contents of another language folder in your newly created one. (Don't copy from the 'en' folder because the files therein do not contain the strings to be translated.)

          2. Edit the files using an UTF-8 editor.

          3. Save your changes.

          4. (Only necessary when you created a new language code folder) Add a new entry for your language to the language block in the /seafile-server-latest/seahub/seahub/settings.py file and save it. 

          LANGUAGES = (\n    ...\n    ('ru', '\u0420\u0443\u0441\u0441\u043a\u0438\u0439'),\n    ...\n)\n

          5. (Only necessary when you edited either django.po or djangojs.po) Apply the changes made in django.po and djangojs.po by running the following two commands in /seafile-server-latest/seahub/locale/<lang-code>/LC_MESSAGES:

          • msgfmt -o django.mo django.po
          • msgfmt -o djangojs.mo djangojs.po

          Note: msgfmt is included in the gettext package.

          Additionally, run the following two commands in the seafile-server-latest directory:

          • ./seahub.sh python-env python3 seahub/manage.py compilejsi18n -l <lang-code>
          • ./seahub.sh python-env python3 seahub/manage.py collectstatic --noinput -i admin -i termsandconditions --no-post-process

          6. Restart Seahub to load changes made in django.po and djangojs.po; reload the Markdown editor to check your modifications in the seafile-editor.json file.

          "},{"location":"develop/translation/#submit-your-translation","title":"Submit your translation","text":"

          Please submit translations via Transifex: https://www.transifex.com/projects/p/seahub/

          Steps:

          1. Create a free account on Transifex (https://www.transifex.com/).
          2. Send a request to join the language translation.
          3. After accepted by the project maintainer, then you can upload your file or translate online.
          "},{"location":"develop/translation/#faq","title":"FAQ","text":""},{"location":"develop/translation/#filenotfounderror","title":"FileNotFoundError","text":"

          FileNotFoundError occurred when executing the command manage.py collectstatic.

          FileNotFoundError: [Errno 2] No such file or directory: '/opt/seafile/seafile-server-latest/seahub/frontend/build'\n

          Steps:

          1. Modify STATICFILES_DIRS in /opt/seafile/seafile-server-latest/seahub/seahub/settings.py manually

            STATICFILES_DIRS = (\n    # Put strings here, like \"/home/html/static\" or \"C:/www/django/static\".\n    # Always use forward slashes, even on Windows.\n    # Don't forget to use absolute paths, not relative paths.\n    '%s/static' % PROJECT_ROOT,\n#    '%s/frontend/build' % PROJECT_ROOT,\n)\n

          2. Execute the command

            ./seahub.sh python-env python3 seahub/manage.py collectstatic --noinput -i admin -i termsandconditions --no-post-process\n

          3. Restore STATICFILES_DIRS manually

            ```python STATICFILES_DIRS = ( # Put strings here, like \"/home/html/static\" or \"C:/www/django/static\". # Always use forward slashes, even on Windows. # Don't forget to use absolute paths, not relative paths. '%s/static' % PROJECT_ROOT, '%s/frontend/build' % PROJECT_ROOT, )

          4. Restart Seahub

            ./seahub.sh restart\n

          This issue has been fixed since version 11.0

          "},{"location":"develop/web_api_v2.1/","title":"Web API","text":""},{"location":"develop/web_api_v2.1/#seafile-web-api","title":"Seafile Web API","text":"

          The API document can be accessed in the following location:

          • https://seafile-api.readme.io/ (New)
          • https://download.seafile.com/published/web-api/home.md (Old)
          "},{"location":"develop/web_api_v2.1/#admin-only","title":"Admin Only","text":"

          The Admin API document can be accessed in the following location:

          • https://seafile-api.readme.io/ (New)
          "},{"location":"develop/windows/","title":"Windows","text":""},{"location":"develop/windows/#environment-setup","title":"Environment Setup","text":"

          The following setups are required for building and packaging Sync Client on Windows:

          • Visual Studio 2019
            • Desktop development with C++
              • MSVC v142
              • Windows 10 SDK (10.0.19041.0) (installed by default, not used)
              • Windows 10 SDK (10.0.18362.0)
            • Universal Windows Platform development
              • Windows 10 SDK (10.0.18362.0)
          • Qt 6.5
            • MSVC 2019 64-bit
            • Qt 5 Compatibility Module
            • Qt Positioning
            • Qt Serial Port
            • Qt WebChannel
            • Qt WebEngine
          • Qt VS Tools

          • vcpkg

            • curl[openssl]:x64-windows
            • getopt:x64-windows
            • glib:x64-windows
            • jansson:x64-windows
            • libevent:x64-windows
            • libwebsockets:x64-windows
            • openssl:x64-windows
            • pthreads:x64-windows
            • sqlite3:x64-windows
            • zlib:x64-windows
            • argon2:x64-windows
              # Example of the install command:\n$ ./vcpkg.exe install curl[core,openssl]:x64-windows\n

          • Python 3.7

          • wix
            • install to C:\\wix
          • Paraffin
            • copy Paraffin.exe to C:\\wix\\bin
          • Breakpad

          • Certificates

            • install to C:\\certs

            Note: certificates for Windows application are issued by third-party certificate authority.

          "},{"location":"develop/windows/#breakpad","title":"Breakpad","text":"

          Support for Breakpad can be added by running following steps:

          • install gyp tool

            $ git clone --depth=1 git@github.com:chromium/gyp.git\n$ python setup.py install\n

          • compile breakpad

            $ git clone --depth=1 git@github.com:google/breakpad.git\n$ cd breakpad\n$ git clone https://github.com/google/googletest.git testing\n$ cd ..\n# create vs solution, this may throw an error \"module collections.abc has no attribute OrderedDict\", you should open the msvs.py and replace 'collections.abc' with 'collections'.\n$ gyp \u2013-no-circular-check breakpad\\src\\client\\windows\\breakpad_client.gyp\n
            • open breakpad_client.sln and configure C++ Language Standard to C++17 and C/C++ ---> Code Generation ---> Runtime Library to Multi-threaded DLL (/MD)
            • build breakpad

          • compile dump_syms tool

            create vs solution

            gyp \u2013-no-circular-check breakpad\\src\\tools\\windows\\tools_windows.gyp\n
            • open tools_windows.sln and build tools_windows
            • Insert #include in the source file about unique_ptr compilation error and recompile.
            • build dump_syms
            • Copy C:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\Community\\Common7\\IDE\\Remote Debugger\\x64\\msdia140.dll to breakpad\\src\\tools\\windows\\Release.

          • copy VC merge modules

            copy C:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\Community\\VC\\Redist\\MSVC\\v142\\MergeModules\\MergeModules\\Microsoft_VC142_CRT_x64.msm C:\\packagelib\n
          "},{"location":"develop/windows/#building-sync-client","title":"Building Sync Client","text":"

          Following directory structures are expected when building Sync Client:

          seafile-workspace/\nseafile-workspace/libsearpc/\nseafile-workspace/seafile/\nseafile-workspace/seafile-client/\nseafile-workspace/seafile-shell-ext/\n

          The source code of these projects can be downloaded at github.com/haiwen/libsearpc, github.com/haiwen/seafile, github.com/haiwen/seafile-client, and github.com/haiwen/seafile-shell-ext.

          "},{"location":"develop/windows/#building","title":"Building","text":"

          Note: the building commands have been included in the packaging script, you can skip building commands while packaging.

          To build libsearpc:

          $ cd seafile-workspace/libsearpc/\n$ devenv libsearpc.sln /build \"Release|x64\"\n

          To build seafile

          $ cd seafile-workspace/seafile/\n$ devenv seafile.sln /build \"Release|x64\"\n$ devenv msi/custom/seafile_custom.sln /build \"Release|x64\"\n

          To build seafile-client

          $ cd seafile-workspace/seafile-client/\n$ devenv third_party/quazip/quazip.sln /build \"Release|x64\"\n$ devenv seafile-client.sln /build \"Release|x64\"\n

          To build seafile-shell-ext

          $ cd seafile-workspace/seafile-shell-ext/\n$ devenv extensions/seafile_ext.sln /build \"Release|x64\"\n$ devenv seadrive-thumbnail-ext/seadrive_thumbnail_ext.sln /build \"Release|x64\"\n
          "},{"location":"develop/windows/#packaging","title":"Packaging","text":"
          1. Update the CERTFILE configure in seafile-workspace/seafile/scripts/build/build-msi-vs.py .
          2. Run commands:
            $ cd seafile-workspace/seafile-client/third_party/quazip\n$ devenv quazip.sln /build Release|x64\n$ cd seafile-workspace/seafile/scripts/build\n$ python build-msi-vs.py 1.0.0\n
          "},{"location":"extension/distributed_indexing/","title":"Distributed indexing","text":"

          If you use a cluster to deploy Seafile, you can use distributed indexing to realize real-time indexing and improve indexing efficiency. The indexing process is as follows:

          "},{"location":"extension/distributed_indexing/#install-redis-and-modify-configuration-files","title":"Install redis and modify configuration files","text":""},{"location":"extension/distributed_indexing/#1-install-redis-on-all-frontend-nodes","title":"1. Install redis on all frontend nodes","text":"

          Tip

          If you use redis cloud service, skip this step and modify the configuration files directly

          UbuntuCentOS 
          $ apt install redis-server\n
          $ yum install redis\n
          "},{"location":"extension/distributed_indexing/#2-install-python-redis-third-party-package-on-all-frontend-nodes","title":"2. Install python redis third-party package on all frontend nodes","text":"
          $ pip install redis\n
          "},{"location":"extension/distributed_indexing/#3-modify-the-seafeventsconf-on-all-frontend-nodes","title":"3. Modify the seafevents.conf on all frontend nodes","text":"

          Add the following config items

          [EVENTS PUBLISH]\nmq_type=redis   # must be redis\nenabled=true\n\n[REDIS]\nserver=127.0.0.1   # your redis server host\nport=6379          # your redis server port\npassword=xxx       # your redis server password, if not password, do not set this item\n
          "},{"location":"extension/distributed_indexing/#4-modify-the-seafeventsconf-on-the-backend-node","title":"4. Modify the seafevents.conf on the backend node","text":"

          Disable the scheduled indexing task, because the scheduled indexing task and the distributed indexing task conflict.

          [INDEX FILES]\nenabled=true\n     |\n     V\nenabled=false   \n
          "},{"location":"extension/distributed_indexing/#5-restart-seafile","title":"5. Restart Seafile","text":"Deploy in DockerDeploy from binary packages 
          docker exec -it seafile bash\ncd /scripts\n./seafile.sh restart && ./seahub.sh restart\n
          cd /opt/seafile/seafile-server-latest\n./seafile.sh restart && ./seahub.sh restart\n
          "},{"location":"extension/distributed_indexing/#deploy-distributed-indexing","title":"Deploy distributed indexing","text":"

          First, prepare a seafes master node and several seafes slave nodes, the number of slave nodes depends on your needs. Deploy Seafile on these nodes, and copy the configuration files in the conf directory from the frontend nodes. The master node and slave nodes do not need to start Seafile, but need to read the configuration files to obtain the necessary information.

          Next, create a configuration file index-master.conf in the conf directory of the master node, e.g.

          [DEFAULT]\nmq_type=redis   # must be redis\n\n[REDIS]\nserver=127.0.0.1   # your redis server host\nport=6379          # your redis server port\npassword=xxx       # your redis server password, if not password, do not set this item\n

          Execute ./run_index_master.sh [start/stop/restart] in the seafile-server-last directory (or /scripts inner the Seafile-docker container) to control the program to start, stop and restart.

          Next, create a configuration file index-slave.conf in the conf directory of all slave nodes, e.g.

          [DEFAULT]\nmq_type=redis     # must be redis\nindex_workers=2   # number of threads to create/update indexes, you can increase this value according to your needs\n\n[REDIS]\nserver=127.0.0.1   # your redis server host\nport=6379          # your redis server port\npassword=xxx       # your redis server password, if not password, do not set this item\n

          Execute ./run_index_worker.sh [start/stop/restart] in the seafile-server-last directory (or /scripts inner the Seafile-docker container) to control the program to start, stop and restart.

          Note

          The index worker connects to backend storage directly. You don't need to run seaf-server in index worker node.

          "},{"location":"extension/distributed_indexing/#some-commands-in-distributed-indexing","title":"Some commands in distributed indexing","text":"

          Rebuild search index, execute in the seafile-server-last directory (or /scripts inner the Seafile-docker container):

          $ ./pro/pro.py search --clear\n$ ./run_index_master.sh python-env index_op.py --mode resotre_all_repo\n

          List the number of indexing tasks currently remaining, execute in the seafile-server-last directory (or /scripts inner the Seafile-docker container):

          $ ./run_index_master.sh python-env index_op.py --mode show_all_task\n

          The above commands need to be run on the master node.

          "},{"location":"extension/fuse/","title":"FUSE extension","text":"

          Files in the seafile system are split to blocks, which means what are stored on your seafile server are not complete files, but blocks. This design faciliates effective data deduplication.

          However, administrators sometimes want to access the files directly on the server. You can use seaf-fuse to do this.

          Seaf-fuse is an implementation of the FUSE virtual filesystem. In a word, it mounts all the seafile files to a folder (which is called the '''mount point'''), so that you can access all the files managed by seafile server, just as you access a normal folder on your server.

          Note

          • Encrypted folders can't be accessed by seaf-fuse.
          • Currently the implementation is '''read-only''', which means you can't modify the files through the mounted folder.
          • One debian/centos systems, you need to be in the \"fuse\" group to have the permission to mount a FUSE folder.
          "},{"location":"extension/fuse/#use-seaf-fuse-in-binary-based-deployment","title":"Use seaf-fuse in binary based deployment","text":"

          Assume we want to mount to /data/seafile-fuse.

          "},{"location":"extension/fuse/#create-the-folder-as-the-mount-point","title":"Create the folder as the mount point","text":"
          mkdir -p /data/seafile-fuse\n
          "},{"location":"extension/fuse/#start-seaf-fuse-with-the-script","title":"Start seaf-fuse with the script","text":"

          Before start seaf-fuse, you should have started seafile server with ./seafile.sh start

          ./seaf-fuse.sh start /data/seafile-fuse\n

          seaf-fuse supports standard mount options for FUSE. For example, you can specify ownership for the mounted folder:

          ./seaf-fuse.sh start -o uid=<uid> /data/seafile-fuse\n

          The fuse enables the block cache function by default to cache block objects, thereby reducing access to backend storage, but this function will occupy local disk space. Since Seafile-pro-10.0.0, you can disable block cache by adding following options:

          ./seaf-fuse.sh start --disable-block-cache /data/seafile-fuse\n

          You can find the complete list of supported options in man fuse.

          "},{"location":"extension/fuse/#stop-seaf-fuse","title":"Stop seaf-fuse","text":"
          ./seaf-fuse.sh stop\n
          "},{"location":"extension/fuse/#contents-of-the-mounted-folder","title":"Contents of the mounted folder","text":""},{"location":"extension/fuse/#the-top-level-folder","title":"The top level folder","text":"

          Now you can list the content of /data/seafile-fuse.

          $ ls -lhp /data/seafile-fuse\n\ndrwxr-xr-x 2 root root 4.0K Jan  1  2015 abc@abc.com/\ndrwxr-xr-x 2 root root 4.0K Jan  4  2015 foo@foo.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  2015 plus@plus.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  2015 sharp@sharp.com/\ndrwxr-xr-x 2 root root 4.0K Jan  3  2015 test@test.com/\n
          • The top level folder contains many subfolders, each of which corresponds to a user
          "},{"location":"extension/fuse/#the-folder-for-each-user","title":"The folder for each user","text":"
          $ ls -lhp /data/seafile-fuse/abc@abc.com\n\ndrwxr-xr-x 2 root root  924 Jan  1  1970 5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/\ndrwxr-xr-x 2 root root 1.6K Jan  1  1970 a09ab9fc-7bd0-49f1-929d-6abeb8491397_My Notes/\n

          From the above list you can see, under the folder of a user there are subfolders, each of which represents a library of that user, and has a name of this format: '''{library_id}-{library-name}'''.

          "},{"location":"extension/fuse/#the-folder-for-a-library","title":"The folder for a library","text":"
          $ ls -lhp /data/seafile-fuse/abc@abc.com/5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/\n\n-rw-r--r-- 1 root root 501K Jan  1  2015 image.png\n-rw-r--r-- 1 root root 501K Jan  1  2015 sample.jpng\n
          "},{"location":"extension/fuse/#if-you-get-a-permission-denied-error","title":"If you get a \"Permission denied\" error","text":"

          If you get an error message saying \"Permission denied\" when running ./seaf-fuse.sh start, most likely you are not in the \"fuse group\". You should:

          • Add yourself to the fuse group 

            sudo usermod -a -G fuse <your-user-name>\n

          • Logout your shell and login again

          • Now try ./seaf-fuse.sh start <path>again.
          "},{"location":"extension/fuse/#use-seaf-fuse-in-docker-based-deployment","title":"Use seaf-fuse in Docker based deployment","text":"

          Assume we want to mount to /data/seafile-fuse in host.

          "},{"location":"extension/fuse/#modify-docker-composeyml","title":"Modify docker-compose.yml","text":"

          Add the following content

            seafile:\n    ...\n    volumes:\n      ...\n      - type: bind\n        source: /data/seafile-fuse\n        target: /seafile-fuse\n        bind:\n          propagation: rshared\n    privileged: true\n    cap_add:\n      - SYS_ADMIN\n
          "},{"location":"extension/fuse/#start-seaf-fuse-with-the-script-in-docker","title":"Start seaf-fuse with the script in docker","text":"

          Start Seafile server and enter the container

          docker compose up -d\n\ndocker exec -it seafile bash\n

          Start seaf-fuse in the container

          cd /opt/seafile/seafile-server-latest/\n\n./seaf-fuse.sh start /seafile-fuse\n
          "},{"location":"extension/libreoffice_online/","title":"Integrate Seafile with Collabora Online (LibreOffice Online)","text":"

          Since Seafile Professional edition 6.0.0, you can integrate Seafile with Collabora Online to preview office files.

          "},{"location":"extension/libreoffice_online/#setup-collaboraonline","title":"Setup CollaboraOnline","text":"

          Deployment Tips

          From Seafile 12.0, Seafile support integrating CollaboraOnline server on the same host (only support deploying with Docker with sufficient cores and RAM), as you can follow the steps in this manual.

          Otherwise, you can follow the official document to deploy CollaboraOnline server on a separate host. Then you should follow here to configurate seahub_settings.py to enable online office.

          Download the collabora.yml

          wget https://manual.seafile.com/12.0/docker/pro/collabora.yml\n

          Insert collabora.yml to field COMPOSE_FILE lists (i.e., COMPOSE_FILE='...,collabora.yml') and add the relative options in .env

          COLLABORA_IMAGE=collabora/code:24.04.5.1.1 # image of LibreOffice\nCOLLABORA_PORT=6232 # expose port\nCOLLABORA_USERNAME=<your LibreOffice admin username>\nCOLLABORA_PASSWORD=<your LibreOffice admin password>\nCOLLABORA_ENABLE_ADMIN_CONSOLE=true # enable admin console or not\nCOLLABORA_REMOTE_FONT= # remote font url\nCOLLABORA_ENABLE_FILE_LOGGING=false # use file logs or not, see FQA\n
          "},{"location":"extension/libreoffice_online/#config-seafile","title":"Config Seafile","text":"

          Add following config option to seahub_settings.py:

          OFFICE_SERVER_TYPE = 'CollaboraOffice'\nENABLE_OFFICE_WEB_APP = True\nOFFICE_WEB_APP_BASE_URL = 'http{s}://seafile.example.com:6232/hosting/discovery'\n\n# Expiration of WOPI access token\n# WOPI access token is a string used by Seafile to determine the file's\n# identity and permissions when use LibreOffice Online view it online\n# And for security reason, this token should expire after a set time period\nWOPI_ACCESS_TOKEN_EXPIRATION = 30 * 60   # seconds\n\n# List of file formats that you want to view through LibreOffice Online\n# You can change this value according to your preferences\n# And of course you should make sure your LibreOffice Online supports to preview\n# the files with the specified extensions\nOFFICE_WEB_APP_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx')\n\n# Enable edit files through LibreOffice Online\nENABLE_OFFICE_WEB_APP_EDIT = True\n\n# types of files should be editable through LibreOffice Online\nOFFICE_WEB_APP_EDIT_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx')\n

          Then restart Seafile.

          Click an office file in Seafile web interface, you will see the online preview rendered by CollaboraOnline. Here is an example:

          "},{"location":"extension/libreoffice_online/#trouble-shooting","title":"Trouble shooting","text":"

          Understanding how the integration work will help you debug the problem. When a user visits a file page:

          1. (seahub->browser) Seahub will generate a page containing an iframe and send it to the browser
          2. (browser->CollaboraOnline) With the iframe, the browser will try to load the file preview page from the CollaboraOnline
          3. (CollaboraOnline->seahub) CollaboraOnline receives the request and sends a request to Seahub to get the file content
          4. (CollaboraOnline->browser) CollaboraOnline sends the file preview page to the browser.
          "},{"location":"extension/libreoffice_online/#faq","title":"FAQ","text":""},{"location":"extension/libreoffice_online/#about-logs","title":"About logs","text":"

          CollaboraOnline container will output the logs in the stdout, you can use following command to access it

          docker logs seafile-collabora\n

          If you would like to use file to save log (i.e., a .log file), you can modify .env with following statment, and remove the notes in the collabora.yml

          # .env\nCOLLABORA_ENABLE_FILE_LOGGING=True\nCOLLABORA_PATH=/opt/collabora # path of the collabora logs\n
          # collabora.yml\n# remove the following notes\n...\nservices:\n    collabora:\n        ...\n        volumes:\n            - \"${COLLABORA_PATH:-/opt/collabora}/logs:/opt/cool/logs/\" # chmod 777 needed\n        ...\n...\n

          Create the logs directory, and restart Seafile server

          mkdir -p /opt/collabora\nchmod 777 /opt/collabora\ndocker compose down\ndocker compose up -d\n
          "},{"location":"extension/libreoffice_online/#collaboraonline-server-on-a-separate-host","title":"CollaboraOnline server on a separate host","text":"

          If your CollaboraOnline server on a separate host, you just need to modify the seahub_settings.py similar to deploy on the same host. The only different is you have to change the field OFFICE_WEB_APP_BASE_URL to your CollaboraOnline host (e.g., https://collabora-online.seafile.com/hosting/discovery).

          "},{"location":"extension/notification-server/","title":"Notification Server Overview","text":"

          Currently, the status updates of files and libraries on the client and web interface are based on polling the server. The latest status cannot be reflected in real time on the client due to polling delays. The client needs to periodically refresh the library modification, file locking, subdirectory permissions and other information, which causes additional performance overhead to the server.

          When a directory is opened on the web interface, the lock status of the file cannot be updated in real time, and the page needs to be refreshed.

          The notification server uses websocket protocol and maintains a two-way communication connection with the client or the web interface. When the above changes occur, seaf-server will notify the notification server of the changes. Then the notification server can notify the client or the web interface in real time. This not only improves the real-time performance, but also reduces the performance overhead of the server.

          The notification server cannot work if you config Seafile server with SQLite database

          "},{"location":"extension/notification-server/#supported-update-reminder-types","title":"Supported update reminder types","text":"
          1. The library has been updated.
          2. File lock status changes under the library.
          3. Directory permission changes under the library.
          "},{"location":"extension/notification-server/#how-to-configure-and-run","title":"How to configure and run","text":"

          Since seafile-10.0.0, you can configure a notification server to send real-time notifications to clients. In order to run the notification server, you need to add the following configurations under seafile.conf\uff1a

          # jwt_private_key are required.You should generate it manually.\n[notification]\nenabled = true\n# the ip of notification server. (Do not modify the host when using Nginx or Apache, as Nginx or Apache will proxy the requests to this address)\nhost = 127.0.0.1\n# the port of notification server\nport = 8083\n# the log level of notification server\n# You can set log_level to debug to print messages sent to clients.\nlog_level = info\n# jwt_private_key is used to generate jwt token and authenticate seafile server\njwt_private_key = M@O8VWUb81YvmtWLHGB2I_V7di5-@0p(MF*GrE!sIws23F\n

          You can generate jwt_private_key with the following command\uff1a

          # generate jwt_private_key\nopenssl rand -base64 32\n

          We generally recommend deploying notification server behind nginx, the notification server can be supported by adding the following nginx configuration:

          map $http_upgrade $connection_upgrade {\ndefault upgrade;\n'' close;\n}\n\nserver {\n    location /notification/ping {\n        proxy_pass http://127.0.0.1:8083/ping;\n        access_log      /var/log/nginx/notif.access.log;\n        error_log       /var/log/nginx/notif.error.log;\n    }\n\n    location /notification {\n        proxy_pass http://127.0.0.1:8083/;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection $connection_upgrade;\n        access_log      /var/log/nginx/notif.access.log;\n        error_log       /var/log/nginx/notif.error.log;\n    }\n}\n

          Or add the configuration for Apache:

              ProxyPass /notification/ping  http://127.0.0.1:8083/ping/\n    ProxyPassReverse /notification/ping  http://127.0.0.1:8083/ping/\n\n    ProxyPass /notification  ws://127.0.0.1:8083/\n    ProxyPassReverse /notification ws://127.0.0.1:8083/\n

          According to apache ProxyPass document:

          The configured ProxyPass and ProxyPassMatch rules are checked in the order of configuration. The first rule that matches wins. So usually you should sort conflicting ProxyPass rules starting with the longest URLs first. Otherwise, later rules for longer URLS will be hidden by any earlier rule which uses a leading substring of the URL. Note that there is some relation with worker sharing.

          the final configuration for Apache should be like:

              #\n    # notification server\n    #\n    ProxyPass /notification/ping  http://127.0.0.1:8083/ping/\n    ProxyPassReverse /notification/ping  http://127.0.0.1:8083/ping/\n\n    ProxyPass /notification  ws://127.0.0.1:8083/\n    ProxyPassReverse /notification ws://127.0.0.1:8083/\n\n    #\n    # seafile fileserver\n    #\n    ProxyPass /seafhttp http://127.0.0.1:8082\n    ProxyPassReverse /seafhttp http://127.0.0.1:8082\n    RewriteRule ^/seafhttp - [QSA,L]\n\n    #\n    # seahub\n    #\n    SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n    ProxyPreserveHost On\n    ProxyPass / http://127.0.0.1:8000/\n    ProxyPassReverse / http://127.0.0.1:8000/\n

          After that, you can run notification server with the following command:

          ./seafile.sh restart\n
          "},{"location":"extension/notification-server/#checking-notification-server-status","title":"Checking notification server status","text":"

          When the notification server is working, you can access http://127.0.0.1:8083/ping from your browser, which will answer {\"ret\": \"pong\"}. If you have a proxy configured, you can access https://{server}/notification/ping from your browser instead.

          "},{"location":"extension/notification-server/#compatible-client","title":"Compatible client","text":"
          1. Seadrive 3.0.1 or later.
          2. Seafile client 8.0.11 or later.

          If the client works with notification server, there should be a log message in seafile.log or seadrive.log.

          Notification server is enabled on the remote server xxxx\n
          "},{"location":"extension/notification-server/#notification-server-in-seafile-cluster","title":"Notification Server in Seafile cluster","text":"

          There is no additional features for notification server in the Pro Edition. It works the same as in community edition.

          If you enable clustering, You need to deploy notification server on one of the servers, or a separate server. The load balancer should forward websockets requests to this node.

          On each Seafile frontend node, the notification server configuration should be the same as in community edition:

          [notification]\nenabled = true\n# the ip of notification server.\nhost = 192.168.1.134\n# the port of notification server\nport = 8083\n# the log level of notification server\nlog_level = info\n# jwt_private_key is used to generate jwt token and authenticate seafile server\njwt_private_key = M@O8VWUb81YvmtWLHGB2I_V7di5-@0p(MF*GrE!sIws23F\n

          You need to configure load balancer according to the following forwarding rules:

          1. Forward /notification/ping requests to notification server via http protocol.
          2. Forward websockets requests with URL prefix /notification to notification server.

          Here is a configuration that uses haproxy to support notification server. Haproxy version needs to be >= 2.0. You should use similar configurations for other load balancers.

          #/etc/haproxy/haproxy.cfg\n\n# Other existing haproxy configurations\n......\n\nfrontend seafile\n    bind 0.0.0.0:80\n    mode http\n    option httplog\n    option dontlognull\n    option forwardfor\n    acl notif_ping_request  url_sub -i /notification/ping\n    acl ws_requests  url -i /notification\n    acl hdr_connection_upgrade hdr(Connection)  -i upgrade\n    acl hdr_upgrade_websocket  hdr(Upgrade)     -i websocket\n    use_backend ws_backend if hdr_connection_upgrade hdr_upgrade_websocket\n    use_backend notif_ping_backend if notif_ping_request\n    use_backend ws_backend if ws_requests\n    default_backend backup_nodes\n\nbackend backup_nodes\n    cookie SERVERID insert indirect nocache\n    server seafileserver01 192.168.0.137:80\n\nbackend notif_ping_backend\n    option forwardfor\n    server ws 192.168.0.137:8083\n\nbackend ws_backend\n    option forwardfor # This sets X-Forwarded-For\n    server ws 192.168.0.137:8083\n
          "},{"location":"extension/office_web_app/","title":"Office Online Server","text":"

          In Seafile Professional Server Version 4.4.0 (or above), you can use Microsoft Office Online Server (formerly named Office Web Apps) to preview documents online. Office Online Server provides the best preview for all Office format files. It also support collaborative editing of Office files directly in the web browser. For organizations with Microsoft Office Volume License, it's free to use Office Online Server. For more information about Office Online Server and how to deploy it, please refer to https://technet.microsoft.com/en-us/library/jj219455(v=office.16).aspx.

          Seafile only supports Office Online Server 2016 and above

          To use Office Online Server for preview, please add following config option to seahub_settings.py.

          # Enable Office Online Server\nENABLE_OFFICE_WEB_APP = True\n\n# Url of Office Online Server's discovery page\n# The discovery page tells Seafile how to interact with Office Online Server when view file online\n# You should change `http://example.office-web-app.com` to your actual Office Online Server server address\nOFFICE_WEB_APP_BASE_URL = 'http://example.office-web-app.com/hosting/discovery'\n\n# Expiration of WOPI access token\n# WOPI access token is a string used by Seafile to determine the file's\n# identity and permissions when use Office Online Server view it online\n# And for security reason, this token should expire after a set time period\nWOPI_ACCESS_TOKEN_EXPIRATION = 60 * 60 * 24 # seconds\n\n# List of file formats that you want to view through Office Online Server\n# You can change this value according to your preferences\n# And of course you should make sure your Office Online Server supports to preview\n# the files with the specified extensions\nOFFICE_WEB_APP_FILE_EXTENSION = ('ods', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt',\n    'pptm', 'pptx', 'doc', 'docm', 'docx')\n\n# Enable edit files through Office Online Server\nENABLE_OFFICE_WEB_APP_EDIT = True\n\n# types of files should be editable through Office Online Server\n# Note, Office Online Server 2016 is needed for editing docx\nOFFICE_WEB_APP_EDIT_FILE_EXTENSION = ('xlsx', 'pptx', 'docx')\n\n\n# HTTPS authentication related (optional)\n\n# Server certificates\n# Path to a CA_BUNDLE file or directory with certificates of trusted CAs\n# NOTE: If set this setting to a directory, the directory must have been processed using the c_rehash utility supplied with OpenSSL.\nOFFICE_WEB_APP_SERVER_CA = '/path/to/certfile'\n\n\n# Client certificates\n# You can specify a single file (containing the private key and the certificate) to use as client side certificate\nOFFICE_WEB_APP_CLIENT_PEM = 'path/to/client.pem'\n\n# or you can specify these two file path to use as client side certificate\nOFFICE_WEB_APP_CLIENT_CERT = 'path/to/client.cert'\nOFFICE_WEB_APP_CLIENT_KEY = 'path/to/client.key'\n

          Then restart

          ./seafile.sh restart\n./seahub.sh restart\n

          After you click the document you specified in seahub_settings.py, you will see the new preview page.

          "},{"location":"extension/office_web_app/#trouble-shooting","title":"Trouble shooting","text":"

          Understanding how the web app integration works is going to help you debugging the problem. When a user visits a file page:

          1. (seahub->browser) Seahub will generate a page containing an iframe and send it to the browser
          2. (browser->office online server) With the iframe, the browser will try to load the file preview page from the office online server
          3. (office online server->seahub) office online server receives the request and sends a request to Seahub to get the file content
          4. (office online server->browser) office online server sends the file preview page to the browser.

          Please check the Nginx log for Seahub (for step 3) and Office Online Server to see which step is wrong.

          Warning

          You should make sure you have configured at least a few GB of paging files in your Windows system. Otherwise the IIS worker processes may die randomly when handling Office Online requests.

          "},{"location":"extension/only_office/","title":"OnlyOffice","text":"

          From version 6.1.0+ on (including CE), Seafile supports OnlyOffice to view/edit office files online. In order to use OnlyOffice, you must first deploy an OnlyOffice server.

          Deployment Tips

          You can deploy OnlyOffice to the same machine as Seafile (only support deploying with Docker with sufficient cores and RAM) using the onlyoffice.yml provided by Seafile according to this document, or you can deploy it to a different machine according to OnlyOffice official document.

          "},{"location":"extension/only_office/#generate-jwt-token-shared-secret","title":"Generate JWT-Token (shared secret)","text":"

          From Seafile 12.0, OnlyOffice's JWT verification will be forced to enable

          Secure communication between Seafile and OnlyOffice is granted by a shared secret. You can get the JWT secret by following command

          pwgen -s 40 1\n
          "},{"location":"extension/only_office/#deployment-of-onlyoffice","title":"Deployment of OnlyOffice","text":"

          Download the onlyoffice.yml

          wget https://manual.seafile.com/12.0/docker/onlyoffice.yml\n

          insert onlyoffice.yml into COMPOSE_FILE list (i.e., COMPOSE_FILE='...,onlyoffice.yml'), and add the following configurations of onlyoffice in .env file.

          # OnlyOffice image\nONLYOFFICE_IMAGE=onlyoffice/documentserver:8.1.0.1\n\n# Persistent storage directory of OnlyOffice\nONLYOFFICE_VOLUME=/opt/onlyoffice\n\n# OnlyOffice document server port\nONLYOFFICE_PORT=6233\n\n# jwt secret, generated by `pwgen -s 40 1` \nONLYOFFICE_JWT_SECRET=<your jwt secret>\n

          Also modify seahub_settings.py

          ENABLE_ONLYOFFICE = True\nONLYOFFICE_APIJS_URL = 'https://seafile.example.com:6233/web-apps/apps/api/documents/api.js'\nONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')\nONLYOFFICE_JWT_SECRET = '<your jwt secret>'\n

          By default OnlyOffice will use port 6233 used for communication between Seafile and Document Server, You can modify the bound port by specifying ONLYOFFICE_PORT, and port in the term ONLYOFFICE_APIJS_URL in seahub_settings.py has been modified together.

          "},{"location":"extension/only_office/#advanced-custom-settings-of-onlyoffice","title":"Advanced: Custom settings of OnlyOffice","text":"

          The following configuration options are only for OnlyOffice experts. You can create and mount a custom configuration file called local-production-linux.json to force some settings.

          nano local-production-linux.json\n

          For example, you can configure OnlyOffice to automatically save by copying the following code block in this file:

          {\n  \"services\": {\n    \"CoAuthoring\": {\n      \"autoAssembly\": {\n        \"enable\": true,\n        \"interval\": \"5m\"\n      }\n    }\n  },\n  \"FileConverter\": {\n    \"converter\": {\n      \"downloadAttemptMaxCount\": 3\n    }\n  }\n}\n

          Mount this config file into your onlyoffice block in onlyoffice.yml:

          service:\n  ...\n  onlyoffice:\n    ...\n    volumes:\n      ...\n      - <Your path to local-production-linux.json>:/etc/onlyoffice/documentserver/local-production-linux.json\n...\n

          For more information you can check the official documentation: https://api.onlyoffice.com/editors/signature/ and https://github.com/ONLYOFFICE/Docker-DocumentServer#available-configuration-parameters

          "},{"location":"extension/only_office/#restart-seafile-docker-instance-and-test-that-onlyoffice-is-running","title":"Restart Seafile-docker instance and test that OnlyOffice is running","text":"
          docker-compose down\ndocker-compose up -d\n

          After the installation process is finished, visit this page to make sure you have deployed OnlyOffice successfully: http{s}://{your Seafile server's domain or IP}:6233/welcome, you will get Document Server is running info at this page.

          "},{"location":"extension/only_office/#faq","title":"FAQ","text":""},{"location":"extension/only_office/#download-failed","title":"Download failed","text":"

          Firstly, run docker logs -f seafile-onlyoffice, then open an office file. After the \"Download failed.\" error appears on the page, observe the logs for the following error:

          ==> /var/log/onlyoffice/documentserver/converter/out.log <==\n...\nError: DNS lookup {local IP} (family:undefined, host:undefined) is not allowed. Because, It is a private IP address.\n...\n

          If it shows this error message and you haven't enabled JWT while using a local network, then it's likely due to an error triggered proactively by OnlyOffice server for enhanced security. (https://github.com/ONLYOFFICE/DocumentServer/issues/2268#issuecomment-1600787905)

          So, as mentioned in the post, we highly recommend you enabling JWT in your integrations to fix this problem.

          "},{"location":"extension/only_office/#the-document-security-token-is-not-correctly-formed","title":"The document security token is not correctly formed","text":"

          Starting from OnlyOffice Docker-DocumentServer version 7.2, JWT is enabled by default on OnlyOffice server.

          So, for security reason, please Configure OnlyOffice to use JWT Secret.

          "},{"location":"extension/only_office/#onlyoffice-on-a-separate-host-and-url","title":"OnlyOffice on a separate host and URL","text":"

          In general, you only need to specify the values \u200b\u200bof the following fields in seahub_settings.py and then restart the service.

          ENABLE_ONLYOFFICE = True\nONLYOFFICE_APIJS_URL = 'http{s}://<Your OnlyOffice host url>/web-apps/apps/api/documents/api.js'\nONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')\nONLYOFFICE_JWT_SECRET = '<your jwt secret>'\n
          "},{"location":"extension/only_office/#about-ssl","title":"About SSL","text":"

          For deployments using the onlyoffice.yml file in this document, SSL is primarily handled by the Caddy. If the OnlyOffice document server and Seafile server are not on the same machine, please refer to the official document to configure SSL for OnlyOffice.

          "},{"location":"extension/setup_seadoc/","title":"SeaDoc Integration","text":"

          SeaDoc is an extension of Seafile that providing an online collaborative document editor.

          SeaDoc designed around the following key ideas:

          • An expressive easy to use editor
          • A review and approval workflow to better control how contents changes
          • Inter-document linking for connecting related contents
          • AI integration that streamlines content generation, summarization, and management
          • Comprehensive APIs for automating document generating and processing

          SeaDoc excels at:

          • Authoring product and technical documents
          • Creating knowledge base articles and online manuals
          • Building internal Wikis
          "},{"location":"extension/setup_seadoc/#architecture","title":"Architecture","text":"

          The SeaDoc archticture is demonstrated as below:

          Here is the workflow when a user open sdoc file in browser

          1. When a user open a sdoc file in the browser, a file loading request will be sent to Caddy, and Caddy proxy the request to SeaDoc server (see Seafile instance archticture for the details).
          2. SeaDoc server will send the file's content back if it is already cached, otherwise SeaDoc serve will sends a request to Seafile server.
          3. Seafile server loads the content, then sends it to SeaDoc server and write it to the cache at the same time.
          4. After SeaDoc receives the content, it will be sent to the browser.
          "},{"location":"extension/setup_seadoc/#deployment-method","title":"Deployment method","text":"

          SeaDoc has the following deployment methods:

          SeaDoc and Seafile docker are deployed on the same hostDeploy SeaDoc on a new host

          Download the seadoc.yml and integrate SeaDoc in Seafile docker.

          wget https://manual.seafile.com/12.0/docker/seadoc.yml\n

          Modify .env, and insert seadoc.yml into COMPOSE_FILE, and enable SeaDoc server

          COMPOSE_FILE='seafile-server.yml,caddy.yml,seadoc.yml'\n\nENABLE_SEADOC=true\nSEADOC_SERVER_URL=https://example.seafile.com/sdoc-server\n

          Download and modify the .env and seadoc.yml files.

          wget https://manual.seafile.com/12.0/docker/seadoc/1.0/standalone/seadoc.yml\nwget -o .env https://manual.seafile.com/12.0/docker/seadoc/1.0/standalone/env.yml\n
          Then modify the .env file according to your environment. The following fields are needed to be modified:

          variable description SEADOC_VOLUME The volume directory of SeaDoc data SEAFILE_MYSQL_DB_HOST Seafile MySQL host SEAFILE_MYSQL_DB_USER Seafile MySQL user, default is seafile SEAFILE_MYSQL_DB_PASSWORD Seafile MySQL password TIME_ZONE Time zone JWT_PRIVATE_KEY JWT key, the same as the config in Seafile .env file SEAFILE_SERVER_HOSTNAME Seafile host name SEAFILE_SERVER_PROTOCOL http or https SEADOC_SERVER_URL SeaDoc service URL

          Note

          Please bind SeaDoc server url and ip in the load balance(or reverse proxy) configuration after starting SeaDoc server

          Start SeaDoc server with the following command

          docker compose up -d\n

          Now you can use SeaDoc!

          "},{"location":"extension/setup_seadoc/#seadoc-directory-structure","title":"SeaDoc directory structure","text":"

          /opt/seadoc-data

          Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various log files outside. This allows you to rebuild containers easily without losing important information.

          • /opt/seadoc-data/logs: This is the directory for SeaDoc logs.
          "},{"location":"extension/setup_seadoc/#database-used-by-seadoc","title":"Database used by SeaDoc","text":"

          SeaDoc used one database table seahub_db.sdoc_operation_log to store operation logs.

          "},{"location":"extension/virus_scan/","title":"Virus Scan","text":"

          Seafile can scan uploaded files for malicious content in the background. When configured to run periodically, the scan process scans all existing libraries on the server. In each scan, the process only scans newly uploaded/updated files since the last scan. For each file, the process executes a user-specified virus scan command to check whether the file is a virus or not. Most anti-virus programs provide command line utility for Linux.

          To enable this feature, add the following options to seafile.conf:

          [virus_scan]\nscan_command = (command for checking virus)\nvirus_code = (command exit codes when file is virus)\nnonvirus_code = (command exit codes when file is not virus)\nscan_interval = (scanning interval, in unit of minutes, default to 60 minutes)\n

          More details about the options:

          • On Linux/Unix, most virus scan commands returns specific exit codes for virus and non-virus. You should consult the manual of your anti-virus program for more information.

          An example for ClamAV (http://www.clamav.net/) is provided below:

          [virus_scan]\nscan_command = clamscan\nvirus_code = 1\nnonvirus_code = 0\n

          To test whether your configuration works, you can trigger a scan manually:

          cd seafile-server-latest\n./pro/pro.py virus_scan\n

          If a virus was detected, you can see scan records and delete infected files on the Virus Scan page in the admin area.

          Note

          If you directly use clamav command line tool to scan files, scanning files will takes a lot of time. If you want to speed it up, we recommend to run Clamav as a daemon. Please refer to Run ClamAV as a Daemon

          When run Clamav as a daemon, the scan_command should be clamdscan in seafile.conf. An example for Clamav-daemon is provided below: 

          [virus_scan]\nscan_command = clamdscan\nvirus_code = 1\nnonvirus_code = 0\n

          Since Pro edition 6.0.0, a few more options are added to provide finer grained control for virus scan.

          [virus_scan]\n......\nscan_size_limit = (size limit for files to be scanned) # The unit is MB.\nscan_skip_ext = (a comma (',') separated list of file extensions to be ignored)\nthreads = (number of concurrent threads for scan, one thread for one file, default to 4)\n

          The file extensions should start with '.'. The extensions are case insensitive. By default, files with following extensions will be ignored:

          .bmp, .gif, .ico, .png, .jpg, .mp3, .mp4, .wav, .avi, .rmvb, .mkv\n

          The list you provide will override default list.

          "},{"location":"extension/virus_scan/#scanning-files-on-upload","title":"Scanning Files on Upload","text":"

          You may also configure Seafile to scan files for virus upon the files are uploaded. This only works for files uploaded via web interface or web APIs. Files uploaded with syncing or SeaDrive clients cannot be scanned on upload due to performance consideration.

          You may scan files uploaded from shared upload links by adding the option below to seahub_settings.py:

          ENABLE_UPLOAD_LINK_VIRUS_CHECK = True\n

          Since Pro Edition 11.0.7, you may scan all uploaded files via web APIs by adding the option below to seafile.conf:

          [fileserver]\ncheck_virus_on_web_upload = true\n
          "},{"location":"extension/virus_scan_with_clamav/","title":"Deploy ClamAV with Seafile","text":""},{"location":"extension/virus_scan_with_clamav/#deploy-with-docker","title":"Deploy with Docker","text":"

          If your Seafile server is deployed using Docker, we also recommend that you use Docker to deploy ClamAV by following the steps below, otherwise you can deploy it from binary package of ClamAV.

          "},{"location":"extension/virus_scan_with_clamav/#download-clamavyml-and-insert-to-docker-compose-lists-in-env","title":"Download clamav.yml and insert to Docker-compose lists in .env","text":"

          Download clamav.yml

          wget https://manual.seafile.com/12.0/docker/pro/clamav.yml\n

          Modify .env, insert clamav.yml to field COMPOSE_FILE

          COMPOSE_FILE='seafile-server.yml,caddy.yml,clamav.yml'\n
          "},{"location":"extension/virus_scan_with_clamav/#modify-seafileconf","title":"Modify seafile.conf","text":"

          Add the following statements to seafile.conf

          [virus_scan]\nscan_command = clamdscan\nvirus_code = 1\nnonvirus_code = 0\nscan_interval = 5\nscan_size_limit = 20\nthreads = 2\n
          "},{"location":"extension/virus_scan_with_clamav/#restart-docker-container","title":"Restart docker container","text":"
          docker compose down\ndocker compose up -d \n

          Wait some minutes until Clamav finished initializing.

          Now Clamav can be used.

          "},{"location":"extension/virus_scan_with_clamav/#use-clamav-in-binary-based-deployment","title":"Use ClamAV in binary based deployment","text":""},{"location":"extension/virus_scan_with_clamav/#install-clamav-daemon-clamav-freshclam","title":"Install clamav-daemon & clamav-freshclam","text":"
          apt-get install clamav-daemon clamav-freshclam\n

          You should run Clamd with a root permission to scan any files. Edit the conf /etc/clamav/clamd.conf,change the following line:

          LocalSocketGroup root\nUser root\n
          "},{"location":"extension/virus_scan_with_clamav/#start-the-clamav-daemon","title":"Start the clamav-daemon","text":"
          systemctl start clamav-daemon\n

          Test the software

          $ curl https://secure.eicar.org/eicar.com.txt | clamdscan -\n

          The output must include:

          stream: Eicar-Test-Signature FOUND\n
          "},{"location":"extension/virus_scan_with_kav4fs/","title":"Virus Scan with kav4fs","text":""},{"location":"extension/virus_scan_with_kav4fs/#prerequisite","title":"Prerequisite","text":"

          Assume you have installed Kaspersky Anti-Virus for Linux File Server on the Seafile Server machine.

          If the user that runs Seafile Server is not root, it should have sudoers privilege to avoid writing password when running kav4fs-control. Add following content to /etc/sudoers:

          <user of running seafile server>    ALL=(ALL:ALL) ALL\n<user of running seafile server> ALL=NOPASSWD: /opt/kaspersky/kav4fs/bin/kav4fs-control\n
          "},{"location":"extension/virus_scan_with_kav4fs/#script","title":"Script","text":"

          As the return code of kav4fs cannot reflect the file scan result, we use a shell wrapper script to parse the scan output and based on the parse result to return different return codes to reflect the scan result.

          Save following contents to a file such as kav4fs_scan.sh:

          #!/bin/bash\n\nTEMP_LOG_FILE=`mktemp /tmp/XXXXXXXXXX`\nVIRUS_FOUND=1\nCLEAN=0\nUNDEFINED=2\nKAV4FS='/opt/kaspersky/kav4fs/bin/kav4fs-control'\nif [ ! -x $KAV4FS ]\nthen\n    echo \"Binary not executable\"\n    exit $UNDEFINED\nfi\n\nsudo $KAV4FS --scan-file \"$1\" > $TEMP_LOG_FILE\nif [ \"$?\" -ne 0 ]\nthen\n    echo \"Error due to check file '$1'\"\n    exit 3\nfi\nTHREATS_C=`grep 'Threats found:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nRISKWARE_C=`grep 'Riskware found:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nINFECTED=`grep 'Infected:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nSUSPICIOUS=`grep 'Suspicious:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nSCAN_ERRORS_C=`grep 'Scan errors:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nPASSWORD_PROTECTED=`grep 'Password protected:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nCORRUPTED=`grep 'Corrupted:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\n\nrm -f $TEMP_LOG_FILE\n\nif [ $THREATS_C -gt 0 -o $RISKWARE_C -gt 0 -o $INFECTED -gt 0 -o $SUSPICIOUS -gt 0 ]\nthen\n    exit $VIRUS_FOUND\nelif [ $SCAN_ERRORS_C -gt 0 -o $PASSWORD_PROTECTED -gt 0 -o $CORRUPTED -gt 0 ]\nthen\n    exit $UNDEFINED\nelse\n    exit $CLEAN\nfi\n

          Grant execute permissions for the script (make sure it is owned by the user Seafile is running as):

          chmod u+x kav4fs_scan.sh\n

          The meaning of the script return code:

          1: found virus\n0: no virus\nother: scan failed\n
          "},{"location":"extension/virus_scan_with_kav4fs/#configuration","title":"Configuration","text":"

          Add following content to seafile.conf:

          [virus_scan]\nscan_command = <absolute path of kav4fs_scan.sh>\nvirus_code = 1\nnonvirus_code = 0\nscan_interval = <scanning interval, in unit of minutes, default to 60 minutes>\n
          "},{"location":"extension/webdav/","title":"WebDAV extension","text":"

          In the document below, we assume your seafile installation folder is /opt/seafile.

          "},{"location":"extension/webdav/#config-webdav-extension","title":"Config WebDAV extension","text":"

          The configuration file is /opt/seafile/conf/seafdav.conf. If it is not created already, you can just create the file.

          [WEBDAV]\n\n# Default is false. Change it to true to enable SeafDAV server.\nenabled = true\n\nport = 8080\ndebug = true\n\n# If you deploy seafdav behind nginx/apache, you need to modify \"share_name\".\nshare_name = /seafdav\n\n# SeafDAV uses Gunicorn as web server.\n# This option maps to Gunicorn's 'workers' setting. https://docs.gunicorn.org/en/stable/settings.html?#workers\n# By default it's set to 5 processes.\nworkers = 5\n\n# This option maps to Gunicorn's 'timeout' setting. https://docs.gunicorn.org/en/stable/settings.html?#timeout\n# By default it's set to 1200 seconds, to support large file uploads.\ntimeout = 1200\n

          Every time the configuration is modified, you need to restart seafile server to make it take effect.

          ./seafile.sh restart\n

          Your WebDAV client would visit the Seafile WebDAV server at http://example.com:8080/seafdav

          In Pro edition 7.1.8 version and community edition 7.1.5, an option is added to append library ID to the library name returned by SeafDAV.

          show_repo_id=true\n
          "},{"location":"extension/webdav/#proxy","title":"Proxy","text":"NginxApache

          For Seafdav, the configuration of Nginx is as follows:

          .....\n\n    location /seafdav {\n        rewrite ^/seafdav$ /seafdav/ permanent;\n    }\n\n    location /seafdav/ {\n        proxy_pass         http://127.0.0.1:8080/seafdav/;\n        proxy_set_header   Host $host;\n        proxy_set_header   X-Real-IP $remote_addr;\n        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header   X-Forwarded-Host $server_name;\n        proxy_set_header   X-Forwarded-Proto $scheme;\n        proxy_read_timeout  1200s;\n        client_max_body_size 0;\n\ufeff\n        access_log      /var/log/nginx/seafdav.access.log seafileformat;\n        error_log       /var/log/nginx/seafdav.error.log;\n    }\n\n    location /:dir_browser {\n        proxy_pass         http://127.0.0.1:8080/:dir_browser;\n    }\n

          For Seafdav, the configuration of Apache is as follows:

          ......\n    <Location /seafdav>\n        ProxyPass \"http://127.0.0.1:8080/seafdav\"\n    </Location>\n
          "},{"location":"extension/webdav/#notes-on-clients","title":"Notes on Clients","text":"

          Please first note that, there are some known performance limitation when you map a Seafile webdav server as a local file system (or network drive).

          • Uploading large number of files at once is usually much slower than the syncing client. That's because each file needs to be committed separately.
          • The access to the webdav server may be slow sometimes. That's because the local file system driver sends a lot of unnecessary requests to get the files' attributes.

          So WebDAV is more suitable for infrequent file access. If you want better performance, please use the sync client instead.

          WindowsLinuxMac OS X

          Windows Explorer supports HTTPS connection. But it requires a valid certificate on the server. It's generally recommended to use Windows Explorer to map a webdav server as network dirve. If you use a self-signed certificate, you have to add the certificate's CA into Windows' system CA store.

          On Linux you have more choices. You can use file manager such as Nautilus to connect to webdav server. Or you can use davfs2 from the command line.

          To use davfs2

          sudo apt-get install davfs2\nsudo mount -t davfs -o uid=<username> https://example.com/seafdav /media/seafdav/\n

          The -o option sets the owner of the mounted directory to so that it's writable for non-root users.

          It's recommended to disable LOCK operation for davfs2. You have to edit /etc/davfs2/davfs2.conf

          use_locks       0\n

          Finder's support for WebDAV is also not very stable and slow. So it is recommended to use a webdav client software such as Cyberduck.

          "},{"location":"extension/webdav/#frequently-asked-questions","title":"Frequently Asked Questions","text":""},{"location":"extension/webdav/#clients-cant-connect-to-seafdav-server","title":"Clients can't connect to seafdav server","text":"

          By default, seafdav is disabled. Check whether you have enabled = true in seafdav.conf. If not, modify it and restart seafile server.

          "},{"location":"extension/webdav/#the-client-gets-error-404-not-found","title":"The client gets \"Error: 404 Not Found\"","text":"

          If you deploy SeafDAV behind Nginx/Apache, make sure to change the value of share_name as the sample configuration above. Restart your seafile server and try again.

          "},{"location":"extension/webdav/#cant-renamemove-filefolder","title":"Can't rename/move file/folder","text":"

          First, check the seafdav.log to see if there is log like the following. 

          \"MOVE ... -> 502 Bad Gateway\n

          If you have enabled debug, there will also be the following log. 

          09:47:06.533 - DEBUG   : Raising DAVError 502 Bad Gateway: Source and destination must have the same scheme.\nIf you are running behind a reverse proxy, you may have to rewrite the 'Destination' header.\n(See https://github.com/mar10/wsgidav/issues/183)\n\n09:47:06.533 - DEBUG   : Caught (502, \"Source and destination must have the same scheme.\\nIf you are running behind a reverse proxy, you may have to rewrite the 'Destination' header.\\n(See https://github.com/mar10/wsgidav/issues/183)\")\n

          This issue usually occurs when you have configured HTTPS, but the request was forwarded, resulting in the HTTP_X_FORWARDED_PROTO value in the request received by Seafile not being HTTPS.

          You can solve this by manually changing the value of HTTP_X_FORWARDED_PROTO. For example, in nginx, change 

          proxy_set_header X-Forwarded-Proto $scheme;\n

          to

          proxy_set_header X-Forwarded-Proto https;\n
          "},{"location":"extension/webdav/#windows-explorer-reports-file-size-exceeds-the-limit-allowed-and-cannot-be-saved","title":"Windows Explorer reports \"file size exceeds the limit allowed and cannot be saved\"","text":"

          This happens when you map webdav as a network drive, and tries to copy a file larger than about 50MB from the network drive to a local folder.

          This is because Windows Explorer has a limit of the file size downloaded from webdav server. To make this size large, change the registry entry on the client machine. There is a registry key named FileSizeLimitInBytes under HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> WebClient -> Parameters.

          "},{"location":"introduction/components/","title":"Seafile Components","text":"

          Seafile Server consists of the following two components:

          • Seahub (django)\uff1athe web frontend. Seafile server package contains a light-weight Python HTTP server gunicorn that serves the website. By default, Seahub runs as an application within gunicorn. You can also configure Seahub to run under WSGI mode behind Nginx or Apache. This is recommended for production setups.
          • Seafile server (seaf-server)\uff1adata service daemon, handles raw file upload, download and synchronization. Seafile server by default listens on port 8082. You can configure Nginx/Apache to proxy traffic to the local 8082 port.

          The picture below shows how Seafile clients access files when you configure Seafile behind Nginx/Apache.

          Tip

          All access to the Seafile service (including Seahub and Seafile server) can be configured behind Nginx or Apache web server. This way all network traffic to the service can be encrypted with HTTPS.

          "},{"location":"introduction/contribution/","title":"Contribution","text":""},{"location":"introduction/contribution/#licensing","title":"Licensing","text":"

          The different components of Seafile project are released under different licenses:

          • Seafile iOS client: Apache License v2
          • Seafile Android client: GPLv3
          • Desktop syncing client: GPLv2
          • Seafile Server core: AGPLv3
          • Seahub (Seafile server Web UI): Apache License v2
          "},{"location":"introduction/contribution/#discussion","title":"Discussion","text":"

          Forum: https://forum.seafile.com

          Follow us @seafile https://twitter.com/seafile

          "},{"location":"introduction/contribution/#report-a-bug","title":"Report a Bug","text":"
          • Please report a bug in our forum, this is a preferred way.
          • You can also report a bug in GitHub https://github.com/haiwen/seafile/issues?state=open
          "},{"location":"introduction/file_permission_management/","title":"File permission management","text":"

          Seafile manages files using libraries. Every library has an owner, who can share the library to other users or share it with groups. The sharing can be read-only or read-write.

          "},{"location":"introduction/file_permission_management/#read-only-syncing","title":"Read-only syncing","text":"

          Read-only libraries can be synced to local desktop. The modifications at the client will not be synced back. If a user has modified some file contents, he can use \"resync\" to revert the modifications.

          "},{"location":"introduction/file_permission_management/#cascading-permissionsub-folder-permissions-pro-edition","title":"Cascading permission/Sub-folder permissions (Pro edition)","text":"

          Sharing controls whether a user or group can see a library, while sub-folder permissions are used to modify permissions on specific folders.

          Supposing you share a library as read-only to a group and then want specific sub-folders to be read-write for a few users, you can set read-write permissions on sub-folders for some users and groups.

          Note

          • Setting sub-folder permission for a user without sharing the folder or parent folder to that user will have no effect.
          • Sharing a library read-only to a user and then sharing a sub-folder read-write to that user will lead to two shared items for that user. This is going to cause confusion. Use sub-folder permissions instead.
          "},{"location":"introduction/roadmap/","title":"Roadmap","text":"

          Please check https://www.seafile.com/en/roadmap/

          "},{"location":"outdate/change_default_java/","title":"Change default java","text":"

          When you have both Java 6 and Java 7 installed, the default Java may not be Java 7.

          Do this by typing java -version, and check the output.

          • If the output is like \"java version \"1.7.0_xx\", then the default Java is Java 7, which is good.
          • If the output is like \"java version \"1.6.0_xx\", then the default Java is Java 6, we need to configure default Java to Java 7.

          If the default Java is Java 6, then do

          On Debian/Ubuntu: 

          sudo update-alternatives --config java\n

          On CentOS/RHEL: 

          sudo alternatives --config java\n

          The above command will ask you to choose one of the installed Java versions as default. You should choose Java 7 here.

          After that, re-run java -version to make sure the change has taken effect.

          Reference link

          "},{"location":"outdate/kerberos_config/","title":"Kerberos config","text":""},{"location":"outdate/kerberos_config/#kerberos","title":"Kerberos","text":"

          NOTE: Since version 7.0, this documenation is deprecated. Users should use Apache as a proxy server for Kerberos authentication. Then configure Seahub by the instructions in Remote User Authentication.

          Kerberos is a widely used single sign on (SSO) protocol. Seafile server supports authentication via Kerberos. It allows users to log in to Seafile without entering credentials again if they have a kerberos ticket.

          In this documentation, we assume the reader is familiar with Kerberos installation and configuration.

          Seahub provides a special URL to handle Kerberos login. The URL is https://your-server/krb5-login. Only this URL needs to be configured under Kerberos protection. All other URLs don't go through the Kerberos module. The overall workflow for a user to login with Kerberos is as follows:

          1. In the Seafile login page, there is a separate \"Kerberos\" login button. When the user clicks the button, it will be redirected to https://your-server/krb5-login.
          2. Since that URL is controlled by Kerberos, the apache module will try to get a Ticket from the Kerberos server.
          3. Seahub reads the user information from the request and brings the user to its home page.
          4. Further requests to Seahub will not pass through the Kerberos module. Since Seahub keeps session information internally, the user doesn't need to login again until the session expires.

          The configuration includes three steps:

          1. Get a keytab for Apache from Kerberos
          2. Configure Apache
          3. Configure Seahub
          "},{"location":"outdate/kerberos_config/#get-keytab-for-apache","title":"Get keytab for Apache","text":"

          Store the keytab under the name defined below and make it accessible only to the apache user (e.g. httpd or www-data and chmod 600).

          "},{"location":"outdate/kerberos_config/#apache-configuration","title":"Apache Configuration","text":"

          You should create a new location in your virtual host configuration for Kerberos.

          <IfModule mod_ssl.c>\n    <VirtualHost _default_:443>\n        ServerName seafile.example.com\n        DocumentRoot /var/www\n...\n        <Location /krb5-login/>\n            SSLRequireSSL\n            AuthType Kerberos\n            AuthName \"Kerberos EXAMPLE.ORG\"\n            KrbMethodNegotiate On\n            KrbMethodK5Passwd On\n            Krb5KeyTab /etc/apache2/conf.d/http.keytab\n            #ErrorDocument 401 '<html><meta http-equiv=\"refresh\" content=\"0; URL=/accounts/login\"><body>Kerberos authentication did not pass.</body></html>'\n            Require valid-user\n        </Location>\n...\n    </VirtualHost>\n</IfModule>\n

          After restarting Apache, you should see in the Apache logs that user@REALM is used when accessing https://seafile.example.com/krb5-login/.

          "},{"location":"outdate/kerberos_config/#configure-seahub","title":"Configure Seahub","text":"

          Seahub extracts the username from the REMOTE_USER environment variable.

          Now we have to tell Seahub what to do with the authentication information passed in by Kerberos.

          Add the following option to seahub_settings.py.

          ENABLE_KRB5_LOGIN = True\n
          "},{"location":"outdate/kerberos_config/#verify","title":"Verify","text":"

          After restarting Apache and Seafile services, you can test the Kerberos login workflow.

          "},{"location":"outdate/outlook_addin_config/","title":"SSO for Seafile Outlook Add-in","text":"

          The Seafile Add-in for Outlook natively supports authentication via username and password. In order to authenticate with SSO, the add-in utilizes SSO support integrated in Seafile's webinterface Seahub.

          Specifically, this is how SSO with the add-in works :

          • When clicking the SSO button in the add-in, the add-in opens a browser window and requests http(s)://SEAFILE_SERVER_URL/outlook/
          • A PHP script redirects the request to http(s)://SEAFILE_SERVER_URL/accounts/login/ including a redirect request to /outlook/ following a successful authentication (e.g., https://demo.seafile.com/accounts/login/?next=/jwt-sso/?page=/outlook/)
          • The identity provider signals to Seafile the user's successful authentication
          • The PHP script sends an API-token to the add-in
          • The add-in authorizes all API calls with the API-token

          This document explains how to configure Seafile and the reverse proxy and how to deploy the PHP script.

          "},{"location":"outdate/outlook_addin_config/#requirements","title":"Requirements","text":"

          SSO authentication must be configured in Seafile.

          Seafile Server must be version 8.0 or above.

          "},{"location":"outdate/outlook_addin_config/#installing-prerequisites","title":"Installing prerequisites","text":"

          The packages php, composer, firebase-jwt, and guzzle must be installed. PHP can usually be downloaded and installed via the distribution's official repositories. firebase-jwt and guzzle are installed using composer.

          First, install the php package and check the installed version: 

          # CentOS/RedHat\n$ sudo yum install -y php-fpm php-curl\n$ php --version\n\n# Debian/Ubuntu\n$ sudo apt install -y php-fpm php-curl\n$ php --version\n

          Second, install composer. You find an up-to-date install manual at https://getcomposer.org/ for CentOS, Debian, and Ubuntu.

          Third, use composer to install firebase-jwt and guzzle in a new directory in /var/www: 

          $ mkdir -p /var/www/outlook-sso\n$ cd /var/www/outlook-sso\n$ composer require firebase/php-jwt guzzlehttp/guzzle\n

          "},{"location":"outdate/outlook_addin_config/#configuring-seahub","title":"Configuring Seahub","text":"

          Add this block to the config file seahub_settings.py using a text editor:

          ENABLE_JWT_SSO = True\nJWT_SSO_SECRET_KEY = 'SHARED_SECRET'\nENABLE_SYS_ADMIN_GENERATE_USER_AUTH_TOKEN = True\n

          Replace SHARED_SECRET with a secret of your own.

          "},{"location":"outdate/outlook_addin_config/#configuring-the-proxy-server","title":"Configuring the proxy server","text":"

          The configuration depends on the proxy server use.

          If you use nginx, add the following location block to the nginx configuration:

          location /outlook {\n    alias /var/www/outlook-sso/public;\n    index index.php;\n    location ~ \\.php$ {\n      fastcgi_split_path_info ^(.+\\.php)(/.+)$;\n      fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;\n      fastcgi_param SCRIPT_FILENAME $request_filename;\n      fastcgi_index index.php;\n      include fastcgi_params;\n    }\n}\n

          This sample block assumes that PHP 7.4 is installed. If you have a different PHP version on your system, modify the version in the fastcgi_pass unix.

          Note: The alias path can be altered. We advise against it unless there are good reasons. If you do, make sure you modify the path accordingly in all subsequent steps.

          Finally, check the nginx configuration and restart nginx:

          $ nginx -t\n$ nginx -s reload\n
          "},{"location":"outdate/outlook_addin_config/#deploying-the-php-script","title":"Deploying the PHP script","text":"

          The PHP script and corresponding configuration files will be saved in the new directory created earlier. Change into it and add a PHP config file:

          $ cd /var/www/outlook-sso\n$ nano config.php\n

          Paste the following content in the config.php:

          <?php\n\n# general settings\n$seafile_url = 'SEAFILE_SERVER_URL';\n$jwt_shared_secret = 'SHARED_SECRET';\n\n# Option 1: provide credentials of a seafile admin user\n$seafile_admin_account = [\n    'username' => '',\n    'password' => '',\n];\n\n# Option 2: provide the api-token of a seafile admin user\n$seafile_admin_token = '';\n\n?>\n

          First, replace SEAFILE_SERVER_URL with the URL of your Seafile Server and SHARED_SECRET with the key used in Configuring Seahub.

          Second, add either the user credentials of a Seafile user with admin rights or the API-token of such a user.

          In the next step, create the index.php and copy & paste the PHP script:

          mkdir /var/www/outlook-sso/public\n$ cd /var/www/outlook-sso/public\n$ nano index.php\n

          Paste the following code block:

          <?php\n/** IMPORTANT: there is no need to change anything in this file ! **/\n\nrequire_once __DIR__ . '/../vendor/autoload.php';\nrequire_once __DIR__ . '/../config.php';\n\nif(!empty($_GET['jwt-token'])){\n    try {\n        $decoded = Firebase\\JWT\\JWT::decode($_GET['jwt-token'], new Firebase\\JWT\\Key($jwt_shared_secret, 'HS256'));\n    }\n    catch (Exception $e){\n        echo json_encode([\"error\" => \"wrong JWT-Token\"]);\n        die();\n    }\n\n    try {\n        // init connetion to seafile api\n        $client = new GuzzleHttp\\Client(['base_uri' => $seafile_url]);\n\n        // get admin api-token with his credentials (if not set)\n        if(empty($seafile_admin_token)){\n            $request = $client->request('POST', '/api2/auth-token/', ['form_params' => $seafile_admin_account]);\n            $response = json_decode($request->getBody());\n            $seafile_admin_token = $response->token;\n        }\n\n        // get api-token of the user\n        $request = $client->request('POST', '/api/v2.1/admin/generate-user-auth-token/', [\n            'json' => ['email' => $decoded->email],\n            'headers' => ['Authorization' => 'Token '. $seafile_admin_token]\n        ]);\n        $response = json_decode($request->getBody());\n\n        // create the output for the outlook plugin (json like response)\n        echo json_encode([\n            'exp' => $decoded->exp,\n            'email' => $decoded->email,\n            'name' => $decoded->name,\n            'token' => $response->token,\n        ]);\n    } catch (GuzzleHttp\\Exception\\ClientException $e){\n        echo $e->getResponse()->getBody();\n    }\n}\nelse{ // no jwt-token. therefore redirect to the login page of seafile\n    header(\"Location: \". $seafile_url .\"/accounts/login/?next=/jwt-sso/?page=/outlook\");\n} ?>\n

          Note: Contrary to the config.php, no replacements or modifications are necessary in this file.

          The directory layout in /var/www/sso-outlook/ should now look as follows:

          $ tree -L 2 /var/www/outlook-sso\n/var/www/outlook-sso/\n\u251c\u2500\u2500 composer.json\n\u251c\u2500\u2500 composer.lock\n\u251c\u2500\u2500 config.php\n\u251c\u2500\u2500 public\n|   \u2514\u2500\u2500 index.php\n\u2514\u2500\u2500 vendor\n    \u251c\u2500\u2500 autoload.php\n    \u251c\u2500\u2500 composer\n    \u2514\u2500\u2500 firebase\n

          Seafile and Seahub are now configured to support SSO in the Seafile Add-in for Outlook.

          "},{"location":"outdate/outlook_addin_config/#testing","title":"Testing","text":"

          You can now test SSO authentication in the add-in. Hit the SSO button in the settings of the Seafile add-in.

          "},{"location":"outdate/seaf_encrypt/","title":"Seafile Storage Encryption Backend","text":"

          This feature is deprecated. We recommend you to use the encryption feature provided the storage system.

          Since Seafile Professional Server 5.1.3, we support storage enryption backend functionality. When enabled, all seafile objects (commit, fs, block) will be encrypted with AES 256 CBC algorithm, before writing them to the storage backend. Currently supported backends are: file system, Ceph, Swift and S3.

          Note that all objects will be encrypted with the same global key/iv pair. The key/iv pair has to be generated by the system admin and stored safely. If the key/iv pair is lost, all data cannot be recovered.

          "},{"location":"outdate/seaf_encrypt/#configure-storage-backend-encryption","title":"Configure Storage Backend Encryption","text":""},{"location":"outdate/seaf_encrypt/#generate-key-and-iv","title":"Generate Key and IV","text":"

          Go to /seafile-server-latest, execute ./seaf-gen-key.sh -h. it will print the following usage information: 

          usage :\nseaf-gen-key.sh\n -p <file path to write key iv, default ./seaf-key.txt>\n

          By default, the key/iv pair will be saved to a file named seaf-key.txt in the current directory. You can use '-p' option to change the path.

          "},{"location":"outdate/seaf_encrypt/#configure-a-freshly-installed-seafile-server","title":"Configure a freshly installed Seafile Server","text":"

          Add the following configuration to seafile.conf:

          [store_crypt]\nkey_path = <the key file path generated in previous section>\n

          Now the encryption feature should be working.

          "},{"location":"outdate/seaf_encrypt/#migrating-existing-seafile-server","title":"Migrating Existing Seafile Server","text":"

          If you have existing data in the Seafile server, you have to migrate/encrypt the existing data. You must stop Seafile server before migrating the data.

          "},{"location":"outdate/seaf_encrypt/#create-directories-for-encrypted-data","title":"Create Directories for Encrypted Data","text":"

          Create new configuration and data directories for the encrypted data.

          cd seafile-server-latest\ncp -r conf conf-enc\nmkdir seafile-data-enc\ncp -r seafile-data/library-template seafile-data-enc\n# If you use SQLite database\ncp seafile-data/seafile.db seafile-data-enc/\n
          "},{"location":"outdate/seaf_encrypt/#edit-config-files","title":"Edit Config Files","text":"

          If you configured S3/Swift/Ceph backend, edit /conf-enc/seafile.conf. You must use a different bucket/container/pool to store the encrypted data.

          Then add the following configuration to /conf-enc/seafile.conf 

          [store_crypt]\nkey_path = <the key file path generated in previous section>\n
          "},{"location":"outdate/seaf_encrypt/#migrate-the-data","title":"Migrate the Data","text":"

          Go to /seafile-server-latest, use the seaf-encrypt.sh script to migrate the data.

          Run ./seaf-encrypt.sh -f ../conf-enc -e ../seafile-data-enc,

          Starting seaf-encrypt, please wait ...\n[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 57 block among 12 repo.\n[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 102 fs among 12 repo.\n[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all fs.\n[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 66 commit among 12 repo.\n[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all commit.\n[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all block.\nseaf-encrypt run done\nDone.\n

          If there are error messages after executing seaf-encrypt.sh, you can fix the problem and run the script again. Objects that have already been migrated will not be copied again.

          "},{"location":"outdate/seaf_encrypt/#clean-up","title":"Clean Up","text":"

          Go to , execute following commands: 

          mv conf conf-bak\nmv seafile-data seafile-data-bak\nmv conf-enc conf\nmv seafile-data-enc seafile-data\n

          Restart Seafile Server. If everything works okay, you can remove the backup directories.

          "},{"location":"outdate/terms_and_conditions/","title":"Terms and Conditions","text":"

          Starting from version 6.0, system admin can add T&C at admin panel, all users need to accept that before using the site.

          In order to use this feature, please add following line to seahub_settings.py, 

          ENABLE_TERMS_AND_CONDITIONS = True\n

          After restarting, there will be \"Terms and Conditions\" section at sidebar of admin panel.

          "},{"location":"outdate/using_fuse/","title":"Seafile","text":""},{"location":"outdate/using_fuse/#using-fuse","title":"Using Fuse","text":"

          Files in the seafile system are split to blocks, which means what are stored on your seafile server are not complete files, but blocks. This design faciliates effective data deduplication.

          However, administrators sometimes want to access the files directly on the server. You can use seaf-fuse to do this.

          Seaf-fuse is an implementation of the [http://fuse.sourceforge.net FUSE] virtual filesystem. In a word, it mounts all the seafile files to a folder (which is called the '''mount point'''), so that you can access all the files managed by seafile server, just as you access a normal folder on your server.

          Seaf-fuse is added since Seafile Server '''2.1.0'''.

          '''Note:''' * Encrypted folders can't be accessed by seaf-fuse. * Currently the implementation is '''read-only''', which means you can't modify the files through the mounted folder. * One debian/centos systems, you need to be in the \"fuse\" group to have the permission to mount a FUSE folder.

          "},{"location":"outdate/using_fuse/#how-to-start-seaf-fuse","title":"How to start seaf-fuse","text":"

          Assume we want to mount to /data/seafile-fuse.

          "},{"location":"outdate/using_fuse/#create-the-folder-as-the-mount-point","title":"Create the folder as the mount point","text":"
          mkdir -p /data/seafile-fuse\n
          "},{"location":"outdate/using_fuse/#start-seaf-fuse-with-the-script","title":"Start seaf-fuse with the script","text":"

          '''Note:''' Before start seaf-fuse, you should have started seafile server with ./seafile.sh start.

          ./seaf-fuse.sh start /data/seafile-fuse\n
          "},{"location":"outdate/using_fuse/#stop-seaf-fuse","title":"Stop seaf-fuse","text":"
          ./seaf-fuse.sh stop\n
          "},{"location":"outdate/using_fuse/#contents-of-the-mounted-folder","title":"Contents of the mounted folder","text":""},{"location":"outdate/using_fuse/#the-top-level-folder","title":"The top level folder","text":"

          Now you can list the content of /data/seafile-fuse.

          $ ls -lhp /data/seafile-fuse\n\ndrwxr-xr-x 2 root root 4.0K Jan  1  1970 abc@abc.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  1970 foo@foo.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  1970 plus@plus.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  1970 sharp@sharp.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  1970 test@test.com/\n
          • The top level folder contains many subfolders, each of which corresponds to a user
          • The time stamp of files and folders is not preserved.
          "},{"location":"outdate/using_fuse/#the-folder-for-each-user","title":"The folder for each user","text":"
          $ ls -lhp /data/seafile-fuse/abc@abc.com\n\ndrwxr-xr-x 2 root root  924 Jan  1  1970 5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/\ndrwxr-xr-x 2 root root 1.6K Jan  1  1970 a09ab9fc-7bd0-49f1-929d-6abeb8491397_My Notes/\n

          From the above list you can see, under the folder of a user there are subfolders, each of which represents a library of that user, and has a name of this format: '''{library_id}-{library-name}'''.

          "},{"location":"outdate/using_fuse/#the-folder-for-a-library","title":"The folder for a library","text":"
          $ ls -lhp /data/seafile-fuse/abc@abc.com/5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/\n\n-rw-r--r-- 1 root root 501K Jan  1  1970 image.png\n-rw-r--r-- 1 root root 501K Jan  1  1970 sample.jpng\n
          "},{"location":"outdate/using_fuse/#if-you-get-a-permission-denied-error","title":"If you get a \"Permission denied\" error","text":"

          If you get an error message saying \"Permission denied\" when running ./seaf-fuse.sh start, most likely you are not in the \"fuse group\". You should:

          • Add yourself to the fuse group 
            sudo usermod -a -G fuse <your-user-name>\n
          • Logout your shell and login again
          • Now try ./seaf-fuse.sh start <path> again.
          "},{"location":"outdate/using_syslog/","title":"Using syslog","text":""},{"location":"outdate/using_syslog/#configure-seafile-to-use-syslog","title":"Configure Seafile to Use Syslog","text":"

          Since community edition 5.1.2 and professional edition 5.1.4, Seafile support using Syslog.

          "},{"location":"outdate/using_syslog/#configure-syslog-for-seafile-controller-and-server","title":"Configure Syslog for Seafile Controller and Server","text":"

          Add following configuration to general section in seafile.conf: 

          [general]\nenable_syslog = true\n

          Restart seafile server, you will find follow logs in /var/log/syslog: 

          May 10 23:45:19 ubuntu seafile-controller[16385]: seafile-controller.c(154): starting ccnet-server ...\nMay 10 23:45:19 ubuntu seafile-controller[16385]: seafile-controller.c(73): spawn_process: ccnet-server -F /home/plt/haiwen/conf -c /home/plt/haiwen/ccnet -f /home/plt/haiwen/logs/ccnet.log -d -P /home/plt/haiwen/pids/ccnet.pid\n
          May 12 01:00:51 ubuntu seaf-server[21552]: ../common/mq-mgr.c(60): [mq client] mq cilent is started\nMay 12 01:00:51 ubuntu seaf-server[21552]: ../common/mq-mgr.c(106): [mq mgr] publish to hearbeat mq: seaf_server.heartbeat\n

          "},{"location":"outdate/using_syslog/#configure-syslog-for-seafevents-professional-edition-only","title":"Configure Syslog For Seafevents (Professional Edition only)","text":"

          Add following configuration to seafevents.conf: 

          [Syslog]\nenabled = true\n

          Restart seafile server, you will find follow logs in /var/log/syslog 

          May 12 01:00:52 ubuntu seafevents[21542]: [seafevents] database: mysql, name: seahub-pro\nMay 12 01:00:52 ubuntu seafevents[21542]: seafes enabled: True\nMay 12 01:00:52 ubuntu seafevents[21542]: seafes dir: /home/plt/pro-haiwen/seafile-pro-server-5.1.4/pro/python/seafes\n

          "},{"location":"outdate/using_syslog/#configure-syslog-for-seahub","title":"Configure Syslog For Seahub","text":"

          Add following configurations to seahub_settings.py:

          LOGGING = {\n    'version': 1,\n    'disable_existing_loggers': True,\n    'formatters': {\n        'verbose': {\n            'format': '%(process)-5d %(thread)d %(name)-50s %(levelname)-8s %(message)s'\n        },\n        'standard': {\n            'format': '%(asctime)s [%(levelname)s] %(name)s:%(lineno)s %(funcName)s %(message)s'\n        },\n        'simple': {\n            'format': '[%(asctime)s] %(name)s %(levelname)s %(message)s',\n            'datefmt': '%d/%b/%Y %H:%M:%S'\n        },\n    },\n    'filters': {\n        'require_debug_false': {\n            '()': 'django.utils.log.RequireDebugFalse',\n        },\n        'require_debug_true': {\n            '()': 'django.utils.log.RequireDebugTrue',\n        },\n    },\n    'handlers': {\n        'console': {\n            'filters': ['require_debug_true'],\n            'class': 'logging.StreamHandler',\n            'formatter': 'simple'\n        },\n        'syslog': {\n            'class': 'logging.handlers.SysLogHandler',\n            'address': '/dev/log',\n            'formatter': 'standard'\n        },\n    },\n    'loggers': {\n        # root logger\n \u00a0 \u00a0 \u00a0 \u00a0# All logs printed by Seahub and any third party libraries will be handled by this logger.\n \u00a0 \u00a0 \u00a0 \u00a0'': {\n            'handlers': ['console', 'syslog'],\n            'level': 'INFO', # Logs when log level is higher than info. Level can be any one of DEBUG, INFO, WARNING, ERROR, CRITICAL.\n            'disabled': False\n        },\n        # This logger recorded logs printed by Django Framework. For example, when you see 5xx page error, you should check the logs recorded by this logger.\n        'django.request': {\n            'handlers': ['console', 'syslog'],\n            'level': 'INFO',\n            'propagate': False,\n        },\n    },\n}\n
          "},{"location":"outdate/video_thumbnails/","title":"Video thumbnails","text":""},{"location":"outdate/video_thumbnails/#install-ffmpeg-package","title":"Install ffmpeg package","text":"

          You need to install ffmpeg package to let the video thumbnail work correctly:

          Ubuntu 16.04 

          # Install ffmpeg\nsudo apt-get update && sudo apt-get -y install ffmpeg\n\n# Now we need to install some modules\npip install pillow moviepy\n

          Centos 7 

          # We need to activate the epel repos\nyum -y install epel-release\nrpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro\n\n# Then update the repo and install ffmpeg\nyum -y install ffmpeg ffmpeg-devel\n\n# Now we need to install some modules\npip install pillow moviepy\n

          Debian Jessie 

          # Add backports repo to /etc/apt/sources.list.d/\n# e.g. the following repo works (June 2017)\nsudo echo \"deb http://httpredir.debian.org/debian $(lsb_release -cs)-backports main non-free\" > /etc/apt/sources.list.d/debian-backports.list\n\n# Then update the repo and install ffmpeg\nsudo apt-get update && sudo apt-get -y install ffmpeg\n\n# Now we need to install some modules\npip install pillow moviepy\n

          "},{"location":"outdate/video_thumbnails/#configure-seafile-to-create-thumbnails","title":"Configure Seafile to create thumbnails","text":"

          Now configure accordingly in seahub_settings.py

          # Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first. \n# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails/\n# NOTE: since version 6.1\nENABLE_VIDEO_THUMBNAIL = True\n\n# Use the frame at 5 second as thumbnail\nTHUMBNAIL_VIDEO_FRAME_TIME = 5  \n\n# Absolute filesystem path to the directory that will hold thumbnail files.\nTHUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/'\n
          "},{"location":"setup/caddy/","title":"HTTPS and Caddy","text":"

          Note

          From Seafile Docker 12.0, HTTPS will be handled by the Caddy. The default caddy image used of Seafile docker is lucaslorentz/caddy-docker-proxy:2.9.

          Caddy is a modern open source web server that mainly binds external traffic and internal services in seafile docker. In addition to the advantages of traditional proxy components (e.g., nginx), Caddy also makes it easier for users to complete the acquisite and update of HTTPS certificates by providing simpler configurations.

          To engage HTTPS, users only needs to correctly configure the following fields in .env:

          SEAFILE_SERVER_PROTOCOL=https\nSEAFILE_SERVER_HOSTNAME=example.com\n
          "},{"location":"setup/cluster_deploy_with_docker/","title":"Seafile Docker Cluster Deployment","text":"

          Seafile Docker cluster deployment requires \"sticky session\" settings in the load balancer. Otherwise sometimes folder download on the web UI can't work properly. Read the Load Balancer Setting for details.

          "},{"location":"setup/cluster_deploy_with_docker/#environment","title":"Environment","text":"

          System: Ubuntu 20.04

          docker-compose: 1.25.0

          Seafile Server: 2 frontend nodes, 1 backend node

          We assume you have already deployed memcache, MariaDB, ElasticSearch in separate machines and use S3 like object storage.

          "},{"location":"setup/cluster_deploy_with_docker/#deployment-preparation","title":"Deployment preparation","text":"

          Create the three databases ccnet_db, seafile_db, and seahub_db required by Seafile on MariaDB/MySQL, and authorize the `seafile` user to be able to access these three databases:

          $ mysql -h{your mysql host} -u[username] -p[password]\n\nmysql>\ncreate user 'seafile'@'%' identified by 'PASSWORD';\n\ncreate database `ccnet_db` character set = 'utf8';\ncreate database `seafile_db` character set = 'utf8';\ncreate database `seahub_db` character set = 'utf8';\n\nGRANT ALL PRIVILEGES ON `ccnet_db`.* to 'seafile'@'%';\nGRANT ALL PRIVILEGES ON `seafile_db`.* to 'seafile'@'%';\nGRANT ALL PRIVILEGES ON `seahub_db`.* to 'seafile'@'%';\n

          You also need to create a table in `seahub_db`

          mysql>\nuse seahub_db;\nCREATE TABLE `avatar_uploaded` (\n  `filename` text NOT NULL,\n  `filename_md5` char(32) NOT NULL,\n  `data` mediumtext NOT NULL,\n  `size` int(11) NOT NULL,\n  `mtime` datetime NOT NULL,\n  PRIMARY KEY (`filename_md5`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8;\n
          "},{"location":"setup/cluster_deploy_with_docker/#deploy-seafile-service","title":"Deploy Seafile service","text":""},{"location":"setup/cluster_deploy_with_docker/#deploy-seafile-frontend-nodes","title":"Deploy seafile frontend nodes","text":"

          Create the mount directory

          $ mkdir -p /opt/seafile/shared\n

          Create the docker-compose.yml file

          $ cd /opt/seafile\n$ vim docker-compose.yml\n
          services:\n  seafile:\n    image: docker.seadrive.org/seafileltd/seafile-pro-mc:latest\n    container_name: seafile\n    ports:\n      - 80:80\n    volumes:\n      - /opt/seafile/shared:/shared\n    environment:\n      - CLUSTER_SERVER=true\n      - CLUSTER_MODE=frontend\n      - TIME_ZONE=UTC  # Optional, default is UTC. Should be uncomment and set to your local time zone.\n

          Note

          • CLUSTER_SERVER=true means seafile cluster mode
          • CLUSTER_MODE=frontend means this node is seafile frontend server

          Start the seafile docker container

          $ cd /opt/seafile\n$ docker compose up -d\n
          "},{"location":"setup/cluster_deploy_with_docker/#initial-configuration-files","title":"Initial configuration files","text":"

          1. Manually generate configuration files

          $ docker exec -it seafile bash\n\n# cd /scripts  && ./cluster_conf_init.py\n# cd /opt/seafile/conf \n

          2. Modify the mysql configuration options (user, host, password) in configuration files such as ccnet.conf, seafevents.conf, seafile.conf and seahub_settings.py.

          3. Modify the memcached configuration option in seahub_settings.py

          CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': 'memcached:11211',\n    },\n...\n}\n                         |\n                         v\n\nCACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '{you memcached server host}:11211',\n    },\n...\n}\n

          4. Modify the [INDEX FILES] configuration options in seafevents.conf

          [INDEX FILES]\nes_port = {your elasticsearch server port}\nes_host = {your elasticsearch server host}\nenabled = true\nhighlight = fvh\ninterval = 10m\n...\n

          5. Add some configurations in seahub_settings.py

          SERVICE_URL = 'http{s}://{your server IP or sitename}/'\nFILE_SERVER_ROOT = 'http{s}://{your server IP or sitename}/seafhttp'\nAVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage'\n

          6. Add cluster special configuration in seafile.conf

          [cluster]\nenabled = true\n

          7. Add memory cache configuration in seafile.conf

          [memcached]\nmemcached_options = --SERVER={you memcached server host} --POOL-MIN=10 --POOL-MAX=100\n
          "},{"location":"setup/cluster_deploy_with_docker/#import-the-tables-of-seahub_db-seafile_db-and-ccnet_db","title":"Import the tables of seahub_db, seafile_db and ccnet_db","text":"

          Enter the container, and then execute the following commands to import tables

          $ docker exec -it seafile bash\n\n# apt-get update && apt-get install -y mysql-client\n\n# mysql -h{your mysql host} -u[username] -p[password]  ccnet_db < /opt/seafile/seafile-server-latest/sql/mysql/ccnet.sql\n# mysql -h{your mysql host} -u[username] -p[password]  seafile_db < /opt/seafile/seafile-server-latest/sql/mysql/seafile.sql\n# mysql -h{your mysql host} -u[username] -p[password]  seahub_db <  /opt/seafile/seafile-server-latest/seahub/sql/mysql.sql\n

          Start Seafile service

          $ docker exec -it seafile bash\n\n# cd /opt/seafile/seafile-server-latest\n# ./seafile.sh start && ./seahub.sh start\n

          When you start it for the first time, seafile will guide you to set up an admin user.

          When deploying the second frontend node, you can directly copy all the directories generated by the first frontend node, including the docker-compose.yml file and modified configuration files, and then start the seafile docker container.

          "},{"location":"setup/cluster_deploy_with_docker/#deploy-seafile-backend-node","title":"Deploy seafile backend node","text":"

          Create the mount directory

          $ mkdir -p /opt/seafile/shared\n

          Create the docker-compose.yml file

          $ cd /opt/seafile\n$ vim docker-compose.yml\n
          services:\n  seafile:\n    image: docker.seadrive.org/seafileltd/seafile-pro-mc:latest\n    container_name: seafile\n    ports:\n      - 80:80\n    volumes:\n      - /opt/seafile/shared:/shared      \n    environment:\n      - CLUSTER_SERVER=true\n      - CLUSTER_MODE=backend\n      - TIME_ZONE=UTC  # Optional, default is UTC. Should be uncomment and set to your local time zone.\n

          Note

          • CLUSTER_SERVER=true means seafile cluster mode
          • CLUSTER_MODE=backend means this node is seafile backend server

          Start the seafile docker container

          $ cd /opt/seafile\n$ docker compose up -d\n

          Copy configuration files of the frontend node, and then start Seafile server of the backend node

          $ docker exec -it seafile bash\n\n# cd /opt/seafile/seafile-server-latest\n# ./seafile.sh start && ./seafile-background-tasks.sh start\n
          "},{"location":"setup/cluster_deploy_with_docker/#use-s3-as-backend-storage","title":"Use S3 as backend storage","text":"

          Modify the seafile.conf file on each node to configure S3 storage.

          vim seafile.conf

          [commit_object_backend]\nname = s3\nbucket = {your-commit-objects}  # The bucket name can only use lowercase letters, numbers, and dashes\nkey_id = {your-key-id}\nkey = {your-secret-key}\nuse_v4_signature = true\naws_region = eu-central-1  # eu-central-1 for Frankfurt region\n\n[fs_object_backend]\nname = s3\nbucket = {your-fs-objects}\nkey_id = {your-key-id}\nkey = {your-secret-key}\nuse_v4_signature = true\naws_region = eu-central-1\n\n[block_backend]\nname = s3\nbucket = {your-block-objects}\nkey_id = {your-key-id}\nkey = {your-secret-key}\nuse_v4_signature = true\naws_region = eu-central-1\n
          "},{"location":"setup/cluster_deploy_with_docker/#deployment-load-balance-optional","title":"Deployment load balance (Optional)","text":""},{"location":"setup/cluster_deploy_with_docker/#install-haproxy-and-keepalived-services","title":"Install HAproxy and Keepalived services","text":"

          Execute the following commands on the two Seafile frontend servers:

          $ apt install haproxy keepalived -y\n\n$ mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak\n\n$ cat > /etc/haproxy/haproxy.cfg << 'EOF'\nglobal\n    log 127.0.0.1 local1 notice\n    maxconn 4096\n    user haproxy\n    group haproxy\n\ndefaults\n    log global\n    mode http\n    retries 3\n    timeout connect 10000\n    timeout client 300000\n    timeout server 300000\n\nlisten seafile 0.0.0.0:80\n    mode http\n    option httplog\n    option dontlognull\n    option forwardfor\n    cookie SERVERID insert indirect nocache\n    server seafile01 Front-End01-IP:8001 check port 11001 cookie seafile01\n    server seafile02 Front-End02-IP:8001 check port 11001 cookie seafile02\nEOF\n

          Warning

          Please correctly modify the IP address (Front-End01-IP and Front-End02-IP) of the frontend server in the above configuration file. Other wise it cannot work properly.

          Choose one of the above two servers as the master node, and the other as the slave node.

          Perform the following operations on the master node:

          $ cat > /etc/keepalived/keepalived.conf << 'EOF'\n! Configuration File for keepalived\n\nglobal_defs {\n    notification_email {\n        root@localhost\n    }\n    notification_email_from keepalived@localhost\n    smtp_server 127.0.0.1\n    smtp_connect_timeout 30\n    router_id node1\n    vrrp_mcast_group4 224.0.100.18\n}\n\nvrrp_instance VI_1 {\n    state MASTER\n    interface eno1   # Set to the device name of a valid network interface on the current server, and the virtual IP will be bound to the network interface\n    virtual_router_id 50\n    priority 100\n    advert_int 1\n    authentication {\n        auth_type PASS\n        auth_pass seafile123\n    }\n    virtual_ipaddress {\n        172.26.154.45/24 dev eno1  # Configure to the correct virtual IP and network interface device name\n    }\n}\nEOF\n

          Warning

          Please correctly configure the virtual IP address and network interface device name in the above file. Other wise it cannot work properly.

          Perform the following operations on the standby node:

          $ cat > /etc/keepalived/keepalived.conf << 'EOF'\n! Configuration File for keepalived\n\nglobal_defs {\n    notification_email {\n        root@localhost\n    }\n    notification_email_from keepalived@localhost\n    smtp_server 127.0.0.1\n    smtp_connect_timeout 30\n    router_id node2\n    vrrp_mcast_group4 224.0.100.18\n}\n\nvrrp_instance VI_1 {\n    state BACKUP\n    interface eno1   # Set to the device name of a valid network interface on the current server, and the virtual IP will be bound to the network interface\n    virtual_router_id 50\n    priority 98\n    advert_int 1\n    authentication {\n        auth_type PASS\n        auth_pass seafile123\n    }\n    virtual_ipaddress {\n        172.26.154.45/24 dev eno1   # Configure to the correct virtual IP and network interface device name\n    }\n}\nEOF\n

          Finally, run the following commands on the two Seafile frontend servers to start the corresponding services:

          $ systemctl enable --now haproxy\n$ systemctl enable --now keepalived\n

          So far, Seafile cluster has been deployed.

          "},{"location":"setup/cluster_deploy_with_k8s/","title":"Setup with Kubernetes","text":"

          This manual explains how to deploy and run Seafile Server on a Linux server using Kubernetes (k8s thereafter).

          "},{"location":"setup/cluster_deploy_with_k8s/#gettings-started","title":"Gettings started","text":"

          The two volumes for persisting data, /opt/seafile-data and /opt/seafile-mysql, are still adopted in this manual. What's more, all k8s YAML files will be placed in /opt/seafile-k8s-yaml. It is not recommended to change these paths. If you do, account for it when following these instructions.

          "},{"location":"setup/cluster_deploy_with_k8s/#install-kubectl-and-k8s-control-plane","title":"Install kubectl and k8s control plane","text":"

          The two tools, kubectl and a k8s control plane tool (i.e., kubeadm), are required and can be installed with official installation guide.

          Multi-node deployment

          If it is a multi-node deployment, k8s control plane needs to be installed on each node. After installation, you need to start the k8s control plane service on each node and refer to the k8s official manual for creating a cluster. Since this manual still uses the same image as docker deployment, we need to add the following repository to k8s:

          kubectl create secret docker-registry regcred --docker-server=docker.seadrive.org/seafileltd --docker-username=seafile --docker-password=zjkmid6rQibdZ=uJMuWS\n
          "},{"location":"setup/cluster_deploy_with_k8s/#yaml","title":"YAML","text":"

          Seafile mainly involves three different services, namely database service, cache service and seafile service. Since these three services do not have a direct dependency relationship, we need to separate them from the entire docker-compose.yml (in this manual, we use Seafile 12 PRO) and divide them into three pods. For each pod, we need to define a series of YAML files for k8s to read, and we will store these YAMLs in /opt/seafile-k8s-yaml.

          Note

          This series of YAML mainly includes Deployment for pod management and creation, Service for exposing services to the external network, PersistentVolume for defining the location of a volume used for persistent storage on the host and Persistentvolumeclaim for declaring the use of persistent storage in the container. For futher configuration details, you can refer the official documents.

          "},{"location":"setup/cluster_deploy_with_k8s/#mariadb","title":"mariadb","text":""},{"location":"setup/cluster_deploy_with_k8s/#mariadb-deploymentyaml","title":"mariadb-deployment.yaml","text":"
          apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: mariadb\nspec:\n  selector:\n    matchLabels:\n      app: mariadb\n  replicas: 1\n  template:\n    metadata:\n      labels:\n        app: mariadb\n    spec:\n      containers:\n        - name: mariadb\n          image: mariadb:10.11\n          env:\n            - name: MARIADB_ROOT_PASSWORD\n              value: \"db_password\"\n            - name: MARIADB_AUTO_UPGRADE\n              value: \"true\"\n          ports:\n            - containerPort: 3306\n          volumeMounts:\n            - name: mariadb-data\n              mountPath: /var/lib/mysql\n      volumes:\n        - name: mariadb-data\n          persistentVolumeClaim:\n            claimName: mariadb-data\n

          Please replease MARIADB_ROOT_PASSWORD to your own mariadb password.

          Tip

          In the above Deployment configuration file, no restart policy for the pod is specified. The default restart policy is Always. If you need to modify it, add the following to the spec attribute:

          restartPolicy: OnFailure\n\n#Note:\n#    Always: always restart (include normal exit)\n#    OnFailure: restart only with unexpected exit\n#    Never: do not restart\n
          "},{"location":"setup/cluster_deploy_with_k8s/#mariadb-serviceyaml","title":"mariadb-service.yaml","text":"
          apiVersion: v1\nkind: Service\nmetadata:\n  name: mariadb\nspec:\n  selector:\n    app: mariadb\n  ports:\n    - protocol: TCP\n      port: 3306\n      targetPort: 3306\n
          "},{"location":"setup/cluster_deploy_with_k8s/#mariadb-persistentvolumeyaml","title":"mariadb-persistentvolume.yaml","text":"
          apiVersion: v1\nkind: PersistentVolume\nmetadata:\n  name: mariadb-data\nspec:\n  capacity:\n    storage: 1Gi\n  accessModes:\n    - ReadWriteOnce\n  hostPath:\n    path: /opt/seafile-mysql/db\n
          "},{"location":"setup/cluster_deploy_with_k8s/#mariadb-persistentvolumeclaimyaml","title":"mariadb-persistentvolumeclaim.yaml","text":"
          apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n  name: mariadb-data\nspec:\n  accessModes:\n    - ReadWriteOnce\n  resources:\n    requests:\n      storage: 10Gi\n
          "},{"location":"setup/cluster_deploy_with_k8s/#memcached","title":"memcached","text":""},{"location":"setup/cluster_deploy_with_k8s/#memcached-deploymentyaml","title":"memcached-deployment.yaml","text":"
          apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: memcached\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: memcached\n  template:\n    metadata:\n      labels:\n        app: memcached\n    spec:\n      containers:\n        - name: memcached\n          image: memcached:1.6.18\n          args: [\"-m\", \"256\"]\n          ports:\n            - containerPort: 11211\n
          "},{"location":"setup/cluster_deploy_with_k8s/#memcached-serviceyaml","title":"memcached-service.yaml","text":"
          apiVersion: v1\nkind: Service\nmetadata:\n  name: memcached\nspec:\n  selector:\n    app: memcached\n  ports:\n    - protocol: TCP\n      port: 11211\n      targetPort: 11211\n
          "},{"location":"setup/cluster_deploy_with_k8s/#seafile","title":"Seafile","text":""},{"location":"setup/cluster_deploy_with_k8s/#seafile-deploymentyaml","title":"seafile-deployment.yaml","text":"

          apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: seafile\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: seafile\n  template:\n    metadata:\n      labels:\n        app: seafile\n    spec:\n      containers:\n        - name: seafile\n          #        image: seafileltd/seafile-mc:9.0.10\n          #        image: seafileltd/seafile-mc:11.0-latest\n          image: docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest\n          env:\n            - name: DB_HOST\n              value: \"mariadb\"\n            - name: DB_ROOT_PASSWD\n              value: \"db_password\" #db's password\n            - name: TIME_ZONE\n              value: \"Europe/Berlin\"\n            - name: INIT_SEAFILE_ADMIN_EMAIL\n              value: \"admin@seafile.com\" #admin email\n            - name: INIT_SEAFILE_ADMIN_PASSWORD\n              value: \"admin_password\" #admin password\n            - name: SEAFILE_SERVER_LETSENCRYPT\n              value: \"false\"\n            - name: SEAFILE_SERVER_HOSTNAME\n              value: \"you_seafile_domain\" #hostname\n          ports:\n            - containerPort: 80\n          #        - containerPort: 443\n          #          name:  seafile-secure\n          volumeMounts:\n            - name: seafile-data\n              mountPath: /shared\n      volumes:\n        - name: seafile-data\n          persistentVolumeClaim:\n            claimName: seafile-data\n      restartPolicy: Always\n      # to get image from protected repository\n      imagePullSecrets:\n        - name: regcred\n
          Please replease the above configurations, such as database root password, admin in seafile.

          "},{"location":"setup/cluster_deploy_with_k8s/#seafile-serviceyaml","title":"seafile-service.yaml","text":"
          apiVersion: v1\nkind: Service\nmetadata:\n  name: seafile\nspec:\n  selector:\n    app: seafile\n  type: LoadBalancer\n  ports:\n    - protocol: TCP\n      port: 80\n      targetPort: 80\n      nodePort: 30000\n
          "},{"location":"setup/cluster_deploy_with_k8s/#seafile-persistentvolumeyaml","title":"seafile-persistentvolume.yaml","text":"
          apiVersion: v1\nkind: PersistentVolume\nmetadata:\n  name: seafile-data\nspec:\n  capacity:\n    storage: 10Gi\n  accessModes:\n    - ReadWriteOnce\n  hostPath:\n    path: /opt/seafile-data\n
          "},{"location":"setup/cluster_deploy_with_k8s/#seafile-persistentvolumeclaimyaml","title":"seafile-persistentvolumeclaim.yaml","text":"
          apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n  name: seafile-data\nspec:\n  accessModes:\n    - ReadWriteOnce\n  resources:\n    requests:\n      storage: 10Gi\n
          "},{"location":"setup/cluster_deploy_with_k8s/#deploy-pods","title":"Deploy pods","text":"

          You can use following command to deploy pods:

          kubectl apply -f /opt/seafile-k8s-yaml/\n
          "},{"location":"setup/cluster_deploy_with_k8s/#container-management","title":"Container management","text":"

          Similar to docker installation, you can also manage containers through some kubectl commands. For example, you can use the following command to check whether the relevant resources are started successfully and whether the relevant services can be accessed normally. First, execute the following command and remember the pod name with seafile- as the prefix (such as seafile-748b695648-d6l4g)

          kubectl get pods\n

          You can check a status of a pod by 

          kubectl logs seafile-748b695648-d6l4g\n

          and enter a container by

          kubectl exec -it seafile-748b695648-d6l4g --  bash\n

          If you modify some configurations in /opt/seafile-data/conf and need to restart the container, the following command can be refered:

          kubectl delete deployments --all\nkubectl apply -f /opt/seafile-k8s-yaml/\n
          "},{"location":"setup/migrate_backends_data/","title":"Migrate data between different backends","text":"

          Seafile supports data migration between filesystem, s3, ceph, swift and Alibaba oss.

          Data migration takes 3 steps:

          1. Create a new temporary seafile.conf
          2. Run migrate.sh to initially migrate objects
          3. Run final migration
          4. Replace the original seafile.conf
          "},{"location":"setup/migrate_backends_data/#create-a-new-temporary-seafileconf","title":"Create a new temporary seafile.conf","text":"

          We need to add new backend configurations to this file (including [block_backend], [commit_object_backend], [fs_object_backend] options) and save it under a readable path. Let's assume that we are migrating data to S3 and create temporary seafile.conf under /opt

          cat > seafile.conf << EOF\n[commit_object_backend]\nname = s3\nbucket = seacomm\nkey_id = ******\nkey = ******\n\n[fs_object_backend]\nname = s3\nbucket = seafs\nkey_id = ******\nkey = ******\n\n[block_backend]\nname = s3\nbucket = seablk\nkey_id = ******\nkey = ******\nEOF\n\nmv seafile.conf /opt\n

          If you want to migrate to a local file system, the seafile.conf temporary configuration example is as follows:

          cat > seafile.conf << EOF\n[commit_object_backend]\nname = fs\n# the dir configuration is the new seafile-data path\ndir = /var/data_backup\n\n[fs_object_backend]\nname = fs\n# the dir configuration is the new seafile-data path\ndir = /var/data_backup\n\n[block_backend]\nname = fs\n# the dir configuration is the new seafile-data path\ndir = /var/data_backup\n\nEOF\n\nmv seafile.conf /opt\n

          Repalce the configurations with your own choice.

          "},{"location":"setup/migrate_backends_data/#migrating-large-number-of-objects","title":"Migrating large number of objects","text":"

          If you have millions of objects in the storage (especially fs objects), it may take quite long time to migrate all objects. More than half of the time is spent on checking whether an object exists in the destination storage. Since Pro edition 7.0.8, a feature is added to speed-up the checking.

          Before running the migration script, please set this env variable:

          export OBJECT_LIST_FILE_PATH=/path/to/object/list/file\n

          3 files will be created: /path/to/object/list/file.commit,/path/to/object/list/file.fs, /path/to/object/list/file.blocks.

          When you run the script for the first time, the object list file will be filled with existing objects in the destination. Then, when you run the script for the second time, it will load the existing object list from the file, instead of querying the destination. And newly migrated objects will also be added to the file. During migration, the migration process checks whether an object exists by checking the pre-loaded object list, instead of asking the destination, which will greatly speed-up the migration process.

          It's suggested that you don't interrupt the script during the \"fetch object list\" stage when you run it for the first time. Otherwise the object list in the file will be incomplete.

          Another trick to speed-up the migration is to increase the number of worker threads and size of task queue in the migration script. You can modify the nworker and maxsize variables in the following code:

          class ThreadPool(object):\n\ndef __init__(self, do_work, nworker=20):\n        self.do_work = do_work\n        self.nworker = nworker\n        self.task_queue = Queue.Queue(maxsize = 2000)\n

          The number of workers can be set to relatively large values, since they're mostly waiting for I/O operations to finished.

          "},{"location":"setup/migrate_backends_data/#decrypting-encrypted-storage-backend","title":"Decrypting encrypted storage backend","text":"

          If you have an encrypted storage backend (a deprecated feature no long supported now), you can use this script to migrate and decrypt the data from that backend to a new one. You can add the --decrypt option, which will decrypt the data while reading it, and then write the unencrypted data to the new backend. Note that you need add this option in all stages of the migration.

          cd ~/haiwen/seafile-server-latest\n./migrate.sh /opt --decrypt\n
          "},{"location":"setup/migrate_backends_data/#run-migratesh-to-initially-migrate-objects","title":"Run migrate.sh to initially migrate objects","text":"

          This step will migrate most of objects from the source storage to the destination storage. You don't need to stop Seafile service at this stage as it may take quite long time to finish. Since the service is not stopped, some new objects may be added to the source storage during migration. Those objects will be handled in the next step.

          We assume you have installed seafile pro server under ~/haiwen, enter ~/haiwen/seafile-server-latest and run migrate.sh with parent path of temporary seafile.conf as parameter, here is /opt.

          cd ~/haiwen/seafile-server-latest\n./migrate.sh /opt\n

          Tip

          This script is completely reentrant. So you can stop and restart it, or run it many times. It will check whether an object exists in the destination before sending it.

          "},{"location":"setup/migrate_backends_data/#run-final-migration","title":"Run final migration","text":"

          New objects added during the last migration step will be migrated in this step. To prevent new objects being added, you have to stop Seafile service during the final migration operation. This usually take short time. If you have large number of objects, please following the optimization instruction in previous section.

          You just have to stop Seafile and Seahub service, then run the migration script again.

          cd ~/haiwen/seafile-server-latest\n./migrate.sh /opt\n
          "},{"location":"setup/migrate_backends_data/#replace-the-original-seafileconf","title":"Replace the original seafile.conf","text":"

          After running the script, we need replace the original seafile.conf with new one:

          mv /opt/seafile.conf ~/haiwen/conf\n

          now we only have configurations about backend, more config options, e.g. memcache and quota, can then be copied from the original seafile.conf file.

          After replacing seafile.conf, you can restart seafile server and access the data on the new backend.

          "},{"location":"setup/migrate_ce_to_pro_with_docker/","title":"Migrate CE to Pro with Docker","text":""},{"location":"setup/migrate_ce_to_pro_with_docker/#preparation","title":"Preparation","text":"
          1. Make sure you are running a Seafile Community edition that match the latest version of pro edition. For example, if the latest pro edition is version 11.0, you should first upgrade the community edition to version 11.0.
          2. Purchase Seafile Professional license file.
          3. Download the seafile-server.yml of Seafile Pro.
          wget \"https://manual.seafile.com/12.0/docker/pro/seafile-server.yml\"\n
          "},{"location":"setup/migrate_ce_to_pro_with_docker/#migrate","title":"Migrate","text":""},{"location":"setup/migrate_ce_to_pro_with_docker/#stop-the-seafile-ce","title":"Stop the Seafile CE","text":"
          docker compose down\n

          To ensure data security, it is recommended that you back up your MySQL data.

          "},{"location":"setup/migrate_ce_to_pro_with_docker/#put-your-licence-file","title":"Put your licence file","text":"

          Copy the seafile-license.txt to the volume directory of the Seafile CE's data. If the directory is /opt/seafile-data, so you should put it in the /opt/seafile-data/seafile/.

          "},{"location":"setup/migrate_ce_to_pro_with_docker/#modify-the-new-docker-composeyml","title":"Modify the new docker-compose.yml","text":"

          Replace the old docker-compose.yml file with the new docker-compose.yml file and modify its configuration based on your actual situation:

          • The Seafile Pro docker tag must be equal to or newer than the old Seafile CE docker tag.
          • The certificate of MySQL users (e.g., MYSQL_ROOT_PASSWORD and DB_ROOT_PASSWD) should be consistent with the old;
          • The volume directory of MySQL data (volumes) should be consistent with the old one;
          • The volume directory of Seafile data (volumes) should be consistent with the old one;
          • The volume directory of Caddy data (volumes) should be consistent with the old one;
          • The volume directory of Elasticsearch data (volumes), this is the directory used to store the Elasticsearch's index data, E.g\uff1a/opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data;
          "},{"location":"setup/migrate_ce_to_pro_with_docker/#do-the-migration","title":"Do the migration","text":"

          The Seafile Pro container needs to be running during the migration process, which means that end users may access the Seafile service during this process. In order to avoid the data confusion caused by this, it is recommended that you take the necessary measures to temporarily prohibit users from accessing the Seafile service. For example, modify the firewall policy.

          Run the following command to run the Seafile-Pro container\uff1a

          docker compose up\n

          Then run the migration script by executing the following command:

          docker exec -it seafile /opt/seafile/seafile-server-latest/pro/pro.py setup --migrate\n

          After the migration script runs successfully, modify es_host, es_port in /opt/seafile-data/seafile/conf/seafevents.conf manually.

          [INDEX FILES]\nes_host = elasticsearch\nes_port = 9200\nenabled = true\ninterval = 10m\n

          Restart the Seafile Pro container.

          docker restart seafile\n

          Now you have a Seafile Professional service.

          "},{"location":"setup/migrate_non_docker_to_docker/","title":"Migrate from non-docker Seafile deployment to docker","text":"

          The recommended steps to migrate from non-docker deployment to docker deployment are:

          1. Upgrade the version of the binary package to latest version, and ensure that the system is running normally. (If you running a very old version of Seafile, you can following the FAQ item to migrate to the latest version)
          2. Close Seafile and native Nginx, Memcached
          3. Create the directory needed for Seafile Docker image to run, and copy some files of the locally deployed Seafile to this directory
          4. Download the docker-compose.yml file and configure Seafile Docker to use non-Docker version configuration information to connect to the old MySQL database and the old seafile-data directory.
          5. Start Seafile Docker

          The following document assumes that the deployment path of your non-Docker version of Seafile is /opt/seafile. If you use other paths, before running the command, be careful to modify the command path.

          Note

          You can also refer to the Seafile backup and recovery documentation, deploy Seafile Docker on another machine, and then copy the old configuration information, database, and seafile-data to the new machine to complete the migration. The advantage of this is that even if an error occurs during the migration process, the existing system will not be destroyed.

          "},{"location":"setup/migrate_non_docker_to_docker/#migrate","title":"Migrate","text":""},{"location":"setup/migrate_non_docker_to_docker/#stop-seafile-nginx","title":"Stop Seafile, Nginx","text":"

          Stop the locally deployed Seafile, Nginx, Memcache

          systemctl stop nginx &&  systemctl disable nginx\nsystemctl stop memcached &&  systemctl disable memcached\n./seafile.sh stop  && ./seahub.sh stop\n
          "},{"location":"setup/migrate_non_docker_to_docker/#prepare-mysql-and-the-folders-for-seafile-docker","title":"Prepare MySQL and the folders for Seafile docker","text":""},{"location":"setup/migrate_non_docker_to_docker/#add-permissions-to-the-local-mysql-seafile-user","title":"Add permissions to the local MySQL Seafile user","text":"

          The non-Docker version uses the local MySQL. Now if the Docker version of Seafile connects to this MySQL, you need to increase the corresponding access permissions.

          The following commands are based on that you use seafile as the user to access:

          ## Note, change the password according to the actual password you use\nGRANT ALL PRIVILEGES ON *.* TO 'seafile'@'%' IDENTIFIED BY 'your-password' WITH GRANT OPTION;\n\n## Grant seafile user can connect the database from any IP address\nGRANT ALL PRIVILEGES ON `ccnet_db`.* to 'seafile'@'%';\nGRANT ALL PRIVILEGES ON `seafile_db`.* to 'seafile'@'%';\nGRANT ALL PRIVILEGES ON `seahub_db`.* to 'seafile'@'%';\n\n## Restart MySQL\nsystemctl restart mariadb\n
          "},{"location":"setup/migrate_non_docker_to_docker/#create-the-required-directories-for-seafile-docker-image","title":"Create the required directories for Seafile Docker image","text":"

          By default, we take /opt/seafile-data as example.

          mkdir -p /opt/seafile-data/seafile\n
          "},{"location":"setup/migrate_non_docker_to_docker/#prepare-config-files","title":"Prepare config files","text":"

          Copy the original config files to the directory to be mapped by the docker version of seafile

          cp -r /opt/seafile/conf  /opt/seafile-data/seafile\ncp -r /opt/seafile/seahub-data  /opt/seafile-data/seafile\n

          Modify the MySQL configuration in /opt/seafile-data/seafile/conf, including ccnet.conf, seafile.conf, seahub_settings, change HOST=127.0.0.1 to HOST=<local ip>.

          Modify the memcached configuration in seahub_settings.py to use the Docker version of Memcached: change it to 'LOCATION': 'memcached:11211' (the network name of Docker version of Memcached is memcached).

          "},{"location":"setup/migrate_non_docker_to_docker/#download-and-modify-seafile-docker-yml","title":"Download and modify Seafile-docker yml","text":"

          We recommond you download Seafile-docker yml into /opt/seafile-data

          mkdir -p /opt/seafile-data\ncd /opt/seafile-data\n# e.g., pro edition\nwget -O .env https://manual.seafile.com/12.0/docker/pro/env\nwget https://manual.seafile.com/12.0/docker/pro/seafile-server.yml\nwget https://manual.seafile.com/12.0/docker/pro/caddy.yml\n\nnano .env\n

          After downloading relative configuration files, you should also modify the .env by following steps

          • Follow here to setup the database user infomations.

          • Mount the old Seafile data to the new Seafile server

          SEAFILE_VOLUME=<old-Seafile-data>\n
          "},{"location":"setup/migrate_non_docker_to_docker/#start-seafile-docker","title":"Start Seafile docker","text":"

          Start Seafile docker and check if everything is okay:

          cd /opt/seafile-data\ndocker compose  up -d\n
          "},{"location":"setup/migrate_non_docker_to_docker/#security","title":"Security","text":"

          While it is not possible from inside a docker container to connect to the host database via localhost but via <local ip> you also need to bind your databaseserver to that IP. If this IP is public, it is strongly advised to protect your database port with a firewall. Otherwise your databases are reachable via internet. An alternative might be to start another local IP from RFC 1597 e.g. 192.168.123.45. Afterwards you can bind to that IP.

          "},{"location":"setup/migrate_non_docker_to_docker/#iptables","title":"iptables","text":"

          Following iptables commands protect MariaDB/MySQL: 

          iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT #Allow Dockernetworks\niptables -A INPUT -p tcp -m tcp --dport 3306 -j DROP #Deny Internet\nip6tables -A INPUT -p tcp -m tcp --dport 3306 -j DROP #Deny Internet\n
          Keep in mind this is not bootsafe!

          "},{"location":"setup/migrate_non_docker_to_docker/#binding-based","title":"Binding based","text":"

          For Debian based Linux Distros you can start a local IP by adding in /etc/network/interfaces something like: 

          iface eth0 inet static\n  address 192.168.123.45/32\n
          eth0 might be ensXY. Or if you know how to start a dummy interface, thats even better.

          SUSE based is by editing /etc/sysconfig/network/ifcfg-eth0 (ethXY/ensXY/bondXY)

          If using MariaDB the server just can bind to one IP-address (192.158.1.38 or 0.0.0.0 (internet)). So if you bind your MariaDB server to that new address other applications might need some reconfigurement.

          In /etc/mysql/mariadb.conf.d/50-server.cnf edit the following line to: 

          bind-address    = 192.168.123.45\n
          then edit /opt/seafile-data/seafile/conf/ -> ccnet.conf seafile.conf seahub_settings.py in the Host-Line to that IP and execute the following commands:

          service networking reload\nip a #to check whether the ip is present\nservice mysql restart\nss -tulpen | grep 3306 #to check whether the database listens on the correct IP\ncd /opt/seafile-data/\ndocker compose down\ndocker compose up -d\n\n## restart your applications\n
          "},{"location":"setup/overview/","title":"Seafile Docker overview","text":"

          Seafile docker based installation consist of the following components (docker images):

          • Seafile server: Seafile core services, see Seafile Components for the details.
          • Sdoc server: SeaDoc server, provide a lightweight online collaborative document editor, see SeaDoc for the details.
          • Database: Stores data related to Seafile and SeaDoc.
          • Memcached: Cache server.
          • Caddy: Caddy server enables user to access the Seafile service (i.e., Seafile server and Sdoc server) externally and handles SSL configuration

          Seafile version 11.0 or later is required to work with SeaDoc

          "},{"location":"setup/run_seafile_as_non_root_user_inside_docker/","title":"Run Seafile as non root user inside docker","text":"

          You can use run seafile as non root user in docker.

          First add the NON_ROOT=true to the .env.

          NON_ROOT=true\n

          Then modify /opt/seafile-data/seafile/ permissions.

          chmod -R a+rwx /opt/seafile-data/seafile/\n

          Then destroy the containers and run them again:

          docker compose down\ndocker compose up -d\n

          Now you can run Seafile as seafile user.

          Tip

          When doing maintenance, other scripts in docker are also required to be run as seafile user, e.g. su seafile -c ./seaf-gc.sh

          "},{"location":"setup/seafile_docker_autostart/","title":"Seafile Docker autostart","text":"

          You can use one of the following methods to start Seafile container on system bootup.

          "},{"location":"setup/seafile_docker_autostart/#modify-docker-composeservice","title":"Modify docker-compose.service","text":"

          1. Add docker-compose.service

            vim /etc/systemd/system/docker-compose.service

            [Unit]\nDescription=Docker Compose Application Service\nRequires=docker.service\nAfter=docker.service\n\n[Service]\nType=forking\nRemainAfterExit=yes\nWorkingDirectory=/opt/   \nExecStart=/usr/bin/docker compose up -d\nExecStop=/usr/bin/docker compose down\nTimeoutStartSec=0\n\n[Install]\nWantedBy=multi-user.target\n

            Note

            WorkingDirectory is the absolute path to the seafile-server.yml file directory.

          2. Set the docker-compose.service file to 644 permissions

            chmod 644 /etc/systemd/system/docker-compose.service\n

          3. Load autostart configuration

            systemctl daemon-reload\nsystemctl enable docker-compose.service\n
          "},{"location":"setup/seafile_docker_autostart/#modify-docker-files","title":"Modify Docker files","text":"

          Add configuration restart: unless-stopped for each container in components of Seafile docker. Take seafile-server.yml for example

          services:\ndb:\n    image: mariadb:10.11\n    container_name: seafile-mysql-1\n    restart: unless-stopped\n\nmemcached:\n    image: memcached:1.6.18\n    container_name: seafile-memcached\n    restart: unless-stopped\n\nelasticsearch:\n    image: elasticsearch:8.6.2\n    container_name: seafile-elasticsearch\n    restart: unless-stopped\n\nseafile:\n    image: docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest\n    container_name: seafile\n    restart: unless-stopped\n

          Tip

          Add restart: unless-stopped, and the Seafile container will automatically start when Docker starts. If the Seafile container does not exist (execute docker compose down), the container will not start automatically.

          "},{"location":"setup/setup_ce_by_docker/","title":"Installation of Seafile Server Community Edition with Docker","text":""},{"location":"setup/setup_ce_by_docker/#requirements","title":"Requirements","text":"

          Seafile Community Edition requires a minimum of 2 cores and 2GB RAM.

          "},{"location":"setup/setup_ce_by_docker/#getting-started","title":"Getting started","text":"

          The following assumptions and conventions are used in the rest of this document:

          • /opt/seafile is the directory for store Seafile docker compose files. If you decide to put Seafile in a different directory \u2014 which you can \u2014 adjust all paths accordingly.
          • Seafile uses two Docker volumes for persisting data generated in its database and Seafile Docker container. The volumes' host paths are /opt/seafile-mysql and /opt/seafile-data, respectively. It is not recommended to change these paths. If you do, account for it when following these instructions.
          • All configuration and log files for Seafile and the webserver Nginx are stored in the volume of the Seafile container.
          "},{"location":"setup/setup_ce_by_docker/#install-docker","title":"Install docker","text":"

          Use the official installation guide for your OS to install Docker.

          "},{"location":"setup/setup_ce_by_docker/#download-and-modify-env","title":"Download and modify .env","text":"

          From Seafile Docker 12.0, we use .env, seafile-server.yml and caddy.yml files for configuration

          mkdir /opt/seafile\ncd /opt/seafile\n\n# Seafile CE 12.0\nwget -O .env https://manual.seafile.com/12.0/docker/ce/env\nwget https://manual.seafile.com/12.0/docker/ce/seafile-server.yml\nwget https://manual.seafile.com/12.0/docker/ce/caddy.yml\n\nnano .env\n

          The following fields merit particular attention:

          Variable Description Default Value SEAFILE_VOLUME The volume directory of Seafile data /opt/seafile-data SEAFILE_MYSQL_VOLUME The volume directory of MySQL data /opt/seafile-mysql/db SEAFILE_CADDY_VOLUME The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's /opt/seafile-caddy INIT_SEAFILE_MYSQL_ROOT_PASSWORD The root password of MySQL (required) SEAFILE_MYSQL_DB_USER The user of MySQL (database - user can be found in conf/seafile.conf) seafile SEAFILE_MYSQL_DB_PASSWORD The user seafile password of MySQL (required) JWT JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using pwgen -s 40 1 (required) SEAFILE_SERVER_HOSTNAME Seafile server hostname or domain (required) SEAFILE_SERVER_PROTOCOL Seafile server protocol (http or https) http TIME_ZONE Time zone UTC INIT_SEAFILE_ADMIN_EMAIL Admin username me@example.com (Recommend modifications) INIT_SEAFILE_ADMIN_PASSWORD Admin password asecret (Recommend modifications)"},{"location":"setup/setup_ce_by_docker/#start-seafile-server","title":"Start Seafile server","text":"

          Start Seafile server with the following command

          docker compose up -d\n

          Note

          You must run the above command in the directory with the .env. If .env file is elsewhere, please run

          docker compose -f /path/to/.env up -d\n

          Wait for a few minutes for the first time initialization, then visit http://seafile.example.com to open Seafile Web UI.

          "},{"location":"setup/setup_ce_by_docker/#seafile-directory-structure","title":"Seafile directory structure","text":""},{"location":"setup/setup_ce_by_docker/#path-optseafile-data","title":"Path /opt/seafile-data","text":"

          Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various log files and upload directory outside. This allows you to rebuild containers easily without losing important information.

          • /opt/seafile-data/seafile: This is the directory for seafile server configuration and data.
            • /opt/seafile-data/seafile/logs: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in /opt/seafile-data/seafile/logs/seafile.log.
          • /opt/seafile-data/logs: This is the directory for operating system.
            • /opt/seafile-data/logs/var-log: This is the directory that would be mounted as /var/log inside the container.

          Tip

          From Seafile Docker 12.0, the Nginx's log is not accessable, as we use the Caddy to do web service proxy. If you would like to access the logs of Caddy, you can use following command:

          docker logs seafile-caddy --follow\n
          "},{"location":"setup/setup_ce_by_docker/#find-logs","title":"Find logs","text":"

          To monitor container logs (from outside of the container), please use the following commands:

          # if the `.env` file is in current directory:\ndocker compose logs --follow\n# if the `.env` file is elsewhere:\ndocker compose -f /path/to/.env logs --follow\n\n# you can also specify container name:\ndocker compose logs seafile --follow\n# or, if the `.env` file is elsewhere:\ndocker compose -f /path/to/.env logs seafile --follow\n

          The Seafile logs are under /shared/logs/seafile in the docker, or /opt/seafile-data/logs/seafile in the server that run the docker.

          The system logs are under /shared/logs/var-log, or /opt/seafile-data/logs/var-log in the server that run the docker.

          To monitor all Seafile logs simultaneously (from outside of the container), run

          sudo tail -f $(find /opt/seafile-data/ -type f -name *.log 2>/dev/null)\n
          "},{"location":"setup/setup_ce_by_docker/#more-configuration-options","title":"More configuration options","text":"

          The config files are under /opt/seafile-data/seafile/conf. You can modify the configurations according to configuration section

          "},{"location":"setup/setup_ce_by_docker/#add-a-new-admin","title":"Add a new admin","text":"

          Ensure the container is running, then enter this command:

          docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh\n

          Enter the username and password according to the prompts. You now have a new admin account.

          "},{"location":"setup/setup_ce_by_docker/#backup-and-recovery","title":"Backup and recovery","text":"

          Follow the instructions in Backup and restore for Seafile Docker

          "},{"location":"setup/setup_ce_by_docker/#garbage-collection","title":"Garbage collection","text":"

          When files are deleted, the blocks comprising those files are not immediately removed as there may be other files that reference those blocks (due to the magic of deduplication). To remove them, Seafile requires a 'garbage collection' process to be run, which detects which blocks no longer used and purges them.

          The required scripts can be found in the /scripts folder of the docker container. To perform garbage collection, simply run docker exec seafile /scripts/gc.sh.

          "},{"location":"setup/setup_ce_by_docker/#faq","title":"FAQ","text":"

          Q: If I want enter into the Docker container, which command I can use?

          A: You can enter into the docker container using the command:

          docker exec -it seafile /bin/bash\n

          Q: I forgot the Seafile admin email address/password, how do I create a new admin account?

          A: You can create a new admin account by running

          docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh\n

          The Seafile service must be up when running the superuser command.

          Q: If, for whatever reason, the installation fails, how do I to start from a clean slate again?

          A: Remove the directories /opt/seafile, /opt/seafile-data and /opt/seafile-mysql and start again.

          Q: Something goes wrong during the start of the containers. How can I find out more?

          A: You can view the docker logs using this command: docker compose logs -f.

          "},{"location":"setup/setup_pro_by_docker/","title":"Installation of Seafile Server Professional Edition with Docker","text":"

          This manual explains how to deploy and run Seafile Server Professional Edition (Seafile PE) on a Linux server using Docker and Docker Compose. The deployment has been tested for Debian/Ubuntu and CentOS, but Seafile PE should also work on other Linux distributions.

          "},{"location":"setup/setup_pro_by_docker/#requirements","title":"Requirements","text":"

          Seafile PE requires a minimum of 2 cores and 2GB RAM.

          Other requirements for Seafile PE

          If Elasticsearch is installed on the same server, the minimum requirements are 4 cores and 4 GB RAM, and make sure the mmapfs counts do not cause excptions like out of memory, which can be increased by following command (see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html for futher details):

          sysctl -w vm.max_map_count=262144 #run as root\n

          or modify /etc/sysctl.conf and reboot to set this value permanently:

          nano /etc/sysctl.conf\n\n# modify vm.max_map_count\nvm.max_map_count=262144\n

          About license

          Seafile PE can be used without a paid license with up to three users. Licenses for more user can be purchased in the Seafile Customer Center or contact Seafile Sales at sales@seafile.com. For futher details, please refer the license page of Seafile PE.

          "},{"location":"setup/setup_pro_by_docker/#setup","title":"Setup","text":"

          The following assumptions and conventions are used in the rest of this document:

          • /opt/seafile is the directory of Seafile for storing Seafile docker files. If you decide to put Seafile in a different directory, adjust all paths accordingly.
          • Seafile uses two Docker volumes for persisting data generated in its database and Seafile Docker container. The volumes' host paths are /opt/seafile-mysql and /opt/seafile-data, respectively. It is not recommended to change these paths. If you do, account for it when following these instructions.
          • All configuration and log files for Seafile and the webserver Nginx are stored in the volume of the Seafile container.
          "},{"location":"setup/setup_pro_by_docker/#installing-docker","title":"Installing Docker","text":"

          Use the official installation guide for your OS to install Docker.

          "},{"location":"setup/setup_pro_by_docker/#downloading-the-seafile-image","title":"Downloading the Seafile Image","text":"

          Log into Seafile's private repository and pull the Seafile image:

          docker login docker.seadrive.org\ndocker pull docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest\n

          When prompted, enter the username and password of the private repository. They are available on the download page in the Customer Center.

          Note

          Older Seafile PE versions are also available in the repository (back to Seafile 7.0). To pull an older version, replace '12.0-latest' tag by the desired version.

          "},{"location":"setup/setup_pro_by_docker/#downloading-and-modifying-env","title":"Downloading and Modifying .env","text":"

          From Seafile Docker 12.0, we use .env, seafile-server.yml and caddy.yml files for configuration.

          mkdir /opt/seafile\ncd /opt/seafile\n\n# Seafile PE 12.0\nwget -O .env https://manual.seafile.com/12.0/docker/pro/env\nwget https://manual.seafile.com/12.0/docker/pro/seafile-server.yml\nwget https://manual.seafile.com/12.0/docker/pro/caddy.yml\n\nnano .env\n

          The following fields merit particular attention:

          Variable Description Default Value SEAFILE_VOLUME The volume directory of Seafile data /opt/seafile-data SEAFILE_MYSQL_VOLUME The volume directory of MySQL data /opt/seafile-mysql/db SEAFILE_CADDY_VOLUME The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's /opt/seafile-caddy SEAFILE_ELASTICSEARCH_VOLUME (Only valid for Seafile PE) The volume directory of Elasticsearch data /opt/seafile-elasticsearch/data INIT_SEAFILE_MYSQL_ROOT_PASSWORD The root password of MySQL (required) SEAFILE_MYSQL_DB_USER The user of MySQL (database - user can be found in conf/seafile.conf) seafile SEAFILE_MYSQL_DB_PASSWORD The user seafile password of MySQL (required) JWT JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using pwgen -s 40 1 (required) SEAFILE_SERVER_HOSTNAME Seafile server hostname or domain (required) SEAFILE_SERVER_PROTOCOL Seafile server protocol (http or https) http TIME_ZONE Time zone UTC INIT_SEAFILE_ADMIN_EMAIL Admin username me@example.com INIT_SEAFILE_ADMIN_PASSWORD Admin password asecret

          To conclude, set the directory permissions of the Elasticsearch volumne:

          mkdir -p /opt/seafile-elasticsearch/data\nchmod 777 -R /opt/seafile-elasticsearch/data\n
          "},{"location":"setup/setup_pro_by_docker/#starting-the-docker-containers","title":"Starting the Docker Containers","text":"

          Run docker compose in detached mode:

          docker compose up -d\n

          Note

          You must run the above command in the directory with the .env. If .env file is elsewhere, please run

          docker compose -f /path/to/.env up -d\n

          Wait a few moment for the database to initialize. You can now access Seafile at the host name specified in the Compose file.

          A 502 Bad Gateway error means that the system has not yet completed the initialization

          "},{"location":"setup/setup_pro_by_docker/#find-logs","title":"Find logs","text":"

          To view Seafile docker logs, please use the following command

          docker compose logs -f\n

          The Seafile logs are under /shared/logs/seafile in the docker, or /opt/seafile-data/logs/seafile in the server that run the docker.

          The system logs are under /shared/logs/var-log, or /opt/seafile-data/logs/var-log in the server that run the docker.

          "},{"location":"setup/setup_pro_by_docker/#activating-the-seafile-license","title":"Activating the Seafile License","text":"

          If you have a seafile-license.txt license file, simply put it in the volume of the Seafile container. The volumne's default path in the Compose file is /opt/seafile-data. If you have modified the path, save the license file under your custom path.

          Then restart Seafile:

          docker compose down\n\ndocker compose up -d\n
          "},{"location":"setup/setup_pro_by_docker/#seafile-directory-structure","title":"Seafile directory structure","text":""},{"location":"setup/setup_pro_by_docker/#path-optseafile-data","title":"Path /opt/seafile-data","text":"

          Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various log files and upload directory outside. This allows you to rebuild containers easily without losing important information.

          • /opt/seafile-data/seafile: This is the directory for seafile server configuration \u3001logs and data.
          • /opt/seafile-data/seafile/logs: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in /opt/seafile-data/seafile/logs/seafile.log.
          • /opt/seafile-data/logs: This is the directory for operating system and Nginx logs.
          • /opt/seafile-data/logs/var-log: This is the directory that would be mounted as /var/log inside the container. For example, you can find the nginx logs in /opt/seafile-data/logs/var-log/nginx/.
          "},{"location":"setup/setup_pro_by_docker/#reviewing-the-deployment","title":"Reviewing the Deployment","text":"

          The command docker container list should list the containers specified in the .env.

          The directory layout of the Seafile container's volume should look as follows:

          $ tree /opt/seafile-data -L 2\n/opt/seafile-data\n\u251c\u2500\u2500 logs\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 var-log\n\u251c\u2500\u2500 nginx\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 conf\n\u2514\u2500\u2500 seafile\n \u00a0\u00a0 \u251c\u2500\u2500 ccnet\n \u00a0\u00a0 \u251c\u2500\u2500 conf\n \u00a0\u00a0 \u251c\u2500\u2500 logs\n \u00a0\u00a0 \u251c\u2500\u2500 pro-data\n \u00a0\u00a0 \u251c\u2500\u2500 seafile-data\n \u00a0\u00a0 \u2514\u2500\u2500 seahub-data\n

          All Seafile config files are stored in /opt/seafile-data/seafile/conf. The nginx config file is in /opt/seafile-data/nginx/conf.

          Any modification of a configuration file requires a restart of Seafile to take effect:

          docker compose restart\n

          All Seafile log files are stored in /opt/seafile-data/seafile/logs whereas all other log files are in /opt/seafile-data/logs/var-log.

          "},{"location":"setup/setup_pro_by_docker/#backup-and-recovery","title":"Backup and Recovery","text":"

          Follow the instructions in Backup and restore for Seafile Docker

          "},{"location":"setup/setup_pro_by_docker/#garbage-collection","title":"Garbage Collection","text":"

          When files are deleted, the blocks comprising those files are not immediately removed as there may be other files that reference those blocks (due to the magic of deduplication). To remove them, Seafile requires a 'garbage collection' process to be run, which detects which blocks no longer used and purges them.

          The required scripts can be found in the /scripts folder of the docker container. To perform garbage collection, simply run docker exec seafile /scripts/gc.sh.

          "},{"location":"setup/setup_pro_by_docker/#faq","title":"FAQ","text":"

          Q: If I want enter into the Docker container, which command I can use?

          A: You can enter into the docker container using the command:

          docker exec -it seafile /bin/bash\n

          Q: I forgot the Seafile admin email address/password, how do I create a new admin account?

          A: You can create a new admin account by running

          docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh\n

          The Seafile service must be up when running the superuser command.

          Q: If, for whatever reason, the installation fails, how do I to start from a clean slate again?

          A: Remove the directories /opt/seafile, /opt/seafile-data, /opt/seafile-elasticsearch, and /opt/seafile-mysql and start again.

          Q: Something goes wrong during the start of the containers. How can I find out more?

          A: You can view the docker logs using this command: docker compose logs -f.

          "},{"location":"setup/setup_with_amazon_s3/","title":"Setup With S3 Storage","text":""},{"location":"setup/setup_with_amazon_s3/#prepare","title":"Prepare","text":"

          To setup Seafile Professional Server with Amazon S3:

          • Setup the basic Seafile Professional Server following the guide on Download and setup Seafile Professional Server
          • Install the python boto library. It's needed to access S3 service.
          Seafile 10.0 or earlierSeafile 11.0 
          sudo pip install boto\n
          sudo pip install boto3\n
          • Install and configure memcached or Redis. For best performance, Seafile requires enable memory cache for objects. We recommend to at least allocate 128MB memory for memcached or Redis.

          The configuration options differ for different S3 storage. We'll describe the configurations in separate sections.

          You also need to add memory cache configurations

          "},{"location":"setup/setup_with_amazon_s3/#aws-s3","title":"AWS S3","text":"

          AWS S3 is the original S3 storage provider.

          Edit seafile.conf, add the following lines:

          [commit_object_backend]\nname = s3\nbucket = my-commit-objects\nkey_id = your-key-id\nkey = your-secret-key\nuse_v4_signature = true\naws_region = eu-central-1\n\n[fs_object_backend]\nname = s3\nbucket = my-fs-objects\nkey_id = your-key-id\nkey = your-secret-key\nuse_v4_signature = true\naws_region = eu-central-1\n\n[block_backend]\nname = s3\nbucket = my-block-objects\nkey_id = your-key-id\nkey = your-secret-key\nuse_v4_signature = true\naws_region = eu-central-1\n

          We'll explain the configurations below:

          Variable Description bucket It's required to create separate buckets for commit, fs, and block objects. When creating your buckets on S3, please first read S3 bucket naming rules. Note especially not to use UPPERCASE letters in bucket names (don't use camel style names, such as MyCommitObjects). key_id The key_id is required to authenticate you to S3. You can find the key_id in the \"security credentials\" section on your AWS account page. key The key is required to authenticate you to S3. You can find the key in the \"security credentials\" section on your AWS account page. use_v4_signature There are two versions of authentication protocols that can be used with S3 storage: Version 2 (older, may still be supported by some regions) and Version 4 (current, used by most regions). If you don't set this option, Seafile will use the v2 protocol. It's suggested to use the v4 protocol. aws_region If you use the v4 protocol, set this option to the region you chose when you create the buckets. If it's not set and you're using the v4 protocol, Seafile will use us-east-1 as the default. This option will be ignored if you use the v2 protocol.

          Tip

          For file search and webdav to work with the v4 signature mechanism, you need to add following lines to ~/.boto

          [s3]\nuse-sigv4 = True\n
          "},{"location":"setup/setup_with_amazon_s3/#use-server-side-encryption-with-customer-provided-keys-sse-c","title":"Use server-side encryption with customer-provided keys (SSE-C)","text":"

          Since Pro 11.0, you can use SSE-C to S3. Add the following options to seafile.conf:

          [commit_object_backend]\nname = s3\n......\nuse_v4_signature = true\nuse_https = true\nsse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P\n\n[fs_object_backend]\nname = s3\n......\nuse_v4_signature = true\nuse_https = true\nsse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P\n\n[block_backend]\nname = s3\n......\nuse_v4_signature = true\nuse_https = true\nsse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P\n

          ssk_c_key is a 32-byte random string.

          "},{"location":"setup/setup_with_amazon_s3/#other-public-hosted-s3-storage","title":"Other Public Hosted S3 Storage","text":"

          There are other S3-compatible cloud storage providers in the market, such as Blackblaze and Wasabi. Configuration for those providers are just a bit different from AWS. We don't assure the following configuration works for all providers. If you have problems please contact our support

          [commit_object_backend]\nname = s3\nbucket = my-commit-objects\nhost = <access endpoint for storage provider>\nkey_id = your-key-id\nkey = your-secret-key\n# v2 authentication protocol will be used if not set\nuse_v4_signature = true\n# required for v4 protocol. ignored for v2 protocol.\naws_region = <region name for storage provider>\n\n[fs_object_backend]\nname = s3\nbucket = my-fs-objects\nhost = <access endpoint for storage provider>\nkey_id = your-key-id\nkey = your-secret-key\nuse_v4_signature = true\naws_region = <region name for storage provider>\n\n[block_backend]\nname = s3\nbucket = my-block-objects\nhost = <access endpoint for storage provider>\nkey_id = your-key-id\nkey = your-secret-key\nuse_v4_signature = true\naws_region = <region name for storage provider>\n
          variable description host The endpoint by which you access the storage service. Usually it starts with the region name. It's required to provide the host address, otherwise Seafile will use AWS's address. bucket It's required to create separate buckets for commit, fs, and block objects. key_id The key_id is required to authenticate you to S3 storage. key The key is required to authenticate you to S3 storage. (Note: key_id and key are typically used together for authentication.) use_v4_signature There are two versions of authentication protocols that can be used with S3 storage. Version 2 is the older one, which may still be supported by some cloud providers; version 4 is the current one used by Amazon S3 and is supported by most providers. If you don't set this option, Seafile will use v2 protocol. It's suggested to use v4 protocol. aws_region If you use v4 protocol, set this option to the region you chose when you create the buckets. If it's not set and you're using v4 protocol, Seafile will use us-east-1 as the default. This option will be ignored if you use v2 protocol.

          Tip

          For file search and webdav to work with the v4 signature mechanism, you need to add following lines to ~/.boto

          [s3]\nuse-sigv4 = True\n
          "},{"location":"setup/setup_with_amazon_s3/#self-hosted-s3-storage","title":"Self-hosted S3 Storage","text":"

          Many self-hosted object storage systems are now compatible with the S3 API, such as OpenStack Swift and Ceph's RADOS Gateway. You can use these S3-compatible storage systems as backend for Seafile. Here is an example config:

          [commit_object_backend]\nname = s3\nbucket = my-commit-objects\nkey_id = your-key-id\nkey = your-secret-key\nhost = 192.168.1.123:8080\npath_style_request = true\n\n[fs_object_backend]\nname = s3\nbucket = my-fs-objects\nkey_id = your-key-id\nkey = your-secret-key\nhost = 192.168.1.123:8080\npath_style_request = true\n\n[block_backend]\nname = s3\nbucket = my-block-objects\nkey_id = your-key-id\nkey = your-secret-key\nhost = 192.168.1.123:8080\npath_style_request = true\n
          variable description host It is the address and port of the S3-compatible service. You cannot prepend \"http\" or \"https\" to the host option. By default it'll use http connections. If you want to use https connection, please set use_https = true option. bucket It's required to create separate buckets for commit, fs, and block objects. key_id The key_id is required to authenticate you to S3 storage. key The key is required to authenticate you to S3 storage. (Note: key_id and key are typically used together for authentication.) path_style_request This option asks Seafile to use URLs like https://192.168.1.123:8080/bucketname/object to access objects. In Amazon S3, the default URL format is in virtual host style, such as https://bucketname.s3.amazonaws.com/object. But this style relies on advanced DNS server setup. So most self-hosted storage systems only implement the path style format. So we recommend to set this option to true.

          Below are a few options that are not shown in the example configuration above:

          variable description use_v4_signature There are two versions of authentication protocols that can be used with S3 storage. Version 2 is the protocol supported by most self-hosted storage; version 4 is the current protocol used by AWS S3, but may not be supported by some self-hosted storage. If you don't set this option, Seafile will use the v2 protocol by default. We recommend trying V2 first and switching to V4 if V2 doesn't work. aws_region If you use the v4 protocol, set this option to the region you chose when you created the buckets. If it's not set and you're using the v4 protocol, Seafile will use us-east-1 as the default. This option will be ignored if you use the v2 protocol."},{"location":"setup/setup_with_amazon_s3/#use-https-connections-to-s3","title":"Use HTTPS connections to S3","text":"

          To use HTTPS connections to S3, add the following options to seafile.conf:

          [commit_object_backend]\nname = s3\n......\nuse_https = true\n\n[fs_object_backend]\nname = s3\n......\nuse_https = true\n\n[block_backend]\nname = s3\n......\nuse_https = true\n

          Because the server package is built on CentOS 6, if you're using Debian/Ubuntu, you have to copy the system CA bundle to CentOS's CA bundle path. Otherwise Seafile can't find the CA bundle so that the SSL connection will fail.

          sudo mkdir -p /etc/pki/tls/certs\nsudo cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt\nsudo ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/cert.pem\n

          Warning

          You must not use '.' in your bucket names. Otherwise the wildcard certificate for AWS S3 cannot be resolved. This is a limitation on AWS.

          "},{"location":"setup/setup_with_amazon_s3/#run-and-test","title":"Run and Test","text":"

          Now you can start Seafile and test

          "},{"location":"setup/setup_with_an_existing_mysql_server/","title":"Deploy with an existing MySQL server","text":"

          If you want to use an existing MySQL server, you can modify the .env as follows

          SEAFILE_MYSQL_DB_HOST=192.168.0.2\nSEAFILE_MYSQL_DB_PORT=3306\nINIT_SEAFILE_MYSQL_ROOT_PASSWORD=ROOT_PASSWORD\nSEAFILE_MYSQL_DB_PASSWORD=PASSWORD\n

          Tip

          INIT_SEAFILE_MYSQL_ROOT_PASSWORD is needed during installation (i.e., the deployment in the first time). After Seafile is installed, the user seafile will be used to connect to the MySQL server (SEAFILE_MYSQL_DB_PASSWORD), then you can remove the INIT_SEAFILE_MYSQL_ROOT_PASSWORD.

          "},{"location":"setup/setup_with_ceph/","title":"Setup With Ceph","text":"

          Ceph is a scalable distributed storage system. It's recommended to use Ceph's S3 Gateway (RGW) to integarte with Seafile. Seafile can also use Ceph's RADOS object storage layer for storage backend. But using RADOS requires to link with librados library, which may introduce library incompatibility issues during deployment. Furthermore the S3 Gateway provides easier to manage HTTP based interface. If you want to integrate with S3 gateway, please refer to \"Use S3-compatible Object Storage\" section in this documentation. The documentation below is for integrating with RADOS.

          "},{"location":"setup/setup_with_ceph/#copy-ceph-conf-file-and-client-keyring","title":"Copy ceph conf file and client keyring","text":"

          Seafile acts as a client to Ceph/RADOS, so it needs to access ceph cluster's conf file and keyring. You have to copy these files from a ceph admin node's /etc/ceph directory to the seafile machine.

          seafile-machine# sudo scp user@ceph-admin-node:/etc/ceph/ /etc\n
          "},{"location":"setup/setup_with_ceph/#install-and-enable-memcached","title":"Install and enable memcached","text":"

          For best performance, Seafile requires install memcached or redis and enable cache for objects.

          We recommend to allocate at least 128MB memory for object cache.

          "},{"location":"setup/setup_with_ceph/#install-python-ceph-library","title":"Install Python Ceph Library","text":"

          File search and WebDAV functions rely on Python Ceph library installed in the system.

          sudo apt-get install python3-rados\n
          "},{"location":"setup/setup_with_ceph/#edit-seafile-configuration","title":"Edit seafile configuration","text":"

          Edit seafile.conf, add the following lines:

          [block_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\npool = seafile-blocks\n\n[commit_object_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\npool = seafile-commits\n\n[fs_object_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\npool = seafile-fs\n

          You also need to add memory cache configurations

          It's required to create separate pools for commit, fs, and block objects.

          ceph-admin-node# rados mkpool seafile-blocks\nceph-admin-node# rados mkpool seafile-commits\nceph-admin-node# rados mkpool seafile-fs\n

          Troubleshooting librados incompatibility issues

          Since 8.0 version, Seafile bundles librados from Ceph 16. On some systems you may find Seafile fail to connect to your Ceph cluster. In such case, you can usually solve it by removing the bundled librados libraries and use the one installed in the OS.

          To do this, you have to remove a few bundled libraries:

          cd seafile-server-latest/seafile/lib\nrm librados.so.2 libstdc++.so.6 libnspr4.so\n
          "},{"location":"setup/setup_with_ceph/#use-arbitary-ceph-user","title":"Use arbitary Ceph user","text":"

          The above configuration will use the default (client.admin) user to connect to Ceph. You may want to use some other Ceph user to connect. This is supported in Seafile. To specify the Ceph user, you have to add a ceph_client_id option to seafile.conf, as the following:

          [block_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\n# Sepcify Ceph user for Seafile here\nceph_client_id = seafile\npool = seafile-blocks\n\n[commit_object_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\n# Sepcify Ceph user for Seafile here\nceph_client_id = seafile\npool = seafile-commits\n\n[fs_object_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\n# Sepcify Ceph user for Seafile here\nceph_client_id = seafile\npool = seafile-fs\n\n# Memcached or Reids configs\n......\n

          You can create a ceph user for seafile on your ceph cluster like this:

          ceph auth add client.seafile \\\n  mds 'allow' \\\n  mon 'allow r' \\\n  osd 'allow rwx pool=seafile-blocks, allow rwx pool=seafile-commits, allow rwx pool=seafile-fs'\n

          You also have to add this user's keyring path to /etc/ceph/ceph.conf:

          [client.seafile]\nkeyring = <path to user's keyring file>\n
          "},{"location":"setup/setup_with_multiple_storage_backends/","title":"Multiple Storage Backend","text":"

          There are some use cases that supporting multiple storage backends in Seafile server is needed. Such as:

          1. Store different types of files into different storage backends. For example, normal files can be stored in primary storage (disks, SSD); Archived files can be stored in cold storage (tapes or other backup systems).
          2. Combine multiple storage backends to extend storage scalability. For example, a single NFS volume may be limited by size; a single S3 bucket of Ceph RGW may suffer performance decrease when the number of objects become very large.

          The library data in Seafile server are spreaded into multiple storage backends in the unit of libraries. All the data in a library will be located in the same storage backend. The mapping from library to its storage backend is stored in a database table. Different mapping policies can be chosen based on the use case.

          To use this feature, you need to:

          1. Define storage classes in seafile.conf.
          2. Enable multiple backend feature in seahub and choose a mapping policy.
          "},{"location":"setup/setup_with_multiple_storage_backends/#outline","title":"Outline","text":"

          In Seafile server, a storage backend is represented by the concept of \"storage class\". A storage class is defined by specifying the following information:

          • storage_id: an internal string ID to identify the storage class. It's not visible to users. For example \"primary storage\".
          • name: A user visible name for the storage class.
          • is_default: whether this storage class is the default. This option are effective in two cases:
          • If the chosen mapping policy allows users to choose storage class for a library, this would be the default if the user doesn't choose one.
          • For other mapping policies, this option only takes effect when you have some existing libraries before enabling multiple storage backend feature. For existing libraries, the system will automatically map them to the default storage backend. So in this case you have to set the existing storage backend as the default one.
          • commits\uff1athe storage for storing the commit objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3.
          • fs\uff1athe storage for storing the fs objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3.
          • blocks\uff1athe storage for storing the block objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3.

          commit, fs, and blocks can be stored in different storages. This provides the most flexible way to define storage classes.

          "},{"location":"setup/setup_with_multiple_storage_backends/#seafile-configuration","title":"Seafile Configuration","text":"

          As Seafile server before 6.3 version doesn't support multiple storage classes, you have to explicitly enable this new feature and define storage classes with a different syntax than how we define storage backend before.

          First, you have to enable this feature in seafile.conf.

          [storage]\nenable_storage_classes = true\nstorage_classes_file = /opt/seafile_storage_classes.json\n
          • enable_storage_classes \uff1aIf this is set to true, the storage class feature is enabled. You must define the storage classes in a JSON file provided in the next configuration option.
          • storage_classes_file\uff1aSpecifies the path for the JSON file that contains the storage class definition.

          You also need to add memory cache configurations to seafile.conf

          "},{"location":"setup/setup_with_multiple_storage_backends/#notes-for-docker-installs","title":"Notes for Docker Installs","text":"

          If installing Seafile as Docker containers, place the seafile_storage_classes.json file on your local disk in a sub-directory of the location that is mounted to the seafile container, and set the storage_classes_file configuration above to a path relative to the /shared/ directory mounted on the seafile container.

          For example, if the configuration of the seafile container in your docker-compose.yml file is similar to the following: 

          // docker-compose.yml\nservices:\n  seafile:\n    container_name: seafile\n    volumes:\n      - /opt/seafile-data:/shared\n

          Then place the JSON file within any sub-directory of /opt/seafile-data (such as /opt/seafile-data/conf/) and then configure seafile.conf like so:

          [storage]\nenable_storage_classes = true\nstorage_classes_file = /shared/conf/seafile_storage_classes.json\n

          You also need to add memory cache configurations to seafile.conf

          "},{"location":"setup/setup_with_multiple_storage_backends/#defining-storage-backends","title":"Defining Storage Backends","text":"

          The JSON file is an array of objects. Each object defines a storage class. The fields in the definition corresponds to the information we need to specify for a storage class. Below is an example:

          [\n  {\n    \"storage_id\": \"hot_storage\",\n    \"name\": \"Hot Storage\",\n    \"is_default\": true,\n    \"commits\": {\n      \"backend\": \"s3\",\n      \"bucket\": \"seafile-commits\",\n      \"key\": \"ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09\",\n      \"key_id\": \"AKIAIOT3GCU5VGCCL44A\"\n    },\n    \"fs\": {\n      \"backend\": \"s3\",\n      \"bucket\": \"seafile-fs\",\n      \"key\": \"ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09\",\n      \"key_id\": \"AKIAIOT3GCU5VGCCL44A\"\n    },\n    \"blocks\": {\n      \"backend\": \"s3\",\n      \"bucket\": \"seafile-blocks\",\n      \"key\": \"ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09\",\n      \"key_id\": \"AKIAIOT3GCU5VGCCL44A\"\n    }\n  },\n  {\n    \"storage_id\": \"cold_storage\",\n    \"name\": \"Cold Storage\",\n    \"is_default\": false,\n    \"fs\": {\n      \"backend\": \"fs\",\n      \"dir\": \"/storage/seafile/seafile-data\"\n    },\n    \"commits\": {\n      \"backend\": \"fs\",\n      \"dir\": \"/storage/seafile/seafile-data\"\n    },\n    \"blocks\": {\n      \"backend\": \"fs\",\n      \"dir\": \"/storage/seafile/seaflle-data\"\n    }\n  },\n  {\n    \"storage_id\": \"swift_storage\",\n    \"name\": \"Swift Storage\",\n    \"fs\": {\n      \"backend\": \"swift\",\n      \"tenant\": \"adminTenant\",\n      \"user_name\": \"admin\",\n      \"password\": \"openstack\",\n      \"container\": \"seafile-commits\",\n      \"auth_host\": \"192.168.56.31:5000\",\n      \"auth_ver\": \"v2.0\"\n    },\n    \"commits\": {\n      \"backend\": \"swift\",\n      \"tenant\": \"adminTenant\",\n      \"user_name\": \"admin\",\n      \"password\": \"openstack\",\n      \"container\": \"seafile-fs\",\n      \"auth_host\": \"192.168.56.31:5000\",\n      \"auth_ver\": \"v2.0\"\n    },\n    \"blocks\": {\n      \"backend\": \"swift\",\n      \"tenant\": \"adminTenant\",\n      \"user_name\": \"admin\",\n      \"password\": \"openstack\",\n      \"container\": \"seafile-blocks\",\n      \"auth_host\": \"192.168.56.31:5000\",\n      \"auth_ver\": \"v2.0\",\n      \"region\": \"RegionTwo\"\n    }\n  },\n  {\n    \"storage_id\": \"ceph_storage\",\n    \"name\": \"ceph Storage\",\n    \"fs\": {\n      \"backend\": \"ceph\",\n      \"ceph_config\": \"/etc/ceph/ceph.conf\",\n      \"pool\": \"seafile-fs\"\n    },\n    \"commits\": {\n      \"backend\": \"ceph\",\n      \"ceph_config\": \"/etc/ceph/ceph.conf\",\n      \"pool\": \"seafile-commits\"\n    },\n    \"blocks\": {\n      \"backend\": \"ceph\",\n      \"ceph_config\": \"/etc/ceph/ceph.conf\",\n      \"pool\": \"seafile-blocks\"\n    }\n  }\n]\n

          As you may have seen, the commits, fs and blocks information syntax is similar to what is used in [commit_object_backend], [fs_object_backend] and [block_backend] section of seafile.conf. Refer to the detailed syntax in the documentation for the storage you use. For exampe, if you use S3 storage, refer to S3 Storage.

          If you use file system as storage for fs, commits or blocks, you must explicitly provide the path for the seafile-data directory. The objects will be stored in storage/commits, storage/fs, storage/blocks under this path.

          Currently file system, S3 and Swift backends are supported. Ceph/RADOS is also supported since version 7.0.14

          "},{"location":"setup/setup_with_multiple_storage_backends/#library-mapping-policies","title":"Library Mapping Policies","text":"

          Library mapping policies decide the storage class a library uses. Currently we provide 3 policies for 3 different use cases. The storage class of a library is decided on creation and stored in a database table. The storage class of a library won't change if the mapping policy is changed later.

          Before choosing your mapping policy, you need to enable the storage classes feature in seahub_settings.py:

          ENABLE_STORAGE_CLASSES = True\n
          "},{"location":"setup/setup_with_multiple_storage_backends/#user-chosen","title":"User Chosen","text":"

          This policy lets the users choose which storage class to use when creating a new library. The users can select any storage class that's been defined in the JSON file.

          To use this policy, add following options in seahub_settings.py:

          STORAGE_CLASS_MAPPING_POLICY = 'USER_SELECT'\n

          If you enable storage class support but don't explicitly set STORAGE_CLASS_MAPPING_POLIICY in seahub_settings.py, this policy is used by default.

          "},{"location":"setup/setup_with_multiple_storage_backends/#role-based-mapping","title":"Role-based Mapping","text":"

          Due to storage cost or management considerations, sometimes a system admin wants to make different type of users use different storage backends (or classes). You can configure a user's storage classes based on their roles.

          A new option storage_ids is added to the role configuration in seahub_settings.py to assign storage classes to each role. If only one storage class is assigned to a role, the users with this role cannot choose storage class for libraries; otherwise, the users can choose a storage class if more than one class are assigned. If no storage class is assigned to a role, the default class specified in the JSON file will be used.

          Here are the sample options in seahub_settings.py to use this policy:

          ENABLE_STORAGE_CLASSES = True\nSTORAGE_CLASS_MAPPING_POLICY = 'ROLE_BASED'\n\nENABLED_ROLE_PERMISSIONS = {\n    'default': {\n        'can_add_repo': True,\n        'can_add_group': True,\n        'can_view_org': True,\n        'can_use_global_address_book': True,\n        'can_generate_share_link': True,\n        'can_generate_upload_link': True,\n        'can_invite_guest': True,\n        'can_connect_with_android_clients': True,\n        'can_connect_with_ios_clients': True,\n        'can_connect_with_desktop_clients': True,\n        'storage_ids': ['old_version_id', 'hot_storage', 'cold_storage', 'a_storage'],\n    },\n    'guest': {\n        'can_add_repo': True,\n        'can_add_group': False,\n        'can_view_org': False,\n        'can_use_global_address_book': False,\n        'can_generate_share_link': False,\n        'can_generate_upload_link': False,\n        'can_invite_guest': False,\n        'can_connect_with_android_clients': False,\n        'can_connect_with_ios_clients': False,\n        'can_connect_with_desktop_clients': False,\n        'storage_ids': ['hot_storage', 'cold_storage'],\n    },\n}\n
          "},{"location":"setup/setup_with_multiple_storage_backends/#library-id-based-mapping","title":"Library ID Based Mapping","text":"

          This policy maps libraries to storage classes based on its library ID. The ID of a library is an UUID. In this way, the data in the system can be evenly distributed among the storage classes.

          Note

          This policy is not a designed to be a complete distributed storage solution. It doesn't handle automatic migration of library data between storage classes. If you need to add more storage classes to the configuration, existing libraries will stay in their original storage classes. New libraries can be distributed among the new storage classes (backends). You still have to plan about the total storage capacity of your system at the beginning.

          To use this policy, you first add following options in seahub_settings.py:

          STORAGE_CLASS_MAPPING_POLICY = 'REPO_ID_MAPPING'\n

          Then you can add option for_new_library to the backends which are expected to store new libraries in json file:

          [\n{\n\"storage_id\": \"new_backend\",\n\"name\": \"New store\",\n\"for_new_library\": true,\n\"is_default\": false,\n\"fs\": {\"backend\": \"fs\", \"dir\": \"/storage/seafile/new-data\"},\n\"commits\": {\"backend\": \"fs\", \"dir\": \"/storage/seafile/new-data\"},\n\"blocks\": {\"backend\": \"fs\", \"dir\": \"/storage/seafile/new-data\"}\n}\n]\n
          "},{"location":"setup/setup_with_multiple_storage_backends/#multiple-storage-backend-data-migration","title":"Multiple Storage Backend Data Migration","text":"

          Run the migrate-repo.sh script to migrate library data between different storage backends.

          ./migrate-repo.sh [repo_id] origin_storage_id destination_storage_id\n
          • repo_id: migrated library id
          • origin_storage_id: migrated origin storage id
          • destination_storage_id: migrated destination storage id

          repo_id is optional, if not specified, all libraries will be migrated.

          Before running the migration script, you can set the OBJECT_LIST_FILE_PATH environment variable to specify a path prefix to store the migrated object list.

          For example:

          export OBJECT_LIST_FILE_PATH=/opt/test\n

          This will create three files in the specified path (/opt): test_4c731e5c-f589-4eaa-889f-14c00d4893cb.fs test_4c731e5c-f589-4eaa-889f-14c00d4893cb.commits test_4c731e5c-f589-4eaa-889f-14c00d4893cb.blocks Setting the OBJECT_LIST_FILE_PATH environment variable has two purposes:

          1. If the migrated library is very large, you need to run the migration script multiple times. Setting this environment variable can skip the previously migrated objects.
          2. After the migration is complete, if you need to delete the objects in the origin storage, you must set this environment variable.
          "},{"location":"setup/setup_with_multiple_storage_backends/#delete-all-objects-in-a-library-in-the-specified-storage-backend","title":"Delete All Objects In a Library In The Specified Storage Backend","text":"

          Run the remove-objs.sh script (before migration, you need to set the OBJECT_LIST_FILE_PATH environment variable) to delete all objects in a library in the specified storage backend.

          ./remove-objs.sh repo_id storage_id\n
          "},{"location":"setup/setup_with_oss/","title":"Setup With Alibaba OSS","text":""},{"location":"setup/setup_with_oss/#prepare","title":"Prepare","text":"

          To setup Seafile Professional Server with Alibaba OSS:

          • Setup the basic Seafile Professional Server following the guide on Download and setup Seafile Professional Server
          • Install the python oss2 library: sudo pip install oss2==2.3.0.For more installation help, please refer to this document.
          • Install and configure memcached or Redis. For best performance, Seafile requires enable memory cache for objects. We recommend to allocate at least 128MB memory for Memcached or Redis.
          "},{"location":"setup/setup_with_oss/#modify-seafileconf","title":"Modify Seafile.conf","text":"

          Edit seafile.conf, add the following lines: 

          [commit_object_backend]\nname = oss\nbucket = <your-seafile-commits-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nregion = beijing\n\n[fs_object_backend]\nname = oss\nbucket = <your-seafile-fs-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nregion = beijing\n\n[block_backend]\nname = oss\nbucket = <your-seafile-blocks-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nregion = beijing\n

          You also need to add memory cache configurations

          It's required to create separate buckets for commit, fs, and block objects. For performance and to save network traffic costs, you should create buckets within the region where the seafile server is running.

          The key_id and key are required to authenticate you to OSS. You can find the key_id and key in the \"security credentials\" section on your OSS management page.

          The region is the region where the bucket you created is located, such as beijing, hangzhou, shenzhen, etc.

          "},{"location":"setup/setup_with_oss/#use-oss-in-vpc","title":"Use OSS in VPC","text":"

          Before version 6.0.9, Seafile only supports using OSS services in the classic network environment. The OSS service address in the VPC (Virtual Private Network) environment is different from the classic network, so you need to specify the OSS access address in the configuration environment. After version 6.0.9, it supports the configuration of OSS access addresses, thus adding the support for VPC OSS services.

          Use the following configuration:

          [commit_object_backend]\nname = oss\nbucket = <your-seafile-commits-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nendpoint = vpc100-oss-cn-beijing.aliyuncs.com\n\n[fs_object_backend]\nname = oss\nbucket = <your-seafile-fs-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nendpoint = vpc100-oss-cn-beijing.aliyuncs.com\n\n[block_backend]\nname = oss\nbucket = <your-seafile-blocks-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nendpoint = vpc100-oss-cn-beijing.aliyuncs.com\n

          Compared with the configuration under the classic network, the above configuration uses the endpoint option to replace the region option. The corresponding endpoint address can be found at https://www.alibabacloud.com/help/en/object-storage-service/latest/regions-and-endpoints.

          endpoint is a general option, you can also set it to the OSS access address under the classic network, and it will work as well.

          You also need to add memory cache configurations

          "},{"location":"setup/setup_with_oss/#use-https-connections-to-oss","title":"Use HTTPS connections to OSS","text":"

          To use HTTPS connections to OSS, add the following options to seafile.conf:

          [commit_object_backend]\nname = oss\n......\nuse_https = true\n\n[fs_object_backend]\nname = oss\n......\nuse_https = true\n\n[block_backend]\nname = oss\n......\nuse_https = true\n
          "},{"location":"setup/setup_with_swift/","title":"Setup With OpenStack Swift","text":"

          This backend uses the native Swift API. Previously users can only use the S3-compatibility layer of Swift. That way is obsolete now.

          Since version 6.3, OpenStack Swift v3.0 API is supported.

          "},{"location":"setup/setup_with_swift/#prepare","title":"Prepare","text":"

          To setup Seafile Professional Server with Swift:

          • Setup the basic Seafile Professional Server
          • Install and configure memcached or Redis. For best performance, Seafile requires enable memory cache for objects. We recommend to at least allocate 128MB memory for memcached.
          "},{"location":"setup/setup_with_swift/#modify-seafileconf","title":"Modify Seafile.conf","text":"

          Edit seafile.conf, add the following lines:

          [block_backend]\nname = swift\ntenant = yourTenant\nuser_name = user\npassword = secret\ncontainer = seafile-blocks\nauth_host = 192.168.56.31:5000\nauth_ver = v3.0\nregion = yourRegion\n\n[commit_object_backend]\nname = swift\ntenant = yourTenant\nuser_name = user\npassword = secret\ncontainer = seafile-commits\nauth_host = 192.168.56.31:5000\nauth_ver = v3.0\nregion = yourRegion\n\n[fs_object_backend]\nname = swift\ntenant = yourTenant\nuser_name = user\npassword = secret\ncontainer = seafile-fs\nauth_host = 192.168.56.31:5000\nauth_ver = v3.0\nregion = yourRegion\n

          You also need to add memory cache configurations

          The above config is just an example. You should replace the options according to your own environment.

          Seafile supports Swift with Keystone as authentication mechanism. The auth_host option is the address and port of Keystone service.The region option is used to select publicURL,if you don't configure it, use the first publicURL in returning authenticated information.

          Seafile also supports Tempauth and Swauth since professional edition 6.2.1. The auth_ver option should be set to v1.0, tenant and region are no longer needed.

          It's required to create separate containers for commit, fs, and block objects.

          "},{"location":"setup/setup_with_swift/#use-https-connections-to-swift","title":"Use HTTPS connections to Swift","text":"

          Since Pro 5.0.4, you can use HTTPS connections to Swift. Add the following options to seafile.conf:

          [commit_object_backend]\nname = swift\n......\nuse_https = true\n\n[fs_object_backend]\nname = swift\n......\nuse_https = true\n\n[block_backend]\nname = swift\n......\nuse_https = true\n

          Because the server package is built on CentOS 6, if you're using Debian/Ubuntu, you have to copy the system CA bundle to CentOS's CA bundle path. Otherwise Seafile can't find the CA bundle so that the SSL connection will fail.

          sudo mkdir -p /etc/pki/tls/certs\nsudo cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt\nsudo ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/cert.pem\n
          "},{"location":"setup/setup_with_swift/#run-and-test","title":"Run and Test","text":"

          Now you can start Seafile by ./seafile.sh start and ./seahub.sh start and visit the website.

          "},{"location":"setup_binary/deploy_in_a_cluster/","title":"Deploy in a cluster","text":"

          Tip

          Since Seafile Pro server 6.0.0, cluster deployment requires \"sticky session\" settings in the load balancer. Otherwise sometimes folder download on the web UI can't work properly. Read the \"Load Balancer Setting\" section below for details

          "},{"location":"setup_binary/deploy_in_a_cluster/#architecture","title":"Architecture","text":"

          The Seafile cluster solution employs a 3-tier architecture:

          • Load balancer tier: Distribute incoming traffic to Seafile servers. HA can be achieved by deploying multiple load balancer instances.
          • Seafile server cluster: a cluster of Seafile server instances. If one instance fails, the load balancer will stop handing traffic to it. So HA is achieved.
          • Backend storage: Distributed storage cluster, e.g. S3, Openstack Swift or Ceph.

          This architecture scales horizontally. That means, you can handle more traffic by adding more machines. The architecture is visualized in the following picture.

          There are two main components on the Seafile server node: web server (Nginx/Apache) and Seafile app server. The web server passes requests from the clients to Seafile app server. The Seafile app servers work independently. They don't know about each other's state. That means each app server can fail independently without affecting other app server instances. The load balancer is responsible for detecting failure and re-routing requests.

          Even though Seafile app servers work independently, they still have to share some session information. All shared session information is stored in memory cache. Thus, all Seafile app servers have to connect to the same memory cache server (cluster). Since Pro Edition 11.0, both memcached and Redis can be used as memory cache. Before 11.0, only memcached is supported. More details about memory cache configuration is available later.

          The background server is the workhorse for various background tasks, including full-text indexing, office file preview, virus scanning, LDAP syncing. It should usually be run on a dedicated server for better performance. Currently only one background task server can be running in the entire cluster. If more than one background servers are running, they may conflict with each others when doing some tasks. If you need HA for background task server, you can consider using Keepalived to build a hot backup for it. More details can be found in background server setup.

          All Seafile app servers access the same set of user data. The user data has two parts: One in the MySQL database and the other one in the backend storage cluster (S3, Ceph etc.). All app servers serve the data equally to the clients.

          All app servers have to connect to the same database or database cluster. We recommend to use MariaDB Galera Cluster if you need a database cluster.

          There are a few steps to deploy a Seafile cluster:

          1. Prepare hardware, operating systems, memory cache and database
          2. Setup a single Seafile server node
          3. Copy the deployment to other Seafile nodes
          4. Setup Nginx/Apache and firewall rules
          5. Setup load balancer
          6. Setup backgroup task node
          "},{"location":"setup_binary/deploy_in_a_cluster/#preparation","title":"Preparation","text":""},{"location":"setup_binary/deploy_in_a_cluster/#hardware-database-memory-cache","title":"Hardware, Database, Memory Cache","text":"

          At least 3 Linux server with at least 4 cores, 8GB RAM. Two servers work as frontend servers, while one server works as background task server. Virtual machines are sufficient for most cases.

          In small cluster, you can re-use the 3 Seafile servers to run memcached cluster and MariaDB cluster. For larger clusters, you can have 3 more dedicated server to run memcached cluster and MariaDB cluster. Because the load on these two clusters are not high, they can share the hardware to save cost. Documentation about how to setup memcached cluster and MariaDB cluster can be found here.

          Since version 11.0, Redis can also be used as memory cache server. But currently only single-node Redis is supported.

          "},{"location":"setup_binary/deploy_in_a_cluster/#install-python-libraries","title":"Install Python libraries","text":"

          On each mode, you need to install some python libraries.

          First make sure your have installed Python 2.7, then:

          sudo easy_install pip\nsudo pip install boto\n

          If you receive an error stating \"Wheel installs require setuptools >= ...\", run this between the pip and boto lines above

          sudo pip install setuptools --no-use-wheel --upgrade\n
          "},{"location":"setup_binary/deploy_in_a_cluster/#configure-a-single-node","title":"Configure a Single Node","text":"

          You should make sure the config files on every Seafile server are consistent.

          "},{"location":"setup_binary/deploy_in_a_cluster/#get-the-license","title":"Get the license","text":"

          Put the license you get under the top level diretory. In our wiki, we use the diretory /data/haiwen/ as the top level directory.

          "},{"location":"setup_binary/deploy_in_a_cluster/#downloaduncompress-seafile-professional-server","title":"Download/Uncompress Seafile Professional Server","text":"
          tar xf seafile-pro-server_8.0.0_x86-64.tar.gz\n

          Now you have:

          haiwen\n\u251c\u2500\u2500 seafile-license.txt\n\u2514\u2500\u2500 seafile-pro-server-8.0.0/\n
          "},{"location":"setup_binary/deploy_in_a_cluster/#setup-seafile","title":"Setup Seafile","text":"

          Please follow Download and Setup Seafile Professional Server With MySQL to setup a single Seafile server node.

          Use the load balancer's address or domain name for the server address. Don't use the local IP address of each Seafile server machine. This assures the user will always access your service via the load balancers

          After the setup process is done, you still have to do a few manual changes to the config files.

          "},{"location":"setup_binary/deploy_in_a_cluster/#seafileconf","title":"seafile.conf","text":"

          If you use a single memcached server, you have to add the following configuration to seafile.conf

          [cluster]\nenabled = true\n\n[memcached]\nmemcached_options = --SERVER=192.168.1.134 --POOL-MIN=10 --POOL-MAX=100\n

          If you use memcached cluster, the recommended way to setup memcached clusters can be found here.

          You'll setup two memcached server, in active/standby mode. A floating IP address will be assigned to the current active memcached node. So you have to configure the address in seafile.conf accordingly.

          [cluster]\nenabled = true\n\n[memcached]\nmemcached_options = --SERVER=<floating IP address> --POOL-MIN=10 --POOL-MAX=100\n

          If you are using Redis as cache, add following configurations:

          [cluster]\nenabled = true\n\n[redis]\n# your redis server address\nredis_server = 127.0.0.1\n# your redis server port\nredis_port = 6379\n# size of connection pool to redis, default is 100\nmax_connections = 100\n

          Currently only single-node Redis is supported. Redis Sentinel or Cluster is not supported yet.

          (Optional) The Seafile server also opens a port for the load balancers to run health checks. Seafile by default uses port 11001. You can change this by adding the following config option to seafile.conf

          [cluster]\nhealth_check_port = 12345\n
          "},{"location":"setup_binary/deploy_in_a_cluster/#seahub_settingspy","title":"seahub_settings.py","text":"

          You must setup and use memory cache when deploying Seafile cluster. Refer to \"memory cache\" to configure memory cache in Seahub.

          Also add following options to seahub_setting.py. These settings tell Seahub to store avatar in database and cache avatar in memcached, and store css CACHE to local memory.

          AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage'\n
          "},{"location":"setup_binary/deploy_in_a_cluster/#seafeventsconf","title":"seafevents.conf","text":"

          Here is an example [INDEX FILES] section:

          [INDEX FILES]\nenabled = true\ninterval = 10m\nhighlight = fvh     # This configuration is only available for Seafile 6.3.0 pro and above.\nindex_office_pdf = true\nes_host = background.seafile.com\nes_port = 9200\n

          Tip

          enable = true should be left unchanged. It means the file search feature is enabled.

          "},{"location":"setup_binary/deploy_in_a_cluster/#update-seahub-database","title":"Update Seahub Database","text":"

          In cluster environment, we have to store avatars in the database instead of in a local disk.

          CREATE TABLE `avatar_uploaded` (`filename` TEXT NOT NULL, `filename_md5` CHAR(32) NOT NULL PRIMARY KEY, `data` MEDIUMTEXT NOT NULL, `size` INTEGER NOT NULL, `mtime` datetime NOT NULL);\n
          "},{"location":"setup_binary/deploy_in_a_cluster/#backend-storage-settings","title":"Backend Storage Settings","text":"

          You also need to add the settings for backend cloud storage systems to the config files.

          • For NFS: Setup Seafile cluster with NFS
          • For S3: Setup With Amazon S3
          • For OpenStack Swift: Setup With OpenStackSwift
          "},{"location":"setup_binary/deploy_in_a_cluster/#setup-nginxapache-and-http","title":"Setup Nginx/Apache and HTTP","text":"

          Nginx/Apache with HTTP need to set it up on each machine running Seafile server. This is make sure only port 80 need to be exposed to load balancer. (HTTPS should be setup at the load balancer)

          Please check the following documents on how to setup HTTP with Nginx/Apache. (HTTPS is not needed)

          • Nginx
          • Apache
          "},{"location":"setup_binary/deploy_in_a_cluster/#run-and-test-the-single-node","title":"Run and Test the Single Node","text":"

          Once you have finished configuring this single node, start it to test if it runs properly:

          cd /data/haiwen/seafile-server-latest\n./seafile.sh start\n./seahub.sh start\n

          Success

          The first time you start seahub, the script would prompt you to create an admin account for your Seafile server.

          Open your browser, visit http://ip-address-of-this-node:80 and login with the admin account.

          "},{"location":"setup_binary/deploy_in_a_cluster/#configure-other-nodes","title":"Configure other nodes","text":"

          Now you have one node working fine, let's continue to configure more nodes.

          "},{"location":"setup_binary/deploy_in_a_cluster/#copy-the-config-to-all-seafile-servers","title":"Copy the config to all Seafile servers","text":"

          Supposed your Seafile installation directory is /data/haiwen, compress this whole directory into a tarball and copy the tarball to all other Seafile server machines. You can simply uncompress the tarball and use it.

          On each node, run ./seafile.sh and ./seahub.sh to start Seafile server.

          "},{"location":"setup_binary/deploy_in_a_cluster/#backend-node","title":"backend node","text":"

          In the backend node, you need to execute the following command to start Seafile server. CLUSTER_MODE=backend means this node is seafile backend server.

          export CLUSTER_MODE=backend\n./seafile.sh start\n./seafile-background-tasks.sh start\n
          "},{"location":"setup_binary/deploy_in_a_cluster/#start-seafile-service-on-boot","title":"Start Seafile Service on boot","text":"

          It would be convenient to setup Seafile service to start on system boot. Follow this documentation to set it up on all nodes.

          "},{"location":"setup_binary/deploy_in_a_cluster/#firewall-settings","title":"Firewall Settings","text":"

          There are 2 firewall rule changes for Seafile cluster:

          • On each Seafile server machine, you should open the health check port (default 11001);
          • On the memcached server, you should open the port 11211. For security resons only the Seafile servers should be allowed to access this port.
          "},{"location":"setup_binary/deploy_in_a_cluster/#load-balancer-setting","title":"Load Balancer Setting","text":"

          Now that your cluster is already running, fire up the load balancer and welcome your users. Since version 6.0.0, Seafile Pro requires \"sticky session\" settings in the load balancer. You should refer to the manual of your load balancer for how to set up sticky sessions.

          "},{"location":"setup_binary/deploy_in_a_cluster/#aws-elastic-load-balancer-elb","title":"AWS Elastic Load Balancer (ELB)","text":"

          In the AWS ELB management console, after you've added the Seafile server instances to the instance list, you should do two more configurations.

          First you should setup HTTP(S) listeners. Ports 443 and 80 of ELB should be forwarded to the ports 80 or 443 of the Seafile servers.

          Then you setup health check

          Refer to AWS documentation about how to setup sticky sessions.

          "},{"location":"setup_binary/deploy_in_a_cluster/#haproxy","title":"HAProxy","text":"

          This is a sample /etc/haproxy/haproxy.cfg:

          (Assume your health check port is 11001)

          global\n    log 127.0.0.1 local1 notice\n    maxconn 4096\n    user haproxy\n    group haproxy\n\ndefaults\n    log global\n    mode http\n    retries 3\n    maxconn 2000\n    timeout connect 10000\n    timeout client 300000\n    timeout server 300000\n\nlisten seafile 0.0.0.0:80\n    mode http\n    option httplog\n    option dontlognull\n    option forwardfor\n    cookie SERVERID insert indirect nocache\n    server seafileserver01 192.168.1.165:80 check port 11001 cookie seafileserver01\n    server seafileserver02 192.168.1.200:80 check port 11001 cookie seafileserver02\n
          "},{"location":"setup_binary/deploy_in_a_cluster/#see-how-it-runs","title":"See how it runs","text":"

          Now you should be able to test your cluster. Open https://seafile.example.com in your browser and enjoy. You can also synchronize files with Seafile clients.

          If the above works, the next step would be Enable search and background tasks in a cluster.

          "},{"location":"setup_binary/deploy_in_a_cluster/#the-final-configuration-of-the-front-end-nodes","title":"The final configuration of the front-end nodes","text":"

          Here is the summary of configurations at the front-end node that related to cluster setup. (for version 7.1+)

          For seafile.conf:

          [cluster]\nenabled = true\nmemcached_options = --SERVER=<IP of memcached node> --POOL-MIN=10 --POOL-MAX=100\n

          The enabled option will prevent the start of background tasks by ./seafile.sh start in the front-end node. The tasks should be explicitly started by ./seafile-background-tasks.sh start at the back-end node.

          For seahub_settings.py:

          AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage'\n

          For seafevents.conf:

          [INDEX FILES]\nenabled = true\ninterval = 10m\nhighlight = fvh     # This configuration is for improving searching speed\nes_host = <IP of background node>\nes_port = 9200\n

          The [INDEX FILES] section is needed to let the front-end node know the file search feature is enabled.

          "},{"location":"setup_binary/enable_search_and_background_tasks_in_a_cluster/","title":"Enable search and background tasks in a cluster","text":"

          In the seafile cluster, only one server should run the background tasks, including:

          • indexing files for search
          • email notification
          • office documents converts service (Start from 9.0 version, office converts service is moved to a separate docker component)
          • LDAP sync
          • virus scan

          Let's assume you have three nodes in your cluster: A, B, and C.

          • Node A is backend node that run background tasks.
          • Node B and C are frontend nodes that serving requests from clients.

          "},{"location":"setup_binary/enable_search_and_background_tasks_in_a_cluster/#configuring-node-a-the-backend-node","title":"Configuring Node A (the backend node)","text":"

          If you following the steps on settings up a cluster, node B and node C should have already be configed as frontend node. You can copy the configuration of node B as a base for node A. Then do the following steps:

          Since 9.0, ElasticSearch program is not part of Seafile package. You should deploy ElasticSearch service seperately. Then edit seafevents.conf, add the following lines:

          [INDEX FILES]\nenabled = true\nes_host = <ip of elastic search service>\nes_port = 9200\ninterval = 10m\nhighlight = fvh  # this is for improving the search speed\n

          Edit seafile.conf to enable virus scan according to virus scan document

          "},{"location":"setup_binary/enable_search_and_background_tasks_in_a_cluster/#configure-other-nodes","title":"Configure Other Nodes","text":"

          On nodes B and C, you need to:

          Edit seafevents.conf, add the following lines:

          [INDEX FILES]\nenabled = true\nes_host = <ip of elastic search service>\nes_port = 9200\n
          "},{"location":"setup_binary/enable_search_and_background_tasks_in_a_cluster/#start-the-background-node","title":"Start the background node","text":"

          Type the following commands to start the background node (Note, one additional command seafile-background-tasks.sh is needed)

          export CLUSTER_MODE=backend\n./seafile.sh start\n./seafile-background-tasks.sh start\n

          To stop the background node, type:

          ./seafile-background-tasks.sh stop\n./seafile.sh stop\n

          You should also configure Seafile background tasks to start on system bootup. For systemd based OS, you can add /etc/systemd/system/seafile-background-tasks.service:

          [Unit]\nDescription=Seafile Background Tasks Server\nAfter=network.target seafile.service\n\n[Service]\nType=forking\nExecStart=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh start\nExecStop=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh stop\nUser=root\nGroup=root\n\n[Install]\nWantedBy=multi-user.target\n

          Then enable this task in systemd:

          systemctl enable seafile-background-tasks.service\n
          "},{"location":"setup_binary/enable_search_and_background_tasks_in_a_cluster/#the-final-configuration-of-the-background-node","title":"The final configuration of the background node","text":"

          Here is the summary of configurations at the background node that related to clustering setup.

          For seafile.conf:

          [cluster]\nenabled = true\n\n[memcached]\nmemcached_options = --SERVER=<you memcached server host> --POOL-MIN=10 --POOL-MAX=100\n

          For seafevents.conf:

          [INDEX FILES]\nenabled = true\nes_host = <ip of elastic search service>\nes_port = 9200\ninterval = 10m\nhighlight = fvh  # this is for improving the search speed\n
          "},{"location":"setup_binary/fail2ban/","title":"seafile-authentication-fail2ban","text":""},{"location":"setup_binary/fail2ban/#what-is-fail2ban","title":"What is fail2ban ?","text":"

          Fail2ban is an intrusion prevention software framework which protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

          (Definition from wikipedia - https://en.wikipedia.org/wiki/Fail2ban)

          "},{"location":"setup_binary/fail2ban/#why-do-i-need-to-install-this-fail2bans-filter","title":"Why do I need to install this fail2ban's filter ?","text":"

          To protect your seafile website against brute force attemps. Each time a user/computer tries to connect and fails 3 times, a new line will be write in your seafile logs (seahub.log).

          Fail2ban will check this log file and will ban all failed authentications with a new rule in your firewall.

          "},{"location":"setup_binary/fail2ban/#installation","title":"Installation","text":""},{"location":"setup_binary/fail2ban/#change-to-right-time-zone-in-seahub_settingspy","title":"Change to right Time Zone in seahub_settings.py","text":"

          Without this your Fail2Ban filter will not work

          You need to add the following settings to seahub_settings.py but change it to your own time zone. 

           # TimeZone\n TIME_ZONE = 'Europe/Stockholm'\n

          "},{"location":"setup_binary/fail2ban/#copy-and-edit-jaillocal-file","title":"Copy and edit jail.local file","text":"

          this file may override some parameters from your jail.conf file

          Edit jail.local with : * ports used by your seafile website (e.g. http,https) ; * logpath (e.g. /home/yourusername/logs/seahub.log) ; * maxretry (default to 3 is equivalent to 9 real attemps in seafile, because one line is written every 3 failed authentications into seafile logs).

          "},{"location":"setup_binary/fail2ban/#create-the-file-jaillocal-in-etcfail2ban-with-the-following-content","title":"Create the file jail.local in /etc/fail2ban with the following content:","text":"
          # All standard jails are in the file configuration located\n# /etc/fail2ban/jail.conf\n\n# Warning you may override any other parameter (e.g. banaction,\n# action, port, logpath, etc) in that section within jail.local\n\n# Change logpath with your file log used by seafile (e.g. seahub.log)\n# Also you can change the max retry var (3 attemps = 1 line written in the\n# seafile log)\n# So with this maxrety to 1, the user can try 3 times before his IP is banned\n\n[seafile]\n\nenabled  = true\nport     = http,https\nfilter   = seafile-auth\nlogpath  = /home/yourusername/logs/seahub.log\nmaxretry = 3\n
          "},{"location":"setup_binary/fail2ban/#create-the-fail2ban-filter-file-seafile-authconf-in-etcfail2banfilterd-with-the-following-content","title":"Create the fail2ban filter file seafile-auth.conf in /etc/fail2ban/filter.d with the following content:","text":"
          # Fail2Ban filter for seafile\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any customizations available -- read them from\n# common.local\nbefore = common.conf\n\n[Definition]\n\n_daemon = seaf-server\n\nfailregex = Login attempt limit reached.*, ip: <HOST>\n\nignoreregex = \n\n# DEV Notes:\n#\n# pattern :     2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: <user>, ip: 1.2.3.4, attemps: 3\n#       2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip: 1.2.3.4, attempts: 3\n
          "},{"location":"setup_binary/fail2ban/#restart-fail2ban","title":"Restart fail2ban","text":"

          Finally, just restart fail2ban and check your firewall (iptables for me) :

          sudo fail2ban-client reload\nsudo iptables -S\n

          Fail2ban will create a new chain for this jail. So you should see these new lines :

          ...\n-N fail2ban-seafile\n...\n-A fail2ban-seafile -j RETURN\n
          "},{"location":"setup_binary/fail2ban/#tests","title":"Tests","text":"

          To do a simple test (but you have to be an administrator on your seafile server) go to your seafile webserver URL and try 3 authentications with a wrong password.

          Actually, when you have done that, you are banned from http and https ports in iptables, thanks to fail2ban.

          To check that :

          on fail2ban

          denis@myserver:~$ sudo fail2ban-client status seafile\nStatus for the jail: seafile\n|- filter\n|  |- File list:    /home/<youruser>/logs/seahub.log\n|  |- Currently failed: 0\n|  `- Total failed: 1\n`- action\n   |- Currently banned: 1\n   |  `- IP list:   1.2.3.4\n   `- Total banned: 1\n

          on iptables :

          sudo iptables -S\n\n...\n-A fail2ban-seafile -s 1.2.3.4/32 -j REJECT --reject-with icmp-port-unreachable\n...\n

          To unban your IP address, just execute this command :

          sudo fail2ban-client set seafile unbanip 1.2.3.4\n

          Tip

          As three (3) failed attempts to login will result in one line added in seahub.log a Fail2Ban jail with the settings maxretry = 3 is the same as nine (9) failed attempts to login.

          "},{"location":"setup_binary/https_with_apache/","title":"Enabling HTTPS with Apache","text":"

          After completing the installation of Seafile Server Community Edition and Seafile Server Professional Edition, communication between the Seafile server and clients runs over (unencrypted) HTTP. While HTTP is ok for testing purposes, switching to HTTPS is imperative for production use.

          HTTPS requires a SSL certificate from a Certificate Authority (CA). Unless you already have a SSL certificate, we recommend that you get your SSL certificate from Let\u2019s Encrypt using Certbot. If you have a SSL certificate from another CA, skip the section \"Getting a Let's Encrypt certificate\".

          A second requirement is a reverse proxy supporting SSL. Apache, a popular web server and reverse proxy, is a good option. The full documentation of Apache is available at https://httpd.apache.org/docs/.

          The recommended reverse proxy is Nginx. You find instructions for enabling HTTPS with Nginx here.

          "},{"location":"setup_binary/https_with_apache/#setup","title":"Setup","text":"

          The setup of Seafile using Apache as a reverse proxy with HTTPS is demonstrated using the sample host name seafile.example.com.

          This manual assumes the following requirements:

          • Seafile Server Community Edition/Professional Edition was set up according to the instructions in this manual
          • A host name points at the IP address of the server and the server is available on port 80 and 443

          If your setup differs from thes requirements, adjust the following instructions accordingly.

          The setup proceeds in two steps: First, Apache is installed. Second, a SSL certificate is integrated in the Apache configuration.

          "},{"location":"setup_binary/https_with_apache/#installing-apache","title":"Installing Apache","text":"

          Install and enable apache modules:

          # Ubuntu\n$ sudo a2enmod rewrite\n$ sudo a2enmod proxy_http\n

          Important: Due to the security advisory published by Django team, we recommend to disable GZip compression to mitigate BREACH attack. No version earlier than Apache 2.4 should be used.

          "},{"location":"setup_binary/https_with_apache/#configuring-apache","title":"Configuring Apache","text":"

          Modify Apache config file. For CentOS, this is vhost.conf. For Debian/Ubuntu, this is sites-enabled/000-default. 

          <VirtualHost *:80>\n    ServerName seafile.example.com\n    # Use \"DocumentRoot /var/www/html\" for CentOS\n    # Use \"DocumentRoot /var/www\" for Debian/Ubuntu\n    DocumentRoot /var/www\n    Alias /media  /opt/seafile/seafile-server-latest/seahub/media\n\n    AllowEncodedSlashes On\n\n    RewriteEngine On\n\n    <Location /media>\n        Require all granted\n    </Location>\n\n    #\n    # seafile fileserver\n    #\n    ProxyPass /seafhttp http://127.0.0.1:8082\n    ProxyPassReverse /seafhttp http://127.0.0.1:8082\n    RewriteRule ^/seafhttp - [QSA,L]\n\n    #\n    # seahub\n    #\n    SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n    ProxyPreserveHost On\n    ProxyPass / http://127.0.0.1:8000/\n    ProxyPassReverse / http://127.0.0.1:8000/\n</VirtualHost>\n
          "},{"location":"setup_binary/https_with_apache/#getting-a-lets-encrypt-certificate","title":"Getting a Let's Encrypt certificate","text":"

          Getting a Let's Encrypt certificate is straightforward thanks to Certbot. Certbot is a free, open source software tool for requesting, receiving, and renewing Let's Encrypt certificates.

          First, go to the Certbot website and choose your web server and OS.

          Second, follow the detailed instructions then shown.

          We recommend that you get just a certificate and that you modify the Apache configuration yourself:

          sudo certbot --apache certonly\n

          Follow the instructions on the screen.

          Upon successful verification, Certbot saves the certificate files in a directory named after the host name in /etc/letsencrypt/live. For the host name seafile.example.com, the files are stored in /etc/letsencrypt/live/seafile.example.com.

          "},{"location":"setup_binary/https_with_apache/#adjusting-apache-configuration","title":"Adjusting Apache configuration","text":"

          To use HTTPS, you need to enable mod_ssl:

          $ sudo a2enmod ssl\n

          Then modify your Apache configuration file. Here is a sample:

          <VirtualHost *:443>\n  ServerName seafile.example.com\n  DocumentRoot /var/www\n\n  SSLEngine On\n  SSLCertificateFile /etc/letsencrypt/live/seafile.example.com/fullchain.pem;    # Path to your fullchain.pem\n  SSLCertificateKeyFile /etc/letsencrypt/live/seafile.example.com/privkey.pem;  # Path to your privkey.pem\n\n  Alias /media  /opt/seafile/seafile-server-latest/seahub/media\n\n  <Location /media>\n    Require all granted\n  </Location>\n\n  RewriteEngine On\n\n  #\n  # seafile fileserver\n  #\n  ProxyPass /seafhttp http://127.0.0.1:8082\n  ProxyPassReverse /seafhttp http://127.0.0.1:8082\n  RewriteRule ^/seafhttp - [QSA,L]\n\n  #\n  # seahub\n  #\n  SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n  ProxyPreserveHost On\n  ProxyPass / http://127.0.0.1:8000/\n  ProxyPassReverse / http://127.0.0.1:8000/\n</VirtualHost>\n

          Finally, make sure the virtual host file does not contain syntax errors and restart Apache for the configuration changes to take effect:

          sudo service apache2 restart\n
          "},{"location":"setup_binary/https_with_apache/#modifying-seahub_settingspy","title":"Modifying seahub_settings.py","text":"

          The SERVICE_URL in seahub_settings.py informs Seafile about the chosen domain, protocol and port. Change the SERVICE_URLso as to account for the switch from HTTP to HTTPS and to correspond to your host name (the http://must not be removed):

          SERVICE_URL = 'https://seafile.example.com'\n

          The FILE_SERVER_ROOT in seahub_settings.py informs Seafile about the location of and the protocol used by the file server. Change the FILE_SERVER_ROOTso as to account for the switch from HTTP to HTTPS and to correspond to your host name (the trailing /seafhttp must not be removed):

          FILE_SERVER_ROOT = 'https://seafile.example.com/seafhttp'\n

          Note: The SERVICE_URL and FILE_SERVER_ROOT can also be modified in Seahub via System Admininstration > Settings. If they are configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence.

          "},{"location":"setup_binary/https_with_apache/#modifying-seafileconf-optional","title":"Modifying seafile.conf (optional)","text":"

          To improve security, the file server should only be accessible via Apache.

          Add the following line in the [fileserver] block on seafile.conf in /opt/seafile/conf:

          host = 127.0.0.1  ## default port 0.0.0.0\n

          After his change, the file server only accepts requests from Apache.

          "},{"location":"setup_binary/https_with_apache/#starting-seafile-and-seahub","title":"Starting Seafile and Seahub","text":"

          Restart the seaf-server and Seahub for the config changes to take effect:

          $ su seafile\n$ cd /opt/seafile/seafile-server-latest\n$ ./seafile.sh restart\n$ ./seahub.sh restart\n
          "},{"location":"setup_binary/https_with_apache/#troubleshooting","title":"Troubleshooting","text":"

          If there are problems with paths or files containing spaces, make sure to have at least Apache 2.4.12.

          References

          • https://github.com/haiwen/seafile/issues/1258#issuecomment-188866740
          • https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1284641
          • https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1284641/comments/5
          • https://svn.apache.org/viewvc/httpd/httpd/tags/2.4.12/CHANGES?view=markup#l45
          "},{"location":"setup_binary/https_with_nginx/","title":"Enabling HTTPS with Nginx","text":"

          After completing the installation of Seafile Server Community Edition and Seafile Server Professional Edition, communication between the Seafile server and clients runs over (unencrypted) HTTP. While HTTP is ok for testing purposes, switching to HTTPS is imperative for production use.

          HTTPS requires a SSL certificate from a Certificate Authority (CA). Unless you already have a SSL certificate, we recommend that you get your SSL certificate from Let\u2019s Encrypt using Certbot. If you have a SSL certificate from another CA, skip the section \"Getting a Let's Encrypt certificate\".

          A second requirement is a reverse proxy supporting SSL. Nginx, a popular and resource-friendly web server and reverse proxy, is a good option. Nginx's documentation is available at http://nginx.org/en/docs/.

          If you prefer Apache, you find instructions for enabling HTTPS with Apache here.

          "},{"location":"setup_binary/https_with_nginx/#setup","title":"Setup","text":"

          The setup of Seafile using Nginx as a reverse proxy with HTTPS is demonstrated using the sample host name seafile.example.com.

          This manual assumes the following requirements:

          • Seafile Server Community Edition/Professional Edition was set up according to the instructions in this manual
          • A host name points at the IP address of the server and the server is available on port 80 and 443

          If your setup differs from thes requirements, adjust the following instructions accordingly.

          The setup proceeds in two steps: First, Nginx is installed. Second, a SSL certificate is integrated in the Nginx configuration.

          "},{"location":"setup_binary/https_with_nginx/#installing-nginx","title":"Installing Nginx","text":"

          Install Nginx using the package repositories:

          CentOSDebian 
          $ sudo yum install nginx -y\n
          $ sudo apt install nginx -y\n

          After the installation, start the server and enable it so that Nginx starts at system boot:

          $ sudo systemctl start nginx\n$ sudo systemctl enable nginx\n
          "},{"location":"setup_binary/https_with_nginx/#preparing-nginx","title":"Preparing Nginx","text":"

          The configuration of a proxy server in Nginx differs slightly between CentOS and Debian/Ubuntu. Additionally, the restrictive default settings of SELinux's configuration on CentOS require a modification.

          "},{"location":"setup_binary/https_with_nginx/#preparing-nginx-on-centos","title":"Preparing Nginx on CentOS","text":"

          Switch SELinux into permissive mode and perpetuate the setting:

          $ sudo setenforce permissive\n$ sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config\n

          Create a configuration file for seafile in /etc/nginx/conf.d:

          $ touch /etc/nginx/conf.d/seafile.conf\n
          "},{"location":"setup_binary/https_with_nginx/#preparing-nginx-on-debianubuntu","title":"Preparing Nginx on Debian/Ubuntu","text":"

          Create a configuration file for seafile in /etc/nginx/sites-available/:

          $ touch /etc/nginx/sites-available/seafile.conf\n

          Delete the default files in /etc/nginx/sites-enabled/ and /etc/nginx/sites-available: 

          $ rm /etc/nginx/sites-enabled/default\n$ rm /etc/nginx/sites-available/default\n

          Create a symbolic link: 

          $ ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf\n
          "},{"location":"setup_binary/https_with_nginx/#configuring-nginx","title":"Configuring Nginx","text":"

          Copy the following sample Nginx config file into the just created seafile.conf and modify the content to fit your needs:

          log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" $upstream_response_time';\n\nserver {\n    listen 80;\n    server_name seafile.example.com;\n\n    proxy_set_header X-Forwarded-For $remote_addr;\n\n    location / {\n         proxy_pass         http://127.0.0.1:8000;\n         proxy_set_header   Host $http_host;\n         proxy_set_header   X-Real-IP $remote_addr;\n         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n         proxy_set_header   X-Forwarded-Host $server_name;\n         proxy_read_timeout  1200s;\n\n         # used for view/edit office file via Office Online Server\n         client_max_body_size 0;\n\n         access_log      /var/log/nginx/seahub.access.log seafileformat;\n         error_log       /var/log/nginx/seahub.error.log;\n    }\n\n    location /seafhttp {\n        rewrite ^/seafhttp(.*)$ $1 break;\n        proxy_pass http://127.0.0.1:8082;\n        client_max_body_size 0;\n        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n\n        proxy_connect_timeout  36000s;\n        proxy_read_timeout  36000s;\n        proxy_send_timeout  36000s;\n\n        send_timeout  36000s;\n\n        access_log      /var/log/nginx/seafhttp.access.log seafileformat;\n        error_log       /var/log/nginx/seafhttp.error.log;\n    }\n    location /media {\n        root /opt/seafile/seafile-server-latest/seahub;\n    }\n}\n

          The following options must be modified in the CONF file:

          • Server name (server_name)

          Optional customizable options in the seafile.conf are:

          • Server listening port (listen) - if Seafile server should be available on a non-standard port
          • Proxy pass for location / - if Seahub is configured to start on a different port than 8000
          • Proxy pass for location /seafhttp - if seaf-server is configured to start on a different port than 8082
          • Maximum allowed size of the client request body (client_max_body_size)

          The default value for client_max_body_size is 1M. Uploading larger files will result in an error message HTTP error code 413 (\"Request Entity Too Large\"). It is recommended to syncronize the value of client_max_body_size with the parameter max_upload_size in section [fileserver] of seafile.conf. Optionally, the value can also be set to 0 to disable this feature. Client uploads are only partly effected by this limit. With a limit of 100 MiB they can safely upload files of any size.

          Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect:

          $ nginx -t\n$ nginx -s reload\n
          "},{"location":"setup_binary/https_with_nginx/#getting-a-lets-encrypt-certificate","title":"Getting a Let's Encrypt certificate","text":"

          Getting a Let's Encrypt certificate is straightforward thanks to Certbot. Certbot is a free, open source software tool for requesting, receiving, and renewing Let's Encrypt certificates.

          First, go to the Certbot website and choose your webserver and OS.

          Second, follow the detailed instructions then shown.

          We recommend that you get just a certificate and that you modify the Nginx configuration yourself:

          $ sudo certbot certonly --nginx\n

          Follow the instructions on the screen.

          Upon successful verification, Certbot saves the certificate files in a directory named after the host name in /etc/letsencrypt/live. For the host name seafile.example.com, the files are stored in /etc/letsencrypt/live/seafile.example.com.

          "},{"location":"setup_binary/https_with_nginx/#modifying-nginx-configuration-file","title":"Modifying Nginx configuration file","text":"

          Add an server block for port 443 and a http-to-https redirect to the seafile.conf configuration file in /etc/nginx.

          This is a (shortened) sample configuration for the host name seafile.example.com:

          log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" $upstream_response_time';\n\nserver {\n    listen       80;\n    server_name  seafile.example.com;\n    rewrite ^ https://$http_host$request_uri? permanent;    # Forced redirect from HTTP to HTTPS\n\n    server_tokens off;      # Prevents the Nginx version from being displayed in the HTTP response header\n}\n\nserver {\n    listen 443 ssl;\n    ssl_certificate /etc/letsencrypt/live/seafile.example.com/fullchain.pem;    # Path to your fullchain.pem\n    ssl_certificate_key /etc/letsencrypt/live/seafile.example.com/privkey.pem;  # Path to your privkey.pem\n    server_name seafile.example.com;\n    server_tokens off;\n\n    location / {\n        proxy_pass         http://127.0.0.1:8000;\n        proxy_set_header   Host $http_host;\n        proxy_set_header   X-Real-IP $remote_addr;\n        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header   X-Forwarded-Host $server_name;\n        proxy_read_timeout 1200s;\n\n        proxy_set_header   X-Forwarded-Proto https;\n\n... # No changes beyond this point compared to the Nginx configuration without HTTPS\n

          Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect:

          nginx -t\nnginx -s reload\n
          "},{"location":"setup_binary/https_with_nginx/#large-file-uploads","title":"Large file uploads","text":"

          Tip for uploading very large files (> 4GB): By default Nginx will buffer large request body in temp file. After the body is completely received, Nginx will send the body to the upstream server (seaf-server in our case). But it seems when file size is very large, the buffering mechanism dosen't work well. It may stop proxying the body in the middle. So if you want to support file upload larger for 4GB, we suggest you install Nginx version >= 1.8.0 and add the following options to Nginx config file:

              location /seafhttp {\n        ... ...\n        proxy_request_buffering off;\n    }\n

          If you have WebDAV enabled it is recommended to add the same:

              location /seafdav {\n        ... ...\n        proxy_request_buffering off;\n    }\n
          "},{"location":"setup_binary/https_with_nginx/#modifying-seahub_settingspy","title":"Modifying seahub_settings.py","text":"

          The SERVICE_URL in seahub_settings.py informs Seafile about the chosen domain, protocol and port. Change the SERVICE_URLso as to account for the switch from HTTP to HTTPS and to correspond to your host name (the http:// must not be removed):

          SERVICE_URL = 'https://seafile.example.com'\n

          The FILE_SERVER_ROOT in seahub_settings.py informs Seafile about the location of and the protocol used by the file server. Change the FILE_SERVER_ROOT so as to account for the switch from HTTP to HTTPS and to correspond to your host name (the trailing /seafhttp must not be removed):

          FILE_SERVER_ROOT = 'https://seafile.example.com/seafhttp'\n

          Note: The SERVICE_URL and FILE_SERVER_ROOT can also be modified in Seahub via System Admininstration > Settings. If they are configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence.

          "},{"location":"setup_binary/https_with_nginx/#modifying-seafileconf-optional","title":"Modifying seafile.conf (optional)","text":"

          To improve security, the file server should only be accessible via Nginx.

          Add the following line in the [fileserver] block on seafile.conf in /opt/seafile/conf:

          host = 127.0.0.1  ## default port 0.0.0.0\n

          After his change, the file server only accepts requests from Nginx.

          "},{"location":"setup_binary/https_with_nginx/#starting-seafile-and-seahub","title":"Starting Seafile and Seahub","text":"

          Restart the seaf-server and Seahub for the config changes to take effect:

          $ su seafile\n$ cd /opt/seafile/seafile-server-latest\n$ ./seafile.sh restart\n$ ./seahub.sh restart # or \"./seahub.sh start-fastcgi\" if you're using fastcgi\n
          "},{"location":"setup_binary/https_with_nginx/#additional-modern-settings-for-nginx-optional","title":"Additional modern settings for Nginx (optional)","text":""},{"location":"setup_binary/https_with_nginx/#activating-ipv6","title":"Activating IPv6","text":"

          Require IPv6 on server otherwise the server will not start! Also the AAAA dns record is required for IPv6 usage.

          listen 443;\nlisten [::]:443;\n
          "},{"location":"setup_binary/https_with_nginx/#activating-http2","title":"Activating HTTP2","text":"

          Activate HTTP2 for more performance. Only available for SSL and nginx version>=1.9.5. Simply add http2. 

          listen 443 http2;\nlisten [::]:443 http2;\n

          "},{"location":"setup_binary/https_with_nginx/#advanced-tls-configuration-for-nginx-optional","title":"Advanced TLS configuration for Nginx (optional)","text":"

          The TLS configuration in the sample Nginx configuration file above receives a B overall rating on SSL Labs. By modifying the TLS configuration in seafile.conf, this rating can be significantly improved.

          The following sample Nginx configuration file for the host name seafile.example.com contains additional security-related directives. (Note that this sample file uses a generic path for the SSL certificate files.) Some of the directives require further steps as explained below.

              server {\n        listen       80;\n        server_name  seafile.example.com;\n        rewrite ^ https://$http_host$request_uri? permanent;    # Forced redirect from HTTP to HTTPS\n        server_tokens off;\n    }\n    server {\n        listen 443 ssl;\n        ssl_certificate /etc/ssl/cacert.pem;        # Path to your cacert.pem\n        ssl_certificate_key /etc/ssl/privkey.pem;   # Path to your privkey.pem\n        server_name seafile.example.com;\n        server_tokens off;\n\n        # HSTS for protection against man-in-the-middle-attacks\n        add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\";\n\n        # DH parameters for Diffie-Hellman key exchange\n        ssl_dhparam /etc/nginx/dhparam.pem;\n\n        # Supported protocols and ciphers for general purpose server with good security and compatability with most clients\n        ssl_protocols TLSv1.2 TLSv1.3;\n        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;\n        ssl_prefer_server_ciphers off;\n\n        # Supported protocols and ciphers for server when clients > 5years (i.e., Windows Explorer) must be supported\n        #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n        #ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;\n        #ssl_prefer_server_ciphers on;\n\n        ssl_session_timeout 5m;\n        ssl_session_cache shared:SSL:5m;\n\n        location / {\n            proxy_pass         http://127.0.0.1:8000;\n            proxy_set_header   Host $http_host;\n            proxy_set_header   X-Real-IP $remote_addr;\n            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n            proxy_set_header   X-Forwarded-Host $server_name;\n            proxy_set_header   X-Forwarded-Proto https;\n\n            access_log      /var/log/nginx/seahub.access.log;\n            error_log       /var/log/nginx/seahub.error.log;\n\n            proxy_read_timeout  1200s;\n\n            client_max_body_size 0;\n        }\n\n        location /seafhttp {\n            rewrite ^/seafhttp(.*)$ $1 break;\n            proxy_pass http://127.0.0.1:8082;\n            client_max_body_size 0;\n            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n            proxy_connect_timeout  36000s;\n            proxy_read_timeout  36000s;\n            proxy_send_timeout  36000s;\n            send_timeout  36000s;\n        }\n\n        location /media {\n            root /home/user/haiwen/seafile-server-latest/seahub;\n        }\n    }\n
          "},{"location":"setup_binary/https_with_nginx/#enabling-http-strict-transport-security","title":"Enabling HTTP Strict Transport Security","text":"

          Enable HTTP Strict Transport Security (HSTS) to prevent man-in-the-middle-attacks by adding this directive:

          add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\" always;\n

          HSTS instructs web browsers to automatically use HTTPS. That means, after the first visit of the HTTPS version of Seahub, the browser will only use https to access the site.

          "},{"location":"setup_binary/https_with_nginx/#using-perfect-forward-secrecy","title":"Using Perfect Forward Secrecy","text":"

          Enable Diffie-Hellman (DH) key-exchange. Generate DH parameters and write them in a .pem file using the following command:

          $ openssl dhparam 2048 > /etc/nginx/dhparam.pem  # Generates DH parameter of length 2048 bits\n

          The generation of the the DH parameters may take some time depending on the server's processing power.

          Add the following directive in the HTTPS server block:

          ssl_dhparam /etc/nginx/dhparam.pem;\n
          "},{"location":"setup_binary/https_with_nginx/#restricting-tls-protocols-and-ciphers","title":"Restricting TLS protocols and ciphers","text":"

          Disallow the use of old TLS protocols and cipher. Mozilla provides a configuration generator for optimizing the conflicting objectives of security and compabitility. Visit https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx for more Information.

          "},{"location":"setup_binary/installation_ce/","title":"Installation of Seafile Server Community Edition with MySQL/MariaDB","text":"

          This manual explains how to deploy and run Seafile Server Community Edition (Seafile CE) on a Linux server from a pre-built package using MySQL/MariaDB as database. The deployment has been tested for Debian/Ubuntu.

          "},{"location":"setup_binary/installation_ce/#requirements","title":"Requirements","text":"

          Seafile CE for x86 architecture requires a minimum of 2 cores and 2GB RAM.

          "},{"location":"setup_binary/installation_ce/#setup","title":"Setup","text":""},{"location":"setup_binary/installation_ce/#installing-and-preparing-the-sql-database","title":"Installing and preparing the SQL database","text":"

          Seafile supports MySQL and MariaDB. We recommend that you use the preferred SQL database management engine included in the package repositories of your distribution.

          You can find step-by-step how-tos for installing MySQL and MariaDB in the tutorials on the Digital Ocean website.

          Seafile uses the mysql_native_password plugin for authentication. The versions of MySQL and MariaDB installed on CentOS 8, Debian 10, and Ubuntu 20.04 use a different authentication plugin by default. It is therefore required to change to authentication plugin to mysql_native_password for the root user prior to the installation of Seafile. The above mentioned tutorials explain how to do it.

          "},{"location":"setup_binary/installation_ce/#installing-prerequisites","title":"Installing prerequisites","text":"Seafile 10.0.xSeafile 11.0.x Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10 
          sudo apt-get update\nsudo apt-get install -y python3 python3-setuptools python3-pip libmysqlclient-dev\nsudo apt-get install -y memcached libmemcached-dev\n\nsudo pip3 install --timeout=3600 django==3.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==1.4.44 \\\n    psd-tools django-pylibmc django_simple_captcha==0.5.20 djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml\n
          Debian 11/Ubuntu 22.04Debian 12Ubuntu 24.04 with virtual env 
          # Ubuntu 22.04 (almost the same for Ubuntu 20.04 and Debian 11, Debian 10)\nsudo apt-get update\nsudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev\nsudo apt-get install -y memcached libmemcached-dev\n\nsudo pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \\\n    psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3\n

          Note

          Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with source python-venv/bin/activate.

          # Debian 12\nsudo apt-get update\nsudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv\nsudo apt-get install -y memcached libmemcached-dev\n\nmkdir /opt/seafile\ncd /opt/seafile\n\n# create the vitual environment in the python-venv directory\npython3 -m venv python-venv\n\n# activate the venv\nsource python-venv/bin/activate\n# Notice that this will usually change your prompt so you know the venv is active\n\n# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).\npip3 install --timeout=3600  django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3\n

          Note

          Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with source python-venv/bin/activate.

          # Ubuntu 24.04\nsudo apt-get update\nsudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev python3.12-venv\nsudo apt-get install -y memcached libmemcached-dev\n\nmkdir /opt/seafile\ncd /opt/seafile\n\n# create the vitual environment in the python-venv directory\npython3 -m venv python-venv\n\n# activate the venv\nsource python-venv/bin/activate\n# Notice that this will usually change your prompt so you know the venv is active\n\n# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).\npip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \\\n    psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.16.0 lxml python-ldap==3.4.3\n
          "},{"location":"setup_binary/installation_ce/#creating-the-program-directory","title":"Creating the program directory","text":"

          The standard directory for Seafile's program files is /opt/seafile. Create this directory and change into it:

          sudo mkdir /opt/seafile\ncd /opt/seafile\n

          Tip

          The program directory can be changed. The standard directory /opt/seafile is assumed for the rest of this manual. If you decide to put Seafile in another directory, modify the commands accordingly.

          "},{"location":"setup_binary/installation_ce/#creating-user-seafile","title":"Creating user seafile","text":"

          It is good practice not to run applications as root.

          Create a new user and follow the instructions on the screen:

          sudo adduser seafile\n

          Change ownership of the created directory to the new user:

          sudo chown -R seafile: /opt/seafile\n

          All the following steps are done as user seafile.

          Change to user seafile:

          su seafile\n
          "},{"location":"setup_binary/installation_ce/#downloading-the-install-package","title":"Downloading the install package","text":"

          Download the install package from the download page on Seafile's website using wget.

          We use Seafile CE version 8.0.4 as an example in the rest of this manual.

          "},{"location":"setup_binary/installation_ce/#uncompressing-the-package","title":"Uncompressing the package","text":"

          The install package is downloaded as a compressed tarball which needs to be uncompressed.

          Uncompress the package using tar:

          tar xf seafile-server_8.0.4_x86-64.tar.gz\n

          Now you have:

          $ tree -L 2\n.\n\u251c\u2500\u2500 seafile-server-8.0.4\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 check_init_admin.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 reset-admin.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 runtime\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fsck.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fuse.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-gc.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 upgrade\n\u2514\u2500\u2500 seafile-server_8.0.4_x86-64.tar.gz\n
          "},{"location":"setup_binary/installation_ce/#setting-up-seafile-ce","title":"Setting up Seafile CE","text":"

          The install package comes with a script that sets Seafile up for you. Specifically, the script creates the required directories and extracts all files in the right place. It can also create a MySQL user and the three databases that Seafile's components require:

          • ccnet server
          • seafile server
          • seahub

          While ccnet server was merged into the seafile-server in Seafile 8.0, the corresponding database is still required for the time being

          Run the script as user seafile:

          # For installations using python virtual environment, activate it if it isn't already active\nsource python-venv/bin/activate\n\ncd seafile-server-8.0.4\n./setup-seafile-mysql.sh\n

          Configure your Seafile Server by specifying the following three parameters:

          Option Description Note server name Name of the Seafile Server 3-15 characters, only English letters, digits and underscore ('_') are allowed server's ip or domain IP address or domain name used by the Seafile Server Seafile client program will access the server using this address fileserver port TCP port used by the Seafile fileserver Default port is 8082, it is recommended to use this port and to only change it if is used by other service

          In the next step, choose whether to create new databases for Seafile or to use existing databases. The creation of new databases requires the root password for the SQL server.

          When choosing \"[1] Create new ccnet/seafile/seahub databases\", the script creates these databases and a MySQL user that Seafile Server will use to access them. To this effect, you need to answer these questions:

          Question Description Note mysql server host Host address of the MySQL server Default is localhost mysql server port TCP port used by the MySQL server Default port is 3306; almost every MySQL server uses this port mysql root password Password of the MySQL root account The root password is required to create new databases and a MySQL user mysql user for Seafile MySQL user created by the script, used by Seafile's components to access the databases Default is seafile; the user is created unless it exists mysql password for Seafile user Password for the user above, written in Seafile's config files Percent sign ('%') is not allowed database name Name of the database used by ccnet Default is \"ccnet_db\", the database is created if it does not exist seafile database name Name of the database used by Seafile Default is \"seafile_db\", the database is created if it does not exist seahub database name Name of the database used by seahub Default is \"seahub_db\", the database is created if it does not exist

          When choosing \"[2] Use existing ccnet/seafile/seahub databases\", this are the prompts you need to answer:

          Question Description Note mysql server host Host address of the MySQL server Default is localhost mysql server port TCP port used by MySQL server Default port is 3306; almost every MySQL server uses this port mysql user for Seafile User used by Seafile's components to access the databases The user must exists mysql password for Seafile user Password for the user above ccnet database name Name of the database used by ccnet, default is \"ccnet_db\" The database must exist seafile database name Name of the database used by Seafile, default is \"seafile_db\" The database must exist seahub dabase name Name of the database used by Seahub, default is \"seahub_db\" The database must exist

          If the setup is successful, you see the following output:

          The directory layout then looks as follows:

          $ tree /opt/seafile -L 2\nseafile\n\u251c\u2500\u2500 ccnet\n\u251c\u2500\u2500 conf\n\u2502   \u2514\u2500\u2500 ccnet.conf\n\u2502   \u2514\u2500\u2500 gunicorn.conf.py\n\u2502   \u2514\u2500\u2500 seafdav.conf\n\u2502   \u2514\u2500\u2500 seafile.conf\n\u2502   \u2514\u2500\u2500 seahub_settings.py\n\u251c\u2500\u2500 seafile-data\n\u2502   \u2514\u2500\u2500 library-template\n\u251c\u2500\u2500 seafile-server-8.0.4\n\u2502   \u2514\u2500\u2500 check_init_admin.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 reset-admin.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 runtime\n\u2502   \u2514\u2500\u2500 seaf-fsck.sh\n\u2502   \u2514\u2500\u2500 seaf-gc.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub.sh\n\u2502   \u2514\u2500\u2500 setup-seafile-mysql.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.sh\n\u2502   \u2514\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 upgrade\n\u251c\u2500\u2500 seafile-server-latest -> seafile-server-8.0.6\n\u251c\u2500\u2500 seahub-data\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 avatars\n

          The folder seafile-server-latest is a symbolic link to the current Seafile Server folder. When later you upgrade to a new version, the upgrade scripts update this link to point to the latest Seafile Server folder.

          Note

          If you don't have the root password, you need someone who has the privileges, e.g., the database admin, to create the three databases required by Seafile, as well as a MySQL user who can access the databases. For example, to create three databases ccnet_db / seafile_db / seahub_db for ccnet/seafile/seahub respectively, and a MySQL user \"seafile\" to access these databases run the following SQL queries:

          create database `ccnet_db` character set = 'utf8';\ncreate database `seafile_db` character set = 'utf8';\ncreate database `seahub_db` character set = 'utf8';\n\ncreate user 'seafile'@'localhost' identified by 'seafile';\n\nGRANT ALL PRIVILEGES ON `ccnet_db`.* to `seafile`@localhost;\nGRANT ALL PRIVILEGES ON `seafile_db`.* to `seafile`@localhost;\nGRANT ALL PRIVILEGES ON `seahub_db`.* to `seafile`@localhost;\n
          "},{"location":"setup_binary/installation_ce/#setup-memory-cache","title":"Setup Memory Cache","text":"

          Seahub caches items(avatars, profiles, etc) on file system by default(/tmp/seahub_cache/). You can replace with Memcached or Redis.

          MemcachedRedis

          Use the following commands to install memcached and corresponding libraies on your system:

          # on Debian/Ubuntu 18.04+\napt-get install memcached libmemcached-dev -y\npip3 install --timeout=3600 pylibmc django-pylibmc\n\nsystemctl enable --now memcached\n

          Add the following configuration to seahub_settings.py.

          CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '127.0.0.1:11211',\n    },\n}\n

          Redis is supported since version 11.0

          1. Install Redis with package installers in your OS.

          2. refer to Django's documentation about using Redis cache to add Redis configurations to seahub_settings.py.

          "},{"location":"setup_binary/installation_ce/#tweaking-conf-files","title":"Tweaking conf files","text":"

          Seafile's config files as created by the setup script are prepared for Seafile running behind a reverse proxy.

          To access Seafile's web interface and to create working sharing links without a reverse proxy, you need to modify two configuration files in /opt/seafile/conf:

          • seahub_settings.py (if you use 9.0.x): Add port 8000 to the SERVICE_URL (i.e., SERVICE_URL = 'http://1.2.3.4:8000/').
          • ccnet.conf (if you use 8.0.x or 7.1.x): Add port 8000 to the SERVICE_URL (i.e., SERVICE_URL = http://1.2.3.4:8000/).
          • gunicorn.conf.py: Change the bind to \"0.0.0.0:8000\" (i.e., bind = \"0.0.0.0:8000\")
          "},{"location":"setup_binary/installation_ce/#starting-seafile-server","title":"Starting Seafile Server","text":"

          Run the following commands in /opt/seafile/seafile-server-latest:

          # For installations using python virtual environment, activate it if it isn't already active\nsource python-venv/bin/activate\n\n./seafile.sh start # starts seaf-server\n./seahub.sh start  # starts seahub\n

          Success

          The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password.

          Now you can access Seafile via the web interface at the host address and port 8000 (e.g., http://1.2.3.4:8000)

          Warning

          On CentOS, the firewall blocks traffic on port 8000 by default.

          "},{"location":"setup_binary/installation_ce/#troubleshooting","title":"Troubleshooting","text":"

          If seafile.sh and/or seahub.sh fail to run successfully, use pgrep to check if seafile/seahub processes are still running:

          pgrep -f seafile-controller # checks seafile processes\npgrep -f \"seahub\" # checks seahub process\n

          Use pkill to kill the processes:

          pkill -f seafile-controller\npkill -f \"seahub\"\n
          "},{"location":"setup_binary/installation_ce/#stopping-and-restarting-seafile-and-seahub","title":"Stopping and Restarting Seafile and Seahub","text":""},{"location":"setup_binary/installation_ce/#stopping","title":"Stopping","text":"
          ./seahub.sh stop    # stops seahub\n./seafile.sh stop   # stops seaf-server\n
          "},{"location":"setup_binary/installation_ce/#restarting","title":"Restarting","text":"
          # For installations using python virtual environment, activate it if it isn't already active\nsource python-venv/bin/activate\n\n./seafile.sh restart\n./seahub.sh restart\n
          "},{"location":"setup_binary/installation_ce/#enabling-https","title":"Enabling HTTPS","text":"

          It is strongly recommended to switch from unencrypted HTTP (via port 8000) to encrypted HTTPS (via port 443).

          This manual provides instructions for enabling HTTPS for the two most popular web servers and reverse proxies:

          • Nginx
          • Apache
          "},{"location":"setup_binary/installation_pro/","title":"Installation of Seafile Server Professional Edition","text":"

          This manual explains how to deploy and run Seafile Server Professional Edition (Seafile PE) on a Linux server from a pre-built package using MySQL/MariaDB as database. The deployment has been tested for Debian/Ubuntu.

          "},{"location":"setup_binary/installation_pro/#requirements","title":"Requirements","text":"

          Seafile PE requires a minimum of 2 cores and 2GB RAM. If elasticsearch is installed on the same server, the minimum requirements are 4 cores and 4 GB RAM.

          Seafile PE can be used without a paid license with up to three users. Licenses for more user can be purchased in the Seafile Customer Center or contact Seafile Sales at sales@seafile.com or one of our partners.

          "},{"location":"setup_binary/installation_pro/#setup","title":"Setup","text":""},{"location":"setup_binary/installation_pro/#installing-and-preparing-the-sql-database","title":"Installing and preparing the SQL database","text":"

          These instructions assume that MySQL/MariaDB server and client are installed and a MySQL/MariaDB root user can authenticate using the mysql_native_password plugin.

          "},{"location":"setup_binary/installation_pro/#installing-prerequisites","title":"Installing prerequisites","text":"Seafile 9.0.xSeafile 10.0.xSeafile 11.0.x Ubuntu 20.04/Debian 10/Ubuntu 18.04Centos 8 
          apt-get update\napt-get install -y python3 python3-setuptools python3-pip python3-ldap libmysqlclient-dev\napt-get install -y memcached libmemcached-dev\napt-get install -y poppler-utils\n\npip3 install --timeout=3600 django==3.2.* future mysqlclient pymysql Pillow pylibmc \\ \ncaptcha jinja2 sqlalchemy==1.4.3 psd-tools django-pylibmc django-simple-captcha pycryptodome==3.12.0 cffi==1.14.0 lxml\n
          sudo yum install python3 python3-setuptools python3-pip python3-devel mysql-devel gcc -y\nsudo yum install poppler-utils -y\n\nsudo pip3 install --timeout=3600 django==3.2.* Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.4.3 \\\n    django-pylibmc django-simple-captcha python3-ldap mysqlclient pycryptodome==3.12.0 cffi==1.14.0 lxml\n
          Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10 
          apt-get update\napt-get install -y python3 python3-setuptools python3-pip python3-ldap libmysqlclient-dev\napt-get install -y memcached libmemcached-dev\napt-get install -y poppler-utils\n\nsudo pip3 install --timeout=3600 django==3.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==1.4.44 \\\n    psd-tools django-pylibmc django_simple_captcha==0.5.20 djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml\n
          Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10Debian 12Ubuntu 24.04 with virtual env 
          # on  (on , it is almost the same)\napt-get update\napt-get install -y python3 python3-dev python3-setuptools python3-pip python3-ldap libmysqlclient-dev ldap-utils libldap2-dev dnsutils\napt-get install -y memcached libmemcached-dev\napt-get install -y poppler-utils\n\nsudo pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \\\n    psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 python-ldap==3.4.3 lxml\n

          Note

          Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with source python-venv/bin/activate.

          sudo apt-get update\nsudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv\nsudo apt-get install -y memcached libmemcached-dev\n\nmkdir /opt/seafile\ncd /opt/seafile\n\n# create the vitual environment in the python-venv directory\npython3 -m venv python-venv\n\n# activate the venv\nsource python-venv/bin/activate\n# Notice that this will usually change your prompt so you know the venv is active\n\n# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).\npip3 install --timeout=3600  django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3\n

          Note

          Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with source python-venv/bin/activate.

          # Ubuntu 24.04\nsudo apt-get update\nsudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev python3.12-venv\nsudo apt-get install -y memcached libmemcached-dev\n\nmkdir /opt/seafile\ncd /opt/seafile\n\n# create the vitual environment in the python-venv directory\npython3 -m venv python-venv\n\n# activate the venv\nsource python-venv/bin/activate\n# Notice that this will usually change your prompt so you know the venv is active\n\n# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).\npip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \\\n    psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.16.0 lxml python-ldap==3.4.3\n
          "},{"location":"setup_binary/installation_pro/#installing-java-runtime-environment","title":"Installing Java Runtime Environment","text":"

          Java Runtime Environment (JRE) is no longer needed in Seafile version 12.0.

          "},{"location":"setup_binary/installation_pro/#creating-the-programm-directory","title":"Creating the programm directory","text":"

          The standard directory for Seafile's program files is /opt/seafile. Create this directory and change into it:

          mkdir /opt/seafile\ncd /opt/seafile\n

          The program directory can be changed. The standard directory /opt/seafile is assumed for the rest of this manual. If you decide to put Seafile in another directory, some commands need to be modified accordingly.

          "},{"location":"setup_binary/installation_pro/#creating-user-seafile","title":"Creating user seafile","text":"

          Elasticsearch, the indexing server, cannot be run as root. More generally, it is good practice not to run applications as root.

          Create a new user and follow the instructions on the screen:

          adduser seafile\n

          Change ownership of the created directory to the new user:

          chown -R seafile: /opt/seafile\n

          All the following steps are done as user seafile.

          Change to user seafile:

          su seafile\n
          "},{"location":"setup_binary/installation_pro/#placing-the-seafile-pe-license","title":"Placing the Seafile PE license","text":"

          Save the license file in Seafile's programm directory /opt/seafile. Make sure that the name is seafile-license.txt. (If the file has a different name or cannot be read, Seafile PE will not start.)

          "},{"location":"setup_binary/installation_pro/#downloading-the-install-package","title":"Downloading the install package","text":"

          The install packages for Seafile PE are available for download in the the Seafile Customer Center. To access the Customer Center, a user account is necessary. The registration is free.

          Beginning with Seafile PE 7.0.17, the Seafile Customer Center provides two install packages for every version (using Seafile PE 8.0.4 as an example):

          • seafile-pro-server_8.0.4_x86-64_Ubuntu.tar.gz, compiled in Ubuntu environment

          The former is suitable for installation on Ubuntu/Debian servers, the latter for CentOS servers.

          Download the install package using wget (replace the x.x.x with the version you wish to download):

          # Debian/Ubuntu\nwget -O 'seafile-pro-server_x.x.x_x86-64_Ubuntu.tar.gz' 'VERSION_SPECIFIC_LINK_FROM_SEAFILE_CUSTOMER_CENTER'\n

          We use Seafile version 8.0.4 as an example in the remainder of these instructions.

          "},{"location":"setup_binary/installation_pro/#uncompressing-the-package","title":"Uncompressing the package","text":"

          The install package is downloaded as a compressed tarball which needs to be uncompressed.

          Uncompress the package using tar:

          # Debian/Ubuntu\ntar xf seafile-pro-server_8.0.4_x86-64_Ubuntu.tar.gz\n

          Now you have:

          $ tree -L 2 /opt/seafile\n.\n\u251c\u2500\u2500 seafile-license.txt\n\u2514\u2500\u2500 seafile-pro-server-8.0.4\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 check-db-type.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 check_init_admin.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 create-db\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 index_op.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate-repo.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate-repo.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 pro\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 remove-objs.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 remove-objs.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 reset-admin.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 run_index_master.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 run_index_worker.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 runtime\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-backup-cmd.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-backup-cmd.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-encrypt.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fsck.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fuse.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-gc.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-gen-key.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile-background-tasks.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-import.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub-extra\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 upgrade\n\u2514\u2500\u2500 seafile-pro-server_8.0.4_x86-64.tar.gz\n

          Tip

          The names of the install packages differ for Seafile CE and Seafile PE. Using Seafile CE and Seafile PE 8.0.4 as an example, the names are as follows:

          • Seafile CE: seafile-server_8.0.4_x86-86.tar.gz; uncompressing into folder seafile-server-8.0.4
          • Seafile PE: seafile-pro-server_8.0.4_x86-86.tar.gz; uncompressing into folder seafile-pro-server-8.0.4
          "},{"location":"setup_binary/installation_pro/#run-the-setup-script","title":"Run the setup script","text":"

          The setup process of Seafile PE is the same as the Seafile CE. See Installation of Seafile Server Community Edition with MySQL/MariaDB.

          After the successful completition of the setup script, the directory layout of Seafile PE looks as follows (some folders only get created after the first start, e.g. logs):

          For Seafile 7.1.x and later

          $ tree -L 2 /opt/seafile\n.\n\u251c\u2500\u2500 seafile-license.txt             # license file\n\u251c\u2500\u2500 ccnet               \n\u251c\u2500\u2500 conf                            # configuration files\n\u2502   \u2514\u2500\u2500 ccnet.conf\n\u2502   \u2514\u2500\u2500 gunicorn.conf.py\n\u2502   \u2514\u2500\u2500 __pycache__\n\u2502   \u2514\u2500\u2500 seafdav.conf\n\u2502   \u2514\u2500\u2500 seafevents.conf\n\u2502   \u2514\u2500\u2500 seafile.conf\n\u2502   \u2514\u2500\u2500 seahub_settings.py\n\u251c\u2500\u2500 logs                            # log files\n\u251c\u2500\u2500 pids                            # process id files\n\u251c\u2500\u2500 pro-data                        # data specific for Seafile PE\n\u251c\u2500\u2500 seafile-data                    # object database\n\u251c\u2500\u2500 seafile-pro-server-8.0.4\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 check-db-type.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 check_init_admin.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 create-db\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 index_op.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate-repo.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate-repo.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 pro\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 reset-admin.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 run_index_master.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 run_index_worker.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 runtime\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-backup-cmd.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-backup-cmd.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-encrypt.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fsck.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fuse.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-gc.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-gen-key.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile-background-tasks.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-import.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub-extra\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 upgrade\n\u251c\u2500\u2500 seafile-server-latest -> seafile-pro-server-8.0.4\n\u251c\u2500\u2500 seahub-data\n    \u2514\u2500\u2500 avatars                        # user avatars\n
          "},{"location":"setup_binary/installation_pro/#setup-memory-cache","title":"Setup Memory Cache","text":"

          Memory cache is mandatory for pro edition. You may use Memcached or Reids as cache server.

          MemcachedRedis

          Use the following commands to install memcached and corresponding libraies on your system:

          # on Debian/Ubuntu 18.04+\napt-get install memcached libmemcached-dev -y\npip3 install --timeout=3600 pylibmc django-pylibmc\n\nsystemctl enable --now memcached\n

          Add the following configuration to seahub_settings.py.

          CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '127.0.0.1:11211',\n    },\n}\n

          Redis is supported since version 11.0

          1. Install Redis with package installers in your OS.

          2. refer to Django's documentation about using Redis cache to add Redis configurations to seahub_settings.py.

          "},{"location":"setup_binary/installation_pro/#enabling-httphttps","title":"Enabling HTTP/HTTPS","text":"

          You need at least setup HTTP to make Seafile's web interface work. This manual provides instructions for enabling HTTP/HTTPS for the two most popular web servers and reverse proxies:

          • Nginx
          • Apache
          "},{"location":"setup_binary/installation_pro/#starting-seafile-server","title":"Starting Seafile Server","text":"

          Run the following commands in /opt/seafile/seafile-server-latest:

          # For installations using python virtual environment, activate it if it isn't already active\nsource python-venv/bin/activate\n\n./seafile.sh start # Start Seafile service\n./seahub.sh start  # Start seahub website, port defaults to 127.0.0.1:8000\n

          Success

          The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password.

          Now you can access Seafile via the web interface at the host address (e.g., http://1.2.3.4:80).

          "},{"location":"setup_binary/installation_pro/#enabling-full-text-search","title":"Enabling full text search","text":"

          Seafile uses the indexing server ElasticSearch to enable full text search.

          "},{"location":"setup_binary/installation_pro/#deploying-elasticsearch","title":"Deploying ElasticSearch","text":"

          Our recommendation for deploying ElasticSearch is using Docker. Detailed information about installing Docker on various Linux distributions is available at Docker Docs.

          Seafile PE 9.0 only supports ElasticSearch 7.x. Seafile PE 10.0, 11.0, 12.0 only supports ElasticSearch 8.x.

          We use ElasticSearch version 7.16.2 as an example in this section. Version 7.16.2 and newer version have been successfully tested with Seafile.

          Pull the Docker image: 

          sudo docker pull elasticsearch:7.16.2\n

          Create a folder for persistent data created by ElasticSearch and change its permission: 

          sudo mkdir -p /opt/seafile-elasticsearch/data  && chmod -R 777 /opt/seafile-elasticsearch/data/\n

          Now start the ElasticSearch container using the docker run command: 

          sudo docker run -d \\\n--name es \\\n-p 9200:9200 \\\n-e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" \\\n-e \"ES_JAVA_OPTS=-Xms2g -Xmx2g\" -e \"xpack.security.enabled=false\" \\\n--restart=always \\\n-v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data \\\n-d elasticsearch:7.16.2\n

          "},{"location":"setup_binary/installation_pro/#modifying-seafevents","title":"Modifying seafevents","text":"

          Add the following configuration to seafevents.conf:

          [INDEX FILES]\nes_host = your elasticsearch server's IP    # IP address of ElasticSearch host\n                                            # use 127.0.0.1 if deployed on the same server\nes_port = 9200                              # port of ElasticSearch host\ninterval = 10m                              # frequency of index updates in minutes\nhighlight = fvh                             # parameter for improving the search performance\n

          Finally, restart Seafile:

          ./seafile.sh restart  && ./seahub.sh restart \n
          "},{"location":"setup_binary/memcached_mariadb_cluster/","title":"Setup Memcached Cluster and MariaDB Galera Cluster","text":"

          For high availability, it is recommended to set up a memcached cluster and MariaDB Galera cluster for Seafile cluster. This documentation will provide information on how to do this with 3 servers. You can either use 3 dedicated servers or use the 3 Seafile server nodes.

          "},{"location":"setup_binary/memcached_mariadb_cluster/#setup-memcached-cluster","title":"Setup Memcached Cluster","text":"

          Seafile servers share session information within memcached. So when you set up a Seafile cluster, there needs to be a memcached server (cluster) running.

          The simplest way is to use a single-node memcached server. But when this server fails, some functions in the web UI of Seafile cannot work. So for HA, it's usually desirable to have more than one memcached servers.

          We recommend to setup two independent memcached servers, in active/standby mode. A floating IP address (or Virtual IP address in some context) is assigned to the current active node. When the active node goes down, Keepalived will migrate the virtual IP to the standby node. So you actually use a single node memcahced, but use Keepalived (or other alternatives) to provide high availability.

          After installing memcahced on each server, you need to make some modification to the memcached config file.

          # Under Ubuntu\nvi /etc/memcached.conf\n\n# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default\n# Note that the daemon will grow to this size, but does not start out holding this much\n# memory\n# -m 64\n-m 256\n\n# Specify which IP address to listen on. The default is to listen on all IP addresses\n# This parameter is one of the only security measures that memcached has, so make sure\n# it's listening on a firewalled interface.\n-l 0.0.0.0\n\nservice memcached restart\n

          Please configure memcached to start on system startup

          Install and configure Keepalived.

          # For Ubuntu\nsudo apt-get install keepalived -y\n

          Modify keepalived config file /etc/keepalived/keepalived.conf.

          On active node 

          cat /etc/keepalived/keepalived.conf\n\n! Configuration File for keepalived\n\nglobal_defs {\n    notification_email {\n        root@localhost\n    }\n    notification_email_from keepalived@localhost\n    smtp_server 127.0.0.1\n    smtp_connect_timeout 30\n    router_id node1\n    vrrp_mcast_group4 224.0.100.19\n}\nvrrp_script chk_memcached {\n    script \"killall -0 memcached && exit 0 || exit 1\"\n    interval 1\n    weight -5\n}\n\nvrrp_instance VI_1 {\n    state MASTER\n    interface ens33\n    virtual_router_id 51\n    priority 100\n    advert_int 1\n    authentication {\n        auth_type PASS\n        auth_pass hello123\n    }\n    virtual_ipaddress {\n        192.168.1.113/24 dev ens33\n    }\n    track_script {\n    chk_memcached\n    }\n}\n

          On standby node

          cat /etc/keepalived/keepalived.conf\n\n! Configuration File for keepalived\n\nglobal_defs {\n    notification_email {\n        root@localhost\n    }\n    notification_email_from keepalived@localhost\n    smtp_server 127.0.0.1\n    smtp_connect_timeout 30\n    router_id node2\n    vrrp_mcast_group4 224.0.100.19\n}\nvrrp_script chk_memcached {\n    script \"killall -0 memcached && exit 0 || exit 1\"\n    interval 1\n    weight -5\n}\n\nvrrp_instance VI_1 {\n    state BACKUP\n    interface ens33\n    virtual_router_id 51\n    priority 98\n    advert_int 1\n    authentication {\n        auth_type PASS\n        auth_pass hello123\n    }\n    virtual_ipaddress {\n        192.168.1.113/24 dev ens33\n    }\n    track_script {\n        chk_memcached\n    }\n}\n

          Please adjust the network device names accordingly. virtual_ipaddress is the floating IP address in use

          "},{"location":"setup_binary/memcached_mariadb_cluster/#setup-mariadb-cluster","title":"Setup MariaDB Cluster","text":"

          MariaDB cluster helps you to remove single point of failure from the cluster architecture. Every update in the database cluster is synchronously replicated to all instances.

          You can choose between two different setups:

          • For a small cluster with 3 nodes, you can run MariaDB cluster directly on the Seafile server nodes. Each Seafile server access its local instance of MariaDB.
          • For larger clusters, it's preferable to have 3 dedicated MariaDB nodes to form a cluster. You have to set up a HAProxy in front of the MariaDB cluster. Seafile will access database via HAProxy.

          We refer to the documentation from MariaDB team:

          • Setting up MariaDB cluster on CentOS 7
          • Setting up HAProxy for MariaDB Galera Cluster.

          Tip

          Seafile doesn't use read/write isolation techniques. So you don't need to setup read and write pools.

          "},{"location":"setup_binary/migrate_from_sqlite_to_mysql/","title":"Migrate From SQLite to MySQL","text":"

          Note

          The tutorial is only related to Seafile CE edition.

          First make sure the python module for MySQL is installed. On Ubuntu/Debian, use sudo apt-get install python-mysqldb or sudo apt-get install python3-mysqldb to install it.

          Steps to migrate Seafile from SQLite to MySQL:

          Stop Seafile and Seahub.

          Download sqlite2mysql.sh and sqlite2mysql.py to the top directory of your Seafile installation path. For example, /opt/seafile.

          Run sqlite2mysql.sh:

          chmod +x sqlite2mysql.sh\n./sqlite2mysql.sh\n

          This script will produce three files: ccnet-db.sql, seafile-db.sql, seahub-db.sql.

          Then create 3 databases ccnet_db, seafile_db, seahub_db and seafile user.

          mysql> create database ccnet_db character set = 'utf8';\nmysql> create database seafile_db character set = 'utf8';\nmysql> create database seahub_db character set = 'utf8';\n

          Import ccnet data to MySql.

          mysql> use ccnet_db;\nmysql> source ccnet-db.sql;\n

          Import seafile data to MySql.

          mysql> use seafile_db;\nmysql> source seafile-db.sql;\n

          Import seahub data to MySql.

          mysql> use seahub_db;\nmysql> source seahub-db.sql;\n

          Modify configure files\uff1aAppend following lines to ccnet.conf:

          [Database]\nENGINE=mysql\nHOST=127.0.0.1\nPORT = 3306\nUSER=root\nPASSWD=root\nDB=ccnet_db\nCONNECTION_CHARSET=utf8\n

          Use 127.0.0.1, don't use localhost

          Replace the database section in seafile.conf with following lines:

          [database]\ntype=mysql\nhost=127.0.0.1\nport = 3306\nuser=root\npassword=root\ndb_name=seafile_db\nconnection_charset=utf8\n

          Append following lines to seahub_settings.py:

          DATABASES = {\n    'default': {\n        'ENGINE': 'django.db.backends.mysql',\n        'USER' : 'root',\n        'PASSWORD' : 'root',\n        'NAME' : 'seahub_db',\n        'HOST' : '127.0.0.1',\n        'PORT': '3306',\n        # This is only needed for MySQL older than 5.5.5.\n        # For MySQL newer than 5.5.5 INNODB is the default already.\n        'OPTIONS': {\n            \"init_command\": \"SET storage_engine=INNODB\",\n        }\n    }\n}\n

          Restart seafile and seahub

          Note

          User notifications will be cleared during migration due to the slight difference between MySQL and SQLite, if you only see the busy icon when click the notitfications button beside your avatar, please remove user_notitfications table manually by:

          use seahub_db;\ndelete from notifications_usernotification;\n
          "},{"location":"setup_binary/migrate_from_sqlite_to_mysql/#faq","title":"FAQ","text":""},{"location":"setup_binary/migrate_from_sqlite_to_mysql/#encountered-errno-150-foreign-key-constraint-is-incorrectly-formed","title":"Encountered errno: 150 \"Foreign key constraint is incorrectly formed\"","text":"

          This error typically occurs because the current table being created contains a foreign key that references a table whose primary key has not yet been created. Therefore, please check the database table creation order in the SQL file. The correct order is:

          auth_user\nauth_group\nauth_permission\nauth_group_permissions\nauth_user_groups\nauth_user_user_permissions\n
          and 
          post_office_emailtemplate\npost_office_email\npost_office_attachment\npost_office_attachment_emails\n

          "},{"location":"setup_binary/outline_ce/","title":"Deploying Seafile","text":"

          We provide two ways to deploy Seafile services. Docker is the recommended way.

          Warning

          Since version 12.0, binary based deployment for community edition is deprecated and will not be supported in a future release.

          • Using Docker
          • Manually installing Seafile and setting up database, memcached and Nginx/Apache. See the following section.
          "},{"location":"setup_binary/outline_ce/#manually-deployment-options","title":"Manually deployment options","text":"
          • Deploying Seafile with MySQL
          • Enabling Https with Nginx
          • Enabling Https with Apache
          • Start Seafile at System Bootup
          • Logrotate
          "},{"location":"setup_binary/outline_ce/#trouble-shooting","title":"Trouble shooting","text":"
          1. Read Seafile Server Components Overview to understand how Seafile server works. This will save you a lot of time.
          2. Read FAQ
          3. Go to our forum for help.
          "},{"location":"setup_binary/outline_pro/","title":"Deploy Seafile Pro Edition","text":"

          There are two ways to deploy Seafile Pro Edition. Since version 8.0, the recommend way to install Seafile Pro Edition is using Docker.

          • Method 1: Deploy Seafile with Docker
          • Method 2: Download and Setup Seafile Professional Server Step by Step
          "},{"location":"setup_binary/outline_pro/#migration-from-community-edition","title":"Migration from community edition","text":"
          • Migrate from Seafile Community edition
          "},{"location":"setup_binary/outline_pro/#s3-storage-backends","title":"S3 Storage Backends","text":"
          • Setup Seafile Professional Server With S3
          • Setup Seafile Professional Server With OpenStack Swift
          • Data migration between different backends
          • Using multiple storage backends
          "},{"location":"setup_binary/outline_pro/#cluster","title":"Cluster","text":"
          • Deploy seafile servers in a cluster
          • Enable search and background tasks in a cluster
          • Setup Seafile cluster with NFS
          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/","title":"Seafile Professional Edition Software License Agreement","text":"

          Seafile Professional Edition SOFTWARE LICENSE AGREEMENT

          NOTICE: READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY BEFORE YOU DOWNLOAD, INSTALL OR USE Seafile Ltd.'S PROPRIETARY SOFTWARE. BY INSTALLING OR USING THE SOFTWARE, YOU AGREE TO BE BOUND BY THE FOLLOWING TERMS AND CONDITIONS. IF YOU DO NOT AGREE TO THE FOLLOWING TERMS AND CONDITIONS, DO NOT INSTALL OR USE THE SOFTWARE.

          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#1-definitions","title":"1. DEFINITIONS","text":"

          \"Seafile Ltd.\" means Seafile Ltd.

          \"You and Your\" means the party licensing the Software hereunder.

          \"Software\" means the computer programs provided under the terms of this license by Seafile Ltd. together with any documentation provided therewith.

          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#2-grant-of-rights","title":"2. GRANT OF RIGHTS","text":""},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#21-general","title":"2.1 General","text":"

          The License granted for Software under this Agreement authorizes You on a non-exclusive basis to use the Software. The Software is licensed, not sold to You and Seafile Ltd. reserves all rights not expressly granted to You in this Agreement. The License is personal to You and may not be assigned by You to any third party.

          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#22-license-provisions","title":"2.2 License Provisions","text":"

          Subject to the receipt by Seafile Ltd. of the applicable license fees, You have the right use the Software as follows:

          • You may use and install the Software on an unlimited number of computers that are owned, leased, or controlled by you.
          • Nothing in this Agreement shall permit you, or any third party to disclose or otherwise make available to any third party the licensed Software, source code or any portion thereof.
          • You agree to indemnify, hold harmless and defend Seafile Ltd. from and against any claims or lawsuits, including attorney's fees, that arise as a result from the use of the Software;
          • You do not permit further redistribution of the Software by Your end-user customers
          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#3-no-derivative-works","title":"3. NO DERIVATIVE WORKS","text":"

          The inclusion of source code with the License is explicitly not for your use to customize a solution or re-use in your own projects or products. The benefit of including the source code is for purposes of security auditing. You may modify the code only for emergency bug fixes that impact security or performance and only for use within your enterprise. You may not create or distribute derivative works based on the Software or any part thereof. If you need enhancements to the software features, you should suggest them to Seafile Ltd. for version improvements.

          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#4-ownership","title":"4. OWNERSHIP","text":"

          You acknowledge that all copies of the Software in any form are the sole property of Seafile Ltd.. You have no right, title or interest to any such Software or copies thereof except as provided in this Agreement.

          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#5-confidentiality","title":"5. CONFIDENTIALITY","text":"

          You hereby acknowledge and agreed that the Software constitute and contain valuable proprietary products and trade secrets of Seafile Ltd., embodying substantial creative efforts and confidential information, ideas, and expressions. You agree to treat, and take precautions to ensure that your employees and other third parties treat, the Software as confidential in accordance with the confidentiality requirements herein.

          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#6-disclaimer-of-warranties","title":"6. DISCLAIMER OF WARRANTIES","text":"

          EXCEPT AS OTHERWISE SET FORTH IN THIS AGREEMENT THE SOFTWARE IS PROVIDED TO YOU \"AS IS\", AND Seafile Ltd. MAKES NO EXPRESS OR IMPLIED WARRANTIES WITH RESPECT TO ITS FUNCTIONALITY, CONDITION, PERFORMANCE, OPERABILITY OR USE. WITHOUT LIMITING THE FOREGOING, Seafile Ltd. DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR FREEDOM FROM INFRINGEMENT. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. THE LIMITED WARRANTY HEREIN GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM ONE JURISDICTION TO ANOTHER.

          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#7-limitation-of-liability","title":"7. LIMITATION OF LIABILITY","text":"

          YOU ACKNOWLEDGE AND AGREE THAT THE CONSIDERATION WHICH Seafile Ltd. IS CHARGING HEREUNDER DOES NOT INCLUDE ANY CONSIDERATION FOR ASSUMPTION BY Seafile Ltd. OF THE RISK OF YOUR CONSEQUENTIAL OR INCIDENTAL DAMAGES WHICH MAY ARISE IN CONNECTION WITH YOUR USE OF THE SOFTWARE. ACCORDINGLY, YOU AGREE THAT Seafile Ltd. SHALL NOT BE RESPONSIBLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS-OF-PROFIT, LOST SAVINGS, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF A LICENSING OR USE OF THE SOFTWARE.

          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#8-indemnification","title":"8. INDEMNIFICATION","text":"

          You agree to defend, indemnify and hold Seafile Ltd. and its employees, agents, representatives and assigns harmless from and against any claims, proceedings, damages, injuries, liabilities, costs, attorney's fees relating to or arising out of Your use of the Software or any breach of this Agreement.

          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#9-termination","title":"9. TERMINATION","text":"

          Your license is effective until terminated. You may terminate it at any time by destroying the Software or returning all copies of the Software to Seafile Ltd.. Your license will terminate immediately without notice if You breach any of the terms and conditions of this Agreement, including non or incomplete payment of the license fee. Upon termination of this Agreement for any reason: You will uninstall all copies of the Software; You will immediately cease and desist all use of the Software; and will destroy all copies of the software in your possession.

          "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#10-updates-and-support","title":"10. UPDATES AND SUPPORT","text":"

          Seafile Ltd. has the right, but no obligation, to periodically update the Software, at its complete discretion, without the consent or obligation to You or any licensee or user.

          YOU HEREBY ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, UNDERSTAND IT AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS.

          "},{"location":"setup_binary/setup_seafile_cluster_with_nfs/","title":"Setup Seafile cluster with NFS","text":"

          In a Seafile cluster, one common way to share data among the Seafile server instances is to use NFS. You should only share the files objects (located in seafile-data folder) and user avatars as well as thumbnails (located in seahub-data folder) on NFS. Here we'll provide a tutorial about how and what to share.

          How to setup nfs server and client is beyond the scope of this wiki. Here are few references:

          • Ubuntu: https://help.ubuntu.com/community/SettingUpNFSHowTo
          • CentOS: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-nfs.html

          Supposed your seafile server installation directory is /data/haiwen, after you run the setup script there should be a seafile-data and seahub-data directory in it. And supposed you mount the NFS drive on /seafile-nfs, you should follow a few steps:

          • Move the seafile-data and seahub-data folder to /seafile-nfs:
          mv /data/haiwen/seafile-data /seafile-nfs/\nmv /data/haiwen/seahub-data /seafile-nfs/\n
          • On every node in the cluster, make a symbolic link to the shared seafile-data and seahub-data folder 
          cd /data/haiwen\nln -s /seafile-nfs/seafile-data /data/haiwen/seafile-data\nln -s /seafile-nfs/seahub-data /data/haiwen/seahub-data\n

          This way the instances will share the same seafile-data and seahub-data folder. All other config files and log files will remain independent.

          "},{"location":"setup_binary/start_seafile_at_system_bootup/","title":"Start Seafile at System Bootup","text":""},{"location":"setup_binary/start_seafile_at_system_bootup/#for-systems-running-systemd-and-python-virtual-environments","title":"For systems running systemd and python virtual environments","text":"

          For example Debian 12

          Create systemd service files, change ${seafile_dir} to your seafile installation location and seafile to user, who runs seafile (if appropriate). Then you need to reload systemd's daemons: systemctl daemon-reload.

          Firstly, you should create a script to activate the python virtual environment, which goes in the ${seafile_dir} directory. Put another way, it does not go in \"seafile-server-latest\", but the directory above that. Throughout this manual the examples use /opt/seafile for this directory, but you might have chosen to use a different directory.

          sudo vim /opt/seafile/run_with_venv.sh\n

          The content of the file is:

          #!/bin/bash\n# Activate the python virtual environment (venv) before starting one of the seafile scripts\n\ndir_name=\"$(dirname $0)\"\nsource \"${dir_name}/python-venv/bin/activate\"\nscript=\"$1\"\nshift 1\n\necho \"${dir_name}/seafile-server-latest/${script}\" \"$@\"\n\"${dir_name}/seafile-server-latest/${script}\" \"$@\"\n
          make this script executable 
          sudo chmod 755 /opt/seafile/run_with_venv.sh\n

          "},{"location":"setup_binary/start_seafile_at_system_bootup/#seafile-component","title":"Seafile component","text":"
          sudo vim /etc/systemd/system/seafile.service\n

          The content of the file is:

          [Unit]\nDescription=Seafile\n# add mysql.service or postgresql.service depending on your database to the line below\nAfter=network.target\n\n[Service]\nType=forking\nExecStart=bash ${seafile_dir}/run_with_venv.sh seafile.sh start\nExecStop=bash ${seafile_dir}/seafile-server-latest/seafile.sh stop\nLimitNOFILE=infinity\nUser=seafile\nGroup=seafile\n\n[Install]\nWantedBy=multi-user.target\n
          "},{"location":"setup_binary/start_seafile_at_system_bootup/#seahub-component","title":"Seahub component","text":"
          sudo vim /etc/systemd/system/seahub.service\n

          The content of the file is:

          [Unit]\nDescription=Seafile hub\nAfter=network.target seafile.service\n\n[Service]\nType=forking\nExecStart=bash ${seafile_dir}/run_with_venv.sh seahub.sh start\nExecStop=bash ${seafile_dir}/seafile-server-latest/seahub.sh stop\nUser=seafile\nGroup=seafile\n\n[Install]\nWantedBy=multi-user.target\n
          "},{"location":"setup_binary/start_seafile_at_system_bootup/#for-systems-running-systemd-without-python-virtual-environment","title":"For systems running systemd without python virtual environment","text":"

          For example Debian 8 through Debian 11, Linux Ubuntu 15.04 and newer

          Create systemd service files, change ${seafile_dir} to your seafile installation location and seafile to user, who runs seafile (if appropriate). Then you need to reload systemd's daemons: systemctl daemon-reload.

          "},{"location":"setup_binary/start_seafile_at_system_bootup/#seafile-component_1","title":"Seafile component","text":"
          sudo vim /etc/systemd/system/seafile.service\n

          The content of the file is:

          [Unit]\nDescription=Seafile\n# add mysql.service or postgresql.service depending on your database to the line below\nAfter=network.target\n\n[Service]\nType=forking\nExecStart=${seafile_dir}/seafile-server-latest/seafile.sh start\nExecStop=${seafile_dir}/seafile-server-latest/seafile.sh stop\nLimitNOFILE=infinity\nUser=seafile\nGroup=seafile\n\n[Install]\nWantedBy=multi-user.target\n
          "},{"location":"setup_binary/start_seafile_at_system_bootup/#seahub-component_1","title":"Seahub component","text":"

          Create systemd service file /etc/systemd/system/seahub.service

          sudo vim /etc/systemd/system/seahub.service\n

          The content of the file is:

          [Unit]\nDescription=Seafile hub\nAfter=network.target seafile.service\n\n[Service]\nType=forking\nExecStart=${seafile_dir}/seafile-server-latest/seahub.sh start\nExecStop=${seafile_dir}/seafile-server-latest/seahub.sh stop\nUser=seafile\nGroup=seafile\n\n[Install]\nWantedBy=multi-user.target\n
          "},{"location":"setup_binary/start_seafile_at_system_bootup/#seafile-cli-client-optional","title":"Seafile cli client (optional)","text":"

          Create systemd service file /etc/systemd/system/seafile-client.service

          You need to create this service file only if you have seafile console client and you want to run it on system boot.

          sudo vim /etc/systemd/system/seafile-client.service\n

          The content of the file is:

          [Unit]\nDescription=Seafile client\n# Uncomment the next line you are running seafile client on the same computer as server\n# After=seafile.service\n# Or the next one in other case\n# After=network.target\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/seaf-cli start\nExecStop=/usr/bin/seaf-cli stop\nRemainAfterExit=yes\nUser=seafile\nGroup=seafile\n\n[Install]\nWantedBy=multi-user.target\n
          "},{"location":"setup_binary/start_seafile_at_system_bootup/#enable-service-start-on-system-boot","title":"Enable service start on system boot","text":"
          sudo systemctl enable seafile.service\nsudo systemctl enable seahub.service\nsudo systemctl enable seafile-client.service   # optional\n
          "},{"location":"setup_binary/using_logrotate/","title":"Set up logrotate for server","text":""},{"location":"setup_binary/using_logrotate/#how-it-works","title":"How it works","text":"

          seaf-server and seafile-controller support reopenning logfiles by receiving a SIGUR1 signal.

          This feature is very useful when you need cut logfiles while you don't want to shutdown the server. All you need to do now is cutting the logfile on the fly.

          "},{"location":"setup_binary/using_logrotate/#default-logrotate-configuration-directory","title":"Default logrotate configuration directory","text":"

          For Debian, the default directory for logrotate should be /etc/logrotate.d/

          "},{"location":"setup_binary/using_logrotate/#sample-configuration","title":"Sample configuration","text":"

          Assuming your seaf-server's logfile is setup to /opt/seafile/logs/seafile.log and your seaf-server's pidfile is setup to /opt/seafile/pids/seaf-server.pid:

          The configuration for logrotate could be like this:

          /opt/seafile/logs/seafile.log\n/opt/seafile/logs/seahub.log\n/opt/seafile/logs/seafdav.log\n/opt/seafile/logs/fileserver-access.log\n/opt/seafile/logs/fileserver-error.log\n/opt/seafile/logs/fileserver.log\n/opt/seafile/logs/file_updates_sender.log\n/opt/seafile/logs/repo_old_file_auto_del_scan.log\n/opt/seafile/logs/seahub_email_sender.log\n/opt/seafile/logs/index.log\n{\n        daily\n        missingok\n        rotate 7\n        # compress\n        # delaycompress\n        dateext\n        dateformat .%Y-%m-%d\n        notifempty\n        # create 644 root root\n        sharedscripts\n        postrotate\n                if [ -f /opt/seafile/pids/seaf-server.pid ]; then\n                        kill -USR1 `cat /opt/seafile/pids/seaf-server.pid`\n                fi\n\n                if [ -f /opt/seafile/pids/fileserver.pid ]; then\n                        kill -USR1 `cat /opt/seafile/pids/fileserver.pid`\n                fi\n\n                if [ -f /opt/seafile/pids/seahub.pid ]; then\n                        kill -HUP `cat /opt/seafile/pids/seahub.pid`\n                fi\n\n                if [ -f /opt/seafile/pids/seafdav.pid ]; then\n                        kill -HUP `cat /opt/seafile/pids/seafdav.pid`\n                fi\n\n                find /opt/seafile/logs/ -mtime +7 -name \"*.log*\" -exec rm -f {} \\;\n        endscript\n}\n

          You can save this file, in Debian for example, at /etc/logrotate.d/seafile.

          "},{"location":"upgrade/upgrade/","title":"Upgrade manual","text":"

          There are three types of upgrade, i.e., major version upgrade, minor version upgrade and maintenance version upgrade. This page contains general instructions for the three types of upgrade.

          • After upgrading, you may need to clean seahub cache if it doesn't behave as expect.
          • If you are using a Docker based deployment, please read upgrade a Seafile docker instance
          • If you are running a cluster, please read upgrade a Seafile cluster.
          • If you are using a binary package based deployment, please read instructions below.
          "},{"location":"upgrade/upgrade/#special-upgrade-notes","title":"Special upgrade notes","text":"

          Please check the upgrade notes for any special configuration or changes before/while upgrading.

          • Upgrade notes for 7.0.x
          • Upgrade notes for 7.1.x
          • Upgrade notes for 8.0.x
          • Upgrade notes for 9.0.x
          • Upgrade notes for 10.0.x
          • Upgrade notes for 11.0.x
          "},{"location":"upgrade/upgrade/#upgrade-a-binary-package-based-deployment","title":"Upgrade a binary package based deployment","text":""},{"location":"upgrade/upgrade/#major-version-upgrade-eg-from-5xx-to-6yy","title":"Major version upgrade (e.g. from 5.x.x to 6.y.y)","text":"

          Suppose you are using version 5.1.0 and like to upgrade to version 6.1.0. First download and extract the new version. You should have a directory layout similar to this:

          seafile\n   -- seafile-server-5.1.0\n   -- seafile-server-6.1.0\n   -- ccnet\n   -- seafile-data\n

          Now upgrade to version 6.1.0.

          Shutdown Seafile server if it's running

          cd seafile/seafile-server-latest\n./seahub.sh stop\n./seafile.sh stop\n# or via service\n/etc/init.d/seafile-server stop\n

          Check the upgrade scripts in seafile-server-6.1.0 directory.

          cd seafile/seafile-server-6.1.0\nls upgrade/upgrade_*\n

          You will get a list of upgrade files:

          ...\nupgrade_5.0_5.1.sh\nupgrade_5.1_6.0.sh\nupgrade_6.0_6.1.sh\n

          Start from your current version, run the script(s one by one)

          upgrade/upgrade_5.1_6.0.sh\nupgrade/upgrade_6.0_6.1.sh\n

          Start Seafile server

          cd seafile/seafile-server-latest/\n./seafile.sh start\n./seahub.sh start # or \"./seahub.sh start-fastcgi\" if you're using fastcgi\n# or via service\n/etc/init.d/seafile-server start\n

          If the new version works fine, the old version can be removed

          rm -rf seafile-server-5.1.0/\n
          "},{"location":"upgrade/upgrade/#minor-version-upgrade-eg-from-61x-to-62y","title":"Minor version upgrade (e.g. from 6.1.x to 6.2.y)","text":"

          Suppose you are using version 6.1.0 and like to upgrade to version 6.2.0. First download and extract the new version. You should have a directory layout similar to this:

          seafile\n   -- seafile-server-6.1.0\n   -- seafile-server-6.2.0\n   -- ccnet\n   -- seafile-data\n

          Now upgrade to version 6.2.0.

          1. Shutdown Seafile server if it's running
          cd seafile/seafile-server-latest\n./seahub.sh stop\n./seafile.sh stop\n# or via service\n/etc/init.d/seafile-server stop\n

          Check the upgrade scripts in seafile-server-6.2.0 directory.

          cd seafile/seafile-server-6.2.0\nls upgrade/upgrade_*\n

          You will get a list of upgrade files:

          ...\nupgrade/upgrade_5.1_6.0.sh\nupgrade/upgrade_6.0_6.1.sh\nupgrade/upgrade_6.1_6.2.sh\n

          Start from your current version, run the script(s one by one)

          upgrade/upgrade_6.1_6.2.sh\n

          Start Seafile server

          ./seafile.sh start\n./seahub.sh start\n# or via service\n/etc/init.d/seafile-server start\n

          If the new version works, the old version can be removed

          rm -rf seafile-server-6.1.0/\n
          "},{"location":"upgrade/upgrade/#maintenance-version-upgrade-eg-from-622-to-623","title":"Maintenance version upgrade (e.g. from 6.2.2 to 6.2.3)","text":"

          A maintenance upgrade is for example an upgrade from 6.2.2 to 6.2.3.

          1. Shutdown Seafile server if it's running

          2. For this type of upgrade, you only need to update the symbolic links (for avatar and a few other folders). A script to perform a minor upgrade is provided with Seafile server (for history reasons, the script is called minor-upgrade.sh):

            cd seafile-server-6.2.3/upgrade/ && ./minor-upgrade.sh\n

          3. Start Seafile

          4. If the new version works, the old version can be removed

            rm -rf seafile-server-6.2.2/\n
          "},{"location":"upgrade/upgrade_a_cluster/","title":"Upgrade a Seafile cluster","text":""},{"location":"upgrade/upgrade_a_cluster/#major-and-minor-version-upgrade","title":"Major and minor version upgrade","text":"

          Seafile adds new features in major and minor versions. It is likely that some database tables need to be modified or the search index need to be updated. In general, upgrading a cluster contains the following steps:

          1. Upgrade the database
          2. Update symbolic link at frontend and backend nodes to point to the newest version
          3. Update configuration files at each node
          4. Update search index in the backend node

          In general, to upgrade a cluster, you need:

          1. Run the upgrade script (for example, ./upgrade/upgrade_4_0_4_1.sh) in one frontend node
          2. Run the minor upgrade script (./upgrade/minor_upgrade.sh) in all other nodes to update symbolic link
          3. Update configuration files at each node according to the documentation for each version
          4. Delete old search index in the backend node if needed
          "},{"location":"upgrade/upgrade_a_cluster/#maintanence-upgrade","title":"Maintanence upgrade","text":"

          Doing maintanence upgrading is simple, you only need to run the script ./upgrade/minor_upgrade.sh at each node to update the symbolic link.

          "},{"location":"upgrade/upgrade_a_cluster/#specific-instructions-for-each-version","title":"Specific instructions for each version","text":""},{"location":"upgrade/upgrade_a_cluster/#from-70-to-71","title":"From 7.0 to 7.1","text":"

          In the background node, Seahub no longer need to be started. Nginx is not needed too.

          The way of how office converter work is changed. The Seahub in front end nodes directly access a service in background node.

          "},{"location":"upgrade/upgrade_a_cluster/#for-front-end-nodes","title":"For front-end nodes","text":"

          seahub_settings.py

          OFFICE_CONVERTOR_ROOT = 'http://<ip of node background>'\n\u2b07\ufe0f\nOFFICE_CONVERTOR_ROOT = 'http://<ip of node background>:6000'\n

          seafevents.conf

          [OFFICE CONVERTER]\nenabled = true\nworkers = 1\nmax-size = 10\n\n\u2b07\ufe0f\n[OFFICE CONVERTER]\nenabled = true\nworkers = 1\nmax-size = 10\nhost = <ip of node background>\nport = 6000\n
          "},{"location":"upgrade/upgrade_a_cluster/#for-backend-node","title":"For backend node","text":"

          seahub_settings.py is not needed. But you can leave it unchanged.

          seafevents.conf

          [OFFICE CONVERTER]\nenabled = true\nworkers = 1\nmax-size = 10\n\n\u2b07\ufe0f\n[OFFICE CONVERTER]\nenabled = true\nworkers = 1\nmax-size = 10\nhost = <ip of node background>\nport = 6000\n
          "},{"location":"upgrade/upgrade_a_cluster/#from-63-to-70","title":"From 6.3 to 7.0","text":"

          No special upgrade operations.

          "},{"location":"upgrade/upgrade_a_cluster/#from-62-to-63","title":"From 6.2 to 6.3","text":"

          In version 6.2.11, the included Django was upgraded. The memcached configuration needed to be upgraded if you were using a cluster. If you upgrade from a version below 6.1.11, don't forget to change your memcache configuration. If the configuration in your seahub_settings.py is:

          CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '<MEMCACHED SERVER IP>:11211',\n    }\n}\n\nCOMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache'\n

          Now you need to change to:

          CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '<MEMCACHED SERVER IP>:11211',\n    },\n    'locmem': {\n        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',\n    },\n}\nCOMPRESS_CACHE_BACKEND = 'locmem'\n
          "},{"location":"upgrade/upgrade_a_cluster/#from-61-to-62","title":"From 6.1 to 6.2","text":"

          No special upgrade operations.

          "},{"location":"upgrade/upgrade_a_cluster/#from-60-to-61","title":"From 6.0 to 6.1","text":"

          In version 6.1, we upgraded the included ElasticSearch server. The old server listen on port 9500, new server listen on port 9200. Please change your firewall settings.

          "},{"location":"upgrade/upgrade_a_cluster/#from-51-to-60","title":"From 5.1 to 6.0","text":"

          In version 6.0, the folder download mechanism has been updated. This requires that, in a cluster deployment, seafile-data/httptemp folder must be in an NFS share. You can make this folder a symlink to the NFS share.

          cd /data/haiwen/\nln -s /nfs-share/seafile-httptemp seafile-data/httptemp\n

          The httptemp folder only contains temp files for downloading/uploading file on web UI. So there is no reliability requirement for the NFS share. You can export it from any node in the cluster.

          "},{"location":"upgrade/upgrade_a_cluster/#from-v50-to-v51","title":"From v5.0 to v5.1","text":"

          Because Django is upgraded to 1.8, the COMPRESS_CACHE_BACKEND should be changed

             -    COMPRESS_CACHE_BACKEND = 'locmem://'\n   +    COMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache'\n
          "},{"location":"upgrade/upgrade_a_cluster/#from-v44-to-v50","title":"From v4.4 to v5.0","text":"

          v5.0 introduces some database schema change, and all configuration files (ccnet.conf, seafile.conf, seafevents.conf, seahub_settings.py) are moved to a central config directory.

          Perform the following steps to upgrade:

          • Run the upgrade script at one fronend node to upgrade the database.
          ./upgrade/upgrade_4.4_5.0.sh\n
          • Then, on all other frontend nodes and the background node, run the upgrade script with SEAFILE_SKIP_DB_UPGRADE environmental variable turned on:
          SEAFILE_SKIP_DB_UPGRADE=1 ./upgrade/upgrade_4.4_5.0.sh\n

          After the upgrade, you should see the configuration files has been moved to the conf/ folder.

          conf/\n  |__ ccnet.conf\n  |__ seafile.conf\n  |__ seafevent.conf\n  |__ seafdav.conf\n  |__ seahub_settings.conf\n
          "},{"location":"upgrade/upgrade_a_cluster/#from-v43-to-v44","title":"From v4.3 to v4.4","text":"

          There are no database and search index upgrade from v4.3 to v4.4. Perform the following steps to upgrade:

          1. Run the minor upgrade script at frontend and backend nodes
          "},{"location":"upgrade/upgrade_a_cluster/#from-v42-to-v43","title":"From v4.2 to v4.3","text":"

          v4.3 contains no database table change from v4.2. But the old search index will be deleted and regenerated.

          A new option COMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache' should be added to seahub_settings.py

          The secret key in seahub_settings.py need to be regenerated, the old secret key lack enough randomness.

          Perform the following steps to upgrade:

          1. Run the upgrade script at one fronend node to modify the seahub_settings.py
          2. Modify seahub_settings.py at each node, replacing the old secret key with the new one and add option COMPRESS_CACHE_BACKEND
          3. Run the minor upgrade script at frontend and backend nodes
          4. Delete the old search index (the folder pro-data/search) at the backend node
          5. Delete the old office preview output folder (/tmp/seafile-office-output) at the backend node
          "},{"location":"upgrade/upgrade_a_cluster_docker/","title":"Upgrade a Seafile cluster (Docker)","text":""},{"location":"upgrade/upgrade_a_cluster_docker/#major-and-minor-version-upgrade","title":"Major and minor version upgrade","text":"

          Seafile adds new features in major and minor versions. It is likely that some database tables need to be modified or the search index need to be updated. In general, upgrading a cluster contains the following steps:

          1. Update Seafile image
          2. Upgrade the database
          3. Update configuration files at each node
          4. Update search index in the backend node

          In general, to upgrade a cluster, you need:

          1. Download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version. Start with docker compose up.
          2. Run the upgrade script in container (for example, /opt/seafile/seafile-server-latest/upgrade/upgrade_10_0_11_0.sh) in one frontend node
          3. Update configuration files at each node according to the documentation for each version
          4. Delete old search index in the backend node if needed
          "},{"location":"upgrade/upgrade_a_cluster_docker/#maintanence-upgrade","title":"Maintanence upgrade","text":"

          Maintanence upgrade only needs to download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version. Start with docker compose up.

          "},{"location":"upgrade/upgrade_a_cluster_docker/#upgrade-from-100-to-110","title":"Upgrade from 10.0 to 11.0","text":"

          Migrate your configuration for LDAP and OAuth according to here

          "},{"location":"upgrade/upgrade_a_cluster_docker/#upgrade-from-90-to-100","title":"Upgrade from 9.0 to 10.0","text":"

          If you are using with ElasticSearch, SAML SSO and storage backend features, follow the upgrading manual on how to update the configuration for these features.

          If you want to use the new notification server and rate control (pro edition only), please refer to the upgrading manual.

          "},{"location":"upgrade/upgrade_a_cluster_docker/#upgrade-from-80-to-90","title":"Upgrade from 8.0 to 9.0","text":"

          If you are using with ElasticSearch, follow the upgrading manual on how to update the configuration.

          "},{"location":"upgrade/upgrade_docker/","title":"Upgrade Seafile Docker","text":"

          For maintenance upgrade, like from version 10.0.1 to version 10.0.4, just download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version, then start with docker compose up.

          For major version upgrade, like from 10.0 to 11.0, see instructions below.

          Please check the upgrade notes for any special configuration or changes before/while upgrading.

          "},{"location":"upgrade/upgrade_docker/#upgrade-from-110-to-120","title":"Upgrade from 11.0 to 12.0","text":"

          From Seafile Docker 12.0, we recommend that you use .env and seafile-server.yml files for configuration.

          "},{"location":"upgrade/upgrade_docker/#backup-the-original-docker-composeyml-file","title":"Backup the original docker-compose.yml file:","text":"
          mv docker-compose.yml docker-compose.yml.bak\n
          "},{"location":"upgrade/upgrade_docker/#download-seafile-120-docker-files","title":"Download Seafile 12,0 Docker files","text":"

          Download .env, seafile-server.yml and caddy.yml, and modify .env file according to the old configuration in docker-compose.yml.bak

          Seafile community editionSeafile pro edition 

          wget -O .env https://manual.seafile.com/12.0/docker/ce/env\nwget https://manual.seafile.com/12.0/docker/ce/seafile-server.yml\nwget https://manual.seafile.com/12.0/docker/ce/caddy.yml\n
          The following fields merit particular attention:

          Variable Description Default Value SEAFILE_VOLUME The volume directory of Seafile data /opt/seafile-data SEAFILE_MYSQL_VOLUME The volume directory of MySQL data /opt/seafile-mysql/db SEAFILE_CADDY_VOLUME The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's /opt/seafile-caddy INIT_SEAFILE_MYSQL_ROOT_PASSWORD The root password of MySQL (required) SEAFILE_MYSQL_DB_USER The user of MySQL (database - user can be found in conf/seafile.conf) seafile SEAFILE_MYSQL_DB_PASSWORD The user seafile password of MySQL (required) JWT JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using pwgen -s 40 1 (required) SEAFILE_SERVER_HOSTNAME Seafile server hostname or domain (required) SEAFILE_SERVER_PROTOCOL Seafile server protocol (http or https) http TIME_ZONE Time zone UTC INIT_SEAFILE_ADMIN_EMAIL Admin username me@example.com (Recommend modifications) INIT_SEAFILE_ADMIN_PASSWORD Admin password asecret (Recommend modifications) 

          wget -O .env https://manual.seafile.com/12.0/docker/pro/env\nwget https://manual.seafile.com/12.0/docker/pro/seafile-server.yml\nwget https://manual.seafile.com/12.0/docker/pro/caddy.yml\n
          The following fields merit particular attention:

          Variable Description Default Value SEAFILE_VOLUME The volume directory of Seafile data /opt/seafile-data SEAFILE_MYSQL_VOLUME The volume directory of MySQL data /opt/seafile-mysql/db SEAFILE_CADDY_VOLUME The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's /opt/seafile-caddy SEAFILE_ELASTICSEARCH_VOLUME (Only valid for Seafile PE) The volume directory of Elasticsearch data /opt/seafile-elasticsearch/data INIT_SEAFILE_MYSQL_ROOT_PASSWORD The root password of MySQL (required) SEAFILE_MYSQL_DB_USER The user of MySQL (database - user can be found in conf/seafile.conf) seafile SEAFILE_MYSQL_DB_PASSWORD The user seafile password of MySQL (required) JWT JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using pwgen -s 40 1 (required) SEAFILE_SERVER_HOSTNAME Seafile server hostname or domain (required) SEAFILE_SERVER_PROTOCOL Seafile server protocol (http or https) http TIME_ZONE Time zone UTC INIT_SEAFILE_ADMIN_EMAIL Admin username me@example.com INIT_SEAFILE_ADMIN_PASSWORD Admin password asecret

          Tip

          SSL is now handled by the caddy server. If you have used SSL before, you will also need modify the seafile.nginx.conf. Change server listen 443 to 80.

          Backup the original seafile.nginx.conf file:

          cp seafile.nginx.conf seafile.nginx.conf.bak\n

          Remove the server listen 80 section:

          #server {\n#    listen 80;\n#    server_name _ default_server;\n\n    # allow certbot to connect to challenge location via HTTP Port 80\n    # otherwise renewal request will fail\n#    location /.well-known/acme-challenge/ {\n#        alias /var/www/challenges/;\n#        try_files $uri =404;\n#    }\n\n#    location / {\n#        rewrite ^ https://example.seafile.com$request_uri? permanent;\n#    }\n#}\n

          Change server listen 443 to 80:

          server {\n#listen 443 ssl;\nlisten 80;\n\n#    ssl_certificate      /shared/ssl/pkg.seafile.top.crt;\n#    ssl_certificate_key  /shared/ssl/pkg.seafile.top.key;\n\n#    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;\n\n   ...\n

          Start with docker compose up.

          "},{"location":"upgrade/upgrade_docker/#upgrade-seadoc-from-08-to-10-for-seafile-v120","title":"Upgrade SeaDoc from 0.8 to 1.0 for Seafile v12.0","text":"

          If you have deployed SeaDoc v0.8 with Seafile v11.0, you can upgrade it to 1.0 use the following two steps:

          1. Delete sdoc_db.
          2. Remove SeaDoc configs in seafile.nginx.conf file.
          3. Re-deploy SeaDoc server. In other words, delete the old SeaDoc deployment and deploy a new SeaDoc server on a separate machine.

          Warning

          Deploying SeaDoc and Seafile binary package on the same server is no longer supported. If you really want to deploying SeaDoc and Seafile server on the same machine, you should deploy Seafile server with Docker.

          "},{"location":"upgrade/upgrade_docker/#delete-sdoc_db","title":"Delete sdoc_db","text":"

          From version 1.0, SeaDoc is using seahub_db database to store its operation logs and no longer need an extra database sdoc_db. The database tables in seahub_db are created automatically when you upgrade Seafile server from v11.0 to v12.0. You can simply delete sdoc_db.

          "},{"location":"upgrade/upgrade_docker/#remove-seadoc-configs-in-seafilenginxconf-file","title":"Remove SeaDoc configs in seafile.nginx.conf file","text":"

          If you have deployed SeaDoc older version, you should remove /sdoc-server/, /socket.io configs in seafile.nginx.conf file.

          #    location /sdoc-server/ {\n#        add_header Access-Control-Allow-Origin *;\n#        add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;\n#        add_header Access-Control-Allow-Headers \"deviceType,token, authorization, content-type\";\n#        if ($request_method = 'OPTIONS') {\n#            add_header Access-Control-Allow-Origin *;\n#            add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;\n#            add_header Access-Control-Allow-Headers \"deviceType,token, authorization, content-type\";\n#            return 204;\n#        }\n#        proxy_pass         http://sdoc-server:7070/;\n#        proxy_redirect     off;\n#        proxy_set_header   Host              $host;\n#        proxy_set_header   X-Real-IP         $remote_addr;\n#        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;\n#        proxy_set_header   X-Forwarded-Host  $server_name;\n#        proxy_set_header   X-Forwarded-Proto $scheme;\n#        client_max_body_size 100m;\n#    }\n#    location /socket.io {\n#        proxy_pass http://sdoc-server:7070;\n#        proxy_http_version 1.1;\n#        proxy_set_header Upgrade $http_upgrade;\n#        proxy_set_header Connection 'upgrade';\n#        proxy_redirect off;\n#        proxy_buffers 8 32k;\n#        proxy_buffer_size 64k;\n#        proxy_set_header X-Real-IP $remote_addr;\n#        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n#        proxy_set_header Host $http_host;\n#        proxy_set_header X-NginX-Proxy true;\n#    }\n
          "},{"location":"upgrade/upgrade_docker/#deploy-a-new-seadoc-server","title":"Deploy a new SeaDoc server","text":"

          Please see the document Setup SeaDoc to install SeaDoc on a separate machine and integrate with your binary packaged based Seafile server v12.0.

          "},{"location":"upgrade/upgrade_docker/#upgrade-from-100-to-110","title":"Upgrade from 10.0 to 11.0","text":"

          Download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version. Taking the community edition as an example, you have to modify

          ...\nservice:\n    ...\n    seafile:\n        image: seafileltd/seafile-mc:10.0-latest\n        ...\n    ...\n

          to

          service:\n    ...\n    seafile:\n        image: seafileltd/seafile-mc:11.0-latest\n        ...\n    ...\n

          It is also recommended that you upgrade mariadb and memcached to newer versions as in the v11.0 docker-compose.yml file. Specifically, in version 11.0, we use the following versions:

          • MariaDB: 10.11
          • Memcached: 1.6.18

          What's more, you have to migrate configuration for LDAP and OAuth according to here

          Start with docker compose up.

          "},{"location":"upgrade/upgrade_docker/#upgrade-from-90-to-100","title":"Upgrade from 9.0 to 10.0","text":"

          Just download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version, then start with docker compose up.

          If you are using pro edition with ElasticSearch, SAML SSO and storage backend features, follow the upgrading manual on how to update the configuration for these features.

          If you want to use the new notification server and rate control (pro edition only), please refer to the upgrading manual.

          "},{"location":"upgrade/upgrade_docker/#upgrade-from-80-to-90","title":"Upgrade from 8.0 to 9.0","text":"

          Just download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version, then start with docker compose up.

          "},{"location":"upgrade/upgrade_docker/#lets-encrypt-ssl-certificate","title":"Let's encrypt SSL certificate","text":"

          Since version 9.0.6, we use Acme V3 (not acme-tiny) to get certificate.

          If there is a certificate generated by an old version, you need to back up and move the old certificate directory and the seafile.nginx.conf before starting.

          mv /opt/seafile/shared/ssl /opt/seafile/shared/ssl-bak\n\nmv /opt/seafile/shared/nginx/conf/seafile.nginx.conf /opt/seafile/shared/nginx/conf/seafile.nginx.conf.bak\n

          Starting the new container will automatically apply a certificate.

          docker compose down\ndocker compose up -d\n

          Please wait a moment for the certificate to be applied, then you can modify the new seafile.nginx.conf as you want. Execute the following command to make the nginx configuration take effect.

          docker exec seafile nginx -s reload\n

          A cron job inside the container will automatically renew the certificate.

          "},{"location":"upgrade/upgrade_docker/#upgrade-from-71-to-80","title":"Upgrade from 7.1 to 8.0","text":"

          Just download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version, then start with docker compose up.

          "},{"location":"upgrade/upgrade_docker/#upgrade-from-70-to-71","title":"Upgrade from 7.0 to 7.1","text":"

          Just download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version, then start with docker compose up.

          "},{"location":"upgrade/upgrade_notes_for_10.0.x/","title":"Upgrade notes for 10.0","text":"

          These notes give additional information about changes. Please always follow the main upgrade guide.

          For docker based version, please check upgrade Seafile Docker image

          "},{"location":"upgrade/upgrade_notes_for_10.0.x/#important-release-changes","title":"Important release changes","text":""},{"location":"upgrade/upgrade_notes_for_10.0.x/#enable-notification-server","title":"Enable notification server","text":"

          The notification server enables desktop syncing and drive clients to get notification of library changes immediately using websocket. There are two benefits:

          1. Reduce the time for syncing new changes to local
          2. Reduce the load of the server as periodically pulling is removed. There are significant reduction of load when you have 1000+ clients.

          The notification server works with Seafile syncing client 9.0+ and drive client 3.0+.

          Please follow the document to enable notification server

          "},{"location":"upgrade/upgrade_notes_for_10.0.x/#memcached-section-in-the-seafileconf-pro-edition-only","title":"Memcached section in the seafile.conf (pro edition only)","text":"

          If you use storage backend or cluster, make sure the memcached section is in the seafile.conf.

          Since version 10.0, all memcached options are consolidated to the one below.

          Modify the seafile.conf:

          [memcached]\nmemcached_options = --SERVER=<the IP of Memcached Server> --POOL-MIN=10 --POOL-MAX=100\n
          "},{"location":"upgrade/upgrade_notes_for_10.0.x/#saml-sso-change-pro-edition-only","title":"SAML SSO change (pro edition only)","text":"

          The configuration for SAML SSO in Seafile is greatly simplified. Now only three options are needed:

          ENABLE_ADFS_LOGIN = True\nLOGIN_REDIRECT_URL = '/saml2/complete/'\nSAML_REMOTE_METADATA_URL = 'https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxx'\nSAML_ATTRIBUTE_MAPPING = {\n    'name': ('display_name', ),\n    'mail': ('contact_email', ),\n    ...\n}\n

          Please check the new document on SAML SSO

          "},{"location":"upgrade/upgrade_notes_for_10.0.x/#rate-control-in-role-settings-pro-edition-only","title":"Rate control in role settings (pro edition only)","text":"

          Starting from version 10.0, Seafile allows administrators to configure upload and download speed limits for users with different roles through the following two steps:

          1. Configuring rate limiting for different roles in seahub_settings.py.
          ENABLED_ROLE_PERMISSIONS = {\n    'default': {\n    ...\n        'upload_rate_limit': 2000,  # unit: kb/s\n        'download_rate_limit': 4000,\n    ...\n    },\n    'guest': {\n    ...\n        'upload_rate_limit': 100,\n        'download_rate_limit': 200,\n    ...\n    },\n}\n
          1. Run the following command in the seafile-server-latest directory to make the configuration take effect.
          ./seahub.sh python-env python3 seahub/manage.py set_user_role_upload_download_rate_limit\n
          "},{"location":"upgrade/upgrade_notes_for_10.0.x/#elasticsearch-change-pro-edition-only","title":"ElasticSearch change (pro edition only)","text":"

          Elasticsearch is upgraded to version 8.x, fixed and improved some issues of file search function.

          Since elasticsearch 7.x, the default number of shards has changed from 5 to 1, because too many index shards will over-occupy system resources; but when a single shard data is too large, it will also reduce search performance. Starting from version 10.0, Seafile supports customizing the number of shards in the configuration file.

          You can use the following command to query the current size of each shard to determine the best number of shards for you:

          curl 'http{s}://<es IP>:9200/_cat/shards/repofiles?v'\n

          The official recommendation is that the size of each shard should be between 10G-50G: https://www.elastic.co/guide/en/elasticsearch/reference/8.6/size-your-shards.html#shard-size-recommendation.

          Modify the seafevents.conf:

          [INDEX FILES]\n...\nshards = 10     # default is 5\n...\n
          "},{"location":"upgrade/upgrade_notes_for_10.0.x/#new-python-libraries","title":"New Python libraries","text":"

          Note, you should install Python libraries system wide using root user or sudo mode.

          For Ubuntu 20.04/22.04

          sudo pip3 install future==0.18.* mysqlclient==2.1.* pillow==10.2.* captcha==0.5.* django_simple_captcha==0.5.20 djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1\n

          For Debian 11

          su pip3 install future==0.18.* mysqlclient==2.1.* pillow==9.3.* captcha==0.4 django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1\n
          "},{"location":"upgrade/upgrade_notes_for_10.0.x/#upgrade-to-100x","title":"Upgrade to 10.0.x","text":"

          1. Stop Seafile-9.0.x server.

          2. Start from Seafile 10.0.x, run the script:

            upgrade/upgrade_9.0_10.0.sh\n

          If you are using pro edtion, modify memcached option in seafile.conf and SAML SSO configuration if needed.

          1. Start Seafile-10.0.x server.
          "},{"location":"upgrade/upgrade_notes_for_10.0.x/#update-elasticsearch-pro-edition-only","title":"Update Elasticsearch (pro edition only)","text":"

          You can choose one of the methods to upgrade your index data.

          "},{"location":"upgrade/upgrade_notes_for_10.0.x/#method-one-reindex-the-old-index-data","title":"Method one, reindex the old index data","text":"

          1. Download Elasticsearch image:

          docker pull elasticsearch:7.17.9\n

          Create a new folder to store ES data and give the folder permissions:

          mkdir -p /opt/seafile-elasticsearch/data  && chmod -R 777 /opt/seafile-elasticsearch/data/\n

          Start ES docker image:

          sudo docker run -d --name es-7.17 -p 9200:9200  -e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" -e \"ES_JAVA_OPTS=-Xms1g -Xmx1g\" -e \"xpack.security.enabled=false\" --restart=always -v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data -d elasticsearch:7.17.9\n

          PS: ES_JAVA_OPTS can be adjusted according to your need.

          2. Create an index with 8.x compatible mappings:

          # create repo_head index\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repo_head_8?pretty=true' -d '\n{\n  \"mappings\" : {\n    \"properties\" : {\n      \"commit\" : {\n        \"type\" : \"keyword\",\n        \"index\" : false\n      },\n      \"repo\" : {\n        \"type\" : \"keyword\",\n        \"index\" : false\n      },\n      \"updatingto\" : {\n        \"type\" : \"keyword\",\n        \"index\" : false\n      }\n    }\n  }\n}'\n\n# create repofiles index, number_of_shards is the number of shards, here is set to 5, you can also modify it to the most suitable number of shards\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repofiles_8/?pretty=true' -d '\n{\n  \"settings\" : {\n    \"index\" : {\n      \"number_of_shards\" : \"5\",\n      \"analysis\" : {\n        \"analyzer\" : {\n          \"seafile_file_name_ngram_analyzer\" : {\n            \"filter\" : [\n              \"lowercase\"\n            ],\n            \"type\" : \"custom\",\n            \"tokenizer\" : \"seafile_file_name_ngram_tokenizer\"\n          }\n        },\n        \"tokenizer\" : {\n          \"seafile_file_name_ngram_tokenizer\" : {\n            \"type\" : \"ngram\",\n            \"min_gram\" : \"3\",\n            \"max_gram\" : \"4\"\n          }\n        }\n      }\n    }\n  },\n  \"mappings\" : {\n    \"properties\" : {\n      \"content\" : {\n        \"type\" : \"text\",\n        \"term_vector\" : \"with_positions_offsets\"\n      },\n      \"filename\" : {\n        \"type\" : \"text\",\n        \"fields\" : {\n          \"ngram\" : {\n            \"type\" : \"text\",\n            \"analyzer\" : \"seafile_file_name_ngram_analyzer\"\n          }\n        }\n      },\n      \"is_dir\" : {\n        \"type\" : \"boolean\"\n      },\n      \"mtime\" : {\n        \"type\" : \"date\"\n      },\n      \"path\" : {\n        \"type\" : \"keyword\"\n      },\n      \"repo\" : {\n        \"type\" : \"keyword\"\n      },\n      \"size\" : {\n        \"type\" : \"long\"\n      },\n      \"suffix\" : {\n        \"type\" : \"keyword\"\n      }\n    }\n  }\n}'\n

          3. Set the refresh_interval to -1 and the number_of_replicas to 0 for efficient reindex:

          curl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repo_head_8/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : \"-1\",\n    \"number_of_replicas\" : 0\n  }\n}'\n\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repofiles_8/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : \"-1\",\n    \"number_of_replicas\" : 0\n  }\n}'\n

          4. Use the reindex API to copy documents from the 7.x index into the new index:

          curl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_reindex/?wait_for_completion=false&pretty=true' -d '\n{\n  \"source\": {\n    \"index\": \"repo_head\"\n  },\n  \"dest\": {\n    \"index\": \"repo_head_8\"\n  }\n}'\n\ncurl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_reindex/?wait_for_completion=false&pretty=true' -d '\n{\n  \"source\": {\n    \"index\": \"repofiles\"\n  },\n  \"dest\": {\n    \"index\": \"repofiles_8\"\n  }\n}'\n

          5. Use the following command to check if the reindex task is complete:

          # Get the task_id of the reindex task:\n$ curl 'http{s}://{es server IP}:9200/_tasks?actions=*reindex&pretty'\n# Check to see if the reindex task is complete:\n$ curl 'http{s}://{es server IP}:9200/_tasks/:<task_id>?pretty'\n

          6. Reset the refresh_interval and number_of_replicas to the values used in the old index:

          curl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repo_head_8/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : null,\n    \"number_of_replicas\" : 1\n  }\n}'\n\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repofiles_8/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : null,\n    \"number_of_replicas\" : 1\n  }\n}'\n

          7. Wait for the elasticsearch status to change to green (or yellow if it is a single node).

          curl 'http{s}://{es server IP}:9200/_cluster/health?pretty'\n

          8. Use the aliases API delete the old index and add an alias with the old index name to the new index:

          curl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_aliases?pretty' -d '\n{\n  \"actions\": [\n    {\"remove_index\": {\"index\": \"repo_head\"}},\n    {\"remove_index\": {\"index\": \"repofiles\"}},\n    {\"add\": {\"index\": \"repo_head_8\", \"alias\": \"repo_head\"}},\n    {\"add\": {\"index\": \"repofiles_8\", \"alias\": \"repofiles\"}}\n  ]\n}'\n

          9. Deactivate the 7.17 container, pull the 8.x image and run:

          $ docker stop es-7.17\n\n$ docker rm es-7.17\n\n$ docker pull elasticsearch:8.6.2\n\n$ sudo docker run -d --name es -p 9200:9200 -e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" -e \"ES_JAVA_OPTS=-Xms1g -Xmx1g\" -e \"xpack.security.enabled=false\" --restart=always -v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data -d elasticsearch:8.6.2\n
          "},{"location":"upgrade/upgrade_notes_for_10.0.x/#method-two-rebuild-the-index-and-discard-the-old-index-data","title":"Method two, rebuild the index and discard the old index data","text":"

          1. Pull Elasticsearch image:

          docker pull elasticsearch:8.5.3\n

          Create a new folder to store ES data and give the folder permissions:

          mkdir -p /opt/seafile-elasticsearch/data  && chmod -R 777 /opt/seafile-elasticsearch/data/\n

          Start ES docker image:

          sudo docker run -d --name es -p 9200:9200 -e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" -e \"ES_JAVA_OPTS=-Xms1g -Xmx1g\" -e \"xpack.security.enabled=false\" --restart=always -v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data -d elasticsearch:8.5.3\n

          2. Modify the seafevents.conf:

          [INDEX FILES]\n...\nexternal_es_server = true\nes_host = http{s}://{es server IP}\nes_port = 9200\nshards = 10   # default is 5.\n...\n

          Restart Seafile server:

          su seafile\ncd seafile-server-latest/\n./seafile.sh stop && ./seahub.stop \n./seafile.sh start && ./seahub.start\n

          3. Delete old index data

          rm -rf /opt/seafile-elasticsearch/data/*\n

          4. Create new index data:

          $ cd /opt/seafile/seafile-server-latest\n$ ./pro/pro.py search --update\n
          "},{"location":"upgrade/upgrade_notes_for_10.0.x/#method-three-if-you-are-in-a-cluster-environment","title":"Method three, if you are in a cluster environment","text":"

          1. Deploy elasticsearch 8.x according to method two. Use Seafile 10.0 version to deploy a new backend node and modify the seafevents.conf file. The background node does not start the Seafile background service, just manually run the command ./pro/pro.py search --update.

          2. Upgrade the other nodes to Seafile 10.0 version and use the new Elasticsearch 8.x server.

          3. Then deactivate the old backend node and the old version of Elasticsearch.

          "},{"location":"upgrade/upgrade_notes_for_11.0.x/","title":"Upgrade notes for 11.0","text":"

          These notes give additional information about changes. Please always follow the main upgrade guide.

          For docker based version, please check upgrade Seafile Docker image

          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#important-release-changes","title":"Important release changes","text":""},{"location":"upgrade/upgrade_notes_for_11.0.x/#change-of-user-identity","title":"Change of user identity","text":"

          Previous Seafile versions directly used a user's email address or SSO identity as their internal user ID.

          Seafile 11.0 introduces virtual user IDs - random, internal identifiers like \"adc023e7232240fcbb83b273e1d73d36@auth.local\". For new users, a virtual ID will be generated instead of directly using their email. A mapping between the email and virtual ID will be stored in the \"profile_profile\" database table. For SSO users,the mapping between SSO ID and virtual ID is stored in the \"social_auth_usersocialauth\" table.

          Overall this brings more flexibility to handle user accounts and identity changes. Existing users will use the same old ID.

          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#reimplementation-of-ldap-integration","title":"Reimplementation of LDAP Integration","text":"

          Previous Seafile versions handled LDAP authentication in the ccnet-server component. In Seafile 11.0, LDAP is reimplemented within the Seahub Python codebase.

          LDAP configuration has been moved from ccnet.conf to seahub_settings.py. The ccnet_db.LDAPImported table is no longer used - LDAP users are now stored in ccnet_db.EmailUsers along with other users.

          Benefits of this new implementation:

          • Improved compatibility across different systems. Python code is more portable than the previous C implementation.
          • Consistent handling of users whether they login via LDAP or other methods like email/password.

          You need to run migrate_ldapusers.py script to merge ccnet_db.LDAPImported table to ccnet_db.EmailUsers table. The setting files need to be changed manually. (See more details below)

          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#oauth-authentication-and-other-sso-methods","title":"OAuth authentication and other SSO methods","text":"

          If you use OAuth authentication, the configuration need to be changed a bit.

          If you use SAML, you don't need to change configuration files. For SAML2, in version 10, the name_id field is returned from SAML server, and is used as the username (the email field in ccnet_dbEmailUser). In version 11, for old users, Seafile will find the old user and create a name_id to name_id mapping in social_auth_usersocialauth. For new users, Seafile will create a new user with random ID and add a name_id to the random ID mapping in social_auth_usersocialauth. In addition, we have added a feature where you can configure to disable login with a username and password for saml users by using the config of DISABLE_ADFS_USER_PWD_LOGIN = True in seahub_settings.py.

          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#dropped-sqlite-database-support","title":"Dropped SQLite Database Support","text":"

          Seafile 11.0 dropped using SQLite as the database. It is better to migrate from SQLite database to MySQL database before upgrading to version 11.0.

          There are several reasons driving this change:

          • Focus on collaborative features - SQLite's limitations make advanced concurrency and locking difficult, which collaborative editing requires. Different Seafile components need simultaneous database access. Especially after adding seafevents component in version 11.0 for the community edition.
          • Docker deployments - Our official Docker images do not support SQLite. MySQL is the preferred option.
          • Migration difficulties - Migrating SQLite databases to MySQL via SQL translation is unreliable.

          To migrate from SQLite database to MySQL database, you can follow the document Migrate from SQLite to MySQL. If you have issues in the migration, just post a thread in our forum. We are glad to help you.

          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#elasticsearch-change-pro-edition-only","title":"ElasticSearch change (pro edition only)","text":"

          Elasticsearch version is not changed in Seafile version 11.0

          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#new-saml-prerequisites-multi_tenancy-only","title":"New SAML prerequisites (MULTI_TENANCY only)","text":"

          For Ubuntu 20.04/22.04

          sudo apt-get update\nsudo apt-get install -y dnsutils\n
          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#django-csrf-protection-issue","title":"Django CSRF protection issue","text":"

          Django 4.* has introduced a new check for the origin http header in CSRF verification. It now compares the values of the origin field in HTTP header and the host field in HTTP header. If they are different, an error is triggered.

          If you deploy Seafile behind a proxy, or if you use a non-standard port, or if you deploy Seafile in cluster, it is likely the origin field in HTTP header received by Django and the host field in HTTP header received by Django are different. Because the host field in HTTP header is likely to be modified by proxy. This mismatch results in a CSRF error.

          You can add CSRF_TRUSTED_ORIGINS to seahub_settings.py to solve the problem:

          CSRF_TRUSTED_ORIGINS = [\"https://<your-domain>\"]\n
          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#new-python-libraries","title":"New Python libraries","text":"

          Note, you should install Python libraries system wide using root user or sudo mode.

          For Ubuntu 20.04/22.04

          sudo apt-get update\nsudo apt-get install -y python3-dev ldap-utils libldap2-dev\n\nsudo pip3 install future==0.18.* mysqlclient==2.1.* pillow==10.2.* sqlalchemy==2.0.18 captcha==0.5.* django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 python-ldap==3.4.3\n
          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#upgrade-to-110x","title":"Upgrade to 11.0.x","text":""},{"location":"upgrade/upgrade_notes_for_11.0.x/#1-stop-seafile-100x-server","title":"1) Stop Seafile-10.0.x server.","text":""},{"location":"upgrade/upgrade_notes_for_11.0.x/#2-start-from-seafile-110x-run-the-script","title":"2) Start from Seafile 11.0.x, run the script:","text":"
          upgrade/upgrade_10.0_11.0.sh\n
          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#3modify-configurations-and-migrate-ldap-records","title":"3\uff09Modify configurations and migrate LDAP records","text":""},{"location":"upgrade/upgrade_notes_for_11.0.x/#change-configurations-for-ldap","title":"Change configurations for LDAP","text":"

          The configuration items of LDAP login and LDAP sync tasks are migrated from ccnet.conf to seahub_settings.py. The name of the configuration item is based on the 10.0 version, and the characters 'LDAP_' or 'MULTI_LDAP_1' are added. Examples are as follows:

          # Basic configuration items for LDAP login\nENABLE_LDAP = True\nLDAP_SERVER_URL = 'ldap://192.168.0.125'     # The URL of LDAP server\nLDAP_BASE_DN = 'ou=test,dc=seafile,dc=ren'   # The root node of users who can \n                                             # log in to Seafile in the LDAP server\nLDAP_ADMIN_DN = 'administrator@seafile.ren'  # DN of the administrator used \n                                             # to query the LDAP server for information\nLDAP_ADMIN_PASSWORD = 'Hello@123'            # Password of LDAP_ADMIN_DN\nLDAP_PROVIDER = 'ldap'                       # Identify the source of the user, used in \n                                             # the table social_auth_usersocialauth, defaults to 'ldap'\nLDAP_LOGIN_ATTR = 'userPrincipalName'        # User's attribute used to log in to Seafile, \n                                             # can be mail or userPrincipalName, cannot be changed\nLDAP_FILTER = 'memberOf=CN=testgroup,OU=test,DC=seafile,DC=ren'  # Additional filter conditions,\n                                                                 # users who meet the filter conditions can log in, otherwise they cannot log in\n# For update user info when login\nLDAP_CONTACT_EMAIL_ATTR = ''             # For update user's contact_email\nLDAP_USER_ROLE_ATTR = ''                 # For update user's role\nLDAP_USER_FIRST_NAME_ATTR = 'givenName'  # For update user's first name\nLDAP_USER_LAST_NAME_ATTR = 'sn'          # For update user's last name\nLDAP_USER_NAME_REVERSE = False           # Whether to reverse the user's first and last name\n

          The following configuration items are only for Pro Edition: 

          # Configuration items for LDAP sync tasks.\nLDAP_SYNC_INTERVAL = 60                  # LDAP sync task period, in minutes\n\n# LDAP user sync configuration items.\nENABLE_LDAP_USER_SYNC = True             # Whether to enable user sync\nLDAP_USER_OBJECT_CLASS = 'person'        # This is the name of the class used to search for user objects. \n                                         # In Active Directory, it's usually \"person\". The default value is \"person\".\nLDAP_DEPT_ATTR = ''                      # LDAP user's department info\nLDAP_UID_ATTR = ''                       # LDAP user's login_id attribute\nLDAP_AUTO_REACTIVATE_USERS = True        # Whether to auto activate deactivated user\nLDAP_USE_PAGED_RESULT = False            # Whether to use pagination extension\nIMPORT_NEW_USER = True                   # Whether to import new users when sync user\nACTIVATE_USER_WHEN_IMPORT = True         # Whether to activate the user when importing new user\nENABLE_EXTRA_USER_INFO_SYNC = True       # Whether to enable sync of additional user information,\n                                         # including user's full name, contact_email, department, and Windows login name, etc.\nDEACTIVE_USER_IF_NOTFOUND = False        # Set to \"true\" if you want to deactivate a user \n                                         # when he/she was deleted in AD server.\n\n# LDAP group sync configuration items.\nENABLE_LDAP_GROUP_SYNC = True            # Whether to enable group sync\nLDAP_GROUP_FILTER = ''                   # Group sync filter\nLDAP_SYNC_DEPARTMENT_FROM_OU = True      # Whether to enable sync departments from OU.\nLDAP_GROUP_OBJECT_CLASS = 'group'        # This is the name of the class used to search for group objects.\nLDAP_GROUP_MEMBER_ATTR = 'member'        # The attribute field to use when loading the group's members. \n                                         # For most directory servers, the attributes is \"member\" \n                                         # which is the default value.For \"posixGroup\", it should be set to \"memberUid\".\nLDAP_USER_ATTR_IN_MEMBERUID = 'uid'      # The user attribute set in 'memberUid' option, \n                                         # which is used in \"posixGroup\".The default value is \"uid\".\nLDAP_GROUP_UUID_ATTR = 'objectGUID'      # Used to uniquely identify groups in LDAP\nLDAP_USE_GROUP_MEMBER_RANGE_QUERY = False   # When a group contains too many members, \n                                            # AD will only return part of them. Set this option to TRUE\n                                            # to make LDAP sync work with large groups.\nLDAP_SYNC_GROUP_AS_DEPARTMENT = False    # Whether to sync groups as top-level departments in Seafile\nLDAP_DEPT_NAME_ATTR = ''                 # Used to get the department name.\nLDAP_CREATE_DEPARTMENT_LIBRARY = False   # If you decide to sync the group as a department,\n                                         # you can set this option to \"true\". In this way, when \n                                         # the group is synchronized for the first time, a library\n                                         # is automatically created for the department, and the \n                                         # library's name is the department's name.\nLDAP_DEPT_REPO_PERM = 'rw'               # Set the permissions of the department repo, default permission is 'rw'.\nLDAP_DEFAULT_DEPARTMENT_QUOTA = -2       # You can set a default space quota for each department\n                                         # when you synchronize a group for the first time. The \n                                         # quota is set to unlimited if this option is not set.\n                                         # Unit is MB.\nDEL_GROUP_IF_NOT_FOUND = False           # Set to \"true\", sync process will delete the group if not found it in LDAP server.\nDEL_DEPARTMENT_IF_NOT_FOUND = False      # Set to \"true\", sync process will deleted the department if not found it in LDAP server.\n

          If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set SSO_LDAP_USE_SAME_UID = True:

          SSO_LDAP_USE_SAME_UID = True\n

          Note, here the UID means the unique user ID, in LDAP it is the attribute you use for LDAP_LOGIN_ATTR (not LDAP_UID_ATTR), in ADFS it is uid attribute. You need make sure you use the same attribute for the two settings.

          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#migrate-ldap-records","title":"Migrate LDAP records","text":"

          Run the following script to migrate users in LDAPImported to EmailUsers

          cd <install-path>/seafile-server-latest\npython3 migrate_ldapusers.py\n

          For Seafile docker

          docker exec -it seafile /usr/bin/python3 /opt/seafile/seafile-server-latest/migrate_ldapusers.py\n
          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#change-configuration-for-oauth","title":"Change configuration for OAuth:","text":"

          In the new version, the OAuth login configuration should keep the email attribute unchanged to be compatible with new and old user logins. In version 11.0, a new uid attribute is added to be used as a user's external unique ID. The uid will be stored in social_auth_usersocialauth to map to internal virtual ID. For old users, the original email is used the internal virtual ID. The example is as follows:

          # Version 10.0 or earlier\nOAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, \"email\"),\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),\n}\n\n# Since 11.0 version, added 'uid' attribute.\nOAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, \"email\"),  # In the new version, the email attribute configuration should be kept unchanged to be compatible with old and new user logins\n    \"uid\": (True, \"uid\"),   # Seafile use 'uid' as the external unique identifier of the user. Different OAuth systems have different attributes, which may be: 'uid' or 'username', etc.\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),\n}\n

          When a user login, Seafile will first use \"id -> email\" map to find the old user and then create \"uid -> uid\" map for this old user. After all users login once, you can delete the configuration \"id\": (True, \"email\"). You can also manully add records in social_auth_usersocialauth to map extenral uid to old users.

          "},{"location":"upgrade/upgrade_notes_for_11.0.x/#4-start-seafile-110x-server","title":"4) Start Seafile-11.0.x server.","text":""},{"location":"upgrade/upgrade_notes_for_11.0.x/#faq","title":"FAQ","text":"

          We have documented common issues encountered by users when upgrading to version 11.0 in our FAQ https://cloud.seatable.io/dtable/external-links/7b976c85f504491cbe8e/?tid=0000&vid=0000.

          If you encounter any issue, please give it a check.

          "},{"location":"upgrade/upgrade_notes_for_12.0.x/","title":"Upgrade notes for 12.0","text":"

          These notes give additional information about changes. Please always follow the main upgrade guide.

          For docker based version, please check upgrade Seafile Docker image

          "},{"location":"upgrade/upgrade_notes_for_12.0.x/#important-release-changes","title":"Important release changes","text":"

          Seafile version 12.0 has following major changes:

          • A redesigned Web UI
          • SeaDoc is now stable, providing online notes and documents feature
          • A new wiki module (still in beta, disabled by default)
          • A new trash mechanism, that deleted files will be recorded in database for fast listing. In the old version, deleted files are scanned from library history, which is slow.
          • Community edition now also support online GC (because SQLite support is dropped)

          Other changes:

          • A new lightweight and fast search engine, SeaSearch. SeaSearch is optional, you can still use ElasticSearch.

          Breaking changes

          • For security reason, WebDAV no longer support login with LDAP account, the user with LDAP account must generate a WebDAV token at the profile page
          • The password strength level is now calculated by algorithm. The old USER_PASSWORD_MIN_LENGTH, USER_PASSWORD_STRENGTH_LEVEL is removed. Only USER_STRONG_PASSWORD_REQUIRED is still used.
          • ADDITIONAL_APP_BOTTOM_LINKS is removed. Because there is no buttom bar in the navigation side bar now.
          • For binary package based installation, a new .env file is needed to contain some configuration items. These configuration items need to be shared by different components in Seafile. We name it .env to be consistant with docker based installation.
          • [File tags] The current file tags feature is deprecated. We will re-implement a new one in version 13.0 with a new general metadata management module.
          • For ElasticSearch based search, full text search of doc/xls/ppt file types are no longer supported. This enable us to remove Java dependency in Seafile side.

          Deploying SeaDoc and Seafile binary package on the same server is no longer supported. You can:

          • Deploy SeaDoc on a new server and integrate it with Seafile.
          • Migrate Seafile to a docker based deployment method and then deploy SeaDoc in the same server.

          Deploying Seafile with binary package is now deprecated and probably no longer be supported in version 13.0. We recommend you to migrate your existing Seafile deployment to docker based.

          "},{"location":"upgrade/upgrade_notes_for_12.0.x/#elasticsearch-change-pro-edition-only","title":"ElasticSearch change (pro edition only)","text":"

          Elasticsearch version is not changed in Seafile version 12.0

          "},{"location":"upgrade/upgrade_notes_for_12.0.x/#new-python-libraries","title":"New Python libraries","text":"

          Note, you should install Python libraries system wide using root user or sudo mode.

          For Ubuntu 22.04/24.04

          sudo pip3 install future==1.0.* mysqlclient==2.2.* pillow==10.4.* sqlalchemy==2.0.* gevent==24.2.* captcha==0.6.* django_simple_captcha==0.6.* djangosaml2==1.9.* pysaml2==7.3.* pycryptodome==3.20.* cffi==1.17.0 python-ldap==3.4.* PyMuPDF==1.24.* numpy==1.26.*\n
          "},{"location":"upgrade/upgrade_notes_for_12.0.x/#upgrade-to-120-for-binary-installation","title":"Upgrade to 12.0 (for binary installation)","text":"

          The following instruction is for binary package based installation. If you use Docker based installation, please see

          "},{"location":"upgrade/upgrade_notes_for_12.0.x/#1-stop-seafile-110x-server","title":"1) Stop Seafile-11.0.x server","text":""},{"location":"upgrade/upgrade_notes_for_12.0.x/#2-start-from-seafile-120x-run-the-script","title":"2) Start from Seafile 12.0.x, run the script","text":"
          upgrade/upgrade_11.0_12.0.sh\n
          "},{"location":"upgrade/upgrade_notes_for_12.0.x/#3-create-the-env-file-in-conf-directory","title":"3) Create the .env file in conf/ directory","text":"

          conf/.env

          JWT_PRIVATE_KEY=xxx\nSEAFILE_SERVER_PROTOCOL=https\nSEAFILE_SERVER_HOSTNAME=seafile.example.com\n

          Note: JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters, generate example: pwgen -s 40 1

          "},{"location":"upgrade/upgrade_notes_for_12.0.x/#4-start-seafile-120x-server","title":"4) Start Seafile-12.0.x server","text":""},{"location":"upgrade/upgrade_notes_for_12.0.x/#upgrade-seadoc-from-08-to-10","title":"Upgrade SeaDoc from 0.8 to 1.0","text":"

          If you have deployed SeaDoc v0.8 with Seafile v11.0, you can upgrade it to 1.0 use the following two steps:

          1. Delete sdoc_db.
          2. Re-deploy SeaDoc server. In other words, delete the old SeaDoc deployment and deploy a new SeaDoc server on a separate machine.

          Note, deploying SeaDoc and Seafile binary package on the same server is no longer supported. If you really want to deploying SeaDoc and Seafile server on the same machine, you should deploy Seafile server with Docker.

          "},{"location":"upgrade/upgrade_notes_for_12.0.x/#delete-sdoc_db","title":"Delete sdoc_db","text":"

          From version 1.0, SeaDoc is using seahub_db database to store its operation logs and no longer need an extra database sdoc_db. The database tables in seahub_db are created automatically when you upgrade Seafile server from v11.0 to v12.0. You can simply delete sdoc_db.

          "},{"location":"upgrade/upgrade_notes_for_12.0.x/#deploy-a-new-seadoc-server","title":"Deploy a new SeaDoc server","text":"

          Please see the document Setup SeaDoc to install SeaDoc on a separate machine and integrate with your binary packaged based Seafile server v12.0.

          "},{"location":"upgrade/upgrade_notes_for_12.0.x/#faq","title":"FAQ","text":"

          We have documented common issues encountered by users when upgrading to version 12.0 in our FAQ https://cloud.seatable.io/dtable/external-links/7b976c85f504491cbe8e/?tid=0000&vid=0000.

          If you encounter any issue, please give it a check.

          "},{"location":"upgrade/upgrade_notes_for_7.0.x/","title":"Upgrade notes for 7.0.x","text":"

          These notes give additional information about changes. Please always follow the main upgrade guide.

          "},{"location":"upgrade/upgrade_notes_for_7.0.x/#upgrade-notes-for-ce-70x","title":"Upgrade notes for CE-7.0.x","text":"

          If you are currently using the Seafile Community Edition, please refer to Upgrade notes for CE-7.0.x.

          "},{"location":"upgrade/upgrade_notes_for_7.0.x/#upgrade-notes-for-pro-70x","title":"Upgrade notes for Pro-7.0.x","text":"

          If you are currently using Seafile Professional, please refer to Upgrade notes for Pro-7.0.x.

          "},{"location":"upgrade/upgrade_notes_for_7.1.x/","title":"Upgrade notes for 7.1.x","text":"

          These notes give additional information about changes. Please always follow the main upgrade guide.

          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#important-release-changes","title":"Important release changes","text":"

          From 7.1.0 version, Seafile will depend on the Python 3 and is\u00a0not\u00a0compatible\u00a0with\u00a0Python\u00a02.

          Therefore you cannot upgrade directly from Seafile 6.x.x to 7.1.x.

          If your current version of Seafile is not 7.0.x, you must first download the 7.0.x installation package and upgrade to 7.0.x before performing the subsequent operations.

          To support both Python 3.6 and 3.7, we no longer bundle python libraries with Seafile package. You need to install most of the libraries by your own as bellow.

          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#deploy-python3","title":"Deploy Python3","text":"

          Note, you should install Python libraries system wide using root user or sudo mode.

          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#seafile-ce","title":"Seafile-CE","text":"
          • For Ubuntu 16.04/18.04 or Debian 10
          sudo apt-get install python3 python3-setuptools python3-pip memcached libmemcached-dev -y\n\nsudo pip3 install --timeout=3600 Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.3.8 \\\n    django-pylibmc django-simple-captcha python3-ldap\n
          • For CentOS 7/8
          yum install python3 python3-setuptools python3-pip -y\n\nsudo pip3 install --timeout=3600 Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.3.8 \\\n    django-pylibmc django-simple-captcha python3-ldap\n
          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#seafile-pro","title":"Seafile-Pro","text":"
          • For Ubuntu 16.04/18.04 or Debian 10
          apt-get install python3 python3-setuptools python3-pip -y\n\nsudo pip3 install --timeout=3600 Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.3.8 \\\n    django-pylibmc django-simple-captcha python3-ldap\n
          • For CentOS 7/8
          yum install python3 python3-setuptools python3-pip -y\n\nsudo pip3 install --timeout=3600 Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.3.8 \\\n    django-pylibmc django-simple-captcha python3-ldap\n
          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#upgrade-to-71x","title":"Upgrade to 7.1.x","text":"
          1. Stop Seafile-7.0.x server.
          2. Start from Seafile 7.0.x, run the script:
          upgrade/upgrade_7.0_7.1.sh\n
          1. Clear the Seahub cache:
          rm -rf /tmp/seahub_cache # Clear the Seahub cache files from disk.\n# If you are using the Memcached service, you need to restart the service to clear the Seahub cache.\nsystemctl restart memcached\n
          1. Start Seafile-7.1.x server.
          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#proxy-seafdav","title":"Proxy Seafdav","text":"

          After Seafile 7.1.x, Seafdav does not support Fastcgi, only Wsgi.

          This means that if you are using Seafdav functionality and have deployed Nginx or Apache reverse proxy. You need to change Fastcgi to Wsgi.

          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#for-nginx","title":"For Nginx","text":"

          For Seafdav, the configuration of Nginx is as follows:

          .....\n    location /seafdav {\n        proxy_pass         http://127.0.0.1:8080/seafdav;\n        proxy_set_header   Host $host;\n        proxy_set_header   X-Real-IP $remote_addr;\n        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header   X-Forwarded-Host $server_name;\n        proxy_set_header   X-Forwarded-Proto $scheme;\n        proxy_read_timeout  1200s;\n        client_max_body_size 0;\n\n        access_log      /var/log/nginx/seafdav.access.log seafileformat;\n        error_log       /var/log/nginx/seafdav.error.log;\n    }\n
          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#for-apache","title":"For Apache","text":"

          For Seafdav, the configuration of Apache is as follows:

          ......\n    <Location /seafdav>\n        ProxyPass \"http://127.0.0.1:8080/seafdav\"\n    </Location>\n
          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#builtin-office-file-preview","title":"Builtin office file preview","text":"

          The implementation of builtin office file preview has been changed. You should update your configuration according to:

          https://download.seafile.com/published/seafile-manual/deploy_pro/office_documents_preview.md#user-content-Version%207.1+

          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#if-you-are-using-ceph-backend","title":"If you are using Ceph backend","text":"

          If you are using Ceph storage backend, you need to install new python library.

          On Debian/Ubuntu (Seafile 7.1+):

          sudo apt-get install python3-rados\n
          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#login-page-customization","title":"Login Page Customization","text":"

          If you have customized the login page or other html pages, as we have removed some old javascript libraries, your customized pages may not work anymore. Please try to re-customize based on the newest version.

          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#user-name-encoding-issue-with-shibboleth-login","title":"User name encoding issue with Shibboleth login","text":"

          Note, the following patch is included in version pro-7.1.8 and ce-7.1.5 already.

          We have two customers reported that after upgrading to version 7.1, users login via Shibboleth single sign on have a wrong name if the name contains a special character. We suspect it is a Shibboleth problem as it does not sending the name in UTF-8 encoding to Seafile. (https://issues.shibboleth.net/jira/browse/SSPCPP-2)

          The solution is to modify the code in seahub/thirdpart/shibboleth/middleware.py:

          158         if nickname.strip():  # set nickname when it's not empty\n159             p.nickname = nickname\n\nto \n\n158         if nickname.strip():  # set nickname when it's not empty\n159             p.nickname = nickname.encode(\"iso-8859-1\u201d).decode('utf8')\n

          If you have this problem too, please let us know.

          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#faq","title":"FAQ","text":""},{"location":"upgrade/upgrade_notes_for_7.1.x/#sql-error-during-upgrade","title":"SQL Error during upgrade","text":"

          The upgrade script will try to create a missing table and remove an used index. The following SQL errors are jus warnings and can be ignored:

          [INFO] updating seahub database...\n/opt/seafile/seafile-server-7.1.1/seahub/thirdpart/pymysql/cursors.py:170: Warning: (1050, \"Table 'base_reposecretkey' already exists\")\n  result = self._query(query)\n[WARNING] Failed to execute sql: (1091, \"Can't DROP 'drafts_draft_origin_file_uuid_7c003c98_uniq'; check that column/key exists\")\n
          "},{"location":"upgrade/upgrade_notes_for_7.1.x/#internal-server-error-after-upgrade-to-version-71","title":"Internal server error after upgrade to version 7.1","text":"

          Please check whether the seahub process is running in your server. If it is running, there should be an error log in seahub.log for internal server error.

          If seahub process is not running, you can modify\u00a0conf/gunicorn.conf, change\u00a0daemon = True \u00a0to\u00a0daemon = False \u00a0, then run ./seahub.sh again. If there are missing Python dependencies, the error will be reported in the terminal.

          The most common issue is that you use an old memcache configuration that depends on python-memcache. The new way is

          'BACKEND': 'django_pylibmc.memcached.PyLibMCCache'\n

          The old way is

          'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',\n
          "},{"location":"upgrade/upgrade_notes_for_8.0.x/","title":"Upgrade notes for 8.0","text":"

          These notes give additional information about changes. Please always follow the main upgrade guide.

          "},{"location":"upgrade/upgrade_notes_for_8.0.x/#important-release-changes","title":"Important release changes","text":"

          From 8.0, ccnet-server component is removed. But ccnet.conf is still needed.

          "},{"location":"upgrade/upgrade_notes_for_8.0.x/#install-new-python-libraries","title":"Install new Python libraries","text":"

          Note, you should install Python libraries system wide using root user or sudo mode.

          • For Ubuntu 18.04/20.04
          apt-get install libmysqlclient-dev\n\nsudo pip3 install -U future mysqlclient sqlalchemy==1.4.3\n
          • For Debian 10
          apt-get install  default-libmysqlclient-dev \n\nsudo pip3 install future mysqlclient sqlalchemy==1.4.3\n
          • For CentOS 7
          yum install python3-devel mysql-devel gcc gcc-c++ -y\n\nsudo pip3 install future\nsudo pip3 install mysqlclient==2.0.1 sqlalchemy==1.4.3\n
          • For CentOS 8
          yum install python3-devel mysql-devel gcc gcc-c++ -y\n\nsudo pip3 install future mysqlclient sqlalchemy==1.4.3\n
          "},{"location":"upgrade/upgrade_notes_for_8.0.x/#change-shibboleth-setting","title":"Change Shibboleth Setting","text":"

          If you are using Shibboleth and have configured EXTRA_MIDDLEWARE_CLASSES

          EXTRA_MIDDLEWARE_CLASSES = (\n    'shibboleth.middleware.ShibbolethRemoteUserMiddleware',\n)\n

          please change it to EXTRA_MIDDLEWARE

          EXTRA_MIDDLEWARE = (\n    'shibboleth.middleware.ShibbolethRemoteUserMiddleware',\n)\n

          As support for old-style middleware using settings.MIDDLEWARE_CLASSES is removed since django 2.0.

          "},{"location":"upgrade/upgrade_notes_for_8.0.x/#upgrade-to-80x","title":"Upgrade to 8.0.x","text":"
          1. Stop Seafile-7.1.x server.

          2. Start from Seafile 7.1.x, run the script:

            upgrade/upgrade_7.1_8.0.sh\n

          3. Start Seafile-8.0.x server.

          "},{"location":"upgrade/upgrade_notes_for_9.0.x/","title":"Upgrade notes for 9.0","text":"

          These notes give additional information about changes. Please always follow the main upgrade guide.

          "},{"location":"upgrade/upgrade_notes_for_9.0.x/#important-release-changes","title":"Important release changes","text":"

          9.0 version includes following major changes:

          1. SERVICE_URL is moved from ccnet.conf to seahub_settings.py. The upgrade script will read it from ccnet.conf and write to seahub_settings.py
          2. (pro edition only) ElasticSearch is upgraded to version 6.8. ElasticSearch needs to be installed and managed individually. (As ElasticSearch changes license since 6.2, it can no longer be included in Seafile package). There are some benefits for ElasticSearch to be managed individually:
            • Reduce the size of Seafile package
            • You can change ElasticSearch setttings more easily
          3. (pro edition only) The built-in Office file preview is now implemented by a separate docker image. This makes is more easy to maintain. We also suggest users to use OnlyOffice as an alternative.
          4. Seafile community edition package for CentOS is no longer maintained (pro editions will still be maintaied). We suggest users to migrate to Docker images.
          5. We rewrite HTTP service in seaf-server with golang and move it to a separate component (turn off by default)

          The new file-server written in golang serves HTTP requests to upload/download/sync files. It provides three advantages:

          • The performance is better in a high-concurrency environment and it can handle long requests.
          • Now you can sync libraries with large number of files.
          • Now file zipping and downloading can be done simutaneously. When zip downloading a folder, you don't need to wait until zip is done.
          • Support rate control for file uploading and downloading.

          You can turn golang file-server on by adding following configuration in seafile.conf

          [fileserver]\nuse_go_fileserver = true\n
          "},{"location":"upgrade/upgrade_notes_for_9.0.x/#new-python-libraries","title":"New Python libraries","text":"

          Note, you should install Python libraries system wide using root user or sudo mode.

          • For Ubuntu 18.04/20.04
          sudo pip3 install pycryptodome==3.12.0 cffi==1.14.0\n
          "},{"location":"upgrade/upgrade_notes_for_9.0.x/#upgrade-to-90x","title":"Upgrade to 9.0.x","text":"
          1. Stop Seafile-8.0.x server.

          2. Start from Seafile 9.0.x, run the script:

            upgrade/upgrade_8.0_9.0.sh\n

          3. Start Seafile-9.0.x server.

          "},{"location":"upgrade/upgrade_notes_for_9.0.x/#update-elasticsearch-pro-edition-only","title":"Update ElasticSearch (pro edition only)","text":""},{"location":"upgrade/upgrade_notes_for_9.0.x/#method-one-rebuild-the-index-and-discard-the-old-index-data","title":"Method one, rebuild the index and discard the old index data","text":"

          If your elasticsearch data is not large, it is recommended to deploy the latest 7.x version of ElasticSearch and then rebuild the new index. Specific steps are as follows

          Download ElasticSearch image

          docker pull elasticsearch:7.16.2\n

          Create a new folder to store ES data and give the folder permissions

          mkdir -p /opt/seafile-elasticsearch/data  && chmod -R 777 /opt/seafile-elasticsearch/data/\n

          Note: You must properly grant permission to access the es data directory, and run the Elasticsearch container as the root user, refer to here.

          Start ES docker image

          sudo docker run -d --name es -p 9200:9200 -e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" -e \"ES_JAVA_OPTS=-Xms2g -Xmx2g\" -e \"xpack.security.enabled=false\" --restart=always -v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data -d elasticsearch:7.16.2\n

          Delete old index data

          rm -rf /opt/seafile/pro-data/search/data/*\n

          Modify seafevents.conf

          [INDEX FILES]\nexternal_es_server = true\nes_host = your server's IP (use 127.0.0.1 if deployed locally)\nes_port = 9200\n

          Restart seafile

          su seafile\ncd seafile-server-latest/\n./seafile.sh stop && ./seahub.stop \n./seafile.sh start && ./seahub.start \n
          "},{"location":"upgrade/upgrade_notes_for_9.0.x/#method-two-reindex-the-existing-data","title":"Method two, reindex the existing data","text":"

          If your data volume is relatively large, it will take a long time to rebuild indexes for all Seafile databases, so you can reindex the existing data. This requires the following steps

          • Download and start Elasticsearch 7.x
          • Use the existing data to execute ElasticSearch Reindex in order to build an index that can be used in 7.x

          The detailed process is as follows

          Download ElasticSearch image:

          docker pull elasticsearch:7.16.2\n

          PS\uff1aFor seafile version 9.0, you need to manually create the elasticsearch mapping path on the host machine and give it 777 permission, otherwise elasticsearch will report path permission problems when starting, the command is as follows 

          mkdir -p /opt/seafile-elasticsearch/data \n

          Move original data to the new folder and give the folder permissions

          mv  /opt/seafile/pro-data/search/data/*  /opt/seafile-elasticsearch/data/\nchmod -R 777 /opt/seafile-elasticsearch/data/\n

          Note: You must properly grant permission to access the es data directory, and run the Elasticsearch container as the root user, refer to here.

          Start ES docker image

          sudo docker run -d --name es -p 9200:9200 -e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" -e \"ES_JAVA_OPTS=-Xms1g -Xmx1g\" -e \"xpack.security.enabled=false\" --restart=always -v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data -d elasticsearch:7.16.2\n

          Note:ES_JAVA_OPTS can be adjusted according to your need.

          Create an index with 7.x compatible mappings.

          curl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repo_head?include_type_name=false&pretty=true' -d '\n{\n  \"mappings\" : {\n    \"properties\" : {\n      \"commit\" : {\n        \"type\" : \"text\",\n        \"index\" : false\n      },\n      \"repo\" : {\n        \"type\" : \"text\",\n        \"index\" : false\n      },\n      \"updatingto\" : {\n        \"type\" : \"text\",\n        \"index\" : false\n      }\n    }\n  }\n}'\n\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repofiles/?include_type_name=false&pretty=true' -d '\n{\n  \"settings\" : {\n    \"index\" : {\n      \"number_of_shards\" : 5,\n      \"number_of_replicas\" : 1,\n      \"analysis\" : {\n        \"analyzer\" : {\n          \"seafile_file_name_ngram_analyzer\" : {\n            \"filter\" : [\n              \"lowercase\"\n            ],\n            \"type\" : \"custom\",\n            \"tokenizer\" : \"seafile_file_name_ngram_tokenizer\"\n          }\n        },\n        \"tokenizer\" : {\n          \"seafile_file_name_ngram_tokenizer\" : {\n            \"type\" : \"ngram\",\n            \"min_gram\" : \"3\",\n            \"max_gram\" : \"4\"\n          }\n        }\n      }\n    }\n  },\n  \"mappings\" : {\n    \"properties\" : {\n      \"content\" : {\n        \"type\" : \"text\",\n        \"term_vector\" : \"with_positions_offsets\"\n      },\n      \"filename\" : {\n        \"type\" : \"text\",\n        \"fields\" : {\n          \"ngram\" : {\n            \"type\" : \"text\",\n            \"analyzer\" : \"seafile_file_name_ngram_analyzer\"\n          }\n        }\n      },\n      \"is_dir\" : {\n        \"type\" : \"boolean\"\n      },\n      \"mtime\" : {\n        \"type\" : \"date\"\n      },\n      \"path\" : {\n        \"type\" : \"keyword\"\n      },\n      \"repo\" : {\n        \"type\" : \"keyword\"\n      },\n      \"size\" : {\n        \"type\" : \"long\"\n      },\n      \"suffix\" : {\n        \"type\" : \"keyword\"\n      }\n    }\n  }\n}'\n

          Set the refresh_interval to -1 and the number_of_replicas to 0 for efficient reindexing:

          curl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repo_head/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : \"-1\",\n    \"number_of_replicas\" : 0\n  }\n}'\n\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repofiles/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : \"-1\",\n    \"number_of_replicas\" : 0\n  }\n}'\n

          Use the reindex API to copy documents from the 5.x index into the new index.

          curl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_reindex/?pretty' -d '\n{\n  \"source\": {\n    \"index\": \"repo_head\",\n    \"type\": \"repo_commit\"\n  },\n  \"dest\": {\n    \"index\": \"new_repo_head\",\n    \"type\": \"_doc\"\n  }\n}'\n\ncurl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_reindex/?pretty' -d '\n{\n  \"source\": {\n    \"index\": \"repofiles\",\n    \"type\": \"file\"\n  },\n  \"dest\": {\n    \"index\": \"new_repofiles\",\n    \"type\": \"_doc\"\n  }\n}'\n

          Reset the refresh_interval and number_of_replicas to the values used in the old index.

          curl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repo_head/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : null,\n    \"number_of_replicas\" : 1\n  }\n}'\n\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repofiles/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : null,\n    \"number_of_replicas\" : 1\n  }\n}'\n

          Wait for the index status to change to green.

          curl http{s}://{es server IP}:9200/_cluster/health?pretty\n

          Use the aliases API delete the old index and add an alias with the old index name to the new index.

          curl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_aliases?pretty' -d '\n{\n  \"actions\": [\n    {\"remove_index\": {\"index\": \"repo_head\"}},\n    {\"remove_index\": {\"index\": \"repofiles\"}},\n    {\"add\": {\"index\": \"new_repo_head\", \"alias\": \"repo_head\"}},\n    {\"add\": {\"index\": \"new_repofiles\", \"alias\": \"repofiles\"}}\n  ]\n}'\n

          After reindex, modify the configuration in Seafile.

          Modify seafevents.conf

          [INDEX FILES]\nexternal_es_server = true\nes_host = your server's IP\nes_port = 9200\n

          Restart seafile

          su seafile\ncd seafile-server-latest/\n./seafile.sh stop && ./seahub.stop \n./seafile.sh start && ./seahub.start \n
          "},{"location":"upgrade/upgrade_notes_for_9.0.x/#method-three-if-you-are-in-a-cluster-environment","title":"Method three, if you are in a cluster environment","text":"

          Deploy a new ElasticSeach 7.x service, use Seafile 9.0 version to deploy a new backend node, and connect to ElasticSeach 7.x. The background node does not start the Seafile background service, just manually run the command ./pro/pro.py search --update, and then upgrade the other nodes to Seafile 9.0 version and use the new ElasticSeach 7.x after the index is created. Then deactivate the old backend node and the old version of ElasticSeach.

          "}]} \ No newline at end of file +{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Introduction","text":"

          Seafile is an open source cloud storage system for file sync, share and document collaboration. SeaDoc is an extension of Seafile that providing a lightweight online collaborative document feature.

          "},{"location":"#license","title":"LICENSE","text":"

          The different components of Seafile project are released under different licenses:

          • Seafile iOS client: Apache License v2
          • Seafile Android client: GPLv3
          • Desktop syncing client: GPLv2
          • Seafile Server core: AGPLv3
          • Seahub (Seafile server Web UI): Apache License v2
          "},{"location":"#contact-information","title":"Contact information","text":"
          • Twitter: @seafile https://twitter.com/seafile
          • Forum: https://forum.seafile.com
          "},{"location":"changelog/","title":"Changelog","text":""},{"location":"changelog/#changelogs","title":"Changelogs","text":"
          • Seafile Community Edition
          • Seafile Professional Edition
          • Seafile Sync Client
          • Seafile Drive Client (SeaDrive)
          • Seafile Android Client (Seadroid)
          • Seafile iOS Client
          "},{"location":"administration/","title":"Administration","text":""},{"location":"administration/#enter-the-admin-panel","title":"Enter the admin panel","text":"

          As the system admin, you can enter the admin panel by click System Admin in the popup of avatar.

          "},{"location":"administration/#account-management","title":"Account management","text":"
          • Account management
          "},{"location":"administration/#logs","title":"Logs","text":"
          • The location of log files
          "},{"location":"administration/#backup-and-recovery","title":"Backup and Recovery","text":"

          Backup and recovery:

          • Backup and recovery

          Recover corrupt files after server hard shutdown or system crash:

          • Seafile FSCK

          You can run Seafile GC to remove unused files:

          • Seafile GC
          "},{"location":"administration/#clean-database","title":"Clean database","text":"
          • Clean database
          "},{"location":"administration/#export-report","title":"Export report","text":"
          • Export report
          "},{"location":"administration/account/","title":"Account Management","text":""},{"location":"administration/account/#user-management","title":"User Management","text":"

          When you setup seahub website, you should have setup a admin account. After you logged in a admin, you may add/delete users and file libraries.

          "},{"location":"administration/account/#how-to-change-a-users-id","title":"How to change a user's ID","text":"

          Since version 11.0, if you need to change a user's external ID, you can manually modify database table social_auth_usersocialauth to map the new external ID to internal ID.

          For version below 11.0, if you really want to change a user's ID, you should create a new user then use this admin API to migrate the data from old user to the new user: https://download.seafile.com/published/web-api/v2.1-admin/accounts.md#user-content-Migrate%20Account.

          "},{"location":"administration/account/#resetting-user-password","title":"Resetting User Password","text":"

          Administrator can reset password for a user in \"System Admin\" page.

          In a private server, the default settings doesn't support users to reset their password by email. If you want to enable this, you have first to set up notification email.

          "},{"location":"administration/account/#forgot-admin-account-or-password","title":"Forgot Admin Account or Password?","text":"

          You may run reset-admin.sh script under seafile-server directory. This script would help you reset the admin account and password. Your data will not be deleted from the admin account, this only unlocks and changes the password for the admin account.

          "},{"location":"administration/account/#user-quota-notice","title":"User Quota Notice","text":"

          Under the seafile-server-latest directory, run ./seahub.sh python-env python seahub/manage.py check_user_quota , when the user quota exceeds 90%, an email will be sent. If you want to enable this, you have first to set up notification email.

          "},{"location":"administration/auditing/","title":"Access log and auditing","text":"

          In the Pro Edition, Seafile offers four audit logs in system admin panel:

          • Login log
          • File access log (including access to shared files)
          • File update log
          • Permission change log

          The logging feature is turned off by default before version 6.0. Add the following option to seafevents.conf to turn it on:

          [Audit]\n## Audit log is disabled default.\n## Leads to additional SQL tables being filled up, make sure your SQL server is able to handle it.\nenabled = true\n

          The audit log data is being saved in seahub_db.

          "},{"location":"administration/backup_recovery/","title":"Backup and Recovery","text":""},{"location":"administration/backup_recovery/#overview","title":"Overview","text":"

          There are generally two parts of data to backup

          • Seafile library data
          • Databases

          If you setup seafile server according to our manual, you should have a directory layout like:

          /opt/seafile\n  --seafile-server-9.0.x # untar from seafile package\n  --seafile-data   # seafile configuration and data (if you choose the default)\n  --seahub-data    # seahub data\n  --logs\n  --conf\n

          All your library data is stored under the '/opt/seafile' directory.

          Seafile also stores some important metadata data in a few databases. The names and locations of these databases depends on which database software you use.

          For SQLite, the database files are also under the '/opt/seafile' directory. The locations are:

          • ccnet/PeerMgr/usermgr.db: contains user information
          • ccnet/GroupMgr/groupmgr.db: contains group information
          • seafile-data/seafile.db: contains library metadata
          • seahub.db: contains tables used by the web front end (seahub)

          For MySQL, the databases are created by the administrator, so the names can be different from one deployment to another. There are 3 databases:

          • ccnet_db: contains user and group information
          • seafile_db: contains library metadata
          • seahub_db: contains tables used by the web front end (seahub)
          "},{"location":"administration/backup_recovery/#backup-steps","title":"Backup steps","text":"

          The backup is a three step procedure:

          1. Optional: Stop Seafile server first if you're using SQLite as database.
          2. Backup the databases;
          3. Backup the seafile data directory;
          "},{"location":"administration/backup_recovery/#backup-order-database-first-or-data-directory-first","title":"Backup Order: Database First or Data Directory First","text":"
          • backup data directory first, SQL later: When you're backing up data directory, some new objects are written and they're not backed up. Those new objects may be referenced in SQL database. So when you restore, some records in the database cannot find its object. So the library is corrupted.
          • backup SQL first, data directory later: Since you backup database first, all records in the database have valid objects to be referenced. So the libraries won't be corrupted. But new objects written to storage when you're backing up are not referenced by database records. So some libraries are out of date. When you restore, some new data are lost.

          The second sequence is better in the sense that it avoids library corruption. Like other backup solutions, some new data can be lost in recovery. There is always a backup window. However, if your storage backup mechanism can finish quickly enough, using the first sequence can retain more data.

          We assume your seafile data directory is in /opt/seafile for binary package based deployment (or /opt/seafile-data for docker based deployment). And you want to backup to /backup directory. The /backup can be an NFS or Windows share mount exported by another machine, or just an external disk. You can create a layout similar to the following in /backup directory:

          /backup\n---- databases/  contains database backup files\n---- data/  contains backups of the data directory\n
          "},{"location":"administration/backup_recovery/#backup-and-restore-for-binary-package-based-deployment","title":"Backup and restore for binary package based deployment","text":""},{"location":"administration/backup_recovery/#backing-up-databases","title":"Backing up Databases","text":"

          It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week.

          MySQL

          Assume your database names are ccnet_db, seafile_db and seahub_db. mysqldump automatically locks the tables so you don't need to stop Seafile server when backing up MySQL databases. Since the database tables are usually very small, it won't take long to dump.

          mysqldump -h [mysqlhost] -u[username] -p[password] --opt ccnet_db > /backup/databases/ccnet-db.sql.`date +\"%Y-%m-%d-%H-%M-%S\"`\n\nmysqldump -h [mysqlhost] -u[username] -p[password] --opt seafile_db > /backup/databases/seafile-db.sql.`date +\"%Y-%m-%d-%H-%M-%S\"`\n\nmysqldump -h [mysqlhost] -u[username] -p[password] --opt seahub_db > /backup/databases/seahub-db.sql.`date +\"%Y-%m-%d-%H-%M-%S\"`\n

          SQLite

          SQLite has not supported since Seafile 11.0

          You need to stop Seafile server first before backing up SQLite database.

          sqlite3 /opt/seafile/ccnet/GroupMgr/groupmgr.db .dump > /backup/databases/groupmgr.db.bak.`date +\"%Y-%m-%d-%H-%M-%S\"`\n\nsqlite3 /opt/seafile/ccnet/PeerMgr/usermgr.db .dump > /backup/databases/usermgr.db.bak.`date +\"%Y-%m-%d-%H-%M-%S\"`\n\nsqlite3 /opt/seafile/seafile-data/seafile.db .dump > /backup/databases/seafile.db.bak.`date +\"%Y-%m-%d-%H-%M-%S\"`\n\nsqlite3 /opt/seafile/seahub.db .dump > /backup/databases/seahub.db.bak.`date +\"%Y-%m-%d-%H-%M-%S\"`\n
          "},{"location":"administration/backup_recovery/#backing-up-seafile-library-data","title":"Backing up Seafile library data","text":"

          The data files are all stored in the /opt/seafile directory, so just back up the whole directory. You can directly copy the whole directory to the backup destination, or you can use rsync to do incremental backup.

          To directly copy the whole data directory,

          cp -R /opt/seafile /backup/data/seafile-`date +\"%Y-%m-%d-%H-%M-%S\"`\n

          This produces a separate copy of the data directory each time. You can delete older backup copies after a new one is completed.

          If you have a lot of data, copying the whole data directory would take long. You can use rsync to do incremental backup.

          rsync -az /opt/seafile /backup/data\n

          This command backup the data directory to /backup/data/seafile.

          "},{"location":"administration/backup_recovery/#restore-from-backup","title":"Restore from backup","text":"

          Now supposed your primary seafile server is broken, you're switching to a new machine. Using the backup data to restore your Seafile instance:

          1. Copy /backup/data/seafile to the new machine. Let's assume the seafile deployment location new machine is also /opt/seafile.
          2. Restore the database.
          3. Since database and data are backed up separately, they may become a little inconsistent with each other. To correct the potential inconsistency, run seaf-fsck tool to check data integrity on the new machine. See seaf-fsck documentation.
          "},{"location":"administration/backup_recovery/#restore-the-databases","title":"Restore the databases","text":"

          Now with the latest valid database backup files at hand, you can restore them.

          MySQL

          mysql -u[username] -p[password] ccnet_db < ccnet-db.sql.2013-10-19-16-00-05\nmysql -u[username] -p[password] seafile_db < seafile-db.sql.2013-10-19-16-00-20\nmysql -u[username] -p[password] seahub_db < seahub-db.sql.2013-10-19-16-01-05\n

          SQLite

          SQLite has not supported since Seafile 11.0

          cd /opt/seafile\nmv ccnet/PeerMgr/usermgr.db ccnet/PeerMgr/usermgr.db.old\nmv ccnet/GroupMgr/groupmgr.db ccnet/GroupMgr/groupmgr.db.old\nmv seafile-data/seafile.db seafile-data/seafile.db.old\nmv seahub.db seahub.db.old\nsqlite3 ccnet/PeerMgr/usermgr.db < usermgr.db.bak.xxxx\nsqlite3 ccnet/GroupMgr/groupmgr.db < groupmgr.db.bak.xxxx\nsqlite3 seafile-data/seafile.db < seafile.db.bak.xxxx\nsqlite3 seahub.db < seahub.db.bak.xxxx\n
          "},{"location":"administration/backup_recovery/#backup-and-restore-for-docker-based-deployment","title":"Backup and restore for Docker based deployment","text":""},{"location":"administration/backup_recovery/#structure","title":"Structure","text":"

          We assume your seafile volumns path is in /opt/seafile-data. And you want to backup to /backup directory.

          The data files to be backed up:

          /opt/seafile-data/seafile/conf  # configuration files\n/opt/seafile-data/seafile/seafile-data # data of seafile\n/opt/seafile-data/seafile/seahub-data # data of seahub\n
          "},{"location":"administration/backup_recovery/#backing-up-database","title":"Backing up Database","text":"
          # It's recommended to backup the database to a separate file each time. Don't overwrite older database backups for at least a week.\ncd /backup/databases\ndocker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt ccnet_db > ccnet_db.sql\ndocker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt seafile_db > seafile_db.sql\ndocker exec -it seafile-mysql mysqldump  -u[username] -p[password] --opt seahub_db > seahub_db.sql\n
          "},{"location":"administration/backup_recovery/#backing-up-seafile-library-data_1","title":"Backing up Seafile library data","text":""},{"location":"administration/backup_recovery/#to-directly-copy-the-whole-data-directory","title":"To directly copy the whole data directory","text":"
          cp -R /opt/seafile-data/seafile /backup/data/\n
          "},{"location":"administration/backup_recovery/#use-rsync-to-do-incremental-backup","title":"Use rsync to do incremental backup","text":"
          rsync -az /opt/seafile-data/seafile /backup/data/\n
          "},{"location":"administration/backup_recovery/#recovery","title":"Recovery","text":""},{"location":"administration/backup_recovery/#restore-the-databases_1","title":"Restore the databases","text":"
          docker cp /backup/databases/ccnet_db.sql seafile-mysql:/tmp/ccnet_db.sql\ndocker cp /backup/databases/seafile_db.sql seafile-mysql:/tmp/seafile_db.sql\ndocker cp /backup/databases/seahub_db.sql seafile-mysql:/tmp/seahub_db.sql\n\ndocker exec -it seafile-mysql /bin/sh -c \"mysql -u[username] -p[password] ccnet_db < /tmp/ccnet_db.sql\"\ndocker exec -it seafile-mysql /bin/sh -c \"mysql -u[username] -p[password] seafile_db < /tmp/seafile_db.sql\"\ndocker exec -it seafile-mysql /bin/sh -c \"mysql -u[username] -p[password] seahub_db < /tmp/seahub_db.sql\"\n
          "},{"location":"administration/backup_recovery/#restore-the-seafile-data","title":"Restore the seafile data","text":"
          cp -R /backup/data/* /opt/seafile-data/seafile/\n
          "},{"location":"administration/clean_database/","title":"Clean Database","text":""},{"location":"administration/clean_database/#seahub","title":"Seahub","text":""},{"location":"administration/clean_database/#session","title":"Session","text":"

          Use the following command to clear expired session records in Seahub database:

          cd <install-path>/seafile-server-latest\n./seahub.sh python-env python3 seahub/manage.py clearsessions\n
          "},{"location":"administration/clean_database/#activity","title":"Activity","text":"

          Use the following command to clear the activity records:

          use seahub_db;\nDELETE FROM Activity WHERE to_days(now()) - to_days(timestamp) > 90;\n

          The corresponding items in UserActivity will deleted automatically by MariaDB when the foreign keys in Activity table are deleted.

          "},{"location":"administration/clean_database/#login","title":"Login","text":"

          Use the following command to clean the login records:

          use seahub_db;\nDELETE FROM sysadmin_extra_userloginlog WHERE to_days(now()) - to_days(login_date) > 90;\n
          "},{"location":"administration/clean_database/#file-access","title":"File Access","text":"

          Use the following command to clean the file access records:

          use seahub_db;\nDELETE FROM FileAudit WHERE to_days(now()) - to_days(timestamp) > 90;\n
          "},{"location":"administration/clean_database/#file-update","title":"File Update","text":"

          Use the following command to clean the file update records:

          use seahub_db;\nDELETE FROM FileUpdate WHERE to_days(now()) - to_days(timestamp) > 90;\n
          "},{"location":"administration/clean_database/#permisson","title":"Permisson","text":"

          Use the following command to clean the permission change audit records:

          use seahub_db;\nDELETE FROM PermAudit WHERE to_days(now()) - to_days(timestamp) > 90;\n
          "},{"location":"administration/clean_database/#file-history","title":"File History","text":"

          Use the following command to clean the file history records:

          use seahub_db;\nDELETE FROM FileHistory WHERE to_days(now()) - to_days(timestamp) > 90;\n
          "},{"location":"administration/clean_database/#command-clean_db_records","title":"Command clean_db_records","text":"

          Use the following command to simultaneously clean up table records of Activity, sysadmin_extra_userloginlog, FileAudit, FileUpdate, FileHistory, PermAudit, FileTrash 90 days ago:

          cd <install-path>/seafile-server-latest\n./seahub.sh python-env python3 seahub/manage.py clean_db_records\n
          "},{"location":"administration/clean_database/#outdated-library-data","title":"Outdated Library Data","text":"

          Since version 6.2, we offer command to clear outdated library records in Seahub database, e.g. records that are not deleted after a library is deleted. This is because users can restore a deleted library, so we can't delete these records at library deleting time.

          cd <install-path>/seafile-server-latest\n./seahub.sh python-env python3 seahub/manage.py clear_invalid_repo_data\n

          This command has been improved in version 10.0, including:

          1. It will clear the invalid data in small batch, avoiding consume too much database resource in a short time.

          2. Dry-run mode: if you just want to see how much invalid data can be deleted without actually deleting any data, you can use the dry-run option, e.g.

          cd <install-path>/seafile-server-latest\n./seahub.sh python-env python3 seahub/manage.py clear_invalid_repo_data --dry-run=true\n
          "},{"location":"administration/clean_database/#library-sync-tokens","title":"Library Sync Tokens","text":"

          There are two tables in Seafile db that are related to library sync tokens.

          • RepoUserToken contains the authentication tokens used for library syncing. Note that a separate token is created for every client (including sync client and SeaDrive.)
          • RepoTokenPeerInfo contains more information about each client token, such as client name, IP address, last sync time etc.

          When you have many sync clients connected to the server, these two tables can have large number of rows. Many of them are no longer actively used. You may clean the tokens that are not used in a recent period, by the following SQL query:

          delete t,i from RepoUserToken t, RepoTokenPeerInfo i where t.token=i.token and sync_time < xxxx;\n

          xxxx is the UNIX timestamp for the time before which tokens will be deleted.

          To be safe, you can first check how many tokens will be removed:

          select * from RepoUserToken t, RepoTokenPeerInfo i where t.token=i.token and sync_time < xxxx;\n
          "},{"location":"administration/export_report/","title":"Export Report","text":"

          Since version 7.0.8 pro, Seafile provides commands to export reports via command line.

          "},{"location":"administration/export_report/#export-user-traffic-report","title":"Export User Traffic Report","text":"
          cd <install-path>/seafile-server-latest\n./seahub.sh python-env python seahub/manage.py export_user_traffic_report --date 201906\n
          "},{"location":"administration/export_report/#export-user-storage-report","title":"Export User Storage Report","text":"
          cd <install-path>/seafile-server-latest\n./seahub.sh python-env python seahub/manage.py export_user_storage_report\n
          "},{"location":"administration/export_report/#export-file-access-log","title":"Export File Access Log","text":"
          cd <install-path>/seafile-server-latest\n./seahub.sh python-env python seahub/manage.py export_file_access_log --start-date 2019-06-01 --end-date 2019-07-01\n
          "},{"location":"administration/logs/","title":"Logs","text":""},{"location":"administration/logs/#log-files-of-seafile-server","title":"Log files of seafile server","text":"
          • seafile.log: logs of seaf-server
          • controller.log: logs of controller
          • seahub.log: logs from Django framework
          • fileserver.log: logs of the golang file server component
          • seafevents.log: logs for background tasks and office file conversion
          • seahub_email_sender.log: logs for periodically email sending of background tasks
          "},{"location":"administration/logs/#log-files-for-seafile-background-node-in-cluster-mode","title":"Log files for seafile background node in cluster mode","text":"
          • seafile.log: logs of seaf-server
          • controller.log: logs of controller
          • seafevents.log: Empty
          • seafile-background-tasks.log: logs for background tasks and office file convertion
          • seahub_email_sender.log: logs for periodically email sending of background tasks
          "},{"location":"administration/seafile_fsck/","title":"Seafile FSCK","text":"

          On the server side, Seafile stores the files in the libraries in an internal format. Seafile has its own representation of directories and files (similar to Git).

          With default installation, these internal objects are stored in the server's file system directly (such as Ext4, NTFS). But most file systems don't assure the integrity of file contents after a hard shutdown or system crash. So if new Seafile internal objects are being written when the system crashes, they can be corrupt after the system reboots. This will make part of the corresponding library not accessible.

          Warning

          If you store the seafile-data directory in a battery-backed NAS (like EMC or NetApp), or use S3 backend available in the Pro edition, the internal objects won't be corrupt.

          We provide a seaf-fsck.sh script to check the integrity of libraries. The seaf-fsck tool accepts the following arguments:

          cd seafile-server-latest\n./seaf-fsck.sh [--repair|-r] [--export|-E export_path] [repo_id_1 [repo_id_2 ...]]\n

          Tip

          If your Seafile server is deployed by Docker, you have to run the above command in the container:

          docker exec -it seafile bash\n# after entering the container\ncd /scripts\n./seaf-fsck.sh [--repair|-r] [--export|-E export_path] [repo_id_1 [repo_id_2 ...]]\n

          There are three modes of operation for seaf-fsck:

          1. checking integrity of libraries.
          2. repairing corrupted libraries.
          3. exporting libraries.
          "},{"location":"administration/seafile_fsck/#checking-integrity-of-libraries","title":"Checking Integrity of Libraries","text":"

          Running seaf-fsck.sh without any arguments will run a read-only integrity check for all libraries.

          cd seafile-server-latest\n./seaf-fsck.sh\n

          If you want to check integrity for specific libraries, just append the library id's as arguments:

          cd seafile-server-latest\n./seaf-fsck.sh [library-id1] [library-id2] ...\n

          The output looks like:

          [02/13/15 16:21:07] fsck.c(470): Running fsck for repo ca1a860d-e1c1-4a52-8123-0bf9def8697f.\n[02/13/15 16:21:07] fsck.c(413): Checking file system integrity of repo fsck(ca1a860d)...\n[02/13/15 16:21:07] fsck.c(35): Dir 9c09d937397b51e1283d68ee7590cd9ce01fe4c9 is missing.\n[02/13/15 16:21:07] fsck.c(200): Dir /bf/pk/(9c09d937) is corrupted.\n[02/13/15 16:21:07] fsck.c(105): Block 36e3dd8757edeb97758b3b4d8530a4a8a045d3cb is corrupted.\n[02/13/15 16:21:07] fsck.c(178): File /bf/02.1.md(ef37e350) is corrupted.\n[02/13/15 16:21:07] fsck.c(85): Block 650fb22495b0b199cff0f1e1ebf036e548fcb95a is missing.\n[02/13/15 16:21:07] fsck.c(178): File /01.2.md(4a73621f) is corrupted.\n[02/13/15 16:21:07] fsck.c(514): Fsck finished for repo ca1a860d.\n

          The corrupted files and directories are reported.

          Sometimes you can see output like the following:

          [02/13/15 16:36:11] Commit 6259251e2b0dd9a8e99925ae6199cbf4c134ec10 is missing\n[02/13/15 16:36:11] fsck.c(476): Repo ca1a860d HEAD commit is corrupted, need to restore to an old version.\n[02/13/15 16:36:11] fsck.c(314): Scanning available commits...\n[02/13/15 16:36:11] fsck.c(376): Find available commit 1b26b13c(created at 2015-02-13 16:10:21) for repo ca1a860d.\n

          This means the \"head commit\" (current state of the library) recorded in database is not consistent with the library data. In such case, fsck will try to find the last consistent state and check the integrity in that state.

          Tip

          If you have many libraries, it's helpful to save the fsck output into a log file for later analysis.

          "},{"location":"administration/seafile_fsck/#repairing-corruption","title":"Repairing Corruption","text":"

          Corruption repair in seaf-fsck basically works in two steps:

          1. If the library state (commit) recorded in database is not found in data directory, find the last available state from data directory.
          2. Check data integrity in that specific state. If files or directories are corrupted, set them to empty files or empty directories. The corrupted paths will be reported, so that the user can recover them from somewhere else.

          Running the following command repairs all the libraries:

          cd seafile-server-latest\n./seaf-fsck.sh --repair\n

          Most of time you run the read-only integrity check first, to find out which libraries are corrupted. And then you repair specific libraries with the following command:

          cd seafile-server-latest\n./seaf-fsck.sh --repair [library-id1] [library-id2] ...\n

          After repairing, in the library history, seaf-fsck includes the list of files and folders that are corrupted. So it's much easier to located corrupted paths.

          "},{"location":"administration/seafile_fsck/#best-practice-for-repairing-a-library","title":"Best Practice for Repairing a Library","text":"

          To check all libraries and find out which library is corrupted, the system admin can run seaf-fsck.sh without any argument and save the output to a log file. Search for keyword \"Fail\" in the log file to locate corrupted libraries. You can run seaf-fsck to check all libraries when your Seafile server is running. It won't damage or change any files.

          When the system admin find a library is corrupted, he/she should run seaf-fsck.sh with \"--repair\" for the library. After the command fixes the library, the admin should inform user to recover files from other places. There are two ways:

          • Upload corrupted files or folders via the web interface
          • If the library was synced to some desktop computer, and that computer has a correct version of the corrupted file, resyncing the library on that computer will upload the corrupted files to the server.
          "},{"location":"administration/seafile_fsck/#speeding-up-fsck-by-not-checking-file-contents","title":"Speeding up FSCK by not checking file contents","text":"

          Starting from Pro edition 7.1.5, an option is added to speed up FSCK. Most of the running time of seaf-fsck is spent on calculating hashes for file contents. This hash will be compared with block object ID. If they're not consistent, the block is detected as corrupted.

          In many cases, the file contents won't be corrupted most of time. Some objects are just missing from the system. So it's enough to only check for object existence. This will greatly speed up the fsck process.

          To skip checking file contents, add the \"--shallow\" or \"-s\" option to seaf-fsck.

          "},{"location":"administration/seafile_fsck/#exporting-libraries-to-file-system","title":"Exporting Libraries to File System","text":"

          You can use seaf-fsck to export all the files in libraries to external file system (such as Ext4). This procedure doesn't rely on the seafile database. As long as you have your seafile-data directory, you can always export your files from Seafile to external file system.

          The command syntax is

          cd seafile-server-latest\n./seaf-fsck.sh --export top_export_path [library-id1] [library-id2] ...\n

          The argument top_export_path is a directory to place the exported files. Each library will be exported as a sub-directory of the export path. If you don't specify library ids, all libraries will be exported.

          Currently only un-encrypted libraries can be exported. Encrypted libraries will be skipped.

          "},{"location":"administration/seafile_gc/","title":"Seafile GC","text":"

          Seafile uses storage de-duplication technology to reduce storage usage. The underlying data blocks will not be removed immediately after you delete a file or a library. As a result, the number of unused data blocks will increase on Seafile server.

          To release the storage space occupied by unused blocks, you have to run a \"garbage collection\" program to clean up unused blocks on your server.

          The GC program cleans up two types of unused blocks:

          1. Blocks that no library references to, that is, the blocks belong to deleted libraries;
          2. If you set history length limit on some libraries, the out-dated blocks in those libraries will also be removed.
          "},{"location":"administration/seafile_gc/#run-gc","title":"Run GC","text":""},{"location":"administration/seafile_gc/#dry-run-mode","title":"Dry-run Mode","text":"

          To see how much garbage can be collected without actually removing any garbage, use the dry-run option:

          seaf-gc.sh --dry-run [repo-id1] [repo-id2] ...\n

          The output should look like:

          [03/19/15 19:41:49] seafserv-gc.c(115): GC version 1 repo My Library(ffa57d93)\n[03/19/15 19:41:49] gc-core.c(394): GC started. Total block number is 265.\n[03/19/15 19:41:49] gc-core.c(75): GC index size is 1024 Byte.\n[03/19/15 19:41:49] gc-core.c(408): Populating index.\n[03/19/15 19:41:49] gc-core.c(262): Populating index for repo ffa57d93.\n[03/19/15 19:41:49] gc-core.c(308): Traversed 5 commits, 265 blocks.\n[03/19/15 19:41:49] gc-core.c(440): Scanning unused blocks.\n[03/19/15 19:41:49] gc-core.c(472): GC finished. 265 blocks total, about 265 reachable blocks, 0 blocks can be removed.\n\n[03/19/15 19:41:49] seafserv-gc.c(115): GC version 1 repo aa(f3d0a8d0)\n[03/19/15 19:41:49] gc-core.c(394): GC started. Total block number is 5.\n[03/19/15 19:41:49] gc-core.c(75): GC index size is 1024 Byte.\n[03/19/15 19:41:49] gc-core.c(408): Populating index.\n[03/19/15 19:41:49] gc-core.c(262): Populating index for repo f3d0a8d0.\n[03/19/15 19:41:49] gc-core.c(308): Traversed 8 commits, 5 blocks.\n[03/19/15 19:41:49] gc-core.c(264): Populating index for sub-repo 9217622a.\n[03/19/15 19:41:49] gc-core.c(308): Traversed 4 commits, 4 blocks.\n[03/19/15 19:41:49] gc-core.c(440): Scanning unused blocks.\n[03/19/15 19:41:49] gc-core.c(472): GC finished. 5 blocks total, about 9 reachable blocks, 0 blocks can be removed.\n\n[03/19/15 19:41:49] seafserv-gc.c(115): GC version 1 repo test2(e7d26d93)\n[03/19/15 19:41:49] gc-core.c(394): GC started. Total block number is 507.\n[03/19/15 19:41:49] gc-core.c(75): GC index size is 1024 Byte.\n[03/19/15 19:41:49] gc-core.c(408): Populating index.\n[03/19/15 19:41:49] gc-core.c(262): Populating index for repo e7d26d93.\n[03/19/15 19:41:49] gc-core.c(308): Traversed 577 commits, 507 blocks.\n[03/19/15 19:41:49] gc-core.c(440): Scanning unused blocks.\n[03/19/15 19:41:49] gc-core.c(472): GC finished. 507 blocks total, about 507 reachable blocks, 0 blocks can be removed.\n\n[03/19/15 19:41:50] seafserv-gc.c(124): === Repos deleted by users ===\n[03/19/15 19:41:50] seafserv-gc.c(145): === GC is finished ===\n\n[03/19/15 19:41:50] Following repos have blocks to be removed:\nrepo-id1\nrepo-id2\nrepo-id3\n

          If you give specific library ids, only those libraries will be checked; otherwise all libraries will be checked.

          repos have blocks to be removed

          Notice that at the end of the output there is a \"repos have blocks to be removed\" section. It contains the list of libraries that have garbage blocks. Later when you run GC without --dry-run option, you can use these libraris ids as input arguments to GC program.

          "},{"location":"administration/seafile_gc/#removing-garbage","title":"Removing Garbage","text":"

          To actually remove garbage blocks, run without the --dry-run option:

          seaf-gc.sh [repo-id1] [repo-id2] ...\n

          If libraries ids are specified, only those libraries will be checked for garbage.

          As described before, there are two types of garbage blocks to be removed. Sometimes just removing the first type of blocks (those that belong to deleted libraries) is good enough. In this case, the GC program won't bother to check the libraries for outdated historic blocks. The \"-r\" option implements this feature:

          seaf-gc.sh -r\n

          Success

          Libraries deleted by the users are not immediately removed from the system. Instead, they're moved into a \"trash\" in the system admin page. Before they're cleared from the trash, their blocks won't be garbage collected.

          "},{"location":"administration/seafile_gc/#removing-fs-objects","title":"Removing FS objects","text":"

          Since Pro server 8.0.6 and community edition 9.0, you can remove garbage fs objects. It should be run without the --dry-run option:

          seaf-gc.sh --rm-fs\n

          Bug reports

          This command has bug before Pro Edition 10.0.15 and Community Edition 11.0.7. It could cause virtual libraries (e.g. shared folders) failing to merge into their parent libraries. Please avoid using this option in the affected versions. Please contact our support team if you are affected by this bug.

          "},{"location":"administration/seafile_gc/#using-multiple-threads-in-gc","title":"Using Multiple Threads in GC","text":"

          You can specify the thread number in GC. By default,

          • If storage backend is S3/Swift/Ceph, 10 threads are started to do the GC work.
          • If storage backend is file system, only 1 thread is started.

          You can specify the thread number in with \"-t\" option. \"-t\" option can be used together with all other options. Each thread will do GC on one library. For example, the following command will use 20 threads to GC all libraries:

          seaf-gc.sh -t 20\n

          Since the threads are concurrent, the output of each thread may mix with each others. Library ID is printed in each line of output.

          "},{"location":"administration/seafile_gc/#run-gc-based-on-library-id-prefix","title":"Run GC based on library ID prefix","text":"

          Since GC usually runs quite slowly as it needs to traverse the entire library history. You can use multiple threads to run GC in parallel. For even larger deployments, it's also desirable to run GC on multiple server in parallel.

          A simple pattern to divide the workload among multiple GC servers is to assign libraries to servers based on library ID. Since Pro edition 7.1.5, this is supported. You can add \"--id-prefix\" option to seaf-gc.sh, to specify the library ID prefix. For example, the below command will only process libraries having \"a123\" as ID prefix.

          seaf-gc.sh --id-prefix a123\n
          "},{"location":"administration/seafile_gc/#gc-in-seafile-docker-container","title":"GC in Seafile docker container","text":"

          To perform garbage collection inside the seafile docker container, you must run the /scripts/gc.sh script. Simply run docker exec <whatever-your-seafile-container-is-called> /scripts/gc.sh.

          "},{"location":"administration/security_features/","title":"Security Questions","text":""},{"location":"administration/security_features/#how-is-the-connection-between-client-and-server-encrypted","title":"How is the connection between client and server encrypted?","text":"

          Seafile uses HTTP(S) to syncing files between client and server (Since version 4.1.0).

          "},{"location":"administration/security_features/#encrypted-library","title":"Encrypted Library","text":"

          Seafile provides a feature called encrypted library to protect your privacy. The file encryption/decryption is performed on client-side when using the desktop client for file synchronization. The password of an encrypted library is not stored on the server. Even the system admin of the server can't view the file contents.

          There are a few limitation about this feature:

          1. File metadata is NOT encrypted. The metadata includes: the complete list of directory and file names, every files size, the history of editors, when, and what byte ranges were altered.
          2. The client side encryption does currently NOT work while using the web browser and the cloud file explorer of the desktop client. When you are browsing encrypted libraries via the web browser or the cloud file explorer, you need to input the password and the server is going to use the password to decrypt the \"file key\" for the library (see description below) and cache the password in memory for one hour. The plain text password is never stored or cached on the server.
          3. If you create an encrypted library on the web interface, the library password and encryption keys will pass through the server. If you want end-to-end protection, you should create encrypted libraries from desktop client only.
          4. For encryption protocol version 3 or newer, each library use its own salt to derive key/iv pairs. However, all files within a library shares the same salt. Likewise, all the files within a library are encrypted with the same key/iv pair. With encryption protocol version <= 2, all libraries use the same salt, but separate key/iv pairs.
          5. Encrypted library doesn't ensure file integrity. For example, the server admin can still partially change the contents of files in an encrypted library. The client is not able to detect such changes to contents.

          The client side encryption works on iOS client since version 2.1.6. The Android client support client side encryption since version 2.1.0.

          "},{"location":"administration/security_features/#how-does-an-encrypted-library-work","title":"How does an encrypted library work?","text":"

          When you create an encrypted library, you'll need to provide a password for it. All the data in that library will be encrypted with the password before uploading it to the server (see limitations above).

          The encryption procedure is:

          1. Generate a 32-byte long cryptographically strong random number. This will be used as the file encryption key (\"file key\").
          2. Encrypt the file key with the user provided password. We first use PBKDF2 algorithm (1000 iterations of SHA256) to derive a key/iv pair from the password, then use AES 256/CBC to encrypt the file key. The result is called the \"encrypted file key\". This encrypted file key will be sent to and stored on the server. When you need to access the data, you can decrypt the file key from the encrypted file key.
          3. All file data is encrypted by the file key with AES 256/CBC. We use PBKDF2 algorithm (1000 iterations of SHA256) to derive key/iv pair from the file key. After encryption, the data is uploaded to the server.

          The above encryption procedure can be executed on the desktop and the mobile client. The Seahub browser client uses a different encryption procedure that happens at the server. Because of this your password will be transferred to the server.

          When you sync an encrypted library to the desktop, the client needs to verify your password. When you create the library, a \"magic token\" is derived from the password and library id. This token is stored with the library on the server side. The client use this token to check whether your password is correct before you sync the library. The magic token is generated by PBKDF2 algorithm with 1000 iterations of SHA256 hash.

          For maximum security, the plain-text password won't be saved on the client side, too. The client only saves the key/iv pair derived from the \"file key\", which is used to decrypt the data. So if you forget the password, you won't be able to recover it or access your data on the server.

          "},{"location":"administration/security_features/#why-fileserver-delivers-every-content-to-everybody-knowing-the-content-url-of-an-unshared-private-file","title":"Why fileserver delivers every content to everybody knowing the content URL of an unshared private file?","text":"

          When a file download link is clicked, a random URL is generated for user to access the file from fileserver. This url can only be access once. After that, all access will be denied to the url. So even if someone else happens to know about the url, he can't access it anymore.

          "},{"location":"administration/security_features/#how-does-seafile-store-user-login-password","title":"How does Seafile store user login password?","text":"

          User login passwords are stored in hash form only. Note that user login password is different from the passwords used in encrypted libraries. In the database, its format is

          PBKDF2SHA256$iterations$salt$hash\n

          The record is divided into 4 parts by the $ sign.

          • The first part is the used hash algorithm. Currently we use PBKDF2 with SHA256. It can be changed to an even stronger algorithm if needed.
          • The second part is the number of iterations of the hash algorithm
          • The third part is the random salt used to generate the hash
          • The fourth part is the final hash generated from the password

          To calculate the hash:

          • First, generate a 32-byte long cryptographically strong random number, use it as the salt.
          • Calculate the hash with PBKDF2(password, salt, iterations). The number of iterations is currently 10000.
          "},{"location":"administration/two_factor_authentication/","title":"Two-Factor Authentication","text":"

          Starting from version 6.0, we added Two-Factor Authentication to enhance account security.

          There are two ways to enable this feature:

          • System admin can tick the check-box at the \"Password\" section of the system settings page, or

          • just add the following settings to seahub_settings.py and restart service. 

            ENABLE_TWO_FACTOR_AUTH = True\nTWO_FACTOR_DEVICE_REMEMBER_DAYS = 30  # optional, default 90 days.\n

          After that, there will be a \"Two-Factor Authentication\" section in the user profile page.

          Users can use the Google Authenticator app on their smart-phone to scan the QR code.

          "},{"location":"changelog/changelog-for-seafile-professional-server-old/","title":"Seafile Professional Server Changelog (old)","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#44","title":"4.4","text":"

          Note: Two new options are added in version 4.4, both are in seahub_settings.py

          • SHOW_TRAFFIC: default is True, set to False if you what to hide public link traffic in profile
          • SHARE_LINK_PASSWORD_MIN_LENGTH: default is 8

          This version contains no database table change.

          "},{"location":"changelog/changelog-for-seafile-professional-server-old/#449-20160229","title":"4.4.9 (2016.02.29)","text":"
          • [fix] Show \u201cout of quota\u201d instead of \u201cDERP\u201d in the case of out of quota when uploading files via web interface
          "},{"location":"changelog/changelog-for-seafile-professional-server-old/#448-20151217","title":"4.4.8 (2015.12.17)","text":"
          • [security] Fix password check for visiting a file in folder sharing link
          "},{"location":"changelog/changelog-for-seafile-professional-server-old/#447-20151120","title":"4.4.7 (2015.11.20)","text":"
          • [fix] Fix viewing PDF files via Office Web App
          • [fix, virus scan] Do not scanning deleted libraries in virus scan
          • [fix, virus scan] Fix showing the virus scan page when libraries containing scanned items are deleted
          • [virus scan] Add more debug information for virus scan
          • [fix] Clean cache when set users' name from web API
          • [fix] Fix a performance problem for generating picture thumbnails from folder sharing link
          "},{"location":"changelog/changelog-for-seafile-professional-server-old/#446-20151109","title":"4.4.6 (2015.11.09)","text":"
          • [security] Fix a XSS problem in raw sharing link
          • [fix] Delete sharing links when deleting a library
          • [fix] Clean Seafile tables when deleting a library
          • [fix] Add tag to the link in upload folder email notification
          • [fix] Fix a bug in creating a library (after submit a wrong password, the submit button is no longer clickable)
          • [fix, pro] Fix a bug in listing FileUpdate audit log
          • [security, pro] Don't online preview for office files in encrypted libraries
            • "},{"location":"changelog/changelog-for-seafile-professional-server-old/#445-20151030","title":"4.4.5 (2015.10.30)","text":"
            • [fix] Fix a bug in deleting sharing link in sharing dialog.
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#444-20151029","title":"4.4.4 (2015.10.29)","text":"
            • [fix] Fix support for syncing old formatted libraries
            • Remove commit and fs objects in GC for deleted libraries
            • Add \"transfer\" operation to library list in \"admin panel->a single user\"
            • [fix] Fix the showing of the folder name for upload link generated from the root of a library
            • [fix] Add access log for online file preview
            • [fix] Fix permission settings for a sub-folder of a shared sub-folder

            LDAP improvements and fixes

            • Only import LDAP users to Seafile internal database upon login
            • Only list imported LDAP users in \"organization->members\"
            • Add option to not import users via LDAP Sync (Only update information for already imported users). The option name is IMPORT_NEW_USER. See document http://manual.seafile.com/deploy/ldap_user_sync.html (url might deprecated)
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#443-20151020","title":"4.4.3 (2015.10.20)","text":"
            • [fix] Remove regenerate secret key in update script
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#442-20151019","title":"4.4.2 (2015.10.19)","text":"
            • [security] Check validity of file object id to avoid a potential attack
            • [fix] Check the validity of system default library template, if it is broken, recreate a new one.
            • [fix] After transfer a library, remove original sharing information
            • [security] Fix possibility to bypass Captcha check
            • [security] More security fixes.
            • [pro] Enable syncing a sub-sub-folder of a shared sub-folder (For example, if you share library-A/sub-folder-B to a group, other group members can selectively sync sub-folder-B/sub-sub-folder-C)
            • [fix, office preview] Handle the case that \"/tmp/seafile-office-output\"is removed by operating system
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#441-beta-20150924","title":"4.4.1 beta (2015.09.24)","text":"
            • [fix] Fix a bug in setting an user's language
            • [fix] Show detailed failed information when sharing libraries failed
            • [api] Add API to list folders in a folder recursively
            • [api] Add API to list only folders in a folder
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#440-beta-20150921","title":"4.4.0 beta (2015.09.21)","text":"

            New features:

            • Allow group names with spaces
            • Enable generating random password when adding an user
            • Add option SHARE_LINK_PASSWORD_MIN_LENGTH
            • Add sorting in share link management page
            • Other UI improvements

            Pro only:

            • Integrate Office Web Apps server
            • Integrate virus scan
            • Support resumable upload (turn off by default)
            • Add option to hide public link traffic in profile (SHOW_TRAFFIC)

            Fixes:

            • [fix] Fix a bug that causing duplications in table LDAPImport
            • set locale when Seahub start to avoid can't start Seahub problem in a few environments.
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#43","title":"4.3","text":"

            Note: this version contains no database table change from v4.2. But the old search index will be deleted and regenerated.

            Note when upgrading from v4.2 and using cluster, a new option COMPRESS_CACHE_BACKEND = 'locmem://' should be added to seahub_settings.py

            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#434-20150914","title":"4.3.4 (2015.09.14)","text":"
            • [fix] Fix a bug in file locking
            • [fix] Fix sub-folder permission check for file rename/move
            • [fix] Fix a bug in active number of users checking
            • Show total/active number of users in admin panel
            • Counts all downloads into traffic statistics
            • [security] Use POST request to handle password reset request to avoid CSRF attack
            • Don't show password reset link for LDAP users
            • [ui] Small improvements
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#433-20150821","title":"4.3.3 (2015.08.21)","text":"
            • [fix, important] Bug-fix and improvements for seaf-fsck
            • [fix, important] Improve I/O error handling for file operations on web interface
            • Update shared information when a sub-folder is renamed
            • [fix] Fix bug of list file revisions
            • [fix] Fix syncing sub-folder of encrypted library
            • Update translations
            • [ui] Small improvements
            • [fix] Fix modification operations for system default library by admin
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#432-20150812","title":"4.3.2 (2015.08.12)","text":"
            • Update translations
            • [fix] Fix bug in showing German translation
            • [fix] Fix bug when remove shared link at library settings page
            • [fix] Fix api error in opCopy/opMove
            • Old library page (used by admin in admin panel): removed 'thumbnail' & 'preview' for image files
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#431-20150731","title":"4.3.1 (2015.07.31)","text":"
            • [fix] Fix generating image thumbnail
            • [ui] Improve UI for sharing link page, login page, file upload link page
            • [security] Clean web sessions when reset an user's password
            • Delete the user's libraries when deleting an user
            • Show link expiring date in sharing link management page
            • [admin] In a user's admin page, showing libraries' size and last modify time
            • [fix, api] Fix star file API
            • [pro, beta] Add \"Open via Client\" to enable calling local program to open a file at the web

            About \"Open via Client\": The web interface will call Seafile desktop client via \"seafile://\" protocol to use local program to open a file. If the file is already synced, the local file will be opened. Otherwise it is downloaded and uploaded after modification. Need client version 4.3.0+

            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#430-20150725","title":"4.3.0 (2015.07.25)","text":"

            Usability improvements

            • [ui] Improve ui for file view page
            • [ui] Improve ui for sorting files and libraries
            • Redesign sharing dialog
            • Enable generating random password for sharing link
            • Remove direct file sharing between users (You can use sharing link instead)

            Pro only features:

            • Add file locking
            • [fix] Fix file name search for Chinese and other Asia language
            • [fix] Support special password for MySQL database in seafevents

            Others

            • [security] Improve permission check in image thumbnail
            • [security] Regenerate Seahub secret key, the old secret key lack enough randomness
            • Remove the support of \".seaf\" format
            • [api] Add API for generating sharing link with password and expiration
            • [api] Add API for generating uploading link
            • [api] Add API for link files in sharing link
            • Don't listen on 10001 and 12001 by default.
            • Change the setting of THUMBNAIL_DEFAULT_SIZE from string to number, i.e., use THUMBNAIL_DEFAULT_SIZE = 24, instead of THUMBNAIL_DEFAULT_SIZE = '24'
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#42","title":"4.2","text":"

            Note: because Seafile has changed the way how office preview work in version 4.2.2, you need to clean the old generated files using the command:

            rm -rf /tmp/seafile-office-output/html/\n
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#424-20150708","title":"4.2.4 (2015.07.08)","text":"
            • More fix on showing share link management page
            • Fix a bug on doc/ppt preview
            • Fix a bug in reading last login time
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#423-20150707","title":"4.2.3 (2015.07.07)","text":"
            • Fix translation problem for German and other language
            • Remove \"open locally\" feature. It needs more testing
            • Fix a problem in showing share link management page
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#422-20150703","title":"4.2.2 (2015.07.03)","text":"
            • [fix] Fix file uploading link
            • Add LDAP user sync
            • Improve preview for office files (doc/docx/ppt/pptx)

            In the old way, the whole file is converted to HTML5 before returning to the client. By converting an office file to HTML5 page by page, the first page will be displayed faster. By displaying each page in a separate frame, the quality for some files is improved too.

            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#421-20150630","title":"4.2.1 (2015.06.30)","text":"

            Improved account management

            • Add global address book and remove the contacts module (You can disable it if you use CLOUD_MODE by adding ENABLE_GLOBAL_ADDRESSBOOK = False in seahub_settings.py)
            • List users imported from LDAP
            • [guest] Enable guest user by default
            • [guest] Guest user can't generate share link
            • Don't count inactive users as licensed users

            Important

            • [fix] Fix viewing sub-folders for password protected sharing
            • [fix] Fix viewing starred files
            • [fix] Fix support of uploading multiple files in clients' cloud file browser
            • Improve security of password resetting link
            • Remove user private message feature

            New features

            • Enable syncing any folder for an encrypted library
            • Add open file locally (open file via desktop client)

            Others

            • [fix] Fix permission checking for sub-folder permissions
            • Change \"quit\" to \"Leave group\"
            • Clean inline CSS
            • Use image gallery module in sharing link for folders containing images
            • [api] Update file details api, fix error
            • Enable share link file download token available for multiple downloads
            • [fix] Fix visiting share link whose original path is deleted
            • Hide enable sub-library option since it is not meaningless for Pro edition
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#420-20150529","title":"4.2.0 (2015.05.29)","text":"

            Pro only updates

            • [new] Support set permission on every sub-folder
            • [search] Support partial match like \"com\" matching \"communication\" in file name
            • [search] The search result page is much clean

            Usability

            • Add direct file download link
            • Remove showing of library description
            • Don't require library description
            • Keep left navigation bar when navigate into a library
            • Generate share link for the root of a library
            • Add loading tip in picture preview page

            Security Improvement

            • Remove access tokens (all clients will log out) when a users password changed
            • Temporary file access tokens can only be used once
            • sudo mode: confirm password before doing sysadmin work

            Platform

            • Use HTTP/HTTPS sync only, no longer use TCP sync protocol
            • Support byte-range requests
            • Automatically clean of trashed libraries
            • [ldap] Save user information into local DB after login via LDAP
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#41","title":"4.1","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#412-20150507","title":"4.1.2 (2015.05.07)","text":"
            • [fix] Fix bug in syncing LDAP groups
            • [fix] Fix bug in viewing PDF/Doc
            • [fix] Fix crash bug when memcache is full
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#411-20150416","title":"4.1.1 (2015.04.16)","text":"
            • [fix] Fix Webdav's port can't be changed to non default port (8082)
            • [fix, searching] Fix handling invalid path name when indexing
            • [fix] Fix seaf-fsck for swift/s3/ceph backend
            • Do not show \"this type of file can't be viewed online\"
            • [fix] Fix showing of activity feed in mobile device
            • [fix] Fix viewing sharing link for deleted directories
            • Log email sending in background task to seahub_email_sender.log
            • Improve shibboleth login by supporting \"next\" parameter in URL
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#410-20150401","title":"4.1.0 (2015.04.01)","text":"

            Pro only updates

            • Support syncing any sub-folder in the desktop client
            • Add audit log, see http://manual.seafile.com/security/auditing.html (url might deprecated). This feature is turned off by default. To turn it on, see http://manual.seafile.com/deploy_pro/configurable_options.html (url might deprecated)
            • Syncing LDAP groups
            • Add permission setting for a sub-folder (beta)

            Updates in community edition too

            • [fix] Fix image thumbnail in sharing link
            • Show detailed time when mouse over a relative time
            • Add trashed libraries (deleted libraries will first be put into trashed libraries where system admin can restore)
            • Improve seaf-gc.sh
            • Redesign fsck.
            • Add API to support logout/login an account in the desktop client
            • Add API to generate thumbnails for images files
            • Clean syncing tokens after deleting an account
            • Change permission of seahub_settings.py, ccnet.conf, seafile.conf to 0600
            • Update Django to v1.5.12
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#40","title":"4.0","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#406-20150306","title":"4.0.6 (2015.03.06)","text":"
            • [fix] Fix the seafevents not shutdown by seafile.sh problem
            • Improved shibboleth support
            • [fix] Fix uploading a directory if the top directory only contains sub-folders (no files)
            • Improve thumbnail API
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#405-20150213","title":"4.0.5 (2015.02.13)","text":"
            • [fix] Fix a crash problem when a client tries to upload corrupted data
            • Add image thumbnails
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#404-20150205","title":"4.0.4 (2015.02.05)","text":"

            Important

            • [fix] Fix transfer library error in sysadmin page
            • [fix] Fix showing of space used in sysadmin page for LDAP users
            • [fix] Fix preview office files in file share links and private share
            • Improved trash listing performance

            Small

            • [webdav] list organisation public libraries
            • Disable non-shibboleth login for shibboleth users
            • [fix] Fix wrong timestamp in file view page for files in sub-library
            • Add Web API for thumbnail
            • Add languages for Thai and Turkish, update a few translations
            • [ldap] Following referrals
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#403-20150115","title":"4.0.3 (2015.01.15)","text":"
            • [fix] Fix memory leak in HTTP syncing
            • Repo owner can restore folders/files from library snapshot
            • Update translations
            • [ldap] Make the \"page result\" support turn off by default to be compatible with community edition.
            • Only repo owner can restore a library to a snapshot
            • [fix] Remote redundant logs in seaf-server
            • [fix] Raise 404 when visiting an non-existing folder
            • [fix] Enable add admin when LDAP is enabled
            • Add API to get server features information (what features are supported by this server)
            • [fix] Fix throttle for /api2/ping
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#402-20150106","title":"4.0.2 (2015.01.06)","text":"
            • [fix] Fix syncing sub-library with HTTP protocol
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#401-20141229","title":"4.0.1 (2014.12.29)","text":"
            • Add Shibboleth support (beta)
            • Improve libraries page loading speed by adding cache for library
            • [fix] Fix performance problem of FUSE when using ceph/swift backend
            • [fix] Fix folder upload by drap&drop
            • [fix] Fix version check for pro edition
            • [fix] Fix performance problem in listing files API
            • [fix] Fix listing files of a large folder
            • [fix] Fix folder sharing link with password protection
            • [fix] Fix deleting broken libraries in the system admin panel
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#400-20141213","title":"4.0.0 (2014.12.13)","text":"
            • Add HTTP syncing support
            • Merge FileServer into seaf-server
            • [web] New upload file dialog
            • [search] Improve the speed of search by removing in-efficient code in calculating file modification time in the search result page.
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#31","title":"3.1","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#3113-20141125","title":"3.1.13 (2014.11.25)","text":"
            • Add WMV video file preview on web
            • Support office documents online preview in cluster deployment
            • [fix] Fix file private sharing bug when file name contains &
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#3112-20141117","title":"3.1.12 (2014.11.17)","text":"
            • Update ElasticSearch to v1.4
            • Limit content search of txt file to 100KB.
            • Fix \"out of memory\" problem.
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#3111-20141103","title":"3.1.11 (2014.11.03)","text":"
            • [fix] Fixed ./seaf-gc.sh to run online GC
            • [fix] Fixed showing libraries with same name in WebDAV extension in some specific Python version
            • [fix] Fixed event timestamp for library creation and library deleting events
            • [fix] Don't allow setting an encrypted library as default library
            • [fix] Don't list unregistered contacts in sharing dialog
            • Don't list inactive users in \"organization->members\"
            • [multi-tenancy] Add webdav support
            • Autoupload files when added in web interface
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#3110-20141027","title":"3.1.10 (2014.10.27)","text":"
            • Online GC: you don't need to shutdown Seafile server to perform GC
            • [fix] Fixed performance problem in WebDAV extension
            • [fix] Fixed quota check in WebDAV extension
            • [fix] Fixed showing libraries with same name in WebDAV extension
            • Add \"clear\" button in a library's trash
            • [fix] Fix small errors when upload files via Web interface
            • [fix] Fix moving/coping files when the select all file checkbox is checked
            • [multi-tenancy] Listing libraries of an organization
            • [multi-tenancy] Enable rename an organization
            • [multi-tenancy] Prevent the deleting of creator account of an organisation
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#319-20141013","title":"3.1.9 (2014.10.13)","text":"
            • [ldap] split LDAP and Database in organization -> pubuser
            • [ldap] Support pagination for loading users from LDAP
            • [multi-tenancy] fix quota related bugs
            • [office preview] Fix seafevents not start bug when using Python v2.6
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#317-318","title":"3.1.7, 3.1.8","text":"
            • Add support for multi-tenancy
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#316-20140916","title":"3.1.6 (2014.09.16)","text":"
            • Add access.log for file download
            • [fix, api] Fix bug in group creation
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#315-20140913","title":"3.1.5 (2014.09.13)","text":"
            • Add multi-tenancy support
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#314-20140911","title":"3.1.4 (2014.09.11)","text":"
            • [fix] Fix bug in uploading >1GB files via Web
            • [fix] Remove assert in Ccnet to avoid denial-of-service attack
            • [fix] Add the missing ./seaf-gc.sh
            • Support two modes of license, life-time and subscription
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#313-20140829","title":"3.1.3 (2014.08.29)","text":"
            • [fix] Fix multi-file upload in upload link and library page
            • [fix] Fix libreoffice file online view
            • Add 'back to top' for pdf file view.
            • [fix] Fix \"create sub-library\" button under some language
            • [fix popup] Fix bug in set single notice as read.
            • Add message content to notification email
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#312-20140827","title":"3.1.2 (2014.08.27)","text":"
            • [fix] Fix support for guest account
            • [fix, security] Fix permission check for PDF full screen view
            • [fix] Fix copy/move multiple files in web
            • Improve UI for group reply notification
            • Improve seaf-fsck, seaf-fsck now can fix commit missing problem
            • [security improve] Access token generated by FileServer can only be used once.
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#311-20140818","title":"3.1.1 (2014.08.18)","text":"
            • [fix] Fix memory leak
            • [fix] Fix a memory not initialized problem which may cause sync problem under heavy load.
            • [fix, search] Closing database connection first before indexing
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#310-20140815","title":"3.1.0 (2014.08.15)","text":"

            Pro edition only:

            • [search] Enable searching directories
            • [search] Enable search groups in organization tab
            • [search] Enable encrypted libraries (filename only)
            • [search, fix] Fix a bug when indexing a large library
            • [preview,fix] Fix document preview for Excel files in sharing links
            • [user] Enable add users as guests. Guests are only able to use libraries shared to him/her.
            • [user] Enable set users password strength requirement
            • [sharing link] Enable set expiring time for sharing links
            • [sharing link] Library owner can manage all share links from this library

            Syncing

            • Improve performance: easily syncing 10k+ files in a library.
            • Don't need to download files if they are moved to another directory.

            Platform

            • Rename HttpServer to FileServer to remove confusing.
            • Support log rotate
            • Use unix domain socket in ccnet to listen for local connections. This isolates the access to ccnet daemon for different users.
            • Delete old PID files when stop Seafile
            • Remove simplejson dependency
            • [fix] fix listing libraries when some libraries are broken
            • Add a bash wrapper for seafile-gc

            Web

            • Enable deleting of personal messages
            • Improved notification
            • Upgrade pdf.js
            • Password protection for sharing links
            • [admin] Create multi-users by uploading a CSV file
            • Sort libraries by name/date
            • Enable users to put an additional message when sending a sharing link
            • Expiring time for sharing links
            • [fix] Send notification to all users participating a group discussion
            • Redesigned file viewing page
            • Remove simplejson dependency
            • Disable the ability to make a group public by default (admin can turn it on in settings)
            • Add \"Back to Top\" button in file view page
            • Improve page refreshing after uploading files
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#30","title":"3.0","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#307","title":"3.0.7","text":"
            • Add support for logrotate
            • [fix] Fix script for migrating from community edition
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#306","title":"3.0.6","text":"
            • Fix seahub failing to start problem when Ceph backend is used
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#305","title":"3.0.5","text":"
            • Add option to enable highlight search keyword in the file view
            • [fix] Fix \"Save to My Library\" in file sharing
            • [fix] Fix API for renaming files containing non-ASCII characters from mobile clients
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#304","title":"3.0.4","text":"
            • Add support for MariaDB Cluster
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#303","title":"3.0.3","text":"

            Web

            • Show a notice when one tries to reset/change the password of a LDAP user
            • Improve the initial size of pdf/office documents online preview
            • Handle languages more gracefully in search
            • Highlight the keywords in the search results
            • [fix] Fixed a web page display problem for French language

            Platform

            • Improve the speed when saving objects to disks
            • Show error messages when seahub.sh script failed to start
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#302","title":"3.0.2","text":"
            • Added Ceph storage backend support
            • Use random ID as avatar file name instead of the file name uploaded by the user
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#301","title":"3.0.1","text":"
            • [fix] Fix an UI bug in selecting multiple contacts in sending message
            • Library browser page: Loading contacts asynchronously to improve initial loading speed
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#300","title":"3.0.0","text":"

            Web

            • Redesigned UI
            • [admin] Add login log
            • [admin] Add share link traffic statistics
            • [fix] Handle loading avatar exceptions to avoid 500 error
            • Fixed a few api errors
            • Improve page loading speed
            • [fix] Fix UI problem when selecting contacts in personal message send form
            • [fix] Add nickname check and escape nickname to prevent XSS attack
            • [fix] Check validity of library name (only allow a valid directory name).

            Platform

            • Separate the storage of libraries
            • Record files' last modification time directly
            • Keep file timestamp during syncing
            • Allow changing password of an encrypted library
            • Allow config httpserver bind address
            • Improved device (desktop and mobile clients) management

            Misc

            • [fix] Fix API for uploading files from iOS in an encrypted library.
            • [fix] Fix API for getting groups messages containing multiple file attachments
            • [fix] Fix bug in HttpServer when file block is missing
            • [fix] Fix login error for some kind of Android
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#22","title":"2.2","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#221","title":"2.2.1","text":"
            • Add more checking for the validity of users' Email
            • Use random salt and PBKDF2 algorithm to store users' password.
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#21","title":"2.1","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#215","title":"2.1.5","text":"
            • Add correct mime types for mp4 files when downloading
            • [important] set correct file mode bit after uploading a file from web.
            • Show meaningful message instead of \"auto merged by system\" for file merges
            • Improve file history calculation for files which were renamed

            WebDAV

            • Return last modified time of files
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#214-1","title":"2.1.4-1","text":"
            • [fix] fixed the pro.py search --clear command
            • [fix] fixed full text search for office/pdf files
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#214","title":"2.1.4","text":"
            • Improved Microsoft Excel files online preview
            • [fix] Fixed file share link download issue on some browsers.
            • [wiki] Enable create index for wiki.
            • Hide email address in avatar.
            • Show \"create library\" button on Organization page.
            • [fix] Further improve markdown filter to avoid XSS attack.
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#213","title":"2.1.3","text":"
            • Fixed a problem of Seafile WebDAV server
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#212","title":"2.1.2","text":"
            • Fixed a problem of requiring python boto library even if it's not needed.
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#211","title":"2.1.1","text":"

            Platform

            • Added FUSE support, currently read-only
            • Added WebDAV support
            • A default library would be created for new users on first login to seahub
            • Upgrade scripts support MySQL databases now

            Web

            • Redesigned Web UI
            • Redesigned notification module
            • Uploadable share links
            • [login] Added captcha to prevent brute force attack
            • [login] Allow the user to choose the expiration of the session when login
            • [login] Change default session expiration age to 1 day
            • [fix] Fixed a bug of \"trembling\" when scrolling file lists
            • [sub-library] User can choose whether to enable sub-library
            • Improved error messages when upload fails
            • Set default browser file upload size limit to unlimited

            Web for Admin

            • Improved admin UI
            • More flexible customization options
            • Support specify the width of height of custom LOGO
            • Online help is now bundled within Seahub
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#20","title":"2.0","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#205","title":"2.0.5","text":"
            • Support S3-compatible storage backends like Swift
            • Support use existing elasticsearch server
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#204","title":"2.0.4","text":"
            • [fix] set the utf8 charset when connecting to database
            • Use users from both database and LDAP
            • [admin] List database and LDAP users in sysadmin
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#203","title":"2.0.3","text":"
            • [fix] Speed up file syncing when there are lots of small files
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#201","title":"2.0.1","text":"
            • [fix] Elasticsearch now would not be started if search is not enabled
            • [fix] Fix CIFS support.
            • [fix] Support special characters like '@' in MySQL password
            • [fix] Fix create library from desktop client when deploy Seafile with Apache.
            • [fix] Fix sql syntax error in ccnet.log, issue #400 (https://github.com/haiwen/seafile/issues/400).
            • [fix] Return organization libraries to the client.
            • Update French, German and Portuguese (Brazil) languages.
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#200","title":"2.0.0","text":"

            Platform

            • New crypto scheme for encrypted libraries
            • A fsck utility for checking data integrity

            Web

            • Change owner of a library/group
            • Move/delete/copy multiple files
            • Automatically save draft during online editing
            • Add \"clear format\" to .seaf file online editing
            • Support user delete its own account
            • Hide Wiki module by default
            • Remove the concept of sub-library

            Web for Admin

            • Change owner of a library
            • Search user/library

            API

            • Add list/add/delete user API
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#18","title":"1.8","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#183","title":"1.8.3","text":"
            • Improve seahub.sh
            • Improve license checking
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#182","title":"1.8.2","text":"
            • fixed 'cannot enter space' bug for .seaf file online edit
            • add paginating for repo files list
            • fixed a bug for empty repo
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#181","title":"1.8.1","text":"
            • Remove redundant log messages
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#180","title":"1.8.0","text":"

            Web

            • Improve online file browsing and uploading
            • Redesigned interface
            • Use ajax for file operations
            • Support selecting of multiple files in uploading
            • Support drag/drop in uploading
            • Improve file syncing and sharing
            • Syncing and sharing a sub-directory of an existing library.
            • Directly sharing files between two users (instead of generating public links)
            • User can save shared files to one's own library
            • [wiki] Add frame and max-width to images
            • Use 127.0.0.1 to read files (markdown, txt, pdf) in file preview
            • [bugfix] Fix pagination in library snapshot page
            • Set the max length of message reply from 128 characters to 2000 characters.

            API

            • Add creating/deleting library API

            Platform

            • Improve HTTPS support, now HTTPS reverse proxy is the recommend way.
            • Add LDAP filter and multiple DN
            • Case insensitive login
            • Move log files to a single directory
            • [security] Add salt when saving user's password
            • [bugfix] Fix a bug in handling client connection
            • Add a script to automate setup seafile with MySQL
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#17","title":"1.7","text":""},{"location":"changelog/changelog-for-seafile-professional-server-old/#1704","title":"1.7.0.4","text":"
            • Fixed a bug in file activities module
            "},{"location":"changelog/changelog-for-seafile-professional-server-old/#170","title":"1.7.0","text":"
            • First release of Seafile Professional Server
            "},{"location":"changelog/changelog-for-seafile-professional-server/","title":"Seafile Professional Server Changelog","text":"

            You can check Seafile release table to find the lifetime of each release and current supported OS: https://cloud.seatable.io/dtable/external-links/a85d4221e41344c19566/?tid=0000&vid=0000

            "},{"location":"changelog/changelog-for-seafile-professional-server/#110","title":"11.0","text":"

            Upgrade

            Please check our document for how to upgrade to 11.0

            "},{"location":"changelog/changelog-for-seafile-professional-server/#11016-2024-11-04","title":"11.0.16 (2024-11-04)","text":"
            • The storage migration script now does not allow migration to the original bucket
            • [Security] Do not allow .. as a file directory name
            • [fix] Search results now show the first 20 entries and the user can click more to jump to the page dedicated to search
            • [fix] Fixed SSE_C support
            • Added an option USE_LDAP_SYNC_ONLY to meet the case that using LDAP to sync users to Seafile and let users to login via SSO only
            • [fix] Hide the print button when opening with office online server for preview only the folder share
            • [fix] Do not send file lock notifications to notification server if notification server is not configured for golang fileserver
            • [fix] Sending Links with Passwords has no HTML escape
            • [fix] Fix preview support for TIFF images
            "},{"location":"changelog/changelog-for-seafile-professional-server/#11015-2024-10-17","title":"11.0.15 (2024-10-17)","text":"
            • [fix] Check the length of email in login form, preventing too long input
            • [fix] Use user name instead of user ID in email content
            • [fix] auth-token API also prevent brute force attack
            • [fix] Fix invite people in multi-tenancy mode
            • [fix] Add option SSO_LDAP_USE_SAME_UID
            "},{"location":"changelog/changelog-for-seafile-professional-server/#11014-2024-08-22","title":"11.0.14 (2024-08-22)","text":"
            • [fix] Fix a bug that system admin can not share a library in admin panel
            • [fix] Fix a bug when syncing user role in LDAP sync
            • [fix] Fix S3 support configuration
            • [fix] Add redis package in Docker image
            • [fix] Improve client side SSO via local browser
            "},{"location":"changelog/changelog-for-seafile-professional-server/#11013-2024-08-14","title":"11.0.13 (2024-08-14)","text":"
            • Update translations
            "},{"location":"changelog/changelog-for-seafile-professional-server/#11012-2024-08-07","title":"11.0.12 (2024-08-07)","text":"
            • [fix] [important] Fix a security bug in WebDAV
            • [fix] Fix S3 backend with V4 protocal and path_style_request
            • [fix] Use user's name in reset password email instead of internal ID
            • [fix] Fix invited guest cannot be revoke
            • [fix] Fix keyerror when using backup code in two-factor auth
            • [fix] Do not print warning in seaf-server.log when a LDAP user login
            "},{"location":"changelog/changelog-for-seafile-professional-server/#11011-2024-07-24","title":"11.0.11 (2024-07-24)","text":"
            • Remove unnecessary warning in seahub_email_sender.log
            • [fix] Fix a performance issue in sending file activities notification via email
            • Remove REPLACE_FROM_EMAIL setting as most email server does not support it
            • [fix] Fix a bug in LDAP login with multiple OU
            "},{"location":"changelog/changelog-for-seafile-professional-server/#11010-2024-07-09","title":"11.0.10 (2024-07-09)","text":"
            • [fix] Fix system admin users page when institution feature is enabled
            • Improving logging of search index
            • [fix] Support using contact email in OCM sharing
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1109-2024-06-25","title":"11.0.9 (2024-06-25)","text":"
            • [fix] Fix a crash problem in golang file server introduced in version 11.0.8
            • Add a new role permission \"can_share_repo\"
            • Add rate control for password reset for a user
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1108-2024-06-20","title":"11.0.8 (2024-06-20)","text":"
            • support named groups in SAML claim
            • [fix] Fix CollaboraOnline integration for read-only shares and share links
            • [fix] Fix display issue for ADDITIONAL_SHARE_DIALOG_NOTE
            • [fix] Fix buckets check for ceph and swift backend
            • [fix] Use contact_email in user freeze notifications for system admins
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1107-2024-06-03","title":"11.0.7 (2024-06-03)","text":"

            Seafile

            • Improve accessibility
            • Support open ODG files with LibreOffice (Collabora Online)
            • Support showing last modified time for folders in WebDAV
            • [fix] Fix \"remember me\" in 2FA
            • Enable transfering a library to department in system admin panel
            • [fix] Fix a bug in SAML single logout

            SDoc editor 0.8

            • Support automatically adjusting table width to fit page width
            • Improve comments feature
            • Improve documents shown on mobile
            • More UI fixes and improvements
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1106-beta-2024-04-19","title":"11.0.6 beta (2024-04-19)","text":"

            Seafile

            • Support log rotate for golang file server and notification server
            • Update UI for upload link
            • Support OnlyOffice version feature
            • Show files' original path in the trash
            • Fix traffic statistics
            • Fix an error in LDAP user sync
            • Add an option DISABLE_ADFS_USER_PWD_LOGIN to prevent SAML users login via email/password

            SDoc editor 0.7

            • Improve file comment feature
            • Improve file diff showing
            • Support print a document
            • Improve table editing
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1105-beta-2024-03-20","title":"11.0.5 beta (2024-03-20)","text":"
            • Forbid generating share links for a library if the user has invisible/cloud-read-only permission on the library
            • [fix] Fix a configuration error for Ceph storage (if you don't use S3 interface)
            • [fix] Fix a bug in traffic statistic in golang file server
            • Support use different index names for ElasticSearch
            • Fix column view is limited to 100 items
            • Fix LDAP user login for WebDAV
            • Remove the configuration item \"ENABLE_FILE_COMMENT\" as it is no longer needed
            • Enable copy/move files between encrypted and non-encrypted libraries
            • Forbid creating libraries with Emoji in name
            • Fix some letters in the file name do not fit in height in some dialogs
            • Fix a performance issue in sending file updates report
            • Some other UI fixes and improvements

            SDoc editor 0.6

            • Support convert docx file to sdoc file
            • Support Markdown format in comments
            • Support drag rows/columns in table element and other improvements for table elements
            • Other UI fixes and improvements
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1104-beta-and-sdoc-editor-05-2024-02-01","title":"11.0.4 beta and SDoc editor 0.5 (2024-02-01)","text":"

            Major changes

            • Use a virtual ID to identify a user
            • LDAP login update
            • SAML/Shibboleth/OAuth login update
            • Update Django to version 4.2
            • Update SQLAlchemy to version 2.x
            • Add SeaDoc

            UI Improvements

            • Improve UI of PDF view page
            • Update folder icon
            • The activities page support filter records based on modifiers
            • Add indicator for folders that has been shared out
            • Use file type icon as favicon for file preview pages
            • Support preview of JFIF image format

            Pro edition only changes

            • Support S3 SSE-C encryption
            • Support a new invisible sub-folder permission
            • Update of online read-write permission, online read-write permission now support the shared user to update/rename/delete files online, making it consistent with normal read-write permission

            Other changes

            • Remove file comment features as they are used very little (except for SeaDoc)
            • Add move dir/file, copy dir/file, delete dir/file, rename dir/file APIs for library token based API
            • Use user's current language when create Office files in OnlyOffice
            "},{"location":"changelog/changelog-for-seafile-professional-server/#100","title":"10.0","text":"

            Upgrade

            Please check our document for how to upgrade to 10.0.

            "},{"location":"changelog/changelog-for-seafile-professional-server/#10018-2024-11-01","title":"10.0.18 (2024-11-01)","text":"
            • [fix] Prevent the creating of files with name \"..\"
            "},{"location":"changelog/changelog-for-seafile-professional-server/#10017-2024-10-23","title":"10.0.17 (2024-10-23)","text":"

            This release is for Docker image only

            • [fix] Update the version of sqlalchemy to make \"activities\" page work. The bug was introduced in v10.0.16.
            "},{"location":"changelog/changelog-for-seafile-professional-server/#10016-2024-06-21","title":"10.0.16 (2024-06-21)","text":"
            • [fix] Fix CollaboraOnline integration for read-only shares and share links
            "},{"location":"changelog/changelog-for-seafile-professional-server/#10015-2024-03-21","title":"10.0.15 (2024-03-21)","text":"
            • [Fix] Fix a bug in seaf-gc for FS object
            "},{"location":"changelog/changelog-for-seafile-professional-server/#10014-2024-02-27","title":"10.0.14 (2024-02-27)","text":"
            • Update some translations
            • [Fix] Fix a bug in OnlyOffice desktop editor integration
            • [Fix] Fix a bug in moving file dialog
            "},{"location":"changelog/changelog-for-seafile-professional-server/#10013-2024-02-05","title":"10.0.13 (2024-02-05)","text":"
            • [security] Upgrade pillow dependency from 9.0 to 10.0.

            Note, after upgrading to this version, you need to upgrade the Python libraries in your server \"pillow==10.2.* captcha==0.5.* django_simple_captcha==0.5.20\"

            "},{"location":"changelog/changelog-for-seafile-professional-server/#10012-2024-01-16","title":"10.0.12 (2024-01-16)","text":"
            • Improved WOPI-integration of Collabora Online
            • Fix \"Share Admin->Links->Share Links\" crash when shared link file does not exist anymore
            "},{"location":"changelog/changelog-for-seafile-professional-server/#10011-2023-11-09","title":"10.0.11 (2023-11-09)","text":"
            • [fix] Improve error message in SAML login when the IdP have a connection problem
            • [fix] Fix a bug that go fileserver causing client to generate empty commit
            • [fix] Add missing max number of files for a library when uploading via WebDAV
            • [fix] Show which users cannot be imported when importing users to group
            "},{"location":"changelog/changelog-for-seafile-professional-server/#10010-2023-10-17","title":"10.0.10 (2023-10-17)","text":"
            • [fix] Fix a bug in golang file server that cannot handle sharing permission correctly for departments
            • [fix] Fix a bug Share Link Email Verification cannot work for Italy language
            • [fix] Fix notification server support in golang file server
            • [fix] Fix a bug in search library by ID in admin panel
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1009-2023-08-25","title":"10.0.9 (2023-08-25)","text":"
            • Add an option (library_file_limit in seafile.conf) to support setting the maximum number of files in a single library
            • [fix] Support for virus scan in golang file server when uploading files via upload links
            • Some UI fixes and improvements
            • Improve script clear_invalid_repo_data.py
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1008-2023-08-01","title":"10.0.8 (2023-08-01)","text":"
            • [fix] Fix a bug in worker pool management in golang file server
            • Improve error message when a user log in via SAML in multi-tenancy mode
            • [fix] Fix a bug that causing fsck crash
            • Improve the way how cluster_shared folder is cleaned up
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1007-2023-07-25","title":"10.0.7 (2023-07-25)","text":"
            • [fix] Fix a memory leak in golang file server
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1006-2023-06-27","title":"10.0.6 (2023-06-27)","text":"
            • [fix] Fix \"all notifications\" page link broken when notification server is used
            • [fix] Fix UI bug of notifications dialog
            • [fix] Fix a bug in listing shared out libraries/folders in multi-tenancy mode
            • [fix] Fix a bug in sending emails to admin when finding virus
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1005-2023-06-12","title":"10.0.5 (2023-06-12)","text":"
            • [fix] Fix display of tags in the file details side bar
            • [fix] Fix a file name encoding bug in golang file server
            • [fix] Fix a UI bug in setting expiration time for a sharing link
            • Update included POI java library which is used to extracting contents of doc/docx files in indexing
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1004-2023-05-17","title":"10.0.4 (2023-05-17)","text":"
            • Add \"Undo\" action in the notification toast after deleting files and folders
            • Improve UI of system admin -> department page
            • Support online preview of more audio file formats
            • Support TLS connection to MySQL/MariaDB server
            • [fix] Fix a few bugs in notification server
            • Some other UI improvements
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1003-beta-2023-04-12","title":"10.0.3 beta (2023-04-12)","text":"
            • [fix] Fix a performance issue when displaying many share links for a single file
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1002-beta-2023-04-12","title":"10.0.2 beta (2023-04-12)","text":"
            • Support generating multiple share links for a file and a folder
            • [fix] Fix a bug in golang file server when zip-downloading a folder in encrypted library
            • [fix] Fix a bug in upgrading script when there is no configuration for Nginx
            • Video player support changing playback speed
            • [fix] Fix a few bugs in notification server
            • [multi-tenancy] Support org admin to changing logo for each organization
            "},{"location":"changelog/changelog-for-seafile-professional-server/#1000-beta-2023-04-12","title":"10.0.0 beta (2023-04-12)","text":"
            • Update Python dependencies and support Ubuntu 22.04 and Debian 11
            • Update ElasticSearch to 8.0
            • [new] Add a new notification server (document will be provided later)
            • [new] Support downloading/uploading rate limit for a user
            • [new] Watch and get notifications for libraries
            • [new] Support each organization to have its own SAML login in multi-tenancy mode
            • Update WebDAV password to use one-way hash
            • Remove SQL sub queries to improve SQL query speed in seaf-server
            • Show number of shared users/groups if any when deleting a folder
            • Support online playing of .wav files
            "},{"location":"changelog/changelog-for-seafile-professional-server/#90","title":"9.0","text":"

            Upgrade

            Please check our document for how to upgrade to 9.0.

            "},{"location":"changelog/changelog-for-seafile-professional-server/#9016-2023-03-22","title":"9.0.16 (2023-03-22)","text":"
            • [fix] Fix a bug in clear_invalid_repo_data with virtual repos
            "},{"location":"changelog/changelog-for-seafile-professional-server/#9015-2023-03-01","title":"9.0.15 (2023-03-01)","text":"
            • [fix] Fix a bug in seaf-gc for fs object
            • [fix] Fix some bugs in golang fileserver
            "},{"location":"changelog/changelog-for-seafile-professional-server/#9014-2023-01-06","title":"9.0.14 (2023-01-06)","text":"
            • [fix] Fix some bugs in golang fileserver
            "},{"location":"changelog/changelog-for-seafile-professional-server/#9013-2022-11-11","title":"9.0.13 (2022-11-11)","text":"
            • [multi-tenancy] Add device management for organization admin
            • [multi-tenancy] Add statistics for organization admin
            • [multi-tenancy] Support import users from xlsx
            • [fix] Prevent system admin creating libraries with invalid name in admin panel
            • Add \"create\" permission in custome sharing permission
            • Improve performance in golang file server
            "},{"location":"changelog/changelog-for-seafile-professional-server/#9012-2022-11-04","title":"9.0.12 (2022-11-04)","text":"
            • Enable 'zoom in/out by pinch' for mobile in pdf file view page
            • [fix] Fix recording device information for desktop clients login with SSO
            "},{"location":"changelog/changelog-for-seafile-professional-server/#9011-2022-10-27","title":"9.0.11 (2022-10-27)","text":"
            • [fix] Fix file accessed by seadrive cannot be correctly logged in access log
            • [fix] Fix \"document convertion failed\u201d error visiting a shared document with preview only
            • [fix] Fix memory leak when block cache is enabled
            • [fix] Add unique index to repo_id_file_path_md5 in table onlyoffice_onlyofficedockey
            • [fix] Fix the default created ElasticSearch(v7.x) index has only one shard
            • [fix] Fix search in move files dialog not working
            "},{"location":"changelog/changelog-for-seafile-professional-server/#9010-2022-10-12","title":"9.0.10 (2022-10-12)","text":"
            • Admin list all users API now return last_login and last_access_time
            • [fix] Fix a bug in displaying markdown file in sharing link
            • [fix] Fix notification mails are sent to inactive users
            • [fix] Fix viewing a file in an old snapshot leads to server hickup
            • [fix] Fix an HTTP/500 \"Internal server error\" when the user sets password containing non-latin characters for sharing links
            "},{"location":"changelog/changelog-for-seafile-professional-server/#909-2022-09-22","title":"9.0.9 (2022-09-22)","text":"
            • [fix] Fix a memory leak problem
            • [fix] Fix a bug that will lead to seaf-fsck crash
            • [fix] Fix a stored XSS problem for library names
            • [fix] Disable open a file in OnlyOffice for encrypted libraries when open from trash
            • [fix] Fix library template feature cannot work for department libraries
            • [fix] Fix file locking display on client for shared sub-folder
            • [fix] Fix a memcached problem in go fileserver
            "},{"location":"changelog/changelog-for-seafile-professional-server/#908-2022-09-09","title":"9.0.8 (2022-09-09)","text":"
            • [fix] Fix a UI bug in sending sharing link by email
            • [fix] Markdown editor does not properly filter javscript URIs from the href attribute, which results in stored XSS
            • [fix] Fix a bug in OCM sharing
            • [fix] Fix a bug in un-linking a device in admin panel
            • [fix] Adding URL security check in /accounts/login redirect by ?next= parameter
            • Improve Onlyoffice document info cache handling
            • [fix] Fix a performance problem in go fileserver
            • When a Custom Sharing Permissions is deleted, removing corresponding shares
            • [fix] Don't show auto-deletion menu item when the feature is not enabled
            • [fix] Fix a bug in reading a role's quota when a user login with SSO
            "},{"location":"changelog/changelog-for-seafile-professional-server/#907-20220811","title":"9.0.7 (2022/08/11)","text":"

            Note: included lxml library is removed for some compatiblity reason. The library is used in published libraries feature and WebDAV feature. You need to install lxml manually after upgrade to 9.0.7. Use command pip3 install lxml to install it.

            • A page in published libraries is rendered at the server side to improve loading speed.
            • Upgrade Django from 3.2.6 to 3.2.14
            • Fix a bug in collaboration notice sending via email to users' contact email
            • Support OnlyOffice oform/docxf files
            • Improve user search when sharing a library
            • Admin panel support searching a library via ID prefix
            • [fix] Fix preview PSD images
            • [fix] Fix a bug that office files can't be opened in sharing links via OnlyOffice
            • [fix] Go fileserver: Folder or File is not deletable when there is a spurious utf-8 char inside the filename
            • [fix] Fix file moving in WebDAV
            • ElasticSearch now support https
            • Support advanced permissions like cloud-preview only, cloud read-write only when shareing a department library
            • [fix] Fix a bug in get library sharing info in multi-tenancy mode
            • [fix] Fix a bug in library list cache used by syncing client
            "},{"location":"changelog/changelog-for-seafile-professional-server/#906-20220706","title":"9.0.6 (2022/07/06)","text":"
            • Support using custom permission when shareing a department library
            • [fix] Fix a bug in go file-server when working with online GC
            • Add cache for getting locked files and getting folder permission (reduce server load caused by sycing client)
            • Show table of contents in Markdown sharing link
            • Check if quota exceeded before file uploading in upload sharing link
            • Support import group member via contact email
            • [fix] Fix a bug that sometimes a shared subfolder is unshared automatically by database access error
            • [fix] Fix a bug in work with Python 3.10+
            • [fix] Fix a bug in smart link redirect to the file page
            • [fix] Fix a UI bug when drag and drop a file
            • Improve UI of file comments
            • [fix] Fix permission check in deleting/editing a file comment
            • Support editing of expire time for sharing links
            • Show ISO date and time in file history page instead of showing relative time
            • Add \"Visit related snapshot\" in the dropdown menu of an entry in file history
            "},{"location":"changelog/changelog-for-seafile-professional-server/#905-20220321","title":"9.0.5 (2022/03/21)","text":"
            • Remove unused \"related files\" feature
            • [fix] Fix zip downloading a folder not having .zip suffix when using golang file server
            • UI improvement of file label feature
            • Show file labels in folder sharing links
            • Improve performance when deleting virtual repos when original repo is deleted
            • [fix, security] Fix permission check in deleting/editing a file comment
            "},{"location":"changelog/changelog-for-seafile-professional-server/#904-20220124","title":"9.0.4 (2022/01/24)","text":"
            • Users can save files or folders in shared folder link to their own libraries
            • [fix] Fix markdown file print
            "},{"location":"changelog/changelog-for-seafile-professional-server/#903-beta-20211228","title":"9.0.3 beta (2021/12/28)","text":"
            • Upgrade ElasticSearch to version 7.x
            • Improve UI of file moving/copying dialog to show folders with long names
            • Expand to the current folder when open file moving/copying dialog
            • [fix] Fix a bug in golang file server log rotate support
            • [fix] Fix a bug in folder download-link and try to download files/folders as zip using golang file server
            • Preserve keyword when expanding search dialog to a separate search page
            "},{"location":"changelog/changelog-for-seafile-professional-server/#902-beta-20211215","title":"9.0.2 beta (2021/12/15)","text":"
            • Upgrade Django to 3.2
            • Enable showing password for encrypted sharing links
            • Rewrite HTTP service in seaf-server with golang and move it to a separate component (turn off by default)
            • Upgrade PDFjs to new version, support viewing of password protected PDF
            • Use database to store OnlyOffice cache keys
            • Supporting converting files like doc to docx using OnlyOffice for online editing
            • In sharing link with edit permission, anonymous users can set his/her name in OnlyOffice editing
            • Move SERVICE_URL configuration from ccnet.conf to seahub_settings.py

            The new file-server written in golang serves HTTP requests to upload/download/sync files. It provides three advantages:

            • The performance is better in a high-concurrency environment and it can handle long requests. Now you can sync libraries with large number of files.
            • Now file zipping and downloading can be done simutaneously. When zip downloading a folder, you don't need to wait until zip is done.
            • Support rate control for file uploading and downloading.

            You can turn golang file-server on by adding following configuration in seafile.conf

            [fileserver]\nuse_go_fileserver = true\n
            "},{"location":"changelog/changelog-for-seafile-professional-server/#901","title":"9.0.1","text":"

            Deprecated

            "},{"location":"changelog/changelog-for-seafile-professional-server/#900","title":"9.0.0","text":"

            Deprecated

            "},{"location":"changelog/changelog-for-seafile-professional-server/#80","title":"8.0","text":"

            Upgrade

            Please check our document for how to upgrade to 8.0.

            "},{"location":"changelog/changelog-for-seafile-professional-server/#8017-20220110","title":"8.0.17 (2022/01/10)","text":"
            • [fix] Remove JndiManager.class, JmsAppender.class and SmtpAppender.class from log4j jar in bundled ElasticSearch
            • [fix] Fix a bug in insert file from library in Markdown editor
            • [fix] Fix a crash bug in real-time backup service
            "},{"location":"changelog/changelog-for-seafile-professional-server/#8016-20211228","title":"8.0.16 (2021/12/28)","text":"
            • [fix] Remove JndiLookup.class from log4j jar in bundled ElasticSearch
            • [fix] Fix a memory leak in seaf-server
            • Use contact email and name in guest invitation revoking email
            • Upgrade bundled mariadb connector c to 3.2.5
            "},{"location":"changelog/changelog-for-seafile-professional-server/#8015-20211206","title":"8.0.15 (2021/12/06)","text":"
            • If a custom admin role is not found in admin role list, a role with minimal permissions (\"audit_admin\") will be assigned to the user
            • [fix] Fix a security issue in token check in file syncing
            "},{"location":"changelog/changelog-for-seafile-professional-server/#8014-20211117","title":"8.0.14 (2021/11/17)","text":"
            • [fix] Fix hanlding of user disconnect and connect messages from OnlyOffice
            • [fix] Fix OnlyOffice editing support for anonymous users in sharing links
            "},{"location":"changelog/changelog-for-seafile-professional-server/#8012-20211103","title":"8.0.12 (2021/11/03)","text":"
            • Improve the way to download scan code for sharing links
            • Group admins can search group members now
            "},{"location":"changelog/changelog-for-seafile-professional-server/#8011-20210926","title":"8.0.11 (2021/09/26)","text":"
            • [fix] Fix a bug in LDAP group sync when using OpenLDAP
            "},{"location":"changelog/changelog-for-seafile-professional-server/#8010-20210909","title":"8.0.10 (2021/09/09)","text":"
            • [fix] Fix a bug in LDAP sync
            "},{"location":"changelog/changelog-for-seafile-professional-server/#809-20210826","title":"8.0.9 (2021/08/26)","text":"
            • Improve title of guest invitation email
            • [fix] Fix a bug that page \"admin panel -> logs -> permissions\" can't be displayed
            • [fix] Fix a bug in admin search users
            "},{"location":"changelog/changelog-for-seafile-professional-server/#808-20210806","title":"8.0.8 (2021/08/06)","text":"
            • [multi-tenancy] Support system Admin to add additional admins to a specific org
            • [fix] Fix zip downloading for large files in cluster
            • [fix] Fix online editing for files with very long names
            • Improve performance for listing deleted files in trash
            • [fix] Update expire date for new guest invitation if there is an old expired invitation
            • [fix] Fix FORCE_PASSWORD_CHANGE does not force the new user to change their password if the user is added by admin
            • [fix] Fix setting a webdav password when 2FA enabled
            "},{"location":"changelog/changelog-for-seafile-professional-server/#807-20210719","title":"8.0.7 (2021/07/19)","text":"
            • Add missing accessibility labels for some links and buttons in file details page
            • [fix] Fix a bug in file zip download when the size of files exceed limit
            • [fix] Fix long WebDAV Secret Yields 500 Error
            "},{"location":"changelog/changelog-for-seafile-professional-server/#806-20210715","title":"8.0.6 (2021/07/15)","text":"
            • [fix] Fix a cache problem in OnlyOffice integration when automatically saving is used
            • [fix] Once a user quota have been set, I can not set it back to 0 (unlimited)
            • [fix] Fix collabora integration
            • User's can manage his/her Web API Auth Token in profile page
            • A group admin can now leave a group
            • [fix] Fix Lazy loading / pagination breaks image viewer (https://forum.seafile.com/t/lazy-loading-pagination-breaks-image-viewer/14655)
            • seaf-gc can now clean fs object
            • Update included libradios to version 16
            "},{"location":"changelog/changelog-for-seafile-professional-server/#805-20210625","title":"8.0.5 (2021/06/25)","text":"
            • Add compatibility with IE11
            • [fix] Fix a bug in seaf-gc for libraries with sub-libraies
            • Enable deleting devices in admin panel
            • Enable setting a user's quota back to 0 (unlimited)
            • Users can now manage its own Web API auth token in profile page
            • Enable a group admin leave a group
            • [fix] Disable editing via sharing link when a file is locked
            • [fileserver] Add block cache option when downloading file from web or API
            "},{"location":"changelog/changelog-for-seafile-professional-server/#804-20210520","title":"8.0.4 (2021/05/20)","text":"
            • [fix] Add back virus scan support in uploading link
            • [fix] Fix a bug in seaf-gc
            • [fix] Fix a bug in library list cache
            • [fix] Fix a bug that a libary can't be synced immidiately after creating
            • [fix] Do not show watermark when editing files with Office Online Server
            "},{"location":"changelog/changelog-for-seafile-professional-server/#803-20210427","title":"8.0.3 (2021/04/27)","text":"
            • [fix] Fix SAML2 authentication
            • [fix] Fix file locking
            • [fix] Fix anothoer bug in upload files to a sharing link with upload permission

            Potential breaking change in Seafile Pro 8.0.3: You can set the maximum number of files contained in a library that can be synced by the Seafile client. The default is 100000. When you download a repo, Seafile client will request fs id list, and you can control the timeout period of this request through fs_id_list_request_timeout configuration, which defaults to 5 minutes. These two options are added to prevent long fs-id-list requests from overloading the server. If you have large libraries on the server, this can cause \"internal server error\" returned to the client. You have to set a large enough limit for these two options.

            [fileserver]\nmax_sync_file_count = 100000\nfs_id_list_request_timeout = 300\n
            "},{"location":"changelog/changelog-for-seafile-professional-server/#802-20210421","title":"8.0.2 (2021/04/21)","text":"
            • [fix] Fix upload files to sub-folders in a sharing link with upload permission
            • [fix] Enable sending collabration notification emails by default
            • [fix] Recreate a department if it is deleted in LDAP syncing
            • [fix] Fix compatibility with old MariaDB in upgrading SQL statements from version 7.1 to 8.0
            • [fix] Fix deleting libraries without owner in admin panel
            • Add an API to change a user's email
            • [fix] Fix a bug in storage migration script
            • [fix] Fix a bug that will cause fsck crash
            • [fix] Fix a XSS problem in notification
            "},{"location":"changelog/changelog-for-seafile-professional-server/#801-20210407","title":"8.0.1 (2021/04/07)","text":"
            • Users can set whether to receive email notifications in the setting page
            • [fix] Fix a bug that sometimes traffic statistics are not correct
            • Improve file locking handling for OnlyOffice and Office Online Server integration
            • [fix] Fix a bug in seaf-gc
            • [fix] Fix wrong links of files in library history details dialog
            • Add \"Open via Client\" button in file view page
            • Add an admin API to change a user's email
            "},{"location":"changelog/changelog-for-seafile-professional-server/#800-beta-20210302","title":"8.0.0 beta (2021/03/02)","text":"
            • Add open cloud mesh feature
            • Upgrade Django to 2.2 version
            • Remove ccnet-server component
            • Users can use secret key to access WebDAV after enabling two-factor authentication
            • Add QR code for sharing links
            • Rewrite upload link page to use React technology
            • Improve GC performance
            • Update help page
            • Release v4 encrypted library format to enhance security for v3 encrypted format
            "},{"location":"changelog/changelog-for-seafile-professional-server/#71","title":"7.1","text":"

            Upgrade

            Please check our document for how to upgrade to 7.1.

            "},{"location":"changelog/changelog-for-seafile-professional-server/#7122-20210729","title":"7.1.22 (2021/07/29)","text":"
            • [fix] Fix a UI bug for setting sharing permission
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7121-20210713","title":"7.1.21 (2021/07/13)","text":"
            • Make file download link generated for OnlyOffice can be used by multiple times
            • Improve OnlyOffice integration logs
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7120-20210702","title":"7.1.20 (2021/07/02)","text":"
            • [fix] Fix a cache bug for OnlyOffice integration.
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7119-20210604","title":"7.1.19 (2021/06/04)","text":"
            • [fix] Fix a bug that some threads are set as daemon in seafevents
            • [fix] Improve performance in system admin listing users by removing some redundent code in fetching users' last active time
            • [fix] Fix a bug in password protected sharing link with direct download set (?dl=1)
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7118-20210513","title":"7.1.18 (2021/05/13)","text":"
            • [fix] Fix a bug in library list cache
            • [fix] Fix a webdav crash bug
            • [fix] Fix a library can't be synced immidiately after creating
            • [fix] disable max_sync_file_count and fs_id_list_request_timeout options by default
            • [fix] Fix office files can't be viewd with builtin office file preview (caused by incompatible JWT library version)
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7117-20210426","title":"7.1.17 (2021/04/26)","text":"
            • [fix] Fix manual file lock can't work
            • [fix] Fix webdav file range request
            • Improve OnlyOffice cache handling
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7116-20210419","title":"7.1.16 (2021/04/19)","text":"
            • [fix] Fix deleting libraries without owner in admin panel
            • Add an API to change a user's email
            • [fix] Fix a bug in storage migration script
            • [fix] Fix a bug that will cause fsck crash
            • [fix] Fix a XSS problem in notification

            Potential breaking change in Seafile Pro 7.1.16: You can set the maximum number of files contained in a library that can be synced by the Seafile client. The default is 100000. When you download a repo, Seafile client will request fs id list, and you can control the timeout period of this request through fs_id_list_request_timeout configuration, which defaults to 5 minutes. These two options are added to prevent long fs-id-list requests from overloading the server. If you have large libraries on the server, this can cause \"internal server error\" returned to the client. You have to set a large enough limit for these two options.

            [fileserver]\nmax_sync_file_count = 100000\nfs_id_list_request_timeout = 300\n
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7115-20210318","title":"7.1.15 (2021/03/18)","text":"
            • [fix] Fix sometimes uploading via API returning 400 error
            • Improve file locking handlering for OnlyOffice and Office Online integration
            • [fix] Fix sometimes traffic statistics not correct
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7114-20210226","title":"7.1.14 (2021/02/26)","text":"
            • Add importing group members via a xlsx file
            • [fix] Fix a bug in login via Shibboleth
            • [fix] Fix remote wipe
            • [fix] Fix setting a role's default quota via ADFS login
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7113-20210208","title":"7.1.13 (2021/02/08)","text":"
            • [fix] Fix file audit logs are not recorded if seaf-server restarted
            • [fix] Fix a crash bug in seaf-server
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7112-20210203","title":"7.1.12 (2021/02/03)","text":"
            • [fix] Fix listing more than 100+ users in group member management dialog
            • [fix] Fix guest invitation email sending problem
            • ccnet-server and seaf-server close database connection when there are errors
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7111-20210128","title":"7.1.11 (2021/01/28)","text":"
            • Add cache for listing libraries request from drive clients
            • Show users' last active time in admin panel
            • Library owner can unlock a file
            • Show image thumbnail in search result
            • WebDAV support range request
            • [fix] Fix WebDAV can't be used with secret when 2FA is enabled
            • [fix] Fix SSO users are not created after login when LDAP is also enabled
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7110-20200111","title":"7.1.10 (2020/01/11)","text":"
            • [fix] Fix user can't login in WebDAV via secret key after two-fa is turned on
            • [fix] Enable copy multiple folders/files in read-only libraries
            • [fix] Add back filter functions in admin file access logs
            • Enable setting work number in realtime backup
            • [fix] Fix a bug in multi-tenancy mode when transfer a library from a user to a department
            "},{"location":"changelog/changelog-for-seafile-professional-server/#719-20201202","title":"7.1.9 (2020/12/02)","text":"
            • [new] Add pagination when listing group/department members
            • [fix] Disable webdav for users that have 2fa enabled
            • [fix] Fix OnlyOffice JWT broken for public shared links / PR for fix available
            • [fix] Fix database crash will causing clients to unsync libraries
            • [fix] Fix webdav LOCK issue
            • [new, OnlyOffice] Pass user id to OnlyOffice
            • [fix] Fix check_user_quote command for LDAP users
            • [fix] Fix LIBRARY_TEMPLATES support
            • [fix] Fix Markdown print in Firefox
            • [fix] Fix a bug in OAuth
            • [fix] Remove unused rest_framework files
            • [fix] Fix a bug in getting file history
            • [new] Admin can delete pending invitations
            • [fix] Fix can not save markdown/text file for shared libraries with advanced permission control
            • [fix, multi-tenancy] Fix organization traffic stats seem to not work correctly
            • [fix, multi-tenancy] Fix orginization admin update user status error
            • [fix] Fix Affiliation-Role-Mapping not working
            "},{"location":"changelog/changelog-for-seafile-professional-server/#718-20201012","title":"7.1.8 (2020/10/12)","text":"
            • [fix] Fix user name encoding for Shibboleth SSO
            • [fix] Add back the remote wipe feature when deleting a linked devices in admin panel
            • [fix] Fix sorting problem in some tables in admin panel
            • [fix] Fix auto-reactive user when a user deleted from LDAP and then added back
            • [fix] Fix a few bugs in organization admin panel in multi-tenancy mode
            • [fix] Fix libraries unsynced in a client if database crash at the server side
            "},{"location":"changelog/changelog-for-seafile-professional-server/#717-20200828","title":"7.1.7 (2020/08/28)","text":"
            • [fix] Fix a bug in returned group library permission for SeaDrive client
            • Support pagination when listing libraries in a group
            • Update wsgidav used in WebDAV
            • Remove redundent logs in seafile.log
            • [fix] Fix \"save to...\" in share link
            • Add an option to show a user's email in sharing dialog (ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER)
            • [fix] Fix virus scan results page can't be opened in system admin panel
            "},{"location":"changelog/changelog-for-seafile-professional-server/#716-20200728","title":"7.1.6 (2020/07/28)","text":"
            • Add database connection pool to reduce database connection usage
            • [fix] Fix WebDAV error if a file is moved immediately after uploading
            • Enable generating internal links for files in an encrypted library
            "},{"location":"changelog/changelog-for-seafile-professional-server/#715-20200630","title":"7.1.5 (2020/06/30)","text":"
            • Indexing LibreOffice files in file search
            • Support setting the expire date time of a share link to a specific date time
            • GC add --id-prefix option to scan a specific range of libraries
            • fsck add an option to not check block integrity to speed up scanning
            • [fix] ccnet no longer listen on port 10001
            • [fix] Fix virus scan via upload link not work
            • [fix] Fix WebDAV failed login via WebDAV secret
            • [fix] Fix some bugs in LDAP sync
            • [fix] Fix term and condition feature
            • [fix] Fix support for institution feature
            • Other UI fixes
            "},{"location":"changelog/changelog-for-seafile-professional-server/#714-20200514","title":"7.1.4 (2020/05/14)","text":"
            • [fix] Fix listing LDAP imported users when number of users is greater than 500
            • [fix] Fix visiting folder share links with password and default path
            • Use preview-and-download as default permission when generating share links
            • Support selecting and downloading multiple files in a sharing link
            • Show share link expiration time in system admin
            • [multi-tenancy] Support sorting for users and libraries in organization admin panel
            • FUSE extension now support multiple storage backends
            • [fix] Fix file download links in public libraries
            • [fix] fix seaf-backup-cmd.sh
            • Other UI improvements and fixes
            "},{"location":"changelog/changelog-for-seafile-professional-server/#713-20200408","title":"7.1.3 (2020/04/08)","text":"
            • A library admin can see all the shared links for a library
            • Sort libraries and users in admin panel
            • Delete all the users and libraries in an organization when deleting that organization
            • [fix] Fix some bugs in multiple storage backend feature
            • Other UI fixes
            "},{"location":"changelog/changelog-for-seafile-professional-server/#711-beta-20200227","title":"7.1.1 Beta (2020/02/27)","text":"
            • Fix full text search
            • Fix office file preview in cluster mode
            "},{"location":"changelog/changelog-for-seafile-professional-server/#710-beta-20200219","title":"7.1.0 Beta (2020/02/19)","text":"
            • Rewrite the system admin pages with React
            • Upgrade to Python3
            • Add library API Token, you can now generate API tokens for a library and use them in third party programs.
            • Add a feature abuse report for reporting abuse for download links.
            • Improved guest invitation: you can now invite a guest and share a library to the guest in one step.
            "},{"location":"changelog/changelog-for-seafile-professional-server/#70","title":"7.0","text":"

            Since seafile-pro 7.0.0, we have upgraded Elasticsearch to 5.6. As Elasticsearch 5.6 relies on the Java 8 environment and can't run with root, you need to run Seafile with a non-root user and upgrade the Java version.

            Please check our document for how to upgrade to 7.0.

            "},{"location":"changelog/changelog-for-seafile-professional-server/#7019-20200907","title":"7.0.19 (2020/09/07)","text":"
            • Fix translation
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7018-20200521","title":"7.0.18 (2020/05/21)","text":"
            • Fix a bug in adding tag for files using context menu
            • Add missing translations for French language
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7017-20200428","title":"7.0.17 (2020/04/28)","text":"
            • Fix bug for EXTRA_ABOUT_DIALOG_LINKS
            • Modify the default permission to \"Download and preview\" for share links
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7016-20200401","title":"7.0.16 (2020/04/01)","text":"
            • Add progress dialog when moving files across libraries
            • Add more customization options (EXTRA_SHARE_DIALOG_NOTE, EXTRA_APP_BOTTOM_LINKS, EXTRA_ABOUT_DIALOG_LINKS)
            • [fix] Fix a bug with domain-name that contains \"file\" when previewing markdown file via share link
            • [fix] Do not show download link for a preview-only share link
            • [fix] Fix searching files in a public library for login users
            • Some UI improvements
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7015-deprecated","title":"7.0.15 (Deprecated)","text":""},{"location":"changelog/changelog-for-seafile-professional-server/#7014-20200306","title":"7.0.14 (2020/03/06)","text":"
            • [fix] Fix seaf-server crash problem when calculating library size for a corrupted library
            • [fix] Fix a bug when sending file update notice
            • Write virus scan log to file virus_scan.log
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7013-20200116","title":"7.0.13 (2020/01/16)","text":"
            • Fix Shibboleth login bug (added in 7.0.12)
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7012-20200110","title":"7.0.12 (2020/01/10)","text":"
            • Fix department support in multi-tenancy mode
            • Fix a performance problem when deleting cache files for resume file upload
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7011-20191115","title":"7.0.11 (2019/11/15)","text":"
            • set jvm.options in ElasticSearch to -Xms1g -Xmx1g
            • [fix] Fix revert library button missing in multi-tenancy mode
            • [fix] Remove redundant log OnlineOffice file lock is expired
            • [fix] Fix S3 support in multiple storage backend feature
            • [LDAP Sync] Support setting default permission for automatically created library for department
            • [LDAP Sync] Support get department name from a configured attribute
            • [fix] Fix support for Shibboleth single log out
            • [fix] Fix support for sharing a sub-folder in a department library
            "},{"location":"changelog/changelog-for-seafile-professional-server/#7010-20191022","title":"7.0.10 (2019/10/22)","text":"
            • [fix] Fix showing NaN when uploading a file with 0 size.
            • [fix] Fix email notifications for file changes not sent
            • [fix] Remove two redundant logs in seafile.log
            • [fix] Fix opening a shared library with special characters
            • [fix] Fix duplicated two-scrollbars when browsing a published library in Windows using Firefox
            • [fix] Users can now create sharing links for files with permission \"online-preview only\" and \"online-read-write\".
            • [fix] Fix links in email notification for a shared folder
            • [fix] Fix the path shown for public share links of folders
            • [fix] Fix a bug in loading a file's history
            • [fix] Fix a case when using SAML login with LDAP configured
            • [fix] Fix a bug that a broken library can't be deleted via web UI
            "},{"location":"changelog/changelog-for-seafile-professional-server/#709-20190920","title":"7.0.9 (2019/09/20)","text":"
            • [fix] Add institution admin back
            • [fix] Fix '\\n' in system wide notification will lead to blank page
            • [fix] Remove all metadata in docx template
            • [fix] Fix redirection after login
            • [fix] Fix group order is not alphabetic
            • [fix] Fix download button in sharing link
            • Mobile UI Improvement (Now all major pages can be used in Mobile smoothly)
            "},{"location":"changelog/changelog-for-seafile-professional-server/#708-20190826","title":"7.0.8 (2019/08/26)","text":"
            • Inviter can cancel invitation after the user has accepted the invitation. The user will be set as inactive.
            • Improve organization admin panel in multi-tenancy mode
            • Add notification when a user try to leave a page during file transfer
            • Add UI waiting notification when resetting a user's password in admin panel
            • Add generating internal link (smart-link) for folders
            • Add command line tool for admin to export reports
            • [fix] Fix file drag and drop in IE and Firefox
            • [fix] Add back the feature of letting user to select storage backend
            • Improve UI for file uploading, support re-upload after error
            • [fix] Fix devices login via Shibboleth not show in devices list
            • [fix] Fix support of OnlyOffice force-save option
            • [fix] Fix zip download when user selecting a long list of files
            • Other UI fixes
            "},{"location":"changelog/changelog-for-seafile-professional-server/#707-20190729","title":"7.0.7 (2019/07/29)","text":"
            • [fix] Fix a bug in multiple storage backend support
            • Fix avatar problem when deployed under non-root domain
            • Add get internal link in share dialog
            • Fix newly created DOCX files are not empty and have a Chinese font set as default font
            • Fix system does not send email to new user when adding new user in system admin
            • Fix thumbnail for TIFF files
            • Fix direct download link for sharing links
            • Fix report in statictics module has no file extension when downloading in Firefox
            • Fix \"Preview-only\" share link
            • Fix file comment
            • Other UI fixes
            "},{"location":"changelog/changelog-for-seafile-professional-server/#706-20190722","title":"7.0.6 (2019/07/22)","text":"
            • [fix] Fix a memcache bug when using S3 backend
            "},{"location":"changelog/changelog-for-seafile-professional-server/#705-20190716","title":"7.0.5 (2019/07/16)","text":"
            • [fix] Fix Zip download multiple files
            • [fix] Fix a bug in \"System Admin -> Logs -> File Update -> details\"
            • [fix] Fix there is an extra history item for newly created docs/pptx
            • [fix] Fix a bug in traffic statistics
            • [fix] Fix file modification report email are not sent out
            • Support show department libraries in fuse
            • Add expiring date for upload link
            • Add search feature in pubished libraries for anonymous users
            "},{"location":"changelog/changelog-for-seafile-professional-server/#704-20190705","title":"7.0.4 (2019/07/05)","text":"
            • UI Improvement and fixes
            • Fix file upload button with Safari, IE edge
            • Support setting history and cleaning trash for department libraries
            • Fix compatibility with \"Open library in web\" from the old version desktop client
            • Support \".\" in group name
            • Add back \"can edit\" permission for sharing links for office file
            • Add back \"send link\" for upload links
            • Add back grid view for folder sharing links
            • Support creating encrypted libraries for department libraries
            • Fix preview for PSD, TIFF files
            • Fix deleting of favorate items when they are shared items but the sharing are revoked
            • Fix avatar broken problem when using a non-stardard port
            • Fix resumable file uploading
            "},{"location":"changelog/changelog-for-seafile-professional-server/#703-20190613","title":"7.0.3 (2019/06/13)","text":"
            • UI fixes
            • Support index.md in published library
            • Add sub-folder permission for deparment libraries
            • Enable new file history by default
            • Make published library feature turned on by default
            • Fix IE Edge support
            • Fix LDAP group sync
            "},{"location":"changelog/changelog-for-seafile-professional-server/#702-beta-20190517","title":"7.0.2 beta (2019/05/17)","text":"
            • UI fixes
            • Support using different salt for each encrypted libraries
            • Add back sub-folder permission feature
            • Improved user's settings page and file search page
            • Support transfer personal library to department
            • Add pubishing library to role permission
            • [wopi] Pass last modified time to WOPI
            • Improve image resizing in Markdown
            "},{"location":"changelog/changelog-for-seafile-professional-server/#701-beta-20190418","title":"7.0.1 beta (2019/04/18)","text":"
            • Improved Markdown editor
            • Add columns view mode (Wiki view mode)
            • Add context menu
            • Realtime search
            • Support search libraries
            • Record file history to database for Markdown, Text and Docx, xlsx, pptx files
            • Redesigned activities page
            • Add preview-edit-on-cloud, preview-on-cloud permissions
            • Redesigned file tags
            • Support editing share link permission after creating a link
            "},{"location":"changelog/changelog-for-seafile-professional-server/#63","title":"6.3","text":"

            In version 6.3, Django is upgraded to version 1.11. Django 1.8, which is used in version 6.2, is deprecated in 2018 April.

            With this upgrade, the fast-cgi mode is no longer supported. You need to config Seafile behind Nginx/Apache in WSGI mode.

            The way to run Seahub in another port is also changed. You need to modify the configuration file conf/gunicorn.conf instead of running ./seahub.sh start <another-port>.

            Version 6.3 also changed the database table for file comments, if you have used this feature, you need migrate old file comments using the following commends after upgrading to 6.3:

            ./seahub.sh python-env seahub/manage.py migrate_file_comment\n

            Note, this command should be run while Seafile server is running.

            Version 6.3 changed '/shib-login' to '/sso'. If you use Shibboleth, you need to to update your Apache/Nginx config. Please check the updated document: shibboleth config v6.3

            Version 6.3 add a new option for file search (seafevents.conf):

            [INDEX FILES]\n...\nhighlight = fvh\n...\n

            This option will make search speed improved significantly (10x) when the search result contains large pdf/doc files. But you need to rebuild search index if you want to add this option.

            "},{"location":"changelog/changelog-for-seafile-professional-server/#6314-20190521","title":"6.3.14 (2019/05/21)","text":"
            • [fix] Fix a bug in LDAP group sync
            "},{"location":"changelog/changelog-for-seafile-professional-server/#6313-20190320","title":"6.3.13 (2019/03/20)","text":"
            • [fix] Fix some bugs in accessing S3 for some special configurations
            • [fix] Fix OnlyOffice integration when OnlyOffice using invalid CA
            • [fix] Fix sometimes users can't login into WebDAV
            • [fix] Fix a crash bug in realtime backup server
            • [fix] Fix the last modified time is not updated for shared sub-folders
            • [fix] Keep last modified time when moving or copying files from on library to another
            • [fix] Fix can't sync a sub-folder of a shared sub-folder
            • [fix] Fix URL in email notification for sub-folder shared event
            "},{"location":"changelog/changelog-for-seafile-professional-server/#6312-20190221","title":"6.3.12 (2019/02/21)","text":"
            • [fix] Fix using WebDAV with Single Sign On
            • [fix] Fix a bug in importing users via excel file
            • Redirect users to home page after setting up 2FA
            • [fix] Fix can't send email when non-ascii symbols in filename in virus scan
            • [fix] Fix a bug in syncing LDAP when a user belong to multiple groups
            • Add slow log for accessing object storage for debugging purpose
            • [fix] Fix a SQL bug in multi-tenancy mode
            • Set the chunk size to 8MB during uploading files via chunk to speed up file transfer
            "},{"location":"changelog/changelog-for-seafile-professional-server/#6311-20190115","title":"6.3.11 (2019/01/15)","text":"
            • [fix] Fix support for two-factor authentication using SMS
            • [fix] Fix support for traffic statistics
            • [fix] Improve performance for getting group library list
            • [fix] Fix file access audit log
            • Remove file count and size count for directories as it will lead to performance problem
            "},{"location":"changelog/changelog-for-seafile-professional-server/#6310-20190102","title":"6.3.10 (2019/01/02)","text":"
            • [fix] Fix folder upload problem
            • [fix] Fix file audit page can't be load
            • [fix] Fix MIME type for .xls
            • Add RPC slow log
            • Add admin API for manage organizations in multi-tenancy mode
            • Add warning when close page during file uploading
            "},{"location":"changelog/changelog-for-seafile-professional-server/#639-20181213","title":"6.3.9 (2018/12/13)","text":"
            • Fix a seaf-server crash problem
            "},{"location":"changelog/changelog-for-seafile-professional-server/#638-20181210","title":"6.3.8 (2018/12/10)","text":"
            • Improve online PDF view for large PDF files (In the old version, a large PDF file consumes a lot of memory)
            • Admin can force a user to use two-factor authentication
            • Improve performance of upgdating a library's size and file numbers
            • Don't print a lot of \"Repo size compute queue is 0\"
            • Enable using WebDAV with Single Sign On (A new option ENABLE_WEBDAV_SECRET)
            • Enable login to WebDAV via contact email
            • [fix] A shared empty folder name will be updated if the folder's name is changed
            • Support preview for PSD and AI files
            • [fix] Fix license information display problem
            • [fix] Fix video preview for shared link on mobile browsers
            • Redirect old wiki URL to new wiki URL
            • Hide save as button for files viewed by Office Online Server
            • When a library be transfer to another user, don't clear the syncing tokens
            • Support syncing both department and groups at the same time in LDAP sync (deprecating old config options for department sync)
            • Set default quota for department synced from LDAP
            • Allow more independent LDAP configurations for multi-LDAP server sync
            • [fix] Fix problems when downloading large list of files via Zip download
            • [fix] Fix a performance problem when get the list of all groups
            • [fix] Can change history settings for library in admin area even if the change of history settings is disable for normal users
            • Make multi-threads mode as default for Seahub
            "},{"location":"changelog/changelog-for-seafile-professional-server/#637-20181016","title":"6.3.7 (2018/10/16)","text":"
            • [fix] Fix a bug of lock by online office
            • Anyone that can write a file can unlock the file if it is locked by online office
            • [fix] Fix a bug in sending mails in background node
            • [fix] Remove forcesave option in OnlyOffice since it have a bug
            • [fix] Fix a bug that wiki page can't be loaded
            • Add traffic statistics
            • [fix] Remove unnecessary logs in virus scan
            "},{"location":"changelog/changelog-for-seafile-professional-server/#636-20180921","title":"6.3.6 (2018/09/21)","text":"
            • [fix] Fix a bug in user defined role
            • [fix] Editable share link can be edited by anonymous user
            "},{"location":"changelog/changelog-for-seafile-professional-server/#635-20180918","title":"6.3.5 (2018/09/18)","text":"
            • [fix, security] Fix a security issue in Shibboleth authentication
            • [fix] Fix sometimes Web UI will not autoload a >100 item directory view
            • [fix] Fix sending notification emails in backend node
            • Showing user's name instead of email in web interface
            • [fix] Fix desktop client can't login if using ADFS

            New features

            • Add a new sharing link permission \"can edit\" for docx/excel. Any login users can edit the file via share link.
            • [multi-tenancy] Support department and department owned library
            • Add system traffic statistics (showing the daily web download/web upload/sync traffic)
            "},{"location":"changelog/changelog-for-seafile-professional-server/#634-20180816","title":"6.3.4 (2018/08/16)","text":"
            • [fix] Fix a bug in creating group-owned library
            "},{"location":"changelog/changelog-for-seafile-professional-server/#633-20180815","title":"6.3.3 (2018/08/15)","text":"
            • [fix] Fix some bugs in sharing group-owned libraries
            • [fix] Fix a bug in setting folder permission
            • Update Django to 1.11.11
            • Support login via contact email
            • Support sharing a sub-folder in a group-owned library
            "},{"location":"changelog/changelog-for-seafile-professional-server/#632-20180730","title":"6.3.2 (2018/07/30)","text":"
            • [fix] Fix sometimes get group listing will cause ccnet-server crash
            • [fix] Fix built in office file preview can't works
            • Redirect '/shib-login' to '/sso'
            • Other small fixes
            "},{"location":"changelog/changelog-for-seafile-professional-server/#631-20180725","title":"6.3.1 (2018/07/25)","text":"
            • Add generating of internal links
            • Lock office files when editing via online office suite
            • Support setting organization quota, delete an organization via Web API
            • Support Swift storage backend Identity v3.0 API
            • Improve markdown editor
            • Several fixes
            "},{"location":"changelog/changelog-for-seafile-professional-server/#630-beta-20180628","title":"6.3.0 Beta (2018/06/28)","text":"
            • Support nested group and group-owned libraries
            • Keep sharing link when file or folder moved or renamed
            • Update Django to 1.11, remove fast-cgi support
            • Update jQuery to version 3.3.1
            • Update pdf.js, use pdf.js for preview pdf files
            • Docx files are converted to PDFs and preview via pdf.js in builtin preview
            • Support multiple storage backend to be used in a single server
            • [fix] Fix some bugs with OnlyOffice and CollaboraOffice
            • [fix] Use mobile version of OnlyOffice if viewed via mobile devices
            • Shared sub-folders can be searched
            • Show terms and condition link if terms and condition is enabled
            • Remove login log after delete a user
            • [admin] Support customize site title, site name, CSS via Web UI
            • [fix] Fix a bug that causing seaf-fsck crash
            • [fix] Cancel Zip download task at the server side when user close zip download dialog
            • [fix] Fix crash when seaf-fsck, seaf-gc receive wrong arguments
            • [fix] Fix a few bugs in realtime backup server
            • [beta] Wiki, users can create public wikis
            • Some other UI improvements
            "},{"location":"changelog/changelog-for-seafile-professional-server/#62","title":"6.2","text":"

            From 6.2, It is recommended to use proxy mode for communication between Seahub and Nginx/Apache. Two steps are needed if you'd like to switch to WSGI mode:

            1. Change the config file of Nginx/Apache.
            2. Restart Seahub with ./seahub.sh start instead of ./seahub.sh start-fastcgi

            The configuration of Nginx is as following:

            location / {\n         proxy_pass         http://127.0.0.1:8000;\n         proxy_set_header   Host $host;\n         proxy_set_header   X-Real-IP $remote_addr;\n         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n         proxy_set_header   X-Forwarded-Host $server_name;\n         proxy_read_timeout  1200s;\n\n         # used for view/edit office file via Office Online Server\n         client_max_body_size 0;\n\n         access_log      /var/log/nginx/seahub.access.log;\n         error_log       /var/log/nginx/seahub.error.log;\n    }\n

            The configuration of Apache is as following:

                # seahub\n    SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n    ProxyPass / http://127.0.0.1:8000/\n    ProxyPassReverse / http://127.0.0.1:8000/\n
            "},{"location":"changelog/changelog-for-seafile-professional-server/#6213-2018518","title":"6.2.13 (2018.5.18)","text":"
            • [new] Support only return files or folders when search file via api.
            • [fix] Fix notification display behavior bug on some page.
            • [fix] Recreate folder when failed because of file already exists error for the first time.
            • [fix] Fix bug of saving file via onlyoffice.
            • [fix] Fix bug when set user\u2019s reference id to \u2018\u2019 via admin api.
            • [fix] Fix bug of group info page display in organization admin panel.
            • [improve] Disable full email search if current user is a guest user.
            • [improve] Return library type when search file via api.
            • [improve] Add user auth info to cookie when login via OAuth.
            • [improve] Return timestamp instead of time string when get user clean up library trash event via api.
            • [improve] Check quota when copy/move file/folder.
            • [improve] Distinguish file or folder when send library/folder share notice/email.
            • [improve] Sort by parent folder\u2019s name when get file/folder recursively.
            • [improve] Remove unused Python imports in ADFS module.
            • [improve] Optimizate library udpate event.
            • [improve] Remove seahub gunicorn access log.
            "},{"location":"changelog/changelog-for-seafile-professional-server/#6212-2018420","title":"6.2.12 (2018.4.20)","text":"
            • [fix] Fix a bug in seafevents
            "},{"location":"changelog/changelog-for-seafile-professional-server/#6211-2018419","title":"6.2.11 (2018.4.19)","text":"
            • Update multi storage backend feature, add STORAGE_CLASS_MAPPING_POLICY setting.
            • [fix] Fix bug when search file by path.
            • [fix] A user that can't create a library can sync a sub-folder of a library now.
            • Add title when view file via OOS.
            • Check if enable LIBRARY_TEMPLATES feature when creating library.
            • [api] Enable return all files recursively under a folder.
            • Preserve share links when admin transfer a library from a user to another user.
            • Add setting to disable user change password.
            • Add setting to disable group dissussion.
            • Add setting to disable file comment.
            • Restart both ccnet-server and seaf-server if seaf-server is down.
            • Fix a bug that some cases elasticsearch be started repeatly.
            • Don\u2019t start seafile if failed to mount http-temp dir.
            • Don\u2019t deactive user if failed to get users from ldap server.
            • [fix] Fix online preview can't work in background node caused by wrong Python path.
            "},{"location":"changelog/changelog-for-seafile-professional-server/#6210-2018320","title":"6.2.10 (2018.3.20)","text":"
            • Improve performance of file search
            • [fix] Fix a bug in daily active user statistics
            • [fix] Fix copy files larger than 2GB via seaf-fuse
            • Show 403 error when visit share link if share link creator no longer has access permission to library.
            • [api] Add api for uploading file via upload share link.
            • [api] Support search file/folder in a specific library and folder via api.
            • [fix] Fix bug in folder renaming operation list on activities page.
            • [fix] Fix bug when creating personal/group wiki.
            • [fix] Fix bug when searching specific extension file.
            • [fix] Fix a bug in Two-Factor Authentication.
            • [fix] Fix bug when getting encrypted library history.
            • [fix] Fix UI bug of \"New Library\" and \"More\" buttons.
            • [fix] Fix bug of using truncated image file as avatar.
            • Change value of per_page parameter to 10 when search file via api.
            • Support indexing files in background after file uploading via API
            • Add user clean library trash event to activities
            • Use inner fileserver url to save file when edit office via OOS.
            "},{"location":"changelog/changelog-for-seafile-professional-server/#629-20180210","title":"6.2.9 (2018.02.10)","text":"
            • [fix] Support setting region for Swift backend
            • [fix] Notify the admin when an invited people registered
            • [new, api] Add API for cleaning trash
            • [fix, api] Fix permission check in search API
            • [fix] Remove redundant warning message in seahub.log
            • [fix] Add API for upload files via upload link
            • [fix] Fix inconsistency in showing user's space usage in multi-tenancy mode
            • [new] Add online preview for SVG files
            "},{"location":"changelog/changelog-for-seafile-professional-server/#628-20180202","title":"6.2.8 (2018.02.02)","text":"
            • [fix] Fix command pro/pro.py --test
            • All logs that went to seahub_django_request.log go to seahub.log
            • Print gunicorn error to runtime/error.log
            • [fix] Don't allow to generate share links via API for encrypted libraries
            • [new] Support online preview for tiff and eps files
            • [new, api] Add api to allow admin to copy files between libraries
            • [new] Allow system admin to share a library as \"admin\" to another user in admin panel
            • Other UI fixes and improvements
            "},{"location":"changelog/changelog-for-seafile-professional-server/#627-20180122","title":"6.2.7 (2018.01.22)","text":"
            • [fix, important] Fix a performance bug in search index
            • [fix, important] Fix a memory leak in listing folder with locked files
            • [fix] Fix creating of demo account
            • [new] Notify the inviter when a guest register
            • [new] Add the feature \"remember this device\" after two-factor authentication
            • [new] Don't allow to move, delete or rename a file when a file is locked
            • [new] Add option to notify the admin after new user registration (NOTIFY_ADMIN_AFTER_REGISTRATION)
            • [new, ui] Support inviting multiple guests at once
            • [new] Support customize the list of groups that a user can see when sharing a library
            • [new, api] Support search files in my libraries, shared libraries, shared to all libraries
            • [fix] Fix OAuth bug
            • [fix] Fix a bug that file preview can't work in Debian 9
            • [fix, multi-tenancy] Fix permission of a shared sub-folder can't be changed
            • [fix] Fix a bug in modify permission for a shared sub-folder
            • [fix] Improve performance in checking folder permission and file lock
            • [fix] Improve the performance of returning a user's all group libraries
            • [fix] Fix support for uploading 500+ files via web interface (caused by API rate throttle)
            • [fix] Fix API get_shared_repo_by_path()
            • [fix] Add more log when failed to zip a file
            • Don't use memcache when read object in the Python part
            • Update license file check
            • [multi-tenancy, api] Return origin_repo_name when listing libraries
            • Add cancel zip download API
            • [fix] Fix some configuration bugs in seafevents module
            "},{"location":"changelog/changelog-for-seafile-professional-server/#625-626-deprecated","title":"6.2.5, 6.2.6 (deprecated)","text":""},{"location":"changelog/changelog-for-seafile-professional-server/#624-20171220","title":"6.2.4 (2017.12.20)","text":"
            • [fix] Fix a bug in file search index clearing command
            "},{"location":"changelog/changelog-for-seafile-professional-server/#623-20171219","title":"6.2.3 (2017.12.19)","text":"
            • [fix] Fix a bug in file search indexing.
            • [fix, admin] Fix a bug of statistic module in a cluster.
            • [new, admin] Support search share link.
            • [improve, ui] Add transition to show/hide of feedback messages.
            • Other small UI improvements.
            "},{"location":"changelog/changelog-for-seafile-professional-server/#622-20171212","title":"6.2.2 (2017.12.12)","text":"
            • [improve] Improve performance of file history page.
            • [improve] show be shared folders when copy/move file/folder to \u201cOther Libraries\u201d.
            • [improve] Remove the white edge of webpage when previewing file via OnlyOffice.
            • [improve] Show two file history records at least.
            • [multi-tenancy] fix bug when listing libraries/folders shared to group.
            • [multi-tenancy] fix bug when deleting an organization.
            • [fix] fix bug when previewing excel file with \u201c&\u201d character in its name.
            • [fix] Don\u2019t check if user exists when deleting a group memeber in admin panel.
            • [oauth] Don\u2019t overwrite public registration settings when login an unexisted user.
            • [audit] Recording file access/update log when preview/edit a file via OnlyOffice.
            "},{"location":"changelog/changelog-for-seafile-professional-server/#621-beta-20171122","title":"6.2.1 beta (2017.11.22)","text":"
            • [new] Support OAuth.
            • [new] Support Swift v1 protocol.
            • [new, admin] Add option to turn on statistic module
            • [new] Enable publish library update events to message queue (like Redis)
            • [improve, ui] Add \"click to select\" feature for download/upload links.
            • [improve, ui] improved accessibility for some form elements, such as login inputs, and etc.
            • [improve, api] Add repo_owner field to library search web api.
            • [improve, admin] Show/edit contact email in admin panel.
            • [improve, admin] Show upload links in admin panel.
            • [improve, admin] Improve license display.
            • [improve, admin] Share with admin permission recorded in audit log.
            • [improve, admin] Add permission audit log when remove library from group.
            • [improve, search] Set timeout for extracting contents from doc/pdf.
            • [improve, search] Search indexing no longer depend on Seafile service. It reads information from database directly.
            • [fix] Fix Shibboleth login redirection issue, see https://forum.seafile.com/t/shared-links-via-shibboleth/4067/19
            • [fix] In some case failed to unshare a folder.
            • [fix] LDAP search issue.
            • [fix] Fix Safari downloaded file names are encoded like 'test-%2F%4B.doc' if it contains special characters.
            • [fix] Disable client encrypt library creation when creating encrypt library is disabled on server.
            • [fix] Failed to get snapshot labels when libraries are deleted.
            "},{"location":"changelog/changelog-for-seafile-professional-server/#620-beta-20171016","title":"6.2.0 beta (2017.10.16)","text":"
            • Add report charts for daily active users, daily file operations, and usage space
            • Add \"admin\" permision when sharing a library to another user/group
            • Redesign login page, adding a background image.
            • Clean the list of languages
            • Add the ability of tagging a snapshot of a library (Use ENABLE_REPO_SNAPSHOT_LABEL = True to turn the feature on)
            • [admin] Add an option to enable users to share a library to any groups in the system.
            • Use WSGI as the default mode for deploying Seahub.
            • Add a field Reference ID to support changing users primary ID in Shibboleth or LDAP
            • Improved performance of loading library list
            • Use multi-threads in search indexing
            • [fix] Fix a bug when indexing a PDF larger than 10MB
            • Support adding a custom user search function (https://github.com/haiwen/seafile-docs/commit/115f5d85cdab7dc272da81bcc8e8c9b91d85506e)
            • Other small UI improvements
            • [fix] Fix ADFS support
            "},{"location":"changelog/changelog-for-seafile-professional-server/#61","title":"6.1","text":"

            You can follow the document on minor upgrade.

            "},{"location":"changelog/changelog-for-seafile-professional-server/#619-20170928","title":"6.1.9 \uff082017.09.28\uff09","text":"
            • [fix] Fix some bugs in realtime backup server
            • Add option to set up Seafile HTTP server thread number
            • [fix] Fix create new file API when create a file with a same name with exist file
            • [fix] Fix a bug in permission check in file syncing
            • Add more detailed log information when permission check error
            • [fix] Add log to the size of queue of library size calculation
            • [fix] Use customized logo when sending email notifications
            "},{"location":"changelog/changelog-for-seafile-professional-server/#618-20170818","title":"6.1.8 (2017.08.18)","text":"
            • [fix] Fix license checking
            "},{"location":"changelog/changelog-for-seafile-professional-server/#617-20170817","title":"6.1.7 (2017.08.17)","text":"
            • [fix] Fix a bug when concurrent uploading/creating files (in the old version, when a user uploading/deleting multiple files in cloud file browser, it had a high chance to get \u201cinternal server error\u201d message)
            • [fix] Fix thumbnails for some images that 90 degrees rotated
            • [fix] Fix support for resumable file upload
            • [fix] Fix MySQL connection pool in Ccnet
            • [fix] Use original GIF file when view GIF files
            • [fix, api] Check if name is valid when creating folder/file
            • Remove deleted libraries in search index
            • Use 30MB as the default value of THUMBNAIL_IMAGE_SIZE_LIMIT
            • [api] Improve performance when move or copy multiple files/folders
            • [admin] Support syncing user role from AD/LDAP attribute (ldap role sync)
            • [admin] Support deleting all outdated invitations at once
            • [admin] Improve access log
            • [admin] Support upload seafile-license.txt via web interface (only for single machine deployment)
            • [admin] Admin can cancel two-factor authentication of a user
            • [admin, role] Show user\u2019s role in LDAP(Imported) table
            • [admin, role] Add wildcard support in role mapping for Shibboleth login
            • [admin] Improve performance in getting total file number, used space and total number of devices
            • [admin] Admin can add users to an institution via Web UI
            • [admin] Admin can choose a user\u2019s role when creating a user
            "},{"location":"changelog/changelog-for-seafile-professional-server/#614-20170711","title":"6.1.4 (2017.07.11)","text":"
            • [api] Improve performance of getting unread notifications.
            • Delete deleted libraries in search index
            • Use user's languange as lang setting for OnlyOffice
            "},{"location":"changelog/changelog-for-seafile-professional-server/#613-20170706","title":"6.1.3 (2017.07.06)","text":"
            • Add context menu \"details\" to libraries and folders, so you can get how many files in a library or a folder.
            • Improve search result accuracy
            • [fix] Fix a bug in zip downloading an empty folder
            • Improve performance of multiple file copy and move
            • Admin can delete out-dated guest invitations
            • [fix] Fix a bug in seafile-gc \"dry run\" option
            • Users can restore deleted libraries by their own
            • Change default block size for files uploaded via web browser to 8MB.
            "},{"location":"changelog/changelog-for-seafile-professional-server/#612-deprecated","title":"6.1.2 (deprecated)","text":""},{"location":"changelog/changelog-for-seafile-professional-server/#611-20170619","title":"6.1.1 (2017.06.19)","text":"
            • Add \"online preview only\" option to share links
            • Enable setting favicon and logo via admin panel
            "},{"location":"changelog/changelog-for-seafile-professional-server/#610-beta-20170606","title":"6.1.0 beta (2017.06.06)","text":"

            Web UI Improvement:

            1. Add thumbnail for video files (turn off by default)
            2. Improved image file view, using thumbnail to view pictures
            3. Move items by drap & drop
            4. Add create docx/xlsx/pptx in web interface
            5. Add OnlyOffice integration
            6. Show which client modify a file in history, this will help to find which client accidentally modified a file or deleted a file.

            Improvement for admins:

            1. Admin can set default quota for each role
            2. Admin can set user\u2019s quote, delete users in bulk in admin panel
            3. Support using admin panel in mobile platform
            4. Add translation for settings page
            5. Add admin operation logs
            6. Admin can change users' login_id in web interface
            7. Admin can create libraries in admin panel
            8. Admin can set logo and favicon in admin panel

            System changes:

            1. Remove wiki by default (to turn it on, set ENABLE_WIKI = True in seahub_settings.py)
            2. Upgrade Django to 1.8.18
            3. Clean Ajax API
            4. Increase share link token length to 20 characters
            5. Upgrade jstree to latest version
            6. Update ElasticSearch to 2.4.5
            "},{"location":"changelog/changelog-for-seafile-professional-server/#60","title":"6.0","text":"

            You can follow the document on minor upgrade.

            Special note for upgrading a cluster:

            In version 6.0, the folder download mechanism has been updated. This requires that, in a cluster deployment, seafile-data/httptemp folder must be in an NFS share. You can make this folder a symlink to the NFS share.

            cd /data/haiwen/\nln -s /nfs-share/seafile-httptemp seafile-data/httptemp\n

            The httptemp folder only contains temp files for downloading/uploading file on web UI. So there is no reliability requirement for the NFS share. You can export it from any node in the cluster.

            "},{"location":"changelog/changelog-for-seafile-professional-server/#6013-20170508","title":"6.0.13 (2017.05.08)","text":"
            • [fix] Fix in file moving/copying dialog, self-owned libraries are not listed
            • [fix] Fix files in self-owned libraries are not listed when searching files in all libraries
            • Update timestamp in about dialog
            "},{"location":"changelog/changelog-for-seafile-professional-server/#6012-20170417","title":"6.0.12 (2017.04.17)","text":"
            • Improve performance when checking group shared library permission
            • [fix] Fix image popup in favourite page
            • [fix] Fix generating sharing link with expiring time in file detailed view page
            • [fix] Don't allow to create library with '/' in name
            • [fix] Fix two-factor authentication
            • Add script to migrate between different storage backend
            "},{"location":"changelog/changelog-for-seafile-professional-server/#6011-deprecated","title":"6.0.11 (Deprecated)","text":""},{"location":"changelog/changelog-for-seafile-professional-server/#6010-20170407","title":"6.0.10 (2017.04.07)","text":"
            • [fix] Fix a bug in listing libraries in admin panel
            "},{"location":"changelog/changelog-for-seafile-professional-server/#609-20170401","title":"6.0.9 (2017.04.01)","text":"
            • Show user' name instead of user's email in notifications sent out by email
            • Add config items for setting favicon, disable wiki feature
            • Add css id to easily hide user password reset and delete account button
            • [fix] Fix UI bug in restoring a file from snapshot
            • [fix] Fix after renaming a file, the old versions before file rename can't be downloaded
            • [security] Fix XSS problem of the \"go back\" button in history page and snapshot view page
            • [fix] Fix crash problem of seaf-import
            • Add API to create/delete/modify an account in Org
            • [ad/ldap sync] Support import posix group
            • [fix] Fix Office Web App co-authoring problems when opening file in a shared sub-folder
            • [fix] Fix \"IE 9 not supported\" popup message not showing
            "},{"location":"changelog/changelog-for-seafile-professional-server/#608-20170223","title":"6.0.8 (2017.02.23)","text":"

            Improvement for admin

            • Admin can add/delete group members
            • Admin can create group in admin panel
            • Force users to change password if imported via csv
            • Support set user's quota, name when import user via csv
            • Set user's quota in user list page
            • Add search group by group name
            • Use ajax when deleting a user's library in admin panel
            • Support logrotate for controller.log
            • Add a log when a user can't be find in LDAP during login, so that the system admin can know whether it is caused by password error or the user can't be find
            • Delete shared libraries information when deleting a user
            • Add admin API to create default library for a user
            • [ldap-sync] Support syncing users from AD/LDAP as inactive user

            Other

            • [fix] Fix user search when global address book is disabled in CLOUD_MODE
            • [fix] Avoid timeout in some cases when showing a library trash
            • Show \"the account is inactive\" when an inactive account try to login
            • [security] Remove viewer.js to show open document files (ods, odt) because viewer.js is not actively maintained and may have potential security bugs
            • [fix] Exclude virtual libraries from storage size statistics
            • [fix] Fix mysql gone away problem in seafevents
            • Add region config option for Swift storage backend
            • [anti-virus] Send notification to the library owner if a virus is found
            "},{"location":"changelog/changelog-for-seafile-professional-server/#607-20170118","title":"6.0.7 (2017.01.18)","text":"
            • Set users role from Shibboleth affiliation attribute (shibboleth config, search \"Affiliation and user role\")
            • [fix] Uploading files with special names lets seaf-server crash
            • [fix] Fix reading database connection pool setting from ccnet.conf and seafile.conf
            • [fix] Fix total storage integer overflow, which is shown at the info page of admin panel)
            • [fix] Fix the password reset email gets send to the primary account email instead of the contact email of the profile.
            • [fix] Do not check path existence when delete user/group folder permission
            • Support ADFS
            • [fix] Invitation email subject does not get translated
            "},{"location":"changelog/changelog-for-seafile-professional-server/#606-20170111","title":"6.0.6 (2017.01.11)","text":"
            • Guest invitation: Prevent the same address can be invited multiple times by the same inviter and by multiple inviters
            • Guest invitation: Add an regex to prevent certain email addresses be invited (see roles permissions)
            • Office online: support co-authoring
            • Admin can set users' department and name when creating users
            • Show total number of files and storage in admin info page
            • Show total number of devices and recently connected devices in admin info page
            • Delete shared libraries information when deleting a user
            • Upgrade Django to 1.8.17
            • Admin can create group in admin panel
            • [fix] Fix quota check: users can't upload a file if the quota will be exceeded after uploading the file
            • [fix] Fix quota check when copy file from one library to another
            • Add # -*- coding: utf-8 -*- to seahub_settings.py, so that admin can use non-ascii characters in the file.
            • [fix] Prevent admin from access group's wiki
            • [fix] Prevent transfering libraries to guest account
            • [fix] Prevent guest accout to create share link via API v2
            • Add a log when a user can't be find in LDAP during login, so that the system admin can know whether it is caused by password error or the user can't be find
            • Ingore white space character in the end of lines in ccnet.conf
            "},{"location":"changelog/changelog-for-seafile-professional-server/#605-20161219","title":"6.0.5 (2016.12.19)","text":"
            • [fix] Fix generating of password protected link in file view page
            • [fix] Fix .jpg/.JPG image display in IE10
            • Export quota usage in export Excel in user list admin page
            • [fix] Fix admin can't delete broken libraries
            • Add \"back to previous page\" link in trash page, history page
            • [fix] Fix file encoding for text file editing online
            • [fix] Don't show operation buttons for broken libraries in normal users page
            • [fix] Support both [Audit] and [AUDIT] in seafevent.conf
            • [fix] Support utf-8 characters in filename when preview in MSOffice WebApp
            • Support Collabora Online 2.0
            "},{"location":"changelog/changelog-for-seafile-professional-server/#604-20161129","title":"6.0.4 (2016.11.29)","text":"
            • [fix] Fix list_inner_pub_repos error in cloud mode
            • [fix] Improve logo show in About dialog
            • [fix] Fix file/folder upload in Firefox 50
            • [fix] Fix groups not shown in admin panel when there are more than 100 groups
            "},{"location":"changelog/changelog-for-seafile-professional-server/#603-20161117","title":"6.0.3 (2016.11.17)","text":"
            • [fix] Fix the shared folder link in the notification message when a user share a folder to another user
            • [fix] Update Django version from 1.8.10 to 1.8.16
            • [fix] Fix the shared folder name is not changed after removing the old share, renaming the folder and re-sharing the folder
            • [fix] Fix sub-folder accidentially show the files in parent folder when the parent folder contains more than 100 files
            • [fix] Fix image preview navigation when there are more than 100 entries in a folder
            • [fix] Fix jpeg image display in IE10
            • [fix] Fix bug when admin searching unexisting user
            • Add support for online view of mov video files
            • Make web access token expiring time configurable
            • Add an option on server to control block size for web upload files
            • [fix] Failed to cache (set/get) WOPI_ACCESS_TOKEN_EXPIRATION due to memcached key length limit
            • [fix] Not allow user to set the permissions onto unshared folder. Because it is useless.
            • [fix] Fix condition check when display share icon for guest user
            • Support full-text search and audit log by default
            • [fix] Fix permission dialog bug when the corresponding user/group deleted
            "},{"location":"changelog/changelog-for-seafile-professional-server/#602-20161020","title":"6.0.2 (2016.10.20)","text":"
            • [fix] Virus scan fails when the keystone token has expired https://github.com/haiwen/seafile/issues/1737
            • [fix] If you share a sub-folder to a group, the sub-folder will appear as a library in that group page. Don't show \"permission\" menu item for such a shared sub-folder on the group page, because setting permissions on this shared sub-folder not work. The user should set permissions on the original library directly.
            • [fix] Fix API for uploading file by blocks (Used by iOS client when uploading a large file)
            • [fix] Fix a database connection problem in ccnet-server
            • [fix] Fix moved files are still present in local folder until refresh
            • [fix] Fix admin panel can't show deleted libraries
            "},{"location":"changelog/changelog-for-seafile-professional-server/#601-beta","title":"6.0.1 beta","text":"
            • Enable create a library from a template
            • Enable office preview by default in installation script
            • [fix] Fix not able to move files via WebDAV interface
            • Check whether the quota will exceed before saving the uploaded file to Seafile via Web UI or API
            • [fix] Fix owner can't restore a deleted file or folder in snapshot
            • [fix] Fix UI of personal profile page
            • [fix] Fix in some cases mobile devices can't be unlinked
            • [fix] Fix connection problem for the latest MariaDB in initialisation script
            • Make maxNumberOfFiles configurable
            • [fix] Remember the sorting of libraries
            • Add Finnish translation
            • Video + audio no longer be limited by max preview size
            "},{"location":"changelog/changelog-for-seafile-professional-server/#600-beta","title":"6.0.0 beta","text":"
            • Add full screen Web UI
            • Add file comment
            • Improve zip downloading by adding zip progress
            • Change of navigation labels
            • Support Seafile Drive client
            • [admin] Add group transfer function in admin panel
            • [admin] Admin can set library permissions in admin panel
            • Improve checking the user running Seafile must be the owner of seafile-data. If seafile-data is symbolic link, check the destination folder instead of the symbolic link.
            • [ui] Improve rename operation
            • Show name/contact email in admin panel and enable search user by name/contact email
            • Add printing style for markdown and doc/pdf
            • The \u201cSeafile\u201d in \"Welcome to Seafile\" message can be customised by SITE_NAME
            • Improve sorting of files with numbers
            • [api] Add admin API to only return LDAP imported user list
            • Code clean and update Web APIs
            • Remove number of synced libraries in devices page for simplify the interface and concept
            • Update help pages
            • [online preview] The online preview size limit setting FILE_PREVIEW_MAX_SIZE will not affect videos and audio files. So videos and audio with any size can be previewed online.
            • [online preview] Add printing style for markdown

            Pro only features

            • Support LibreOffice online/Collabora Office online
            • Add two-factor authentication
            • Remote wipe (need desktop client 6.0.0)
            • [anti-virus] Support parallel scan
            • [anti-virus] Add option to only scan a file with size less than xx MB
            • [anti-virus] Add option to specific which file types to scan
            • [anti-virus] Add scanning virus instantly when user upload files via upload link
            • [online preivew] Add printing style for doc/pdf
            • [online preivew] Warn user if online preview only show 50 pages for doc/pdf with more than 50 pages
            • [fix] Fix search only work on the first page of search result pages
            "},{"location":"changelog/client-changelog/","title":"Seafile Client Changelog","text":""},{"location":"changelog/client-changelog/#90","title":"9.0","text":""},{"location":"changelog/client-changelog/#908-20240812","title":"9.0.8 (2024/08/12)","text":"
            • [win] Fix a potential crash bug when downloading files
            • [linux] Fix a few issues in AppImage
            • [linux] Support using AppImageUpdate to check updates
            "},{"location":"changelog/client-changelog/#907-20240723","title":"9.0.7 (2024/07/23)","text":"
            • Checkout files directly without writing to cache folder first
            • Use user name when creating conflict files
            • Display user name in shared library list
            • Fix \"Copy move is already in progress\" error in cloud file browser
            • Support server addresses with special characters
            • Fix help links
            • [mac] Fix crash on first run for Apple Silicon CPUs
            • [linux] Use AppImage format for release
            • [linux] Disable deletion confirmation for CLI client
            "},{"location":"changelog/client-changelog/#906-20240523","title":"9.0.6 (2024/05/23)","text":"
            • Fix sync error icon in main window
            • Handle filename case conflicts better when downloading (don't download file with case conflicts)
            • Improve conflict handling in cloud file browser
            • Add sort library feature in main window
            • Support username and password when use SOCKS5 proxy
            • Requires at least version 2 encryption protocol when creating an encrypted library (Thanks to Jonas Hofmann and Kien Tuong Truong from ETH Zurich)
            • Change local file permission when recieving unlock event from notification server
            • [mac] Update system tray icon
            • [linux] ensure only one seaf-daemon running for each account
            • [linux] Support reading parameters from configuration file
            "},{"location":"changelog/client-changelog/#905-20240305","title":"9.0.5 (2024/03/05)","text":"
            • Support Single-Sign-On with desktop browsers
            • Optimize confilct handling in cloud file browser
            • Improve share link generation UI
            • Use system proxy setting by default
            • [win] Display warning when syncing a library to network drive or windows share
            • [mac] Adapt to system style for tray area icons
            • [mac] Persist notifications to notification area
            • [linux] Check daemon running when start
            "},{"location":"changelog/client-changelog/#904-20230913","title":"9.0.4 (2023/09/13)","text":"
            • [win] Upgrade to Qt 6.5.2 and OpenSSL 3.0
            • Record an error when fail to checkout a file
            • [linux] Supports notification server
            • Handles new errors returned by newer servers
            "},{"location":"changelog/client-changelog/#903-20230705","title":"9.0.3 (2023/07/05)","text":"
            • [macOS] Provide universial package for Apple Silicon and Intel
            • Some UI improvements
            • Support file number limits for libraries on server
            • Fix error when getting links with extension menu from library root
            "},{"location":"changelog/client-changelog/#902-20230427","title":"9.0.2 (2023/04/27)","text":"
            • [macOS] Fix UTF-8 encoding issue for file names
            • Persist file sync errors in the UI
            • Fix an issue when removing large number of files from encrypted libraries
            • Remove client version checking
            • Fix resyncing libraries with non-default location
            • Fix UI issue for 2FA
            "},{"location":"changelog/client-changelog/#901-20230324","title":"9.0.1 (2023/03/24)","text":"
            • [win] Update app signing certificate
            "},{"location":"changelog/client-changelog/#900-20230320","title":"9.0.0 (2023/03/20)","text":"
            • Support notification server to update libraries and locked files more timely
            • Support Windows 7/8 again
            • Fix a progress dialog bug in cloud file browser when uploading file larger than 100MB
            "},{"location":"changelog/client-changelog/#80","title":"8.0","text":""},{"location":"changelog/client-changelog/#8010-20221228","title":"8.0.10 (2022/12/28)","text":"
            • Improve handling of moving large folders to avoid potential false deletion of files
            • Ask for user confirmation when deleting more than 500 files at once
            "},{"location":"changelog/client-changelog/#809-20221114","title":"8.0.9 (2022/11/14)","text":"
            • Add events.log to debug local file changes
            • Change commit process on restart, to avoid potential corruption state
            "},{"location":"changelog/client-changelog/#808-20220705","title":"8.0.8 (2022/07/05)","text":"
            • Allow login with password after loging out an SSO account
            • Add additional log messages when failing to start upload/download
            "},{"location":"changelog/client-changelog/#807-20220429","title":"8.0.7 (2022/04/29)","text":"
            • Fix \"Another copy or move operation is in progress\" error when copying items in cloud file browser
            • Fix folder timestamp when all items under a folder is removed
            "},{"location":"changelog/client-changelog/#806-20220304","title":"8.0.6 (2022/03/04)","text":"
            • Improve some permission error messages
            • Show errors when fails to create share link or upload link
            • Support compiling with Qt 6.2
            "},{"location":"changelog/client-changelog/#805-20211118","title":"8.0.5 (2021/11/18)","text":"
            • [Win] Improve German and French translations for context menus
            • [Linux] Fix crash bug when hovering mouse on the settings button
            "},{"location":"changelog/client-changelog/#804-20210922","title":"8.0.4 (2021/09/22)","text":"
            • Add a Settings button in the main panel
            • [CLI] Add an option to use API token for login, instead of password. This is useful for SSO login in CLI.
            • Fix problem recording file sync errors
            • Send proper content-type headers in http requests
            • A few UI fixes
            • [Linux] Support Debian 11
            "},{"location":"changelog/client-changelog/#803-20210703","title":"8.0.3 (2021/07/03)","text":"
            • [Mac,Linux] Add option to not show Windows incompatible path notifications
            • [Linux] Fix compatibility to new GLib versions
            "},{"location":"changelog/client-changelog/#802-20210521","title":"8.0.2 (2021/05/21)","text":"
            • [Mac] Fix dark mode support
            • Fix bug for updating server address
            • [Mac] Improve Finder context menu
            • [Win] Support setting password and expiration when creating links from context menu
            • [Win] Avoid consuming too much Windows Explorer CPU when copying large folders into library
            • [Mac, Linux] Pop-up notification when uploading files whose names are invalid on Windows
            • [Cli] Add --json option for listing libraries
            "},{"location":"changelog/client-changelog/#801-20201215","title":"8.0.1 (2020/12/15)","text":"
            • [Win] Fix compatibility to previously synced libraries
            • [Win] Fix failing to run issue
            • Don't stop syncing a library when local folder is unavailable, if option is set
            • [Win] Fix files with invalid names reappearing problem
            • Use SOCKS5 proxy to resolve domain names
            "},{"location":"changelog/client-changelog/#800-beta-20201128","title":"8.0.0 beta (2020/11/28)","text":"
            • [Win] Build with Visual Studio 2019 instead of MinGW
            • [Win/Mac] Upgrade Qt version to 5.15.1 (which supports TLS 1.3)
            • Add V4 encryption library support, which will be available in server 8.0
            "},{"location":"changelog/client-changelog/#70","title":"7.0","text":""},{"location":"changelog/client-changelog/#7010-20201016","title":"7.0.10 (2020/10/16)","text":"
            • Fix sync error when downloading duplicated files from a library
            • Fix crash bug when downloading files with very long names
            "},{"location":"changelog/client-changelog/#709-20200730","title":"7.0.9 (2020/07/30)","text":"
            • Avoid downloading existing blocks during sync download
            • Fix crash when cancel syncing before a library is synced
            • Fix incorrect error message in some error situations
            "},{"location":"changelog/client-changelog/#708-20200603","title":"7.0.8 (2020/06/03)","text":"
            • Fix GUI crash on start
            • Avoid redundant notification when downloading updates from a read-only library
            "},{"location":"changelog/client-changelog/#707-20200403","title":"7.0.7 (2020/04/03)","text":"
            • Use new API to copy/move files from one library to another in cloud file browser
            • [fix] Fix SSO problem after logout and login again
            • [mac] Ignore files start with ._
            • [fix] Fix deleting of multiple sync error logs
            "},{"location":"changelog/client-changelog/#706-20200214","title":"7.0.6 (2020/02/14)","text":"
            • Enable to config block size at the client side
            • Do not refresh explorer when restart
            • Can clean sync error records in sync errors dialog
            • [fix] Do not popup the sync errors dialog when click a sync notification popup
            "},{"location":"changelog/client-changelog/#705-20200114","title":"7.0.5 (2020/01/14)","text":"
            • Fix some right click menu do not work
            • Fix \"View on cloud\" function
            • Fix sign in file name break \"view file history\"
            • Support get upload link for folders
            • [mac] Fix SSO in MacOS 10.15
            "},{"location":"changelog/client-changelog/#704-20191120","title":"7.0.4 (2019/11/20)","text":"
            • Fix showing syncing error \"!\" in the system tray icon after restarting the client
            • Don't clean modified files in cloud file browser
            • Improve seaf-cli
            • [mac] Add support for MacOS 10.15
            • [mac] Drop support for MacOS 10.12, 10.11 and 10.10
            "},{"location":"changelog/client-changelog/#703-20191031","title":"7.0.3 (2019/10/31)","text":"
            • Official repo for CentOS or RHEL is ready. Currently only CentOS/RHEL 7 is supported.
            • Seaf-cli now support both Python2 and Python3.
            • Re-enable the old style seafile internal links (seafile://openfile?repo_id=\u2026)
            • Improve error message display
            • Fix a bug that local added files are deleted if the folder is removed or renamed by another user simultaneously.
            • Improve progress percentage display during syncing downloading.
            • Users can check who locked a file now
            "},{"location":"changelog/client-changelog/#702-20190812","title":"7.0.2 (2019/08/12)","text":"
            • Improve notifications when user editing files in read-only libraries
            • [fix] Fix seaf-cli syncing problem
            "},{"location":"changelog/client-changelog/#701-20190711","title":"7.0.1 (2019/07/11)","text":"
            • Fix a bug that causing GUI to crash when seaf-daemon dead
            • Fix a bug that cloud file browser does not show file status correctly
            • Do not show lots of \"Failed to index file\" messages
            "},{"location":"changelog/client-changelog/#700-20190604","title":"7.0.0 (2019/06/04)","text":"
            • Improve error notifications
            • Support new version of encrypted libraries if server version is 7.0.0+
            • Starred items support libraries and folders
            • Support new version of file activities
            • Fix the error of \"Failed to remove local repos sync token\" during client shutdown
            • Add menu to repair Windows Explorer extension
            "},{"location":"changelog/client-changelog/#62","title":"6.2","text":""},{"location":"changelog/client-changelog/#6210-20190115","title":"6.2.10 (2019/01/15)","text":"
            • [fix] Fix support for Windows user name containting non-ascii characters
            • Remove seacloud.cc from the default server list
            • Remove description from library detail dialog
            "},{"location":"changelog/client-changelog/#629-20181210","title":"6.2.9 (2018/12/10)","text":"
            • [fix] Fix background index when upload files via cloud file browser
            • Don't call ping and account-info every 5 minutes
            "},{"location":"changelog/client-changelog/#628-20181205","title":"6.2.8 (2018/12/05)","text":"
            • [fix] Don't refresh activity list automatically
            • [fix] Fix view on Web link for starred items
            "},{"location":"changelog/client-changelog/#627-20181122","title":"6.2.7 (2018/11/22)","text":"
            • Handle library permission change for synced libraries
            • Don't retry forever when error occur during first time downloading
            • [mac] Fix dark mode support on Mac Mojave
            • Show user's name instead of email in account switching popup
            "},{"location":"changelog/client-changelog/#625-20180914","title":"6.2.5 (2018/09/14)","text":"
            • More robust deleting folder locally if it is deleted on the server
            • Show file modifier in cloud file browser
            • [fix, win] Fix avatar with jpg format can't be displayed problem
            • Support getting internal link
            • [fix, win] Fix support for some SSL CA
            "},{"location":"changelog/client-changelog/#624-20180803","title":"6.2.4 (2018/08/03)","text":"
            • [fix] Fix a bug that causing Windows Explorer crash
            "},{"location":"changelog/client-changelog/#623-20180730","title":"6.2.3 (2018/07/30)","text":"
            • Prevent multiple seaf-daemon running
            • [fix] Support preconfigured Shibboleth Url
            • Restart seaf-daemon automatically if it is dead
            "},{"location":"changelog/client-changelog/#622-621-beta-20180713","title":"6.2.2 6.2.1 Beta (2018/07/13)","text":"
            • [fix] Fix initialization problem in first time launching
            • Improve file syncing notification message
            "},{"location":"changelog/client-changelog/#620-beta-20180703","title":"6.2.0 Beta (2018/07/03)","text":"
            • [mac] Add automatical locking support for Office files
            • [mac] Don't update local office file if it is editing locally while simultaneously edited remotely
            • [win] Enable using both syncing client and drive client while keep the Explorer file status icon work for both
            • [win] Remove ccnet component to make running multiple-instances on a single machine possible
            • Don't send unneccesary \"api2/events\" requests
            • [cloud file browser] Fix uploading retrying
            • [fix] Fix .eml files can't be deleted
            "},{"location":"changelog/client-changelog/#61","title":"6.1","text":""},{"location":"changelog/client-changelog/#618-20180508","title":"6.1.8 (2018/05/08)","text":"
            • [fix] Fix display of library search box
            "},{"location":"changelog/client-changelog/#617-20180329","title":"6.1.7 (2018/03/29)","text":"
            • [fix] Fix file searching
            • [cloud file browser] Support showing indexing progress after uploading a large file
            "},{"location":"changelog/client-changelog/#616-20180313","title":"6.1.6 (2018/03/13)","text":"
            • [fix] Fix crash during login
            • [cloud file browser] Only show search button when the server is pro edition
            • Show detailed path when a library can't be synced because a file is locked
            • [fix] Fix a crash during file syncing caused by files with illegal file name
            • [fix] Fix a bug that causing crash during loading libraries
            "},{"location":"changelog/client-changelog/#615-20180206","title":"6.1.5 (2018/02/06)","text":"
            • Add \"trust this device\" function to two-step authentication
            • Add search files inside a library
            • Some UI improvements
            "},{"location":"changelog/client-changelog/#614-20171220","title":"6.1.4 (2017/12/20)","text":"

            cloud file browser

            • Don't use resumable upload feature when updating a file
            • Show an icon to indicate that a file is cached
            • Show a warning icon when a file failed to upload to the server after changing
            • User can re-upload a local modified file that failed to upload
            • Add a command to open local cache folder
            • Improve error messages when uploading a file or a folder
            • [mac] Fix a bug that a doc/xls file uploaded automatically after downloading
            • Some ui fixes and improvements

            others

            • Don't show the connection status of 127.0.0.1
            • Disable editing of local syncing path, users can only choose a path
            • Some ui fixes and improvements
            "},{"location":"changelog/client-changelog/#613-20171103","title":"6.1.3 (2017/11/03)","text":"
            • [fix] Fix system tray icon
            • Change \"Shibbeloth Login\" to \"Single Sign On\"
            • [fix] Fix MacOS client using discrete GPU
            • [cloud file browser] Improve file uploading after modification
            • [cloud file browser, fix] Don't show quota exceeded when server return 502 error
            • [cloud file browser] Show number of files in current folder
            "},{"location":"changelog/client-changelog/#612-20171028","title":"6.1.2 (2017/10/28)","text":"
            • [win] Update system tray icon
            • Return error if repo name contains invalid characters when syncing a library
            • Update local folder name when repo name is changed.
            • Leave a shared library
            • [fix] Fix open cloud file browser from activity view
            • [fix] Fix loading more events in activity tab
            • [fix, cloud file browser] Always watching local cached files after uploading failed when file changed
            • [fix, cloud file browser] Use local cached version if it is changed locally
            "},{"location":"changelog/client-changelog/#611-20170920","title":"6.1.1 (2017/09/20)","text":"
            • Improve support for syncing EML files (Don't sync EML files if only timestamp changed)
            • Improve support for Copy/Paste files in cloud file browser
            • [mac] Fix opening file history from Mac
            • [fix] Fix memory leak in Windows extension handler
            • [fix] Fix re-login with Shibboleth
            • UI/UX improvements for cloud file browser
            • [fix, windows] Fix a bug in detecting whether there is an old instance of Seafile running
            "},{"location":"changelog/client-changelog/#610-20170802","title":"6.1.0 (2017/08/02)","text":"
            • [fix] Fix a bug that library name will be changed back when it is changed in the server
            • [fix] Fix a bug that uploading progress exceeding 100%.
            • [fix] Fix selectively synced subfolder disappear after logout and login again
            • Use new library icons
            • [fix] Fix showing of avatars
            • [fix] Improve UI in Windows with high DPI screens
            • Only allow https for Shibboleth login
            • Clean unused logs in applet.log
            • Remove the function of map a library to a network drive
            • [fix] Fix an issue when uploading a deep empty folder like \"A/B/C\"
            • Change default block size to 8MB
            • [fix, mac] Popup a notification after user clicking the \"Check new version\" button in about dialog if the current version is the latest version
            "},{"location":"changelog/client-changelog/#60","title":"6.0","text":""},{"location":"changelog/client-changelog/#607-20170623","title":"6.0.7 (2017/06/23)","text":"
            • [fix] Fix auto-completion in sharing dialog
            • Show contact avatars in auto-completion of sharing dialog
            • [fix] Fix mis-leading error message when uploading a file to a read-only library via cloud file browser
            • Add highlight background color when drag and drop a file/folder to a library
            • [fix] Fix connection error in libcurl
            • [fix] Fix sorting by time in cloud file browser
            • [fix] Fix sorting by name case sensitive in cloud file browser
            • [fix] Fix drag more than one folder to cloud file browser
            • Add loading more in activity tab and search tab
            • \"View sync error\" can only be clicked when there are sync errors
            • Move seafile.log, applet.log to seafile.log.old, applet.log.old if they become too large
            • Remove the \"?\" icon in creating new folder dialog title bar
            "},{"location":"changelog/client-changelog/#606-20170508","title":"6.0.6 (2017/05/08)","text":"
            • Sort files by numbers if numbers contained in the file name, so \"1, 10, 2, 11, 3\" will be sorted as \"1, 2, 3, 10, 11\".
            • Use native system window for Seafile main windown and cloud file browser window.
            • Fix progress overflow when uploading large file using cloud file browser
            • Improve the tip when removing an account in the client
            • Don't show download button when select folders in cloud file browser
            • Clean cache data of cloud file browser when logout an account or restart the client
            • [fix] Fix display problem for high screen Windows in win10
            • [fix] Fix libssl compatibility problem in Debain Stretch
            • Add auto-update check
            "},{"location":"changelog/client-changelog/#604-20170221","title":"6.0.4 (2017/02/21)","text":"
            • [fix] Fix Shibboleth login support
            • Improve network connection check
            • Don't log \"read pipe error\" into log file
            • [fix] Fix the link for help page
            • Improve library sharing dialog (pro edition only feature)
            "},{"location":"changelog/client-changelog/#603-20170211","title":"6.0.3 (2017/02/11)","text":"
            • Add a dialog to list all sync errors
            • Don't popup file is locked by other users error message
            • Make sync error message more accurate
            • [win] Support intermediate CA
            • [cloud file browser] Show correct error message when quota is exceeded during file upload
            • Show the server address during Shibboleth login
            • Support pre-config Shibboleth server address in seafile.ini
            • [fix] Show the recent shared user in sharing dialog
            • \"open folder\" changed to \"open local folder\"
            "},{"location":"changelog/client-changelog/#602-deprecated","title":"6.0.2 (deprecated)","text":"

            This version has a few bugs. We will fix it soon.

            "},{"location":"changelog/client-changelog/#601-20161207","title":"6.0.1 (2016/12/07)","text":"
            • Don't generate case conflict file/folder
            • [fix] Fix popup style for Mac Sierra
            • Show image thumbnail in cloud file browser
            • Change label \"organization\" to \"shared with all\", \"private shares\" to \"shared with me\"
            "},{"location":"changelog/client-changelog/#600-20161014","title":"6.0.0 (2016/10/14)","text":"
            • [fix] Fix a conflict problem with ESET anti-virus program
            • Fix client name and add client version in modification history
            • Add remote wipe support
            • [fix] Fix sub-folder permission support
            "},{"location":"changelog/client-changelog/#51","title":"5.1","text":""},{"location":"changelog/client-changelog/#514-20160729","title":"5.1.4 (2016/07/29)","text":"
            • [fix] Fix seaf-daemon crash if root dir is corrupted
            • [fix, pro] Fix auto-completion in sharing a folder to a user if the user name contains a space
            "},{"location":"changelog/client-changelog/#513-20160627","title":"5.1.3 (2016/06/27)","text":"
            • Support syncing any sub-folder with a community server
            • [fix, win] Fix automatically unlocking office files
            • [fix, pro] Fix auto-completion in sharing a folder to a user
            • auto-login for open file history in web
            • Prevent generating too many \"case conflict\" files
            "},{"location":"changelog/client-changelog/#512-20160607","title":"5.1.2 (2016/06/07)","text":"
            • Add context menu to view file history in web
            • [fix, pro] Fix user auto-completion in folder sharing dialog
            • [linux] Fix tray icon not shown in KDE 5 https://github.com/haiwen/seafile-client/issues/697
            • [win 10, fix] Fix explorer context menu has no right arrow
            • [win, fix] Can't create new files/folders in \"My Library\" Shortcut
            • [win, fix] Fix on Windows 10 sometimes the seafile client main window exceeds the height of the screen.
            "},{"location":"changelog/client-changelog/#511-20160504","title":"5.1.1 (2016/05/04)","text":"
            • Add \u201cGroups\u201d category in the client\u2019s library view
            • Click notification pop up now open the exact folder containing the modified file.
            • Change \"Get Seafile Share Link\" to \"Get Seafile Download Link\"
            • [fix] Use case-insensitive sorting in cloud file browser
            • [fix] Don't sync a folder in Windows if it contains invalid characters instead of creating an empty folder with invalid name
            • [fix] Fix a rare bug where sometimes files are synced as zero length files. This happens when another software doesn't change the file timestamp after changing the content of the file.
            "},{"location":"changelog/client-changelog/#510-20160411","title":"5.1.0 (2016/04/11)","text":"

            Note: Seafile client now support HiDPI under Windows, you should remove QT_DEVICE_PIXEL_RATIO settings if you had set one previous.

            • Update to QT5.6
            • Add HiDPI support
            • Remove corrupted local metadata when unsync or resync a library
            "},{"location":"changelog/client-changelog/#50","title":"5.0","text":""},{"location":"changelog/client-changelog/#507-20160329","title":"5.0.7 (2016/03/29)","text":"
            • [fix, mac] Enable multi-users running Seafile on Mac
            • [win, pro] auto-lock office files (doc/ppt/excel) when open, require Seafile pro edition v5.1.0+
            • Enable using system proxy setting
            • Auto login when viewing unread notifications
            • Record device name to modification history
            "},{"location":"changelog/client-changelog/#506-20160308","title":"5.0.6 (2016/03/08)","text":"
            • [fix, mac] Fix deleted folder get re-uploaded if with .DS_Store inside
            • [fix] Fix loading proxy configuration during start-up
            • [fix] Fix a crash bug when using libcurl with multiplt https connection
            • [fix] Fix sync problem when the network connection is slow
            • Use GB/MB/KB instead of GiB/MiB/KiB (1GB = 1000MB = 1,000,000KB)
            • [fix] Fix disappear of synced sub-folder from the main window
            • Small UI improvements
            "},{"location":"changelog/client-changelog/#505-20160220","title":"5.0.5 (2016/02/20)","text":"
            • [fix] Fix a crash bug in multi-threaded file download/upload
            "},{"location":"changelog/client-changelog/#504-20160126","title":"5.0.4 (2016/01/26)","text":"
            • Add crash report support
            • [win] Add mapping a synced library as a network drive
            "},{"location":"changelog/client-changelog/#503-20160113","title":"5.0.3 (2016/01/13)","text":"
            • [fix] Fix German translation
            "},{"location":"changelog/client-changelog/#502-20160111","title":"5.0.2 (2016/01/11)","text":"
            • [fix] Fix compatibility issue with F-Secure
            • Add setting sync interval for a library
            • Showing progress when downloading file list during the first-time syncing
            "},{"location":"changelog/client-changelog/#501-20151221","title":"5.0.1 (2015/12/21)","text":"
            • [fix] Fix a memory leak
            • Show user name instead of email in the profile area
            • [pro] For pro users, you can manage the library sharing from the client now.
            "},{"location":"changelog/client-changelog/#500-20151125","title":"5.0.0 (2015/11/25)","text":"
            • Show storage usage
            • Support login via username
            • Set current tab icon color to orange
            • Send notifications when sync error happens for some files
            • Improve file locking for Microsoft Office files
            • [fix] Fix preventing syncing with any folder if it is prevented by the server
            • [windows] Set TCP send buffer size and TCP_NODELAY options
            • [fix] Keep ignore files when deleting a folder (https://github.com/haiwen/seafile/issues/1383)
            "},{"location":"changelog/client-changelog/#44","title":"4.4","text":""},{"location":"changelog/client-changelog/#442-20151020","title":"4.4.2 (2015/10/20)","text":"
            • [fix] Fix showing data transfer percentage in syncing.
            • Add open containing folder in search result
            "},{"location":"changelog/client-changelog/#441-20151014","title":"4.4.1 (2015/10/14)","text":"
            • [fix, win] Fix a rare bug in file sync on Windows related to multi-thread downloading
            "},{"location":"changelog/client-changelog/#440-20150918","title":"4.4.0 (2015/09/18)","text":"
            • Fix bugs in file ignore feature
            • Fix popup two password input dialogs when visit an encrypted library
            • Popup a tip when file conflicts happen
            • Don't send the password to server when creating an encrypted library
            • [mac] Fix support for TLS 1.2
            • [win, extension] Add context menu \"get internal link\"
            • Enable uploading of an empty folder in cloud file browser
            • [pro] Enable customization of app name and logo for the main window (See https://github.com/haiwen/seafile-docs/blob/master/config/seahub_customization.md#customize-the-logo-and-name-displayed-on-seafile-desktop-clients-seafile-professional-only)
            • A few small UI improvements
            "},{"location":"changelog/client-changelog/#43","title":"4.3","text":""},{"location":"changelog/client-changelog/#434-20150914","title":"4.3.4 (2015/09/14)","text":"
            • Fix a bug in refresh file locking status icon
            • Use 3 threads instead of 10 threads when syncing files to reduce load on server
            "},{"location":"changelog/client-changelog/#433-20150825","title":"4.3.3 (2015/08/25)","text":"
            • Fix one more syncing issues introduced in v4.3.0
            • Improve the file lock icon
            • Improve cloud file browser
            • Fix icon overlay problem in win10
            • Add back sync with existing folder
            "},{"location":"changelog/client-changelog/#432-20150819","title":"4.3.2 (2015/08/19)","text":"
            • Fix more syncing issues introduced in v4.3.0
            • Update translation
            • Fix ignore feature
            • Add HiDPI icons for cloud file browser
            "},{"location":"changelog/client-changelog/#431-20150811","title":"4.3.1 (2015/08/11)","text":"
            • Fix syncing issues.
            "},{"location":"changelog/client-changelog/#430-beta-20150803","title":"4.3.0 beta (2015/08/03)","text":"
            • [fix, windows] Fix a bug that causes freeze of Seafile UI
            • [sync] Improve index performance after a file is modified
            • [sync] Use multi-threads to upload/download file blocks
            • [admin] Enable config Seafile via seafile.rc in Mac/Linux or seafile.ini in Windows (https://github.com/haiwen/seafile-user-manual/blob/master/en/faq.md)
            • [admin] Enable uninstall Seafile without popup \"deleting config files\" dialog
            • Add file lock
            • [mac, extension] Add getting Seafile internal link
            • [mac, extension] Improve performance of showing sync status
            "},{"location":"changelog/client-changelog/#42","title":"4.2","text":""},{"location":"changelog/client-changelog/#428-20150711","title":"4.2.8 (2015/07/11)","text":"
            • [win] Another fix on the explorer extension
            • Improve the ui for downloading the encrypted library
            • filebrowser: fix a crash when closed while context menu pop up
            • explorer extension: show read-only badge when a file is read-only
            "},{"location":"changelog/client-changelog/#427-20150708","title":"4.2.7 (2015/07/08)","text":"
            • [win] Fixed another bug that will cause crash of explorer extension
            • [win] Add executable file version information for the client
            • [mac] Use OS X native notification when possible (OS X >= 10.8)
            • [mac] Implement sync status improvement for every files
            • filebrowser: fix uploading failures in the folders with permission set
            • filebrowser: support \"save as\" multiple files simultaneously
            • filebrowser: fix the sorting of folders
            • filebrowser: implement get seafile internal link
            • shibboleth: popup ShiLoginDialog when doing relogin
            • [ui] disable the inputablity of computer name when doing login
            "},{"location":"changelog/client-changelog/#426-20150625","title":"4.2.6 (2015/06/25)","text":"
            • [win] Fixed more memory problem that will cause crash of explorer extension
            "},{"location":"changelog/client-changelog/#425-20150624","title":"4.2.5 (2015/06/24)","text":"
            • [win] Fixed a possible memory corruption in explorer extension
            • [win] Add icon for readonly state in explorer extension
            • [win] unconfigured clients now can hide the configuration wizard
            • [win] ui: improve set password dialog
            • [win] fix broken local DNS resolve
            • [mac] add \"seafile://\" protocol support
            • [ui] tweak search tab item padding
            • Add a menu item to open seafile folder
            • [ui] don't change current account after logout
            • [ui] fix some bugs on account-view
            • [ui] improve account management
            • filebrowser: support readonly directories
            • [fix] Fix creating subfolder for password-protected repo
            • [fix] Fix file size integer overflow in search results
            "},{"location":"changelog/client-changelog/#424-20150611","title":"4.2.4 (2015/06/11)","text":"
            • [win] add workarounds with auto update bugs in cloud browser
            • [win] add the missing support for ipv6 (curl)
            • [pro] add new tab to searching files
            • [osx] fix the regularly disappearance tray icon (Qt5.4.2)
            • [osx] fix broken network connection sometimes after resume (Qt5.4.2)
            • add an option to syncing with an existing folder with a different name
            • avoid race condition when quiting
            • fix a bug with opening password-protected repo in cloud browser
            • ui: tweak paddings in the event activities
            • filebrowser: show file type correctly along with icons
            • ui: improve repo item category
            • ui: show download link in share link dialog
            • ui: enhance event details
            "},{"location":"changelog/client-changelog/#423-20150529","title":"4.2.3 (2015/05/29)","text":"
            • Improve self-signed CA support
            • Auto login when click \"view on cloud\"
            • [fix] Fix bugs with open directory from modification details dialog (pro)
            • [fix] Fix incorrect transfer rates for each sync task
            • [fix] Fix auto uploaded modified files in cloud file browser for some office files
            "},{"location":"changelog/client-changelog/#422-20150526","title":"4.2.2 (2015/05/26)","text":"
            • [win] Use Openssl to handle HTTPS connection
            • [mac] Load trusted CA certificates from Keychain
            • [fix] Fix logout/login issue (libraries stay at waiting for sync)
            • [fix] Fix a file deletion problem in Mac client
            • Ignore the others of ssl errors if we have dealt with one
            • Expand env variable in preconfigure seafile directory
            • Hide explorer extension option on other platforms than windows
            • Cloud file browser: fix broken title bar when minimized on windows
            • Remove unused option in setting dialog
            "},{"location":"changelog/client-changelog/#421-20150514","title":"4.2.1 (2015/05/14)","text":"
            • [fix] Fix \"Waiting for synchronization\" problem
            • [win] Fixed encoding problem in the explorer extension
            • [win] Prefer home for seafile data dir when it is on the largest drive
            • [win] Adopt preconfigure directory for initialization if any
            • [win] Adopt preconfigure server addr for adding accounts if any
            • [win] Open current repo worktree when clicking ballon message
            • [mac] Fix some memory leaks
            • Description is no longer required when creating repositories
            • [fix] Fix webview url for server version >= 4.2.0
            • redesign the event list in activity tab (pro)
            • [fix] Fix window focus when creating repository from drag and drop
            • [fix] filebrowser: fix sorting column kind for non-English users
            • network: disable weak ciphers explicitly
            • [fix] Fix a issue synced subfolders are not shown when client starts
            • [fix] Remember the used server addresses for convenience
            • [fix] Fix the ssl handshake errors with custom CA seafile servers
            "},{"location":"changelog/client-changelog/#420-20150507","title":"4.2.0 (2015/05/07)","text":"
            • [win] Support overlay icons for files based on the sync status
            • Use http syncing only
            • Auto detect existing folders and prompt \"syncing with existing folder\" in first time syncing
            • [win] Open desktop icon popup the main window if Seafile is already running
            • Respect umask on Linux
            • [fix] Fix main window stay outside screens problem
            • [fix] Fix a few small syncing issues.
            • [osx] Allow sharing root directory from finder extension
            • Auto login from the client when click the server URL (need v4.2 server)
            • Auto logout when the authorization is expired (require server supports)
            • Auto detect existing folders in first time syncing
            • Save server info persistently
            • More miscellaneous fixes
            "},{"location":"changelog/client-changelog/#41","title":"4.1","text":""},{"location":"changelog/client-changelog/#416-20150421","title":"4.1.6 (2015/04/21)","text":"
            • [win] add overlay icon to show sync status at the library level
            • [win] add an option to enable/disable explorer extension support
            • [mac] add finder sync extension (need OSX 10.10.x)
            • [mac] fix the broken hide-the-dock option in some cases
            • [linux] fix the bug that we have two title bar for some desktop environment
            • Update shibboleth support
            • [cloud file browser] Pop notifications when new versions of cached files uploaded
            • [cloud file browser] Add a save_as action
            • [cloud file browser] Improve file browser's UI
            • [fix] Fix a rare case of login failure by using complex password, a regression from 4.1.0
            • [fix] Fix a rare case of program crash when changing accounts
            • Update avatars automatically
            • More miscellaneous fixes
            "},{"location":"changelog/client-changelog/#415-20150409","title":"4.1.5 (2015/04/09)","text":"
            • Add Shibboleth login support
            • Reset local modified files to the state in Server when resyncing a read-only library.
            • [fix] Fix unable to unsync a library when it is in the state of uploading files
            • [fix, win] handle file/directory locking more gracefully
            • Add http user agent for better logging in Apache/Nginx
            • [fix] Fix timeout problem in first time syncing for large libraries
            "},{"location":"changelog/client-changelog/#414-20150327","title":"4.1.4 (2015/03/27)","text":"
            • [fix, win] Fix Windows explore crash by seafile extension when right clicking on \"Libraries->Documents\" at the right side
            "},{"location":"changelog/client-changelog/#413-20150323","title":"4.1.3 (2015/03/23)","text":"
            • [fix] Fix unable to sync bug (permission denial) if the Windows system user name contains space like \"test 123\" introduced in v4.1.2
            • [win] Update version of OpenSSL to 1.0.2a
            "},{"location":"changelog/client-changelog/#412-20150319-deprecated","title":"4.1.2 (2015/03/19) (deprecated)","text":"
            • Add logout/login support (need server 4.1.0+)
            • fix proxy password disappearance after restarting issue
            • mask proxy password in the setting dialog
            • [fix] fix unexpected disconnection with proxy servers
            • [fix] fix a conflicting case when we have read-only sharing repository to a group
            • update translations
            • support darkmode (OS X)
            • and other minor fixes
            "},{"location":"changelog/client-changelog/#411-20150303","title":"4.1.1 (2015/03/03)","text":"
            • Add network proxy support for HTTP sync
            • [mac] Add more complete support for retina screen
            • Improve UI
            • Add option for killing old Seafile instance when starting a new one
            • Add experimental support for HiDPI screen on Windows and Linux
            • Showing shared from for private shared libraries
            • Use API token v2 for shibbloeth login
            • [fix] Fix some bugs in uploading file from cloud file browser
            • fix a bug of uploading directory from cloud file browser (pro version)
            "},{"location":"changelog/client-changelog/#410-beta-20150129","title":"4.1.0 beta (2015/01/29)","text":"
            • Add support for HDPI screen by using QT5
            • [win] Add context menu for generating share link
            • Enable changing of interface language
            • Make http syncing the default option (will fall back to non-http sync automatically if the server does not support it)
            • [fix] Fix a problem in handling long path in Windows
            "},{"location":"changelog/client-changelog/#40","title":"4.0","text":""},{"location":"changelog/client-changelog/#407-20150122","title":"4.0.7 (2015/01/22)","text":"
            • [win] support for file path greater than 260 characters.

            In the old version, you will sometimes see strange directory such as \"Documents~1\" synced to the server, this because the old version did not handle long path correctly.

            "},{"location":"changelog/client-changelog/#406-20150109","title":"4.0.6 (2015/01/09)","text":"
            • [fix] Fix a timeout problem during file syncing (Which also cause program crash sometimes).
            "},{"location":"changelog/client-changelog/#405-20141224","title":"4.0.5 (2014/12/24)","text":"
            • [mac] More on fixing mac syncing problem
            • [linux, mac] Do not ignore files with invalid name in Windows
            • [fix] Fix \"sync now\"
            • [fix] Handle network problems during first time sync
            • [file browser] Support create folders
            • [file browser] Improve interface
            • [file browser] Support multiple file selection and operation
            "},{"location":"changelog/client-changelog/#404-20141215","title":"4.0.4 (2014/12/15)","text":"
            • [mac] Fix a syncing problem when library name contains \"\u00e8\" characters
            • [windows] Gracefully handle file lock issue.

            In the previous version, when you open an office file in Windows, it is locked by the operating system. If another person modify this file in another computer, the syncing will be stopped until you close the locked file. In this new version, the syncing process will continue. The locked file will not be synced to local computer, but other files will not be affected.

            "},{"location":"changelog/client-changelog/#403-20141203","title":"4.0.3 (2014/12/03)","text":"
            • [mac] Fix a syncing problem when library name contains \"\u00e8\" characters
            • [fix] Fix another bug in syncing with HTTP protocol
            "},{"location":"changelog/client-changelog/#402-20141129","title":"4.0.2 (2014/11/29)","text":"
            • [fix] Fix bugs in syncing with HTTP protocol
            "},{"location":"changelog/client-changelog/#401-20141118","title":"4.0.1 (2014/11/18)","text":"
            • [fix] Fix crash problem
            "},{"location":"changelog/client-changelog/#400-20141110","title":"4.0.0 (2014/11/10)","text":"
            • Add http syncing support
            • Add cloud file browser
            "},{"location":"changelog/client-changelog/#31","title":"3.1","text":""},{"location":"changelog/client-changelog/#3112-20141201","title":"3.1.12 (2014/12/01)","text":"
            • [fix] Fix a syncing problem for files larger than 100MB.
            "},{"location":"changelog/client-changelog/#3111-20141115","title":"3.1.11 (2014/11/15)","text":"
            • [fix] Fix \"sometimes deleted folder reappearing problem\" on Windows.

            You have to update all the clients in all the PCs. If one PC does not use the v3.1.11, when the \"deleting folder\" information synced to this PC, it will fail to delete the folder completely. And the folder will be synced back to other PCs. So other PCs will see the folder reappear again.

            "},{"location":"changelog/client-changelog/#3110-20141113","title":"3.1.10 (2014/11/13)","text":"
            • [fix] Fix conflict problem when rename the case of a folder
            • [fix] Improve the deleted folder reappearing problem if it contains ignored files
            • [fix] Add \"resync\" action
            "},{"location":"changelog/client-changelog/#318-20141028","title":"3.1.8 (2014/10/28)","text":"
            • Better support read-only sync. Now local changes will be ignored.
            • [mac,fix] Fix detection of local changes.
            "},{"location":"changelog/client-changelog/#317-20140928","title":"3.1.7 (2014/09/28)","text":"
            • [fix] Fix another not sync problem when adding a big file (>100M) and several other files.
            "},{"location":"changelog/client-changelog/#316-20140919","title":"3.1.6 (2014/09/19)","text":"
            • Add option to sync MSOffice/Libreoffice template files
            • Add back choosing the \"Seafile\" directory when install Seafile client.
            • Add option to change the address of a server
            • Add menu item for open logs directory
            • [mac] Add option for hide dock icon
            • Show read-only icon for read-only libraries
            • Show detailed information if SSL certification is not valid
            • Do not show \"Seafile was closed unexpectedly\" message when turning down of Windows
            • Don't refresh libraries/starred files when the window is not visible
            • Move local file to conflict file when syncing with existing folder
            • Add more log information when file conflicts happen
            • [fix] Fix sync error when deleting all files in a library
            • [fix] Fix not sync problem when adding a big file (>100M) and several small files together.
            • [fix] Fix Windows client doesn't save advanced settings
            "},{"location":"changelog/client-changelog/#315-20140814","title":"3.1.5 (2014/08/14)","text":"
            • Do not ignore libreoffice lock files
            • [fix] Fix possible crash when network condition is not good.
            • [fix] Fix problem in syncing a large library with an existing folder
            • Add option \"do not unsync a library even it is deleted in the server\"
            • [mac] upgrade bundled openssl to 1.0.1i
            • [mac] remove unused ossp-uuid dependency
            • [mac] fix code sign issue under OSX 10.10
            "},{"location":"changelog/client-changelog/#314-20140805","title":"3.1.4 (2014/08/05)","text":"
            • [fix, mac] Fix case conflict problem under Mac
            "},{"location":"changelog/client-changelog/#313-20140804","title":"3.1.3 (2014/08/04)","text":"
            • [fix] Fix showing bubble
            • [mac] More UI improvements
            • Do not ignore 'TMP', 'tmp' files
            "},{"location":"changelog/client-changelog/#312-20140801","title":"3.1.2 (2014/08/01)","text":"
            • Do not show rotate icon when checking update for a library
            • Do not show activity tab if server not supported
            • [mac] show unread messages tray icon on Mac
            • [mac] Improve UI for Mac
            • [fix] Support rename files from upper case to lower case or vice versa.
            "},{"location":"changelog/client-changelog/#311-20140728","title":"3.1.1 (2014/07/28)","text":"
            • [win] Fix crash problems
            • [win] Fix interface freeze problem when restoring the window from the minimized state
            • Remove the need of selecting Seafile directory
            "},{"location":"changelog/client-changelog/#310-20140724","title":"3.1.0 (2014/07/24)","text":"
            • Add starred files and activity history
            • Notification on unread messages
            • Improve icons for Retina screen
            • Load and show avatar from server
            • Use new and better icons
            "},{"location":"changelog/client-changelog/#30","title":"3.0","text":""},{"location":"changelog/client-changelog/#304","title":"3.0.4","text":"
            • [fix] Fix a syncing bug
            "},{"location":"changelog/client-changelog/#303","title":"3.0.3","text":"
            • [fix] Fix syncing problem when update from version 2.x
            • [fix] Fix UI when syncing an encrypted library
            "},{"location":"changelog/client-changelog/#302","title":"3.0.2","text":"
            • [fix] Fix a syncing issue.
            "},{"location":"changelog/client-changelog/#301","title":"3.0.1","text":"
            • Improved ssl check
            • Imporved ui of sync library dialog
            • Send device name to the server
            • [fix] Fixed system shutdown problem
            • [fix] Fixed duplicate entries in recently updated libraries list
            • Remove ongoing library download tasks when removing an account
            • Updated translation
            • [fix] Fix file ID calculation
            "},{"location":"changelog/client-changelog/#300","title":"3.0.0","text":"
            • Adjust settings dialog hint text size
            • Improved login dialog
            "},{"location":"changelog/client-changelog/#22","title":"2.2","text":""},{"location":"changelog/client-changelog/#220","title":"2.2.0","text":"
            • Add check for the validity of servers' SSL Certification
            "},{"location":"changelog/client-changelog/#21","title":"2.1","text":""},{"location":"changelog/client-changelog/#212","title":"2.1.2","text":"
            • Show proper error message when failed to login
            • Show an error message in the main window when failed to get libraries list
            • Open seahub in browser when clicking the account url
            • Add an option \"Do not automatically unsync a library\"
            • Improve sync status icons for libraries
            • Show correct repo sync status icon even if global auto sync is turned off
            • Show more useful notification than \"Auto merge by system\" when conflicts were merged
            "},{"location":"changelog/client-changelog/#211","title":"2.1.1","text":"
            • Make the main window resizable
            • [windows] Improved tray icons
            • Show detailed network error when login failed
            • Show sub-libraries
            • [windows] Use the name of the default library as the name of the virtual disk
            "},{"location":"changelog/client-changelog/#210","title":"2.1.0","text":"
            • Redesigned the UI of the main window
            • [windows] Download the default library, and creates a virtual disk for it in \"My Computer\"
            • Support drag and drop a folder to sync
            • Automatically check for new version on startup
            • Support of file syncing from both inside and outside the LAN
            • [fix] Fix a bug of clicking the tray icon during initialization
            • [fix] fixed a few bugs in merge and handling of empty folders
            • [mac] Fixed the alignment in settings dialog
            "},{"location":"changelog/client-changelog/#20","title":"2.0","text":""},{"location":"changelog/client-changelog/#208","title":"2.0.8","text":"
            • [fix] Fix UI freeze problem during file syncing
            • Improve syncing speed (More improvements will be carried out in our next version)
            "},{"location":"changelog/client-changelog/#207-dont-use-it","title":"2.0.7 (Don't use it)","text":"

            Note: This version contains a bug that you can't login into your private servers.

            • [fix] Fix a bug which may lead to crash when exiting client
            • show library download progress in the library list
            • add official server addresses to the login dialog
            • improve library sync status icons
            • [windows] use the same tray icon for all windows version later than Vista
            • translate the bubble notification details to Chinese
            "},{"location":"changelog/client-changelog/#206","title":"2.0.6","text":"
            • [windows] Fix handling daylight saving time
            • Improve library details dialog
            • [fix] Fix a bug in api request
            • Improve the handling of \"Organization\" libraries
            • [fix] Fix the settings of upload/download rate limit
            • [fix] Update French/German translations
            • [cli] Support the new encryption scheme
            "},{"location":"changelog/client-changelog/#205","title":"2.0.5","text":"
            • Improve UI
            • Fix a bug in French translation
            "},{"location":"changelog/client-changelog/#204","title":"2.0.4","text":"
            • Improve memory usage during syncing
            • [windows] Change system tray icons
            • [windows] Hide seafile-data under Seafile folder
            • [fix] Fix remember main window's location
            • Improve the dialog for adding account
            • Add setting for showing main windows on seafile start up
            • Open local folder when double click on a library
            • Show warning dialog when login to a server with untrusted ssl certification
            "},{"location":"changelog/client-changelog/#203","title":"2.0.3","text":"
            • sync empty folder
            • support seafile crypto v2
            • show warning in system tray when some servers not connected
            • add German/French/Hungarian translations
            • change system tray icons for Windows
            • show \"recent updated libraries\"
            • reduce cpu usage
            • [fix] fixed a bug when login with password containing characters like \"+\" \"#\"
            • ask the user about untrusted ssl certs when login
            • add Edit->Settings and \"view online help\" menu item
            "},{"location":"changelog/client-changelog/#202","title":"2.0.2","text":"
            • [fix] Fix compatibility with server v1.8
            • [fix] the bug of closing the settings dialog
            • Add Chinese translation
            • Show error detail when login failed
            • Remember main window position and size
            • Improve library detail dialog
            • Add unsync a library
            "},{"location":"changelog/client-changelog/#200","title":"2.0.0","text":"
            • Re-implement GUI with Qt
            "},{"location":"changelog/client-changelog/#18","title":"1.8","text":"

            1.8.1

            • [bugfix] Fix a bug in indexing files

            1.8.0

            • [bugfix] Skip chunking error
            • Improve local web interface
            • Remove link to official Seafile server
            • Ignore all temporary files created by Microsoft Office
            • Add French and Slovak translation
            "},{"location":"changelog/client-changelog/#17","title":"1.7","text":"

            1.7.3

            • [bugfix] Fix a small syncing bug.

            1.7.2

            • [bugfix] Fix a bug in un-syncing library. https://github.com/haiwen/seafile/issues/270

            1.7.1

            • [win] Fix selecting of Seafile directory

            1.7.0

            • [win] Enable selecting of Seafile directory
            • Enable setting of upload/download speed
            • Use encrypted transfer by default
            • Support ignore certain files by seafile-ignore.txt
            "},{"location":"changelog/client-changelog/#16","title":"1.6","text":"

            1.6.2

            • [bugfix,mac] Fix a bug in supporting directory names with accents

            1.6.1

            • [bugfix] Prevent running of multiple seaf-daemon instance
            • Improve the efficiency of start-up GC for libraries in merge stage
            • [mac,win] Handle case-conflict files by renaming

            1.6.0

            • [linux,mac] Support symbolic links
            • [seaf-cli] clean logs
            • Do not re-download file blocks when restart Seafile during file syncing
            • [bugfix] Fix treating files as deleted when failed to create it due to reasons like disk full.
            • [bugfix] Fix several bugs when shutdown Seafile during some syncing operation.
            "},{"location":"changelog/client-changelog/#15","title":"1.5","text":"

            1.5.3

            • Log the version of seafile client when start-up.
            • [bugfix] Fix a bug when simultaneously creating an empty folder with same name in server and client.
            • [bugfix] Always use IPv4 address to connect a server.

            1.5.2

            • [bug] Fix a memory-access bug when showing \"Auto merge by seafile system\" in bubble

            1.5.1

            • [seaf-cli] Fix a bug in initializing the config dir.
            • [bugfix] Improve the robustness of DNS looking-up. Use standard DNS looking-up instead of libevent's non-blocking version.

            1.5.0

            • Add Seaf-cli
            • Check the correctness of password in the beginning of downloading a encrypted library.
            • Show detailed information in bubble
            • Enable change the server's address in the client
            • [linux] Do not popup the browser when start up
            • Remove seafile-web.log
            "},{"location":"changelog/drive-client-changelog/","title":"SeaDrive Client Changelog","text":""},{"location":"changelog/drive-client-changelog/#3011-20240910","title":"3.0.11 (2024/09/10)","text":"
            • [win] Reuse cache folder when resync account
            • [win] Don't download files with case conflicts in file names
            • [mac] Remove local library metadata when deleting account
            • [mac] Support uploading app package files
            • [mac] Support latest TLS protocol
            • [mac] Fix crash when first start on Apple Silicon
            • [mac] Fix sync issue when creating a new folder and putting files into it
            • Use usernames as suffix for conflict files, instead of emails
            "},{"location":"changelog/drive-client-changelog/#3010-20240618","title":"3.0.10 (2024/06/18)","text":"
            • [mac] Fix support for using mulitple accounts after macOS 14.4
            • Support accessing libraries with cloud-only sub-folders
            • Support username and password for SOCKS5 proxy
            • Record sync error when fail to download file
            "},{"location":"changelog/drive-client-changelog/#309-20240425","title":"3.0.9 (2024/04/25)","text":"
            • Improve handling of exceptional file/folder operations, e.g. creating files in root folder, read-only folders
            • Fixed some crash issues
            • [mac] Hide \"Do not sync\" menu item from context menu
            • [mac] Improved tray icon
            • [mac] Improved mechanism for preventing more than one seadrive file provider processes from running
            "},{"location":"changelog/drive-client-changelog/#308-20240221","title":"3.0.8 (2024/02/21)","text":"
            • Support Single-Sign-On with desktop browser
            • [win] Delete invalid placeholders when re-login to an account
            • [mac] Adjust the color and size of icons in system tray area
            • [mac] Upload file execution permission
            • [mac] Keep messages in notification area
            • [mac] Fix some syncing issues
            "},{"location":"changelog/drive-client-changelog/#307-20231204","title":"3.0.7 (2023/12/04)","text":"
            • Support accessing libraries with invisible sub-folder permissions
            • [mac] Don't remove cache folders when removing accounts
            • [mac] Always start extension when restarting the SeaDrive app
            • [win] Avoid a case that can create empty commits
            • [win] Make modifying cache location work again
            • Use system proxy settings by default
            "},{"location":"changelog/drive-client-changelog/#306-20230915","title":"3.0.6 (2023/09/15)","text":"
            • [win] Upgrade Qt to 6.5.2 and OpenSSL 3.0
            • [win] Add a tip that re-syncing an account will create a new sync root folder
            • [mac] Fix a bug that uncaching a file will make it 0-sized
            "},{"location":"changelog/drive-client-changelog/#305-20230815","title":"3.0.5 (2023/08/15)","text":"
            • [win] Fix thumbnail orientation issue
            • [mac] Add confirmation when move/copy files into root or category folders
            • [mac] Fix unix socket name too long issue
            • Fix bug when removing folder group permissions when notification server is used
            • Support some new errors returned by newer servers
            "},{"location":"changelog/drive-client-changelog/#304-20230610","title":"3.0.4 (2023/06/10)","text":"
            • [mac] Fix crash bug when adding new account
            • [mac] Fix crash bug of GUI due to file descriptor leakage
            • Fix status icon display issue
            "},{"location":"changelog/drive-client-changelog/#303-20230525","title":"3.0.3 (2023/05/25)","text":"
            • [win] Support image thumbnails
            • [win] Add resync account function, to help fix invalid placeholder issues
            • [win] Remove entry in explorer when remove an account
            • [win] Only convert file to placeholder after it's uploaded
            • [win] Fix a bug that opening a file returns all zeros
            • [win] Fix a bug that syncing doesn't work when restart SeaDrive with no network connection
            • [win] Fix seafile_ext64.dll permission
            • Require user confirmation when deleting a library
            • Always display \"File Sync Errors\" menu item in system tray icon menu
            • [mac] (Beta) Provide native Apple Silicon binary
            • [mac] (Beta) Upgrade Qt to 6.2.4
            • [mac] (Beta) Fix a bug that after downloading file with web browser to SeaDrive, file modification time becomes 1970.
            • [mac] (Beta) Add more actions to right-click menu in Finder
            "},{"location":"changelog/drive-client-changelog/#302-beta-20230324","title":"3.0.2 Beta (2023/03/24)","text":"
            • [mac] Use File Provider API to implement virtual drive
            • Allow syncing multiple accounts at the same time
            • Support notification server, which makes library and locked files update more timely
            "},{"location":"changelog/drive-client-changelog/#2027-for-windows-20230324","title":"2.0.27 for Windows (2023/03/24)","text":"
            • [win] Update app signing certificate
            • [win] Fix a potential crash issue
            "},{"location":"changelog/drive-client-changelog/#2026-20221228","title":"2.0.26 (2022/12/28)","text":"
            • Ask for user confirmation when deleting more than 500 files at once
            "},{"location":"changelog/drive-client-changelog/#2025-windows-20221203","title":"2.0.25 (Windows) (2022/12/03)","text":"
            • Disable removing invalid placeholders logic, to avoid mistakenly removing placeholders
            • Fix a crash issue when fails to register sync root
            • Avoid a potential case where empty commits are created
            "},{"location":"changelog/drive-client-changelog/#2024-windows-20221114","title":"2.0.24 (Windows) (2022/11/14)","text":"
            • Add events.log for debugging local file changes
            • Remove invalid placeholders after re-login (when corresponsiding files were removed on server)
            • Resume creating placehooders when the first sync process was interrupted
            "},{"location":"changelog/drive-client-changelog/#2024-macos-20221109","title":"2.0.24 (macOS) (2022/11/09)","text":"
            • Support macOS 13
            "},{"location":"changelog/drive-client-changelog/#2023-20220818","title":"2.0.23 (2022/08/18)","text":"
            • [Win] Fix problems when renaming libraries in the client
            "},{"location":"changelog/drive-client-changelog/#2022-20220623","title":"2.0.22 (2022/06/23)","text":"
            • [Win] Fix a placeholder size not updated issue.
            • Improving moving files/folders with special characters in names
            • [Linux] Fix CMake error
            "},{"location":"changelog/drive-client-changelog/#2021-windows-20220321","title":"2.0.21 (Windows) (2022/03/21)","text":"
            • Don't remove cache folder when logout and remove account, to prevent unintended removal of files.
            • Disallow changing cases for library names.
            • Retry when failed to convert a file/folder to placeholder.
            "},{"location":"changelog/drive-client-changelog/#2020-20220304","title":"2.0.20 (2022/03/04)","text":"
            • [Win] Avoid creating empty change records
            • [Win] Fix a bug in cache cleaning: Don't clean files not uploaded yet.
            • Support cache path that contains empty spaces
            • Improve a few permission error messages
            • Show errors when fails to create share links or upload links
            • Support compiling with Qt 6.2
            "},{"location":"changelog/drive-client-changelog/#2019-windows-20211229","title":"2.0.19 (Windows) (2021/12/29)","text":"
            • Ignore timestamp changes to .eml files
            • Unregister sync root when user choose to remove account data in uninstallation
            "},{"location":"changelog/drive-client-changelog/#2018-macos-20211029","title":"2.0.18 (macOS) (2021/10/29)","text":"
            • Add support for macOS 12
            "},{"location":"changelog/drive-client-changelog/#2018-windows-20211026","title":"2.0.18 (Windows) (2021/10/26)","text":"
            • Improve library loading speed on restart
            "},{"location":"changelog/drive-client-changelog/#2017-20210930","title":"2.0.17 (2021/09/30)","text":"
            • [Win] Fix unable to rename libraries
            • [Win] Avoid repetitively removing and re-downloading libraries in some rare cases
            • [Win] Add notification when all libraries are loaded on restart
            • [Win] Fix bug when a library is both shared personally and to a group
            "},{"location":"changelog/drive-client-changelog/#2016-2021813","title":"2.0.16 (2021/8/13)","text":"
            • [Win] Fix failure to delete placeholder files
            • [Win] Fix failure to create placeholder files when there are duplicate file names with different cases
            • Set Content-Type header in http requests
            "},{"location":"changelog/drive-client-changelog/#2015-2021720","title":"2.0.15 (2021/7/20)","text":"
            • [Win] Fix wrong status icon after a folder is moved to another library
            • [Win] Fix one more potential isssue that can cause \"cloud operation invalid\" error
            • [Win] Fix pinning a file in device
            • [Win] Pop-up notifications when a folder is moved to the category folder
            • [Linux] Fix build with latest GLib
            "},{"location":"changelog/drive-client-changelog/#2014-2021526","title":"2.0.14 (2021/5/26)","text":"
            • [Win] Fix crash issue when have multiple accounts with the same user names
            • [Win] Fix potential \"cloud operation invalid\" error when downloading a file
            • [Win] Avoid creating unwanted conflict files on restart
            • [Win] Handle renaming of invalid folder name
            • [Win] Support auto cleaning cache space
            • [Win,Mac] Support \"seafile://\" protocol for opening file with client
            • Report nicer error message when a library is too large to sync
            "},{"location":"changelog/drive-client-changelog/#2013-2021323","title":"2.0.13 (2021/3/23)","text":"
            • [Win] Fix crash issue when multiple accounts with the same name are used
            • [Win] Improve download speed for large files
            • [Win] Improvement and bug fixes for context menu
            • [Win] A few UI fixes
            • [Win] Support preconfigure cache folder location
            • [Mac] Fix bug for cleaning cached file/folder
            "},{"location":"changelog/drive-client-changelog/#2012-2021129","title":"2.0.12 (2021/1/29)","text":"
            • [Win] Fix crash issue when repeatedly download and cancel download some files
            • [Win] Fix some cases for creating unexpected conflict files
            • [Win] Automatically download new files for pinned folders
            • Don't create commits for read-only libraries. Avoid unexpected permission errors.
            • [Win] Add user names to the shortcut in File Explorer
            • [Win] Pop notifications when files are created in a category folder
            • [Win] Make the columns in transfer progress dialog resizable
            "},{"location":"changelog/drive-client-changelog/#2010-20201229","title":"2.0.10 (2020/12/29)","text":"
            • [Win] Add context menu
            • [Mac] Support Apple Silicon M1 CPU
            • [Linux] Unmount on exit
            "},{"location":"changelog/drive-client-changelog/#209-20201120","title":"2.0.9 (2020/11/20)","text":"
            • [Mac] Fix failure to load kernel extension on macOS 11 Big Sur
            "},{"location":"changelog/drive-client-changelog/#208-20201114","title":"2.0.8 (2020/11/14)","text":"
            • [Mac] Support macOS 11
            • [Win] Fix moving multiple files/folders across different folders
            "},{"location":"changelog/drive-client-changelog/#207-20201031","title":"2.0.7 (2020/10/31)","text":"
            • [Win] Avoid unintended file deletions when removing seafile account
            • [Mac] Fix some application compatibility issues caused by extended file attributes handling
            "},{"location":"changelog/drive-client-changelog/#206-20200924","title":"2.0.6 (2020/09/24)","text":"
            • [Win] Remove invalid characters from sync root folder name
            • [Win] Increase request timeout for rename library, delete library, create library, move folders
            • [Win] Avoid creating redundant sync root folders on restart
            • [Win] Support pre-configuration registry keys
            "},{"location":"changelog/drive-client-changelog/#1012-20200825","title":"1.0.12 (2020/08/25)","text":"
            • Fix occasional \"permission denied\" error when syncing a library
            "},{"location":"changelog/drive-client-changelog/#205-20200730","title":"2.0.5 (2020/07/30)","text":"
            • Fix occasional \"permission denied\" error when syncing a library
            • [Win] Remove explorer shortcut when uninstall SeaDrive or change cache folder location
            "},{"location":"changelog/drive-client-changelog/#204-20200713","title":"2.0.4 (2020/07/13)","text":"
            • [Win] Use username for cache folder name instead of a hash value
            • [Win] Retry download files when pinning a folder
            • [Win] Retry rename category folder when switching language
            • [Win] Only allow install on Windows 10 1709 or later
            • [Mac] Disable \"search in Finder\" option
            • Fix tray icon sync error status
            "},{"location":"changelog/drive-client-changelog/#203-20200617","title":"2.0.3 (2020/06/17)","text":"
            • [Win] Fix crash on Windows 10 1709 - 1803
            • [Win] Show SeaDrive shortcut when opening files in 32-bit applications (e.g. Word)
            • [Win] Avoid creating unnecessary conflict files
            • [Win] Improve error message of opening placeholder files when SeaDrive is not running
            • [Win] Support removing account information when uninstall
            "},{"location":"changelog/drive-client-changelog/#202-20200523","title":"2.0.2 (2020/05/23)","text":"
            • [Mac] Support syncing encrypted libraries
            • [Win] Support change cache location
            • [Win] Improve account switching behaviors
            • [Win] Other bug fixes
            "},{"location":"changelog/drive-client-changelog/#201-for-windows-20200413","title":"2.0.1 for Windows (2020/04/13)","text":"
            • Fix issues when switching languages
            • Fix issues for legacy Windows \"8.3 format\" paths
            • Improve speed of creating placeholders
            • Don't add SeaDrive cache folder to Windows search index
            • Use short hash instead of \"servername_account\" for cache folder name
            • Prevent the old Explorer extension from calling new SeaDrive (avoiding high CPU usage)
            • Fix small issues in encrypted library support
            • Change installation location from \"Seafile Ltd\" to \"Seafile\"
            • Add SeaDrive entry to Windows start menu
            • Change \"seadrive\" to \"SeaDrive\" in Explorer navigation pane
            • Fix SSO re-login failure
            "},{"location":"changelog/drive-client-changelog/#200-for-windows-20200320","title":"2.0.0 for Windows (2020/03/20)","text":"
            • Use Windows 10 native API to implement the virtual drive
            • Support syncing encrypted libraries
            "},{"location":"changelog/drive-client-changelog/#1011-20200207","title":"1.0.11 (2020/02/07)","text":"
            • Fix a bug that logout and login will lead to file deletion
            • [mac] Fix a bug in SSO
            "},{"location":"changelog/drive-client-changelog/#1010-20191223","title":"1.0.10 (2019/12/23)","text":"
            • Fix a bug that sometimes SeaDrive is empty when network unavailable
            • Fix generating too many tokens when library downloading failed
            • Fix sometimes files should be ignored are uploaded
            • Automatically re-sync a library if local metadata is broken
            • [mac] Add support for MacOS 10.15
            • [mac] Drop support for MacOS 10.12
            "},{"location":"changelog/drive-client-changelog/#108-20191105","title":"1.0.8 (2019/11/05)","text":"
            • Support French and Germany language for top level folder name
            • Fix a compatible issue with Excel
            • Fix a problem in cleaning local cache
            • Support delete library in category My Libraries
            • Ignore .fuse_hidden file in Mac
            • Rotate seadrive.log
            "},{"location":"changelog/drive-client-changelog/#107-20190821","title":"1.0.7 (2019/08/21)","text":"
            • [mac] Improve finder extension
            "},{"location":"changelog/drive-client-changelog/#106-20190701","title":"1.0.6 (2019/07/01)","text":"
            • [fix, win] Fix a problem when uninstall or upgrade the drive client when the client is running.
            • [fix] Fix a crash problem when file path containing invalid character
            "},{"location":"changelog/drive-client-changelog/#105-20190611","title":"1.0.5 (2019/06/11)","text":"
            • [fix] Fix lots of \"Creating partial commit after adding\" in the log
            • [fix] Fix permission at the client is wrong when a library shared to different groups with different permissions
            • [fix] Don't show libraries with online preview or online read-write permission
            • [mac] Add Mac Finder preview plugin to prevent automatically downloading of files
            "},{"location":"changelog/drive-client-changelog/#104-20190423","title":"1.0.4 (2019/04/23)","text":"
            • [fix] Fix file locking
            • [fix] Fix support of detecting pro edition when first time login
            • Support Kerberos authentication
            "},{"location":"changelog/drive-client-changelog/#103-20190318","title":"1.0.3 (2019/03/18)","text":"
            • [fix] Fix copy folders with properties into SeaDrive
            • [fix] Fix a possible crash bug when listing libraries
            "},{"location":"changelog/drive-client-changelog/#101-20190114","title":"1.0.1 (2019/01/14)","text":"
            • Update included Dokany drive
            • Improve notification when user try to delete a library in the client
            • [fix] Fix getting internal link for folders
            • [fix] Fix problem after changing the cache directory
            • [fix] Fix support for guest users that have no storage capacity
            • [fix] Fix timeout when loading a library with a lot of files
            "},{"location":"changelog/drive-client-changelog/#100-20181119","title":"1.0.0 (2018/11/19)","text":"
            • [fix] Allow a guest user to copy files into shared library
            • Support pause sync
            • [win] Add option to only allow current user to view the virtual disk
            • [win] Don't let the Windows to search into the internal cache folder
            • [win] Install the explorer extension to system path to allow multiple users to use the extension
            • [mac] Add option to allow search in Finder (disabled by default)
            • [mac] Update kernel drive to support Mac Mojave
            • [mac] Support office file automatically lock
            "},{"location":"changelog/drive-client-changelog/#095-20180910","title":"0.9.5 (2018/09/10)","text":"
            • [fix, win] Fix support for some SSL CA
            • Redirect to https if user accidentally input server's address with http but the server is actually use http
            • [fix, win] Show a tooltip that the Windows system maybe rebooted during upgrading drive client
            • [fix, mac] Fix permission problems during installation on Mac 10.13+
            "},{"location":"changelog/drive-client-changelog/#094-20180818","title":"0.9.4 (2018/08/18)","text":"
            • [win] No longer depends on .Net framework
            • [mac] Support file search in Finder
            • [win] Fix loading of HTTPS certifications
            "},{"location":"changelog/drive-client-changelog/#093-20180619","title":"0.9.3 (2018/06/19)","text":"
            • [win] Show syncing status at the top level folders
            • [fix] Fix sometimes logout/login lead to empty drive folder
            • Support change cache folder
            • Add \"open file/open folder\" in search window
            • Set automatically login to true in SSO mode
            • [mac] Fix compatibility with AirDrop
            "},{"location":"changelog/drive-client-changelog/#092-20180505","title":"0.9.2 (2018/05/05)","text":"
            • Fix a bug that causing SeaDrive crash
            "},{"location":"changelog/drive-client-changelog/#091-20180424","title":"0.9.1 (2018/04/24)","text":"
            • Fix a bug that causing crash when file search menu is clicked
            "},{"location":"changelog/drive-client-changelog/#090-20180424","title":"0.9.0 (2018/04/24)","text":"
            • Libraries are displayed under three folders \"My Libraries\", \"Group Libraries\", \"Shared libraries\"
            • [fix] Fix a bug in cleaning cache
            • [win] Update the kernel drive
            • Improve syncing notification messages
            • [mac] Include the kernel drive with the SeaDrive package
            • [mac] Add Finder sidebar shortcut
            • Add file search
            "},{"location":"changelog/drive-client-changelog/#086-20180319","title":"0.8.6 (2018/03/19)","text":"
            • [fix] Fix compatibility with Visio and other applications by implementing a missing system API
            "},{"location":"changelog/drive-client-changelog/#085-20180103","title":"0.8.5 (2018/01/03)","text":"
            • [fix] Fix SeaDrive over RDP in Windows 10/7
            • [fix] Fix SeaDrive shell extension memory leak
            • [fix] Fix duplicated folder/files shown in Finder.app (macOS)
            • [fix] Fix file cache status icon for MacOS
            "},{"location":"changelog/drive-client-changelog/#084-20171201","title":"0.8.4 (2017/12/01)","text":"
            • [fix] Fix Word/Excel files can't be saved in Windows 10
            • Add \"download\" context menu to explicitly download a file
            • Change \"Shibboleth\" to \"Single Sign On\"
            "},{"location":"changelog/drive-client-changelog/#083-20171124","title":"0.8.3 (2017/11/24)","text":"
            • [fix] Fix deleted folder recreated issue
            • Improve UI of downloading/uploading list dialog
            "},{"location":"changelog/drive-client-changelog/#081-20171103","title":"0.8.1 (2017/11/03)","text":"
            • Use \"REMOVABLE\" when mount the drive disk
            • Prevent creating \"System Volume Information\"
            • Some UI fixes
            "},{"location":"changelog/drive-client-changelog/#080-20170916","title":"0.8.0 (2017/09/16)","text":"
            • [fix] Reuse old drive letter after SeaDrive crash
            • [fix] Fix rename library back to old name when it is changed in the server
            • [fix] Fix sometimes network can not reconnected after network down
            • Change default block size to 8MB
            • Make auto-login as default
            • Remount SeaDrive when it is unmounted after Windows hibernate
            "},{"location":"changelog/drive-client-changelog/#071-20170623","title":"0.7.1 (2017/06/23)","text":"
            • [fix] Fix a bug that causing client crash
            "},{"location":"changelog/drive-client-changelog/#070-20170607","title":"0.7.0 (2017/06/07)","text":"
            • Add support for multi-users using SeaDrive on a single desktop. But different users must choose different drive letters.
            • Improve write performance
            • [fix] When a non-cached file is locked in the server, the \"lock\" icon will be shown instead of the \"cloud\" icon.
            • Add \"automatically login\" option in login dialog
            • Add file transfer status dialog.
            "},{"location":"changelog/drive-client-changelog/#062-20170422","title":"0.6.2 (2017/04/22)","text":"
            • [fix] Fix after moving a file to a newly created sub folder, the file reappear when logout and login
            • Refresh current folder and the destination folder after moving files from one library to another library
            • [fix] Fix file locking not work
            • [fix] Fix sometimes files can't be saved
            "},{"location":"changelog/drive-client-changelog/#061-20170327","title":"0.6.1 (2017/03/27)","text":"
            • [fix] Don't show a popup notification to state that a file can't be created in S: because a few programs will automatically try to create files in S:
            "},{"location":"changelog/drive-client-changelog/#060-20170325","title":"0.6.0 (2017/03/25)","text":"
            • Improve syncing status icons
            • Show error in the interface when there are syncing errors
            • Don't show rorate icon when downloading/uploading metadata
            • [fix] Don't download files when the network is not connected
            "},{"location":"changelog/drive-client-changelog/#052-20170309","title":"0.5.2 (2017/03/09)","text":"
            • [fix] Rename a non-cached folder or file will lead to sync error.
            "},{"location":"changelog/drive-client-changelog/#051-20170216","title":"0.5.1 (2017/02/16)","text":"
            • [fix] Fix copying exe files to SeaDrive on Win 7 will freeze the explorer
            • The mounted drive is only visible to the current user
            • Add popup notification when syncing is done
            • [fix] Fix any change in the settings leads to a drive letter change
            "},{"location":"changelog/drive-client-changelog/#050-20170118","title":"0.5.0 (2017/01/18)","text":"
            • Improve stability
            • Support file locking
            • Support sub-folder permission
            • [fix] Fix 1TB limitation
            • User can choose disk letter in settings dialog
            • Support remote wipe
            • [fix] Use proxy server when login
            • Click system tray icon open SeaDrive folder
            • Support application auto-upgrade
            "},{"location":"changelog/drive-client-changelog/#042-20161216","title":"0.4.2 (2016/12/16)","text":"
            • [fix] Fix SeaDrive initialization error during Windows startup
            "},{"location":"changelog/drive-client-changelog/#041-20161107","title":"0.4.1 (2016/11/07)","text":"
            • [fix] Fix a bug that lead to empty S: drive after installation.
            "},{"location":"changelog/drive-client-changelog/#040-20161105","title":"0.4.0 (2016/11/05)","text":"
            • [fix] Fix a bug that leads to generation of conflict files when editing
            • Add translations
            • Update included Dokany library to 1.0
            • Don't show encrypted libraries even in command line
            • Show permission error when copy a file to the root
            • Show permission error when try to modify a read-only folder
            • Show permission error when try to delete a folder in the root folder
            "},{"location":"changelog/drive-client-changelog/#031-20161022","title":"0.3.1 (2016/10/22)","text":"
            • Fix link for license terms
            • Use new system tray icon
            • Add notification for cross-libraries file move
            "},{"location":"changelog/drive-client-changelog/#030-20161014","title":"0.3.0 (2016/10/14)","text":"
            • Support selecting Drive letter
            • Don't create folders like msiS50.tmp on Windows
            • [fix] Fix cache size limit settings
            • Correctly show the storage space if the space is unlimited on the server side.
            "},{"location":"changelog/drive-client-changelog/#020-20160915","title":"0.2.0 (2016/09/15)","text":"
            • Add shibboleth support
            • Show a dialog notify the client is downloading file list from the server during initialisation
            • Show transfer rate
            • [fix] Fix a bug that lead to the file modification time to be empty
            • [fix] Fix a bug that lead to files not be uploaded
            "},{"location":"changelog/drive-client-changelog/#010-20160902","title":"0.1.0 (2016/09/02)","text":"
            • Initial release
            "},{"location":"changelog/server-changelog-old/","title":"Seafile Server Changelog (old)","text":""},{"location":"changelog/server-changelog-old/#50","title":"5.0","text":"

            Note when upgrade to 5.0 from 4.4

            You can follow the document on major upgrade (http://manual.seafile.com/deploy/upgrade.html) (url might deprecated)

            In Seafile 5.0, we have moved all config files to folder conf, including:

            • seahub_settings.py -> conf/seahub_settings.py
            • ccnet/ccnet.conf -> conf/ccnet.conf
            • seafile-data/seafile.conf -> conf/seafile.conf
            • [pro only] pro-data/seafevents.conf -> conf/seafevents.conf

            If you want to downgrade from v5.0 to v4.4, you should manually copy these files back to the original place, then run minor_upgrade.sh to upgrade symbolic links back to version 4.4.

            The 5.0 server is compatible with v4.4 and v4.3 desktop clients.

            Common issues (solved) when upgrading to v5.0:

            • DatabaseError after Upgrade to 5.0 https://github.com/haiwen/seafile/issues/1429#issuecomment-153695240
            "},{"location":"changelog/server-changelog-old/#505-20160302","title":"5.0.5 (2016.03.02)","text":"
            • Get name, institution, contact_email field from Shibboleth
            • [webdav] Don't show sub-libraries
            • Enable LOGIN_URL to be configured, user need to add LOGIN_URL to seahub_settings.py explicitly if deploy at non-root domain, e.g. LOGIN_URL = '//accounts/login/'.
            • Add ENABLE_USER_CREATE_ORG_REPO to enable/disable organization repo creation.
            • Change the Chinese translation of \"organization\"
            • Use GB/MB/KB instead of GiB/MiB/KiB in quota calculation and quota setting (1GB = 1000MB = 1,000,000KB)
            • Show detailed message if sharing a library failed.
            • [fix] Fix JPG Preview in IE11
            • [fix] Show \"out of quota\" instead of \"DERP\" in the case of out of quota when uploading files via web interface
            • [fix] Fix empty nickname during shibboleth login.
            • [fix] Fix default repo re-creation bug when web login after desktop.
            • [fix] Don't show sub-libraries at choose default library page, seafadmin page and save shared file to library page
            • [fix] Seafile server daemon: write PID file before connecting to database to avoid a problem when the database connection is slow
            • [fix] Don't redirect to old library page when restoring a folder in snapshot page
              • "},{"location":"changelog/server-changelog-old/#504-20160113","title":"5.0.4 (2016.01.13)","text":"
              • [fix] Fix unable to set a library to keep full history when the globally default keep_days is set.
              • [fix] Improve the performance of showing library trash
              • [fix] Improve share icon
              • Search user by name in case insensitive way
              • Show broken libraries in user's library page (so they can contact admin for help)
              • [fix] Fix cache for thumbnail in sharing link
              • [fix] Enable copy files from read-only shared libraries to other libraries
              • [fix] Open image gallery popup in grid view when clicking the thumbnail image
              "},{"location":"changelog/server-changelog-old/#503-20151217","title":"5.0.3 (2015.12.17)","text":"
              • [ui] Improve UI of all groups page
              • Don't allow sharing library to a non-existing user
              • [fix, admin] Fix deleting a library when the owner does not exist anymore
              • [fix] Keep file last modified time when copy files between libraries
              • Enable login via username in API
              • [ui] Improve markdown editor

              Improve seaf-fsck

              • Do not set \"repaired\" mark
              • Clean syncing tokens for repaired libraries so the user are forced to resync the library
              • Record broken file paths in the modification message

              Sharing link

              • Remember the \"password has been checked\" information in session instead of memcached
              • [security] Fix password check for visiting a file in password protected sharing link.
              • Show file last modified time
              • [fix] Fix image thumbnail in grid view
              • [ui] Improve UI of grid view mode
              "},{"location":"changelog/server-changelog-old/#502-20151204","title":"5.0.2 (2015.12.04)","text":"
              • [admin] Show the list of groups an user joined in user detail page
              • [admin] Add exporting user/group statistics into Excel file
              • Showing libraries list in \"All Groups\" page
              • Add importing group members from CSV file
              • [fix] Fix the performance problem in showing thumbnails in folder sharing link page
              • [fix] Clear cache when set user name via API
              • [fix, admin] Fix searching libraries by name when some libraries are broken
              "},{"location":"changelog/server-changelog-old/#501-beta-20151112","title":"5.0.1 beta (2015.11.12)","text":"
              • [fix] Fix start up parameters for seaf-fuse, seaf-server, seaf-fsck
              • Update Markdown editor and viewer. The update of the markdown editor and parser removed support for the Seafile-specific wiki syntax: Linking to other wikipages isn't possible anymore using [[ Pagename]].
              • Add tooltip in admin panel->library->Trash: \"libraries deleted 30 days before will be cleaned automatically\"
              • Include fixes in v4.4.6
              "},{"location":"changelog/server-changelog-old/#500-beta-20151103","title":"5.0.0 beta (2015.11.03)","text":"

              UI changes:

              • change most png icons to icon font
              • UI change of file history page
              • UI change of library history page
              • UI change of trash page
              • UI change of sharing link page
              • UI change of rename operation
              • Add grid view for folder sharing link
              • Don't open a new page when click the settings, trash and history icons in the library page
              • other small UI improvements

              Config changes:

              • Move all config files to folder conf
              • Add web UI to config the server. The config items are saved in database table (seahub-dab/constance_config). They have a higher priority over the items in config files.

              Trash:

              • A trash for every folder, showing deleted items in the folder and sub-folders. Others changes

              Admin:

              • Admin can see the file numbers of a library
              • Admin can disable the creation of encrypted library

              Security:

              • Change most GET requests to POST to increase security
              "},{"location":"changelog/server-changelog-old/#44","title":"4.4","text":""},{"location":"changelog/server-changelog-old/#446-20151109","title":"4.4.6 (2015.11.09)","text":"
              • [security] Fix a XSS problem in raw sharing link
              • [fix] Delete sharing links when deleting a library
              • [fix] Clean Seafile tables when deleting a library
              • [fix] Add tag to the link in upload folder email notification
              • [fix] Fix a bug in creating a library (after submit a wrong password, the submit button is no longer clickable)
                • "},{"location":"changelog/server-changelog-old/#445-20151031","title":"4.4.5 (2015.10.31)","text":"
                • [fix] Fix a bug in deleting sharing link in sharing dialog.
                "},{"location":"changelog/server-changelog-old/#444-20151027","title":"4.4.4 (2015.10.27)","text":"
                • [fix] Fix support for syncing old formatted libraries
                • Only import LDAP users to Seafile internal database upon login
                • Only list imported LDAP users in \"organization->members\"
                • Remove commit and fs objects in GC for deleted libraries
                • Improve error log for LDAP
                • Add \"transfer\" operation to library list in \"admin panel->a single user\"
                • [fix] Fix the showing of the folder name for upload link generated from the root of a library
                "},{"location":"changelog/server-changelog-old/#443-20151015","title":"4.4.3 (2015.10.15)","text":"
                • [security] Check validity of file object id to avoid a potential attack
                • [fix] Check the validity of system default library template, if it is broken, recreate a new one.
                • [fix] After transfer a library, remove original sharing information
                • [security] Fix possibility to bypass Captcha check
                • [security] More security fixes.
                "},{"location":"changelog/server-changelog-old/#442-20151012","title":"4.4.2 (2015.10.12)","text":"
                • [fix] Fix sometimes a revision is missing from a file's version history
                • [security] Use HTTP POST instead of GET to remove libraries
                • [fix] Fix a problem that sharing dialog not popup in IE10
                • A few other small UI improvements
                "},{"location":"changelog/server-changelog-old/#441-20150924","title":"4.4.1 (2015.09.24)","text":"
                • [fix] Fix a bug in setting an user's language
                • [fix] Show detailed failed information when sharing libraries failed
                • Update translations
                • [api] Add API to list folders in a folder recursively
                • [api] Add API to list only folders in a folder
                "},{"location":"changelog/server-changelog-old/#440-20150916","title":"4.4.0 (2015.09.16)","text":"

                New features:

                • Allow group names with spaces
                • Enable generating random password when adding an user
                • Add option SHARE_LINK_PASSWORD_MIN_LENGTH
                • Add sorting in share link management page
                • Show total/active number of users in admin panel
                • Other UI improvements

                Fixes:

                • [fix] Fix a bug that causing duplications in table LDAPImport
                • [security] Use POST request to handle password reset request to avoid CSRF attack
                • Don't show password reset link for LDAP users
                • set locale when Seahub start to avoid can't start Seahub problem in a few environments.
                "},{"location":"changelog/server-changelog-old/#43","title":"4.3","text":""},{"location":"changelog/server-changelog-old/#432-20150820","title":"4.3.2 (2015.08.20)","text":"
                • [fix, important] Bug-fix and improvements for seaf-fsck
                • [fix, important] Improve I/O error handling for file operations on web interface
                • Update shared information when a sub-folder is renamed
                • [fix] Fix bug of list file revisions
                • Update translations
                • [ui] Small improvements
                • [fix] Fix api error in opCopy/opMove
                • Old library page (used by admin in admin panel): removed 'thumbnail' & 'preview' for image files
                • [fix] Fix modification operations for system default library by admin
                "},{"location":"changelog/server-changelog-old/#431-20150729","title":"4.3.1 (2015.07.29)","text":"
                • [fix] Fix generating image thumbnail
                • [ui] Improve UI for sharing link page, login page, file upload link page
                • [security] Clean web sessions when reset an user's password
                • Delete the user's libraries when deleting an user
                • Show link expiring date in sharing link management page
                • [admin] In a user's admin page, showing libraries' size and last modify time
                "},{"location":"changelog/server-changelog-old/#430-20150721","title":"4.3.0 (2015.07.21)","text":"

                Usability Improvement

                • [ui] Improve ui for file view page
                • [ui] Improve ui for sorting files and libraries
                • Redesign sharing dialog
                • Enable generating random password for sharing link
                • Remove private message module
                • Remove direct single file sharing between users (You can still sharing folders)
                • Change \"Quit\" to \"Leave group\" in group members page

                Others

                • Improve user management for LDAP
                • [fix] Fix a bug that client can't detect a library has been deleted in the server
                • [security] Improve permission check in image thumbnail
                • [security] Regenerate Seahub secret key, the old secret key lack enough randomness
                • Remove the support of \".seaf\" format
                • [api] Add API for generating sharing link with password and expiration
                • [api] Add API for generating uploading link
                • [api] Add API for link files in sharing link
                • Don't listen in 10001 and 12001 by default.
                • Add an option to disable sync with any folder feature in clients
                • Change the setting of THUMBNAIL_DEFAULT_SIZE from string to number, i.e., use THUMBNAIL_DEFAULT_SIZE = 24, instead of THUMBNAIL_DEFAULT_SIZE = '24'
                "},{"location":"changelog/server-changelog-old/#42","title":"4.2","text":"

                Note when upgrade to 4.2 from 4.1:

                If you deploy Seafile in a non-root domain, you need to add the following extra settings in seahub_settings.py:

                COMPRESS_URL = MEDIA_URL\nSTATIC_URL = MEDIA_URL + '/assets/'\n
                "},{"location":"changelog/server-changelog-old/#423-20150618","title":"4.2.3 (2015.06.18)","text":"
                • Add global address book and remove the contacts module (You can disable it if you use CLOUD_MODE by adding ENABLE_GLOBAL_ADDRESSBOOK = False in seahub_settings.py)
                • Use image gallery module in sharing link for folders containing images
                • [fix] Fix missing library names (show as none) in 32bit version
                • [fix] Fix viewing sub-folders for password protected sharing
                • [fix] Fix viewing starred files
                • [fix] Fix supporting of uploading multi-files in clients' cloud file browser
                • Improve security of password resetting link
                "},{"location":"changelog/server-changelog-old/#422-20150529","title":"4.2.2 (2015.05.29)","text":"
                • [fix] Fix picture preview in sharing link of folders
                • Improve add library button in organization tab
                "},{"location":"changelog/server-changelog-old/#421-20150527","title":"4.2.1 (2015.05.27)","text":"
                • Add direct file download link
                • [fix] Fix group library creation bug
                • [fix] Fix library transfer bug
                • [fix] Fix markdown file/wiki bug
                • Don't show generating sharing link for encrypted libraries
                • Don't show the list of sub-libraries if user do not enable sub-library
                • Enable adding existing libraries to organization
                • Add loading tip in picture preview page
                "},{"location":"changelog/server-changelog-old/#420-beta-20150513","title":"4.2.0 beta (2015.05.13)","text":"

                Usability

                • Remove showing of library description
                • Don't require library description
                • Keep left navigation bar when navigate into a library
                • Generate share link for the root of a library

                Security Improvement

                • Remove access tokens (all clients will log out) when a users password changed
                • Temporary file access tokens can only be used once
                • sudo mode: confirm password before doing sysadmin work

                Platform

                • Use HTTP/HTTPS sync only, no longer use TCP sync protocol
                • read/write permission on sub-folders (Pro)
                • Support byte-range requests
                • Automatically clean of trashed libraries
                • [ldap] Save user information into local DB after login via LDAP
                "},{"location":"changelog/server-changelog-old/#41","title":"4.1","text":""},{"location":"changelog/server-changelog-old/#412-20150331","title":"4.1.2 (2015.03.31)","text":"
                • [fix] Fix several packaging related bugs (missing some python libraries)
                • [fix] Fix webdav issue
                • [fix] Fix image thumbnail in sharing link
                • [fix] Fix permission mode of seaf-gc.sh
                • Show detailed time when mouse over a relative time
                "},{"location":"changelog/server-changelog-old/#411-20150325","title":"4.1.1 (2015.03.25)","text":"
                • Add trashed libraries (deleted libraries will first be put into trashed libraries where system admin can restore)
                • [fix] Fix upgrade script for SQLite
                • Improve seaf-gc.sh
                • Do not support running on CentOS 5.
                "},{"location":"changelog/server-changelog-old/#410-beta-20150318","title":"4.1.0 beta (2015.03.18)","text":"
                • Shibboleth authentication support.
                • Redesign fsck.
                • Add image thumbnail in folder sharing link
                • Add API to support logout/login an account in the desktop client
                • Add API to generate thumbnails for images files
                • Clean syncing tokens after deleting an account
                • Change permission of seahub_settings.py, ccnet.conf, seafile.conf to 0600
                • Update Django to v1.5.12
                "},{"location":"changelog/server-changelog-old/#40","title":"4.0","text":""},{"location":"changelog/server-changelog-old/#406-20150204","title":"4.0.6 (2015.02.04)","text":"

                Important

                • [fix] Fix transfer library error in sysadmin page
                • [fix] Fix showing of space used in sysadmin page for LDAP users
                • Improved trash listing performance

                Small

                • [webdav] list organisation public libraries
                • Disable non-shibboleth login for shibboleth users
                • [fix] Fix wrong timestamp in file view page for files in sub-library
                • Add Web API for thumbnail
                • Add languages for Thai and Turkish, update a few translations
                "},{"location":"changelog/server-changelog-old/#405-20150114","title":"4.0.5 (2015.01.14)","text":"

                Important

                • [fix] Fix memory leak in HTTP syncing
                • Repo owner can restore folders/files from library snapshot
                • Update translations
                • Only repo owner can restore a library to a snapshot

                Small improvements

                • [fix] Remote redundant logs in seaf-server
                • [fix] Raise 404 when visiting an non-existing folder
                • [fix] Enable add admin when LDAP is enabled
                • Add API to get server features information (what features are supported by this server)
                • [fix] Fix throttle for /api2/ping
                "},{"location":"changelog/server-changelog-old/#404-20150106","title":"4.0.4 (2015.01.06)","text":"
                • [fix] Fix syncing sub-library with HTTP protocol
                • [fix] Fix a bug in setup-seafile-mysql.sh
                "},{"location":"changelog/server-changelog-old/#403-20141230","title":"4.0.3 (2014.12.30)","text":"
                • [fix] Fix unable to share library to another user
                "},{"location":"changelog/server-changelog-old/#402-20141226","title":"4.0.2 (2014.12.26)","text":"
                • Add image thumbnail
                • Add Shibboleth support (beta)
                • [fix] Fix performance problem in listing files API
                • [fix] Fix listing files of a large folder
                • [fix] Fix folder sharing link with password protection
                • [fix] Fix deleting broken libraries in the system admin panel
                "},{"location":"changelog/server-changelog-old/#401-20141129","title":"4.0.1 (2014.11.29)","text":"
                • [fix] Fix bugs in syncing with HTTP protocol
                • Add upgrading script (from v3.1 to v4.0)
                "},{"location":"changelog/server-changelog-old/#400-20141110","title":"4.0.0 (2014.11.10)","text":"
                • Add HTTP syncing support
                • Merge FileServer into seaf-server
                "},{"location":"changelog/server-changelog-old/#31","title":"3.1","text":""},{"location":"changelog/server-changelog-old/#317-20141020","title":"3.1.7 (2014.10.20)","text":"
                • [fix] Fixed performance problem in WebDAV extension
                • [fix] Fixed quota check in WebDAV extension
                • [fix] Fixed showing libraries with same name in WebDAV extension
                • Add \"clear\" button in a library's trash
                • Support upload a folder in web interface when using Chrome
                • [fix] Improve small errors when upload files via Web interface
                • [fix] Fix moving/coping files when the select all file checkbox is checked
                "},{"location":"changelog/server-changelog-old/#316-20140911","title":"3.1.6 (2014.09.11)","text":"
                • [fix] Fix bug in uploading >1GB files via Web
                • [fix] Remove assert in Ccnet to avoid denial-of-service attack
                • Revert the work \"access token generated by FileServer can only be used once\" because this leads to several problems
                "},{"location":"changelog/server-changelog-old/#315-20140829","title":"3.1.5 (2014.08.29)","text":"
                • [fix] Fix multi-file upload in upload link and library page
                • [fix] Fix libreoffice file online view
                • Add 'back to top' for pdf file view.
                • [fix] Fix \"create sub-library\" button under some language
                • [fix popup] Fix bug in set single notice as read.
                "},{"location":"changelog/server-changelog-old/#314-20140826","title":"3.1.4 (2014.08.26)","text":"
                • [fix, security] Fix permission check for PDF full screen view
                • [fix] Fix copy/move multiple files in web
                • Improve UI for group reply notification
                • Improve seaf-fsck, seaf-fsck now can fix commit missing problem
                • [security improve] Access token generated by FileServer can only be used once.
                "},{"location":"changelog/server-changelog-old/#313-20140818","title":"3.1.3 (2014.08.18)","text":"
                • [fix] fix memory leak
                • [fix] fix a memory not initialized problem which may cause sync problem under heavy load.
                • [fix] fix creating personal wiki
                "},{"location":"changelog/server-changelog-old/#312-20140807","title":"3.1.2 (2014.08.07)","text":"
                • Use unix domain socket in ccnet to listen for local connections. This isolates the access to ccnet daemon for different users. Thanks to Kimmo Huoman and Henri Salo for reporting this issue.
                "},{"location":"changelog/server-changelog-old/#311-20140801","title":"3.1.1 (2014.08.01)","text":"
                • Add a bash wrapper for seafile-gc
                • [fix] fix listing libraries when some libraries are broken
                • Remove simplejson dependency
                • Update translations
                • Add \"Back to Top\" button in file view page
                • Improve page refreshing after uploading files
                "},{"location":"changelog/server-changelog-old/#310-20140724","title":"3.1.0 (2014.07.24)","text":"

                Syncing

                • Improve performance: easily syncing 10k+ files in a library.
                • Don't need to download files if they are moved to another directory.

                Platform

                • Rename HttpServer to FileServer to remove confusing.
                • Support log rotate
                • Delete old PID files when stop Seafile

                Web

                • Enable deleting of personal messages
                • Improved notification
                • Upgrade pdf.js
                • Password protection for sharing links
                • [admin] Create multi-users by uploading a CSV file
                • Sort libraries by name/date
                • Enable users to put an additional message when sending a sharing link
                • Expiring time for sharing links
                • [fix] Send notification to all users participating a group discussion
                • Redesigned file viewing page
                • Remove simplejson dependency
                • Disable the ability to make a group public by default (admin can turn it on in settings)
                "},{"location":"changelog/server-changelog-old/#30","title":"3.0","text":""},{"location":"changelog/server-changelog-old/#304-20140607","title":"3.0.4 (2014.06.07)","text":"
                • [api] Add replace if exist into upload-api
                • Show detailed error message when Gunicorn failed to start
                • Improve object and block writting performance
                • Add retry when failed getting database connection
                • [fix] Use hash value for avatar file names to avoid invalid file name
                • [fix] Add cache for repo_crypto.js to improve page speed
                • [fix] Show error message when change/reset password of LDAP users
                • [fix] Fix \"save to my library\" when viewing a shared file
                • [fix, api] Fix rename file names with non-ascii characters
                "},{"location":"changelog/server-changelog-old/#303","title":"3.0.3","text":"
                • [fix] Fix an UI bug in selecting multiple contacts in sending message
                • Library browser page: Loading contacts asynchronously to improve initial loading speed
                "},{"location":"changelog/server-changelog-old/#302","title":"3.0.2","text":"
                • [fix] Fix a bug in writing file metadata to disk, which causing \"file information missing error\" in clients.
                • [fix] Fix API for uploading files from iOS in an encrypted library.
                • [fix] Fix WebDAV
                • [fix] Fix API for getting groups messages containing multiple file attachments
                • [fix] Fix bug in HttpServer when file block is missing
                • [fix] Fix login error for some kind of Android
                "},{"location":"changelog/server-changelog-old/#301","title":"3.0.1","text":"
                • [fix] Fix showing bold/italic text in .seaf format
                • [fix] Fix UI problem when selecting contacts in personal message send form
                • [fix] Add nickname check and escape nickname to prevent XSS attack
                • [fix] Check validity of library name (only allow a valid directory name).
                "},{"location":"changelog/server-changelog-old/#300","title":"3.0.0","text":"

                Web

                • Lots of small improvements in UI
                • Translations
                • [fix] Handle loading avatar exceptions to avoid 500 error

                Platform

                • Use random salt and PBKDF2 algorithm to store users' password. (You need to manually upgrade the database if you using 3.0.0 beta2 with MySQL backend.)
                "},{"location":"changelog/server-changelog-old/#300-beta2","title":"3.0.0 beta2","text":"

                Web

                • Handle 413 error of file upload
                • Support cross library files copy/move
                • Fixed a few api errors

                Platform

                • Allow config httpserver bind address
                • [fix] Fix file ID calculation
                • Improved device (desktop and mobile clients) management
                • Add back webdav support
                • Add upgrade script
                "},{"location":"changelog/server-changelog-old/#300-beta","title":"3.0.0 beta","text":"

                Platform

                • Separate the storage of libraries
                • Record files' last modification time directly
                • Keep file timestamp during syncing
                • Allow changing password of an encrypted library

                Web

                • Redesigned UI
                • Improve page loading speed
                "},{"location":"changelog/server-changelog-old/#22","title":"2.2","text":""},{"location":"changelog/server-changelog-old/#221","title":"2.2.1","text":"
                • [fix] Fixed creation of admin account
                "},{"location":"changelog/server-changelog-old/#220","title":"2.2.0","text":"
                • Add more checking for the validity of users' Email
                • Use random salt and PBKDF2 algorithm to store users' password.
                "},{"location":"changelog/server-changelog-old/#21","title":"2.1","text":""},{"location":"changelog/server-changelog-old/#215","title":"2.1.5","text":"
                • Add correct mime types for mp4 files when downloading
                • [important] set correct file mode bit after uploading a file from web.
                • Show meaningful message instead of \"auto merged by system\" for file merges
                • Improve file history calculation for files which were renamed

                WebDAV

                • Return last modified time of files
                "},{"location":"changelog/server-changelog-old/#214","title":"2.1.4","text":"
                • [fix] Fix file share link download issue on some browsers.
                • [wiki] Enable create index for wiki.
                • Hide email address in avatar.
                • Show \"create library\" button on Organization page.
                • [fix] Further improve markdown filter to avoid XSS attack.
                "},{"location":"changelog/server-changelog-old/#213","title":"2.1.3","text":"
                • [api] Add more web APIs
                • Incorporate Viewer.js to display opendocument formats
                • [fix] Add user email validation to avoid SQL injection
                • [fix] Only allow <a>, <table>, <img> and a few other html elements in markdown to avoid XSS attack.
                • Return sub-libraries to the client when the feature is enabled.
                "},{"location":"changelog/server-changelog-old/#212","title":"2.1.2","text":"
                • [fix] Fixed a bug in update script
                "},{"location":"changelog/server-changelog-old/#211","title":"2.1.1","text":"
                • Allow the user to choose the expiration of the session when login
                • Change default session expiration age to 1 day
                • [fix] Fixed a bug of copying/moving files on web browsers
                • [fix] Don't allow script in markdown files to avoid XSS attacks
                • Disable online preview of SVG files to avoid potential XSS attacks
                • [custom] Support specify the width of height of custom LOGO
                • Upgrade scripts support MySQL databases now
                "},{"location":"changelog/server-changelog-old/#210","title":"2.1.0","text":"

                Platform

                • Added FUSE support, currently read-only
                • Added WebDAV support
                • A default library would be created for new users on first login to seahub

                Web

                • Redesigned Web UI
                • Redesigned notification module
                • Uploadable share links
                • [login] Added captcha to prevent brute force attack
                • [fix] Fixed a bug of \"trembling\" when scrolling file lists
                • [sub-library] User can choose whether to enable sub-library
                • Improved error messages when upload fails
                • Set default browser file upload size limit to unlimited

                Web for Admin

                • Improved admin UI
                • More flexible customization options
                • Online help is now bundled within Seahub
                "},{"location":"changelog/server-changelog-old/#20","title":"2.0","text":""},{"location":"changelog/server-changelog-old/#204","title":"2.0.4","text":"
                • [fix] set the utf8 charset when connecting to database
                • Getting users from both database and LDAP
                • [web] List all contacts when sharing libraries
                • [admin] List database and LDAP users in sysadmin
                "},{"location":"changelog/server-changelog-old/#203","title":"2.0.3","text":"
                • [fix] Speed up file syncing when there are lots of small files
                "},{"location":"changelog/server-changelog-old/#202","title":"2.0.2","text":"
                • [fix] Fix CIFS support.
                • [fix] Support special characters like '@' in MySQL password
                • [fix] Fix create library from desktop client when deploy Seafile with Apache.
                • [fix] Fix sql syntax error in ccnet.log, issue #400 (https://github.com/haiwen/seafile/issues/400).
                • [fix] Return organization libraries to the client.
                • Update French, German and Portuguese (Brazil) languages.
                "},{"location":"changelog/server-changelog-old/#201","title":"2.0.1","text":"
                • [fix] Fix a bug in sqlite3 upgrade script
                • Add Chinese translation
                "},{"location":"changelog/server-changelog-old/#200","title":"2.0.0","text":"

                Platform

                • New crypto scheme for encrypted libraries
                • A fsck utility for checking data integrity

                Web

                • Change owner of a library/group
                • Move/delete/copy multiple files
                • Automatically save draft during online editing
                • Add \"clear format\" to .seaf file online editing
                • Support user delete its own account
                • Hide Wiki module by default
                • Remove the concept of sub-library

                Web for Admin

                • Change owner of a library
                • Search user/library

                API

                • Add list/add/delete user API
                "},{"location":"changelog/server-changelog-old/#18","title":"1.8","text":""},{"location":"changelog/server-changelog-old/#185","title":"1.8.5","text":"
                • [bugfix] Fix \"can't input space\" bug in .seaf files
                • Add pagination for online file browsing
                "},{"location":"changelog/server-changelog-old/#183","title":"1.8.3","text":"
                • [bugfix] Fix bug in setup-seafile-mysql.sh
                • Make reset-admin script work for MySQL
                • Remove redundant log messages
                • Fixed bugs in web API
                "},{"location":"changelog/server-changelog-old/#182","title":"1.8.2","text":"
                • Add script for setting up MySQL
                • [bugfix] Fixed a bug when sharing a library to another user without sending HTTP_REFERER
                "},{"location":"changelog/server-changelog-old/#181","title":"1.8.1","text":"
                • [bugfix] Fixed a bug when generating shared link
                "},{"location":"changelog/server-changelog-old/#180","title":"1.8.0","text":"

                Web

                • Improve online file browsing and uploading
                • Redesigned interface
                • Use ajax for file operations
                • Support selecting of multiple files in uploading
                • Support drag/drop in uploading
                • Improve file syncing and sharing
                • Syncing and sharing a sub-directory of an existing library.
                • Directly sharing files between two users (instead of generating public links)
                • User can save shared files to one's own library
                • [wiki] Add frame and max-width to images
                • Use 127.0.0.1 to read files (markdown, txt, pdf) in file preview
                • [bugfix] Fix pagination in library snapshot page
                • Set the max length of message reply from 128 characters to 2000 characters.
                • Improved performance for home page and group page
                • [admin] Add administration of public links

                API

                • Add creating/deleting library API

                Platform

                • Improve HTTPS support, now HTTPS reverse proxy is the recommend way.
                • Add LDAP filter and multiple DN
                • Case insensitive login
                • Move log files to a single directory
                • [security] Add salt when saving user's password
                • [bugfix] Fix a bug in handling client connection
                "},{"location":"changelog/server-changelog-old/#17","title":"1.7","text":""},{"location":"changelog/server-changelog-old/#1702-for-linux-32-bit","title":"1.7.0.2 for Linux 32 bit","text":"
                • [bugfix] Fix \"Page Unavailable\" when view doc/docx/ppt.
                "},{"location":"changelog/server-changelog-old/#1701-for-linux-32-bit","title":"1.7.0.1 for Linux 32 bit","text":"
                • [bugfix] Fix PostgreSQL support.
                "},{"location":"changelog/server-changelog-old/#170","title":"1.7.0","text":"

                Web

                • Upgrade to Django 1.5
                • Add personal messaging
                • Support cloud_mode to hide the \"organization\" tab
                • Support listing/revoking syncing clients
                • [bugfix] Fix a bug in Markdown undo/redo
                • [pro-edition] Searching in a library
                • [pro-edition] Redesign file activities
                • [pro-edition] Redesign doc/ppt/pdf preview with pdf2htmlEX

                Daemon

                • Support PostgreSQL
                • [bugfix] fix bugs in GC
                "},{"location":"changelog/server-changelog-old/#16","title":"1.6","text":""},{"location":"changelog/server-changelog-old/#161","title":"1.6.1","text":"

                Web

                • [bugfix] Fix showing personal Wiki under French translation
                • [bugfix] Fix showing markdown tables in Wiki
                • [bugfix] Fixed wiki link parsing bug when page alias contains dot.
                • Disable sharing link for encrypted libraries
                • [admin] improved user-add, set/revoke admin, user-delete

                Daemon

                • [controller] Add monitor for httpserver
                "},{"location":"changelog/server-changelog-old/#160","title":"1.6.0","text":"

                Web

                • Separate group functions into Library/Discuss/Wiki tabs
                • Redesign Discussion module
                • Add Wiki module
                • Improve icons
                • Can make a group public
                • [editing] Add toolbar and help page for Markdown files
                • [editing] A stable rich document editor for .seaf files
                • [bugfix] Keep encryption property when change library name/desc.

                For Admin

                • Add --dry-run option to seafserv-gc.
                • Support customize seafile-data location in seafile-admin
                • Do not echo the admin password when setting up Seafile server
                • seahub/seafile no longer check each other in start/stop scripts

                API

                • Show file modification time
                • Add update file API
                "},{"location":"changelog/server-changelog-old/#15","title":"1.5","text":""},{"location":"changelog/server-changelog-old/#152","title":"1.5.2","text":"
                • [daemon] Fix problem in DNS lookup for LDAP server
                "},{"location":"changelog/server-changelog-old/#151","title":"1.5.1","text":"
                • [web] Fix password reset bug in Seafile Web
                • [daemon] Fix memory leaks in Seafile server
                "},{"location":"changelog/server-changelog-old/#150","title":"1.5.0","text":"

                Seafile Web

                • Video/Audio playback with MediaElement.js (Contributed by Phillip Thelen)
                • Edit library title/description
                • Public Info & Public Library page are combined into one
                • Support selection of file encoding when viewing online
                • Improved online picture view (Switch to prev/next picture with keyboard)
                • Fixed a bug when doing diff for a newly created file.
                • Sort starred files by last-modification time.

                Seafile Daemon

                • Fixed bugs for using httpserver under https
                • Fixed performance bug when checking client's credential during sync.
                • LDAP support
                • Enable setting of the size of the thread pool.

                API

                • Add listing of shared libraries
                • Add unsharing of a library.
                "},{"location":"changelog/server-changelog/","title":"Seafile Server Changelog","text":"

                You can check Seafile release table to find the lifetime of each release and current supported OS: https://cloud.seatable.io/dtable/external-links/a85d4221e41344c19566/?tid=0000&vid=0000

                "},{"location":"changelog/server-changelog/#110","title":"11.0","text":"

                Upgrade

                Please check our document for how to upgrade to 11.0

                "},{"location":"changelog/server-changelog/#11012-2024-08-14","title":"11.0.12 (2024-08-14)","text":"
                • Update translations
                "},{"location":"changelog/server-changelog/#11011-2024-08-07","title":"11.0.11 (2024-08-07)","text":"
                • [fix] [important] Fix a security bug in WebDAV
                "},{"location":"changelog/server-changelog/#11010-2024-08-06","title":"11.0.10 (2024-08-06)","text":"

                Seafile

                • [fix] Use user's name in reset password email instead of internal ID
                • [fix] Fix SeaDoc incompatible with go fileserver
                • [fix] Fix invited guest cannot be revoke
                • [fix] Fix keyerror when using backup code in two-factor auth
                • [fix] Do not print warning in seaf-server.log when a LDAP user login
                "},{"location":"changelog/server-changelog/#1109-2024-05-30","title":"11.0.9 (2024-05-30)","text":"

                Seafile

                • Improve accessibility
                • Support open ODG files with LibreOffice (Collabora Online)
                • Support showing last modified time for folders in WebDAV
                • [fix] Fix \"remember me\" in 2FA

                SDoc editor 0.8

                • Support automatically adjusting table width to fit page width
                • Improve comments feature
                • Improve documents shown on mobile
                • More UI fixes and improvements
                "},{"location":"changelog/server-changelog/#1108-2024-04-22","title":"11.0.8 (2024-04-22)","text":"
                • Fix a bug in generating sharing links
                "},{"location":"changelog/server-changelog/#1107-2024-04-18","title":"11.0.7 (2024-04-18)","text":"

                Seafile

                • Support log rotate for golang file server and notification server
                • Update UI for upload link
                • Support OnlyOffice version feature
                • Show files' original path in the trash

                SDoc editor 0.7

                • Improve file comment feature
                • Improve file diff showing
                • Support print a document
                • Improve table editing
                "},{"location":"changelog/server-changelog/#1106-2024-03-14","title":"11.0.6 (2024-03-14)","text":"

                Seafile

                • Fix column view is limited to 100 items
                • Fix LDAP user login for WebDAV
                • Remove the configuration item \"ENABLE_FILE_COMMENT\" as it is no longer needed
                • Enable copy/move files between encrypted and non-encrypted libraries
                • Forbid creating libraries with Emoji in name
                • Fix some letters in the file name do not fit in height in some dialogs
                • Some other UI fixes and improvements
                • Fix a performance issue in sending file updates report

                SDoc editor 0.6

                • Support convert docx file to sdoc file
                • Support Markdown format in comments
                • Support drag rows/columns in table element and other improvements for table elements
                • Other UI fixes and improvements
                "},{"location":"changelog/server-changelog/#1105-2024-01-31","title":"11.0.5 (2024-01-31)","text":"

                Seafile

                • Fix captcha showing issue
                "},{"location":"changelog/server-changelog/#1104-2024-01-26","title":"11.0.4 (2024-01-26)","text":"

                Seafile

                • Add move dir/file, copy dir/file, delete dir/file, rename dir/file APIs for library token based API
                • Support preview of JFIF image format
                • Use user's current language when create Office files in OnlyOffice
                • More UI fixes and improvements

                SDoc editor 0.5

                • Support convert sdoc to docx format
                • Improve UX for internal document linking
                • Support icons in callout element
                • Add Search/Replace feature
                • More UI fixes and improvements
                "},{"location":"changelog/server-changelog/#1103-2023-12-19","title":"11.0.3 (2023-12-19)","text":"

                Seafile

                • Use file type icon as favicon for file preview pages
                • More UI fixes and improvements
                • [fix] seafdav.conf workers parameters does not to be used

                SDoc editor 0.4

                • Add templates with predefined stypes for tables
                • Support combining table cells
                • Add callout element
                • Support drag and drop elements
                • Improve file comments
                • Improve file history display by grouping history items
                • More UI fixes and improvements
                "},{"location":"changelog/server-changelog/#1102-2023-11-20","title":"11.0.2 (2023-11-20)","text":"

                Seafile

                • Update folder icon
                • The activities page support filter records based on modifiers
                • Add indicator for folders that has been shared out
                • Some small UI fixes
                • [fix] Fix some small bugs in golang file server
                • [fix] Fix LDAP users cannot login via desktop client
                • Add login ID field when exporting users in admin panel

                SDoc editor 0.3

                • Improved file comment feature
                • Improved revision and review feature
                • Support file tags
                • Better support editing list/table/code/image element
                • Support getting link for header element
                "},{"location":"changelog/server-changelog/#1101-beta-2023-10-18","title":"11.0.1 beta (2023-10-18)","text":"

                Seafile

                • Improve UI of notifications dialog
                • Improve UI of dropdown menus for libraries and files
                • Improve UI for file tags
                • Remove file comment features as they are used very little

                SDoc editor 0.2

                • All major elements like tables, lists are now supported
                • The editor is basically stable to use. Everyone is welcome to try it out.
                "},{"location":"changelog/server-changelog/#1100-beta-cancelled","title":"11.0.0 beta (cancelled)","text":"
                • Use a virtual ID to identify a user
                • LDAP login update
                • SAML/Shibboleth/OAuth login update
                • Update Django to version 4.2
                • Update SQLAlchemy to version 2.x
                • Improve UI of PDF view page
                • Add seafevents component
                "},{"location":"changelog/server-changelog/#100","title":"10.0","text":"

                Upgrade

                Please check our document for how to upgrade to 10.0.

                "},{"location":"changelog/server-changelog/#1001-2023-04-11","title":"10.0.1 (2023-04-11)","text":"
                • Support generating multiple share links for a file and a folder
                • [fix] Fix a bug in golang file server when zip-downloading a folder in encrypted library
                • [fix] Fix a bug in upgrading script when there is no configuration for Nginx
                • Video player support changing playback speed
                • [fix] Fix a few bugs in notification server
                "},{"location":"changelog/server-changelog/#1000-beta-2023-02-22","title":"10.0.0 beta (2023-02-22)","text":"
                • Update Python dependencies and support Ubuntu 22.04 and Debian 11
                • Add a new notification server (document will be provided later)
                • Update WebDAV password to use one-way hash
                • Remove SQL sub queries to improve SQL query speed in seaf-server
                • Show number of shared users/groups if any when deleting a folder
                • Support online playing of .wav files
                "},{"location":"changelog/server-changelog/#90","title":"9.0","text":""},{"location":"changelog/server-changelog/#9010-2022-12-07","title":"9.0.10 (2022-12-07)","text":"
                • Admin list all users API now return last_login and last_access_time
                • [fix] Fix a bug in displaying markdown file in sharing link
                • [fix] Fix notification mails are sent to inactive users
                • [fix] Fix viewing a file in an old snapshot leads to server hickup
                • [fix] Fix an HTTP/500 \"Internal server error\" when the user sets password containing non-latin characters for sharing links
                • [fix] Fix \"document convertion failed\u201d error visiting a shared document with preview only
                • [fix] Fix memory leak when block cache is enabled
                • Enable 'zoom in/out by pinch' for mobile in pdf file view page
                • [fix] Prevent system admin creating libraries with invalid name in admin panel
                • Improve performance in golang file server
                "},{"location":"changelog/server-changelog/#909-2022-09-22","title":"9.0.9 (2022-09-22)","text":"
                • [fix] Fix a memory leak problem
                • [fix] Fix a bug that will lead to seaf-fsck crash
                • [fix] Fix a stored XSS problem for library names
                • [fix] Disable open a file in OnlyOffice for encrypted libraries when open from trash
                "},{"location":"changelog/server-changelog/#908-2022-09-07","title":"9.0.8 (2022-09-07)","text":"
                • [fix] Fix a UI bug in sending sharing link by email
                • [fix] Markdown editor does not properly filter javscript URIs from the href attribute, which results in stored XSS
                • [fix] Fix a bug in OCM sharing
                • [fix] Fix a bug in un-linking a device in admin panel
                • [fix] Adding URL security check in /accounts/login redirect by ?next= parameter
                "},{"location":"changelog/server-changelog/#907-2022-08-10","title":"9.0.7 (2022-08-10)","text":"

                Note: included lxml library is removed for some compatiblity reason. The library is used in published libraries feature and WebDAV feature. You need to install lxml manually after upgrade to 9.0.7. Use command pip3 install lxml to install it.

                • A page in published libraries is rendered at the server side to improve loading speed.
                • Upgrade Django from 3.2.6 to 3.2.14
                • Fix a bug in collaboration notice sending via email to users' contact email
                • Support OnlyOffice oform/docxf files
                • Improve user search when sharing a library
                • Admin panel support searching a library via ID prefix
                • [fix] Fix preview PSD images
                • [fix] Fix a bug that office files can't be opened in sharing links via OnlyOffice
                • [fix] Go fileserver: Folder or File is not deletable when there is a spurious utf-8 char inside the filename
                "},{"location":"changelog/server-changelog/#906-2022-06-22","title":"9.0.6 (2022-06-22)","text":"
                • Show table of contents in Markdown sharing link
                • Check if quota exceeded before file uploading in upload sharing link
                • Support import group member via contact email
                "},{"location":"changelog/server-changelog/#905-2022-05-13","title":"9.0.5 (2022-05-13)","text":"
                • [fix] Fix a bug that sometimes a shared subfolder is unshared automatically by database access error
                • [fix] Fix a bug in work with Python 3.10+
                • [fix] Fix a bug in smart link redict to the file page
                • [fix] Fix a UI bug when drag and drop a file
                • [fix] Fix zip downloading a folder not having .zip suffix when using golang file server
                • Improve UI for file tags
                • Show file tags in sharing links
                • Improve UI of file comments
                • [fix] Fix permission check in deleting/editing a file comment
                • Remove the feature of related files as it is not used
                • Support editing of expire time for sharing links
                • Improve SQL performance when deleting a library
                • Show ISO date and time in file history page instead of showing relative time
                • Add \"Visit related snapshot\" in the dropdown menu of an entry in file history
                "},{"location":"changelog/server-changelog/#904-2022-02-21","title":"9.0.4 (2022-02-21)","text":"
                • [fix] Fix a UI bug in file moving/copying dialog
                • Support admin enforcing a strong password in WebDAV secret
                • [fix] Fix WebDAV error while filename contains special chars
                "},{"location":"changelog/server-changelog/#903-2022-02-15","title":"9.0.3 (2022-02-15)","text":"
                • Enable deleting fs objects in GC
                • Users can save files or folders in shared folder link to their own libraries
                • [fix] Fix language in calendar UI component used when picking date in sharing dialog
                • [fix] Fix markdown file print
                • Improve UI of file moving/copying dialog to show folders with long names
                • Expand to the current folder when open file moving/copying dialog
                • [fix] Fix a bug in golang file server log rotate support
                • [fix] Fix a bug in folder download-link and try to download files/folders as zip using golang file server
                • Show current number of shared users and groups when deleting a library
                • [fix] Fix support for customizing of favicon
                • [fix] Fix printing support of Markdown file
                • [fix] Fix zip-downloading in sharing links when golang file server is used
                "},{"location":"changelog/server-changelog/#902-2021-12-10","title":"9.0.2 (2021-12-10)","text":"
                • Fix OnlyOffice/Collabora integration when golang http server
                • Enable showing password for encrypted sharing links
                "},{"location":"changelog/server-changelog/#901-beta-2021-11-20","title":"9.0.1 beta (2021-11-20)","text":"
                • Fix OnlyOffice integration
                "},{"location":"changelog/server-changelog/#900-beta-2021-11-11","title":"9.0.0 beta (2021-11-11)","text":"
                • Upgrade Django to 3.2
                • Rewrite HTTP service in seaf-server with golang and move it to a separate component (turn off by default)
                • Upgrade PDFjs to new version, support viewing of password protected PDF
                • Use database to store OnlyOffice cache keys
                • Supporting converting files like doc to docx using OnlyOffice for online editing
                • Move SERVICE_URL configuration from ccnet.conf to seahub_settings.py

                The new file-server written in golang serves HTTP requests to upload/download/sync files. It provides three advantages:

                • The performance is better in a high-concurrency environment and it can handle long requests. Now you can sync libraries with large number of files.
                • Now file zipping and downloading can be done simutaneously. When zip downloading a folder, you don't need to wait until zip is done.
                • Support rate control for file uploading and downloading.

                You can turn golang file-server on by adding following configuration in seafile.conf

                [fileserver]\nuse_go_fileserver = true\n
                "},{"location":"changelog/server-changelog/#80","title":"8.0","text":"

                Please check our document for how to upgrade to 8.0.

                "},{"location":"changelog/server-changelog/#808-20211206","title":"8.0.8 (2021/12/06)","text":"
                • [fix] Fix a security issue in token check in file syncing
                • [fix] Fix URL encoding problem when view a file's history for files with special characters in file name.
                "},{"location":"changelog/server-changelog/#807-20210809","title":"8.0.7 (2021/08/09)","text":"
                • Improve performance for listing deleted files in trash
                • [fix] Fix FORCE_PASSWORD_CHANGE does not force the new user to change the password if the user is added by admin
                • [fix] Fix setting a webdav password when 2FA enabled
                • [fix] Fix search in a shared sub-folder
                • [fix] Remove watermark shown in Collabora integration
                "},{"location":"changelog/server-changelog/#806-20210714","title":"8.0.6 (2021/07/14)","text":"
                • [fix] Fix a cache problem in OnlyOffice integration when automatically saving is used
                • Admin can delete devices in the admin panel
                • [fix] Once a user quota have been set, I can not set it back to 0 (unlimited)
                • [fix] Fix collabora integration
                • User's can manage his/her Web API Auth Token in profile page
                • A group admin can now leave a group
                • [fix] Fix Lazy loading / pagination breaks image viewer (https://forum.seafile.com/t/lazy-loading-pagination-breaks-image-viewer/14655)
                "},{"location":"changelog/server-changelog/#805-20210514","title":"8.0.5 (2021/05/14)","text":"
                • Add \"Open via Client\" button in file view page
                • Add an admin API to change a user's email
                • [fix] Fix a bug in seaf-gc
                • [fix] Fix wrong links of files in library history details dialog
                • [fix] Fix deleting libraries without owner in admin panel
                • [fix] Fix a XSS problem in notification
                • [fix] Fix JWT token support in OnlyOffice integration
                • [fix] Fix sometimes webdav cache files are not cleaned
                "},{"location":"changelog/server-changelog/#804-20210325","title":"8.0.4 (2021/03/25)","text":"
                • [fix] Fix a permission denial problem in OCM, if a library is shared to more than two users in another server
                • [fix] Fix a bug in password protected upload link
                • [fix] Fix running seafile-controller with \"seafile-controller -t\"
                • [fix] Fix user search in \"Transfering a library\" dialog
                • Add \"Open via Client\" button in file view page
                • Add an admin API to change a user's email
                "},{"location":"changelog/server-changelog/#803-20210127","title":"8.0.3 (2021/01/27)","text":"
                • Users can use secret key to access WebDAV after enabling two-factor authentication
                • Fix fuse
                • Fix navigation side panel in public library on mobile
                • Improve UI of file search
                • Add QR code for sharing links
                • Fix OnlyOffice integration when JWT is enabled
                "},{"location":"changelog/server-changelog/#802-20210104","title":"8.0.2 (2021/01/04)","text":"
                • Fix LDAP problem
                • Fix upgrade script
                "},{"location":"changelog/server-changelog/#801-beta-20210104","title":"8.0.1 beta (2021/01/04)","text":"
                • Update translations for help pages
                • Add missing upgrade script
                • Add open cloud mesh feature
                "},{"location":"changelog/server-changelog/#800-beta-20201127","title":"8.0.0 beta (2020/11/27)","text":"
                • Support searching file in a library
                • Rewrite upload link page to use React technology
                • Improve GC performance
                • Upgrade Django to 2.2 version
                • Remove ccnet-server component
                • Update help page
                • Release v4 encrypted library format to enhance security for v3 encrypted format
                "},{"location":"changelog/server-changelog/#71","title":"7.1","text":"

                Feature changes

                Progresql support is dropped as we have rewritten the database access code to remove copyright issue.

                Upgrade

                Please check our document for how to upgrade to 7.1.

                "},{"location":"changelog/server-changelog/#715-20200922","title":"7.1.5 (2020/09/22)","text":"
                • [fix] Fix a bug in returned group library permission for SeaDrive client
                • [fix] Fix files preview using OnlyOffice in public shared links
                • Support pagination when listing libraries in a group
                • Update wsgidav used in WebDAV
                • [fix] Fix WebDAV failed login via WebDAV secret
                • [fix] Fix WebDAV error if a file is moved immediately after uploading
                • Remove redundent logs in seafile.log
                • [fix] Fix \"save to...\" in share link
                • Add an option to show a user's email in sharing dialog (ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER)
                • Add database connection pool to reduce database connection usage
                • Enable generating internal links for files in an encrypted library
                • Support setting the expire date time of a share link to a specific date time
                • GC add --id-prefix option to scan a specific range of libraries
                • fsck add an option to not check block integrity to speed up scanning
                • [fix] ccnet no longer listen on port 10001
                "},{"location":"changelog/server-changelog/#714-20200519","title":"7.1.4 (2020/05/19)","text":"
                • [fix] Fix page error in \"System Admin-> Users -> A User -> Groups\"
                • [fix] Fix listing LDAP imported users when number of users is greater than 500
                • Support selecting and downloading multiple files in a sharing link
                • Show share link expiration time in system admin
                • [fix] Fix file download links in public libraries
                • Other UI fixes
                "},{"location":"changelog/server-changelog/#713-20200326","title":"7.1.3 (2020/03/26)","text":"
                • Support sort libraries by size and number of files in admin panel
                • Support sort users by used storage in admin panel
                • [fix] Fix Markdown print for markdown with more than 1 page
                • Other UI fixes
                "},{"location":"changelog/server-changelog/#712-beta-20200305","title":"7.1.2 beta (2020/03/05)","text":"
                • [fix] Fix HTTP/2 support
                • Markdown page can now be printed using browser's \"Print...\"
                • Add zoom buttons for PDF page
                • Add sort function to directory share link page
                • Add support for JSON web tokens in OnlyOffice integration
                • UI improvements for pages in admin panel
                "},{"location":"changelog/server-changelog/#711-beta-20191223","title":"7.1.1 beta (2019/12/23)","text":"
                • [fix] Fix Gunicorn warning
                • [fix] Fix SQLite upgrade script
                • [fix] Fix Seahub can't started problem on Debian 10
                • [fix] For for Excel and PPT, the default fonts are Chinese font sets.
                • Some other UI fixes and improvements
                "},{"location":"changelog/server-changelog/#710-beta-20191205","title":"7.1.0 beta (2019/12/05)","text":"
                • Rewrite the system admin pages with React
                • Upgrade to Python3
                • Add library API Token, you can now generate API tokens for a library and use them in third party programs.
                • Add a feature abuse report for reporting abuse for download links.
                "},{"location":"changelog/server-changelog/#70","title":"7.0","text":"

                Feature changes

                In version 6.3, users can create public or private Wikis. In version 7.0, private Wikis is replaced by column mode view. Every library has a column mode view. So users don't need to explicitly create private Wikis.

                Public Wikis are now renamed to published libraries.

                Upgrade

                Just follow our document on major version upgrade. No special steps are needed.

                "},{"location":"changelog/server-changelog/#705-20190923","title":"7.0.5 (2019/09/23)","text":"
                • [fix] Fix '\\n' in system wide notification will lead to blank page
                • [fix] Remove all metadata in docx template
                • [fix] Fix redirection after login
                • [fix] Fix group order is not alphabetic
                • [fix] Fix download button in sharing link
                • Mobile UI Improvement (Now all major pages can be used in Mobile smoothly)
                • Add notification when a user try to leave a page during file transfer
                • Add UI waiting notification when resetting a user's password in admin panel
                • Add generating internal link (smart-link) for folders
                • [fix] Fix file drag and drop in IE and Firefox
                • Improve UI for file uploading, support re-upload after error
                • [fix] Fix devices login via Shibboleth not show in devices list
                • Support of OnlyOffice auto-save option
                • [fix] Fix zip download when user selecting a long list of files
                • Other UI fixes
                "},{"location":"changelog/server-changelog/#704-20190726","title":"7.0.4 (2019/07/26)","text":"
                • Fix avatar problem when deployed under non-root domain
                • Add get internal link in share dialog
                • Fix newly created DOCX files are not empty and have a Chinese font set as default font
                • Fix system does not send email to new user when adding new user in system admin
                • Fix thumbnail for TIFF files
                • Fix direct download link for sharing links
                "},{"location":"changelog/server-changelog/#703-20190705","title":"7.0.3 (2019/07/05)","text":"
                • UI Improvements and fixes
                • Fix file upload button with Safari, IE edge
                • Fix compatibility with \"Open library in web\" from the old version desktop client
                • Support \".\" in group name
                • Add back \"send link\" for upload links
                • Add back grid view for folder sharing links
                • Fix preview for PSD, TIFF files
                • Fix deleting of favorate items when they are shared items but the sharing are revoked
                • Fix avatar broken problem when using a non-stardard port
                • Fix resumable file uploading
                "},{"location":"changelog/server-changelog/#702-20190613","title":"7.0.2 (2019/06/13)","text":"
                • UI fixes
                • Support index.md in published library
                • Fix IE Edge support
                "},{"location":"changelog/server-changelog/#701-beta-20190531","title":"7.0.1 beta (2019/05/31)","text":"
                • [fix] Fix database upgrade problem
                • [fix] Fix WebDAV can't be started
                • [fix] Some UI fixes
                "},{"location":"changelog/server-changelog/#700-beta-20190523","title":"7.0.0 beta (2019/05/23)","text":"
                • Upgraded Web UI with React framework. The look and feel of the new UI is much better.
                • Improved Markdown editor
                • Add columns view mode (tree view like in the Windows Explorer)
                • Add context menu to manipulate files
                • Move files via drag and drop
                • Redesigned file tags
                • Support editing share link permission after creating a link
                "},{"location":"changelog/server-changelog/#63","title":"6.3","text":"

                In version 6.3, Django is upgraded to version 1.11. Django 1.8, which is used in version 6.2, is deprecated in 2018 April.

                With this upgrade, the fast-cgi mode is no longer supported. You need to config Seafile behind Nginx/Apache in WSGI mode.

                The way to run Seahub in another port is also changed. You need to modify the configuration file conf/gunicorn.conf instead of running ./seahub.sh start <another-port>.

                Version 6.3 also changed the database table for file comments, if you have used this feature, you need migrate old file comments using the following commends after upgrading to 6.3:

                ./seahub.sh python-env seahub/manage.py migrate_file_comment\n

                Note, this command should be run while Seafile server is running.

                "},{"location":"changelog/server-changelog/#634-20180915","title":"6.3.4 (2018/09/15)","text":"
                • [fix] Fix a security issue in Shibboleth authentication
                • [fix] Fix sometimes Web UI will not autoload a >100 item directory view
                "},{"location":"changelog/server-changelog/#633-20180907","title":"6.3.3 (2018/09/07)","text":"
                • Add generating of internal links
                • Support copy a file to its own parent folder, creating a file with a suffix like test-1.docx
                • Support setting the language list
                • Redirect '/shib-login' to '/sso'
                • Change \"Unknown error\" to \"network error\" when uploading failed caused by network error
                • [fix] Fix groups not shown in system admin panel
                • Support files be manually saved in OnlyOffice
                • Improve performance when getting users quota usage
                • Improve Markdown editor
                • The new Wiki feature is ready
                • Update Django to 1.11.11
                "},{"location":"changelog/server-changelog/#632-20180709","title":"6.3.2 (2018/07/09)","text":"
                • [fix] Fix error when public wiki be viewed by anonymous users
                • Remove department field in users' profile page
                • [fix] Print warning instead of exit when there are errors in database table upgrade
                • [fix] Send notification to the upload link creator after there are files uploaded
                • [fix] Fix customize css via \"custom/custom.css\"
                • [api] return the last modifier in file detail API
                • [fix] Fix ZIP download can't work in some languages
                "},{"location":"changelog/server-changelog/#631-20180624","title":"6.3.1 (2018/06/24)","text":"
                • Allow fullscreen presentation when view ppt(x) file via CollaboraOffice.
                • Support mobile UI style when view file via OnlyOffice.
                • Some UI improvement.
                • Show terms and condition link if terms and condition is enabled
                • [fix] Update OnlyOffice callback func (save file when status is 6).
                • [fix] Show library\u2019s first commit\u2019s desc on library history page.
                • [fix] Check if is an deleted library when admin restore a deleted library.
                • [fix] Removed dead 'quota doc' link on user info popup.
                • [fix] Fix bug of OnlyOffice file co-authoring.
                • [api] Add starred field to file detail api.
                • Use ID instead of email on sysadmin user page.
                • [fix] Fix database upgrade problems
                • [fix] Fix support for sqlite3
                • [fix] Fix crash when seaf-fsck, seaf-gc receive wrong arguments
                "},{"location":"changelog/server-changelog/#630-beta-20180526","title":"6.3.0 beta (2018/05/26)","text":"
                • UI Improvements: moving buttons to top bar, improve scrolling in file/library list
                • Update Django to 1.11, remove fast-cgi support
                • Update jQuery to version 3.3.1
                • Update pdf.js
                • Add invite people link to share dialog if the feature is enabled
                • Remove login log after delete a user
                • [admin] Support customize site title, site name, CSS via Web UI
                • [beta] Wiki, users can create public wikis
                • Add an option to define the listening address for WSGI mode
                • [fix] Fix a bug that causing seaf-fsck crash
                • [fix] Fix support for uploading folder via \u2018Cloud file browser\u2019
                • [fix] Cancel Zip download task at the server side when user close zip download dialog
                • Other fixes
                "},{"location":"changelog/server-changelog/#62","title":"6.2","text":"

                From 6.2, It is recommended to use WSGI mode for communication between Seahub and Nginx/Apache. Two steps are needed if you'd like to switch to WSGI mode:

                1. Change the config file of Nginx/Apache.
                2. Restart Seahub with ./seahub.sh start instead of ./seahub.sh start-fastcgi

                The configuration of Nginx is as following:

                location / {\n         proxy_pass         http://127.0.0.1:8000;\n         proxy_set_header   Host $host;\n         proxy_set_header   X-Real-IP $remote_addr;\n         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n         proxy_set_header   X-Forwarded-Host $server_name;\n         proxy_read_timeout  1200s;\n\n         # used for view/edit office file via Office Online Server\n         client_max_body_size 0;\n\n         access_log      /var/log/nginx/seahub.access.log;\n         error_log       /var/log/nginx/seahub.error.log;\n    }\n

                The configuration of Apache is as following:

                    # seahub\n    SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n    ProxyPass / http://127.0.0.1:8000/\n    ProxyPassReverse / http://127.0.0.1:8000/\n
                "},{"location":"changelog/server-changelog/#625-20180123","title":"6.2.5 (2018/01/23)","text":"
                • [fix] Fix OAuth bug
                • [fix] Improve the performance of returning a user's all group libraries
                • [new] Support customize the list of groups that a user can see when sharing a library
                "},{"location":"changelog/server-changelog/#624-20180116","title":"6.2.4 (2018/01/16)","text":"
                • [new] Add the feature \"remember this device\" after two-factor authentication
                • [new] Add option to notify the admin after new user registration (NOTIFY_ADMIN_AFTER_REGISTRATION)
                • [fix] Fix a bug in modify permission for a a shared sub-folder
                • [fix] Fix support for PostgreSQL
                • [fix] Fix a bug in SQLite database support
                • [fix] Fix support for uploading 500+ files via web interface (caused by API rate throttle)
                • [improve, ui] Add transition to show/hide of feedback messages.
                • [improve] Improve performance of file history page.
                • [improve] Show two file history records at least.
                • [fix] show shared sub-folders when copy/move file/folder to \u201cOther Libraries\u201d.
                • [fix] Remove the white edge of webpage when previewing file via OnlyOffice.
                • [fix] Don\u2019t check if user exists when deleting a group member in admin panel.
                • [fix, oauth] Don\u2019t overwrite public registration settings when login a nonexistent user.
                • Other UI improvements.
                "},{"location":"changelog/server-changelog/#623-20171115","title":"6.2.3 (2017/11/15)","text":"
                • Support OAuth.
                • WSGI uses 5 processors by default instead of 3 processors each with 5 threads
                • [share] Add \"click to select\" feature for download/upload links.
                • [admin] Show/edit contact email in admin panel.
                • [admin] Show upload links in admin panel.
                • [fix] Fix Shibboleth login redirection issue, see https://forum.seafile.com/t/shared-links-via-shibboleth/4067/19
                • [fix] In some case failed to unshare a folder.
                • [fix] LDAP search issue.
                • [fix] Fix Safari downloaded file names are encoded like 'test-%2F%4B.doc' if it contains special characters.
                • [fix] Disable client encrypt library creation when creating encrypt library is disabled on server.
                "},{"location":"changelog/server-changelog/#622-20170925","title":"6.2.2 (2017/09/25)","text":"
                • [fix] Fix register button can't be clicked in login page
                • [fix] Fix login_success field not exist in sysadmin_extra_userloginlog
                "},{"location":"changelog/server-changelog/#621-20170922","title":"6.2.1 (2017/09/22)","text":"
                • [fix] Fix upgrade script for SQLite database
                • Add Czech language
                • [ui] Move password setting to a separate section
                • [ui] Add divider to file operation menu
                • [ui] Use high DPI icon in favorites page
                • [ui] Focus on password fields by default
                • [ui] Show feedback message when restore a library to a snapshot
                • [fix] Don't import settings in seafile.conf to database
                "},{"location":"changelog/server-changelog/#620-beta-20170914","title":"6.2.0 beta (2017/09/14)","text":"
                • Redesign login page, adding a background image.
                • Add two factor authentication
                • Clean the list of languages
                • Add the ability of tagging a snapshot of a library (Use ENABLE_REPO_SNAPSHOT_LABEL = True to turn the feature on)
                • [admin] Add an option to enable users to share a library to any groups in the system.
                • Use WSGI as the default mode for deploying Seahub.
                • Add a field Reference ID to support changing users primary ID in Shibboleth or LDAP
                • Improved performance of loading library list
                • Support adding a custom user search function (https://github.com/haiwen/seafile-docs/commit/115f5d85cdab7dc272da81bcc8e8c9b91d85506e)
                • Other small UI improvements
                "},{"location":"changelog/server-changelog/#61","title":"6.1","text":"

                If you upgrade from 6.0 and you'd like to use the feature video thumbnail, you need to install ffmpeg package:

                # for ubuntu 16.04\napt-get install ffmpeg\npip install pillow moviepy\n\n# for Centos 7\nyum -y install epel-release\nrpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro\nyum -y install ffmpeg ffmpeg-devel\npip install pillow moviepy\n
                "},{"location":"changelog/server-changelog/#612-20170815","title":"6.1.2 (2017.08.15)","text":"
                • Use user's language as lang setting for OnlyOffice
                • Improve performance for getting user\u2019s unread messages
                • Fix error when uploading files to system default library template
                • Users can restore their own deleted libraries
                • Improve performance when move or copy multiple files/folders
                • Add \u201cdetails\u201d for libraries, folders and files to show information like how many files in a library/folder
                • [fix] Fix a bug in seaf-gc
                • [fix, api] Fix a bug in creating folder API
                • [admin] Improve performance in getting total file number, used space and total number of devices
                • [fix] Fix MySQL connection pool in Ccnet
                "},{"location":"changelog/server-changelog/#611-20170615","title":"6.1.1 (2017.06.15)","text":"
                • Disable thumbnail for video files in default
                • Enable fixing the email for share link to be fixed in certain language (option SHARE_LINK_EMAIL_LANGUAGE in seahub_setting.py). So admin can force the language for a email of a share link to be always in English, regardless of what language the sender is using.
                • The language of the interface of CollaboraOffice/OnlyOffice will be determined by the language of the current user.
                • Display the correct image thumbnails in favorites instead of the generic one
                • Enable set favicon and logo via admin panel
                • Admin can add libraries in admin panel
                "},{"location":"changelog/server-changelog/#610-beta-20170511","title":"6.1.0 beta (2017.05.11)","text":"

                Web UI Improvement:

                1. Add thumbnail for video files
                2. Improved image file view, using thumbnail to view pictures
                3. Improve pdf preview in community edition
                4. Move items by drap & drop
                5. Add create docx/xlsx/pptx in web interface
                6. Add OnlyOffice integration
                7. Add Collabora integration
                8. Support folder upload in community edition
                9. Show which client modify a file in history, this will help to find which client accidentally modified a file or deleted a file.

                Improvement for admins:

                1. Admin can set user\u2019s quote, delete users in bulk
                2. Support using admin panel in mobile platform
                3. Add translation for settings page

                System changes:

                1. Remove wiki by default
                2. Upgrade Django to 1.8.18
                3. Clean Ajax API
                4. Increase share link token length to 20 characters
                5. Upgrade jstree to latest version
                "},{"location":"changelog/server-changelog/#60","title":"6.0","text":"

                Note: If you ever used 6.0.0 or 6.0.1 or 6.0.2 with SQLite as database and encoutered a problem with desktop/mobile client login, follow https://github.com/haiwen/seafile/pull/1738 to fix the problem.

                "},{"location":"changelog/server-changelog/#609-20170330","title":"6.0.9 (2017.03.30)","text":"
                • Show user' name instead of user's email in notifications sent out by email
                • Add config items for setting favicon, disable wiki feature
                • Add css id to easily hide user password reset and delete account button
                • [fix] Fix UI bug in restoring a file from snapshot
                • [fix] Fix after renaming a file, the old versions before file rename can't be downloaded
                • [security] Fix XSS problem of the \"go back\" button in history page and snapshot view page
                "},{"location":"changelog/server-changelog/#608-20170216","title":"6.0.8 (2017.02.16)","text":"

                Improvement for admin

                • Admin can add/delete group members
                • Admin can create group in admin panel
                • Show total storage, total number of files, total number of connected devices in the info page of admin panel
                • Force users to change password if imported via csv
                • Support set user's quota, name when import user via csv
                • Set user's quota in user list page
                • Add search group by group name
                • Use ajax when deleting a user's library in admin panel
                • Support logrotate for controller.log
                • Add # -*- coding: utf-8 -*- to seahub_settings.py, so that admin can use non-ascii characters in the file.
                • Ingore white space character in the end of lines in ccnet.conf
                • Add a log when a user can't be find in LDAP during login, so that the system admin can know whether it is caused by password error or the user can't be find
                • Delete shared libraries information when deleting a user

                Other

                • [fix] Uploading files with special names lets seaf-server crash
                • [fix] Fix user search when global address book is disabled in CLOUD_MODE
                • [fix] Avoid timeout in some cases when showing a library trash
                • Show \"the account is inactive\" when an inactive account try to login
                • [security] Remove viewer.js to show open document files (ods, odt) because viewer.js is not actively maintained and may have potential security bugs (Thanks to Lukas Reschke from Nextcloud GmbH to report the issue)
                • [fix] Fix PostgreSQL support
                • Update Django to 1.8.17
                • Change time_zone to UTC as default
                • [fix] Fix quota check: users can't upload a file if the quota will be exceeded after uploading the file
                • [fix] Fix quota check when copy file from one library to another
                • [fix] Prevent admin from access group's wiki
                • [fix] Fix a bug when download folder in grid view
                "},{"location":"changelog/server-changelog/#607-20161216","title":"6.0.7 (2016.12.16)","text":"
                • [fix] Fix generating of password protected link in file view page
                • [fix] Fix .jpg/.JPG image display in IE10
                • Export quota usage in export Excel in user list admin page
                • [fix] Fix admin can't delete broken libraries
                • Add \"back to previous page\" link in trash page, history page
                • [fix] Improve logo show in About page
                • [fix] Fix file encoding for text file editing online
                • [fix] Don't show operation buttons for broken libraries in normal users page
                "},{"location":"changelog/server-changelog/#606-20161116","title":"6.0.6 (2016.11.16)","text":"
                • [fix] Fix the shared folder link in the notification message when a user share a folder to another user
                • [fix] Update Django version from 1.8.10 to 1.8.16
                • [fix] Fix support for PostgreSQL
                • [fix] Fix SQLite database locking problem
                • [fix] Fix the shared folder name is not changed after removing the old share, renaming the folder and re-sharing the folder
                • [fix] Fix sub-folder accidentially show the files in parent folder when the parent folder contains more than 100 files
                • [fix] Fix image preview navigation when there are more than 100 entries in a folder
                • [fix] Fix bug when admin searching unexisting user
                • [fix] Fix jpeg image display in IE10
                • Add support for online view of mov video files
                • Make web access token expiring time configurable
                • Add an option on server to control block size for web upload files
                "},{"location":"changelog/server-changelog/#605-20161017","title":"6.0.5 (2016.10.17)","text":"
                • [fix] Fix API for uploading file by blocks (Used by iOS client when uploading a large file)
                • [fix] Fix a database connection problem in ccnet-server
                • [fix] Fix moved files are still present in local folder until refresh
                • [fix] Fix admin panel can't show deleted libraries
                "},{"location":"changelog/server-changelog/#604-20160922","title":"6.0.4 (2016.09.22)","text":"
                • [fix] Fix not able to move files via WebDAV interface
                • Check whether the quota will exceed before saving the uploaded file to Seafile via Web UI or API
                • [fix] Fix owner can't restore a deleted file or folder in snapshot
                • [fix] Fix UI of personal profile page
                • [fix] Fix in some cases mobile devices can't be unlinked
                • [fix] Fix connection problem for the latest MariaDB in initialisation script
                • [fix] PNG Thumbnail creation broken in 6.0.3 (getexif failes)
                • Make maxNumberOfFiles configurable
                • [fix] Remember the sorting of libraries
                • Add Finnish translation
                • Video + audio no longer be limited by max preview size
                "},{"location":"changelog/server-changelog/#603-20160903","title":"6.0.3 (2016.09.03)","text":"
                • [fix] Fix a bug in sqlite database upgrade script
                • [fix] Fix a bug in database connection pool
                • [fix] Fix a bug in file comment
                "},{"location":"changelog/server-changelog/#602-20160902","title":"6.0.2 (2016.09.02)","text":"
                • [fix] Fix a bug in sqlite database table locking
                • Update translations
                • Support create libraries for Seafile Drive client
                "},{"location":"changelog/server-changelog/#601-beta-20160822","title":"6.0.1 beta (2016.08.22)","text":"
                • [fix] Fix default value of created_at in table api2_tokenv2. This bug leads to login problems for desktop and mobile clients.
                • [fix] Fix a bug in generating a password protected share link
                • Improve checking the user running Seafile must be the owner of seafile-data. If seafile-data is symbolic link, check the destination folder instead of the symbolic link.
                • [ui] Improve rename operation
                • Admin can set library permissions in admin panel
                • Show name/contact email in admin panel and enable search user by name/contact email
                • Add printing style for markdown
                • The \u201cSeafile\u201d in \"Welcome to Seafile\" message can be customised by SITE_NAME
                • Improve sorting of files with numbers
                • [fix] Fix can't view more than 100 files
                • [api] Add admin API to only return LDAP imported user list
                "},{"location":"changelog/server-changelog/#600-beta-20160802","title":"6.0.0 beta (2016.08.02)","text":"
                • Add full screen Web UI
                • Code clean and update Web APIs
                • Add file comment
                • Improve zip downloading by adding zip progress
                • Change of navigation labels
                • [admin] Add group transfer function in admin panel
                • Remove number of synced libraries in devices page for simplify the interface and concept
                • Update help pages
                "},{"location":"changelog/server-changelog/#51","title":"5.1","text":"

                Warning:

                • The concept of sub-library is removed in version 5.1. You can do selective sync with the latest desktop client
                • The group message reply function is removed, and the old reply messages will not be shown with the new UI

                Note: when upgrade from 5.1.3 or lower version to 5.1.4+, you need to install python-urllib3 (or python2-urllib3 for Arch Linux) manually:

                # for Ubuntu\nsudo apt-get install  python-urllib3\n# for CentOS\nsudo yum install python-urllib3\n
                "},{"location":"changelog/server-changelog/#514-20160723","title":"5.1.4 (2016.07.23)","text":"
                • [fix] Fix seaf-fsck.sh --export fails without database
                • [fix] Fix users with Umlauts in their display name breaks group management and api2/account/info on some special Linux distribution
                • Remove user from groups when a user is deleted.
                • [fix] Fix can't generate shared link for read-only shared library
                • [fix] Fix can still view file history after library history is set to \"no history\".
                • [fix] Fix after moving or deleting multiple selected items in the webinterface, the buttons are lost until reloading
                • Check user before start seafile. The user must be the owner of seafile-data directory
                • Don't allow emails with very special characters that may containing XSS string to register
                • [fix] During downloading multiple files/folders, show \"Total size exceeds limits\" instead of \"internal server error\" when selected items exceeds limits.
                • [fix] When delete a share, only check whether the be-shared user exist or not. This is to avoid the situation that share to a user can't be deleted after the user be deleted.
                • Add a notificition to a user if he/she is added to a group
                • Improve UI for password change page when forcing password change after admin reset a user's password
                • [fix] Fix duplicated files show in Firefox if the folder name contains single quote '
                "},{"location":"changelog/server-changelog/#513-20160530","title":"5.1.3 (2016.05.30)","text":"
                • [security] Fix permission checking for generating share links
                • Add an option (ENABLE_SETTINGS_VIA_WEB) to ignore settings via Web UI (system admin->settings)
                • [fix] Making user search (used in auto-completion) case insensitive
                "},{"location":"changelog/server-changelog/#512-20160513","title":"5.1.2 (2016.05.13)","text":"
                • [fix] Fix group rename
                • [fix] Fix group transfer
                • Send notifications to members when a new library is shared to a group
                • Download multiple selected files from Seahub as a ZIP-file
                • Use seafile-data/http-temp to store zip file when downloading a dir
                • [ui] Remember the expanded status of groups in the left hand nav bar
                • [accessibility] Improve accessiblity of library trash/history page by making links for operations selectable by tab.
                • [accessibility] Improve accessiblity of dialogs, add missing labelledby properties for the whole dialog.
                • [accessibility] Improve file/folder upload menu
                • list all devices in admin panel
                • Add syslog support for seafile.log
                "},{"location":"changelog/server-changelog/#511-20160408","title":"5.1.1 (2016.04.08)","text":"

                Note: downloading multiple files at once will be added in the next release.

                • A few UI Improvement and fixes
                • Add group-discussion (warning: the group message reply function is removed, and the old reply messages will not be shown with the new UI)
                • Add an option for disable forcing users to change password (FORCE_PASSWORD_CHANGE, default is True)
                • Support new Shibboleth users be created as inactive and activated via Admin later (SHIB_ACTIVATE_AFTER_CREATION , default is True)
                • Update jquery to v1.11
                "},{"location":"changelog/server-changelog/#510-beta-20160322","title":"5.1.0 beta (2016.03.22)","text":"

                Note: in this version, the group discussion is not re-implement yet. It will be available when the stable verison is released.

                • Redesign navigation
                • Rewrite group management
                • Improve sorting for large folder
                • Remember the sorting option for folder
                • Improve devices page
                • Update icons for libraries and files
                • Remove library settings page, re-implement them with dialogs
                • Remove group avatar
                • Don't show share menu in top bar when multiple item selected
                • Auto-focus on username field when loading the login page
                • Remove self-introduction in user profile
                • Upgrade to django 1.8
                • Force the user to change password if adding by admin or password reset by admin
                • disable add non-existing user to a group
                "},{"location":"config/","title":"Server Configuration and Customization","text":""},{"location":"config/#config-files","title":"Config Files","text":"

                The config files used in Seafile include:

                • environment variables: contains environment variables, the items here are shared between different components.
                • ccnet.conf: contains some settings for connection to ccnet_db.
                • seafile.conf: contains settings for seafile daemon and fileserver.
                • seahub_settings.py: contains settings for Seahub
                • seafevents.conf: contains settings for background tasks and file search.

                You can also modify most of the config items via web interface.The config items are saved in database table (seahub-db/constance_config). They have a higher priority over the items in config files.

                "},{"location":"config/#the-design-of-configure-options","title":"The design of configure options","text":"

                There are now three places you can config Seafile server:

                • environment variables
                • config files
                • via web interface

                The web interface has the highest priority. It contains a subset of settings that does no require to restart the server. In practise, you can disable settings via web interface for simplicity.

                Environment variables also have three categories:

                • Initialization variables that used to generate config files when Seafile server run for the first time.
                • Variables that shared and used by multiple components of Seafile server.
                • Variables that used both in generate config files and later also needed for some components that have no corresponding config files.

                The variables in the first category can be deleted after initialization. In the future, we will make more components to read config from environment variables, so that the third category is no longer needed.

                "},{"location":"config/admin_roles_permissions/","title":"Roles and Permissions Support","text":"

                You can add/edit roles and permission for administrators. Seafile has four build-in admin roles:

                1. default_admin, has all permissions.

                2. system_admin, can only view system info and config system.

                3. daily_admin, can only view system info, view statistic, manage library/user/group, view user log.

                4. audit_admin, can only view system info and admin log.

                All administrators will have default_admin role with all permissions by default. If you set an administrator to some other admin role, the administrator will only have the permissions you configured to True.

                Seafile supports eight permissions for now, its configuration is very like common user role, you can custom it by adding the following settings to seahub_settings.py.

                ENABLED_ADMIN_ROLE_PERMISSIONS = {\n    'system_admin': {\n        'can_view_system_info': True,\n        'can_config_system': True,\n    },\n    'daily_admin': {\n        'can_view_system_info': True,\n        'can_view_statistic': True,\n        'can_manage_library': True,\n        'can_manage_user': True,\n        'can_manage_group': True,\n        'can_view_user_log': True,\n    },\n    'audit_admin': {\n        'can_view_system_info': True,\n        'can_view_admin_log': True,\n    },\n    'custom_admin': {\n        'can_view_system_info': True,\n        'can_config_system': True,\n        'can_view_statistic': True,\n        'can_manage_library': True,\n        'can_manage_user': True,\n        'can_manage_group': True,\n        'can_view_user_log': True,\n        'can_view_admin_log': True,\n    },\n}\n
                "},{"location":"config/auth_switch/","title":"Switch authentication type","text":"

                Seafile Server supports the following external authentication types:

                • LDAP (Auth and Sync)
                • OAuth
                • Shibboleth
                • SAML

                Since 11.0 version, switching between the types is possible, but any switch requires modifications of Seafile's databases.

                Note

                Before manually manipulating your database, make a database backup, so you can restore your system if anything goes wrong!

                See more about make a database backup.

                "},{"location":"config/auth_switch/#migrating-from-local-user-database-to-external-authentication","title":"Migrating from local user database to external authentication","text":"

                As an organisation grows and its IT infrastructure matures, the migration from local authentication to external authentication like LDAP, SAML, OAUTH is common requirement. Fortunately, the switch is comparatively simple.

                "},{"location":"config/auth_switch/#general-procedure","title":"General procedure","text":"

                1. Configure and test the desired external authentication. Note the name of the provider you use in the config file. The user to be migrated should already be able to log in with this new authentication type, but he will be created as a new user with a new unique identifier, so he will not have access to his existing libraries. Note the uid from the social_auth_usersocialauth table. Delete this new, still empty user again.

                2. Determine the ID of the user to be migrated in ccnet_db.EmailUser. For users created before version 11, the ID should be the user's email, for users created after version 11, the ID should be a string like xxx@auth.local.

                3. Replace the password hash with an exclamation mark.

                4. Create a new entry in social_auth_usersocialauth with the xxx@auth.local, your provider and the uid.

                The login with the password stored in the local database is not possible anymore. After logging in via external authentication, the user has access to all his previous libraries.

                "},{"location":"config/auth_switch/#example","title":"Example","text":"

                This example shows how to migrate the user with the username 12ae56789f1e4c8d8e1c31415867317c@auth.local from local database authentication to OAuth. The OAuth authentication is configured in seahub_settings.py with the provider name authentik-oauth. The uid of the user inside the Identity Provider is HR12345.

                This is what the database looks like before these commands must be executed:

                mysql> select email,left(passwd,25) from EmailUser where email = '12ae56789f1e4c8d8e1c31415867317c@auth.local';\n+---------------------------------------------+------------------------------+\n| email                                       | left(passwd,25)              |\n+---------------------------------------------+------------------------------+\n| 12ae56789f1e4c8d8e1c31415867317c@auth.local | PBKDF2SHA256$10000$4cdda6... |\n+---------------------------------------------+------------------------------+\n\nmysql> update EmailUser set passwd = '!' where email = '12ae56789f1e4c8d8e1c31415867317c@auth.local';\n\nmysql> insert into `social_auth_usersocialauth` (`username`, `provider`, `uid`, `extra_data`) values ('12ae56789f1e4c8d8e1c31415867317c@auth.local', 'authentik-oauth', 'HR12345', '');\n

                Note

                The extra_data field store user's information returned from the provider. For most providers, the extra_data field is usually an empty character. Since version 11.0.3-Pro, the default value of the extra_data field is NULL.

                Afterwards the databases should look like this:

                mysql> select email,passwd from EmailUser where email = '12ae56789f1e4c8d8e1c31415867317c@auth.local';\n+---------------------------------------------+------- +\n| email                                       | passwd |\n+---------------------------------------------+--------+\n| 12ae56789f1e4c8d8e1c31415867317c@auth.local | !      |\n+---------------------------------------------+--------+\n\nmysql> select username,provider,uid from social_auth_usersocialauth where username = '12ae56789f1e4c8d8e1c31415867317c@auth.local';\n+---------------------------------------------+-----------------+---------+\n| username                                    | provider        | uid     |\n+---------------------------------------------+-----------------+---------+\n| 12ae56789f1e4c8d8e1c31415867317c@auth.local | authentik-oauth | HR12345 |\n+---------------------------------------------+-----------------+---------+\n
                "},{"location":"config/auth_switch/#migrating-from-one-external-authentication-to-another","title":"Migrating from one external authentication to another","text":"

                First configure the two external authentications and test them with a dummy user. Then, to migrate all the existing users you only need to make changes to the social_auth_usersocialauth table. No entries need to be deleted or created. You only need to modify the existing ones. The xxx@auth.local remains the same, you only need to replace the provider and the uid.

                "},{"location":"config/auth_switch/#migrating-from-external-authentication-to-local-user-database","title":"Migrating from external authentication to local user database","text":"

                First, delete the entry in the social_auth_usersocialauth table that belongs to the particular user.

                Then you can reset the user's password, e.g. via the web interface. The user will be assigned a local password and from now on the authentication against the local database of Seafile will be done.

                More details about this option will follow soon.

                "},{"location":"config/auto_login_seadrive/","title":"Auto Login to SeaDrive on Windows","text":"

                Kerberos is a widely used single sign on (SSO) protocol. Supporting of auto login will use a Kerberos service. For server configuration, please read remote user authentication documentation. You have to configure Apache to authenticate with Kerberos. This is out of the scope of this documentation. You can for example refer to this webpage.

                "},{"location":"config/auto_login_seadrive/#technical-details","title":"Technical Details","text":"

                The client machine has to join the AD domain. In a Windows domain, the Kerberos Key Distribution Center (KDC) is implemented on the domain service. Since the client machine has been authenticated by KDC when a Windows user logs in, a Kerberos ticket will be generated for current user without needs of another login in the browser.

                When a program using the WinHttp API tries to connect a server, it can perform a login automatically through the Integrated Windows Authentication. Internet Explorer and SeaDrive both use this mechanism.

                The details of Integrated Windows Authentication is described below:

                1. Decide whether or not to use IWA according to the address and Internet Options. (more in next section)
                2. Send a request to the server (e.g. http://test.seafile.com/sso)
                3. The server returns an HTTP 401 unauthorized response with the Negotiate header which includes an authentication protocol.
                4. The WinHttp API will try to use Kerberos first, if there is a valid ticket from KDC. The request will be sent again, together with the ticket in an HTTP header.
                5. Then, Apache can check the ticket with KDC, and extract the username from it. The username will be passed to SeaHub for a successful auto login.
                6. If the WinHttp API failed to get a ticket, it will then try the NTLM protocol by sending an HTTP request with Negotiate NTLMSSP token in the header. Without supporting the NTLM protocol, Apache shall returns an HTTP 401 unauthorized response and stops negotiation. At this point, the browser will pop up a login dialog, which means an auto login failure.

                In short:

                1. The client machine has to join the AD domain.
                2. The Internet Options has to be configured properly.
                3. The WinHttp API should be able to get a valid ticket from KDC. Make sure you use the correct server address (e.g. test.seafile.com) when you generate keytab file on the domain controller.
                "},{"location":"config/auto_login_seadrive/#auto-login-on-internet-explorer","title":"Auto Login on Internet Explorer","text":"

                The Internet Options has to be configured as following:

                Open \"Internet Options\", select \"Security\" tab, select \"Local Intranet\" zone.

                1. \"Sites\" -> \"Advanced\" -> \"Add this website to zone\". This is the place where we fill the address (e.g. http://test.seafile.com)
                2. \"Security level for this zone\" -> \"Custom level...\" -> \"Automatic log-on with current username and password\".

                Note

                Above configuration requires a reboot to take effect.

                Next, we shall test the auto login function on Internet Explorer: visit the website and click \"Single Sign-On\" link. It should be able to log in directly, otherwise the auto login is malfunctioned.

                Note

                The address in the test must be same as the address specified in the keytab file. Otherwise, the client machine can't get a valid ticket from Kerberos.

                "},{"location":"config/auto_login_seadrive/#auto-login-on-seadrive","title":"Auto Login on SeaDrive","text":"

                SeaDrive will use the Kerberos login configuration from the Windows Registry under HKEY_CURRENT_USER/SOFTWARE/SeaDrive.

                Key   : PreconfigureServerAddr\nType  : REG_SZ\nValue : <the url of seafile server>\n\nKey   : PreconfigureUseKerberosLogin\nType  : REG_SZ\nValue : <0|1> // 0 for normal login, 1 for SSO login\n

                The system wide configuration path is located at HKEY_LOCAL_MACHINE/SOFTWARE/Wow6432Node/SeaDrive.

                "},{"location":"config/auto_login_seadrive/#seadrive-silent-installation","title":"SeaDrive Silent Installation","text":"

                SeaDrive can be installed silently with the following command (requires admin privileges):

                msiexec /i seadrive.msi /quiet /qn /log install.log\n
                "},{"location":"config/auto_login_seadrive/#auto-login-via-group-policy","title":"Auto Login via Group Policy","text":"

                The configuration of Internet Options : https://docs.microsoft.com/en-us/troubleshoot/browsers/how-to-configure-group-policy-preference-settings

                The configuration of Windows Registry : https://thesolving.com/server-room/how-to-deploy-a-registry-key-via-group-policy/

                "},{"location":"config/ccnet-conf/","title":"ccnet.conf","text":"

                Ccnet is the internal RPC framework used by Seafile server and also manages the user database. A few useful options are in ccnet.conf.

                Note

                Ccnet component is merged into seaf-server in version 7.1, but the configuration file are still needed

                "},{"location":"config/ccnet-conf/#changing-mysql-connection-pool-size","title":"Changing MySQL Connection Pool Size","text":"

                When you configure ccnet to use MySQL, the default connection pool size is 100, which should be enough for most use cases. You can change this value by adding following options to ccnet.conf:

                [Database]\n......\n# Use larger connection pool\nMAX_CONNECTIONS = 200\n
                "},{"location":"config/ccnet-conf/#using-encrypted-connections","title":"Using Encrypted Connections","text":"

                Since Seafile 10.0.2, you can enable the encrypted connections to the MySQL server by adding the following configuration options:

                [Database]\nUSE_SSL = true\nSKIP_VERIFY = false\nCA_PATH = /etc/mysql/ca.pem\n

                When set use_ssl to true and skip_verify to false, it will check whether the MySQL server certificate is legal through the CA configured in ca_path. The ca_path is a trusted CA certificate path for signing MySQL server certificates. When skip_verify is true, there is no need to add the ca_path option. The MySQL server certificate won't be verified at this time.

                "},{"location":"config/config_seafile_with_ADFS/","title":"config seafile with ADFS","text":""},{"location":"config/config_seafile_with_ADFS/#requirements","title":"Requirements","text":"

                To use ADFS to log in to your Seafile, you need the following components:

                1. A Winodws Server with ADFS installed. For configuring and installing ADFS you can see this article.

                2. A valid SSL certificate for ADFS server, and here we use adfs-server.adfs.com as the domain name example.

                3. A valid SSL certificate for Seafile server, and here we use demo.seafile.com as the domain name example.

                "},{"location":"config/config_seafile_with_ADFS/#prepare-certs-file","title":"Prepare Certs File","text":"
                1. x.509 certs for SP (Service Provider)

                You can generate them by:

                ``` openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout sp.key -out sp.crt 

                 These x.509 certs are used to sign and encrypt elements like NameID and Metadata for SAML. \n\n Then copy these two files to **<seafile-install-path>/seahub-data/certs**. (if the certs folder not exists, create it.)\n\n2. x.509 cert from IdP (Identity Provider)\n\n 1. Log into the ADFS server and open the ADFS management.\n\n 1. Double click **Service** and choose **Certificates**.\n\n 1. Export the **Token-Signing** certificate:\n\n    1. Right-click the certificate and select **View Certificate**.\n    1. Select the **Details** tab.\n    1. Click **Copy to File** (select **DER encoded binary X.509**).\n\n 1. Convert this certificate to PEM format, rename it to **idp.crt**\n\n 1. Then copy it to **<seafile-install-path>/seahub-data/certs**.\n\n### Prepare IdP Metadata File\n\n1. Open https://adfs-server.adfs.com/federationmetadata/2007-06/federationmetadata.xml\n\n1. Save this xml file, rename it to **idp_federation_metadata.xml**\n\n1. Copy it to **<seafile-install-path>/seahub-data/certs**.\n\n### Install Requirements on Seafile Server\n\n- For Ubuntu 16.04\n
                sudo apt install xmlsec1 sudo pip install cryptography djangosaml2==0.15.0 
                ### Config Seafile\n\nAdd the following lines to **seahub_settings.py**\n
                from os import path import saml2 import saml2.saml

                "},{"location":"config/config_seafile_with_ADFS/#update-following-lines-according-to-your-situation","title":"update following lines according to your situation","text":"

                CERTS_DIR = '/seahub-data/certs' SP_SERVICE_URL = 'https://demo.seafile.com' XMLSEC_BINARY = '/usr/local/bin/xmlsec1' ATTRIBUTE_MAP_DIR = '/seafile-server-latest/seahub-extra/seahub_extra/adfs_auth/attribute-maps' SAML_ATTRIBUTE_MAPPING = { 'DisplayName': ('display_name', ), 'ContactEmail': ('contact_email', ), 'Deparment': ('department', ), 'Telephone': ('telephone', ), }"},{"location":"config/config_seafile_with_ADFS/#update-the-idp-section-in-sampl_config-according-to-your-situation-and-leave-others-as-default","title":"update the 'idp' section in SAMPL_CONFIG according to your situation, and leave others as default","text":"

                ENABLE_ADFS_LOGIN = True EXTRA_AUTHENTICATION_BACKENDS = ( 'seahub_extra.adfs_auth.backends.Saml2Backend', ) SAML_USE_NAME_ID_AS_USERNAME = True LOGIN_REDIRECT_URL = '/saml2/complete/' SAML_CONFIG = { # full path to the xmlsec1 binary programm 'xmlsec_binary': XMLSEC_BINARY,

                'allow_unknown_attributes': True,\n\n# your entity id, usually your subdomain plus the url to the metadata view\n'entityid': SP_SERVICE_URL + '/saml2/metadata/',\n\n# directory with attribute mapping\n'attribute_map_dir': ATTRIBUTE_MAP_DIR,\n\n# this block states what services we provide\n'service': {\n    # we are just a lonely SP\n    'sp' : {\n        \"allow_unsolicited\": True,\n        'name': 'Federated Seafile Service',\n        'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS,\n        'endpoints': {\n            # url and binding to the assetion consumer service view\n            # do not change the binding or service name\n            'assertion_consumer_service': [\n                (SP_SERVICE_URL + '/saml2/acs/',\n                 saml2.BINDING_HTTP_POST),\n            ],\n            # url and binding to the single logout service view\n            # do not change the binding or service name\n            'single_logout_service': [\n                (SP_SERVICE_URL + '/saml2/ls/',\n                 saml2.BINDING_HTTP_REDIRECT),\n                (SP_SERVICE_URL + '/saml2/ls/post',\n                 saml2.BINDING_HTTP_POST),\n            ],\n        },\n\n        # attributes that this project need to identify a user\n        'required_attributes': [\"uid\"],\n\n        # attributes that may be useful to have but not required\n        'optional_attributes': ['eduPersonAffiliation', ],\n\n        # in this section the list of IdPs we talk to are defined\n        'idp': {\n            # we do not need a WAYF service since there is\n            # only an IdP defined here. This IdP should be\n            # present in our metadata\n\n            # the keys of this dictionary are entity ids\n            'https://adfs-server.adfs.com/federationmetadata/2007-06/federationmetadata.xml': {\n                'single_sign_on_service': {\n                    saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/idpinitiatedsignon.aspx',\n                },\n              'single_logout_service': {\n                  saml2.BINDING_HTTP_REDIRECT: 'https://adfs-server.adfs.com/adfs/ls/?wa=wsignout1.0',\n              },\n            },\n        },\n    },\n},\n\n# where the remote metadata is stored\n'metadata': {\n    'local': [path.join(CERTS_DIR, 'idp_federation_metadata.xml')],\n},\n\n# set to 1 to output debugging information\n'debug': 1,\n\n# Signing\n'key_file': '', \n'cert_file': path.join(CERTS_DIR, 'idp.crt'),  # from IdP\n\n# Encryption\n'encryption_keypairs': [{\n    'key_file': path.join(CERTS_DIR, 'sp.key'),  # private part\n    'cert_file': path.join(CERTS_DIR, 'sp.crt'),  # public part\n}],\n\n'valid_for': 24,  # how long is our metadata valid\n

                }

                ```

                "},{"location":"config/config_seafile_with_ADFS/#config-adfs-server","title":"Config ADFS Server","text":"
                1. Add Relying Party Trust

                Relying Party Trust is the connection between Seafile and ADFS.

                1. Log into the ADFS server and open the ADFS management.

                2. Double click Trust Relationships, then right click Relying Party Trusts, select Add Relying Party Trust\u2026.

                3. Select Import data about the relying party published online or one a local network, input https://demo.seafile.com/saml2/metadata/ in the Federation metadata address.

                4. Then Next until Finish.

                5. Add Relying Party Claim Rules

                Relying Party Claim Rules is used for attribute communication between Seafile and users in Windows Domain.

                Important: Users in Windows domain must have the E-mail value setted.

                1. Right-click on the relying party trust and select Edit Claim Rules...

                2. On the Issuance Transform Rules tab select Add Rules...

                3. Select Send LDAP Attribute as Claims as the claim rule template to use.

                4. Give the claim a name such as LDAP Attributes.

                5. Set the Attribute Store to Active Directory, the LDAP Attribute to E-Mail-Addresses, and the Outgoing Claim Type to E-mail Address.

                6. Select Finish.

                7. Click Add Rule... again.

                8. Select Transform an Incoming Claim.

                9. Give it a name such as Email to Name ID.

                10. Incoming claim type should be E-mail Address (it must match the Outgoing Claim Type in rule #1).

                11. The Outgoing claim type is Name ID (this is required in Seafile settings policy 'name_id_format': saml2.saml.NAMEID_FORMAT_EMAILADDRESS).

                12. the Outgoing name ID format is Email.

                13. Pass through all claim values and click Finish.

                • https://support.zendesk.com/hc/en-us/articles/203663886-Setting-up-single-sign-on-using-Active-Directory-with-ADFS-and-SAML-Plus-and-Enterprise-

                • http://wiki.servicenow.com/?title=Configuring_ADFS_2.0_to_Communicate_with_SAML_2.0#gsc.tab=0

                • https://github.com/rohe/pysaml2/blob/master/src/saml2/saml.py

                "},{"location":"config/customize_email_notifications/","title":"Customize Email Notifications","text":"

                Note: Subject line may vary between different releases, this is based on Release 2.0.1. Restart Seahub so that your changes take effect.

                "},{"location":"config/customize_email_notifications/#user-reset-hisher-password","title":"User reset his/her password","text":"

                Subject

                seahub/seahub/auth/forms.py line:103

                Body

                seahub/seahub/templates/registration/password_reset_email.html

                Note: You can copy password_reset_email.html to seahub-data/custom/templates/registration/password_reset_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

                "},{"location":"config/customize_email_notifications/#system-admin-add-new-member","title":"System admin add new member","text":"

                Subject

                seahub/seahub/views/sysadmin.py line:424

                Body

                seahub/seahub/templates/sysadmin/user_add_email.html

                Note: You can copy user_add_email.html to seahub-data/custom/templates/sysadmin/user_add_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

                "},{"location":"config/customize_email_notifications/#system-admin-reset-user-password","title":"System admin reset user password","text":"

                Subject

                seahub/seahub/views/sysadmin.py line:368

                Body

                seahub/seahub/templates/sysadmin/user_reset_email.html

                Note: You can copy user_reset_email.html to seahub-data/custom/templates/sysadmin/user_reset_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

                "},{"location":"config/customize_email_notifications/#user-send-filefolder-share-link","title":"User send file/folder share link","text":"

                Subject

                seahub/seahub/share/views.py line:668

                Body

                seahub/seahub/templates/shared_link_email.html

                "},{"location":"config/details_about_file_search/","title":"Details about File Search","text":""},{"location":"config/details_about_file_search/#search-options","title":"Search Options","text":"

                The following options can be set in seafevents.conf to control the behaviors of file search. You need to restart seafile and seahub to make them take effect.

                [INDEX FILES]\n## must be \"true\" to enable search\nenabled = true\n\n## The interval the search index is updated. Can be s(seconds), m(minutes), h(hours), d(days)\ninterval=10m\n\n## this is for improving the search speed\nhighlight = fvh                              \n\n## If true, indexes the contents of office/pdf files while updating search index\n## Note: If you change this option from \"false\" to \"true\", then you need to clear the search index and update the index again.\nindex_office_pdf=false\n\n## From 9.0.7 pro, Seafile supports connecting to Elasticsearch through username and password, you need to configure username and password for the Elasticsearch server\nusername = elastic           # username to connect to Elasticsearch\npassword = elastic_password  # password to connect to Elasticsearch\n\n## From 9.0.7 pro, Seafile supports connecting to elasticsearch via HTTPS, you need to configure HTTPS for the Elasticsearch server\nscheme = https               # The default is http. If the Elasticsearch server is not configured with HTTPS, the scheme and cafile do not need to be configured\ncafile = path/to/cert.pem    # The certificate path for user authentication. If the Elasticsearch server does not enable certificate authentication, do not need to be configured\n\n## From version 11.0.5 Pro, you can custom ElasticSearch index names for distinct instances when intergrating multiple Seafile servers to a single ElasticSearch Server.\nrepo_status_index_name = your-repo-status-index-name  # default is `repo_head`\nrepo_files_index_name = your-repo-files-index-name    # default is `repofiles`\n
                "},{"location":"config/details_about_file_search/#enable-full-text-search-for-officepdf-files","title":"Enable full text search for Office/PDF files","text":"

                Full text search is not enabled by default to save system resources. If you want to enable it, you need to follow the instructions below.

                "},{"location":"config/details_about_file_search/#modify-seafeventsconf","title":"Modify seafevents.conf","text":"Deploy in DockerDeploy from binary packages 
                cd /opt/seafile-data/seafile/conf\nnano seafevents.conf\n
                cd /opt/seafile/conf\nnano seafevents.conf\n

                set index_office_pdf to true

                ...\n[INDEX FILES]\n...\nindex_office_pdf=true\n...\n
                "},{"location":"config/details_about_file_search/#restart-seafile-server","title":"Restart Seafile server","text":"Deploy in DockerDeploy from binary packages 
                docker exec -it seafile bash\ncd /scripts\n./seafile.sh restart\n\n# delete the existing search index and recreate it\n./pro/pro.py search --clear\n./pro/pro.py search --update\n
                cd /opt/seafile/seafile-server-latest\n./seafile.sh restart\n\n# delete the existing search index and recreate it\n./pro/pro.py search --clear\n./pro/pro.py search --update\n
                "},{"location":"config/details_about_file_search/#common-problems","title":"Common problems","text":""},{"location":"config/details_about_file_search/#how-to-rebuild-the-index-if-something-went-wrong","title":"How to rebuild the index if something went wrong","text":"

                You can rebuild search index by running:

                Deploy in DockerDeploy from binary packages 
                docker exec -it seafile bash\ncd /scripts\n./pro/pro.py search --clear\n./pro/pro.py search --update\n
                cd /opt/seafile/seafile-server-latest\n./pro/pro.py search --clear\n./pro/pro.py search --update\n

                Tip

                If this does not work, you can try the following steps:

                1. Stop Seafile
                2. Remove the old search index rm -rf pro-data/search
                3. Restart Seafile
                4. Wait one minute then run ./pro/pro.py search --update
                "},{"location":"config/details_about_file_search/#access-the-aws-elasticsearch-service-using-https","title":"Access the AWS elasticsearch service using HTTPS","text":"

                1. Create an elasticsearch service on AWS according to the documentation.

                2. Configure the seafevents.conf:

                [INDEX FILES]\nenabled = true\ninterval = 10m\nindex_office_pdf=true\nes_host = your domain endpoint(for example, https://search-my-domain.us-east-1.es.amazonaws.com)\nes_port = 443\nscheme = https\nusername = master user\npassword = password\nhighlight = fvh\nrepo_status_index_name = your-repo-status-index-name  # default is `repo_head`\nrepo_files_index_name = your-repo-files-index-name    # default is `repofiles`\n

                Note

                The version of the Python third-party package elasticsearch cannot be greater than 7.14.0, otherwise the elasticsearch service cannot be accessed: https://docs.aws.amazon.com/opensearch-service/latest/developerguide/samplecode.html#client-compatibility, https://github.com/elastic/elasticsearch-py/pull/1623.

                "},{"location":"config/details_about_file_search/#i-get-no-result-when-i-search-a-keyword","title":"I get no result when I search a keyword","text":"

                The search index is updated every 10 minutes by default. So before the first index update is performed, you get nothing no matter what you search.

                To be able to search immediately,

                • Make sure you have started Seafile Server
                • Update the search index manually:
                Deploy in DockerDeploy from binary packages 
                docker exec -it seafile bash\ncd /scripts\n./pro/pro.py search --update\n
                cd /opt/seafile/seafile-server-latest\n./pro/pro.py search --update\n
                "},{"location":"config/details_about_file_search/#encrypted-files-cannot-be-searched","title":"Encrypted files cannot be searched","text":"

                This is because the server cannot index encrypted files, since they are encrypted.

                "},{"location":"config/details_about_file_search/#increase-the-heap-size-for-the-java-search-process","title":"Increase the heap size for the java search process","text":"

                The search functionality is based on Elasticsearch, which is a java process. You can modify the memory size by modifying the jvm configuration file. For example, modify to 2G memory. Modify the following configuration in the seafile-server-latest/pro/elasticsearch/config/jvm.options file:

                -Xms2g # Minimum available memory\n-Xmx2g # Maximum available memory\n### It is recommended to set the values of the above two configurations to the same size.\n

                Restart the seafile service to make the above changes take effect:

                Deploy in DockerDeploy from binary packages 
                docker compose restart\n
                cd /opt/seafile/seafile-server-latest\n./seafile.sh restart\n./seahub.sh restart\n
                "},{"location":"config/env/","title":".env","text":"

                The .env file will be used to specify the components used by the Seafile-docker instance and the environment variables required by each component. The default contents list in below

                COMPOSE_FILE='seafile-server.yml,caddy.yml'\nCOMPOSE_PATH_SEPARATOR=','\n\n\nSEAFILE_IMAGE=docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest\nSEAFILE_DB_IMAGE=mariadb:10.11\nSEAFILE_MEMCACHED_IMAGE=memcached:1.6.29\nSEAFILE_ELASTICSEARCH_IMAGE=elasticsearch:8.15.0 # pro edition only\nSEAFILE_CADDY_IMAGE=lucaslorentz/caddy-docker-proxy:2.9\n\nSEAFILE_VOLUME=/opt/seafile-data\nSEAFILE_MYSQL_VOLUME=/opt/seafile-mysql/db\nSEAFILE_ELASTICSEARCH_VOLUME=/opt/seafile-elasticsearch/data # pro edition only\nSEAFILE_CADDY_VOLUME=/opt/seafile-caddy\n\nSEAFILE_MYSQL_DB_HOST=db\nINIT_SEAFILE_MYSQL_ROOT_PASSWORD=ROOT_PASSWORD\nSEAFILE_MYSQL_DB_USER=seafile\nSEAFILE_MYSQL_DB_PASSWORD=PASSWORD\n\nTIME_ZONE=Etc/UTC\n\nJWT_PRIVATE_KEY=\n\nSEAFILE_SERVER_HOSTNAME=example.seafile.com\nSEAFILE_SERVER_PROTOCOL=https\n\nINIT_SEAFILE_ADMIN_EMAIL=me@example.com\nINIT_SEAFILE_ADMIN_PASSWORD=asecret\n\n\nSEADOC_IMAGE=seafileltd/sdoc-server:1.0-latest\nSEADOC_VOLUME=/opt/seadoc-data\n\nENABLE_SEADOC=false\nSEADOC_SERVER_URL=http://example.seafile.com/sdoc-server\n
                "},{"location":"config/env/#seafile-docker-configurations","title":"Seafile-docker configurations","text":""},{"location":"config/env/#components-configurations","title":"Components configurations","text":"
                • COMPOSE_FILE: .yml files for components of Seafile-docker, each .yml must be separated by the symbol defined in COMPOSE_PATH_SEPARATOR. The core components are involved in seafile-server.yml and caddy.yml which must be taken in this term.
                • COMPOSE_PATH_SEPARATOR: The symbol used to separate the .yml files in term COMPOSE_FILE, default is ','.
                "},{"location":"config/env/#docker-images-configurations","title":"Docker images configurations","text":"
                • SEAFILE_IMAGE: The image of Seafile-server, default is docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest.
                • SEAFILE_DB_IMAGE: Database server image, default is mariadb:10.11.
                • SEAFILE_MEMCACHED_IMAGE: Cached server image, default is memcached:1.6.29
                • SEAFILE_ELASTICSEARCH_IMAGE: Only valid in pro edition. The elasticsearch image, default is elasticsearch:8.15.0.
                • SEAFILE_CADDY_IMAGE: Caddy server image, default is lucaslorentz/caddy-docker-proxy:2.9.
                • SEADOC_IMAGE: Only valid after integrating SeaDoc. SeaDoc server image, default is seafileltd/sdoc-server:1.0-latest.
                "},{"location":"config/env/#persistent-volume-configurations","title":"Persistent Volume Configurations","text":"
                • SEAFILE_VOLUME: The volume directory of Seafile data, default is /opt/seafile-data.
                • SEAFILE_MYSQL_VOLUME: The volume directory of MySQL data, default is /opt/seafile-mysql/db.
                • SEAFILE_CADDY_VOLUME: The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's, default is /opt/seafile-caddy.
                • SEAFILE_ELASTICSEARCH_VOLUME: Only valid in pro edition. The volume directory of Elasticsearch data, default is /opt/seafile-elasticsearch/data.
                • SEADOC_VOLUME: Only valid after integrating SeaDoc. The volume directory of SeaDoc server data, default is /opt/seadoc-data.
                "},{"location":"config/env/#mysql-configurations","title":"MySQL configurations","text":"
                • SEAFILE_MYSQL_DB_HOST: The host address of Mysql, default is the pre-defined service name db in Seafile-docker instance.
                • INIT_SEAFILE_MYSQL_ROOT_PASSWORD: The root password of MySQL.
                • SEAFILE_MYSQL_DB_USER: The user of MySQL (database - user can be found in conf/seafile.conf).
                • SEAFILE_MYSQL_DB_PASSWORD: The user seafile password of MySQL.
                "},{"location":"config/env/#seafile-server-configurations","title":"Seafile-server configurations","text":"
                • SEAFILE_MYSQL_DB_PASSWORD: The user seafile password of MySQL
                • JWT: JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters, generate example: pwgen -s 40 1
                • SEAFILE_SERVER_HOSTNAME: Seafile server hostname or domain
                • SEAFILE_SERVER_PROTOCOL: Seafile server protocol (http or https)
                • TIME_ZONE: Time zone (default UTC)
                • INIT_SEAFILE_ADMIN_EMAIL: Admin username
                • INIT_SEAFILE_ADMIN_PASSWORD: Admin password
                "},{"location":"config/env/#seadoc-configurations-only-valid-after-integrating-seadoc","title":"SeaDoc configurations (only valid after integrating SeaDoc)","text":"
                • ENABLE_SEADOC: Enable the SeaDoc server or not, default is false.
                • SEADOC_SERVER_URL: Only valid in ENABLE_SEADOC=true. Url of Seadoc server (e.g., http://example.seafile.com/sdoc-server).
                "},{"location":"config/ldap_in_11.0_ce/","title":"Configure Seafile to use LDAP","text":"

                This documentation is for the Community Edition. If you're using Pro Edition, please refer to the Seafile Pro documentation

                "},{"location":"config/ldap_in_11.0_ce/#how-does-ldap-user-management-work-in-seafile","title":"How does LDAP User Management work in Seafile","text":"

                When Seafile is integrated with LDAP, users in the system can be divided into two tiers:

                • Users within Seafile's internal user database. Some attributes are attached to these users, such as whether it's a system admin user, whether it's activated.

                • Users in LDAP server. These are all the intended users of Seafile inside the LDAP server. Seafile doesn't manipulate these users directly. It has to import them into its internal database before setting attributes on them.

                When Seafile counts the number of users in the system, it only counts the activated users in its internal database.

                "},{"location":"config/ldap_in_11.0_ce/#basic-ldap-integration","title":"Basic LDAP Integration","text":"

                The only requirement for Seafile to use LDAP for authentication is that there must be a unique identifier for each user in the LDAP server. This id should also be user-friendly as the users will use it as username when login. Below are some usual options for this unique identifier:

                • Email address: this is the most common choice. Most organizations assign unique email address for each member.
                • UserPrincipalName: this is a user attribute only available in Active Directory. It's format is user-login-name@domain-name, e.g. john@example.com. It's not a real email address, but it works fine as the unique identifier.

                The identifier is stored in table social_auth_usersocialauth to map the identifier to internal user ID in Seafile. When this ID is changed in LDAP for a user, you only need to update social_auth_usersocialauth table

                "},{"location":"config/ldap_in_11.0_ce/#basic-configuration-items","title":"Basic configuration items","text":"

                Add the following options to seahub_settings.py. Examples are as follows:

                ENABLE_LDAP = True\nLDAP_SERVER_URL = 'ldap://192.168.0.1'       \nLDAP_BASE_DN = 'ou=test,dc=seafile,dc=ren'                     \nLDAP_ADMIN_DN = 'administrator@example.com'  \nLDAP_ADMIN_PASSWORD = 'yourpassword'         \nLDAP_PROVIDER = 'ldap'                                     \nLDAP_LOGIN_ATTR = 'email'                                                            \nLDAP_CONTACT_EMAIL_ATTR = ''                \nLDAP_USER_ROLE_ATTR = ''                     \nLDAP_USER_FIRST_NAME_ATTR = 'givenName'     \nLDAP_USER_LAST_NAME_ATTR = 'sn'              \nLDAP_USER_NAME_REVERSE = False               \nLDAP_FILTER = 'memberOf=CN=testgroup,OU=test,DC=seafile,DC=ren' \n

                Meaning of some options:

                variable description LDAP_SERVER_URL The URL of LDAP server LDAP_BASE_DN The root node of users who can log in to Seafile in the LDAP server LDAP_ADMIN_DN DN of the administrator used to query the LDAP server for information. For OpenLDAP, it may be cn=admin,dc=example,dc=com LDAP_ADMIN_PASSWORD Password of LDAP_ADMIN_DN LDAP_PROVIDER Identify the source of the user, used in the table social_auth_usersocialauth, defaults to 'ldap' LDAP_LOGIN_ATTR User's attribute used to log in to Seafile. It should be a unique identifier for the user in LDAP server. Learn more about this id from the descriptions at the beginning of this section. LDAP_CONTACT_EMAIL_ATTR LDAP user's contact_email attribute LDAP_USER_ROLE_ATTR LDAP user's role attribute LDAP_USER_FIRST_NAME_ATTR Attribute for user's first name. It's \"givenName\" by default. LDAP_USER_LAST_NAME_ATTR Attribute for user's last name. It's \"sn\" by default. LDAP_USER_NAME_REVERSE In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it. LDAP_FILTER Additional filter conditions. Users who meet the filter conditions can log in, otherwise they cannot log in.

                Tips for choosing LDAP_BASE_DN and LDAP_ADMIN_DN:

                • To determine the LDAP_BASE_DN, you first have to navigate your organization hierachy on the domain controller GUI.

                  • If you want to allow all users to use Seafile, you can use cn=users,dc=yourdomain,dc=com as LDAP_BASE_DN (with proper adjustment for your own needs).

                  • If you want to limit users to a certain OU (Organization Unit), you run dsquery command on the domain controller to find out the DN for this OU. For example, if the OU is staffs, you can run dsquery ou -name staff. More information can be found here.

                • AD supports user@domain.name format for the LDAP_ADMIN_DN option. For example you can use administrator@example.com for LDAP_ADMIN_DN. Sometime the domain controller doesn't recognize this format. You can still use dsquery command to find out user's DN. For example, if the user name is 'seafileuser', run dsquery user -name seafileuser. More information here.

                "},{"location":"config/ldap_in_11.0_ce/#advanced-ldap-integration-options","title":"Advanced LDAP Integration Options","text":""},{"location":"config/ldap_in_11.0_ce/#multiple-base","title":"Multiple BASE","text":"

                Multiple base DN is useful when your company has more than one OUs to use Seafile. You can specify a list of base DN in the LDAP_BASE_DN option. The DNs are separated by \";\", e.g.

                LDAP_BASE_DN = 'ou=developers,dc=example,dc=com;ou=marketing,dc=example,dc=com'\n
                "},{"location":"config/ldap_in_11.0_ce/#additional-search-filter","title":"Additional Search Filter","text":"

                Search filter is very useful when you have a large organization but only a portion of people want to use Seafile. The filter can be given by setting LDAP_FILTER option. The value of this option follows standard LDAP search filter syntax (https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx).

                The final filter used for searching for users is (&($LOGIN_ATTR=*)($LDAP_FILTER)). $LOGIN_ATTR and $LDAP_FILTER will be replaced by your option values.

                For example, add below option to seahub_settings.py:

                LDAP_FILTER = 'memberOf=CN=group,CN=developers,DC=example,DC=com'\n

                The final search filter would be (&(mail=*)(memberOf=CN=group,CN=developers,DC=example,DC=com))

                Note that the case of attribute names in the above example is significant. The memberOf attribute is only available in Active Directory.

                "},{"location":"config/ldap_in_11.0_ce/#limiting-seafile-users-to-a-group-in-active-directory","title":"Limiting Seafile Users to a Group in Active Directory","text":"

                You can use the LDAP_FILTER option to limit user scope to a certain AD group.

                1. First, you should find out the DN for the group. Again, we'll use the dsquery command on the domain controller. For example, if group name is 'seafilegroup', run dsquery group -name seafilegroup.

                2. Add below option to seahub_settings.py:

                LDAP_FILTER = 'memberOf={output of dsquery command}'\n
                "},{"location":"config/ldap_in_11.0_ce/#using-tls-connection-to-ldap-server","title":"Using TLS connection to LDAP server","text":"

                If your LDAP service supports TLS connections, you can configure LDAP_SERVER_URL as the access address of the ldaps protocol to use TLS to connect to the LDAP service, for example:

                LDAP_SERVER_URL = 'ldaps://192.168.0.1:636/'\n
                "},{"location":"config/ldap_in_11.0_pro/","title":"Configure Seafile Pro Edition to use LDAP","text":""},{"location":"config/ldap_in_11.0_pro/#how-does-ldap-user-management-work-in-seafile","title":"How does LDAP User Management work in Seafile","text":"

                When Seafile is integrated with LDAP, users in the system can be divided into two tiers:

                • Users within Seafile's internal user database. Some attributes are attached to these users, such as whether it's a system admin user, whether it's activated.

                • Users in LDAP server. These are all the intended users of Seafile inside the LDAP server. Seafile doesn't manipulate these users directly. It has to import them into its internal database before setting attributes on them.

                When Seafile counts the number of users in the system, it only counts the activated users in its internal database.

                "},{"location":"config/ldap_in_11.0_pro/#basic-ldap-integration","title":"Basic LDAP Integration","text":"

                The only requirement for Seafile to use LDAP for authentication is that there must be a unique identifier for each user in the LDAP server. This id should also be user-friendly as the users will use it as username when login. Below are some usual options for this unique identifier:

                • Email address: this is the most common choice. Most organizations assign unique email address for each member.
                • UserPrincipalName: this is a user attribute only available in Active Directory. It's format is user-login-name@domain-name, e.g. john@example.com. It's not a real email address, but it works fine as the unique identifier.

                The identifier is stored in table social_auth_usersocialauth to map the identifier to internal user ID in Seafile. When this ID is changed in LDAP for a user, you only need to update social_auth_usersocialauth table

                "},{"location":"config/ldap_in_11.0_pro/#integration-configuration","title":"Integration Configuration","text":"

                Add the following options to seahub_settings.py. Examples are as follows:

                ENABLE_LDAP = True\nLDAP_SERVER_URL = 'ldap://192.168.0.1'       \nLDAP_BASE_DN = 'ou=test,dc=seafile,dc=ren'                     \nLDAP_ADMIN_DN = 'administrator@example.com'  \nLDAP_ADMIN_PASSWORD = 'yourpassword'         \nLDAP_PROVIDER = 'ldap'                                     \nLDAP_LOGIN_ATTR = 'email'                                                            \nLDAP_CONTACT_EMAIL_ATTR = ''                \nLDAP_USER_ROLE_ATTR = ''                     \nLDAP_USER_FIRST_NAME_ATTR = 'givenName'     \nLDAP_USER_LAST_NAME_ATTR = 'sn'              \nLDAP_USER_NAME_REVERSE = False               \nLDAP_FILTER = 'memberOf=CN=testgroup,OU=test,DC=seafile,DC=ren' \n

                Meaning of some options:

                variable description LDAP_SERVER_URL The URL of LDAP server LDAP_BASE_DN The root node of users who can log in to Seafile in the LDAP server LDAP_ADMIN_DN DN of the administrator used to query the LDAP server for information. For OpenLDAP, it may be cn=admin,dc=example,dc=com LDAP_ADMIN_PASSWORD Password of LDAP_ADMIN_DN LDAP_PROVIDER Identify the source of the user, used in the table social_auth_usersocialauth, defaults to 'ldap' LDAP_LOGIN_ATTR User's attribute used to log in to Seafile. It should be a unique identifier for the user in LDAP server. Learn more about this id from the descriptions at the beginning of this section. LDAP_CONTACT_EMAIL_ATTR LDAP user's contact_email attribute LDAP_USER_ROLE_ATTR LDAP user's role attribute LDAP_USER_FIRST_NAME_ATTR Attribute for user's first name. It's \"givenName\" by default. LDAP_USER_LAST_NAME_ATTR Attribute for user's last name. It's \"sn\" by default. LDAP_USER_NAME_REVERSE In some languages, such as Chinese, the display order of the first and last name is reversed. Set this option if you need it. LDAP_FILTER Additional filter conditions. Users who meet the filter conditions can log in, otherwise they cannot log in.

                Tips for choosing LDAP_BASE_DN and LDAP_ADMIN_DN:

                • To determine the LDAP_BASE_DN, you first have to navigate your organization hierachy on the domain controller GUI.

                  • If you want to allow all users to use Seafile, you can use cn=users,dc=yourdomain,dc=com as LDAP_BASE_DN (with proper adjustment for your own needs).

                  • If you want to limit users to a certain OU (Organization Unit), you run dsquery command on the domain controller to find out the DN for this OU. For example, if the OU is staffs, you can run dsquery ou -name staff. More information can be found here.

                • AD supports user@domain.name format for the LDAP_ADMIN_DN option. For example you can use administrator@example.com for LDAP_ADMIN_DN. Sometime the domain controller doesn't recognize this format. You can still use dsquery command to find out user's DN. For example, if the user name is 'seafileuser', run dsquery user -name seafileuser. More information here.

                "},{"location":"config/ldap_in_11.0_pro/#setting-up-ldap-user-sync-optional","title":"Setting Up LDAP User Sync (optional)","text":"

                In Seafile Pro, except for importing users into internal database when they log in, you can also configure Seafile to periodically sync user information from LDAP server into the internal database.

                User's full name, department and contact email address can be synced to internal database. Users can use this information to more easily search for a specific user. User's Windows or Unix login id can be synced to the internal database. This allows the user to log in with its familiar login id. When a user is removed from LDAP, the corresponding user in Seafile will be deactivated. Otherwise, he could still sync files with Seafile client or access the web interface. After synchronization is complete, you can see the user's full name, department and contact email on its profile page.

                "},{"location":"config/ldap_in_11.0_pro/#sync-configuration-items","title":"Sync configuration items","text":"

                Add the following options to seahub_settings.py. Examples are as follows:

                # Basic configuration items\nENABLE_LDAP = True\n......\n\n# ldap user sync options.\nLDAP_SYNC_INTERVAL = 60                  \nENABLE_LDAP_USER_SYNC = True             \nLDAP_USER_OBJECT_CLASS = 'person'\nLDAP_DEPT_ATTR = ''                      \nLDAP_UID_ATTR = ''                               \nLDAP_AUTO_REACTIVATE_USERS = True        \nLDAP_USE_PAGED_RESULT = False           \nIMPORT_NEW_USER = True                   \nACTIVATE_USER_WHEN_IMPORT = True         \nDEACTIVE_USER_IF_NOTFOUND = False        \nENABLE_EXTRA_USER_INFO_SYNC = True       \n

                Meaning of some options:

                Variable Description LDAP_SYNC_INTERVAL The interval to sync. Unit is minutes. Defaults to 60 minutes. ENABLE_LDAP_USER_SYNC set to \"true\" if you want to enable ldap user synchronization LDAP_USER_OBJECT_CLASS This is the name of the class used to search for user objects. In Active Directory, it's usually \"person\". The default value is \"person\". LDAP_DEPT_ATTR Attribute for department info. LDAP_UID_ATTR Attribute for Windows login name. If this is synchronized, users can also log in with their Windows login name. In AD, the attribute sAMAccountName can be used as UID_ATTR. The attribute will be stored as login_id in Seafile (in seahub_db.profile_profile table). LDAP_AUTO_REACTIVATE_USERS Whether to auto activate deactivated user, default by 'true' LDAP_USE_PAGED_RESULT Whether to use pagination extension. It is useful when you have more than 1000 users in LDAP server. IMPORT_NEW_USER Whether to import new users when sync user. ACTIVE_USER_WHEN_IMPORT Whether to activate the user automatically when imported. DEACTIVE_USER_IF_NOTFOUND set to \"true\" if you want to deactivate a user when he/she was deleted in AD server. ENABLE_EXTRA_USER_INFO_SYNC Enable synchronization of additional user information, including user's full name, department, and Windows login name, etc."},{"location":"config/ldap_in_11.0_pro/#importing-users-without-activating-them","title":"Importing Users without Activating Them","text":"

                The users imported with the above configuration will be activated by default. For some organizations with large number of users, they may want to import user information (such as user full name) without activating the imported users. Activating all imported users will require licenses for all users in LDAP, which may not be affordable.

                Seafile provides a combination of options for such use case. You can modify below option in seahub_settings.py:

                ACTIVATE_USER_WHEN_IMPORT = False\n

                This prevents Seafile from activating imported users. Then, add below option to seahub_settings.py:

                ACTIVATE_AFTER_FIRST_LOGIN = True\n

                This option will automatically activate users when they login to Seafile for the first time.

                "},{"location":"config/ldap_in_11.0_pro/#reactivating-users","title":"Reactivating Users","text":"

                When you set the DEACTIVE_USER_IF_NOTFOUND option, a user will be deactivated when he/she is not found in LDAP server. By default, even after this user reappears in the LDAP server, it won't be reactivated automatically. This is to prevent auto reactivating a user that was manually deactivated by the system admin.

                However, sometimes it's desirable to auto reactivate such users. You can modify below option in seahub_settings.py:

                LDAP_AUTO_REACTIVATE_USERS = True\n
                "},{"location":"config/ldap_in_11.0_pro/#manually-trigger-synchronization","title":"Manually Trigger Synchronization","text":"

                To test your LDAP sync configuration, you can run the sync command manually.

                To trigger LDAP sync manually:

                cd seafile-server-latest\n./pro/pro.py ldapsync\n

                For Seafile Docker

                docker exec -it seafile /opt/seafile/seafile-server-latest/pro/pro.py ldapsync\n
                "},{"location":"config/ldap_in_11.0_pro/#setting-up-ldap-group-sync-optional","title":"Setting Up LDAP Group Sync (optional)","text":""},{"location":"config/ldap_in_11.0_pro/#how-it-works","title":"How It Works","text":"

                The importing or syncing process maps groups from LDAP directory server to groups in Seafile's internal database. This process is one-way.

                • Any changes to groups in the database won't propagate back to LDAP;

                • Any changes to groups in the database, except for \"setting a member as group admin\", will be overwritten in the next LDAP sync operation. If you want to add or delete members, you can only do that on LDAP server.

                • The creator of imported groups will be set to the system admin.

                There are two modes of operation:

                • Periodical: the syncing process will be executed in a fixed interval

                • Manual: there is a script you can run to trigger the syncing once

                "},{"location":"config/ldap_in_11.0_pro/#configuration","title":"Configuration","text":"

                Before enabling LDAP group sync, you should have configured LDAP authentication. See Basic LDAP Integration for details.

                The following are LDAP group sync related options:

                # ldap group sync options.\nENABLE_LDAP_GROUP_SYNC = True            # Whether to enable group sync\nLDAP_GROUP_OBJECT_CLASS = 'group'        # This is the name of the class used to search for group objects.\nLDAP_GROUP_MEMBER_ATTR = 'member'        # The attribute field to use when loading the group's members. \n                                         # For most directory servers, the attributes is \"member\" \n                                         # which is the default value.For \"posixGroup\", it should be set to \"memberUid\".\nLDAP_USER_ATTR_IN_MEMBERUID = 'uid'      # The user attribute set in 'memberUid' option, \n                                         # which is used in \"posixGroup\".The default value is \"uid\".\nLDAP_GROUP_UUID_ATTR = 'objectGUID'      # Used to uniquely identify groups in LDAP\nLDAP_GROUP_FILTER = ''                   # An additional filter to use when searching group objects.\n                                         # If it's set, the final filter used to run search is \"(&(objectClass=GROUP_OBJECT_CLASS)(GROUP_FILTER))\";\n                                         # otherwise the final filter would be \"(objectClass=GROUP_OBJECT_CLASS)\".\nLDAP_USE_GROUP_MEMBER_RANGE_QUERY = False   # When a group contains too many members, \n                                         # AD will only return part of them. Set this option to TRUE\n                                         # to make LDAP sync work with large groups.\nDEL_GROUP_IF_NOT_FOUND = False           # Set to \"true\", sync process will delete the group if not found it in LDAP server.\nLDAP_SYNC_GROUP_AS_DEPARTMENT = False    # Whether to sync groups as top-level departments in Seafile.\n                                         # Learn more about departments in Seafile [here](https://help.seafile.com/sharing_collaboration/departments/).\nLDAP_DEPT_NAME_ATTR = ''                 # Used to get the department name.\n

                Meaning of some options:

                variable description ENABLE_LDAP_GROUP_SYNC Whether to enable group sync. LDAP_GROUP_OBJECT_CLASS This is the name of the class used to search for group objects. LDAP_GROUP_MEMBER_ATTR The attribute field to use when loading the group's members. For most directory servers, the attribute is \"member\" which is the default value. For \"posixGroup\", it should be set to \"memberUid\". LDAP_USER_ATTR_IN_MEMBERUID The user attribute set in 'memberUid' option, which is used in \"posixGroup\". The default value is \"uid\". LDAP_GROUP_UUID_ATTR Used to uniquely identify groups in LDAP. LDAP_GROUP_FILTER An additional filter to use when searching group objects. If it's set, the final filter used to run search is (&(objectClass=GROUP_OBJECT_CLASS)(GROUP_FILTER)); otherwise the final filter would be (objectClass=GROUP_OBJECT_CLASS). LDAP_USER_GROUP_MEMBER_RANGE_QUERY When a group contains too many members, AD will only return part of them. Set this option to TRUE to make LDAP sync work with large groups. DEL_GROUP_IF_NOT_FOUND Set to \"true\", sync process will delete the group if not found in the LDAP server. LDAP_SYNC_GROUP_AS_DEPARTMENT Whether to sync groups as top-level departments in Seafile. Learn more about departments in Seafile here. LDAP_DEPT_NAME_ATTR Used to get the department name.

                Tip

                • The search base for groups is the option LDAP_BASE_DN.

                • Some LDAP server, such as Active Directory, allows a group to be a member of another group. This is called \"group nesting\". If we find a nested group B in group A, we should recursively add all the members from group B into group A. And group B should still be imported a separate group. That is, all members of group B are also members in group A.

                • In some LDAP server, such as OpenLDAP, it's common practice to use Posix groups to store group membership. To import Posix groups as Seafile groups, set LDAP_GROUP_OBJECT_CLASS option to posixGroup. A posixGroup object in LDAP usually contains a multi-value attribute for the list of member UIDs. The name of this attribute can be set with the LDAP_GROUP_MEMBER_ATTR option. It's MemberUid by default. The value of the MemberUid attribute is an ID that can be used to identify a user, which corresponds to an attribute in the user object. The name of this ID attribute is usually uid, but can be set via the LDAP_USER_ATTR_IN_MEMBERUID option. Note that posixGroup doesn't support nested groups.

                "},{"location":"config/ldap_in_11.0_pro/#sync-ou-as-departments","title":"Sync OU as Departments","text":"

                A department in Seafile is a special group. In addition to what you can do with a group, there are two key new features for departments:

                • Department supports hierarchy. A department can have any levels of sub-departments.

                • Department can have storage quota.

                Seafile supports syncing OU (Organizational Units) from AD/LDAP to departments. The sync process keeps the hierarchical structure of the OUs.

                Options for syncing departments from OU:

                LDAP_SYNC_DEPARTMENT_FROM_OU = True      # Whether to enable sync departments from OU.\nLDAP_DEPT_NAME_ATTR = 'description'      # Used to get the department name.\nLDAP_CREATE_DEPARTMENT_LIBRARY = False   # If you decide to sync the group as a department,\n                                         # you can set this option to \"true\". In this way, when \n                                         # the group is synchronized for the first time, a library\n                                         # is automatically created for the department, and the \n                                         # library's name is the department's name.\nLDAP_DEPT_REPO_PERM = 'rw'               # Set the permissions of the department repo, default permission is 'rw'.\nLDAP_DEFAULT_DEPARTMENT_QUOTA = -2       # You can set a default space quota for each department\n                                         # when you synchronize a group for the first time. The \n                                         # quota is set to unlimited if this option is not set.\n                                         # Unit is MB.\nDEL_DEPARTMENT_IF_NOT_FOUND = False      # Set to \"true\", sync process will deleted the department if not found it in LDAP server.\n
                "},{"location":"config/ldap_in_11.0_pro/#periodical-and-manual-sync","title":"Periodical and Manual Sync","text":"

                Periodical sync won't happen immediately after you restart seafile server. It gets scheduled after the first sync interval. For example if you set sync interval to 30 minutes, the first auto sync will happen after 30 minutes you restarts. To sync immediately, you need to manually trigger it.

                After the sync is run, you should see log messages like the following in logs/seafevents.log. And you should be able to see the groups in system admin page.

                [2023-03-30 18:15:05,109] [DEBUG] create group 1, and add dn pair CN=DnsUpdateProxy,CN=Users,DC=Seafile,DC=local<->1 success.\n[2023-03-30 18:15:05,145] [DEBUG] create group 2, and add dn pair CN=Domain Computers,CN=Users,DC=Seafile,DC=local<->2 success.\n[2023-03-30 18:15:05,154] [DEBUG] create group 3, and add dn pair CN=Domain Users,CN=Users,DC=Seafile,DC=local<->3 success.\n[2023-03-30 18:15:05,164] [DEBUG] create group 4, and add dn pair CN=Domain Admins,CN=Users,DC=Seafile,DC=local<->4 success.\n[2023-03-30 18:15:05,176] [DEBUG] create group 5, and add dn pair CN=RAS and IAS Servers,CN=Users,DC=Seafile,DC=local<->5 success.\n[2023-03-30 18:15:05,186] [DEBUG] create group 6, and add dn pair CN=Enterprise Admins,CN=Users,DC=Seafile,DC=local<->6 success.\n[2023-03-30 18:15:05,197] [DEBUG] create group 7, and add dn pair CN=dev,CN=Users,DC=Seafile,DC=local<->7 success.\n

                To trigger LDAP sync manually,

                cd seafile-server-latest\n./pro/pro.py ldapsync\n

                For Seafile Docker

                docker exec -it seafile /opt/seafile/seafile-server-latest/pro/pro.py ldapsync\n
                "},{"location":"config/ldap_in_11.0_pro/#advanced-ldap-integration-options","title":"Advanced LDAP Integration Options","text":""},{"location":"config/ldap_in_11.0_pro/#multiple-base","title":"Multiple BASE","text":"

                Multiple base DN is useful when your company has more than one OUs to use Seafile. You can specify a list of base DN in the LDAP_BASE_DN option. The DNs are separated by \";\", e.g.

                LDAP_BASE_DN = 'ou=developers,dc=example,dc=com;ou=marketing,dc=example,dc=com'\n
                "},{"location":"config/ldap_in_11.0_pro/#additional-search-filter","title":"Additional Search Filter","text":"

                Search filter is very useful when you have a large organization but only a portion of people want to use Seafile. The filter can be given by setting LDAP_FILTER option. The value of this option follows standard LDAP search filter syntax (https://msdn.microsoft.com/en-us/library/aa746475(v=vs.85).aspx).

                The final filter used for searching for users is (&($LOGIN_ATTR=*)($LDAP_FILTER)). $LOGIN_ATTR and $LDAP_FILTER will be replaced by your option values.

                For example, add below option to seahub_settings.py:

                LDAP_FILTER = 'memberOf=CN=group,CN=developers,DC=example,DC=com'\n

                The final search filter would be (&(mail=*)(memberOf=CN=group,CN=developers,DC=example,DC=com))

                The case of attribute names in the above example is significant. The memberOf attribute is only available in Active Directory

                "},{"location":"config/ldap_in_11.0_pro/#limiting-seafile-users-to-a-group-in-active-directory","title":"Limiting Seafile Users to a Group in Active Directory","text":"

                You can use the LDAP_FILTER option to limit user scope to a certain AD group.

                1. First, you should find out the DN for the group. Again, we'll use the dsquery command on the domain controller. For example, if group name is 'seafilegroup', run dsquery group -name seafilegroup.

                2. Add below option to seahub_settings.py:

                LDAP_FILTER = 'memberOf={output of dsquery command}'\n
                "},{"location":"config/ldap_in_11.0_pro/#using-tls-connection-to-ldap-server","title":"Using TLS connection to LDAP server","text":"

                If your LDAP service supports TLS connections, you can configure LDAP_SERVER_URL as the access address of the ldaps protocol to use TLS to connect to the LDAP service, for example:

                LDAP_SERVER_URL = 'ldaps://192.168.0.1:636/'\n
                "},{"location":"config/ldap_in_11.0_pro/#use-paged-results-extension","title":"Use paged results extension","text":"

                LDAP protocol version 3 supports \"paged results\" (PR) extension. When you have large number of users, this option can greatly improve the performance of listing users. Most directory server nowadays support this extension.

                In Seafile Pro Edition, add this option to seahub_settings.py to enable PR:

                LDAP_USE_PAGED_RESULT = True\n
                "},{"location":"config/ldap_in_11.0_pro/#follow-referrals","title":"Follow referrals","text":"

                Seafile Pro Edition supports auto following referrals in LDAP search. This is useful for partitioned LDAP or AD servers, where users may be spreaded on multiple directory servers. For more information about referrals, you can refer to this article.

                To configure, add below option to seahub_settings.py, e.g.:

                LDAP_FOLLOW_REFERRALS = True\n
                "},{"location":"config/ldap_in_11.0_pro/#configure-multi-ldap-servers","title":"Configure Multi-ldap Servers","text":"

                Seafile Pro Edition supports multi-ldap servers, you can configure two ldap servers to work with seafile. Multi-ldap servers mean that, when get or search ldap user, it will iterate all configured ldap servers until a match is found; When listing all ldap users, it will iterate all ldap servers to get all users; For Ldap sync it will sync all user/group info in all configured ldap servers to seafile.

                Currently, only two LDAP servers are supported.

                If you want to use multi-ldap servers, please replace LDAP in the options with MULTI_LDAP_1, and then add them to seahub_settings.py, for example:

                # Basic config options\nENABLE_LDAP = True\n......\n\n# Multi ldap config options\nENABLE_MULTI_LDAP_1 = True\nMULTI_LDAP_1_SERVER_URL = 'ldap://192.168.0.2'\nMULTI_LDAP_1_BASE_DN = 'ou=test,dc=seafile,dc=top'\nMULTI_LDAP_1_ADMIN_DN = 'administrator@example.top'\nMULTI_LDAP_1_ADMIN_PASSWORD = 'Hello@123'\nMULTI_LDAP_1_PROVIDER = 'ldap1'\nMULTI_LDAP_1_LOGIN_ATTR = 'userPrincipalName'\n\n# Optional configs\nMULTI_LDAP_1_USER_FIRST_NAME_ATTR = 'givenName'\nMULTI_LDAP_1_USER_LAST_NAME_ATTR = 'sn'\nMULTI_LDAP_1_USER_NAME_REVERSE = False\nENABLE_MULTI_LDAP_1_EXTRA_USER_INFO_SYNC = True\n\nMULTI_LDAP_1_FILTER = 'memberOf=CN=testgroup,OU=test,DC=seafile,DC=ren' \nMULTI_LDAP_1_USE_PAGED_RESULT = False\nMULTI_LDAP_1_FOLLOW_REFERRALS = True\nENABLE_MULTI_LDAP_1_USER_SYNC = True\nENABLE_MULTI_LDAP_1_GROUP_SYNC = True\nMULTI_LDAP_1_SYNC_DEPARTMENT_FROM_OU = True\n\nMULTI_LDAP_1_USER_OBJECT_CLASS = 'person'\nMULTI_LDAP_1_DEPT_ATTR = ''\nMULTI_LDAP_1_UID_ATTR = ''\nMULTI_LDAP_1_CONTACT_EMAIL_ATTR = ''\nMULTI_LDAP_1_USER_ROLE_ATTR = ''\nMULTI_LDAP_1_AUTO_REACTIVATE_USERS = True\n\nMULTI_LDAP_1_GROUP_OBJECT_CLASS = 'group'\nMULTI_LDAP_1_GROUP_FILTER = ''\nMULTI_LDAP_1_GROUP_MEMBER_ATTR = 'member'\nMULTI_LDAP_1_GROUP_UUID_ATTR = 'objectGUID'\nMULTI_LDAP_1_CREATE_DEPARTMENT_LIBRARY = False\nMULTI_LDAP_1_DEPT_REPO_PERM = 'rw'\nMULTI_LDAP_1_DEFAULT_DEPARTMENT_QUOTA = -2\nMULTI_LDAP_1_SYNC_GROUP_AS_DEPARTMENT = False\nMULTI_LDAP_1_USE_GROUP_MEMBER_RANGE_QUERY = False\nMULTI_LDAP_1_USER_ATTR_IN_MEMBERUID = 'uid'\nMULTI_LDAP_1_DEPT_NAME_ATTR = ''\n......\n

                !!! note: There are still some shared config options are used for all LDAP servers, as follows:

                ```python\n# Common user sync options\nLDAP_SYNC_INTERVAL = 60\nIMPORT_NEW_USER = True                   # Whether to import new users when sync user\nACTIVATE_USER_WHEN_IMPORT = True         # Whether to activate the user when importing new user\nDEACTIVE_USER_IF_NOTFOUND = False        # Set to \"true\" if you want to deactivate a user \n                                        # when he/she was deleted in AD server.\n\n# Common group sync options\nDEL_GROUP_IF_NOT_FOUND = False           # Set to \"true\", sync process will delete the group if not found it in LDAP server.\nDEL_DEPARTMENT_IF_NOT_FOUND = False      # Set to \"true\", sync process will deleted the department if not found it in LDAP server.\n```\n
                "},{"location":"config/ldap_in_11.0_pro/#sso-and-ldap-users-use-the-same-uid","title":"SSO and LDAP users use the same uid","text":"

                If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set

                SSO_LDAP_USE_SAME_UID = True\n

                Here the UID means the unique user ID, in LDAP it is the attribute you use for LDAP_LOGIN_ATTR (not LDAP_UID_ATTR), in ADFS it is uid attribute. You need make sure you use the same attribute for the two settings

                "},{"location":"config/ldap_in_11.0_pro/#importing-roles-from-ldap","title":"Importing Roles from LDAP","text":"

                Seafile Pro Edition supports syncing roles from LDAP or Active Directory.

                To enable this feature, add below option to seahub_settings.py, e.g.

                LDAP_USER_ROLE_ATTR = 'title'\n

                LDAP_USER_ROLE_ATTR is the attribute field to configure roles in LDAP. You can write a custom function to map the role by creating a file seahub_custom_functions.py under conf/ and edit it like:

                # -*- coding: utf-8 -*-\n\n# The AD roles attribute returns a list of roles (role_list).\n# The following function use the first entry in the list.\ndef ldap_role_mapping(role):\n    if 'staff' in role:\n        return 'Staff'\n    if 'guest' in role:\n        return 'Guest'\n    if 'manager' in role:\n        return 'Manager'\n\n# From version 11.0.11-pro, you can define the following function\n# to calculate a role from the role_list.\ndef ldap_role_list_mapping(role_list):\n    if not role_list:\n        return ''\n    for role in role_list:\n        if 'staff' in role:\n            return 'Staff'\n        if 'guest' in role:\n            return 'Guest'\n        if 'manager' in role:\n            return 'Manager'\n

                You should only define one of the two functions

                You can rewrite the function (in python) to make your own mapping rules. If the file or function doesn't exist, the first entry in role_list will be synced.

                "},{"location":"config/multi_institutions/","title":"Multiple Organization/Institution User Management","text":"

                Starting from version 5.1, you can add institutions into Seafile and assign users into institutions. Each institution can have one or more administrators. This feature is to ease user administration when multiple organizations (universities) share a single Seafile instance. Unlike multi-tenancy, the users are not-isolated. A user from one institution can share files with another institution.

                "},{"location":"config/multi_institutions/#turn-on-the-feature","title":"Turn on the feature","text":"

                In seahub_settings.py, add MULTI_INSTITUTION = True to enable multi-institution feature. And add

                Seafile 7.1.22 or olderSeafile 8.0.0 or newer 
                EXTRA_MIDDLEWARE_CLASSES += (\n    'seahub.institutions.middleware.InstitutionMiddleware',\n)\n
                EXTRA_MIDDLEWARE += (\n    'seahub.institutions.middleware.InstitutionMiddleware',\n)\n

                Please replease += to = if EXTRA_MIDDLEWARE_CLASSES or EXTRA_MIDDLEWARE is not defined

                "},{"location":"config/multi_institutions/#add-institutions-and-institution-admins","title":"Add institutions and institution admins","text":"

                After restarting Seafile, a system admin can add institutions by adding institution name in admin panel. He can also click into an institution, which will list all users whose profile.institution match the name.

                "},{"location":"config/multi_institutions/#assign-users-to-institutions","title":"Assign users to institutions","text":"

                If you are using Shibboleth, you can map a Shibboleth attribute into institution. For example, the following configuration maps organization attribute to institution.

                SHIBBOLETH_ATTRIBUTE_MAP = {\n    \"givenname\": (False, \"givenname\"),\n    \"sn\": (False, \"surname\"),\n    \"mail\": (False, \"contact_email\"),\n    \"organization\": (False, \"institution\"),\n}\n
                "},{"location":"config/multi_tenancy/","title":"Multi-Tenancy Support","text":"

                Multi-tenancy feature is designed for hosting providers that what to host several customers in a single Seafile instance. You can create multi-organizations. Organizations is separated from each other. Users can't share libraries between organizations.

                "},{"location":"config/multi_tenancy/#seafile-config","title":"Seafile Config","text":""},{"location":"config/multi_tenancy/#seafileconf","title":"seafile.conf","text":"
                [general]\nmulti_tenancy = true\n
                "},{"location":"config/multi_tenancy/#seahub_settingspy","title":"seahub_settings.py","text":"
                CLOUD_MODE = True\nMULTI_TENANCY = True\n\nORG_MEMBER_QUOTA_ENABLED = True\n\nORG_ENABLE_ADMIN_CUSTOM_NAME = True  # Default is True, meaning organization name can be customized\nORG_ENABLE_ADMIN_CUSTOM_LOGO = False  # Default is False, if set to True, organization logo can be customized\n\nENABLE_MULTI_ADFS = True  # Default is False, if set to True, support per organization custom ADFS/SAML2 login\nLOGIN_REDIRECT_URL = '/saml2/complete/'\nSAML_ATTRIBUTE_MAPPING = {\n    'name': ('display_name', ),\n    'mail': ('contact_email', ),\n    ...\n}\n
                "},{"location":"config/multi_tenancy/#usage","title":"Usage","text":"

                An organization can be created via system admin in \u201cadmin panel->organization->Add organization\u201d.

                Every organization has an URL prefix. This field is for future usage. When a user create an organization, an URL like org1 will be automatically assigned.

                After creating an organization, the first user will become the admin of that organization. The organization admin can add other users. Note, the system admin can't add users.

                "},{"location":"config/multi_tenancy/#adfssaml-single-sign-on-integration-in-multi-tenancy","title":"ADFS/SAML single sign-on integration in multi-tenancy","text":""},{"location":"config/multi_tenancy/#preparation-for-adfssaml","title":"Preparation for ADFS/SAML","text":"

                The system admin has to complete the following works.

                Fisrt, install xmlsec1 package:

                $ apt update\n$ apt install xmlsec1\n

                Second, prepare SP(Seafile) certificate directory and SP certificates:

                Create sp certs dir

                $ mkdir -p /opt/seafile/seahub-data/certs\n

                The SP certificate can be generated by the openssl command, or you can apply to the certificate manufacturer, it is up to you. For example, generate the SP certs using the following command:

                $ cd /opt/seafile/seahub-data/certs\n$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout sp.key -out sp.crt\n

                The days option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly

                Finally, add the following configuration to seahub_settings.py and then restart Seafile:

                ENABLE_MULTI_ADFS = True\nLOGIN_REDIRECT_URL = '/saml2/complete/'\nSAML_ATTRIBUTE_MAPPING = {\n    'name': ('display_name', ),\n    'mail': ('contact_email', ),\n    ...\n}\n

                Note

                • If the xmlsec1 binary is not located in /usr/bin/xmlsec1, you need to add the following configuration in seahub_settings.py:
                SAML_XMLSEC_BINARY_PATH = '/path/to/xmlsec1'\n

                View where the xmlsec1 binary is located:

                $ which xmlsec1\n
                - If certificates are not placed in /opt/seafile/seahub-data/certs, you need to add the following configuration in seahub_settings.py:

                SAML_CERTS_DIR = '/path/to/certs'\n
                "},{"location":"config/multi_tenancy/#integration-with-adfssaml-single-sign-on","title":"Integration with ADFS/SAML single sign-on","text":"

                Please refer to this document.

                "},{"location":"config/oauth/","title":"OAuth Authentication","text":""},{"location":"config/oauth/#oauth","title":"OAuth","text":"

                Since CE version 6.2.3, Seafile supports user login via OAuth.

                Before using OAuth, Seafile administrator should first register an OAuth2 client application on your authorization server, then add some configurations to seahub_settings.py.

                "},{"location":"config/oauth/#register-an-oauth2-client-application","title":"Register an OAuth2 client application","text":"

                Here we use Github as an example. First you should register an OAuth2 client application on Github, official document from Github is very detailed.

                "},{"location":"config/oauth/#configuration","title":"Configuration","text":"

                Add the folllowing configurations to seahub_settings.py:

                ENABLE_OAUTH = True\n\n# If create new user when he/she logs in Seafile for the first time, defalut `True`.\nOAUTH_CREATE_UNKNOWN_USER = True\n\n# If active new user when he/she logs in Seafile for the first time, defalut `True`.\nOAUTH_ACTIVATE_USER_AFTER_CREATION = True\n\n# Usually OAuth works through SSL layer. If your server is not parametrized to allow HTTPS, some method will raise an \"oauthlib.oauth2.rfc6749.errors.InsecureTransportError\". Set this to `True` to avoid this error.\nOAUTH_ENABLE_INSECURE_TRANSPORT = True\n\n# Client id/secret generated by authorization server when you register your client application.\nOAUTH_CLIENT_ID = \"your-client-id\"\nOAUTH_CLIENT_SECRET = \"your-client-secret\"\n\n# Callback url when user authentication succeeded. Note, the redirect url you input when you register your client application MUST be exactly the same as this value.\nOAUTH_REDIRECT_URL = 'http{s}://example.com/oauth/callback/'\n\n# The following should NOT be changed if you are using Github as OAuth provider.\nOAUTH_PROVIDER_DOMAIN = 'github.com' \nOAUTH_PROVIDER = 'github.com'\n\nOAUTH_AUTHORIZATION_URL = 'https://github.com/login/oauth/authorize'\nOAUTH_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nOAUTH_USER_INFO_URL = 'https://api.github.com/user'\nOAUTH_SCOPE = [\"user\",]\nOAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, \"email\"),  # Please keep the 'email' option unchanged to be compatible with the login of users of version 11.0 and earlier.\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),\n    \"uid\": (True, \"uid\"),   # Seafile v11.0 + \n}\n

                More explanations about the settings

                • OAUTH_PROVIDER / OAUTH_PROVIDER_DOMAIN

                OAUTH_PROVIDER_DOMAIN will be deprecated, and it can be replaced by OAUTH_PROVIDER. This variable is used in the database to identify third-party providers, either as a domain or as an easy-to-remember string less than 32 characters.

                • OAUTH_ATTRIBUTE_MAP

                This variables describes which claims from the response of the user info endpoint are to be filled into which attributes of the new Seafile user. The format is showing like below:

                OAUTH_ATTRIBUTE_MAP = {\n    <:Attribute in the OAuth provider>: (<:Is required or not in Seafile?>, <:Attribute in Seafile >)\n}\n

                If the remote resource server, like Github, uses email to identify an unique user too, Seafile will use Github id directorily, the OAUTH_ATTRIBUTE_MAP setting for Github should be like this:

                OAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, \"email\"), # it is deprecated\n    \"uid / id / username\": (True, \"uid\") \n\n    # extra infos you want to update to Seafile\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),  \n}\n

                The key part id stands for an unique identifier of user in Github, this tells Seafile which attribute remote resoure server uses to indentify its user. The value part True stands for if this field is mandatory by Seafile.

                Since 11.0 version, Seafile use uid as the external unique identifier of the user. It stores uid in table social_auth_usersocialauth and map it to internal unique identifier used in Seafile. Different OAuth systems have different attributes, which may be: id or uid or username, etc. And the id/email config id: (True, email) is deprecated.

                If you upgrade from a version below 11.0, you need to have both fields configured, i.e., you configuration should be like:

                OAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, \"email\"),\n    \"uid\": (True, \"uid\") ,\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),  \n}\n

                In this way, when a user login, Seafile will first use \"id -> email\" map to find the old user and then create \"uid -> uid\" map for this old user. After all users login once, you can delete the configuration \"id\": (True, \"email\").

                If you use a newly deployed 11.0 Seafile instance, you don't need the \"id\": (True, \"email\") item. Your configuration should be like:

                OAUTH_ATTRIBUTE_MAP = {\n    \"uid\": (True, \"uid\") ,\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),  \n}\n
                "},{"location":"config/oauth/#sample-settings","title":"Sample settings","text":"GoogleGithubGitLabAzure Cloud 
                ENABLE_OAUTH = True\nOAUTH_ENABLE_INSECURE_TRANSPORT = True\n\nOAUTH_CLIENT_ID = \"your-client-id\"\nOAUTH_CLIENT_SECRET = \"your-client-secret\"\nOAUTH_REDIRECT_URL = 'http{s}://example.com/oauth/callback/'\n\n# The following shoud NOT be changed if you are using Google as OAuth provider.\nOAUTH_PROVIDER_DOMAIN = 'google.com'\nOAUTH_AUTHORIZATION_URL = 'https://accounts.google.com/o/oauth2/v2/auth'\nOAUTH_TOKEN_URL = 'https://www.googleapis.com/oauth2/v4/token'\nOAUTH_USER_INFO_URL = 'https://www.googleapis.com/oauth2/v1/userinfo'\nOAUTH_SCOPE = [\n    \"openid\",\n    \"https://www.googleapis.com/auth/userinfo.email\",\n    \"https://www.googleapis.com/auth/userinfo.profile\",\n]\nOAUTH_ATTRIBUTE_MAP = {\n    \"sub\": (True, \"uid\"),\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),\n}\n

                Note

                For Github, email is not the unique identifier for an user, but id is in most cases, so we use id as settings example in our manual. As Seafile uses email to identify an unique user account for now, so we combine id and OAUTH_PROVIDER_DOMAIN, which is github.com in your case, to an email format string and then create this account if not exist.

                ENABLE_OAUTH = True\nOAUTH_ENABLE_INSECURE_TRANSPORT = True\n\nOAUTH_CLIENT_ID = \"your-client-id\"\nOAUTH_CLIENT_SECRET = \"your-client-secret\"\nOAUTH_REDIRECT_URL = 'http{s}://example.com/oauth/callback/'\n\nOAUTH_PROVIDER_DOMAIN = 'github.com'\nOAUTH_AUTHORIZATION_URL = 'https://github.com/login/oauth/authorize'\nOAUTH_TOKEN_URL = 'https://github.com/login/oauth/access_token'\nOAUTH_USER_INFO_URL = 'https://api.github.com/user'\nOAUTH_SCOPE = [\"user\",]\nOAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, 'uid'),\n    \"email\": (False, \"contact_email\"),\n    \"name\": (False, \"name\"),\n}\n

                Note

                To enable OAuth via GitLab. Create an application in GitLab (under Admin area->Applications).

                Fill in required fields:

                • Name: a name you specify

                • Redirect URI: The callback url see below OAUTH_REDIRECT_URL

                • Trusted: Skip confirmation dialog page. Select this to not ask the user if he wants to authorize seafile to receive access to his/her account data.

                • Scopes: Select openid and read_user in the scopes list.

                Press submit and copy the client id and secret you receive on the confirmation page and use them in this template for your seahub_settings.py

                ENABLE_OAUTH = True\nOAUTH_CLIENT_ID = \"your-client-id\"\nOAUTH_CLIENT_SECRET = \"your-client-secret\"\nOAUTH_REDIRECT_URL = \"https://your-seafile/oauth/callback/\"\n\nOAUTH_PROVIDER_DOMAIN = 'your-domain'\nOAUTH_AUTHORIZATION_URL = 'https://gitlab.your-domain/oauth/authorize'\nOAUTH_TOKEN_URL = 'https://gitlab.your-domain/oauth/token'\nOAUTH_USER_INFO_URL = 'https://gitlab.your-domain/api/v4/user'\nOAUTH_SCOPE = [\"openid\", \"read_user\"]\nOAUTH_ATTRIBUTE_MAP = {\n    \"email\": (True, \"uid\"),\n    \"name\": (False, \"name\")\n}\n

                Note

                For users of Azure Cloud, as there is no id field returned from Azure Cloud's user info endpoint, so we use a special configuration for OAUTH_ATTRIBUTE_MAP setting (others are the same as Github/Google). Please see this tutorial for the complete deployment process of OAuth against Azure Cloud.

                OAUTH_ATTRIBUTE_MAP = {\n    \"email\": (True, \"uid\"),\n    \"name\": (False, \"name\")\n}\n
                "},{"location":"config/ocm/","title":"Open Cloud Mesh","text":"

                From 8.0.0, Seafile supports OCM protocol. With OCM, user can share library to other server which enabled OCM too.

                Seafile currently supports sharing between Seafile servers with version greater than 8.0, and sharing from NextCloud to Seafile since 9.0.

                These two functions cannot be enabled at the same time

                "},{"location":"config/ocm/#configuration","title":"Configuration","text":"

                Add the following configuration to seahub_settings.py.

                Sharing between Seafile serversSharing from NextCloud to Seafile 
                # Enable OCM\nENABLE_OCM = True\nOCM_PROVIDER_ID = '71687320-6219-47af-82f3-32012707a5ae' # the unique id of this server\nOCM_REMOTE_SERVERS = [\n    {\n        \"server_name\": \"dev\",\n        \"server_url\": \"https://seafile-domain-1/\", # should end with '/'\n    },\n    {\n        \"server_name\": \"download\",\n        \"server_url\": \"https://seafile-domain-2/\", # should end with '/'\n    },\n]\n
                # Enable OCM\nENABLE_OCM_VIA_WEBDAV = True\nOCM_PROVIDER_ID = '71687320-6219-47af-82f3-32012707a5ae' # the unique id of this server\nOCM_REMOTE_SERVERS = [\n    {\n        \"server_name\": \"nextcloud\",\n        \"server_url\": \"https://nextcloud-domain-1/\", # should end with '/'\n    }\n]\n

                OCM_REMOTE_SERVERS is a list of servers that you allow your users to share libraries with

                "},{"location":"config/ocm/#usage","title":"Usage","text":""},{"location":"config/ocm/#share-library-to-other-server","title":"Share library to other server","text":"

                In the library sharing dialog jump to \"Share to other server\", you can share this library to users of another server with \"Read-Only\" or \"Read-Write\" permission. You can also view shared records and cancel sharing.

                "},{"location":"config/ocm/#view-be-shared-libraries","title":"View be shared libraries","text":"

                You can jump to \"Shared from other servers\" page to view the libraries shared by other servers and cancel the sharing.

                And enter the library to view, download or upload files.

                "},{"location":"config/remote_user/","title":"SSO using Remote User","text":"

                Starting from 7.0.0, Seafile can integrate with various Single Sign On systems via a proxy server. Examples include Apache as Shibboleth proxy, or LemonLdap as a proxy to LDAP servers, or Apache as Kerberos proxy. Seafile can retrieve user information from special request headers (HTTP_REMOTE_USER, HTTP_X_AUTH_USER, etc.) set by the proxy servers.

                After the proxy server (Apache/Nginx) is successfully authenticated, the user information is set to the request header, and Seafile creates and logs in the user based on this information.

                Make sure that the proxy server has a corresponding security mechanism to protect against forgery request header attacks

                Please add the following settings to conf/seahub_settings.py to enable this feature.

                ENABLE_REMOTE_USER_AUTHENTICATION = True\n\n# Optional, HTTP header, which is configured in your web server conf file,\n# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.\nREMOTE_USER_HEADER = 'HTTP_REMOTE_USER'\n\n# Optional, when the value of HTTP_REMOTE_USER is not a valid email address\uff0c\n# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'\n# and this domain, e.g. user1@example.com.\nREMOTE_USER_DOMAIN = 'example.com'\n\n# Optional, whether to create new user in Seafile system, default value is True.\n# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.\n# The admin has to first import the users from external systems like LDAP.\nREMOTE_USER_CREATE_UNKNOWN_USER = True\n\n# Optional, whether to activate new user in Seafile system, default value is True.\n# If this setting is disabled, user will be unable to login by default.\n# the administrator needs to manually activate this user.\nREMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True\n\n# Optional, map user attribute in HTTP header and Seafile's user attribute.\nREMOTE_USER_ATTRIBUTE_MAP = {\n    'HTTP_DISPLAYNAME': 'name',\n    'HTTP_MAIL': 'contact_email',\n\n    # for user info\n    \"HTTP_GIVENNAME\": 'givenname',\n    \"HTTP_SN\": 'surname',\n    \"HTTP_ORGANIZATION\": 'institution',\n\n    # for user role\n    'HTTP_Shibboleth-affiliation': 'affiliation',\n}\n\n# Map affiliation to user role. Though the config name is SHIBBOLETH_AFFILIATION_ROLE_MAP,\n# it is not restricted to Shibboleth\nSHIBBOLETH_AFFILIATION_ROLE_MAP = {\n    'employee@uni-mainz.de': 'staff',\n    'member@uni-mainz.de': 'staff',\n    'student@uni-mainz.de': 'student',\n    'employee@hu-berlin.de': 'guest',\n    'patterns': (\n        ('*@hu-berlin.de', 'guest1'),\n        ('*@*.de', 'guest2'),\n        ('*', 'guest'),\n    ),\n}\n

                Then restart Seafile.

                "},{"location":"config/roles_permissions/","title":"Roles and Permissions Support","text":"

                You can add/edit roles and permission for users. A role is just a group of users with some pre-defined permissions, you can toggle user roles in user list page at admin panel. For most permissions, the meaning can be easily obtained from the variable name. The following is a further detailed introduction to some variables.

                • role_quota is used to set quota for a certain role of users. For example, we can set the quota of employee to 100G by adding 'role_quota': '100g', and leave other role of users to the default quota.

                • can_add_public_repo is to set whether a role can create a public library, default is False.

                  Since version 11.0.9 pro, can_share_repo is added to limit users' ability to share a library

                  The can_add_public_repo option will not take effect if you configure global CLOUD_MODE = True

                • storage_ids permission is used for assigning storage backends to users with specific role. More details can be found in multiple storage backends.

                • upload_rate_limit and download_rate_limit are added to limit upload and download speed for users with different roles.

                  Note

                  After configured the rate limit, run the following command in the seafile-server-latest directory to make the configuration take effect:

                  ./seahub.sh python-env python3 seahub/manage.py set_user_role_upload_download_rate_limit\n

                Seafile comes with two build-in roles default and guest, a default user is a normal user with permissions as followings:

                New in 12.0

                • can_drag_drop_folder_to_sync: allow or deny user to sync folder by draging and droping
                • can_export_files_via_mobile_client: allow or deny user to export files in using mobile client
                    'default': {\n        'can_add_repo': True,\n        'can_share_repo': True,\n        'can_add_group': True,\n        'can_view_org': True,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': True,\n        'can_generate_share_link': True,\n        'can_generate_upload_link': True,\n        'can_send_share_link_mail': True,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': True,\n        'can_connect_with_android_clients': True,\n        'can_connect_with_ios_clients': True,\n        'can_connect_with_desktop_clients': True,\n        'can_export_files_via_mobile_client': True,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': True,\n        'upload_rate_limit': 0,  # unit: kb/s\n        'download_rate_limit': 0,\n    },\n

                While a guest user can only read files/folders in the system, here are the permissions for a guest user: 

                    'guest': {\n        'can_add_repo': False,\n        'can_share_repo': False,\n        'can_add_group': False,\n        'can_view_org': False,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': False,\n        'can_generate_share_link': False,\n        'can_generate_upload_link': False,\n        'can_send_share_link_mail': False,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': False,\n        'can_connect_with_android_clients': False,\n        'can_connect_with_ios_clients': False,\n        'can_connect_with_desktop_clients': False,\n        'can_export_files_via_mobile_client': False,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': False,\n        'upload_rate_limit': 0,\n        'download_rate_limit': 0,\n    },\n

                "},{"location":"config/roles_permissions/#edit-build-in-roles","title":"Edit build-in roles","text":"

                If you want to edit the permissions of build-in roles, e.g. default users can invite guest, guest users can view repos in organization, you can add following lines to seahub_settings.py with corresponding permissions set to True.

                ENABLED_ROLE_PERMISSIONS = {\n    'default': {\n        'can_add_repo': True,\n        'can_share_repo': True,\n        'can_add_group': True,\n        'can_view_org': True,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': True,\n        'can_generate_share_link': True,\n        'can_generate_upload_link': True,\n        'can_send_share_link_mail': True,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': True,\n        'can_connect_with_android_clients': True,\n        'can_connect_with_ios_clients': True,\n        'can_connect_with_desktop_clients': True,\n        'can_export_files_via_mobile_client': True,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': True,\n        'upload_rate_limit': 2000,  # unit: kb/s\n        'download_rate_limit': 4000,\n    },\n    'guest': {\n        'can_add_repo': False,\n        'can_share_repo': False,\n        'can_add_group': False,\n        'can_view_org': False,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': False,\n        'can_generate_share_link': False,\n        'can_generate_upload_link': False,\n        'can_send_share_link_mail': False,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': False,\n        'can_connect_with_android_clients': False,\n        'can_connect_with_ios_clients': False,\n        'can_connect_with_desktop_clients': False,\n        'can_export_files_via_mobile_client': False,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': False,\n        'upload_rate_limit': 100,\n        'download_rate_limit': 200,\n    }\n}\n
                "},{"location":"config/roles_permissions/#more-about-guest-invitation-feature","title":"More about guest invitation feature","text":"

                An user who has can_invite_guest permission can invite people outside of the organization as guest.

                In order to use this feature, in addition to granting can_invite_guest permission to the user, add the following line to seahub_settings.py,

                ENABLE_GUEST_INVITATION = True\n\n# invitation expire time\nINVITATIONS_TOKEN_AGE = 72 # hours\n

                After restarting, users who have can_invite_guest permission will see \"Invite People\" section at sidebar of home page.

                Users can invite a guest user by providing his/her email address, system will email the invite link to the user.

                Tip

                If you want to block certain email addresses for the invitation, you can define a blacklist, e.g.

                INVITATION_ACCEPTER_BLACKLIST = [\"a@a.com\", \"*@a-a-a.com\", r\".*@(foo|bar).com\", ]\n

                After that, email address \"a@a.com\", any email address ends with \"@a-a-a.com\" and any email address ends with \"@foo.com\" or \"@bar.com\" will not be allowed.

                "},{"location":"config/roles_permissions/#add-custom-roles","title":"Add custom roles","text":"

                If you want to add a new role and assign some users with this role, e.g. new role employee can invite guest and can create public library and have all other permissions a default user has, you can add following lines to seahub_settings.py

                ENABLED_ROLE_PERMISSIONS = {\n    'default': {\n        'can_add_repo': True,\n        'can_share_repo': True,\n        'can_add_group': True,\n        'can_view_org': True,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': True,\n        'can_generate_share_link': True,\n        'can_generate_upload_link': True,\n        'can_send_share_link_mail': True,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': True,\n        'can_connect_with_android_clients': True,\n        'can_connect_with_ios_clients': True,\n        'can_connect_with_desktop_clients': True,\n        'can_export_files_via_mobile_client': True,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': True,\n        'upload_rate_limit': 2000,  # unit: kb/s\n        'download_rate_limit': 4000,\n    },\n    'guest': {\n        'can_add_repo': False,\n        'can_share_repo': False,\n        'can_add_group': False,\n        'can_view_org': False,\n        'can_add_public_repo': False,\n        'can_use_global_address_book': False,\n        'can_generate_share_link': False,\n        'can_generate_upload_link': False,\n        'can_send_share_link_mail': False,\n        'can_invite_guest': False,\n        'can_drag_drop_folder_to_sync': False,\n        'can_connect_with_android_clients': False,\n        'can_connect_with_ios_clients': False,\n        'can_connect_with_desktop_clients': False,\n        'can_export_files_via_mobile_client': False,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': False,\n        'upload_rate_limit': 100,\n        'download_rate_limit': 200,\n    },\n    'employee': {\n        'can_add_repo': True,\n        'can_share_repo': True,\n        'can_add_group': True,\n        'can_view_org': True,\n        'can_add_public_repo': True,\n        'can_use_global_address_book': True,\n        'can_generate_share_link': True,\n        'can_generate_upload_link': True,\n        'can_send_share_link_mail': True,\n        'can_invite_guest': True,\n        'can_drag_drop_folder_to_sync': True,\n        'can_connect_with_android_clients': True,\n        'can_connect_with_ios_clients': True,\n        'can_connect_with_desktop_clients': True,\n        'can_export_files_via_mobile_client': True,\n        'storage_ids': [],\n        'role_quota': '',\n        'can_publish_repo': True,\n        'upload_rate_limit': 500,\n        'download_rate_limit': 800,\n    },\n}\n
                "},{"location":"config/saml2_in_10.0/","title":"SAML 2.0 in version 10.0+","text":"

                In this document, we use Microsoft Azure SAML single sign-on app and Microsoft on-premise ADFS to show how Seafile integrate SAML 2.0. Other SAML 2.0 provider should be similar.

                "},{"location":"config/saml2_in_10.0/#preparations-for-saml-20","title":"Preparations for SAML 2.0","text":"

                First, install xmlsec1 package:

                $ apt update\n$ apt install xmlsec1\n$ apt install dnsutils  # For multi-tenancy feature\n

                Second, prepare SP(Seafile) certificate directory and SP certificates:

                Create certs dir

                $ mkdir -p /opt/seafile/seahub-data/certs\n

                The SP certificate can be generated by the openssl command, or you can apply to the certificate manufacturer, it is up to you. For example, generate the SP certs using the following command:

                $ cd /opt/seafile/seahub-data/certs\n$ openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout sp.key -out sp.crt\n

                The days option indicates the validity period of the generated certificate. The unit is day. The system admin needs to update the certificate regularly

                "},{"location":"config/saml2_in_10.0/#integration-with-adfssaml-single-sign-on","title":"Integration with ADFS/SAML single sign-on","text":""},{"location":"config/saml2_in_10.0/#microsoft-azure-saml-single-sign-on-app","title":"Microsoft Azure SAML single sign-on app","text":"

                If you use Microsoft Azure SAML app to achieve single sign-on, please follow the steps below:

                First, add SAML single sign-on app and assign users, refer to: add an Azure AD SAML application, create and assign users.

                Second, setup the Identifier, Reply URL, and Sign on URL of the SAML app based on your service URL, refer to: enable single sign-on for saml app. The format of the Identifier, Reply URL, and Sign on URL are: https://example.com/saml2/metadata/, https://example.com/saml2/acs/, https://example.com/, e.g.:

                Next, edit saml attributes & claims. Keep the default attributes & claims of SAML app unchanged, the uid attribute must be added, the mail and name attributes are optional, e.g.:

                Next, download the base64 format SAML app's certificate and rename to idp.crt:

                and put it under the certs directory(/opt/seafile/seahub-data/certs).

                Next, copy the metadata URL of the SAML app:

                and paste it into the SAML_REMOTE_METADATA_URL option in seahub_settings.py, e.g.:

                SAML_REMOTE_METADATA_URL = 'https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxx'   # copy from SAML app\n

                Next, add ENABLE_ADFS_LOGIN, LOGIN_REDIRECT_URL and SAML_ATTRIBUTE_MAPPING options to seahub_settings.py, and then restart Seafile, e.g:

                ENABLE_ADFS_LOGIN = True\nLOGIN_REDIRECT_URL = '/saml2/complete/'\nSAML_ATTRIBUTE_MAPPING = {\n    'name': ('display_name', ),\n    'mail': ('contact_email', ),\n    'seafile_groups': ('', ), # Optional, set this attribute if you need to synchronize groups/departments.\n    ...\n\n}\nSAML_REMOTE_METADATA_URL = 'https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxx'   # copy from SAML app\n

                Note

                • If the xmlsec1 binary is not located in /usr/bin/xmlsec1, you need to add the following configuration in seahub_settings.py:
                SAML_XMLSEC_BINARY_PATH = '/path/to/xmlsec1'\n

                View where the xmlsec1 binary is located:

                $ which xmlsec1\n
                • If certificates are not placed in /opt/seafile/seahub-data/certs, you need to add the following configuration in seahub_settings.py:
                SAML_CERTS_DIR = '/path/to/certs'\n

                Finally, open the browser and enter the Seafile login page, click Single Sign-On, and use the user assigned to SAML app to perform a SAML login test.

                "},{"location":"config/saml2_in_10.0/#on-premise-adfs","title":"On-premise ADFS","text":"

                If you use Microsoft ADFS to achieve single sign-on, please follow the steps below:

                First, please make sure the following preparations are done:

                1. A Windows Server with ADFS installed. For configuring and installing ADFS you can see this article.

                2. A valid SSL certificate for ADFS server, and here we use temp.adfs.com as the domain name example.

                3. A valid SSL certificate for Seafile server, and here we use demo.seafile.com as the domain name example.

                Second, download the base64 format certificate and upload it:

                • Navigate to the AD FS management window. In the left sidebar menu, navigate to Services > Certificates.

                • Locate the Token-signing certificate. Right-click the certificate and select View Certificate.

                • In the dialog box, select the Details tab.

                • Click Copy to File.

                • In the Certificate Export Wizard that opens, click Next.

                • Select Base-64 encoded X.509 (.CER), then click Next.

                • Named it idp.crt, then click Next.

                • Click Finish to complete the download.

                • And then put it under the certs directory(/opt/seafile/seahub-data/certs).

                Next, add the following configurations to seahub_settings.py and then restart Seafile:

                ENABLE_ADFS_LOGIN = True\nLOGIN_REDIRECT_URL = '/saml2/complete/'\nSAML_ATTRIBUTE_MAPPING = {\n    'name': ('display_name', ),\n    'mail': ('contact_email', ),\n    'seafile_groups': ('', ), # Optional, set this attribute if you need to synchronize groups/departments.\n    ...\n}\nSAML_REMOTE_METADATA_URL = 'https://temp.adfs.com/federationmetadata/2007-06/federationmetadata.xml'   # The format of the ADFS federation metadata URL is: `https://{your ADFS domain name}/federationmetadata/2007-06/federationmetadata.xml`\n

                Next, add relying party trust:

                • Log into the ADFS server and open the ADFS management.

                • Under Actions, click Add Relying Party Trust.

                • On the Welcome page, choose Claims aware and click Start.

                • Select Import data about the relying party published online or on a local network, type your metadate url in Federation metadata address (host name or URL), and then click Next. Your metadate url format is: https://example.com/saml2/metadata/, e.g.:

                • On the Specify Display Name page type a name in Display name, e.g. Seafile, under Notes type a description for this relying party trust, and then click Next.

                • In the Choose an access control policy window, select Permit everyone, then click Next.

                • Review your settings, then click Next.

                • Click Close.

                Next, create claims rules:

                • Open the ADFS management, click Relying Party Trusts.

                • Right-click your trust, and then click Edit Claim Issuance Policy.

                • On the Issuance Transform Rules tab click Add Rules.

                • Click the Claim rule template dropdown menu and select Send LDAP Attributes as Claims, and then click Next.

                • In the Claim rule name field, type the display name for this rule, such as Seafile Claim rule. Click the Attribute store dropdown menu and select Active Directory. In the LDAP Attribute column, click the dropdown menu and select User-Principal-Name. In the Outgoing Claim Type column, click the dropdown menu and select UPN. And then click Finish.

                • Click Add Rule again.

                • Click the Claim rule template dropdown menu and select Transform an Incoming Claim, and then click Next.

                • In the Claim rule name field, type the display name for this rule, such as UPN to Name ID. Click the Incoming claim type dropdown menu and select UPN(It must match the Outgoing Claim Type in rule Seafile Claim rule). Click the Outgoing claim type dropdown menu and select Name ID. Click the Outgoing name ID format dropdown menu and select Email. And then click Finish.

                • Click OK to add both new rules.

                When creating claims rule, you can also select other LDAP Attributes, such as E-Mail-Addresses, depending on your ADFS service

                Finally, open the browser and enter the Seafile login page, click Single Sign-On to perform ADFS login test.

                "},{"location":"config/seafevents-conf/","title":"Configurable Options","text":"

                In the file seafevents.conf:

                [DATABASE]\ntype = mysql\nhost = 192.168.0.2\nport = 3306\nusername = seafile\npassword = password\nname = seahub_db\n\n[STATISTICS]\n## must be \"true\" to enable statistics\nenabled = false\n\n[SEAHUB EMAIL]\n## must be \"true\" to enable user email notifications when there are new unread notifications\nenabled = true\n\n## interval of sending Seahub email. Can be s(seconds), m(minutes), h(hours), d(days)\ninterval = 30m\n\n[FILE HISTORY]\nenabled = true\nthreshold = 5\nsuffix = md,txt,...\n\n## From seafile 7.0.0\n## Recording file history to database for fast access is enabled by default for 'Markdown, .txt, ppt, pptx, doc, docx, xls, xlsx'. \n## After enable the feature, the old histories version for markdown, doc, docx files will not be list in the history page.\n## (Only new histories that stored in database will be listed) But the users can still access the old versions in the library snapshots.\n## For file types not listed in the suffix , histories version will be scanned from the library history as before.\n## The feature default is enable. You can set the 'enabled = false' to disable the feature.\n\n## The 'threshold' is the time threshold for recording the historical version of a file, in minutes, the default is 5 minutes. \n## This means that if the interval between two adjacent file saves is less than 5 minutes, the two file changes will be merged and recorded as a historical version. \n## When set to 0, there is no time limit, which means that each save will generate a separate historical version.\n\n## If you need to modify the file list format, you can add 'suffix = md, txt, ...' configuration items to achieve.\n
                "},{"location":"config/seafevents-conf/#the-following-configurations-for-pro-edition-only","title":"The following configurations for Pro Edition only","text":"
                [AUDIT]\n## Audit log is disabled default.\n## Leads to additional SQL tables being filled up, make sure your SQL server is able to handle it.\nenabled = true\n\n[INDEX FILES]\n## must be \"true\" to enable search\nenabled = true\n\n## The interval the search index is updated. Can be s(seconds), m(minutes), h(hours), d(days)\ninterval=10m\n\n## From Seafile 6.3.0 pro, in order to speed up the full-text search speed, you should setup\nhighlight = fvh\n\n## If true, indexes the contents of office/pdf files while updating search index\n## Note: If you change this option from \"false\" to \"true\", then you need to clear the search index and update the index again.\n## Refer to file search manual for details.\nindex_office_pdf=false\n\n## The default size limit for doc, docx, ppt, pptx, xls, xlsx and pdf files. Files larger than this will not be indexed.\n## Since version 6.2.0\n## Unit: MB\noffice_file_size_limit = 10\n\n## From 9.0.7 pro, Seafile supports connecting to Elasticsearch through username and password, you need to configure username and password for the Elasticsearch server\nusername = elastic           # username to connect to Elasticsearch\npassword = elastic_password  # password to connect to Elasticsearch\n\n## From 9.0.7 pro, Seafile supports connecting to elasticsearch via HTTPS, you need to configure HTTPS for the Elasticsearch server\nscheme = https               # The default is http. If the Elasticsearch server is not configured with HTTPS, the scheme and cafile do not need to be configured\ncafile = path/to/cert.pem    # The certificate path for user authentication. If the Elasticsearch server does not enable certificate authentication, do not need to be configured\n\n## From version 11.0.5 Pro, you can custom ElasticSearch index names for distinct instances when intergrating multiple Seafile servers to a single ElasticSearch Server.\nrepo_status_index_name = your-repo-status-index-name  # default is `repo_head`\nrepo_files_index_name = your-repo-files-index-name    # default is `repofiles`\n\n## The default loglevel is `warning`.\n## Since version 11.0.4\nloglevel = info\n\n[EVENTS PUBLISH]\n## must be \"true\" to enable publish events messages\nenabled = false\n## message format: repo-update\\t{{repo_id}}}\\t{{commit_id}}\n## Currently only support redis message queue\nmq_type = redis\n\n[REDIS]\n## redis use the 0 database and \"repo_update\" channel\nserver = 192.168.1.1\nport = 6379\npassword = q!1w@#123\n\n[AUTO DELETION]\nenabled = true     # Default is false, when enabled, users can use file auto deletion feature\ninterval = 86400   # The unit is second(s), the default frequency is one day, that is, it runs once a day\n
                "},{"location":"config/seafile-conf/","title":"Seafile.conf settings","text":"

                Important

                Every entry in this configuration file is case-sensitive.

                You need to restart seafile and seahub so that your changes take effect.

                ./seahub.sh restart\n./seafile.sh restart\n
                "},{"location":"config/seafile-conf/#storage-quota-setting","title":"Storage Quota Setting","text":"

                You may set a default quota (e.g. 2GB) for all users. To do this, just add the following lines to seafile.conf file

                [quota]\n# default user quota in GB, integer only\ndefault = 2\n

                This setting applies to all users. If you want to set quota for a specific user, you may log in to seahub website as administrator, then set it in \"System Admin\" page.

                Since Pro 10.0.9 version, you can set the maximum number of files allowed in a library, and when this limit is exceeded, files cannot be uploaded to this library. There is no limit by default.

                [quota]\nlibrary_file_limit = 100000\n
                "},{"location":"config/seafile-conf/#default-history-length-limit","title":"Default history length limit","text":"

                If you don't want to keep all file revision history, you may set a default history length limit for all libraries.

                [history]\nkeep_days = days of history to keep\n
                "},{"location":"config/seafile-conf/#default-trash-expiration-time","title":"Default trash expiration time","text":"

                The default time for automatic cleanup of the libraries trash is 30 days.You can modify this time by adding the following configuration\uff1a

                [library_trash]\nexpire_days = 60\n
                "},{"location":"config/seafile-conf/#system-trash","title":"System Trash","text":"

                Seafile uses a system trash, where deleted libraries will be moved to. In this way, accidentally deleted libraries can be recovered by system admin.

                "},{"location":"config/seafile-conf/#cache-pro-edition-only","title":"Cache (Pro Edition Only)","text":"

                Seafile Pro Edition uses memory caches in various cases to improve performance. Some session information is also saved into memory cache to be shared among the cluster nodes. Memcached or Reids can be use for memory cache.

                If you use memcached:

                [memcached]\n# Replace `localhost` with the memcached address:port if you're using remote memcached\n# POOL-MIN and POOL-MAX is used to control connection pool size. Usually the default is good enough.\nmemcached_options = --SERVER=localhost --POOL-MIN=10 --POOL-MAX=100\n

                If you use redis:

                [redis]\n# your redis server address\nredis_host = 127.0.0.1\n# your redis server port\nredis_port = 6379\n# size of connection pool to redis, default is 100\nmax_connections = 100\n

                Redis support is added in version 11.0. Currently only single-node Redis is supported. Redis Sentinel or Cluster is not supported yet.

                "},{"location":"config/seafile-conf/#seafile-fileserver-configuration","title":"Seafile fileserver configuration","text":"

                The configuration of seafile fileserver is in the [fileserver] section of the file seafile.conf

                [fileserver]\n# bind address for fileserver\n# default to 0.0.0.0, if deployed without proxy: no access restriction\n# set to 127.0.0.1, if used with local proxy: only access by local\nhost = 127.0.0.1\n# tcp port for fileserver\nport = 8082\n

                Since Community Edition 6.2 and Pro Edition 6.1.9, you can set the number of worker threads to server http requests. Default value is 10, which is a good value for most use cases.

                [fileserver]\nworker_threads = 15\n

                Change upload/download settings.

                [fileserver]\n# Set maximum upload file size to 200M.\n# If not configured, there is no file size limit for uploading.\nmax_upload_size=200\n\n# Set maximum download directory size to 200M.\n# Default is 100M.\nmax_download_dir_size=200\n

                After a file is uploaded via the web interface, or the cloud file browser in the client, it needs to be divided into fixed size blocks and stored into storage backend. We call this procedure \"indexing\". By default, the file server uses 1 thread to sequentially index the file and store the blocks one by one. This is suitable for most cases. But if you're using S3/Ceph/Swift backends, you may have more bandwidth in the storage backend for storing multiple blocks in parallel. We provide an option to define the number of concurrent threads in indexing:

                [fileserver]\nmax_indexing_threads = 10\n

                When users upload files in the web interface (seahub), file server divides the file into fixed size blocks. Default blocks size for web uploaded files is 8MB. The block size can be set here.

                [fileserver]\n#Set block size to 2MB\nfixed_block_size=2\n

                When users upload files in the web interface, file server assigns an token to authorize the upload operation. This token is valid for 1 hour by default. When uploading a large file via WAN, the upload time can be longer than 1 hour. You can change the token expire time to a larger value.

                [fileserver]\n#Set uploading time limit to 3600s\nweb_token_expire_time=3600\n

                You can download a folder as a zip archive from seahub, but some zip software on windows doesn't support UTF-8, in which case you can use the \"windows_encoding\" settings to solve it.

                [zip]\n# The file name encoding of the downloaded zip file.\nwindows_encoding = iso-8859-1\n

                The \"httptemp\" directory contains temporary files created during file upload and zip download. In some cases the temporary files are not cleaned up after the file transfer was interrupted. Starting from 7.1.5 version, file server will regularly scan the \"httptemp\" directory to remove files created long time ago.

                [fileserver]\n# After how much time a temp file will be removed. The unit is in seconds. Default to 3 days.\nhttp_temp_file_ttl = x\n# File scan interval. The unit is in seconds. Default to 1 hour.\nhttp_temp_scan_interval = x\n

                New in Seafile Pro 7.1.16 and Pro 8.0.3: You can set the maximum number of files contained in a library that can be synced by the Seafile client. The default is 100000. When you download a repo, Seafile client will request fs id list, and you can control the timeout period of this request through fs_id_list_request_timeout configuration, which defaults to 5 minutes. These two options are added to prevent long fs-id-list requests from overloading the server.

                Since Pro 8.0.4 version, you can set both options to -1, to allow unlimited size and timeout.

                Tip

                This configuration is only effective for downloading files through web page or API, but not for syncing files

                [fileserver]\nmax_sync_file_count = 100000\nfs_id_list_request_timeout = 300\n

                If you use object storage as storage backend, when a large file is frequently downloaded, the same blocks need to be fetched from the storage backend to Seafile server. This may waste bandwith and cause high load on the internal network. Since Seafile Pro 8.0.5 version, we add block caching to improve the situation.

                • To enable this feature, set use_block_cache option in the [fileserver] group. It's not enabled by default.
                • The block_cache_size_limit option is used to limit the size of the cache. Its default value is 10GB. The blocks are cached in seafile-data/block-cache directory. When the total size of cached files exceeds the limit, seaf-server will clean up older files until the size reduces to 70% of the limit. The cleanup interval is 5 minutes. You have to have a good estimate on how much space you need for the cache directory. Otherwise on frequent downloads this directory can be quickly filled up.
                • The block_cache_file_types configuration is used to choose the file types that are cached. block_cache_file_types the default value is mp4;mov.

                [fileserver]\nuse_block_cache = true\n# Set block cache size limit to 100MB\nblock_cache_size_limit = 100\nblock_cache_file_types = mp4;mov\n
                When a large number of files are uploaded through the web page and API, it will be expensive to calculate block IDs based on the block contents. Since Seafile-pro-9.0.6, you can add the skip_block_hash option to use a random string as block ID.

                Warning

                This option will prevent fsck from checking block content integrity. You should specify --shallow option to fsck to not check content integrity.

                [fileserver]\nskip_block_hash = true\n

                If you want to limit the type of files when uploading files, since Seafile Pro 10.0.0 version, you can set file_ext_white_list option in the [fileserver] group. This option is a list of file types, only the file types in this list are allowed to be uploaded. It's not enabled by default. 

                [fileserver]\nfile_ext_white_list = md;mp4;mov\n

                Since seafile 10.0.1, when you use go fileserver, you can set upload_limit and download_limit option in the [fileserver] group to limit the speed of file upload and download. It's not enabled by default. 

                [fileserver]\n# The unit is in KB/s.\nupload_limit = 100\ndownload_limit = 100\n

                Since Seafile 11.0.7 Pro, you can ask file server to check virus for every file uploaded with web APIs. Find more options about virus scanning at virus scan.

                [fileserver]\n# default is false\ncheck_virus_on_web_upload = true\n
                "},{"location":"config/seafile-conf/#database-configuration","title":"Database configuration","text":"

                The configurations of database are stored in the [database] section.

                From Seafile 11.0, the SQLite is not supported

                [database]\ntype=mysql\nhost=127.0.0.1\nuser=root\npassword=root\ndb_name=seafile_db\nconnection_charset=utf8\nmax_connections=100\n

                When you configure seafile server to use MySQL, the default connection pool size is 100, which should be enough for most use cases.

                Since Seafile 10.0.2, you can enable the encrypted connections to the MySQL server by adding the following configuration options:

                [database]\nuse_ssl = true\nskip_verify = false\nca_path = /etc/mysql/ca.pem\n

                When set use_ssl to true and skip_verify to false, it will check whether the MySQL server certificate is legal through the CA configured in ca_path. The ca_path is a trusted CA certificate path for signing MySQL server certificates. When skip_verify is true, there is no need to add the ca_path option. The MySQL server certificate won't be verified at this time.

                "},{"location":"config/seafile-conf/#file-locking-pro-edition-only","title":"File Locking (Pro edition only)","text":"

                The Seafile Pro server auto expires file locks after some time, to prevent a locked file being locked for too long. The expire time can be tune in seafile.conf file.

                [file_lock]\ndefault_expire_hours = 6\n

                The default is 12 hours.

                Since Seafile-pro-9.0.6, you can add cache for getting locked files (reduce server load caused by sync clients).

                [file_lock]\nuse_locked_file_cache = true\n

                At the same time, you also need to configure the following memcache options for the cache to take effect:

                [memcached]\nmemcached_options = --SERVER=<the IP of Memcached Server> --POOL-MIN=10 --POOL-MAX=100\n
                "},{"location":"config/seafile-conf/#storage-backends","title":"Storage Backends","text":"

                You may configure Seafile to use various kinds of object storage backends.

                • S3 or S3-compatible object storage
                • Ceph RADOS
                • Alibaba Cloud OSS
                • OpenStack Swift

                You may also configure Seafile to use multiple storage backends at the same time.

                "},{"location":"config/seafile-conf/#cluster","title":"Cluster","text":"

                When you deploy Seafile in a cluster, you should add the following configuration:

                [cluster]\nenabled = true\n
                "},{"location":"config/seafile-conf/#enable-slow-log","title":"Enable Slow Log","text":"

                Since Seafile-pro-6.3.10, you can enable seaf-server's RPC slow log to do performance analysis.The slow log is enabled by default.

                If you want to configure related options, add the options to seafile.conf:

                [slow_log]\n# default to true\nenable_slow_log = true\n# the unit of all slow log thresholds is millisecond.\n# default to 5000 milliseconds, only RPC queries processed for longer than 5000 milliseconds will be  logged.\nrpc_slow_threshold = 5000\n

                You can find seafile_slow_rpc.log in logs/slow_logs. You can also use log-rotate to rotate the log files. You just need to send SIGUSR2 to seaf-server process. The slow log file will be closed and reopened.

                Since 9.0.2 Pro, the signal to trigger log rotation has been changed to SIGUSR1. This signal will trigger rotation for all log files opened by seaf-server. You should change your log rotate settings accordingly.

                "},{"location":"config/seafile-conf/#enable-access-log","title":"Enable Access Log","text":"

                Even though Nginx logs all requests with certain details, such as url, response code, upstream process time, it's sometimes desirable to have more context about the requests, such as the user id for each request. Such information can only be logged from file server itself. Since 9.0.2 Pro, access log feature is added to fileserver.

                To enable access log, add below options to seafile.conf:

                [fileserver]\n# default to false. If enabled, fileserver-access.log will be written to log directory.\nenable_access_log = true\n

                The log format is as following:

                start time - user id - url - response code - process time\n

                You can use SIGUSR1 to trigger log rotation.

                "},{"location":"config/seafile-conf/#go-fileserver","title":"Go Fileserver","text":"

                Seafile 9.0 introduces a new fileserver implemented in Go programming language. To enable it, you can set the options below in seafile.conf:

                [fileserver]\nuse_go_fileserver = true\n

                Go fileserver has 3 advantages over the traditional fileserver implemented in C language:

                1. Better performance when syncing libraries with large number of files. With C fileserver, syncing large libraries may consume all the worker threads in the server and make the service slow. There is a config option max_sync_file_count to limit the size of library to be synced. The default is 100K. With Go fileserver you can set this option to a much higher number, such as 1 million.
                2. Downloading zipped folders on the fly. And there is no limit on the size of the downloaded folder. With C fileserver, the server has to first create a zip file for the downloaded folder then send it to the client. With Go fileserver, the zip file can be created while transferring to the client. The option max_download_dir_size is thus no longer needed by Go fileserver.
                3. Since version 10.0 you can also set upload/download rate limits.

                Go fileserver caches fs objects in memory. On the one hand, it avoids repeated creation and destruction of repeatedly accessed objects; on the other hand it will also slow down the speed at which objects are released, which will prevent go's gc mechanism from consuming too much CPU time. You can set the size of memory used by fs cache through the following options.

                [fileserver]\n# The unit is in M. Default to 2G.\nfs_cache_limit = 100\n
                "},{"location":"config/seafile-conf/#profiling-go-fileserver-performance","title":"Profiling Go Fileserver Performance","text":"

                Since Seafile 9.0.7, you can enable the profile function of go fileserver by adding the following configuration options:

                # profile_password is required, change it for your need\n[fileserver]\nenable_profiling = true\nprofile_password = 8kcUz1I2sLaywQhCRtn2x1\n

                This interface can be used through the pprof tool provided by Go language. See https://pkg.go.dev/net/http/pprof for details. Note that you have to first install Go on the client that issues the below commands. The password parameter should match the one you set in the configuration.

                go tool pprof http://localhost:8082/debug/pprof/heap?password=8kcUz1I2sLaywQhCRtn2x1\ngo tool pprof http://localhost:8082/debug/pprof/profile?password=8kcUz1I2sLaywQhCRtn2x1\n
                "},{"location":"config/seafile-conf/#notification-server-configuration","title":"Notification server configuration","text":"

                Since Seafile 10.0.0, you can enable the notification server by adding the following configuration options:

                # jwt_private_key are required.You should generate it manually.\n[notification]\nenabled = true\n# the listen IP of notification server. (Do not modify the host when using Nginx or Apache, as Nginx or Apache will proxy the requests to this address)\nhost = 127.0.0.1\n# the port of notification server\nport = 8083\n# the log level of notification server\nlog_level = info\n# jwt_private_key is used to generate jwt token and authenticate seafile server\njwt_private_key = M@O8VWUb81YvmtWLHGB2I_V7di5-@0p(MF*GrE!sIws23F\n

                You can generate jwt_private_key with the following command\uff1a

                # generate jwt_private_key\nopenssl rand -base64 32\n

                If you use nginx, then you also need to add the following configuration for nginx:

                server {\n    ...\n\n    location /notification/ping {\n        proxy_pass http://127.0.0.1:8083/ping;\n        access_log      /var/log/nginx/notification.access.log seafileformat;\n        error_log       /var/log/nginx/notification.error.log;\n    }\n    location /notification {\n        proxy_pass http://127.0.0.1:8083/;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n        access_log      /var/log/nginx/notification.access.log seafileformat;\n        error_log       /var/log/nginx/notification.error.log;\n    }\n\n    ...\n}\n

                Or add the configuration for Apache:

                    ProxyPass /notification/ping  http://127.0.0.1:8083/ping/\n    ProxyPassReverse /notification/ping  http://127.0.0.1:8083/ping/\n\n    ProxyPass /notification  ws://127.0.0.1:8083/\n    ProxyPassReverse /notification ws://127.0.0.1:8083/\n
                "},{"location":"config/seahub_customization/","title":"Seahub customization","text":""},{"location":"config/seahub_customization/#customize-seahub-logo-and-css","title":"Customize Seahub Logo and CSS","text":"

                Create customize folder

                Deploy in DockerDeploy from binary packages 
                mkdir -p /opt/seafile-data/seahub/media/custom\n
                mkdir /opt/seafile/seafile-server-latest/seahub/media/custom\n

                During upgrading, Seafile upgrade script will create symbolic link automatically to preserve your customization.

                "},{"location":"config/seahub_customization/#customize-logo","title":"Customize Logo","text":"

                Add your logo file to custom/

                Overwrite LOGO_PATH in seahub_settings.py

                LOGO_PATH = 'custom/mylogo.png'\n

                Default width and height for logo is 149px and 32px, you may need to change that according to yours.

                LOGO_WIDTH = 149\nLOGO_HEIGHT = 32\n
                "},{"location":"config/seahub_customization/#customize-favicon","title":"Customize Favicon","text":"

                Add your favicon file to custom/

                Overwrite FAVICON_PATH in seahub_settings.py

                LOGO_PATH = 'custom/favicon.png'\n
                "},{"location":"config/seahub_customization/#customize-seahub-css","title":"Customize Seahub CSS","text":"

                Add your css file to custom/, for example, custom.css

                Overwrite BRANDING_CSS in seahub_settings.py

                LOGO_PATH = 'custom/custom.css'\n
                "},{"location":"config/seahub_customization/#customize-help-page","title":"Customize help page","text":"Deploy in DockerDeploy from binary packages 
                mkdir -p /opt/seafile-data/seahub/media/custom/templates/help/\ncd /opt/seafile-data/seahub/media/custom\ncp ../../help/templates/help/install.html templates/help/\n
                mkdir /opt/seafile/seafile-server-latest/seahub/media/custom/templates/help/\ncd /opt/seafile/seafile-server-latest/seahub/media/custom\ncp ../../help/templates/help/install.html templates/help/\n

                Modify the templates/help/install.html file and save it. You will see the new help page.

                "},{"location":"config/seahub_customization/#add-an-extra-note-in-sharing-dialog","title":"Add an extra note in sharing dialog","text":"

                You can add an extra note in sharing dialog in seahub_settings.py

                ADDITIONAL_SHARE_DIALOG_NOTE = {\n    'title': 'Attention! Read before shareing files:',\n    'content': 'Do not share personal or confidential official data with **.'\n}\n

                Result:

                "},{"location":"config/seahub_customization/#add-custom-navigation-items","title":"Add custom navigation items","text":"

                Since Pro 7.0.9, Seafile supports adding some custom navigation entries to the home page for quick access. This requires you to add the following configuration information to the conf/seahub_settings.py configuration file:

                CUSTOM_NAV_ITEMS = [\n    {'icon': 'sf2-icon-star',\n     'desc': 'Custom navigation 1',\n     'link': 'https://www.seafile.com'\n    },\n    {'icon': 'sf2-icon-wiki-view',\n     'desc': 'Custom navigation 2',\n     'link': 'https://www.seafile.com/help'\n    },\n    {'icon': 'sf2-icon-wrench',\n     'desc': 'Custom navigation 3',\n     'link': 'http://www.example.com'\n    },\n]\n

                Note

                The icon field currently only supports icons in Seafile that begin with sf2-icon. You can find the list of icons here:

                Then restart the Seahub service to take effect.

                Once you log in to the Seafile system homepage again, you will see the new navigation entry under the Tools navigation bar on the left.

                "},{"location":"config/seahub_customization/#add-more-links-to-the-bottom-bar","title":"Add more links to the bottom bar","text":"
                ADDITIONAL_APP_BOTTOM_LINKS = {\n    'seafile': 'https://example.seahub.com/seahub',\n    'dtable-web': 'https://example.seahub.com/web'\n}\n

                Result:

                "},{"location":"config/seahub_customization/#add-more-links-to-about-dialog","title":"Add more links to about dialog","text":"
                ADDITIONAL_ABOUT_DIALOG_LINKS = {\n    'seafile': 'https://example.seahub.com/seahub',\n    'dtable-web': 'https://example.seahub.com/dtable-web'\n}\n

                Result:

                "},{"location":"config/seahub_settings_py/","title":"Seahub Settings","text":"

                Tip

                You can also modify most of the config items via web interface. The config items are saved in database table (seahub-db/constance_config). They have a higher priority over the items in config files. If you want to disable settings via web interface, you can add ENABLE_SETTINGS_VIA_WEB = False to seahub_settings.py.

                "},{"location":"config/seahub_settings_py/#sending-email-notifications-on-seahub","title":"Sending Email Notifications on Seahub","text":"

                Refer to email sending documentation.

                "},{"location":"config/seahub_settings_py/#cache","title":"Cache","text":"

                Seahub caches items(avatars, profiles, etc) on file system by default(/tmp/seahub_cache/). You can replace with Memcached or Redis.

                MemcachedRedis 
                # on Debian/Ubuntu 18.04+\napt-get install memcached libmemcached-dev -y\npip3 install --timeout=3600 pylibmc django-pylibmc\n\nsystemctl enable --now memcached\n

                Add the following configuration to seahub_settings.py.

                CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '127.0.0.1:11211',\n    },\n}\n

                Redis supported is added in Seafile version 11.0

                1. Install Redis with package installers in your OS.

                2. Please refer to Django's documentation about using Redis cache.

                "},{"location":"config/seahub_settings_py/#security-settings","title":"Security settings","text":"
                # For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com'].\n# Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.\nALLOWED_HOSTS = ['.myseafile.com']\n\n\n# Whether to use a secure cookie for the CSRF cookie\n# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-secure\nCSRF_COOKIE_SECURE = True\n\n# The value of the SameSite flag on the CSRF cookie\n# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-samesite\nCSRF_COOKIE_SAMESITE = 'Strict'\n\n# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-trusted-origins\nCSRF_TRUSTED_ORIGINS = ['https://www.myseafile.com']\n
                "},{"location":"config/seahub_settings_py/#user-management-options","title":"User management options","text":"

                The following options affect user registration, password and session.

                # Enalbe or disalbe registration on web. Default is `False`.\nENABLE_SIGNUP = False\n\n# Activate or deactivate user when registration complete. Default is `True`.\n# If set to `False`, new users need to be activated by admin in admin panel.\nACTIVATE_AFTER_REGISTRATION = False\n\n# Whether to send email when a system admin adding a new member. Default is `True`.\nSEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True\n\n# Whether to send email when a system admin resetting a user's password. Default is `True`.\nSEND_EMAIL_ON_RESETTING_USER_PASSWD = True\n\n# Send system admin notify email when user registration is complete. Default is `False`.\nNOTIFY_ADMIN_AFTER_REGISTRATION = True\n\n# Remember days for login. Default is 7\nLOGIN_REMEMBER_DAYS = 7\n\n# Attempt limit before showing a captcha when login.\nLOGIN_ATTEMPT_LIMIT = 3\n\n# deactivate user account when login attempts exceed limit\n# Since version 5.1.2 or pro 5.1.3\nFREEZE_USER_ON_LOGIN_FAILED = False\n\n# mininum length for user's password\nUSER_PASSWORD_MIN_LENGTH = 6\n\n# LEVEL based on four types of input:\n# num, upper letter, lower letter, other symbols\n# '3' means password must have at least 3 types of the above.\nUSER_PASSWORD_STRENGTH_LEVEL = 3\n\n# default False, only check USER_PASSWORD_MIN_LENGTH\n# when True, check password strength level, STRONG(or above) is allowed\nUSER_STRONG_PASSWORD_REQUIRED = False\n\n# Force user to change password when admin add/reset a user.\n# Added in 5.1.1, deafults to True.\nFORCE_PASSWORD_CHANGE = True\n\n# Age of cookie, in seconds (default: 2 weeks).\nSESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2\n\n# Whether a user's session cookie expires when the Web browser is closed.\nSESSION_EXPIRE_AT_BROWSER_CLOSE = False\n\n# Whether to save the session data on every request. Default is `False`\nSESSION_SAVE_EVERY_REQUEST = False\n\n# Whether enable the feature \"published library\". Default is `False`\n# Since 6.1.0 CE\nENABLE_WIKI = True\n\n# In old version, if you use Single Sign On, the password is not saved in Seafile.\n# Users can't use WebDAV because Seafile can't check whether the password is correct.\n# Since version 6.3.8, you can enable this option to let user's to specific a password for WebDAV login.\n# Users login via SSO can use this password to login in WebDAV.\n# Enable the feature. pycryptodome should be installed first.\n# sudo pip install pycryptodome==3.12.0\nENABLE_WEBDAV_SECRET = True\nWEBDAV_SECRET_MIN_LENGTH = 8\n\n# LEVEL for the password, based on four types of input:\n# num, upper letter, lower letter, other symbols\n# '3' means password must have at least 3 types of the above.\nWEBDAV_SECRET_STRENGTH_LEVEL = 1\n\n\n# Since version 7.0.9, you can force a full user to log in with a two factor authentication.\n# The prerequisite is that the administrator should 'enable two factor authentication' in the 'System Admin -> Settings' page.\n# Then you can add the following configuration information to the configuration file.\nENABLE_FORCE_2FA_TO_ALL_USERS = True\n
                "},{"location":"config/seahub_settings_py/#library-snapshot-label-feature","title":"Library snapshot label feature","text":"
                # Turn on this option to let users to add a label to a library snapshot. Default is `False`\nENABLE_REPO_SNAPSHOT_LABEL = False\n
                "},{"location":"config/seahub_settings_py/#library-options","title":"Library options","text":"

                Options for libraries:

                # if enable create encrypted library\nENABLE_ENCRYPTED_LIBRARY = True\n\n# version for encrypted library\n# should only be `2` or `4`.\n# version 3 is insecure (using AES128 encryption) so it's not recommended any more.\nENCRYPTED_LIBRARY_VERSION = 2\n\n# mininum length for password of encrypted library\nREPO_PASSWORD_MIN_LENGTH = 8\n\n# force use password when generate a share/upload link (since version 8.0.9)\nSHARE_LINK_FORCE_USE_PASSWORD = False\n\n# mininum length for password for share link (since version 4.4)\nSHARE_LINK_PASSWORD_MIN_LENGTH = 8\n\n# LEVEL for the password of a share/upload link\n# based on four types of input:\n# num, upper letter, lower letter, other symbols\n# '3' means password must have at least 3 types of the above. (since version 8.0.9)\nSHARE_LINK_PASSWORD_STRENGTH_LEVEL = 3\n\n# Default expire days for share link (since version 6.3.8)\n# Once this value is configured, the user can no longer generate an share link with no expiration time.\n# If the expiration value is not set when the share link is generated, the value configured here will be used.\nSHARE_LINK_EXPIRE_DAYS_DEFAULT = 5\n\n# minimum expire days for share link (since version 6.3.6)\n# SHARE_LINK_EXPIRE_DAYS_MIN should be less than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).\nSHARE_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.\n\n# maximum expire days for share link (since version 6.3.6)\n# SHARE_LINK_EXPIRE_DAYS_MIN should be greater than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).\nSHARE_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.\n\n# Default expire days for upload link (since version 7.1.6)\n# Once this value is configured, the user can no longer generate an upload link with no expiration time.\n# If the expiration value is not set when the upload link is generated, the value configured here will be used.\nUPLOAD_LINK_EXPIRE_DAYS_DEFAULT = 5\n\n# minimum expire days for upload link (since version 7.1.6)\n# UPLOAD_LINK_EXPIRE_DAYS_MIN should be less than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).\nUPLOAD_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.\n\n# maximum expire days for upload link (since version 7.1.6)\n# UPLOAD_LINK_EXPIRE_DAYS_MAX should be greater than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).\nUPLOAD_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.\n\n# force user login when view file/folder share link (since version 6.3.6)\nSHARE_LINK_LOGIN_REQUIRED = True\n\n# enable water mark when view(not edit) file in web browser (since version 6.3.6)\nENABLE_WATERMARK = True\n\n# Disable sync with any folder. Default is `False`\n# NOTE: since version 4.2.4\nDISABLE_SYNC_WITH_ANY_FOLDER = True\n\n# Enable or disable library history setting\nENABLE_REPO_HISTORY_SETTING = True\n\n# Enable or disable user share library to any group\n# Since version 6.2.0\nENABLE_SHARE_TO_ALL_GROUPS = True\n\n# Enable or disable user to clean trash (default is True)\n# Since version 6.3.6\nENABLE_USER_CLEAN_TRASH = True\n\n# Add a report abuse button on download links. (since version 7.1.0)\n# Users can report abuse on the share link page, fill in the report type, contact information, and description.\n# Default is false.\nENABLE_SHARE_LINK_REPORT_ABUSE = True\n

                Options for online file preview:

                # Online preview maximum file size, defaults to 30M.\nFILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024\n\n# Extensions of previewed text files.\n# NOTE: since version 6.1.1\nTEXT_PREVIEW_EXT = \"\"\"ac, am, bat, c, cc, cmake, cpp, cs, css, diff, el, h, html,\nhtm, java, js, json, less, make, org, php, pl, properties, py, rb,\nscala, script, sh, sql, txt, text, tex, vi, vim, xhtml, xml, log, csv,\ngroovy, rst, patch, go\"\"\"\n\n\n# Seafile only generates thumbnails for images smaller than the following size.\n# Since version 6.3.8 pro, suport the psd online preview.\nTHUMBNAIL_IMAGE_SIZE_LIMIT = 30 # MB\n\n# Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first.\n# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html\n# NOTE: this option is deprecated in version 7.1\nENABLE_VIDEO_THUMBNAIL = False\n\n# Use the frame at 5 second as thumbnail\n# NOTE: this option is deprecated in version 7.1\nTHUMBNAIL_VIDEO_FRAME_TIME = 5\n\n# Absolute filesystem path to the directory that will hold thumbnail files.\nTHUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/'\n\n# Default size for picture preview. Enlarge this size can improve the preview quality.\n# NOTE: since version 6.1.1\nTHUMBNAIL_SIZE_FOR_ORIGINAL = 1024\n
                "},{"location":"config/seahub_settings_py/#cloud-mode","title":"Cloud Mode","text":"

                You should enable cloud mode if you use Seafile with an unknown user base. It disables the organization tab in Seahub's website to ensure that users can't access the user list. Cloud mode provides some nice features like sharing content with unregistered users and sending invitations to them. Therefore you also want to enable user registration. Through the global address book (since version 4.2.3) you can do a search for every user account. So you probably want to disable it.

                # Enable cloude mode and hide `Organization` tab.\nCLOUD_MODE = True\n\n# Disable global address book\nENABLE_GLOBAL_ADDRESSBOOK = False\n
                "},{"location":"config/seahub_settings_py/#single-sign-on","title":"Single Sign On","text":"
                # Enable authentication with ADFS\n# Default is False\n# Since 6.0.9\nENABLE_ADFS_LOGIN = True\n\n# Force user login through ADFS instead of email and password\n# Default is False\n# Since 11.0.7\nDISABLE_ADFS_USER_PWD_LOGIN = True\n\n# Enable authentication wit Kerberos\n# Default is False\nENABLE_KRB5_LOGIN = True\n\n# Enable authentication with Shibboleth\n# Default is False\nENABLE_SHIBBOLETH_LOGIN = True\n\n# Enable client to open an external browser for single sign on\n# When it is false, the old buitin browser is opened for single sign on\n# When it is true, the default browser of the operation system is opened\n# The benefit of using system browser is that it can support hardware 2FA\n# Since 11.0.0, and sync client 9.0.5, drive client 3.0.8\nCLIENT_SSO_VIA_LOCAL_BROWSER = True   # default is False\nCLIENT_SSO_UUID_EXPIRATION = 5 * 60   # in seconds\n
                "},{"location":"config/seahub_settings_py/#other-options","title":"Other options","text":"
                # This is outside URL for Seahub(Seafile Web). \n# The domain part (i.e., www.example.com) will be used in generating share links and download/upload file via web.\n# Note: SERVICE_URL is moved to seahub_settings.py since 9.0.0\n# Note: SERVICE_URL is no longer used since version 12.0\n# SERVICE_URL = 'https://seafile.example.com:'\n\n# Disable settings via Web interface in system admin->settings\n# Default is True\n# Since 5.1.3\nENABLE_SETTINGS_VIA_WEB = False\n\n# Choices can be found here:\n# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name\n# although not all choices may be available on all operating systems.\n# If running in a Windows environment this must be set to the same as your\n# system time zone.\nTIME_ZONE = 'UTC'\n\n# Language code for this installation. All choices can be found here:\n# http://www.i18nguy.com/unicode/language-identifiers.html\n# Default language for sending emails.\nLANGUAGE_CODE = 'en'\n\n# Custom language code choice.\nLANGUAGES = (\n    ('en', 'English'),\n    ('zh-cn', '\u7b80\u4f53\u4e2d\u6587'),\n    ('zh-tw', '\u7e41\u9ad4\u4e2d\u6587'),\n)\n\n# Set this to your website/company's name. This is contained in email notifications and welcome message when user login for the first time.\nSITE_NAME = 'Seafile'\n\n# Browser tab's title\nSITE_TITLE = 'Private Seafile'\n\n# If you don't want to run seahub website on your site's root path, set this option to your preferred path.\n# e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/.\nSITE_ROOT = '/'\n\n# Max number of files when user upload file/folder.\n# Since version 6.0.4\nMAX_NUMBER_OF_FILES_FOR_FILEUPLOAD = 500\n\n# Control the language that send email. Default to user's current language.\n# Since version 6.1.1\nSHARE_LINK_EMAIL_LANGUAGE = ''\n\n# Interval for browser requests unread notifications\n# Since PRO 6.1.4 or CE 6.1.2\nUNREAD_NOTIFICATIONS_REQUEST_INTERVAL = 3 * 60 # seconds\n\n# Whether to allow user to delete account, change login password or update basic user\n# info on profile page.\n# Since PRO 6.3.10\nENABLE_DELETE_ACCOUNT = False\nENABLE_UPDATE_USER_INFO = False\nENABLE_CHANGE_PASSWORD = False\n\n# Get web api auth token on profile page.\nENABLE_GET_AUTH_TOKEN_BY_SESSION = True\n\n# Since 8.0.6 CE/PRO version.\n# Url redirected to after user logout Seafile.\n# Usually configured as Single Logout url.\nLOGOUT_REDIRECT_URL = 'http{s}://www.example-url.com'\n\n\n# Enable system admin add T&C, all users need to accept terms before using. Defaults to `False`.\n# Since version 6.0\nENABLE_TERMS_AND_CONDITIONS = True\n\n# Enable two factor authentication for accounts. Defaults to `False`.\n# Since version 6.0\nENABLE_TWO_FACTOR_AUTH = True\n\n# Enable user select a template when he/she creates library.\n# When user select a template, Seafile will create folders releated to the pattern automaticly.\n# Since version 6.0\nLIBRARY_TEMPLATES = {\n    'Technology': ['/Develop/Python', '/Test'],\n    'Finance': ['/Current assets', '/Fixed assets/Computer']\n}\n\n# Enable a user to change password in 'settings' page. Default to `True`\n# Since version 6.2.11\nENABLE_CHANGE_PASSWORD = True\n\n# If show contact email when search user.\nENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER = True\n
                "},{"location":"config/seahub_settings_py/#pro-edition-only-options","title":"Pro edition only options","text":"
                # Whether to show the used traffic in user's profile popup dialog. Default is True\nSHOW_TRAFFIC = True\n\n# Allow administrator to view user's file in UNENCRYPTED libraries\n# through Libraries page in System Admin. Default is False.\nENABLE_SYS_ADMIN_VIEW_REPO = True\n\n# For un-login users, providing an email before downloading or uploading on shared link page.\n# Since version 5.1.4\nENABLE_SHARE_LINK_AUDIT = True\n\n# Check virus after upload files to shared upload links. Defaults to `False`.\n# Since version 6.0\nENABLE_UPLOAD_LINK_VIRUS_CHECK = True\n\n# Send email to these email addresses when a virus is detected.\n# This list can be any valid email address, not necessarily the emails of Seafile user.\n# Since version 6.0.8\nVIRUS_SCAN_NOTIFY_LIST = ['user_a@seafile.com', 'user_b@seafile.com']\n
                "},{"location":"config/seahub_settings_py/#restful-api","title":"RESTful API","text":"
                # API throttling related settings. Enlarger the rates if you got 429 response code during API calls.\nREST_FRAMEWORK = {\n    'DEFAULT_THROTTLE_RATES': {\n        'ping': '600/minute',\n        'anon': '5/minute',\n        'user': '300/minute',\n    },\n    'UNICODE_JSON': False,\n}\n\n# Throtting whitelist used to disable throttle for certain IPs.\n# e.g. REST_FRAMEWORK_THROTTING_WHITELIST = ['127.0.0.1', '192.168.1.1']\n# Please make sure `REMOTE_ADDR` header is configured in Nginx conf according to https://manual.seafile.com/12.0/setup_binary/ce/deploy_with_nginx.html.\nREST_FRAMEWORK_THROTTING_WHITELIST = []\n
                "},{"location":"config/seahub_settings_py/#seahub-custom-functions","title":"Seahub Custom Functions","text":"

                Since version 6.2, you can define a custom function to modify the result of user search function.

                For example, if you want to limit user only search users in the same institution, you can define custom_search_user function in {seafile install path}/conf/seahub_custom_functions/__init__.py

                Code example:

                import os\nimport sys\n\ncurrent_path = os.path.dirname(os.path.abspath(__file__))\nseahub_dir = os.path.join(current_path, \\\n        '../../seafile-server-latest/seahub/seahub')\nsys.path.append(seahub_dir)\n\nfrom seahub.profile.models import Profile\ndef custom_search_user(request, emails):\n\n    institution_name = ''\n\n    username = request.user.username\n    profile = Profile.objects.get_profile_by_user(username)\n    if profile:\n        institution_name = profile.institution\n\n    inst_users = [p.user for p in\n            Profile.objects.filter(institution=institution_name)]\n\n    filtered_emails = []\n    for email in emails:\n        if email in inst_users:\n            filtered_emails.append(email)\n\n    return filtered_emails\n

                You should NOT change the name of custom_search_user and seahub_custom_functions/__init__.py

                Since version 6.2.5 pro, if you enable the ENABLE_SHARE_TO_ALL_GROUPS feather on sysadmin settings page, you can also define a custom function to return the groups a user can share library to.

                For example, if you want to let a user to share library to both its groups and the groups of user test@test.com, you can define a custom_get_groups function in {seafile install path}/conf/seahub_custom_functions/__init__.py

                Code example:

                import os\nimport sys\n\ncurrent_path = os.path.dirname(os.path.abspath(__file__))\nseaserv_dir = os.path.join(current_path, \\\n        '../../seafile-server-latest/seafile/lib64/python2.7/site-packages')\nsys.path.append(seaserv_dir)\n\ndef custom_get_groups(request):\n\n    from seaserv import ccnet_api\n\n    groups = []\n    username = request.user.username\n\n    # for current user\n    groups += ccnet_api.get_groups(username)\n\n    # for 'test@test.com' user\n    groups += ccnet_api.get_groups('test@test.com')\n\n    return groups\n

                You should NOT change the name of custom_get_groups and seahub_custom_functions/__init__.py

                Tip

                • You need to restart seahub so that your changes take effect.
                Deploy in DockerDeploy from binary packages 
                docker compose restart\n
                cd /opt/seafile/seafile-server-latest\n./seahub.sh restart\n
                • If your changes don't take effect, You may need to delete 'seahub_setting.pyc'. (A cache file)
                "},{"location":"config/sending_email/","title":"Sending Email Notifications on Seahub","text":""},{"location":"config/sending_email/#types-of-email-sending-in-seafile","title":"Types of Email Sending in Seafile","text":"

                There are currently five types of emails sent in Seafile:

                • User resets his/her password
                • System admin adds new member
                • System admin resets user password
                • User sends file/folder share and upload link
                • Reminder of unread notifications

                The first four types of email are sent immediately. The last type is sent by a background task running periodically.

                "},{"location":"config/sending_email/#options-of-email-sending","title":"Options of Email Sending","text":"

                Please add the following lines to seahub_settings.py to enable email sending.

                EMAIL_USE_TLS = True\nEMAIL_HOST = 'smtp.example.com'        # smpt server\nEMAIL_HOST_USER = 'username@example.com'    # username and domain\nEMAIL_HOST_PASSWORD = 'password'    # password\nEMAIL_PORT = 587\nDEFAULT_FROM_EMAIL = EMAIL_HOST_USER\nSERVER_EMAIL = EMAIL_HOST_USER\n

                Note

                • If your email service still does not work, you can checkout the log file logs/seahub.log to see what may cause the problem. For a complete email notification list, please refer to email notification list.

                • If you want to use the email service without authentication leaf EMAIL_HOST_USER and EMAIL_HOST_PASSWORD blank (''). (But notice that the emails then will be sent without a From: address.)

                • About using SSL connection (using port 465)

                  • Port 587 is being used to establish a connection using STARTTLS and port 465 is being used to establish an SSL connection. Starting from Django 1.8, it supports both.
                  • If you want to use SSL on port 465, set EMAIL_USE_SSL = True instead of EMAIL_USE_TLS.
                "},{"location":"config/sending_email/#change-reply-to-of-email","title":"Change reply to of email","text":"

                You can change the reply to field of email by add the following settings to seahub_settings.py. This only affects email sending for file share link.

                # Set reply-to header to user's email or not, defaults to ``False``. For details,\n# please refer to http://www.w3.org/Protocols/rfc822/\nADD_REPLY_TO_HEADER = True\n
                "},{"location":"config/sending_email/#config-background-email-sending-task","title":"Config background email sending task","text":"

                The background task will run periodically to check whether an user have new unread notifications. If there are any, it will send a reminder email to that user. The background email sending task is controlled by seafevents.conf.

                [SEAHUB EMAIL]\n\n## must be \"true\" to enable user email notifications when there are new unread notifications\nenabled = true\n\n## interval of sending seahub email. Can be s(seconds), m(minutes), h(hours), d(days)\ninterval = 30m\n
                "},{"location":"config/sending_email/#customize-email-messages","title":"Customize email messages","text":"

                The simplest way to customize the email messages is setting the SITE_NAME variable in seahub_settings.py. If it is not enough for your case, you can customize the email templates.

                Tip

                Subject line may vary between different releases, this is based on Release 5.0.0. Restart Seahub so that your changes take effect.

                "},{"location":"config/sending_email/#the-email-base-template","title":"The email base template","text":"

                seahub/seahub/templates/email_base.html

                Tip

                You can copy email_base.html to seahub-data/custom/templates/email_base.html and modify the new one. In this way, the customization will be maintained after upgrade.

                "},{"location":"config/sending_email/#user-resets-hisher-password","title":"User resets his/her password","text":"

                Subject

                seahub/seahub/auth/forms.py line:127

                        send_html_email(_(\"Reset Password on %s\") % site_name,\n                  email_template_name, c, None, [user.username])\n

                Body

                seahub/seahub/templates/registration/password_reset_email.html

                Tip

                You can copy password_reset_email.html to seahub-data/custom/templates/registration/password_reset_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

                "},{"location":"config/sending_email/#system-admin-adds-new-member","title":"System admin adds new member","text":"

                Subject

                seahub/seahub/views/sysadmin.py line:424

                send_html_email(_(u'Password has been reset on %s') % SITE_NAME,\n            'sysadmin/user_reset_email.html', c, None, [email])\n

                Body

                seahub/seahub/templates/sysadmin/user_add_email.html

                Tip

                You can copy user_add_email.html to seahub-data/custom/templates/sysadmin/user_add_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

                "},{"location":"config/sending_email/#system-admin-resets-user-password","title":"System admin resets user password","text":"

                Subject

                seahub/seahub/views/sysadmin.py line:1224

                send_html_email(_(u'Password has been reset on %s') % SITE_NAME,\n            'sysadmin/user_reset_email.html', c, None, [email])\n

                Body

                seahub/seahub/templates/sysadmin/user_reset_email.html

                Tip

                You can copy user_reset_email.html to seahub-data/custom/templates/sysadmin/user_reset_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

                "},{"location":"config/sending_email/#user-sends-filefolder-share-link","title":"User sends file/folder share link","text":"

                Subject

                seahub/seahub/share/views.py line:913

                try:\n    if file_shared_type == 'f':\n        c['file_shared_type'] = _(u\"file\")\n        send_html_email(_(u'A file is shared to you on %s') % SITE_NAME,\n                        'shared_link_email.html',\n                        c, from_email, [to_email],\n                        reply_to=reply_to\n                        )\n    else:\n        c['file_shared_type'] = _(u\"directory\")\n        send_html_email(_(u'A directory is shared to you on %s') % SITE_NAME,\n                        'shared_link_email.html',\n                        c, from_email, [to_email],\n                        reply_to=reply_to)\n

                Body

                seahub/seahub/templates/shared_link_email.html

                seahub/seahub/templates/shared_upload_link_email.html

                Tip

                You can copy shared_link_email.html to seahub-data/custom/templates/shared_link_email.html and modify the new one. In this way, the customization will be maintained after upgrade.

                "},{"location":"config/sending_email/#reminder-of-unread-notifications","title":"Reminder of unread notifications","text":"

                Subject

                send_html_email(_('New notice on %s') % settings.SITE_NAME,\n                                'notifications/notice_email.html', c,\n                                None, [to_user])\n

                Body

                seahub/seahub/notifications/templates/notifications/notice_email.html

                "},{"location":"config/shibboleth_authentication/","title":"Shibboleth Authentication","text":"

                Shibboleth is a widely used single sign on (SSO) protocol. Seafile supports authentication via Shibboleth. It allows users from another organization to log in to Seafile without registering an account on the service provider.

                In this documentation, we assume the reader is familiar with Shibboleth installation and configuration. For introduction to Shibboleth concepts, please refer to https://shibboleth.atlassian.net/wiki/spaces/CONCEPT/overview .

                Shibboleth Service Provider (SP) should be installed on the same server as the Seafile server. The official SP from https://shibboleth.net/ is implemented as an Apache module. The module handles all Shibboleth authentication details. Seafile server receives authentication information (username) from HTTP request. The username then can be used as login name for the user.

                Seahub provides a special URL to handle Shibboleth login. The URL is https://your-seafile-domain/sso. Only this URL needs to be configured under Shibboleth protection. All other URLs don't go through the Shibboleth module. The overall workflow for a user to login with Shibboleth is as follows:

                1. In the Seafile login page, there is a separate \"Single Sign-On\" login button. When the user clicks the button, she/he will be redirected to https://your-seafile-domain/sso.
                2. Since that URL is controlled by Shibboleth, the user will be redirected to IdP for login. After the user logs in, she/he will be redirected back to https://your-seafile-domain/sso.
                3. This time the Shibboleth module passes the request to Seahub. Seahub reads the user information from the request(HTTP_REMOTE_USER header) and brings the user to her/his home page.
                4. All later access to Seahub will not pass through the Shibboleth module. Since Seahub keeps session information internally, the user doesn't need to login again until the session expires.

                Since Shibboleth support requires Apache, if you want to use Nginx, you need two servers, one for non-Shibboleth access, another configured with Apache to allow Shibboleth login. In a cluster environment, you can configure your load balancer to direct traffic to different server according to URL. Only the URL https://your-seafile-domain/sso needs to be directed to Apache.

                The configuration includes 3 steps:

                1. Install and configure Shibboleth Service Provider;
                2. Configure Apache;
                3. Configure Seahub.
                "},{"location":"config/shibboleth_authentication/#install-and-configure-shibboleth-service-provider","title":"Install and Configure Shibboleth Service Provider","text":"

                We use CentOS 7 as example.

                "},{"location":"config/shibboleth_authentication/#configure-apache","title":"Configure Apache","text":"

                You should create a new virtual host configuration for Shibboleth. And then restart Apache.

                <IfModule mod_ssl.c>\n    <VirtualHost _default_:443>\n        ServerName your-seafile-domain\n        DocumentRoot /var/www\n        Alias /media /opt/seafile/seafile-server-latest/seahub/media\n\n        ErrorLog ${APACHE_LOG_DIR}/seahub.error.log\n        CustomLog ${APACHE_LOG_DIR}/seahub.access.log combined\n\n        SSLEngine on\n        SSLCertificateFile  /path/to/ssl-cert.pem\n        SSLCertificateKeyFile /path/to/ssl-key.pem\n\n        <Location /Shibboleth.sso>\n            SetHandler shib\n            AuthType shibboleth\n            ShibRequestSetting requireSession 1\n            Require valid-user\n        </Location>\n\n        <Location /sso>\n            SetHandler shib\n            AuthType shibboleth\n            ShibUseHeaders On\n            ShibRequestSetting requireSession 1\n            Require valid-user\n        </Location>\n\n        RewriteEngine On\n        <Location /media>\n            Require all granted\n        </Location>\n\n        # seafile fileserver\n        ProxyPass /seafhttp http://127.0.0.1:8082\n        ProxyPassReverse /seafhttp http://127.0.0.1:8082\n        RewriteRule ^/seafhttp - [QSA,L]\n\n        # seahub\n        SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n        ProxyPass / http://127.0.0.1:8000/\n        ProxyPassReverse / http://127.0.0.1:8000/\n\n        # for http\n        # RequestHeader set REMOTE_USER %{REMOTE_USER}e\n        # for https\n        RequestHeader set REMOTE_USER %{REMOTE_USER}s\n    </VirtualHost>\n</IfModule>\n
                "},{"location":"config/shibboleth_authentication/#install-and-configure-shibboleth","title":"Install and Configure Shibboleth","text":"

                Installation and configuration of Shibboleth is out of the scope of this documentation. You can refer to the official Shibboleth document.

                "},{"location":"config/shibboleth_authentication/#configure-shibbolethsp","title":"Configure Shibboleth(SP)","text":""},{"location":"config/shibboleth_authentication/#shibboleth2xml","title":"shibboleth2.xml","text":"

                Open /etc/shibboleth/shibboleth2.xml and change some property. After you have done all the followings, don't forget to restart Shibboleth(SP)

                "},{"location":"config/shibboleth_authentication/#applicationdefaults-element","title":"ApplicationDefaults element","text":"

                Change entityID and REMOTE_USER property:

                <!-- The ApplicationDefaults element is where most of Shibboleth's SAML bits are defined. -->\n<ApplicationDefaults entityID=\"https://your-seafile-domain/sso\"\n    REMOTE_USER=\"mail\"\n    cipherSuites=\"DEFAULT:!EXP:!LOW:!aNULL:!eNULL:!DES:!IDEA:!SEED:!RC4:!3DES:!kRSA:!SSLv2:!SSLv3:!TLSv1:!TLSv1.1\">\n

                Seahub extracts the username from the REMOTE_USER environment variable. So you should modify your SP's shibboleth2.xml config file, so that Shibboleth translates your desired attribute into REMOTE_USER environment variable.

                In Seafile, only one of the following two attributes can be used for username: eppn, and mail. eppn stands for \"Edu Person Principal Name\". It is usually the UserPrincipalName attribute in Active Directory. It's not necessarily a valid email address. mail is the user's email address. You should set REMOTE_USER to either one of these attributes.

                "},{"location":"config/shibboleth_authentication/#sso-element","title":"SSO element","text":"

                Change entityID property:

                <!--\nConfigures SSO for a default IdP. To properly allow for >1 IdP, remove\nentityID property and adjust discoveryURL to point to discovery service.\nYou can also override entityID on /Login query string, or in RequestMap/htaccess.\n-->\n<SSO entityID=\"https://your-IdP-domain\">\n     <!--discoveryProtocol=\"SAMLDS\" discoveryURL=\"https://wayf.ukfederation.org.uk/DS\"-->\n  SAML2\n</SSO>\n
                "},{"location":"config/shibboleth_authentication/#metadataprovider-element","title":"MetadataProvider element","text":"

                Change url and backingFilePath property:

                <!-- Example of remotely supplied batch of signed metadata. -->\n<MetadataProvider type=\"XML\" validate=\"true\"\n            url=\"http://your-IdP-metadata-url\"\n      backingFilePath=\"your-IdP-metadata.xml\" maxRefreshDelay=\"7200\">\n    <MetadataFilter type=\"RequireValidUntil\" maxValidityInterval=\"2419200\"/>\n    <MetadataFilter type=\"Signature\" certificate=\"fedsigner.pem\" verifyBackup=\"false\"/>\n
                "},{"location":"config/shibboleth_authentication/#attribute-mapxml","title":"attribute-map.xml","text":"

                Open /etc/shibboleth/attribute-map.xml and change some property. After you have done all the followings, don't forget to restart Shibboleth(SP)

                "},{"location":"config/shibboleth_authentication/#attribute-element","title":"Attribute element","text":"

                Uncomment attribute elements for getting more user info:

                <!-- Older LDAP-defined attributes (SAML 2.0 names followed by SAML 1 names)... -->\n<Attribute name=\"urn:oid:2.16.840.1.113730.3.1.241\" id=\"displayName\"/>\n<Attribute name=\"urn:oid:0.9.2342.19200300.100.1.3\" id=\"mail\"/>\n\n<Attribute name=\"urn:mace:dir:attribute-def:displayName\" id=\"displayName\"/>\n<Attribute name=\"urn:mace:dir:attribute-def:mail\" id=\"mail\"/>\n
                "},{"location":"config/shibboleth_authentication/#upload-shibbolethsps-metadata","title":"Upload Shibboleth(SP)'s metadata","text":"

                After restarting Apache, you should be able to get the Service Provider metadata by accessing https://your-seafile-domain/Shibboleth.sso/Metadata. This metadata should be uploaded to the Identity Provider (IdP) server.

                "},{"location":"config/shibboleth_authentication/#configure-seahub","title":"Configure Seahub","text":"

                Add the following configuration to seahub_settings.py.

                ENABLE_SHIB_LOGIN = True\nSHIBBOLETH_USER_HEADER = 'HTTP_REMOTE_USER'\n# basic user attributes\nSHIBBOLETH_ATTRIBUTE_MAP = {\n    \"HTTP_DISPLAYNAME\": (False, \"display_name\"),\n    \"HTTP_MAIL\": (False, \"contact_email\"),\n}\nEXTRA_MIDDLEWARE = (\n    'shibboleth.middleware.ShibbolethRemoteUserMiddleware',\n)\nEXTRA_AUTHENTICATION_BACKENDS = (\n    'shibboleth.backends.ShibbolethRemoteUserBackend',\n)\n

                Seahub can process additional user attributes from Shibboleth. These attributes are saved into Seahub's database, as user's properties. They're all not mandatory. The internal user properties Seahub now supports are:

                • givenname
                • surname
                • contact_email: used for sending notification email to user if username is not a valid email address (like eppn).
                • institution: used to identify user's institution

                You can specify the mapping between Shibboleth attributes and Seahub's user properties in seahub_settings.py:

                SHIBBOLETH_ATTRIBUTE_MAP  = {\n    \"HTTP_GIVENNAME\": (False, \"givenname\"),\n    \"HTTP_SN\": (False, \"surname\"),\n    \"HTTP_MAIL\": (False, \"contact_email\"),\n    \"HTTP_ORGANIZATION\": (False, \"institution\"),\n}\n

                In the above config, the hash key is Shibboleth attribute name, the second element in the hash value is Seahub's property name. You can adjust the Shibboleth attribute name for your own needs.

                You may have to change attribute-map.xml in your Shibboleth SP, so that the desired attributes are passed to Seahub. And you have to make sure the IdP sends these attributes to the SP

                We also added an option SHIB_ACTIVATE_AFTER_CREATION (defaults to True) which control the user status after shibboleth connection. If this option set to False, user will be inactive after connection, and system admins will be notified by email to activate that account.

                "},{"location":"config/shibboleth_authentication/#affiliation-and-user-role","title":"Affiliation and user role","text":"

                Shibboleth has a field called affiliation. It is a list like: employee@uni-mainz.de;member@uni-mainz.de;faculty@uni-mainz.de;staff@uni-mainz.de.

                We are able to set user role from Shibboleth. Details about user role, please refer to Roles and Permissions

                To enable this, modify SHIBBOLETH_ATTRIBUTE_MAP above and add Shibboleth-affiliation field, you may need to change Shibboleth-affiliation according to your Shibboleth SP attributes.

                SHIBBOLETH_ATTRIBUTE_MAP  = {\n    \"HTTP_GIVENNAME\": (False, \"givenname\"),\n    \"HTTP_SN\": (False, \"surname\"),\n    \"HTTP_MAIL\": (False, \"contact_email\"),\n    \"HTTP_ORGANIZATION\": (False, \"institution\"),\n    \"HTTP_Shibboleth-affiliation\": (False, \"affiliation\"),\n}\n

                Then add new config to define affiliation role map,

                SHIBBOLETH_AFFILIATION_ROLE_MAP = {\n    'employee@uni-mainz.de': 'staff',\n    'member@uni-mainz.de': 'staff',\n    'student@uni-mainz.de': 'student',\n    'employee@hu-berlin.de': 'guest',\n    'patterns': (\n        ('*@hu-berlin.de', 'guest1'),\n        ('*@*.de', 'guest2'),\n        ('*', 'guest'),\n    ),\n}\n

                After Shibboleth login, Seafile should calcualte user's role from affiliation and SHIBBOLETH_AFFILIATION_ROLE_MAP.

                "},{"location":"config/shibboleth_authentication/#verify","title":"Verify","text":"

                After restarting Apache and Seahub service (./seahub.sh restart), you can then test the shibboleth login workflow.

                "},{"location":"config/shibboleth_authentication/#debug","title":"Debug","text":"

                If you encountered problems when login, follow these steps to get debug info (for Seafile pro 6.3.13).

                "},{"location":"config/shibboleth_authentication/#add-this-setting-to-seahub_settingspy","title":"Add this setting to seahub_settings.py","text":"
                DEBUG = True\n
                "},{"location":"config/shibboleth_authentication/#change-seafiles-code","title":"Change Seafile's code","text":"

                Open seafile-server-latest/seahub/thirdpart/shibboleth/middleware.py

                Insert the following code in line 59

                    assert False\n

                Insert the following code in line 65

                if not username:\n    assert False\n

                The complete code after these changes is as follows:

                #Locate the remote user header.\n# import pprint; pprint.pprint(request.META)\ntry:\n    username = request.META[SHIB_USER_HEADER]\nexcept KeyError:\n    assert False\n    # If specified header doesn't exist then return (leaving\n    # request.user set to AnonymousUser by the\n    # AuthenticationMiddleware).\n    return\n\nif not username:\n    assert False\n\np_id = ccnet_api.get_primary_id(username)\nif p_id is not None:\n    username = p_id\n

                Then restart Seafile and relogin, you will see debug info in web page.

                "},{"location":"config/single_sign_on/","title":"Single Sign On support in Seafile","text":"

                Seafile supports most of the popular single-sign-on authentication protocols. Some are included in Community Edition, some are only in Pro Edition.

                In the Community Edition:

                • Shibboleth
                • OAuth
                • Remote User (Proxy Server)
                • Auto Login to SeaDrive on Windows

                Kerberos authentication can be integrated by using Apache as a proxy server and follow the instructions in Remote User Authentication and Auto Login SeaDrive on Windows.

                In Pro Edition:

                • ADFS or SAML 2.0
                "},{"location":"develop/","title":"Develop Documents","text":"

                Build Seafile

                • How to Build Seafile
                • How to Setup Development Environment

                Seafile Open API

                • Seafile Web API
                • Seafile PHP API

                Seafile Implement Details

                • Seafile Data Model
                "},{"location":"develop/build_seafile/","title":"How to Build Seafile","text":"

                You can build Seafile from our source code package or from the Github repo directly.

                Client

                • Linux
                • Max OS X
                • Windows

                Server

                • Build Seafile server
                "},{"location":"develop/data_model/","title":"Data Model","text":"

                Seafile internally uses a data model similar to GIT's. It consists of Repo, Commit, FS, and Block.

                Seafile's high performance comes from the architectural design: stores file metadata in object storage (or file system), while only stores small amount of metadata about the libraries in relational database. An overview of the architecture can be depicted as below. We'll describe the data model in more details.

                "},{"location":"develop/data_model/#repo","title":"Repo","text":"

                A repo is also called a library. Every repo has an unique id (UUID), and attributes like description, creator, password.

                The metadata for a repo is stored in seafile_db database and the commit objects (see description in later section).

                There are a few tables in the seafile_db database containing important information about each repo.

                • Repo: contains the ID for each repo.
                • RepoOwner: contains the owner id for each repo.
                • RepoInfo: it is a \"cache\" table for fast access to repo metadata stored in the commit object. It includes repo name, update time, last modifier.
                • RepoSize: the total size of all files in the repo.
                • RepoFileCount: the file count in the repo.
                • RepoHead: contains the \"head commit ID\". This ID points to the head commit in the storage, which will be described in the next section.
                "},{"location":"develop/data_model/#commit","title":"Commit","text":"

                Commit objects save the change history of a repo. Each update from the web interface, or sync upload operation will create a new commit object. A commit object contains the following information: commit ID, library name, creator of this commit (a.k.a. the modifier), creation time of this commit (a.k.a. modification time), root fs object ID, parent commit ID.

                The root fs object ID points to the root FS object, from which we can traverse a file system snapshot for the repo.

                The parent commit ID points to the last commit previous to the current commit. The RepoHead table contains the latest head commit ID for each repo. From this head commit, we can traverse the repo history.

                If you use file system as storage backend, commit objects are stored in the path seafile-data/storage/commits/<repo_id>. If you use object storage, commit objects are stored in the commits bucket.

                "},{"location":"develop/data_model/#fs","title":"FS","text":"

                There are two types of FS objects, SeafDir Object and Seafile Object. SeafDir Object represents a directory, and Seafile Object represents a file.

                The SeafDir object contains metadata for each file/sub-folder, which includes name, last modification time, last modifier, size, and object ID. The object ID points to another SeafDir or Seafile object. The Seafile object contains a block list, which is a list of block IDs for the file.

                The FS object IDs are calculated based on the contents of the object. That means if a folder or a file is not changed, the same objects will be reused across multiple commits. This allow us to create snapshots very efficiently.

                If you use file system as storage backend, commit objects are stored in the path seafile-data/storage/fs/<repo_id>. If you use object storage, commit objects are stored in the fs bucket.

                "},{"location":"develop/data_model/#block","title":"Block","text":"

                A file is further divided into blocks with variable lengths. We use Content Defined Chunking algorithm to divide file into blocks. A clear overview of this algorithm can be found at http://pdos.csail.mit.edu/papers/lbfs:sosp01/lbfs.pdf. On average, a block's size is around 8MB.

                This mechanism makes it possible to deduplicate data between different versions of frequently updated files, improving storage efficiency. It also enables transferring data to/from multiple servers in parallel.

                If you use file system as storage backend, commit objects are stored in the path seafile-data/storage/blocks/<repo_id>. If you use object storage, commit objects are stored in the blocks bucket.

                "},{"location":"develop/data_model/#virtual-repo","title":"Virtual Repo","text":"

                A \"virtual repo\" is a special repo that will be created in the cases below:

                • A folder in a library is shared.
                • A folder in a library is synced selectively from the sync client.

                A virtual repo can be understood as a view for part of the data in its parent library. For example, when sharing a folder, the virtual repo only provides access to the shared folder in that library. Virtual repo use the same underlying data as the parent library. So virtual repos use the same fs and blocks storage location as its parent.

                Virtual repo has its own change history. So it has separate commits storage location from its parent. The changes in virtual repo and its parent repo will be bidirectional merged. So that changes from each side can be seen from another.

                There is a VirtualRepo table in seafile_db database. It contains the folder path in the parent repo for each virtual repo.

                "},{"location":"develop/linux/","title":"Linux","text":""},{"location":"develop/linux/#preparation","title":"Preparation","text":"

                The following list is what you need to install on your development machine. You should install all of them before you build Seafile.

                Package names are according to Ubuntu 14.04. For other Linux distros, please find their corresponding names yourself.

                • autoconf/automake/libtool
                • libevent-dev ( 2.0 or later )
                • libcurl4-openssl-dev (1.0.0 or later)
                • libgtk2.0-dev ( 2.24 or later)
                • uuid-dev
                • intltool (0.40 or later)
                • libsqlite3-dev (3.7 or later)
                • valac (only needed if you build from git repo)
                • libjansson-dev
                • qtchooser
                • qtbase5-dev
                • libqt5webkit5-dev
                • qttools5-dev
                • qttools5-dev-tools
                • valac
                • cmake
                • python-simplejson (for seaf-cli)
                • libssl-dev
                • libargon2-dev
                UbuntuFedora 20/23 
                sudo apt-get install autoconf automake libtool libevent-dev libcurl4-openssl-dev libgtk2.0-dev uuid-dev intltool libsqlite3-dev valac libjansson-dev cmake qtchooser qtbase5-dev libqt5webkit5-dev qttools5-dev qttools5-dev-tools libssl-dev libargon2-dev\n
                $ sudo yum install wget gcc libevent-devel openssl-devel gtk2-devel libuuid-devel sqlite-devel jansson-devel intltool cmake libtool vala gcc-c++ qt5-qtbase-devel qt5-qttools-devel qt5-qtwebkit-devel libcurl-devel openssl-devel argon2-devel\n
                "},{"location":"develop/linux/#building","title":"Building","text":"

                First you should get the latest source of libsearpc/ccnet/seafile/seafile-client:

                Download the source tarball of the latest tag from

                • https://github.com/haiwen/libsearpc/tags (use v3.2-latest)
                • https://github.com/haiwen/seafile/tags
                • https://github.com/haiwen/seafile-client/tags

                For example, if the latest released seafile client is 8.0.0, then just use the v8.0.0 tags of the four projects. You should get four tarballs:

                • libsearpc-v3.2-latest.tar.gz
                • seafile-8.0.0.tar.gz
                • seafile-client-8.0.0.tar.gz
                # without alias wget= might not work\nshopt -s expand_aliases\n\nexport version=8.0.0\nalias wget='wget --content-disposition -nc'\nwget https://github.com/haiwen/libsearpc/archive/v3.2-latest.tar.gz\nwget https://github.com/haiwen/ccnet/archive/v${version}.tar.gz \nwget https://github.com/haiwen/seafile/archive/v${version}.tar.gz\nwget https://github.com/haiwen/seafile-client/archive/v${version}.tar.gz\n

                Now uncompress them:

                tar xf libsearpc-3.2-latest.tar.gz\ntar xf ccnet-${version}.tar.gz\ntar xf seafile-${version}.tar.gz\ntar xf seafile-client-${version}.tar.gz\n

                To build Seafile client, you need first build libsearpc and ccnet, seafile.

                "},{"location":"develop/linux/#set-paths","title":"set paths","text":"
                export PREFIX=/usr\nexport PKG_CONFIG_PATH=\"$PREFIX/lib/pkgconfig:$PKG_CONFIG_PATH\"\nexport PATH=\"$PREFIX/bin:$PATH\"\n
                "},{"location":"develop/linux/#libsearpc","title":"libsearpc","text":"
                cd libsearpc-3.2-latest\n./autogen.sh\n./configure --prefix=$PREFIX\nmake\nsudo make install\ncd ..\n
                "},{"location":"develop/linux/#seafile","title":"seafile","text":"

                In order to support notification server, you need to build libwebsockets first. 

                git clone --branch=v4.3.0 https://github.com/warmcat/libwebsockets\ncd libwebsockets\nmkdir build\ncd build\ncmake ..\nmake\nsudo make install\ncd ..\n

                You can set --enable-ws to no to disable notification server. After that, you can build seafile:

                cd seafile-${version}/\n./autogen.sh\n./configure --prefix=$PREFIX --disable-fuse\nmake\nsudo make install\ncd ..\n
                "},{"location":"develop/linux/#seafile-client","title":"seafile-client","text":"
                cd seafile-client-${version}\ncmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=$PREFIX .\nmake\nsudo make install\ncd ..\n
                "},{"location":"develop/linux/#custom-prefix","title":"custom prefix","text":"

                when installing to a custom $PREFIX, i.e. /opt, you may need a script to set the path variables correctly

                cat >$PREFIX/bin/seafile-applet.sh <<END\n#!/bin/bash\nexport LD_LIBRARY_PATH=\"$PREFIX/lib:$LD_LIBRARY_PATH\"\nexport PATH=\"$PREFIX/bin:$PATH\"\nexec seafile-applet $@\nEND\ncat >$PREFIX/bin/seaf-cli.sh <<END\nexport LD_LIBRARY_PATH=\"$PREFIX/lib:$LD_LIBRARY_PATH\"\nexport PATH=\"$PREFIX/bin:$PATH\"\nexport PYTHONPATH=$PREFIX/lib/python2.7/site-packages\nexec seaf-cli $@\nEND\nchmod +x $PREFIX/bin/seafile-applet.sh $PREFIX/bin/seaf-cli.sh\n

                you can now start the client with $PREFIX/bin/seafile-applet.sh.

                "},{"location":"develop/osx/","title":"macOS","text":""},{"location":"develop/osx/#environment-setup","title":"Environment Setup","text":"

                The following setups are required for building and packaging Sync Client on macOS:

                • XCode 13.2 (or later)
                  • After installing XCode, you can start XCode once so that it automatically installs the rest of the components.
                • Qt 6.2
                • MacPorts
                  • Modify /opt/local/etc/macports/macports.conf to add configuration universal_archs arm64 x86_64. Specifies the architecture on which MapPorts is compiled.
                  • Modify /opt/local/etc/macports/variants.conf to add configuration +universal. MacPorts installs universal versions of all ports.
                  • Install other dependencies: sudo port install autoconf automake pkgconfig libtool glib2 libevent vala openssl git jansson cmake libwebsockets argon2.
                • Certificates
                  • Create certificate signing requests for certification, see https://developer.apple.com/help/account/create-certificates/create-a-certificate-signing-request.
                  • Create a Developer ID Application certificate and a Developer ID Installer certificate, see https://developer.apple.com/help/account/create-certificates/create-developer-id-certificates. Install them to the login keychain.
                  • Install the Developer ID Intermediate Certificate (Developer ID - G2), from https://www.apple.com/certificateauthority/
                • dropDMG
                • bash environments
                  • add following lines to the ~/.bash_profile file:
                    export PKG_CONFIG_PATH=$PKG_CONFIG_PATH:/opt/local/lib/pkgconfig:/usr/local/lib/pkgconfig\nexport PATH=/opt/local/bin:/usr/local/bin:/opt/local/Library/Frameworks/Python.framework/Versions/3.10/bin:$PATH\nexport LDFLAGS=\"-L/opt/local/lib -L/usr/local/lib\"\nexport CFLAGS=\"-I/opt/local/include -I/usr/local/include\"\nexport CPPFLAGS=\"-I/opt/local/include -I/usr/local/include\"\nexport LD_LIBRARY_PATH=/opt/lib:/usr/local/lib:/opt/local/lib/:/usr/local/lib/:$LD_LIBRARY_PATH\n\nQT_BASE=$HOME/Qt/6.2.4/macos\nexport PATH=$QT_BASE/bin:$PATH\nexport PKG_CONFIG_PATH=$QT_BASE/lib/pkgconfig:$PKG_CONFIG_PATH\nexport NOTARIZE_APPLE_ID=\"Your notarize account\"\nexport NOTARIZE_PASSWORD=\"Your notarize password\"\nexport NOTARIZE_TEAM_ID=\"Your notarize team id\"\n
                "},{"location":"develop/osx/#building-sync-client","title":"Building Sync Client","text":"

                Following directory structures are expected when building Sync Client:

                seafile-workspace/\nseafile-workspace/libsearpc/\nseafile-workspace/seafile/\nseafile-workspace/seafile-client/\n

                The source code of these projects can be downloaded at github.com/haiwen/libsearpc, github.com/haiwen/seafile, and github.com/haiwen/seafile-client.

                "},{"location":"develop/osx/#building","title":"Building","text":"

                Note: the building commands have been included in the packaging script, you can skip building commands while packaging.

                To build libsearpc:

                $ cd seafile-workspace/libsearpc/\n$ ./autogen.sh\n$ ./configure --disable-compile-demo --enable-compile-universal=yes\n$ make\n$ make install\n

                To build seafile:

                $ cd seafile-workspace/seafile/\n$ ./autogen.sh\n$ ./configure --disable-fuse --enable-compile-universal=yes\n$ make\n$ make install\n

                To build seafile-client:

                $ cd seafile-workspace/seafile-client/\n$ cmake -GXcode -B. -S.\n$ xcodebuild -target seafile-applet -configuration Release\n
                "},{"location":"develop/osx/#packaging","title":"Packaging","text":"
                1. Update the CERT_ID in seafile-workspace/seafile/scripts/build/build-mac-local-py3.py to the ID of Developer ID Application.
                2. Run the packaging script: python3 build-mac-local-py3.py --brand=\"\" --version=1.0.0 --nostrip --universal
                "},{"location":"develop/rpi/","title":"How to Build Seafile Server Release Package","text":"

                From Seafile 11.0, you can build Seafile release package with seafile-build script. You can check the README.md file in the same folder for detailed instructions.

                The seafile-build.sh compatible with more platforms, including Raspberry Pi, arm-64, x86-64.

                Old version is below:

                Table of contents:

                • Setup the build environment
                • Install packages
                • Compile development libraries
                • Install Python libraries
                • Prepare source code
                • Fetch git tags and prepare source tarballs
                • Run the packaging script
                • Test the built package
                • Test a fresh install
                • Test upgrading
                "},{"location":"develop/rpi/#setup-the-build-environment","title":"Setup the build environment","text":"

                Requirements:

                • A raspberry pi with raspian distribution installed.
                "},{"location":"develop/rpi/#install-packages","title":"Install packages","text":"
                sudo apt-get install build-essential\nsudo apt-get install libevent-dev libcurl4-openssl-dev libglib2.0-dev uuid-dev intltool libsqlite3-dev libmysqlclient-dev libarchive-dev libtool libjansson-dev valac libfuse-dev re2c flex python-setuptools cmake\n
                "},{"location":"develop/rpi/#compile-development-libraries","title":"Compile development libraries","text":""},{"location":"develop/rpi/#libevhtp","title":"libevhtp","text":"

                libevhtp is a http server libary on top of libevent. It's used in seafile file server.

                git clone https://www.github.com/haiwen/libevhtp.git\ncd libevhtp\ncmake -DEVHTP_DISABLE_SSL=ON -DEVHTP_BUILD_SHARED=OFF .\nmake\nsudo make install\n

                After compiling all the libraries, run ldconfig to update the system libraries cache:

                sudo ldconfig\n
                "},{"location":"develop/rpi/#install-python-libraries","title":"Install python libraries","text":"

                Create a new directory /home/pi/dev/seahub_thirdpart:

                mkdir -p ~/dev/seahub_thirdpart\n

                Download these tarballs to /tmp/:

                • pytz
                • Django
                • django-statici18n
                • djangorestframework
                • django_compressor
                • jsonfield
                • django-post_office
                • gunicorn
                • flup
                • chardet
                • python-dateutil
                • six
                • django-picklefield
                • django-constance
                • jdcal
                • et_xmlfile
                • openpyxl
                • futures
                • django-formtools
                • qrcode

                Install all these libaries to /home/pi/dev/seahub_thirdpart:

                cd ~/dev/seahub_thirdpart\nexport PYTHONPATH=.\npip install -t ~/dev/seahub_thirdpart/ /tmp/pytz-2016.1.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/Django-1.8.10.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/django-statici18n-1.1.3.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/djangorestframework-3.3.2.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/django_compressor-1.4.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/jsonfield-1.0.3.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/django-post_office-2.0.6.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/gunicorn-19.4.5.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/flup-1.0.2.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/chardet-2.3.0.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/python-dateutil-1.5.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/six-1.9.0.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/django-picklefield-0.3.2.tar.gz\nwget -O /tmp/django_constance.zip https://github.com/haiwen/django-constance/archive/bde7f7c.zip\npip install -t ~/dev/seahub_thirdpart/ /tmp/django_constance.zip\npip install -t ~/dev/seahub_thirdpart/ /tmp/jdcal-1.2.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/et_xmlfile-1.0.1.tar.gz\npip install -t ~/dev/seahub_thirdpart/ /tmp/openpyxl-2.3.0.tar.gz\n
                "},{"location":"develop/rpi/#prepare-seafile-source-code","title":"Prepare seafile source code","text":"

                To build seafile server, there are four sub projects involved:

                • libsearpc
                • ccnet-server
                • seafile-server
                • seahub

                The build process has two steps:

                • First, fetch the tags of each projects, and make a soruce tarball for each of them.
                • Then run a build-server.py script to build the server package from the source tarballs.
                "},{"location":"develop/rpi/#fetch-git-tags-and-prepare-source-tarballs","title":"Fetch git tags and prepare source tarballs","text":"

                Seafile manages the releases in tags on github.

                Assume we are packaging for seafile server 6.0.1, then the tags are:

                • ccnet-server, seafile-server, and seahub would all have a v6.0.1-sever tag.
                • libsearpc would have the v3.0-latest tag (libsearpc has been quite stable and basically has no further development, so the tag is always v3.0-latest)

                First setup the PKG_CONFIG_PATH enviroment variable (So we don't need to make and make install libsearpc/ccnet/seafile into the system):

                export PKG_CONFIG_PATH=/home/pi/dev/seafile/lib:$PKG_CONFIG_PATH\nexport PKG_CONFIG_PATH=/home/pi/dev/libsearpc:$PKG_CONFIG_PATH\nexport PKG_CONFIG_PATH=/home/pi/dev/ccnet:$PKG_CONFIG_PATH\n
                "},{"location":"develop/rpi/#libsearpc","title":"libsearpc","text":"
                cd ~/dev\ngit clone https://github.com/haiwen/libsearpc.git\ncd libsearpc\ngit reset --hard v3.0-latest\n./autogen.sh\n./configure\nmake dist\n
                "},{"location":"develop/rpi/#ccnet","title":"ccnet","text":"
                cd ~/dev\ngit clone https://github.com/haiwen/ccnet-server.git\ncd ccnet\ngit reset --hard v6.0.1-server\n./autogen.sh\n./configure\nmake dist\n
                "},{"location":"develop/rpi/#seafile","title":"seafile","text":"
                cd ~/dev\ngit clone https://github.com/haiwen/seafile-server.git\ncd seafile\ngit reset --hard v6.0.1-server\n./autogen.sh\n./configure\nmake dist\n
                "},{"location":"develop/rpi/#seahub","title":"seahub","text":"
                cd ~/dev\ngit clone https://github.com/haiwen/seahub.git\ncd seahub\ngit reset --hard v6.0.1-server\n./tools/gen-tarball.py --version=6.0.1 --branch=HEAD\n
                "},{"location":"develop/rpi/#seafobj","title":"seafobj","text":"
                cd ~/dev\ngit clone https://github.com/haiwen/seafobj.git\ncd seafobj\ngit reset --hard v6.0.1-server\nmake dist\n
                "},{"location":"develop/rpi/#seafdav","title":"seafdav","text":"
                cd ~/dev\ngit clone https://github.com/haiwen/seafdav.git\ncd seafdav\ngit reset --hard v6.0.1-server\nmake\n
                "},{"location":"develop/rpi/#copy-the-source-tar-balls-to-the-same-folder","title":"Copy the source tar balls to the same folder","text":"
                mkdir ~/seafile-sources\ncp ~/dev/libsearpc/libsearpc-<version>-tar.gz ~/seafile-sources\ncp ~/dev/ccnet/ccnet-<version>-tar.gz ~/seafile-sources\ncp ~/dev/seafile/seafile-<version>-tar.gz ~/seafile-sources\ncp ~/dev/seahub/seahub-<version>-tar.gz ~/seafile-sources\n\ncp ~/dev/seafobj/seafobj.tar.gz ~/seafile-sources\ncp ~/dev/seafdav/seafdav.tar.gz ~/seafile-sources\n
                "},{"location":"develop/rpi/#run-the-packaging-script","title":"Run the packaging script","text":"

                Now we have all the tarballs prepared, we can run the build-server.py script to build the server package.

                mkdir ~/seafile-server-pkgs\n~/dev/seafile/scripts/build-server.py --libsearpc_version=<libsearpc_version> --ccnet_version=<ccnet_version> --seafile_version=<seafile_version> --seahub_version=<seahub_version> --srcdir=  --thirdpartdir=/home/pi/dev/seahub_thirdpart --srcdir=/home/pi/seafile-sources --outputdir=/home/pi/seafile-server-pkgs\n

                After the script finisheds, we would get a seafile-server_6.0.1_pi.tar.gz in ~/seafile-server-pkgs folder.

                "},{"location":"develop/rpi/#test-the-built-package","title":"Test the built package","text":""},{"location":"develop/rpi/#test-a-fresh-install","title":"Test a fresh install","text":"

                The test should cover these steps at least:

                • The setup process is ok
                • After seafile.sh start and seahub.sh start, you can login from a browser.
                • Uploading/Downloading files through a web browser works correctly.
                • Seafile WebDAV server works correctly
                "},{"location":"develop/rpi/#test-upgrading-from-a-previous-version","title":"Test upgrading from a previous version","text":"
                • Download the package of the previous version seafile server, and setup it.
                • Upgrading according to the manual
                • After the upgrade, check the functionality is ok:
                • Uploading/Downloading files through a web browser works correctly.
                • Seafile WebDAV server works correctly
                "},{"location":"develop/server/","title":"Server development","text":"

                This is the document for deploying Seafile open source development environment in Ubuntu 2204 docker container.

                "},{"location":"develop/server/#create-persistent-directories","title":"Create persistent directories","text":"

                Login a linux server as root user, then:

                mkdir -p /root/seafile-ce-docker/source-code\nmkdir -p /root/seafile-ce-docker/conf\nmkdir -p /root/seafile-ce-docker/logs\nmkdir -p /root/seafile-ce-docker/mysql-data\nmkdir -p /root/seafile-ce-docker/seafile-data/library-template\n
                "},{"location":"develop/server/#run-a-container","title":"Run a container","text":"

                After install docker, start a container to deploy seafile open source development environment.

                docker run --mount type=bind,source=/root/seafile-ce-docker/source-code,target=/root/dev/source-code \\\n           --mount type=bind,source=/root/seafile-ce-docker/conf,target=/root/dev/conf \\\n           --mount type=bind,source=/root/seafile-ce-docker/logs,target=/root/dev/logs \\\n           --mount type=bind,source=/root/seafile-ce-docker/seafile-data,target=/root/dev/seafile-data \\\n           --mount type=bind,source=/root/seafile-ce-docker/mysql-data,target=/var/lib/mysql \\\n           -it -p 8000:8000 -p 8082:8082 -p 3000:3000 --name seafile-ce-env ubuntu:22.04 bash\n

                Note, the following commands are all executed in the seafile-ce-env docker container.

                "},{"location":"develop/server/#update-source-and-install-dependencies","title":"Update Source and Install Dependencies.","text":"

                Update base system and install base dependencies:

                apt-get update && apt-get upgrade -y\n\napt-get install -y ssh libevent-dev libcurl4-openssl-dev libglib2.0-dev uuid-dev intltool libsqlite3-dev libmysqlclient-dev libarchive-dev libtool libjansson-dev valac libfuse-dev python3-dateutil cmake re2c flex sqlite3 python3-pip python3-simplejson git libssl-dev libldap2-dev libonig-dev vim vim-scripts wget cmake gcc autoconf automake mysql-client librados-dev libxml2-dev curl sudo telnet netcat unzip netbase ca-certificates apt-transport-https build-essential libxslt1-dev libffi-dev libpcre3-dev libz-dev xz-utils nginx pkg-config poppler-utils libmemcached-dev sudo ldap-utils libldap2-dev libjwt-dev\n

                Install Node 16 from nodesource:

                curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | sudo gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg\necho \"deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_16.x nodistro main\" | sudo tee /etc/apt/sources.list.d/nodesource.list\napt-get install -y nodejs\n

                Install other Python 3 dependencies:

                apt-get install -y python3 python3-dev python3-pip python3-setuptools python3-ldap\n\npython3 -m pip install --upgrade pip\n\npip3 install Django==4.2.* django-statici18n==2.3.* django_webpack_loader==1.7.* django_picklefield==3.1 django_formtools==2.4 django_simple_captcha==0.6.* djangosaml2==1.5.* djangorestframework==3.14.* python-dateutil==2.8.* pyjwt==2.6.* pycryptodome==3.16.* python-cas==1.6.* pysaml2==7.2.* requests==2.28.* requests_oauthlib==1.3.* future==0.18.* gunicorn==20.1.* mysqlclient==2.1.* qrcode==7.3.* pillow==10.2.* chardet==5.1.* cffi==1.15.1 captcha==0.5.* openpyxl==3.0.* Markdown==3.4.* bleach==5.0.* python-ldap==3.4.* sqlalchemy==2.0.18 redis mock pytest pymysql configparser pylibmc django-pylibmc nose exam splinter pytest-django\n
                "},{"location":"develop/server/#install-mariadb-and-create-databases","title":"Install MariaDB and Create Databases","text":"
                apt-get install -y mariadb-server\nservice mariadb start\nmysqladmin -u root password your_password\n

                sql for create databases

                mysql -uroot -pyour_password -e \"CREATE DATABASE ccnet CHARACTER SET utf8;\"\nmysql -uroot -pyour_password -e \"CREATE DATABASE seafile CHARACTER SET utf8;\"\nmysql -uroot -pyour_password -e \"CREATE DATABASE seahub CHARACTER SET utf8;\"\n
                "},{"location":"develop/server/#download-source-code","title":"Download Source Code","text":"
                cd ~/\ncd ~/dev/source-code\n\ngit clone https://github.com/haiwen/libevhtp.git\ngit clone https://github.com/haiwen/libsearpc.git\ngit clone https://github.com/haiwen/seafile-server.git\ngit clone https://github.com/haiwen/seafevents.git\ngit clone https://github.com/haiwen/seafobj.git\ngit clone https://github.com/haiwen/seahub.git\n\ncd libevhtp/\ngit checkout tags/1.1.7 -b tag-1.1.7\n\ncd ../libsearpc/\ngit checkout tags/v3.3-latest -b tag-v3.3-latest\n\ncd ../seafile-server\ngit checkout tags/v11.0.5-server -b tag-v11.0.5-server\n\ncd ../seafevents\ngit checkout tags/v11.0.5-server -b tag-v11.0.5-server\n\ncd ../seafobj\ngit checkout tags/v11.0.5-server -b tag-v11.0.5-server\n\ncd ../seahub\ngit checkout tags/v11.0.5-server -b tag-v11.0.5-server\n
                "},{"location":"develop/server/#compile-and-install-seaf-server","title":"Compile and Install seaf-server","text":"
                cd ../libevhtp\ncmake -DEVHTP_DISABLE_SSL=ON -DEVHTP_BUILD_SHARED=OFF .\nmake\nmake install\nldconfig\n\ncd ../libsearpc\n./autogen.sh\n./configure\nmake\nmake install\nldconfig\n\ncd ../seafile-server\n./autogen.sh\n./configure --disable-fuse\nmake\nmake install\nldconfig\n
                "},{"location":"develop/server/#create-conf-files","title":"Create Conf Files","text":"
                cd ~/dev/conf\n\ncat > ccnet.conf  <<EOF\n[Database]\nENGINE = mysql\nHOST = localhost\nPORT = 3306\nUSER = root\nPASSWD = 123456\nDB = ccnet\nCONNECTION_CHARSET = utf8\nCREATE_TABLES = true\nEOF\n\ncat > seafile.conf  <<EOF\n[database]\ntype = mysql\nhost = localhost\nport = 3306\nuser = root\npassword = 123456\ndb_name = seafile\nconnection_charset = utf8\ncreate_tables = true\nEOF\n\ncat > seafevents.conf  <<EOF\n[DATABASE]\ntype = mysql\nusername = root\npassword = 123456\nname = seahub\nhost = localhost\nEOF\n\ncat > seahub_settings.py  <<EOF\nDATABASES = {\n    'default': {\n        'ENGINE': 'django.db.backends.mysql',\n        'NAME': 'seahub',\n        'USER': 'root',\n        'PASSWORD': '123456',\n        'HOST': 'localhost',\n        'PORT': '3306',\n    }\n}\nFILE_SERVER_ROOT = 'http://127.0.0.1:8082'\nSERVICE_URL = 'http://127.0.0.1:8000'\nEOF\n
                "},{"location":"develop/server/#start-seaf-server","title":"Start seaf-server","text":"
                seaf-server -F /root/dev/conf -d /root/dev/seafile-data -l /root/dev/logs/seafile.log >> /root/dev/logs/seafile.log 2>&1 &\n
                "},{"location":"develop/server/#start-seafevents-and-seahub","title":"Start seafevents and seahub","text":""},{"location":"develop/server/#prepare-environment-variables","title":"Prepare environment variables","text":"
                export CCNET_CONF_DIR=/root/dev/conf\nexport SEAFILE_CONF_DIR=/root/dev/seafile-data\nexport SEAFILE_CENTRAL_CONF_DIR=/root/dev/conf\nexport SEAHUB_DIR=/root/dev/source-code/seahub\nexport SEAHUB_LOG_DIR=/root/dev/logs\nexport PYTHONPATH=/usr/local/lib/python3.10/dist-packages/:/usr/local/lib/python3.10/site-packages/:/root/dev/source-code/:/root/dev/source-code/seafobj/:/root/dev/source-code/seahub/thirdpart:$PYTHONPATH\n
                "},{"location":"develop/server/#start-seafevents","title":"Start seafevents","text":"
                cd /root/dev/source-code/seafevents/\npython3 main.py --loglevel=debug --logfile=/root/dev/logs/seafevents.log --config-file /root/dev/conf/seafevents.conf >> /root/dev/logs/seafevents.log 2>&1 &\n
                "},{"location":"develop/server/#start-seahub","title":"Start seahub","text":""},{"location":"develop/server/#create-seahub-database-tables","title":"Create seahub database tables","text":"
                cd /root/dev/source-code/seahub/\npython3 manage.py migrate\n
                "},{"location":"develop/server/#create-user","title":"Create user","text":"
                python3 manage.py createsuperuser\n
                "},{"location":"develop/server/#start-seahub_1","title":"Start seahub","text":"
                python3 manage.py runserver 0.0.0.0:8000\n

                Then, you can visit http://127.0.0.1:8000/ to use Seafile.

                "},{"location":"develop/server/#the-final-directory-structure","title":"The Final Directory Structure","text":""},{"location":"develop/server/#more","title":"More","text":""},{"location":"develop/server/#deploy-frontend-development-environment","title":"Deploy Frontend Development Environment","text":"

                For deploying frontend development enviroment, you need:

                1, checkout seahub to master branch

                cd /root/dev/source-code/seahub\n\ngit fetch origin master:master\ngit checkout master\n

                2, add the following configration to /root/dev/conf/seahub_settings.py

                import os\nPROJECT_ROOT = '/root/dev/source-code/seahub'\nWEBPACK_LOADER = {\n    'DEFAULT': {\n        'BUNDLE_DIR_NAME': 'frontend/',\n        'STATS_FILE': os.path.join(PROJECT_ROOT,\n                                   'frontend/webpack-stats.dev.json'),\n    }\n}\nDEBUG = True\n

                3, install js modules

                cd /root/dev/source-code/seahub/frontend\n\nnpm install\n

                4, npm run dev

                cd /root/dev/source-code/seahub/frontend\n\nnpm run dev\n

                5, start seaf-server and seahub

                "},{"location":"develop/translation/","title":"Translation","text":""},{"location":"develop/translation/#seahub-seafile-server-71-and-above","title":"Seahub (Seafile Server 7.1 and above)","text":""},{"location":"develop/translation/#translate-and-try-locally","title":"Translate and try locally","text":"

                1. Locate the translation files in the seafile-server-latest/seahub directory:

                • For Seahub (except Markdown editor): /locale/<lang-code>/LC_MESSAGES/django.po\u00a0 and \u00a0/locale/<lang-code>/LC_MESSAGES/djangojs.po
                • For Markdown editor: /media/locales/<lang-code>/seafile-editor.json

                For example, if you want to improve the Russian translation, find the corresponding strings to be edited in either of the following three files:

                • /seafile-server-latest/seahub/locale/ru/LC_MESSAGES/django.po
                • /seafile-server-latest/seahub/locale/ru/LC_MESSAGES/djangojs.po
                • /seafile-server-latest/seahub/media/locales/ru/seafile-editor.json

                If there is no translation for your language, create a new folder matching your language code and copy-paste the contents of another language folder in your newly created one. (Don't copy from the 'en' folder because the files therein do not contain the strings to be translated.)

                2. Edit the files using an UTF-8 editor.

                3. Save your changes.

                4. (Only necessary when you created a new language code folder) Add a new entry for your language to the language block in the /seafile-server-latest/seahub/seahub/settings.py file and save it. 

                LANGUAGES = (\n    ...\n    ('ru', '\u0420\u0443\u0441\u0441\u043a\u0438\u0439'),\n    ...\n)\n

                5. (Only necessary when you edited either django.po or djangojs.po) Apply the changes made in django.po and djangojs.po by running the following two commands in /seafile-server-latest/seahub/locale/<lang-code>/LC_MESSAGES:

                • msgfmt -o django.mo django.po
                • msgfmt -o djangojs.mo djangojs.po

                Note: msgfmt is included in the gettext package.

                Additionally, run the following two commands in the seafile-server-latest directory:

                • ./seahub.sh python-env python3 seahub/manage.py compilejsi18n -l <lang-code>
                • ./seahub.sh python-env python3 seahub/manage.py collectstatic --noinput -i admin -i termsandconditions --no-post-process

                6. Restart Seahub to load changes made in django.po and djangojs.po; reload the Markdown editor to check your modifications in the seafile-editor.json file.

                "},{"location":"develop/translation/#submit-your-translation","title":"Submit your translation","text":"

                Please submit translations via Transifex: https://www.transifex.com/projects/p/seahub/

                Steps:

                1. Create a free account on Transifex (https://www.transifex.com/).
                2. Send a request to join the language translation.
                3. After accepted by the project maintainer, then you can upload your file or translate online.
                "},{"location":"develop/translation/#faq","title":"FAQ","text":""},{"location":"develop/translation/#filenotfounderror","title":"FileNotFoundError","text":"

                FileNotFoundError occurred when executing the command manage.py collectstatic.

                FileNotFoundError: [Errno 2] No such file or directory: '/opt/seafile/seafile-server-latest/seahub/frontend/build'\n

                Steps:

                1. Modify STATICFILES_DIRS in /opt/seafile/seafile-server-latest/seahub/seahub/settings.py manually

                  STATICFILES_DIRS = (\n    # Put strings here, like \"/home/html/static\" or \"C:/www/django/static\".\n    # Always use forward slashes, even on Windows.\n    # Don't forget to use absolute paths, not relative paths.\n    '%s/static' % PROJECT_ROOT,\n#    '%s/frontend/build' % PROJECT_ROOT,\n)\n

                2. Execute the command

                  ./seahub.sh python-env python3 seahub/manage.py collectstatic --noinput -i admin -i termsandconditions --no-post-process\n

                3. Restore STATICFILES_DIRS manually

                  ```python STATICFILES_DIRS = ( # Put strings here, like \"/home/html/static\" or \"C:/www/django/static\". # Always use forward slashes, even on Windows. # Don't forget to use absolute paths, not relative paths. '%s/static' % PROJECT_ROOT, '%s/frontend/build' % PROJECT_ROOT, )

                4. Restart Seahub

                  ./seahub.sh restart\n

                This issue has been fixed since version 11.0

                "},{"location":"develop/web_api_v2.1/","title":"Web API","text":""},{"location":"develop/web_api_v2.1/#seafile-web-api","title":"Seafile Web API","text":"

                The API document can be accessed in the following location:

                • https://seafile-api.readme.io/ (New)
                • https://download.seafile.com/published/web-api/home.md (Old)
                "},{"location":"develop/web_api_v2.1/#admin-only","title":"Admin Only","text":"

                The Admin API document can be accessed in the following location:

                • https://seafile-api.readme.io/ (New)
                "},{"location":"develop/windows/","title":"Windows","text":""},{"location":"develop/windows/#environment-setup","title":"Environment Setup","text":"

                The following setups are required for building and packaging Sync Client on Windows:

                • Visual Studio 2019
                  • Desktop development with C++
                    • MSVC v142
                    • Windows 10 SDK (10.0.19041.0) (installed by default, not used)
                    • Windows 10 SDK (10.0.18362.0)
                  • Universal Windows Platform development
                    • Windows 10 SDK (10.0.18362.0)
                • Qt 6.5
                  • MSVC 2019 64-bit
                  • Qt 5 Compatibility Module
                  • Qt Positioning
                  • Qt Serial Port
                  • Qt WebChannel
                  • Qt WebEngine
                • Qt VS Tools

                • vcpkg

                  • curl[openssl]:x64-windows
                  • getopt:x64-windows
                  • glib:x64-windows
                  • jansson:x64-windows
                  • libevent:x64-windows
                  • libwebsockets:x64-windows
                  • openssl:x64-windows
                  • pthreads:x64-windows
                  • sqlite3:x64-windows
                  • zlib:x64-windows
                  • argon2:x64-windows
                    # Example of the install command:\n$ ./vcpkg.exe install curl[core,openssl]:x64-windows\n

                • Python 3.7

                • wix
                  • install to C:\\wix
                • Paraffin
                  • copy Paraffin.exe to C:\\wix\\bin
                • Breakpad

                • Certificates

                  • install to C:\\certs

                  Note: certificates for Windows application are issued by third-party certificate authority.

                "},{"location":"develop/windows/#breakpad","title":"Breakpad","text":"

                Support for Breakpad can be added by running following steps:

                • install gyp tool

                  $ git clone --depth=1 git@github.com:chromium/gyp.git\n$ python setup.py install\n

                • compile breakpad

                  $ git clone --depth=1 git@github.com:google/breakpad.git\n$ cd breakpad\n$ git clone https://github.com/google/googletest.git testing\n$ cd ..\n# create vs solution, this may throw an error \"module collections.abc has no attribute OrderedDict\", you should open the msvs.py and replace 'collections.abc' with 'collections'.\n$ gyp \u2013-no-circular-check breakpad\\src\\client\\windows\\breakpad_client.gyp\n
                  • open breakpad_client.sln and configure C++ Language Standard to C++17 and C/C++ ---> Code Generation ---> Runtime Library to Multi-threaded DLL (/MD)
                  • build breakpad

                • compile dump_syms tool

                  create vs solution

                  gyp \u2013-no-circular-check breakpad\\src\\tools\\windows\\tools_windows.gyp\n
                  • open tools_windows.sln and build tools_windows
                  • Insert #include in the source file about unique_ptr compilation error and recompile.
                  • build dump_syms
                  • Copy C:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\Community\\Common7\\IDE\\Remote Debugger\\x64\\msdia140.dll to breakpad\\src\\tools\\windows\\Release.

                • copy VC merge modules

                  copy C:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\Community\\VC\\Redist\\MSVC\\v142\\MergeModules\\MergeModules\\Microsoft_VC142_CRT_x64.msm C:\\packagelib\n
                "},{"location":"develop/windows/#building-sync-client","title":"Building Sync Client","text":"

                Following directory structures are expected when building Sync Client:

                seafile-workspace/\nseafile-workspace/libsearpc/\nseafile-workspace/seafile/\nseafile-workspace/seafile-client/\nseafile-workspace/seafile-shell-ext/\n

                The source code of these projects can be downloaded at github.com/haiwen/libsearpc, github.com/haiwen/seafile, github.com/haiwen/seafile-client, and github.com/haiwen/seafile-shell-ext.

                "},{"location":"develop/windows/#building","title":"Building","text":"

                Note: the building commands have been included in the packaging script, you can skip building commands while packaging.

                To build libsearpc:

                $ cd seafile-workspace/libsearpc/\n$ devenv libsearpc.sln /build \"Release|x64\"\n

                To build seafile

                $ cd seafile-workspace/seafile/\n$ devenv seafile.sln /build \"Release|x64\"\n$ devenv msi/custom/seafile_custom.sln /build \"Release|x64\"\n

                To build seafile-client

                $ cd seafile-workspace/seafile-client/\n$ devenv third_party/quazip/quazip.sln /build \"Release|x64\"\n$ devenv seafile-client.sln /build \"Release|x64\"\n

                To build seafile-shell-ext

                $ cd seafile-workspace/seafile-shell-ext/\n$ devenv extensions/seafile_ext.sln /build \"Release|x64\"\n$ devenv seadrive-thumbnail-ext/seadrive_thumbnail_ext.sln /build \"Release|x64\"\n
                "},{"location":"develop/windows/#packaging","title":"Packaging","text":"
                1. Update the CERTFILE configure in seafile-workspace/seafile/scripts/build/build-msi-vs.py .
                2. Run commands:
                  $ cd seafile-workspace/seafile-client/third_party/quazip\n$ devenv quazip.sln /build Release|x64\n$ cd seafile-workspace/seafile/scripts/build\n$ python build-msi-vs.py 1.0.0\n
                "},{"location":"extension/distributed_indexing/","title":"Distributed indexing","text":"

                If you use a cluster to deploy Seafile, you can use distributed indexing to realize real-time indexing and improve indexing efficiency. The indexing process is as follows:

                "},{"location":"extension/distributed_indexing/#install-redis-and-modify-configuration-files","title":"Install redis and modify configuration files","text":""},{"location":"extension/distributed_indexing/#1-install-redis-on-all-frontend-nodes","title":"1. Install redis on all frontend nodes","text":"

                Tip

                If you use redis cloud service, skip this step and modify the configuration files directly

                UbuntuCentOS 
                $ apt install redis-server\n
                $ yum install redis\n
                "},{"location":"extension/distributed_indexing/#2-install-python-redis-third-party-package-on-all-frontend-nodes","title":"2. Install python redis third-party package on all frontend nodes","text":"
                $ pip install redis\n
                "},{"location":"extension/distributed_indexing/#3-modify-the-seafeventsconf-on-all-frontend-nodes","title":"3. Modify the seafevents.conf on all frontend nodes","text":"

                Add the following config items

                [EVENTS PUBLISH]\nmq_type=redis   # must be redis\nenabled=true\n\n[REDIS]\nserver=127.0.0.1   # your redis server host\nport=6379          # your redis server port\npassword=xxx       # your redis server password, if not password, do not set this item\n
                "},{"location":"extension/distributed_indexing/#4-modify-the-seafeventsconf-on-the-backend-node","title":"4. Modify the seafevents.conf on the backend node","text":"

                Disable the scheduled indexing task, because the scheduled indexing task and the distributed indexing task conflict.

                [INDEX FILES]\nenabled=true\n     |\n     V\nenabled=false   \n
                "},{"location":"extension/distributed_indexing/#5-restart-seafile","title":"5. Restart Seafile","text":"Deploy in DockerDeploy from binary packages 
                docker exec -it seafile bash\ncd /scripts\n./seafile.sh restart && ./seahub.sh restart\n
                cd /opt/seafile/seafile-server-latest\n./seafile.sh restart && ./seahub.sh restart\n
                "},{"location":"extension/distributed_indexing/#deploy-distributed-indexing","title":"Deploy distributed indexing","text":"

                First, prepare a seafes master node and several seafes slave nodes, the number of slave nodes depends on your needs. Deploy Seafile on these nodes, and copy the configuration files in the conf directory from the frontend nodes. The master node and slave nodes do not need to start Seafile, but need to read the configuration files to obtain the necessary information.

                Next, create a configuration file index-master.conf in the conf directory of the master node, e.g.

                [DEFAULT]\nmq_type=redis   # must be redis\n\n[REDIS]\nserver=127.0.0.1   # your redis server host\nport=6379          # your redis server port\npassword=xxx       # your redis server password, if not password, do not set this item\n

                Execute ./run_index_master.sh [start/stop/restart] in the seafile-server-last directory (or /scripts inner the Seafile-docker container) to control the program to start, stop and restart.

                Next, create a configuration file index-slave.conf in the conf directory of all slave nodes, e.g.

                [DEFAULT]\nmq_type=redis     # must be redis\nindex_workers=2   # number of threads to create/update indexes, you can increase this value according to your needs\n\n[REDIS]\nserver=127.0.0.1   # your redis server host\nport=6379          # your redis server port\npassword=xxx       # your redis server password, if not password, do not set this item\n

                Execute ./run_index_worker.sh [start/stop/restart] in the seafile-server-last directory (or /scripts inner the Seafile-docker container) to control the program to start, stop and restart.

                Note

                The index worker connects to backend storage directly. You don't need to run seaf-server in index worker node.

                "},{"location":"extension/distributed_indexing/#some-commands-in-distributed-indexing","title":"Some commands in distributed indexing","text":"

                Rebuild search index, execute in the seafile-server-last directory (or /scripts inner the Seafile-docker container):

                $ ./pro/pro.py search --clear\n$ ./run_index_master.sh python-env index_op.py --mode resotre_all_repo\n

                List the number of indexing tasks currently remaining, execute in the seafile-server-last directory (or /scripts inner the Seafile-docker container):

                $ ./run_index_master.sh python-env index_op.py --mode show_all_task\n

                The above commands need to be run on the master node.

                "},{"location":"extension/fuse/","title":"FUSE extension","text":"

                Files in the seafile system are split to blocks, which means what are stored on your seafile server are not complete files, but blocks. This design faciliates effective data deduplication.

                However, administrators sometimes want to access the files directly on the server. You can use seaf-fuse to do this.

                Seaf-fuse is an implementation of the FUSE virtual filesystem. In a word, it mounts all the seafile files to a folder (which is called the '''mount point'''), so that you can access all the files managed by seafile server, just as you access a normal folder on your server.

                Note

                • Encrypted folders can't be accessed by seaf-fuse.
                • Currently the implementation is '''read-only''', which means you can't modify the files through the mounted folder.
                • One debian/centos systems, you need to be in the \"fuse\" group to have the permission to mount a FUSE folder.
                "},{"location":"extension/fuse/#use-seaf-fuse-in-binary-based-deployment","title":"Use seaf-fuse in binary based deployment","text":"

                Assume we want to mount to /data/seafile-fuse.

                "},{"location":"extension/fuse/#create-the-folder-as-the-mount-point","title":"Create the folder as the mount point","text":"
                mkdir -p /data/seafile-fuse\n
                "},{"location":"extension/fuse/#start-seaf-fuse-with-the-script","title":"Start seaf-fuse with the script","text":"

                Before start seaf-fuse, you should have started seafile server with ./seafile.sh start

                ./seaf-fuse.sh start /data/seafile-fuse\n

                seaf-fuse supports standard mount options for FUSE. For example, you can specify ownership for the mounted folder:

                ./seaf-fuse.sh start -o uid=<uid> /data/seafile-fuse\n

                The fuse enables the block cache function by default to cache block objects, thereby reducing access to backend storage, but this function will occupy local disk space. Since Seafile-pro-10.0.0, you can disable block cache by adding following options:

                ./seaf-fuse.sh start --disable-block-cache /data/seafile-fuse\n

                You can find the complete list of supported options in man fuse.

                "},{"location":"extension/fuse/#stop-seaf-fuse","title":"Stop seaf-fuse","text":"
                ./seaf-fuse.sh stop\n
                "},{"location":"extension/fuse/#contents-of-the-mounted-folder","title":"Contents of the mounted folder","text":""},{"location":"extension/fuse/#the-top-level-folder","title":"The top level folder","text":"

                Now you can list the content of /data/seafile-fuse.

                $ ls -lhp /data/seafile-fuse\n\ndrwxr-xr-x 2 root root 4.0K Jan  1  2015 abc@abc.com/\ndrwxr-xr-x 2 root root 4.0K Jan  4  2015 foo@foo.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  2015 plus@plus.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  2015 sharp@sharp.com/\ndrwxr-xr-x 2 root root 4.0K Jan  3  2015 test@test.com/\n
                • The top level folder contains many subfolders, each of which corresponds to a user
                "},{"location":"extension/fuse/#the-folder-for-each-user","title":"The folder for each user","text":"
                $ ls -lhp /data/seafile-fuse/abc@abc.com\n\ndrwxr-xr-x 2 root root  924 Jan  1  1970 5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/\ndrwxr-xr-x 2 root root 1.6K Jan  1  1970 a09ab9fc-7bd0-49f1-929d-6abeb8491397_My Notes/\n

                From the above list you can see, under the folder of a user there are subfolders, each of which represents a library of that user, and has a name of this format: '''{library_id}-{library-name}'''.

                "},{"location":"extension/fuse/#the-folder-for-a-library","title":"The folder for a library","text":"
                $ ls -lhp /data/seafile-fuse/abc@abc.com/5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/\n\n-rw-r--r-- 1 root root 501K Jan  1  2015 image.png\n-rw-r--r-- 1 root root 501K Jan  1  2015 sample.jpng\n
                "},{"location":"extension/fuse/#if-you-get-a-permission-denied-error","title":"If you get a \"Permission denied\" error","text":"

                If you get an error message saying \"Permission denied\" when running ./seaf-fuse.sh start, most likely you are not in the \"fuse group\". You should:

                • Add yourself to the fuse group 

                  sudo usermod -a -G fuse <your-user-name>\n

                • Logout your shell and login again

                • Now try ./seaf-fuse.sh start <path>again.
                "},{"location":"extension/fuse/#use-seaf-fuse-in-docker-based-deployment","title":"Use seaf-fuse in Docker based deployment","text":"

                Assume we want to mount to /data/seafile-fuse in host.

                "},{"location":"extension/fuse/#modify-docker-composeyml","title":"Modify docker-compose.yml","text":"

                Add the following content

                  seafile:\n    ...\n    volumes:\n      ...\n      - type: bind\n        source: /data/seafile-fuse\n        target: /seafile-fuse\n        bind:\n          propagation: rshared\n    privileged: true\n    cap_add:\n      - SYS_ADMIN\n
                "},{"location":"extension/fuse/#start-seaf-fuse-with-the-script-in-docker","title":"Start seaf-fuse with the script in docker","text":"

                Start Seafile server and enter the container

                docker compose up -d\n\ndocker exec -it seafile bash\n

                Start seaf-fuse in the container

                cd /opt/seafile/seafile-server-latest/\n\n./seaf-fuse.sh start /seafile-fuse\n
                "},{"location":"extension/libreoffice_online/","title":"Integrate Seafile with Collabora Online (LibreOffice Online)","text":"

                Since Seafile Professional edition 6.0.0, you can integrate Seafile with Collabora Online to preview office files.

                "},{"location":"extension/libreoffice_online/#setup-collaboraonline","title":"Setup CollaboraOnline","text":"

                Deployment Tips

                From Seafile 12.0, Seafile support integrating CollaboraOnline server on the same host (only support deploying with Docker with sufficient cores and RAM), as you can follow the steps in this manual.

                Otherwise, you can follow the official document to deploy CollaboraOnline server on a separate host. Then you should follow here to configurate seahub_settings.py to enable online office.

                Download the collabora.yml

                wget https://manual.seafile.com/12.0/docker/pro/collabora.yml\n

                Insert collabora.yml to field COMPOSE_FILE lists (i.e., COMPOSE_FILE='...,collabora.yml') and add the relative options in .env

                COLLABORA_IMAGE=collabora/code:24.04.5.1.1 # image of LibreOffice\nCOLLABORA_PORT=6232 # expose port\nCOLLABORA_USERNAME=<your LibreOffice admin username>\nCOLLABORA_PASSWORD=<your LibreOffice admin password>\nCOLLABORA_ENABLE_ADMIN_CONSOLE=true # enable admin console or not\nCOLLABORA_REMOTE_FONT= # remote font url\nCOLLABORA_ENABLE_FILE_LOGGING=false # use file logs or not, see FQA\n
                "},{"location":"extension/libreoffice_online/#config-seafile","title":"Config Seafile","text":"

                Add following config option to seahub_settings.py:

                OFFICE_SERVER_TYPE = 'CollaboraOffice'\nENABLE_OFFICE_WEB_APP = True\nOFFICE_WEB_APP_BASE_URL = 'http{s}://seafile.example.com:6232/hosting/discovery'\n\n# Expiration of WOPI access token\n# WOPI access token is a string used by Seafile to determine the file's\n# identity and permissions when use LibreOffice Online view it online\n# And for security reason, this token should expire after a set time period\nWOPI_ACCESS_TOKEN_EXPIRATION = 30 * 60   # seconds\n\n# List of file formats that you want to view through LibreOffice Online\n# You can change this value according to your preferences\n# And of course you should make sure your LibreOffice Online supports to preview\n# the files with the specified extensions\nOFFICE_WEB_APP_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx')\n\n# Enable edit files through LibreOffice Online\nENABLE_OFFICE_WEB_APP_EDIT = True\n\n# types of files should be editable through LibreOffice Online\nOFFICE_WEB_APP_EDIT_FILE_EXTENSION = ('odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx')\n

                Then restart Seafile.

                Click an office file in Seafile web interface, you will see the online preview rendered by CollaboraOnline. Here is an example:

                "},{"location":"extension/libreoffice_online/#trouble-shooting","title":"Trouble shooting","text":"

                Understanding how the integration work will help you debug the problem. When a user visits a file page:

                1. (seahub->browser) Seahub will generate a page containing an iframe and send it to the browser
                2. (browser->CollaboraOnline) With the iframe, the browser will try to load the file preview page from the CollaboraOnline
                3. (CollaboraOnline->seahub) CollaboraOnline receives the request and sends a request to Seahub to get the file content
                4. (CollaboraOnline->browser) CollaboraOnline sends the file preview page to the browser.
                "},{"location":"extension/libreoffice_online/#faq","title":"FAQ","text":""},{"location":"extension/libreoffice_online/#about-logs","title":"About logs","text":"

                CollaboraOnline container will output the logs in the stdout, you can use following command to access it

                docker logs seafile-collabora\n

                If you would like to use file to save log (i.e., a .log file), you can modify .env with following statment, and remove the notes in the collabora.yml

                # .env\nCOLLABORA_ENABLE_FILE_LOGGING=True\nCOLLABORA_PATH=/opt/collabora # path of the collabora logs\n
                # collabora.yml\n# remove the following notes\n...\nservices:\n    collabora:\n        ...\n        volumes:\n            - \"${COLLABORA_PATH:-/opt/collabora}/logs:/opt/cool/logs/\" # chmod 777 needed\n        ...\n...\n

                Create the logs directory, and restart Seafile server

                mkdir -p /opt/collabora\nchmod 777 /opt/collabora\ndocker compose down\ndocker compose up -d\n
                "},{"location":"extension/libreoffice_online/#collaboraonline-server-on-a-separate-host","title":"CollaboraOnline server on a separate host","text":"

                If your CollaboraOnline server on a separate host, you just need to modify the seahub_settings.py similar to deploy on the same host. The only different is you have to change the field OFFICE_WEB_APP_BASE_URL to your CollaboraOnline host (e.g., https://collabora-online.seafile.com/hosting/discovery).

                "},{"location":"extension/notification-server/","title":"Notification Server Overview","text":"

                Currently, the status updates of files and libraries on the client and web interface are based on polling the server. The latest status cannot be reflected in real time on the client due to polling delays. The client needs to periodically refresh the library modification, file locking, subdirectory permissions and other information, which causes additional performance overhead to the server.

                When a directory is opened on the web interface, the lock status of the file cannot be updated in real time, and the page needs to be refreshed.

                The notification server uses websocket protocol and maintains a two-way communication connection with the client or the web interface. When the above changes occur, seaf-server will notify the notification server of the changes. Then the notification server can notify the client or the web interface in real time. This not only improves the real-time performance, but also reduces the performance overhead of the server.

                The notification server cannot work if you config Seafile server with SQLite database

                "},{"location":"extension/notification-server/#supported-update-reminder-types","title":"Supported update reminder types","text":"
                1. The library has been updated.
                2. File lock status changes under the library.
                3. Directory permission changes under the library.
                "},{"location":"extension/notification-server/#how-to-configure-and-run","title":"How to configure and run","text":"

                Since seafile-10.0.0, you can configure a notification server to send real-time notifications to clients. In order to run the notification server, you need to add the following configurations under seafile.conf\uff1a

                # jwt_private_key are required.You should generate it manually.\n[notification]\nenabled = true\n# the ip of notification server. (Do not modify the host when using Nginx or Apache, as Nginx or Apache will proxy the requests to this address)\nhost = 127.0.0.1\n# the port of notification server\nport = 8083\n# the log level of notification server\n# You can set log_level to debug to print messages sent to clients.\nlog_level = info\n# jwt_private_key is used to generate jwt token and authenticate seafile server\njwt_private_key = M@O8VWUb81YvmtWLHGB2I_V7di5-@0p(MF*GrE!sIws23F\n

                You can generate jwt_private_key with the following command\uff1a

                # generate jwt_private_key\nopenssl rand -base64 32\n

                We generally recommend deploying notification server behind nginx, the notification server can be supported by adding the following nginx configuration:

                map $http_upgrade $connection_upgrade {\ndefault upgrade;\n'' close;\n}\n\nserver {\n    location /notification/ping {\n        proxy_pass http://127.0.0.1:8083/ping;\n        access_log      /var/log/nginx/notif.access.log;\n        error_log       /var/log/nginx/notif.error.log;\n    }\n\n    location /notification {\n        proxy_pass http://127.0.0.1:8083/;\n        proxy_http_version 1.1;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection $connection_upgrade;\n        access_log      /var/log/nginx/notif.access.log;\n        error_log       /var/log/nginx/notif.error.log;\n    }\n}\n

                Or add the configuration for Apache:

                    ProxyPass /notification/ping  http://127.0.0.1:8083/ping/\n    ProxyPassReverse /notification/ping  http://127.0.0.1:8083/ping/\n\n    ProxyPass /notification  ws://127.0.0.1:8083/\n    ProxyPassReverse /notification ws://127.0.0.1:8083/\n

                According to apache ProxyPass document:

                The configured ProxyPass and ProxyPassMatch rules are checked in the order of configuration. The first rule that matches wins. So usually you should sort conflicting ProxyPass rules starting with the longest URLs first. Otherwise, later rules for longer URLS will be hidden by any earlier rule which uses a leading substring of the URL. Note that there is some relation with worker sharing.

                the final configuration for Apache should be like:

                    #\n    # notification server\n    #\n    ProxyPass /notification/ping  http://127.0.0.1:8083/ping/\n    ProxyPassReverse /notification/ping  http://127.0.0.1:8083/ping/\n\n    ProxyPass /notification  ws://127.0.0.1:8083/\n    ProxyPassReverse /notification ws://127.0.0.1:8083/\n\n    #\n    # seafile fileserver\n    #\n    ProxyPass /seafhttp http://127.0.0.1:8082\n    ProxyPassReverse /seafhttp http://127.0.0.1:8082\n    RewriteRule ^/seafhttp - [QSA,L]\n\n    #\n    # seahub\n    #\n    SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n    ProxyPreserveHost On\n    ProxyPass / http://127.0.0.1:8000/\n    ProxyPassReverse / http://127.0.0.1:8000/\n

                After that, you can run notification server with the following command:

                ./seafile.sh restart\n
                "},{"location":"extension/notification-server/#checking-notification-server-status","title":"Checking notification server status","text":"

                When the notification server is working, you can access http://127.0.0.1:8083/ping from your browser, which will answer {\"ret\": \"pong\"}. If you have a proxy configured, you can access https://{server}/notification/ping from your browser instead.

                "},{"location":"extension/notification-server/#compatible-client","title":"Compatible client","text":"
                1. Seadrive 3.0.1 or later.
                2. Seafile client 8.0.11 or later.

                If the client works with notification server, there should be a log message in seafile.log or seadrive.log.

                Notification server is enabled on the remote server xxxx\n
                "},{"location":"extension/notification-server/#notification-server-in-seafile-cluster","title":"Notification Server in Seafile cluster","text":"

                There is no additional features for notification server in the Pro Edition. It works the same as in community edition.

                If you enable clustering, You need to deploy notification server on one of the servers, or a separate server. The load balancer should forward websockets requests to this node.

                On each Seafile frontend node, the notification server configuration should be the same as in community edition:

                [notification]\nenabled = true\n# the ip of notification server.\nhost = 192.168.1.134\n# the port of notification server\nport = 8083\n# the log level of notification server\nlog_level = info\n# jwt_private_key is used to generate jwt token and authenticate seafile server\njwt_private_key = M@O8VWUb81YvmtWLHGB2I_V7di5-@0p(MF*GrE!sIws23F\n

                You need to configure load balancer according to the following forwarding rules:

                1. Forward /notification/ping requests to notification server via http protocol.
                2. Forward websockets requests with URL prefix /notification to notification server.

                Here is a configuration that uses haproxy to support notification server. Haproxy version needs to be >= 2.0. You should use similar configurations for other load balancers.

                #/etc/haproxy/haproxy.cfg\n\n# Other existing haproxy configurations\n......\n\nfrontend seafile\n    bind 0.0.0.0:80\n    mode http\n    option httplog\n    option dontlognull\n    option forwardfor\n    acl notif_ping_request  url_sub -i /notification/ping\n    acl ws_requests  url -i /notification\n    acl hdr_connection_upgrade hdr(Connection)  -i upgrade\n    acl hdr_upgrade_websocket  hdr(Upgrade)     -i websocket\n    use_backend ws_backend if hdr_connection_upgrade hdr_upgrade_websocket\n    use_backend notif_ping_backend if notif_ping_request\n    use_backend ws_backend if ws_requests\n    default_backend backup_nodes\n\nbackend backup_nodes\n    cookie SERVERID insert indirect nocache\n    server seafileserver01 192.168.0.137:80\n\nbackend notif_ping_backend\n    option forwardfor\n    server ws 192.168.0.137:8083\n\nbackend ws_backend\n    option forwardfor # This sets X-Forwarded-For\n    server ws 192.168.0.137:8083\n
                "},{"location":"extension/office_web_app/","title":"Office Online Server","text":"

                In Seafile Professional Server Version 4.4.0 (or above), you can use Microsoft Office Online Server (formerly named Office Web Apps) to preview documents online. Office Online Server provides the best preview for all Office format files. It also support collaborative editing of Office files directly in the web browser. For organizations with Microsoft Office Volume License, it's free to use Office Online Server. For more information about Office Online Server and how to deploy it, please refer to https://technet.microsoft.com/en-us/library/jj219455(v=office.16).aspx.

                Seafile only supports Office Online Server 2016 and above

                To use Office Online Server for preview, please add following config option to seahub_settings.py.

                # Enable Office Online Server\nENABLE_OFFICE_WEB_APP = True\n\n# Url of Office Online Server's discovery page\n# The discovery page tells Seafile how to interact with Office Online Server when view file online\n# You should change `http://example.office-web-app.com` to your actual Office Online Server server address\nOFFICE_WEB_APP_BASE_URL = 'http://example.office-web-app.com/hosting/discovery'\n\n# Expiration of WOPI access token\n# WOPI access token is a string used by Seafile to determine the file's\n# identity and permissions when use Office Online Server view it online\n# And for security reason, this token should expire after a set time period\nWOPI_ACCESS_TOKEN_EXPIRATION = 60 * 60 * 24 # seconds\n\n# List of file formats that you want to view through Office Online Server\n# You can change this value according to your preferences\n# And of course you should make sure your Office Online Server supports to preview\n# the files with the specified extensions\nOFFICE_WEB_APP_FILE_EXTENSION = ('ods', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt',\n    'pptm', 'pptx', 'doc', 'docm', 'docx')\n\n# Enable edit files through Office Online Server\nENABLE_OFFICE_WEB_APP_EDIT = True\n\n# types of files should be editable through Office Online Server\n# Note, Office Online Server 2016 is needed for editing docx\nOFFICE_WEB_APP_EDIT_FILE_EXTENSION = ('xlsx', 'pptx', 'docx')\n\n\n# HTTPS authentication related (optional)\n\n# Server certificates\n# Path to a CA_BUNDLE file or directory with certificates of trusted CAs\n# NOTE: If set this setting to a directory, the directory must have been processed using the c_rehash utility supplied with OpenSSL.\nOFFICE_WEB_APP_SERVER_CA = '/path/to/certfile'\n\n\n# Client certificates\n# You can specify a single file (containing the private key and the certificate) to use as client side certificate\nOFFICE_WEB_APP_CLIENT_PEM = 'path/to/client.pem'\n\n# or you can specify these two file path to use as client side certificate\nOFFICE_WEB_APP_CLIENT_CERT = 'path/to/client.cert'\nOFFICE_WEB_APP_CLIENT_KEY = 'path/to/client.key'\n

                Then restart

                ./seafile.sh restart\n./seahub.sh restart\n

                After you click the document you specified in seahub_settings.py, you will see the new preview page.

                "},{"location":"extension/office_web_app/#trouble-shooting","title":"Trouble shooting","text":"

                Understanding how the web app integration works is going to help you debugging the problem. When a user visits a file page:

                1. (seahub->browser) Seahub will generate a page containing an iframe and send it to the browser
                2. (browser->office online server) With the iframe, the browser will try to load the file preview page from the office online server
                3. (office online server->seahub) office online server receives the request and sends a request to Seahub to get the file content
                4. (office online server->browser) office online server sends the file preview page to the browser.

                Please check the Nginx log for Seahub (for step 3) and Office Online Server to see which step is wrong.

                Warning

                You should make sure you have configured at least a few GB of paging files in your Windows system. Otherwise the IIS worker processes may die randomly when handling Office Online requests.

                "},{"location":"extension/only_office/","title":"OnlyOffice","text":"

                From version 6.1.0+ on (including CE), Seafile supports OnlyOffice to view/edit office files online. In order to use OnlyOffice, you must first deploy an OnlyOffice server.

                Deployment Tips

                You can deploy OnlyOffice to the same machine as Seafile (only support deploying with Docker with sufficient cores and RAM) using the onlyoffice.yml provided by Seafile according to this document, or you can deploy it to a different machine according to OnlyOffice official document.

                "},{"location":"extension/only_office/#generate-jwt-token-shared-secret","title":"Generate JWT-Token (shared secret)","text":"

                From Seafile 12.0, OnlyOffice's JWT verification will be forced to enable

                Secure communication between Seafile and OnlyOffice is granted by a shared secret. You can get the JWT secret by following command

                pwgen -s 40 1\n
                "},{"location":"extension/only_office/#deployment-of-onlyoffice","title":"Deployment of OnlyOffice","text":"

                Download the onlyoffice.yml

                wget https://manual.seafile.com/12.0/docker/onlyoffice.yml\n

                insert onlyoffice.yml into COMPOSE_FILE list (i.e., COMPOSE_FILE='...,onlyoffice.yml'), and add the following configurations of onlyoffice in .env file.

                # OnlyOffice image\nONLYOFFICE_IMAGE=onlyoffice/documentserver:8.1.0.1\n\n# Persistent storage directory of OnlyOffice\nONLYOFFICE_VOLUME=/opt/onlyoffice\n\n# OnlyOffice document server port\nONLYOFFICE_PORT=6233\n\n# jwt secret, generated by `pwgen -s 40 1` \nONLYOFFICE_JWT_SECRET=<your jwt secret>\n

                Also modify seahub_settings.py

                ENABLE_ONLYOFFICE = True\nONLYOFFICE_APIJS_URL = 'https://seafile.example.com:6233/web-apps/apps/api/documents/api.js'\nONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')\nONLYOFFICE_JWT_SECRET = '<your jwt secret>'\n

                By default OnlyOffice will use port 6233 used for communication between Seafile and Document Server, You can modify the bound port by specifying ONLYOFFICE_PORT, and port in the term ONLYOFFICE_APIJS_URL in seahub_settings.py has been modified together.

                "},{"location":"extension/only_office/#advanced-custom-settings-of-onlyoffice","title":"Advanced: Custom settings of OnlyOffice","text":"

                The following configuration options are only for OnlyOffice experts. You can create and mount a custom configuration file called local-production-linux.json to force some settings.

                nano local-production-linux.json\n

                For example, you can configure OnlyOffice to automatically save by copying the following code block in this file:

                {\n  \"services\": {\n    \"CoAuthoring\": {\n      \"autoAssembly\": {\n        \"enable\": true,\n        \"interval\": \"5m\"\n      }\n    }\n  },\n  \"FileConverter\": {\n    \"converter\": {\n      \"downloadAttemptMaxCount\": 3\n    }\n  }\n}\n

                Mount this config file into your onlyoffice block in onlyoffice.yml:

                service:\n  ...\n  onlyoffice:\n    ...\n    volumes:\n      ...\n      - <Your path to local-production-linux.json>:/etc/onlyoffice/documentserver/local-production-linux.json\n...\n

                For more information you can check the official documentation: https://api.onlyoffice.com/editors/signature/ and https://github.com/ONLYOFFICE/Docker-DocumentServer#available-configuration-parameters

                "},{"location":"extension/only_office/#restart-seafile-docker-instance-and-test-that-onlyoffice-is-running","title":"Restart Seafile-docker instance and test that OnlyOffice is running","text":"
                docker-compose down\ndocker-compose up -d\n

                After the installation process is finished, visit this page to make sure you have deployed OnlyOffice successfully: http{s}://{your Seafile server's domain or IP}:6233/welcome, you will get Document Server is running info at this page.

                "},{"location":"extension/only_office/#faq","title":"FAQ","text":""},{"location":"extension/only_office/#download-failed","title":"Download failed","text":"

                Firstly, run docker logs -f seafile-onlyoffice, then open an office file. After the \"Download failed.\" error appears on the page, observe the logs for the following error:

                ==> /var/log/onlyoffice/documentserver/converter/out.log <==\n...\nError: DNS lookup {local IP} (family:undefined, host:undefined) is not allowed. Because, It is a private IP address.\n...\n

                If it shows this error message and you haven't enabled JWT while using a local network, then it's likely due to an error triggered proactively by OnlyOffice server for enhanced security. (https://github.com/ONLYOFFICE/DocumentServer/issues/2268#issuecomment-1600787905)

                So, as mentioned in the post, we highly recommend you enabling JWT in your integrations to fix this problem.

                "},{"location":"extension/only_office/#the-document-security-token-is-not-correctly-formed","title":"The document security token is not correctly formed","text":"

                Starting from OnlyOffice Docker-DocumentServer version 7.2, JWT is enabled by default on OnlyOffice server.

                So, for security reason, please Configure OnlyOffice to use JWT Secret.

                "},{"location":"extension/only_office/#onlyoffice-on-a-separate-host-and-url","title":"OnlyOffice on a separate host and URL","text":"

                In general, you only need to specify the values \u200b\u200bof the following fields in seahub_settings.py and then restart the service.

                ENABLE_ONLYOFFICE = True\nONLYOFFICE_APIJS_URL = 'http{s}://<Your OnlyOffice host url>/web-apps/apps/api/documents/api.js'\nONLYOFFICE_FILE_EXTENSION = ('doc', 'docx', 'ppt', 'pptx', 'xls', 'xlsx', 'odt', 'fodt', 'odp', 'fodp', 'ods', 'fods', 'csv', 'ppsx', 'pps')\nONLYOFFICE_JWT_SECRET = '<your jwt secret>'\n
                "},{"location":"extension/only_office/#about-ssl","title":"About SSL","text":"

                For deployments using the onlyoffice.yml file in this document, SSL is primarily handled by the Caddy. If the OnlyOffice document server and Seafile server are not on the same machine, please refer to the official document to configure SSL for OnlyOffice.

                "},{"location":"extension/setup_seadoc/","title":"SeaDoc Integration","text":"

                SeaDoc is an extension of Seafile that providing an online collaborative document editor.

                SeaDoc designed around the following key ideas:

                • An expressive easy to use editor
                • A review and approval workflow to better control how contents changes
                • Inter-document linking for connecting related contents
                • AI integration that streamlines content generation, summarization, and management
                • Comprehensive APIs for automating document generating and processing

                SeaDoc excels at:

                • Authoring product and technical documents
                • Creating knowledge base articles and online manuals
                • Building internal Wikis
                "},{"location":"extension/setup_seadoc/#architecture","title":"Architecture","text":"

                The SeaDoc archticture is demonstrated as below:

                Here is the workflow when a user open sdoc file in browser

                1. When a user open a sdoc file in the browser, a file loading request will be sent to Caddy, and Caddy proxy the request to SeaDoc server (see Seafile instance archticture for the details).
                2. SeaDoc server will send the file's content back if it is already cached, otherwise SeaDoc serve will sends a request to Seafile server.
                3. Seafile server loads the content, then sends it to SeaDoc server and write it to the cache at the same time.
                4. After SeaDoc receives the content, it will be sent to the browser.
                "},{"location":"extension/setup_seadoc/#deployment-method","title":"Deployment method","text":"

                SeaDoc has the following deployment methods:

                SeaDoc and Seafile docker are deployed on the same hostDeploy SeaDoc on a new host

                Download the seadoc.yml and integrate SeaDoc in Seafile docker.

                wget https://manual.seafile.com/12.0/docker/seadoc.yml\n

                Modify .env, and insert seadoc.yml into COMPOSE_FILE, and enable SeaDoc server

                COMPOSE_FILE='seafile-server.yml,caddy.yml,seadoc.yml'\n\nENABLE_SEADOC=true\nSEADOC_SERVER_URL=https://example.seafile.com/sdoc-server\n

                Download and modify the .env and seadoc.yml files.

                wget https://manual.seafile.com/12.0/docker/seadoc/1.0/standalone/seadoc.yml\nwget -o .env https://manual.seafile.com/12.0/docker/seadoc/1.0/standalone/env.yml\n
                Then modify the .env file according to your environment. The following fields are needed to be modified:

                variable description SEADOC_VOLUME The volume directory of SeaDoc data SEAFILE_MYSQL_DB_HOST Seafile MySQL host SEAFILE_MYSQL_DB_USER Seafile MySQL user, default is seafile SEAFILE_MYSQL_DB_PASSWORD Seafile MySQL password TIME_ZONE Time zone JWT_PRIVATE_KEY JWT key, the same as the config in Seafile .env file SEAFILE_SERVER_HOSTNAME Seafile host name SEAFILE_SERVER_PROTOCOL http or https SEADOC_SERVER_URL SeaDoc service URL

                Note

                Please bind SeaDoc server url and ip in the load balance(or reverse proxy) configuration after starting SeaDoc server

                Start SeaDoc server with the following command

                docker compose up -d\n

                Now you can use SeaDoc!

                "},{"location":"extension/setup_seadoc/#seadoc-directory-structure","title":"SeaDoc directory structure","text":"

                /opt/seadoc-data

                Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various log files outside. This allows you to rebuild containers easily without losing important information.

                • /opt/seadoc-data/logs: This is the directory for SeaDoc logs.
                "},{"location":"extension/setup_seadoc/#database-used-by-seadoc","title":"Database used by SeaDoc","text":"

                SeaDoc used one database table seahub_db.sdoc_operation_log to store operation logs.

                "},{"location":"extension/virus_scan/","title":"Virus Scan","text":"

                Seafile can scan uploaded files for malicious content in the background. When configured to run periodically, the scan process scans all existing libraries on the server. In each scan, the process only scans newly uploaded/updated files since the last scan. For each file, the process executes a user-specified virus scan command to check whether the file is a virus or not. Most anti-virus programs provide command line utility for Linux.

                To enable this feature, add the following options to seafile.conf:

                [virus_scan]\nscan_command = (command for checking virus)\nvirus_code = (command exit codes when file is virus)\nnonvirus_code = (command exit codes when file is not virus)\nscan_interval = (scanning interval, in unit of minutes, default to 60 minutes)\n

                More details about the options:

                • On Linux/Unix, most virus scan commands returns specific exit codes for virus and non-virus. You should consult the manual of your anti-virus program for more information.

                An example for ClamAV (http://www.clamav.net/) is provided below:

                [virus_scan]\nscan_command = clamscan\nvirus_code = 1\nnonvirus_code = 0\n

                To test whether your configuration works, you can trigger a scan manually:

                cd seafile-server-latest\n./pro/pro.py virus_scan\n

                If a virus was detected, you can see scan records and delete infected files on the Virus Scan page in the admin area.

                Note

                If you directly use clamav command line tool to scan files, scanning files will takes a lot of time. If you want to speed it up, we recommend to run Clamav as a daemon. Please refer to Run ClamAV as a Daemon

                When run Clamav as a daemon, the scan_command should be clamdscan in seafile.conf. An example for Clamav-daemon is provided below: 

                [virus_scan]\nscan_command = clamdscan\nvirus_code = 1\nnonvirus_code = 0\n

                Since Pro edition 6.0.0, a few more options are added to provide finer grained control for virus scan.

                [virus_scan]\n......\nscan_size_limit = (size limit for files to be scanned) # The unit is MB.\nscan_skip_ext = (a comma (',') separated list of file extensions to be ignored)\nthreads = (number of concurrent threads for scan, one thread for one file, default to 4)\n

                The file extensions should start with '.'. The extensions are case insensitive. By default, files with following extensions will be ignored:

                .bmp, .gif, .ico, .png, .jpg, .mp3, .mp4, .wav, .avi, .rmvb, .mkv\n

                The list you provide will override default list.

                "},{"location":"extension/virus_scan/#scanning-files-on-upload","title":"Scanning Files on Upload","text":"

                You may also configure Seafile to scan files for virus upon the files are uploaded. This only works for files uploaded via web interface or web APIs. Files uploaded with syncing or SeaDrive clients cannot be scanned on upload due to performance consideration.

                You may scan files uploaded from shared upload links by adding the option below to seahub_settings.py:

                ENABLE_UPLOAD_LINK_VIRUS_CHECK = True\n

                Since Pro Edition 11.0.7, you may scan all uploaded files via web APIs by adding the option below to seafile.conf:

                [fileserver]\ncheck_virus_on_web_upload = true\n
                "},{"location":"extension/virus_scan_with_clamav/","title":"Deploy ClamAV with Seafile","text":""},{"location":"extension/virus_scan_with_clamav/#deploy-with-docker","title":"Deploy with Docker","text":"

                If your Seafile server is deployed using Docker, we also recommend that you use Docker to deploy ClamAV by following the steps below, otherwise you can deploy it from binary package of ClamAV.

                "},{"location":"extension/virus_scan_with_clamav/#download-clamavyml-and-insert-to-docker-compose-lists-in-env","title":"Download clamav.yml and insert to Docker-compose lists in .env","text":"

                Download clamav.yml

                wget https://manual.seafile.com/12.0/docker/pro/clamav.yml\n

                Modify .env, insert clamav.yml to field COMPOSE_FILE

                COMPOSE_FILE='seafile-server.yml,caddy.yml,clamav.yml'\n
                "},{"location":"extension/virus_scan_with_clamav/#modify-seafileconf","title":"Modify seafile.conf","text":"

                Add the following statements to seafile.conf

                [virus_scan]\nscan_command = clamdscan\nvirus_code = 1\nnonvirus_code = 0\nscan_interval = 5\nscan_size_limit = 20\nthreads = 2\n
                "},{"location":"extension/virus_scan_with_clamav/#restart-docker-container","title":"Restart docker container","text":"
                docker compose down\ndocker compose up -d \n

                Wait some minutes until Clamav finished initializing.

                Now Clamav can be used.

                "},{"location":"extension/virus_scan_with_clamav/#use-clamav-in-binary-based-deployment","title":"Use ClamAV in binary based deployment","text":""},{"location":"extension/virus_scan_with_clamav/#install-clamav-daemon-clamav-freshclam","title":"Install clamav-daemon & clamav-freshclam","text":"
                apt-get install clamav-daemon clamav-freshclam\n

                You should run Clamd with a root permission to scan any files. Edit the conf /etc/clamav/clamd.conf,change the following line:

                LocalSocketGroup root\nUser root\n
                "},{"location":"extension/virus_scan_with_clamav/#start-the-clamav-daemon","title":"Start the clamav-daemon","text":"
                systemctl start clamav-daemon\n

                Test the software

                $ curl https://secure.eicar.org/eicar.com.txt | clamdscan -\n

                The output must include:

                stream: Eicar-Test-Signature FOUND\n
                "},{"location":"extension/virus_scan_with_kav4fs/","title":"Virus Scan with kav4fs","text":""},{"location":"extension/virus_scan_with_kav4fs/#prerequisite","title":"Prerequisite","text":"

                Assume you have installed Kaspersky Anti-Virus for Linux File Server on the Seafile Server machine.

                If the user that runs Seafile Server is not root, it should have sudoers privilege to avoid writing password when running kav4fs-control. Add following content to /etc/sudoers:

                <user of running seafile server>    ALL=(ALL:ALL) ALL\n<user of running seafile server> ALL=NOPASSWD: /opt/kaspersky/kav4fs/bin/kav4fs-control\n
                "},{"location":"extension/virus_scan_with_kav4fs/#script","title":"Script","text":"

                As the return code of kav4fs cannot reflect the file scan result, we use a shell wrapper script to parse the scan output and based on the parse result to return different return codes to reflect the scan result.

                Save following contents to a file such as kav4fs_scan.sh:

                #!/bin/bash\n\nTEMP_LOG_FILE=`mktemp /tmp/XXXXXXXXXX`\nVIRUS_FOUND=1\nCLEAN=0\nUNDEFINED=2\nKAV4FS='/opt/kaspersky/kav4fs/bin/kav4fs-control'\nif [ ! -x $KAV4FS ]\nthen\n    echo \"Binary not executable\"\n    exit $UNDEFINED\nfi\n\nsudo $KAV4FS --scan-file \"$1\" > $TEMP_LOG_FILE\nif [ \"$?\" -ne 0 ]\nthen\n    echo \"Error due to check file '$1'\"\n    exit 3\nfi\nTHREATS_C=`grep 'Threats found:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nRISKWARE_C=`grep 'Riskware found:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nINFECTED=`grep 'Infected:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nSUSPICIOUS=`grep 'Suspicious:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nSCAN_ERRORS_C=`grep 'Scan errors:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nPASSWORD_PROTECTED=`grep 'Password protected:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\nCORRUPTED=`grep 'Corrupted:' $TEMP_LOG_FILE|cut -d':' -f 2|sed 's/ //g'`\n\nrm -f $TEMP_LOG_FILE\n\nif [ $THREATS_C -gt 0 -o $RISKWARE_C -gt 0 -o $INFECTED -gt 0 -o $SUSPICIOUS -gt 0 ]\nthen\n    exit $VIRUS_FOUND\nelif [ $SCAN_ERRORS_C -gt 0 -o $PASSWORD_PROTECTED -gt 0 -o $CORRUPTED -gt 0 ]\nthen\n    exit $UNDEFINED\nelse\n    exit $CLEAN\nfi\n

                Grant execute permissions for the script (make sure it is owned by the user Seafile is running as):

                chmod u+x kav4fs_scan.sh\n

                The meaning of the script return code:

                1: found virus\n0: no virus\nother: scan failed\n
                "},{"location":"extension/virus_scan_with_kav4fs/#configuration","title":"Configuration","text":"

                Add following content to seafile.conf:

                [virus_scan]\nscan_command = <absolute path of kav4fs_scan.sh>\nvirus_code = 1\nnonvirus_code = 0\nscan_interval = <scanning interval, in unit of minutes, default to 60 minutes>\n
                "},{"location":"extension/webdav/","title":"WebDAV extension","text":"

                In the document below, we assume your seafile installation folder is /opt/seafile.

                "},{"location":"extension/webdav/#config-webdav-extension","title":"Config WebDAV extension","text":"

                The configuration file is /opt/seafile/conf/seafdav.conf. If it is not created already, you can just create the file.

                [WEBDAV]\n\n# Default is false. Change it to true to enable SeafDAV server.\nenabled = true\n\nport = 8080\ndebug = true\n\n# If you deploy seafdav behind nginx/apache, you need to modify \"share_name\".\nshare_name = /seafdav\n\n# SeafDAV uses Gunicorn as web server.\n# This option maps to Gunicorn's 'workers' setting. https://docs.gunicorn.org/en/stable/settings.html?#workers\n# By default it's set to 5 processes.\nworkers = 5\n\n# This option maps to Gunicorn's 'timeout' setting. https://docs.gunicorn.org/en/stable/settings.html?#timeout\n# By default it's set to 1200 seconds, to support large file uploads.\ntimeout = 1200\n

                Every time the configuration is modified, you need to restart seafile server to make it take effect.

                ./seafile.sh restart\n

                Your WebDAV client would visit the Seafile WebDAV server at http://example.com:8080/seafdav

                In Pro edition 7.1.8 version and community edition 7.1.5, an option is added to append library ID to the library name returned by SeafDAV.

                show_repo_id=true\n
                "},{"location":"extension/webdav/#proxy","title":"Proxy","text":"NginxApache

                For Seafdav, the configuration of Nginx is as follows:

                .....\n\n    location /seafdav {\n        rewrite ^/seafdav$ /seafdav/ permanent;\n    }\n\n    location /seafdav/ {\n        proxy_pass         http://127.0.0.1:8080/seafdav/;\n        proxy_set_header   Host $host;\n        proxy_set_header   X-Real-IP $remote_addr;\n        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header   X-Forwarded-Host $server_name;\n        proxy_set_header   X-Forwarded-Proto $scheme;\n        proxy_read_timeout  1200s;\n        client_max_body_size 0;\n\ufeff\n        access_log      /var/log/nginx/seafdav.access.log seafileformat;\n        error_log       /var/log/nginx/seafdav.error.log;\n    }\n\n    location /:dir_browser {\n        proxy_pass         http://127.0.0.1:8080/:dir_browser;\n    }\n

                For Seafdav, the configuration of Apache is as follows:

                ......\n    <Location /seafdav>\n        ProxyPass \"http://127.0.0.1:8080/seafdav\"\n    </Location>\n
                "},{"location":"extension/webdav/#notes-on-clients","title":"Notes on Clients","text":"

                Please first note that, there are some known performance limitation when you map a Seafile webdav server as a local file system (or network drive).

                • Uploading large number of files at once is usually much slower than the syncing client. That's because each file needs to be committed separately.
                • The access to the webdav server may be slow sometimes. That's because the local file system driver sends a lot of unnecessary requests to get the files' attributes.

                So WebDAV is more suitable for infrequent file access. If you want better performance, please use the sync client instead.

                WindowsLinuxMac OS X

                Windows Explorer supports HTTPS connection. But it requires a valid certificate on the server. It's generally recommended to use Windows Explorer to map a webdav server as network dirve. If you use a self-signed certificate, you have to add the certificate's CA into Windows' system CA store.

                On Linux you have more choices. You can use file manager such as Nautilus to connect to webdav server. Or you can use davfs2 from the command line.

                To use davfs2

                sudo apt-get install davfs2\nsudo mount -t davfs -o uid=<username> https://example.com/seafdav /media/seafdav/\n

                The -o option sets the owner of the mounted directory to so that it's writable for non-root users.

                It's recommended to disable LOCK operation for davfs2. You have to edit /etc/davfs2/davfs2.conf

                use_locks       0\n

                Finder's support for WebDAV is also not very stable and slow. So it is recommended to use a webdav client software such as Cyberduck.

                "},{"location":"extension/webdav/#frequently-asked-questions","title":"Frequently Asked Questions","text":""},{"location":"extension/webdav/#clients-cant-connect-to-seafdav-server","title":"Clients can't connect to seafdav server","text":"

                By default, seafdav is disabled. Check whether you have enabled = true in seafdav.conf. If not, modify it and restart seafile server.

                "},{"location":"extension/webdav/#the-client-gets-error-404-not-found","title":"The client gets \"Error: 404 Not Found\"","text":"

                If you deploy SeafDAV behind Nginx/Apache, make sure to change the value of share_name as the sample configuration above. Restart your seafile server and try again.

                "},{"location":"extension/webdav/#cant-renamemove-filefolder","title":"Can't rename/move file/folder","text":"

                First, check the seafdav.log to see if there is log like the following. 

                \"MOVE ... -> 502 Bad Gateway\n

                If you have enabled debug, there will also be the following log. 

                09:47:06.533 - DEBUG   : Raising DAVError 502 Bad Gateway: Source and destination must have the same scheme.\nIf you are running behind a reverse proxy, you may have to rewrite the 'Destination' header.\n(See https://github.com/mar10/wsgidav/issues/183)\n\n09:47:06.533 - DEBUG   : Caught (502, \"Source and destination must have the same scheme.\\nIf you are running behind a reverse proxy, you may have to rewrite the 'Destination' header.\\n(See https://github.com/mar10/wsgidav/issues/183)\")\n

                This issue usually occurs when you have configured HTTPS, but the request was forwarded, resulting in the HTTP_X_FORWARDED_PROTO value in the request received by Seafile not being HTTPS.

                You can solve this by manually changing the value of HTTP_X_FORWARDED_PROTO. For example, in nginx, change 

                proxy_set_header X-Forwarded-Proto $scheme;\n

                to

                proxy_set_header X-Forwarded-Proto https;\n
                "},{"location":"extension/webdav/#windows-explorer-reports-file-size-exceeds-the-limit-allowed-and-cannot-be-saved","title":"Windows Explorer reports \"file size exceeds the limit allowed and cannot be saved\"","text":"

                This happens when you map webdav as a network drive, and tries to copy a file larger than about 50MB from the network drive to a local folder.

                This is because Windows Explorer has a limit of the file size downloaded from webdav server. To make this size large, change the registry entry on the client machine. There is a registry key named FileSizeLimitInBytes under HKEY_LOCAL_MACHINE -> SYSTEM -> CurrentControlSet -> Services -> WebClient -> Parameters.

                "},{"location":"introduction/components/","title":"Seafile Components","text":"

                Seafile Server consists of the following two components:

                • Seahub (django)\uff1athe web frontend. Seafile server package contains a light-weight Python HTTP server gunicorn that serves the website. By default, Seahub runs as an application within gunicorn. You can also configure Seahub to run under WSGI mode behind Nginx or Apache. This is recommended for production setups.
                • Seafile server (seaf-server)\uff1adata service daemon, handles raw file upload, download and synchronization. Seafile server by default listens on port 8082. You can configure Nginx/Apache to proxy traffic to the local 8082 port.

                The picture below shows how Seafile clients access files when you configure Seafile behind Nginx/Apache.

                Tip

                All access to the Seafile service (including Seahub and Seafile server) can be configured behind Nginx or Apache web server. This way all network traffic to the service can be encrypted with HTTPS.

                "},{"location":"introduction/contribution/","title":"Contribution","text":""},{"location":"introduction/contribution/#licensing","title":"Licensing","text":"

                The different components of Seafile project are released under different licenses:

                • Seafile iOS client: Apache License v2
                • Seafile Android client: GPLv3
                • Desktop syncing client: GPLv2
                • Seafile Server core: AGPLv3
                • Seahub (Seafile server Web UI): Apache License v2
                "},{"location":"introduction/contribution/#discussion","title":"Discussion","text":"

                Forum: https://forum.seafile.com

                Follow us @seafile https://twitter.com/seafile

                "},{"location":"introduction/contribution/#report-a-bug","title":"Report a Bug","text":"
                • Please report a bug in our forum, this is a preferred way.
                • You can also report a bug in GitHub https://github.com/haiwen/seafile/issues?state=open
                "},{"location":"introduction/file_permission_management/","title":"File permission management","text":"

                Seafile manages files using libraries. Every library has an owner, who can share the library to other users or share it with groups. The sharing can be read-only or read-write.

                "},{"location":"introduction/file_permission_management/#read-only-syncing","title":"Read-only syncing","text":"

                Read-only libraries can be synced to local desktop. The modifications at the client will not be synced back. If a user has modified some file contents, he can use \"resync\" to revert the modifications.

                "},{"location":"introduction/file_permission_management/#cascading-permissionsub-folder-permissions-pro-edition","title":"Cascading permission/Sub-folder permissions (Pro edition)","text":"

                Sharing controls whether a user or group can see a library, while sub-folder permissions are used to modify permissions on specific folders.

                Supposing you share a library as read-only to a group and then want specific sub-folders to be read-write for a few users, you can set read-write permissions on sub-folders for some users and groups.

                Note

                • Setting sub-folder permission for a user without sharing the folder or parent folder to that user will have no effect.
                • Sharing a library read-only to a user and then sharing a sub-folder read-write to that user will lead to two shared items for that user. This is going to cause confusion. Use sub-folder permissions instead.
                "},{"location":"introduction/roadmap/","title":"Roadmap","text":"

                Please check https://www.seafile.com/en/roadmap/

                "},{"location":"outdate/change_default_java/","title":"Change default java","text":"

                When you have both Java 6 and Java 7 installed, the default Java may not be Java 7.

                Do this by typing java -version, and check the output.

                • If the output is like \"java version \"1.7.0_xx\", then the default Java is Java 7, which is good.
                • If the output is like \"java version \"1.6.0_xx\", then the default Java is Java 6, we need to configure default Java to Java 7.

                If the default Java is Java 6, then do

                On Debian/Ubuntu: 

                sudo update-alternatives --config java\n

                On CentOS/RHEL: 

                sudo alternatives --config java\n

                The above command will ask you to choose one of the installed Java versions as default. You should choose Java 7 here.

                After that, re-run java -version to make sure the change has taken effect.

                Reference link

                "},{"location":"outdate/kerberos_config/","title":"Kerberos config","text":""},{"location":"outdate/kerberos_config/#kerberos","title":"Kerberos","text":"

                NOTE: Since version 7.0, this documenation is deprecated. Users should use Apache as a proxy server for Kerberos authentication. Then configure Seahub by the instructions in Remote User Authentication.

                Kerberos is a widely used single sign on (SSO) protocol. Seafile server supports authentication via Kerberos. It allows users to log in to Seafile without entering credentials again if they have a kerberos ticket.

                In this documentation, we assume the reader is familiar with Kerberos installation and configuration.

                Seahub provides a special URL to handle Kerberos login. The URL is https://your-server/krb5-login. Only this URL needs to be configured under Kerberos protection. All other URLs don't go through the Kerberos module. The overall workflow for a user to login with Kerberos is as follows:

                1. In the Seafile login page, there is a separate \"Kerberos\" login button. When the user clicks the button, it will be redirected to https://your-server/krb5-login.
                2. Since that URL is controlled by Kerberos, the apache module will try to get a Ticket from the Kerberos server.
                3. Seahub reads the user information from the request and brings the user to its home page.
                4. Further requests to Seahub will not pass through the Kerberos module. Since Seahub keeps session information internally, the user doesn't need to login again until the session expires.

                The configuration includes three steps:

                1. Get a keytab for Apache from Kerberos
                2. Configure Apache
                3. Configure Seahub
                "},{"location":"outdate/kerberos_config/#get-keytab-for-apache","title":"Get keytab for Apache","text":"

                Store the keytab under the name defined below and make it accessible only to the apache user (e.g. httpd or www-data and chmod 600).

                "},{"location":"outdate/kerberos_config/#apache-configuration","title":"Apache Configuration","text":"

                You should create a new location in your virtual host configuration for Kerberos.

                <IfModule mod_ssl.c>\n    <VirtualHost _default_:443>\n        ServerName seafile.example.com\n        DocumentRoot /var/www\n...\n        <Location /krb5-login/>\n            SSLRequireSSL\n            AuthType Kerberos\n            AuthName \"Kerberos EXAMPLE.ORG\"\n            KrbMethodNegotiate On\n            KrbMethodK5Passwd On\n            Krb5KeyTab /etc/apache2/conf.d/http.keytab\n            #ErrorDocument 401 '<html><meta http-equiv=\"refresh\" content=\"0; URL=/accounts/login\"><body>Kerberos authentication did not pass.</body></html>'\n            Require valid-user\n        </Location>\n...\n    </VirtualHost>\n</IfModule>\n

                After restarting Apache, you should see in the Apache logs that user@REALM is used when accessing https://seafile.example.com/krb5-login/.

                "},{"location":"outdate/kerberos_config/#configure-seahub","title":"Configure Seahub","text":"

                Seahub extracts the username from the REMOTE_USER environment variable.

                Now we have to tell Seahub what to do with the authentication information passed in by Kerberos.

                Add the following option to seahub_settings.py.

                ENABLE_KRB5_LOGIN = True\n
                "},{"location":"outdate/kerberos_config/#verify","title":"Verify","text":"

                After restarting Apache and Seafile services, you can test the Kerberos login workflow.

                "},{"location":"outdate/outlook_addin_config/","title":"SSO for Seafile Outlook Add-in","text":"

                The Seafile Add-in for Outlook natively supports authentication via username and password. In order to authenticate with SSO, the add-in utilizes SSO support integrated in Seafile's webinterface Seahub.

                Specifically, this is how SSO with the add-in works :

                • When clicking the SSO button in the add-in, the add-in opens a browser window and requests http(s)://SEAFILE_SERVER_URL/outlook/
                • A PHP script redirects the request to http(s)://SEAFILE_SERVER_URL/accounts/login/ including a redirect request to /outlook/ following a successful authentication (e.g., https://demo.seafile.com/accounts/login/?next=/jwt-sso/?page=/outlook/)
                • The identity provider signals to Seafile the user's successful authentication
                • The PHP script sends an API-token to the add-in
                • The add-in authorizes all API calls with the API-token

                This document explains how to configure Seafile and the reverse proxy and how to deploy the PHP script.

                "},{"location":"outdate/outlook_addin_config/#requirements","title":"Requirements","text":"

                SSO authentication must be configured in Seafile.

                Seafile Server must be version 8.0 or above.

                "},{"location":"outdate/outlook_addin_config/#installing-prerequisites","title":"Installing prerequisites","text":"

                The packages php, composer, firebase-jwt, and guzzle must be installed. PHP can usually be downloaded and installed via the distribution's official repositories. firebase-jwt and guzzle are installed using composer.

                First, install the php package and check the installed version: 

                # CentOS/RedHat\n$ sudo yum install -y php-fpm php-curl\n$ php --version\n\n# Debian/Ubuntu\n$ sudo apt install -y php-fpm php-curl\n$ php --version\n

                Second, install composer. You find an up-to-date install manual at https://getcomposer.org/ for CentOS, Debian, and Ubuntu.

                Third, use composer to install firebase-jwt and guzzle in a new directory in /var/www: 

                $ mkdir -p /var/www/outlook-sso\n$ cd /var/www/outlook-sso\n$ composer require firebase/php-jwt guzzlehttp/guzzle\n

                "},{"location":"outdate/outlook_addin_config/#configuring-seahub","title":"Configuring Seahub","text":"

                Add this block to the config file seahub_settings.py using a text editor:

                ENABLE_JWT_SSO = True\nJWT_SSO_SECRET_KEY = 'SHARED_SECRET'\nENABLE_SYS_ADMIN_GENERATE_USER_AUTH_TOKEN = True\n

                Replace SHARED_SECRET with a secret of your own.

                "},{"location":"outdate/outlook_addin_config/#configuring-the-proxy-server","title":"Configuring the proxy server","text":"

                The configuration depends on the proxy server use.

                If you use nginx, add the following location block to the nginx configuration:

                location /outlook {\n    alias /var/www/outlook-sso/public;\n    index index.php;\n    location ~ \\.php$ {\n      fastcgi_split_path_info ^(.+\\.php)(/.+)$;\n      fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;\n      fastcgi_param SCRIPT_FILENAME $request_filename;\n      fastcgi_index index.php;\n      include fastcgi_params;\n    }\n}\n

                This sample block assumes that PHP 7.4 is installed. If you have a different PHP version on your system, modify the version in the fastcgi_pass unix.

                Note: The alias path can be altered. We advise against it unless there are good reasons. If you do, make sure you modify the path accordingly in all subsequent steps.

                Finally, check the nginx configuration and restart nginx:

                $ nginx -t\n$ nginx -s reload\n
                "},{"location":"outdate/outlook_addin_config/#deploying-the-php-script","title":"Deploying the PHP script","text":"

                The PHP script and corresponding configuration files will be saved in the new directory created earlier. Change into it and add a PHP config file:

                $ cd /var/www/outlook-sso\n$ nano config.php\n

                Paste the following content in the config.php:

                <?php\n\n# general settings\n$seafile_url = 'SEAFILE_SERVER_URL';\n$jwt_shared_secret = 'SHARED_SECRET';\n\n# Option 1: provide credentials of a seafile admin user\n$seafile_admin_account = [\n    'username' => '',\n    'password' => '',\n];\n\n# Option 2: provide the api-token of a seafile admin user\n$seafile_admin_token = '';\n\n?>\n

                First, replace SEAFILE_SERVER_URL with the URL of your Seafile Server and SHARED_SECRET with the key used in Configuring Seahub.

                Second, add either the user credentials of a Seafile user with admin rights or the API-token of such a user.

                In the next step, create the index.php and copy & paste the PHP script:

                mkdir /var/www/outlook-sso/public\n$ cd /var/www/outlook-sso/public\n$ nano index.php\n

                Paste the following code block:

                <?php\n/** IMPORTANT: there is no need to change anything in this file ! **/\n\nrequire_once __DIR__ . '/../vendor/autoload.php';\nrequire_once __DIR__ . '/../config.php';\n\nif(!empty($_GET['jwt-token'])){\n    try {\n        $decoded = Firebase\\JWT\\JWT::decode($_GET['jwt-token'], new Firebase\\JWT\\Key($jwt_shared_secret, 'HS256'));\n    }\n    catch (Exception $e){\n        echo json_encode([\"error\" => \"wrong JWT-Token\"]);\n        die();\n    }\n\n    try {\n        // init connetion to seafile api\n        $client = new GuzzleHttp\\Client(['base_uri' => $seafile_url]);\n\n        // get admin api-token with his credentials (if not set)\n        if(empty($seafile_admin_token)){\n            $request = $client->request('POST', '/api2/auth-token/', ['form_params' => $seafile_admin_account]);\n            $response = json_decode($request->getBody());\n            $seafile_admin_token = $response->token;\n        }\n\n        // get api-token of the user\n        $request = $client->request('POST', '/api/v2.1/admin/generate-user-auth-token/', [\n            'json' => ['email' => $decoded->email],\n            'headers' => ['Authorization' => 'Token '. $seafile_admin_token]\n        ]);\n        $response = json_decode($request->getBody());\n\n        // create the output for the outlook plugin (json like response)\n        echo json_encode([\n            'exp' => $decoded->exp,\n            'email' => $decoded->email,\n            'name' => $decoded->name,\n            'token' => $response->token,\n        ]);\n    } catch (GuzzleHttp\\Exception\\ClientException $e){\n        echo $e->getResponse()->getBody();\n    }\n}\nelse{ // no jwt-token. therefore redirect to the login page of seafile\n    header(\"Location: \". $seafile_url .\"/accounts/login/?next=/jwt-sso/?page=/outlook\");\n} ?>\n

                Note: Contrary to the config.php, no replacements or modifications are necessary in this file.

                The directory layout in /var/www/sso-outlook/ should now look as follows:

                $ tree -L 2 /var/www/outlook-sso\n/var/www/outlook-sso/\n\u251c\u2500\u2500 composer.json\n\u251c\u2500\u2500 composer.lock\n\u251c\u2500\u2500 config.php\n\u251c\u2500\u2500 public\n|   \u2514\u2500\u2500 index.php\n\u2514\u2500\u2500 vendor\n    \u251c\u2500\u2500 autoload.php\n    \u251c\u2500\u2500 composer\n    \u2514\u2500\u2500 firebase\n

                Seafile and Seahub are now configured to support SSO in the Seafile Add-in for Outlook.

                "},{"location":"outdate/outlook_addin_config/#testing","title":"Testing","text":"

                You can now test SSO authentication in the add-in. Hit the SSO button in the settings of the Seafile add-in.

                "},{"location":"outdate/seaf_encrypt/","title":"Seafile Storage Encryption Backend","text":"

                This feature is deprecated. We recommend you to use the encryption feature provided the storage system.

                Since Seafile Professional Server 5.1.3, we support storage enryption backend functionality. When enabled, all seafile objects (commit, fs, block) will be encrypted with AES 256 CBC algorithm, before writing them to the storage backend. Currently supported backends are: file system, Ceph, Swift and S3.

                Note that all objects will be encrypted with the same global key/iv pair. The key/iv pair has to be generated by the system admin and stored safely. If the key/iv pair is lost, all data cannot be recovered.

                "},{"location":"outdate/seaf_encrypt/#configure-storage-backend-encryption","title":"Configure Storage Backend Encryption","text":""},{"location":"outdate/seaf_encrypt/#generate-key-and-iv","title":"Generate Key and IV","text":"

                Go to /seafile-server-latest, execute ./seaf-gen-key.sh -h. it will print the following usage information: 

                usage :\nseaf-gen-key.sh\n -p <file path to write key iv, default ./seaf-key.txt>\n

                By default, the key/iv pair will be saved to a file named seaf-key.txt in the current directory. You can use '-p' option to change the path.

                "},{"location":"outdate/seaf_encrypt/#configure-a-freshly-installed-seafile-server","title":"Configure a freshly installed Seafile Server","text":"

                Add the following configuration to seafile.conf:

                [store_crypt]\nkey_path = <the key file path generated in previous section>\n

                Now the encryption feature should be working.

                "},{"location":"outdate/seaf_encrypt/#migrating-existing-seafile-server","title":"Migrating Existing Seafile Server","text":"

                If you have existing data in the Seafile server, you have to migrate/encrypt the existing data. You must stop Seafile server before migrating the data.

                "},{"location":"outdate/seaf_encrypt/#create-directories-for-encrypted-data","title":"Create Directories for Encrypted Data","text":"

                Create new configuration and data directories for the encrypted data.

                cd seafile-server-latest\ncp -r conf conf-enc\nmkdir seafile-data-enc\ncp -r seafile-data/library-template seafile-data-enc\n# If you use SQLite database\ncp seafile-data/seafile.db seafile-data-enc/\n
                "},{"location":"outdate/seaf_encrypt/#edit-config-files","title":"Edit Config Files","text":"

                If you configured S3/Swift/Ceph backend, edit /conf-enc/seafile.conf. You must use a different bucket/container/pool to store the encrypted data.

                Then add the following configuration to /conf-enc/seafile.conf 

                [store_crypt]\nkey_path = <the key file path generated in previous section>\n
                "},{"location":"outdate/seaf_encrypt/#migrate-the-data","title":"Migrate the Data","text":"

                Go to /seafile-server-latest, use the seaf-encrypt.sh script to migrate the data.

                Run ./seaf-encrypt.sh -f ../conf-enc -e ../seafile-data-enc,

                Starting seaf-encrypt, please wait ...\n[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 57 block among 12 repo.\n[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 102 fs among 12 repo.\n[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all fs.\n[04/26/16 06:59:40] seaf-encrypt.c(444): Start to encrypt 66 commit among 12 repo.\n[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all commit.\n[04/26/16 06:59:41] seaf-encrypt.c(454): Success encrypt all block.\nseaf-encrypt run done\nDone.\n

                If there are error messages after executing seaf-encrypt.sh, you can fix the problem and run the script again. Objects that have already been migrated will not be copied again.

                "},{"location":"outdate/seaf_encrypt/#clean-up","title":"Clean Up","text":"

                Go to , execute following commands: 

                mv conf conf-bak\nmv seafile-data seafile-data-bak\nmv conf-enc conf\nmv seafile-data-enc seafile-data\n

                Restart Seafile Server. If everything works okay, you can remove the backup directories.

                "},{"location":"outdate/terms_and_conditions/","title":"Terms and Conditions","text":"

                Starting from version 6.0, system admin can add T&C at admin panel, all users need to accept that before using the site.

                In order to use this feature, please add following line to seahub_settings.py, 

                ENABLE_TERMS_AND_CONDITIONS = True\n

                After restarting, there will be \"Terms and Conditions\" section at sidebar of admin panel.

                "},{"location":"outdate/using_fuse/","title":"Seafile","text":""},{"location":"outdate/using_fuse/#using-fuse","title":"Using Fuse","text":"

                Files in the seafile system are split to blocks, which means what are stored on your seafile server are not complete files, but blocks. This design faciliates effective data deduplication.

                However, administrators sometimes want to access the files directly on the server. You can use seaf-fuse to do this.

                Seaf-fuse is an implementation of the [http://fuse.sourceforge.net FUSE] virtual filesystem. In a word, it mounts all the seafile files to a folder (which is called the '''mount point'''), so that you can access all the files managed by seafile server, just as you access a normal folder on your server.

                Seaf-fuse is added since Seafile Server '''2.1.0'''.

                '''Note:''' * Encrypted folders can't be accessed by seaf-fuse. * Currently the implementation is '''read-only''', which means you can't modify the files through the mounted folder. * One debian/centos systems, you need to be in the \"fuse\" group to have the permission to mount a FUSE folder.

                "},{"location":"outdate/using_fuse/#how-to-start-seaf-fuse","title":"How to start seaf-fuse","text":"

                Assume we want to mount to /data/seafile-fuse.

                "},{"location":"outdate/using_fuse/#create-the-folder-as-the-mount-point","title":"Create the folder as the mount point","text":"
                mkdir -p /data/seafile-fuse\n
                "},{"location":"outdate/using_fuse/#start-seaf-fuse-with-the-script","title":"Start seaf-fuse with the script","text":"

                '''Note:''' Before start seaf-fuse, you should have started seafile server with ./seafile.sh start.

                ./seaf-fuse.sh start /data/seafile-fuse\n
                "},{"location":"outdate/using_fuse/#stop-seaf-fuse","title":"Stop seaf-fuse","text":"
                ./seaf-fuse.sh stop\n
                "},{"location":"outdate/using_fuse/#contents-of-the-mounted-folder","title":"Contents of the mounted folder","text":""},{"location":"outdate/using_fuse/#the-top-level-folder","title":"The top level folder","text":"

                Now you can list the content of /data/seafile-fuse.

                $ ls -lhp /data/seafile-fuse\n\ndrwxr-xr-x 2 root root 4.0K Jan  1  1970 abc@abc.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  1970 foo@foo.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  1970 plus@plus.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  1970 sharp@sharp.com/\ndrwxr-xr-x 2 root root 4.0K Jan  1  1970 test@test.com/\n
                • The top level folder contains many subfolders, each of which corresponds to a user
                • The time stamp of files and folders is not preserved.
                "},{"location":"outdate/using_fuse/#the-folder-for-each-user","title":"The folder for each user","text":"
                $ ls -lhp /data/seafile-fuse/abc@abc.com\n\ndrwxr-xr-x 2 root root  924 Jan  1  1970 5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/\ndrwxr-xr-x 2 root root 1.6K Jan  1  1970 a09ab9fc-7bd0-49f1-929d-6abeb8491397_My Notes/\n

                From the above list you can see, under the folder of a user there are subfolders, each of which represents a library of that user, and has a name of this format: '''{library_id}-{library-name}'''.

                "},{"location":"outdate/using_fuse/#the-folder-for-a-library","title":"The folder for a library","text":"
                $ ls -lhp /data/seafile-fuse/abc@abc.com/5403ac56-5552-4e31-a4f1-1de4eb889a5f_Photos/\n\n-rw-r--r-- 1 root root 501K Jan  1  1970 image.png\n-rw-r--r-- 1 root root 501K Jan  1  1970 sample.jpng\n
                "},{"location":"outdate/using_fuse/#if-you-get-a-permission-denied-error","title":"If you get a \"Permission denied\" error","text":"

                If you get an error message saying \"Permission denied\" when running ./seaf-fuse.sh start, most likely you are not in the \"fuse group\". You should:

                • Add yourself to the fuse group 
                  sudo usermod -a -G fuse <your-user-name>\n
                • Logout your shell and login again
                • Now try ./seaf-fuse.sh start <path> again.
                "},{"location":"outdate/using_syslog/","title":"Using syslog","text":""},{"location":"outdate/using_syslog/#configure-seafile-to-use-syslog","title":"Configure Seafile to Use Syslog","text":"

                Since community edition 5.1.2 and professional edition 5.1.4, Seafile support using Syslog.

                "},{"location":"outdate/using_syslog/#configure-syslog-for-seafile-controller-and-server","title":"Configure Syslog for Seafile Controller and Server","text":"

                Add following configuration to general section in seafile.conf: 

                [general]\nenable_syslog = true\n

                Restart seafile server, you will find follow logs in /var/log/syslog: 

                May 10 23:45:19 ubuntu seafile-controller[16385]: seafile-controller.c(154): starting ccnet-server ...\nMay 10 23:45:19 ubuntu seafile-controller[16385]: seafile-controller.c(73): spawn_process: ccnet-server -F /home/plt/haiwen/conf -c /home/plt/haiwen/ccnet -f /home/plt/haiwen/logs/ccnet.log -d -P /home/plt/haiwen/pids/ccnet.pid\n
                May 12 01:00:51 ubuntu seaf-server[21552]: ../common/mq-mgr.c(60): [mq client] mq cilent is started\nMay 12 01:00:51 ubuntu seaf-server[21552]: ../common/mq-mgr.c(106): [mq mgr] publish to hearbeat mq: seaf_server.heartbeat\n

                "},{"location":"outdate/using_syslog/#configure-syslog-for-seafevents-professional-edition-only","title":"Configure Syslog For Seafevents (Professional Edition only)","text":"

                Add following configuration to seafevents.conf: 

                [Syslog]\nenabled = true\n

                Restart seafile server, you will find follow logs in /var/log/syslog 

                May 12 01:00:52 ubuntu seafevents[21542]: [seafevents] database: mysql, name: seahub-pro\nMay 12 01:00:52 ubuntu seafevents[21542]: seafes enabled: True\nMay 12 01:00:52 ubuntu seafevents[21542]: seafes dir: /home/plt/pro-haiwen/seafile-pro-server-5.1.4/pro/python/seafes\n

                "},{"location":"outdate/using_syslog/#configure-syslog-for-seahub","title":"Configure Syslog For Seahub","text":"

                Add following configurations to seahub_settings.py:

                LOGGING = {\n    'version': 1,\n    'disable_existing_loggers': True,\n    'formatters': {\n        'verbose': {\n            'format': '%(process)-5d %(thread)d %(name)-50s %(levelname)-8s %(message)s'\n        },\n        'standard': {\n            'format': '%(asctime)s [%(levelname)s] %(name)s:%(lineno)s %(funcName)s %(message)s'\n        },\n        'simple': {\n            'format': '[%(asctime)s] %(name)s %(levelname)s %(message)s',\n            'datefmt': '%d/%b/%Y %H:%M:%S'\n        },\n    },\n    'filters': {\n        'require_debug_false': {\n            '()': 'django.utils.log.RequireDebugFalse',\n        },\n        'require_debug_true': {\n            '()': 'django.utils.log.RequireDebugTrue',\n        },\n    },\n    'handlers': {\n        'console': {\n            'filters': ['require_debug_true'],\n            'class': 'logging.StreamHandler',\n            'formatter': 'simple'\n        },\n        'syslog': {\n            'class': 'logging.handlers.SysLogHandler',\n            'address': '/dev/log',\n            'formatter': 'standard'\n        },\n    },\n    'loggers': {\n        # root logger\n \u00a0 \u00a0 \u00a0 \u00a0# All logs printed by Seahub and any third party libraries will be handled by this logger.\n \u00a0 \u00a0 \u00a0 \u00a0'': {\n            'handlers': ['console', 'syslog'],\n            'level': 'INFO', # Logs when log level is higher than info. Level can be any one of DEBUG, INFO, WARNING, ERROR, CRITICAL.\n            'disabled': False\n        },\n        # This logger recorded logs printed by Django Framework. For example, when you see 5xx page error, you should check the logs recorded by this logger.\n        'django.request': {\n            'handlers': ['console', 'syslog'],\n            'level': 'INFO',\n            'propagate': False,\n        },\n    },\n}\n
                "},{"location":"outdate/video_thumbnails/","title":"Video thumbnails","text":""},{"location":"outdate/video_thumbnails/#install-ffmpeg-package","title":"Install ffmpeg package","text":"

                You need to install ffmpeg package to let the video thumbnail work correctly:

                Ubuntu 16.04 

                # Install ffmpeg\nsudo apt-get update && sudo apt-get -y install ffmpeg\n\n# Now we need to install some modules\npip install pillow moviepy\n

                Centos 7 

                # We need to activate the epel repos\nyum -y install epel-release\nrpm --import http://li.nux.ro/download/nux/RPM-GPG-KEY-nux.ro\n\n# Then update the repo and install ffmpeg\nyum -y install ffmpeg ffmpeg-devel\n\n# Now we need to install some modules\npip install pillow moviepy\n

                Debian Jessie 

                # Add backports repo to /etc/apt/sources.list.d/\n# e.g. the following repo works (June 2017)\nsudo echo \"deb http://httpredir.debian.org/debian $(lsb_release -cs)-backports main non-free\" > /etc/apt/sources.list.d/debian-backports.list\n\n# Then update the repo and install ffmpeg\nsudo apt-get update && sudo apt-get -y install ffmpeg\n\n# Now we need to install some modules\npip install pillow moviepy\n

                "},{"location":"outdate/video_thumbnails/#configure-seafile-to-create-thumbnails","title":"Configure Seafile to create thumbnails","text":"

                Now configure accordingly in seahub_settings.py

                # Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first. \n# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails/\n# NOTE: since version 6.1\nENABLE_VIDEO_THUMBNAIL = True\n\n# Use the frame at 5 second as thumbnail\nTHUMBNAIL_VIDEO_FRAME_TIME = 5  \n\n# Absolute filesystem path to the directory that will hold thumbnail files.\nTHUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/'\n
                "},{"location":"setup/caddy/","title":"HTTPS and Caddy","text":"

                Note

                From Seafile Docker 12.0, HTTPS will be handled by the Caddy. The default caddy image used of Seafile docker is lucaslorentz/caddy-docker-proxy:2.9.

                Caddy is a modern open source web server that mainly binds external traffic and internal services in seafile docker. In addition to the advantages of traditional proxy components (e.g., nginx), Caddy also makes it easier for users to complete the acquisite and update of HTTPS certificates by providing simpler configurations.

                To engage HTTPS, users only needs to correctly configure the following fields in .env:

                SEAFILE_SERVER_PROTOCOL=https\nSEAFILE_SERVER_HOSTNAME=example.com\n
                "},{"location":"setup/cluster_deploy_with_docker/","title":"Seafile Docker Cluster Deployment","text":"

                Seafile Docker cluster deployment requires \"sticky session\" settings in the load balancer. Otherwise sometimes folder download on the web UI can't work properly. Read the Load Balancer Setting for details.

                "},{"location":"setup/cluster_deploy_with_docker/#environment","title":"Environment","text":"

                System: Ubuntu 20.04

                docker-compose: 1.25.0

                Seafile Server: 2 frontend nodes, 1 backend node

                We assume you have already deployed memcache, MariaDB, ElasticSearch in separate machines and use S3 like object storage.

                "},{"location":"setup/cluster_deploy_with_docker/#deployment-preparation","title":"Deployment preparation","text":"

                Create the three databases ccnet_db, seafile_db, and seahub_db required by Seafile on MariaDB/MySQL, and authorize the `seafile` user to be able to access these three databases:

                $ mysql -h{your mysql host} -u[username] -p[password]\n\nmysql>\ncreate user 'seafile'@'%' identified by 'PASSWORD';\n\ncreate database `ccnet_db` character set = 'utf8';\ncreate database `seafile_db` character set = 'utf8';\ncreate database `seahub_db` character set = 'utf8';\n\nGRANT ALL PRIVILEGES ON `ccnet_db`.* to 'seafile'@'%';\nGRANT ALL PRIVILEGES ON `seafile_db`.* to 'seafile'@'%';\nGRANT ALL PRIVILEGES ON `seahub_db`.* to 'seafile'@'%';\n

                You also need to create a table in `seahub_db`

                mysql>\nuse seahub_db;\nCREATE TABLE `avatar_uploaded` (\n  `filename` text NOT NULL,\n  `filename_md5` char(32) NOT NULL,\n  `data` mediumtext NOT NULL,\n  `size` int(11) NOT NULL,\n  `mtime` datetime NOT NULL,\n  PRIMARY KEY (`filename_md5`)\n) ENGINE=InnoDB DEFAULT CHARSET=utf8;\n
                "},{"location":"setup/cluster_deploy_with_docker/#deploy-seafile-service","title":"Deploy Seafile service","text":""},{"location":"setup/cluster_deploy_with_docker/#deploy-seafile-frontend-nodes","title":"Deploy seafile frontend nodes","text":"

                Create the mount directory

                $ mkdir -p /opt/seafile/shared\n

                Create the docker-compose.yml file

                $ cd /opt/seafile\n$ vim docker-compose.yml\n
                services:\n  seafile:\n    image: docker.seadrive.org/seafileltd/seafile-pro-mc:latest\n    container_name: seafile\n    ports:\n      - 80:80\n    volumes:\n      - /opt/seafile/shared:/shared\n    environment:\n      - CLUSTER_SERVER=true\n      - CLUSTER_MODE=frontend\n      - TIME_ZONE=UTC  # Optional, default is UTC. Should be uncomment and set to your local time zone.\n

                Note

                • CLUSTER_SERVER=true means seafile cluster mode
                • CLUSTER_MODE=frontend means this node is seafile frontend server

                Start the seafile docker container

                $ cd /opt/seafile\n$ docker compose up -d\n
                "},{"location":"setup/cluster_deploy_with_docker/#initial-configuration-files","title":"Initial configuration files","text":"

                1. Manually generate configuration files

                $ docker exec -it seafile bash\n\n# cd /scripts  && ./cluster_conf_init.py\n# cd /opt/seafile/conf \n

                2. Modify the mysql configuration options (user, host, password) in configuration files such as ccnet.conf, seafevents.conf, seafile.conf and seahub_settings.py.

                3. Modify the memcached configuration option in seahub_settings.py

                CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': 'memcached:11211',\n    },\n...\n}\n                         |\n                         v\n\nCACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '{you memcached server host}:11211',\n    },\n...\n}\n

                4. Modify the [INDEX FILES] configuration options in seafevents.conf

                [INDEX FILES]\nes_port = {your elasticsearch server port}\nes_host = {your elasticsearch server host}\nenabled = true\nhighlight = fvh\ninterval = 10m\n...\n

                5. Add some configurations in seahub_settings.py

                SERVICE_URL = 'http{s}://{your server IP or sitename}/'\nFILE_SERVER_ROOT = 'http{s}://{your server IP or sitename}/seafhttp'\nAVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage'\n

                6. Add cluster special configuration in seafile.conf

                [cluster]\nenabled = true\n

                7. Add memory cache configuration in seafile.conf

                [memcached]\nmemcached_options = --SERVER={you memcached server host} --POOL-MIN=10 --POOL-MAX=100\n
                "},{"location":"setup/cluster_deploy_with_docker/#import-the-tables-of-seahub_db-seafile_db-and-ccnet_db","title":"Import the tables of seahub_db, seafile_db and ccnet_db","text":"

                Enter the container, and then execute the following commands to import tables

                $ docker exec -it seafile bash\n\n# apt-get update && apt-get install -y mysql-client\n\n# mysql -h{your mysql host} -u[username] -p[password]  ccnet_db < /opt/seafile/seafile-server-latest/sql/mysql/ccnet.sql\n# mysql -h{your mysql host} -u[username] -p[password]  seafile_db < /opt/seafile/seafile-server-latest/sql/mysql/seafile.sql\n# mysql -h{your mysql host} -u[username] -p[password]  seahub_db <  /opt/seafile/seafile-server-latest/seahub/sql/mysql.sql\n

                Start Seafile service

                $ docker exec -it seafile bash\n\n# cd /opt/seafile/seafile-server-latest\n# ./seafile.sh start && ./seahub.sh start\n

                When you start it for the first time, seafile will guide you to set up an admin user.

                When deploying the second frontend node, you can directly copy all the directories generated by the first frontend node, including the docker-compose.yml file and modified configuration files, and then start the seafile docker container.

                "},{"location":"setup/cluster_deploy_with_docker/#deploy-seafile-backend-node","title":"Deploy seafile backend node","text":"

                Create the mount directory

                $ mkdir -p /opt/seafile/shared\n

                Create the docker-compose.yml file

                $ cd /opt/seafile\n$ vim docker-compose.yml\n
                services:\n  seafile:\n    image: docker.seadrive.org/seafileltd/seafile-pro-mc:latest\n    container_name: seafile\n    ports:\n      - 80:80\n    volumes:\n      - /opt/seafile/shared:/shared      \n    environment:\n      - CLUSTER_SERVER=true\n      - CLUSTER_MODE=backend\n      - TIME_ZONE=UTC  # Optional, default is UTC. Should be uncomment and set to your local time zone.\n

                Note

                • CLUSTER_SERVER=true means seafile cluster mode
                • CLUSTER_MODE=backend means this node is seafile backend server

                Start the seafile docker container

                $ cd /opt/seafile\n$ docker compose up -d\n

                Copy configuration files of the frontend node, and then start Seafile server of the backend node

                $ docker exec -it seafile bash\n\n# cd /opt/seafile/seafile-server-latest\n# ./seafile.sh start && ./seafile-background-tasks.sh start\n
                "},{"location":"setup/cluster_deploy_with_docker/#use-s3-as-backend-storage","title":"Use S3 as backend storage","text":"

                Modify the seafile.conf file on each node to configure S3 storage.

                vim seafile.conf

                [commit_object_backend]\nname = s3\nbucket = {your-commit-objects}  # The bucket name can only use lowercase letters, numbers, and dashes\nkey_id = {your-key-id}\nkey = {your-secret-key}\nuse_v4_signature = true\naws_region = eu-central-1  # eu-central-1 for Frankfurt region\n\n[fs_object_backend]\nname = s3\nbucket = {your-fs-objects}\nkey_id = {your-key-id}\nkey = {your-secret-key}\nuse_v4_signature = true\naws_region = eu-central-1\n\n[block_backend]\nname = s3\nbucket = {your-block-objects}\nkey_id = {your-key-id}\nkey = {your-secret-key}\nuse_v4_signature = true\naws_region = eu-central-1\n
                "},{"location":"setup/cluster_deploy_with_docker/#deployment-load-balance-optional","title":"Deployment load balance (Optional)","text":""},{"location":"setup/cluster_deploy_with_docker/#install-haproxy-and-keepalived-services","title":"Install HAproxy and Keepalived services","text":"

                Execute the following commands on the two Seafile frontend servers:

                $ apt install haproxy keepalived -y\n\n$ mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak\n\n$ cat > /etc/haproxy/haproxy.cfg << 'EOF'\nglobal\n    log 127.0.0.1 local1 notice\n    maxconn 4096\n    user haproxy\n    group haproxy\n\ndefaults\n    log global\n    mode http\n    retries 3\n    timeout connect 10000\n    timeout client 300000\n    timeout server 300000\n\nlisten seafile 0.0.0.0:80\n    mode http\n    option httplog\n    option dontlognull\n    option forwardfor\n    cookie SERVERID insert indirect nocache\n    server seafile01 Front-End01-IP:8001 check port 11001 cookie seafile01\n    server seafile02 Front-End02-IP:8001 check port 11001 cookie seafile02\nEOF\n

                Warning

                Please correctly modify the IP address (Front-End01-IP and Front-End02-IP) of the frontend server in the above configuration file. Other wise it cannot work properly.

                Choose one of the above two servers as the master node, and the other as the slave node.

                Perform the following operations on the master node:

                $ cat > /etc/keepalived/keepalived.conf << 'EOF'\n! Configuration File for keepalived\n\nglobal_defs {\n    notification_email {\n        root@localhost\n    }\n    notification_email_from keepalived@localhost\n    smtp_server 127.0.0.1\n    smtp_connect_timeout 30\n    router_id node1\n    vrrp_mcast_group4 224.0.100.18\n}\n\nvrrp_instance VI_1 {\n    state MASTER\n    interface eno1   # Set to the device name of a valid network interface on the current server, and the virtual IP will be bound to the network interface\n    virtual_router_id 50\n    priority 100\n    advert_int 1\n    authentication {\n        auth_type PASS\n        auth_pass seafile123\n    }\n    virtual_ipaddress {\n        172.26.154.45/24 dev eno1  # Configure to the correct virtual IP and network interface device name\n    }\n}\nEOF\n

                Warning

                Please correctly configure the virtual IP address and network interface device name in the above file. Other wise it cannot work properly.

                Perform the following operations on the standby node:

                $ cat > /etc/keepalived/keepalived.conf << 'EOF'\n! Configuration File for keepalived\n\nglobal_defs {\n    notification_email {\n        root@localhost\n    }\n    notification_email_from keepalived@localhost\n    smtp_server 127.0.0.1\n    smtp_connect_timeout 30\n    router_id node2\n    vrrp_mcast_group4 224.0.100.18\n}\n\nvrrp_instance VI_1 {\n    state BACKUP\n    interface eno1   # Set to the device name of a valid network interface on the current server, and the virtual IP will be bound to the network interface\n    virtual_router_id 50\n    priority 98\n    advert_int 1\n    authentication {\n        auth_type PASS\n        auth_pass seafile123\n    }\n    virtual_ipaddress {\n        172.26.154.45/24 dev eno1   # Configure to the correct virtual IP and network interface device name\n    }\n}\nEOF\n

                Finally, run the following commands on the two Seafile frontend servers to start the corresponding services:

                $ systemctl enable --now haproxy\n$ systemctl enable --now keepalived\n

                So far, Seafile cluster has been deployed.

                "},{"location":"setup/cluster_deploy_with_k8s/","title":"Setup with Kubernetes","text":"

                This manual explains how to deploy and run Seafile Server on a Linux server using Kubernetes (k8s thereafter).

                "},{"location":"setup/cluster_deploy_with_k8s/#gettings-started","title":"Gettings started","text":"

                The two volumes for persisting data, /opt/seafile-data and /opt/seafile-mysql, are still adopted in this manual. What's more, all k8s YAML files will be placed in /opt/seafile-k8s-yaml. It is not recommended to change these paths. If you do, account for it when following these instructions.

                "},{"location":"setup/cluster_deploy_with_k8s/#install-kubectl-and-k8s-control-plane","title":"Install kubectl and k8s control plane","text":"

                The two tools, kubectl and a k8s control plane tool (i.e., kubeadm), are required and can be installed with official installation guide.

                Multi-node deployment

                If it is a multi-node deployment, k8s control plane needs to be installed on each node. After installation, you need to start the k8s control plane service on each node and refer to the k8s official manual for creating a cluster. Since this manual still uses the same image as docker deployment, we need to add the following repository to k8s:

                kubectl create secret docker-registry regcred --docker-server=docker.seadrive.org/seafileltd --docker-username=seafile --docker-password=zjkmid6rQibdZ=uJMuWS\n
                "},{"location":"setup/cluster_deploy_with_k8s/#yaml","title":"YAML","text":"

                Seafile mainly involves three different services, namely database service, cache service and seafile service. Since these three services do not have a direct dependency relationship, we need to separate them from the entire docker-compose.yml (in this manual, we use Seafile 12 PRO) and divide them into three pods. For each pod, we need to define a series of YAML files for k8s to read, and we will store these YAMLs in /opt/seafile-k8s-yaml.

                Note

                This series of YAML mainly includes Deployment for pod management and creation, Service for exposing services to the external network, PersistentVolume for defining the location of a volume used for persistent storage on the host and Persistentvolumeclaim for declaring the use of persistent storage in the container. For futher configuration details, you can refer the official documents.

                "},{"location":"setup/cluster_deploy_with_k8s/#mariadb","title":"mariadb","text":""},{"location":"setup/cluster_deploy_with_k8s/#mariadb-deploymentyaml","title":"mariadb-deployment.yaml","text":"
                apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: mariadb\nspec:\n  selector:\n    matchLabels:\n      app: mariadb\n  replicas: 1\n  template:\n    metadata:\n      labels:\n        app: mariadb\n    spec:\n      containers:\n        - name: mariadb\n          image: mariadb:10.11\n          env:\n            - name: MARIADB_ROOT_PASSWORD\n              value: \"db_password\"\n            - name: MARIADB_AUTO_UPGRADE\n              value: \"true\"\n          ports:\n            - containerPort: 3306\n          volumeMounts:\n            - name: mariadb-data\n              mountPath: /var/lib/mysql\n      volumes:\n        - name: mariadb-data\n          persistentVolumeClaim:\n            claimName: mariadb-data\n

                Please replease MARIADB_ROOT_PASSWORD to your own mariadb password.

                Tip

                In the above Deployment configuration file, no restart policy for the pod is specified. The default restart policy is Always. If you need to modify it, add the following to the spec attribute:

                restartPolicy: OnFailure\n\n#Note:\n#    Always: always restart (include normal exit)\n#    OnFailure: restart only with unexpected exit\n#    Never: do not restart\n
                "},{"location":"setup/cluster_deploy_with_k8s/#mariadb-serviceyaml","title":"mariadb-service.yaml","text":"
                apiVersion: v1\nkind: Service\nmetadata:\n  name: mariadb\nspec:\n  selector:\n    app: mariadb\n  ports:\n    - protocol: TCP\n      port: 3306\n      targetPort: 3306\n
                "},{"location":"setup/cluster_deploy_with_k8s/#mariadb-persistentvolumeyaml","title":"mariadb-persistentvolume.yaml","text":"
                apiVersion: v1\nkind: PersistentVolume\nmetadata:\n  name: mariadb-data\nspec:\n  capacity:\n    storage: 1Gi\n  accessModes:\n    - ReadWriteOnce\n  hostPath:\n    path: /opt/seafile-mysql/db\n
                "},{"location":"setup/cluster_deploy_with_k8s/#mariadb-persistentvolumeclaimyaml","title":"mariadb-persistentvolumeclaim.yaml","text":"
                apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n  name: mariadb-data\nspec:\n  accessModes:\n    - ReadWriteOnce\n  resources:\n    requests:\n      storage: 10Gi\n
                "},{"location":"setup/cluster_deploy_with_k8s/#memcached","title":"memcached","text":""},{"location":"setup/cluster_deploy_with_k8s/#memcached-deploymentyaml","title":"memcached-deployment.yaml","text":"
                apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: memcached\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: memcached\n  template:\n    metadata:\n      labels:\n        app: memcached\n    spec:\n      containers:\n        - name: memcached\n          image: memcached:1.6.18\n          args: [\"-m\", \"256\"]\n          ports:\n            - containerPort: 11211\n
                "},{"location":"setup/cluster_deploy_with_k8s/#memcached-serviceyaml","title":"memcached-service.yaml","text":"
                apiVersion: v1\nkind: Service\nmetadata:\n  name: memcached\nspec:\n  selector:\n    app: memcached\n  ports:\n    - protocol: TCP\n      port: 11211\n      targetPort: 11211\n
                "},{"location":"setup/cluster_deploy_with_k8s/#seafile","title":"Seafile","text":""},{"location":"setup/cluster_deploy_with_k8s/#seafile-deploymentyaml","title":"seafile-deployment.yaml","text":"

                apiVersion: apps/v1\nkind: Deployment\nmetadata:\n  name: seafile\nspec:\n  replicas: 1\n  selector:\n    matchLabels:\n      app: seafile\n  template:\n    metadata:\n      labels:\n        app: seafile\n    spec:\n      containers:\n        - name: seafile\n          #        image: seafileltd/seafile-mc:9.0.10\n          #        image: seafileltd/seafile-mc:11.0-latest\n          image: docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest\n          env:\n            - name: DB_HOST\n              value: \"mariadb\"\n            - name: DB_ROOT_PASSWD\n              value: \"db_password\" #db's password\n            - name: TIME_ZONE\n              value: \"Europe/Berlin\"\n            - name: INIT_SEAFILE_ADMIN_EMAIL\n              value: \"admin@seafile.com\" #admin email\n            - name: INIT_SEAFILE_ADMIN_PASSWORD\n              value: \"admin_password\" #admin password\n            - name: SEAFILE_SERVER_LETSENCRYPT\n              value: \"false\"\n            - name: SEAFILE_SERVER_HOSTNAME\n              value: \"you_seafile_domain\" #hostname\n          ports:\n            - containerPort: 80\n          #        - containerPort: 443\n          #          name:  seafile-secure\n          volumeMounts:\n            - name: seafile-data\n              mountPath: /shared\n      volumes:\n        - name: seafile-data\n          persistentVolumeClaim:\n            claimName: seafile-data\n      restartPolicy: Always\n      # to get image from protected repository\n      imagePullSecrets:\n        - name: regcred\n
                Please replease the above configurations, such as database root password, admin in seafile.

                "},{"location":"setup/cluster_deploy_with_k8s/#seafile-serviceyaml","title":"seafile-service.yaml","text":"
                apiVersion: v1\nkind: Service\nmetadata:\n  name: seafile\nspec:\n  selector:\n    app: seafile\n  type: LoadBalancer\n  ports:\n    - protocol: TCP\n      port: 80\n      targetPort: 80\n      nodePort: 30000\n
                "},{"location":"setup/cluster_deploy_with_k8s/#seafile-persistentvolumeyaml","title":"seafile-persistentvolume.yaml","text":"
                apiVersion: v1\nkind: PersistentVolume\nmetadata:\n  name: seafile-data\nspec:\n  capacity:\n    storage: 10Gi\n  accessModes:\n    - ReadWriteOnce\n  hostPath:\n    path: /opt/seafile-data\n
                "},{"location":"setup/cluster_deploy_with_k8s/#seafile-persistentvolumeclaimyaml","title":"seafile-persistentvolumeclaim.yaml","text":"
                apiVersion: v1\nkind: PersistentVolumeClaim\nmetadata:\n  name: seafile-data\nspec:\n  accessModes:\n    - ReadWriteOnce\n  resources:\n    requests:\n      storage: 10Gi\n
                "},{"location":"setup/cluster_deploy_with_k8s/#deploy-pods","title":"Deploy pods","text":"

                You can use following command to deploy pods:

                kubectl apply -f /opt/seafile-k8s-yaml/\n
                "},{"location":"setup/cluster_deploy_with_k8s/#container-management","title":"Container management","text":"

                Similar to docker installation, you can also manage containers through some kubectl commands. For example, you can use the following command to check whether the relevant resources are started successfully and whether the relevant services can be accessed normally. First, execute the following command and remember the pod name with seafile- as the prefix (such as seafile-748b695648-d6l4g)

                kubectl get pods\n

                You can check a status of a pod by 

                kubectl logs seafile-748b695648-d6l4g\n

                and enter a container by

                kubectl exec -it seafile-748b695648-d6l4g --  bash\n

                If you modify some configurations in /opt/seafile-data/conf and need to restart the container, the following command can be refered:

                kubectl delete deployments --all\nkubectl apply -f /opt/seafile-k8s-yaml/\n
                "},{"location":"setup/migrate_backends_data/","title":"Migrate data between different backends","text":"

                Seafile supports data migration between filesystem, s3, ceph, swift and Alibaba oss.

                Data migration takes 3 steps:

                1. Create a new temporary seafile.conf
                2. Run migrate.sh to initially migrate objects
                3. Run final migration
                4. Replace the original seafile.conf
                "},{"location":"setup/migrate_backends_data/#create-a-new-temporary-seafileconf","title":"Create a new temporary seafile.conf","text":"

                We need to add new backend configurations to this file (including [block_backend], [commit_object_backend], [fs_object_backend] options) and save it under a readable path. Let's assume that we are migrating data to S3 and create temporary seafile.conf under /opt

                cat > seafile.conf << EOF\n[commit_object_backend]\nname = s3\nbucket = seacomm\nkey_id = ******\nkey = ******\n\n[fs_object_backend]\nname = s3\nbucket = seafs\nkey_id = ******\nkey = ******\n\n[block_backend]\nname = s3\nbucket = seablk\nkey_id = ******\nkey = ******\nEOF\n\nmv seafile.conf /opt\n

                If you want to migrate to a local file system, the seafile.conf temporary configuration example is as follows:

                cat > seafile.conf << EOF\n[commit_object_backend]\nname = fs\n# the dir configuration is the new seafile-data path\ndir = /var/data_backup\n\n[fs_object_backend]\nname = fs\n# the dir configuration is the new seafile-data path\ndir = /var/data_backup\n\n[block_backend]\nname = fs\n# the dir configuration is the new seafile-data path\ndir = /var/data_backup\n\nEOF\n\nmv seafile.conf /opt\n

                Repalce the configurations with your own choice.

                "},{"location":"setup/migrate_backends_data/#migrating-large-number-of-objects","title":"Migrating large number of objects","text":"

                If you have millions of objects in the storage (especially fs objects), it may take quite long time to migrate all objects. More than half of the time is spent on checking whether an object exists in the destination storage. Since Pro edition 7.0.8, a feature is added to speed-up the checking.

                Before running the migration script, please set this env variable:

                export OBJECT_LIST_FILE_PATH=/path/to/object/list/file\n

                3 files will be created: /path/to/object/list/file.commit,/path/to/object/list/file.fs, /path/to/object/list/file.blocks.

                When you run the script for the first time, the object list file will be filled with existing objects in the destination. Then, when you run the script for the second time, it will load the existing object list from the file, instead of querying the destination. And newly migrated objects will also be added to the file. During migration, the migration process checks whether an object exists by checking the pre-loaded object list, instead of asking the destination, which will greatly speed-up the migration process.

                It's suggested that you don't interrupt the script during the \"fetch object list\" stage when you run it for the first time. Otherwise the object list in the file will be incomplete.

                Another trick to speed-up the migration is to increase the number of worker threads and size of task queue in the migration script. You can modify the nworker and maxsize variables in the following code:

                class ThreadPool(object):\n\ndef __init__(self, do_work, nworker=20):\n        self.do_work = do_work\n        self.nworker = nworker\n        self.task_queue = Queue.Queue(maxsize = 2000)\n

                The number of workers can be set to relatively large values, since they're mostly waiting for I/O operations to finished.

                "},{"location":"setup/migrate_backends_data/#decrypting-encrypted-storage-backend","title":"Decrypting encrypted storage backend","text":"

                If you have an encrypted storage backend (a deprecated feature no long supported now), you can use this script to migrate and decrypt the data from that backend to a new one. You can add the --decrypt option, which will decrypt the data while reading it, and then write the unencrypted data to the new backend. Note that you need add this option in all stages of the migration.

                cd ~/haiwen/seafile-server-latest\n./migrate.sh /opt --decrypt\n
                "},{"location":"setup/migrate_backends_data/#run-migratesh-to-initially-migrate-objects","title":"Run migrate.sh to initially migrate objects","text":"

                This step will migrate most of objects from the source storage to the destination storage. You don't need to stop Seafile service at this stage as it may take quite long time to finish. Since the service is not stopped, some new objects may be added to the source storage during migration. Those objects will be handled in the next step.

                We assume you have installed seafile pro server under ~/haiwen, enter ~/haiwen/seafile-server-latest and run migrate.sh with parent path of temporary seafile.conf as parameter, here is /opt.

                cd ~/haiwen/seafile-server-latest\n./migrate.sh /opt\n

                Tip

                This script is completely reentrant. So you can stop and restart it, or run it many times. It will check whether an object exists in the destination before sending it.

                "},{"location":"setup/migrate_backends_data/#run-final-migration","title":"Run final migration","text":"

                New objects added during the last migration step will be migrated in this step. To prevent new objects being added, you have to stop Seafile service during the final migration operation. This usually take short time. If you have large number of objects, please following the optimization instruction in previous section.

                You just have to stop Seafile and Seahub service, then run the migration script again.

                cd ~/haiwen/seafile-server-latest\n./migrate.sh /opt\n
                "},{"location":"setup/migrate_backends_data/#replace-the-original-seafileconf","title":"Replace the original seafile.conf","text":"

                After running the script, we need replace the original seafile.conf with new one:

                mv /opt/seafile.conf ~/haiwen/conf\n

                now we only have configurations about backend, more config options, e.g. memcache and quota, can then be copied from the original seafile.conf file.

                After replacing seafile.conf, you can restart seafile server and access the data on the new backend.

                "},{"location":"setup/migrate_ce_to_pro_with_docker/","title":"Migrate CE to Pro with Docker","text":""},{"location":"setup/migrate_ce_to_pro_with_docker/#preparation","title":"Preparation","text":"
                1. Make sure you are running a Seafile Community edition that match the latest version of pro edition. For example, if the latest pro edition is version 11.0, you should first upgrade the community edition to version 11.0.
                2. Purchase Seafile Professional license file.
                3. Download the seafile-server.yml of Seafile Pro.
                wget \"https://manual.seafile.com/12.0/docker/pro/seafile-server.yml\"\n
                "},{"location":"setup/migrate_ce_to_pro_with_docker/#migrate","title":"Migrate","text":""},{"location":"setup/migrate_ce_to_pro_with_docker/#stop-the-seafile-ce","title":"Stop the Seafile CE","text":"
                docker compose down\n

                To ensure data security, it is recommended that you back up your MySQL data.

                "},{"location":"setup/migrate_ce_to_pro_with_docker/#put-your-licence-file","title":"Put your licence file","text":"

                Copy the seafile-license.txt to the volume directory of the Seafile CE's data. If the directory is /opt/seafile-data, so you should put it in the /opt/seafile-data/seafile/.

                "},{"location":"setup/migrate_ce_to_pro_with_docker/#modify-the-new-docker-composeyml","title":"Modify the new docker-compose.yml","text":"

                Replace the old docker-compose.yml file with the new docker-compose.yml file and modify its configuration based on your actual situation:

                • The Seafile Pro docker tag must be equal to or newer than the old Seafile CE docker tag.
                • The certificate of MySQL users (e.g., MYSQL_ROOT_PASSWORD and DB_ROOT_PASSWD) should be consistent with the old;
                • The volume directory of MySQL data (volumes) should be consistent with the old one;
                • The volume directory of Seafile data (volumes) should be consistent with the old one;
                • The volume directory of Caddy data (volumes) should be consistent with the old one;
                • The volume directory of Elasticsearch data (volumes), this is the directory used to store the Elasticsearch's index data, E.g\uff1a/opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data;
                "},{"location":"setup/migrate_ce_to_pro_with_docker/#do-the-migration","title":"Do the migration","text":"

                The Seafile Pro container needs to be running during the migration process, which means that end users may access the Seafile service during this process. In order to avoid the data confusion caused by this, it is recommended that you take the necessary measures to temporarily prohibit users from accessing the Seafile service. For example, modify the firewall policy.

                Run the following command to run the Seafile-Pro container\uff1a

                docker compose up\n

                Then run the migration script by executing the following command:

                docker exec -it seafile /opt/seafile/seafile-server-latest/pro/pro.py setup --migrate\n

                After the migration script runs successfully, modify es_host, es_port in /opt/seafile-data/seafile/conf/seafevents.conf manually.

                [INDEX FILES]\nes_host = elasticsearch\nes_port = 9200\nenabled = true\ninterval = 10m\n

                Restart the Seafile Pro container.

                docker restart seafile\n

                Now you have a Seafile Professional service.

                "},{"location":"setup/migrate_non_docker_to_docker/","title":"Migrate from non-docker Seafile deployment to docker","text":"

                The recommended steps to migrate from non-docker deployment to docker deployment are:

                1. Upgrade the version of the binary package to latest version, and ensure that the system is running normally. (If you running a very old version of Seafile, you can following the FAQ item to migrate to the latest version)
                2. Close Seafile and native Nginx, Memcached
                3. Create the directory needed for Seafile Docker image to run, and copy some files of the locally deployed Seafile to this directory
                4. Download the docker-compose.yml file and configure Seafile Docker to use non-Docker version configuration information to connect to the old MySQL database and the old seafile-data directory.
                5. Start Seafile Docker

                The following document assumes that the deployment path of your non-Docker version of Seafile is /opt/seafile. If you use other paths, before running the command, be careful to modify the command path.

                Note

                You can also refer to the Seafile backup and recovery documentation, deploy Seafile Docker on another machine, and then copy the old configuration information, database, and seafile-data to the new machine to complete the migration. The advantage of this is that even if an error occurs during the migration process, the existing system will not be destroyed.

                "},{"location":"setup/migrate_non_docker_to_docker/#migrate","title":"Migrate","text":""},{"location":"setup/migrate_non_docker_to_docker/#stop-seafile-nginx","title":"Stop Seafile, Nginx","text":"

                Stop the locally deployed Seafile, Nginx, Memcache

                systemctl stop nginx &&  systemctl disable nginx\nsystemctl stop memcached &&  systemctl disable memcached\n./seafile.sh stop  && ./seahub.sh stop\n
                "},{"location":"setup/migrate_non_docker_to_docker/#prepare-mysql-and-the-folders-for-seafile-docker","title":"Prepare MySQL and the folders for Seafile docker","text":""},{"location":"setup/migrate_non_docker_to_docker/#add-permissions-to-the-local-mysql-seafile-user","title":"Add permissions to the local MySQL Seafile user","text":"

                The non-Docker version uses the local MySQL. Now if the Docker version of Seafile connects to this MySQL, you need to increase the corresponding access permissions.

                The following commands are based on that you use seafile as the user to access:

                ## Note, change the password according to the actual password you use\nGRANT ALL PRIVILEGES ON *.* TO 'seafile'@'%' IDENTIFIED BY 'your-password' WITH GRANT OPTION;\n\n## Grant seafile user can connect the database from any IP address\nGRANT ALL PRIVILEGES ON `ccnet_db`.* to 'seafile'@'%';\nGRANT ALL PRIVILEGES ON `seafile_db`.* to 'seafile'@'%';\nGRANT ALL PRIVILEGES ON `seahub_db`.* to 'seafile'@'%';\n\n## Restart MySQL\nsystemctl restart mariadb\n
                "},{"location":"setup/migrate_non_docker_to_docker/#create-the-required-directories-for-seafile-docker-image","title":"Create the required directories for Seafile Docker image","text":"

                By default, we take /opt/seafile-data as example.

                mkdir -p /opt/seafile-data/seafile\n
                "},{"location":"setup/migrate_non_docker_to_docker/#prepare-config-files","title":"Prepare config files","text":"

                Copy the original config files to the directory to be mapped by the docker version of seafile

                cp -r /opt/seafile/conf  /opt/seafile-data/seafile\ncp -r /opt/seafile/seahub-data  /opt/seafile-data/seafile\n

                Modify the MySQL configuration in /opt/seafile-data/seafile/conf, including ccnet.conf, seafile.conf, seahub_settings, change HOST=127.0.0.1 to HOST=<local ip>.

                Modify the memcached configuration in seahub_settings.py to use the Docker version of Memcached: change it to 'LOCATION': 'memcached:11211' (the network name of Docker version of Memcached is memcached).

                "},{"location":"setup/migrate_non_docker_to_docker/#download-and-modify-seafile-docker-yml","title":"Download and modify Seafile-docker yml","text":"

                We recommond you download Seafile-docker yml into /opt/seafile-data

                mkdir -p /opt/seafile-data\ncd /opt/seafile-data\n# e.g., pro edition\nwget -O .env https://manual.seafile.com/12.0/docker/pro/env\nwget https://manual.seafile.com/12.0/docker/pro/seafile-server.yml\nwget https://manual.seafile.com/12.0/docker/pro/caddy.yml\n\nnano .env\n

                After downloading relative configuration files, you should also modify the .env by following steps

                • Follow here to setup the database user infomations.

                • Mount the old Seafile data to the new Seafile server

                SEAFILE_VOLUME=<old-Seafile-data>\n
                "},{"location":"setup/migrate_non_docker_to_docker/#start-seafile-docker","title":"Start Seafile docker","text":"

                Start Seafile docker and check if everything is okay:

                cd /opt/seafile-data\ndocker compose  up -d\n
                "},{"location":"setup/migrate_non_docker_to_docker/#security","title":"Security","text":"

                While it is not possible from inside a docker container to connect to the host database via localhost but via <local ip> you also need to bind your databaseserver to that IP. If this IP is public, it is strongly advised to protect your database port with a firewall. Otherwise your databases are reachable via internet. An alternative might be to start another local IP from RFC 1597 e.g. 192.168.123.45. Afterwards you can bind to that IP.

                "},{"location":"setup/migrate_non_docker_to_docker/#iptables","title":"iptables","text":"

                Following iptables commands protect MariaDB/MySQL: 

                iptables -A INPUT -s 172.16.0.0/12 -j ACCEPT #Allow Dockernetworks\niptables -A INPUT -p tcp -m tcp --dport 3306 -j DROP #Deny Internet\nip6tables -A INPUT -p tcp -m tcp --dport 3306 -j DROP #Deny Internet\n
                Keep in mind this is not bootsafe!

                "},{"location":"setup/migrate_non_docker_to_docker/#binding-based","title":"Binding based","text":"

                For Debian based Linux Distros you can start a local IP by adding in /etc/network/interfaces something like: 

                iface eth0 inet static\n  address 192.168.123.45/32\n
                eth0 might be ensXY. Or if you know how to start a dummy interface, thats even better.

                SUSE based is by editing /etc/sysconfig/network/ifcfg-eth0 (ethXY/ensXY/bondXY)

                If using MariaDB the server just can bind to one IP-address (192.158.1.38 or 0.0.0.0 (internet)). So if you bind your MariaDB server to that new address other applications might need some reconfigurement.

                In /etc/mysql/mariadb.conf.d/50-server.cnf edit the following line to: 

                bind-address    = 192.168.123.45\n
                then edit /opt/seafile-data/seafile/conf/ -> ccnet.conf seafile.conf seahub_settings.py in the Host-Line to that IP and execute the following commands:

                service networking reload\nip a #to check whether the ip is present\nservice mysql restart\nss -tulpen | grep 3306 #to check whether the database listens on the correct IP\ncd /opt/seafile-data/\ndocker compose down\ndocker compose up -d\n\n## restart your applications\n
                "},{"location":"setup/overview/","title":"Seafile Docker overview","text":"

                Seafile docker based installation consist of the following components (docker images):

                • Seafile server: Seafile core services, see Seafile Components for the details.
                • Sdoc server: SeaDoc server, provide a lightweight online collaborative document editor, see SeaDoc for the details.
                • Database: Stores data related to Seafile and SeaDoc.
                • Memcached: Cache server.
                • Caddy: Caddy server enables user to access the Seafile service (i.e., Seafile server and Sdoc server) externally and handles SSL configuration

                Seafile version 11.0 or later is required to work with SeaDoc

                "},{"location":"setup/run_seafile_as_non_root_user_inside_docker/","title":"Run Seafile as non root user inside docker","text":"

                You can use run seafile as non root user in docker.

                First add the NON_ROOT=true to the .env.

                NON_ROOT=true\n

                Then modify /opt/seafile-data/seafile/ permissions.

                chmod -R a+rwx /opt/seafile-data/seafile/\n

                Then destroy the containers and run them again:

                docker compose down\ndocker compose up -d\n

                Now you can run Seafile as seafile user.

                Tip

                When doing maintenance, other scripts in docker are also required to be run as seafile user, e.g. su seafile -c ./seaf-gc.sh

                "},{"location":"setup/seafile_docker_autostart/","title":"Seafile Docker autostart","text":"

                You can use one of the following methods to start Seafile container on system bootup.

                "},{"location":"setup/seafile_docker_autostart/#modify-docker-composeservice","title":"Modify docker-compose.service","text":"

                1. Add docker-compose.service

                  vim /etc/systemd/system/docker-compose.service

                  [Unit]\nDescription=Docker Compose Application Service\nRequires=docker.service\nAfter=docker.service\n\n[Service]\nType=forking\nRemainAfterExit=yes\nWorkingDirectory=/opt/   \nExecStart=/usr/bin/docker compose up -d\nExecStop=/usr/bin/docker compose down\nTimeoutStartSec=0\n\n[Install]\nWantedBy=multi-user.target\n

                  Note

                  WorkingDirectory is the absolute path to the seafile-server.yml file directory.

                2. Set the docker-compose.service file to 644 permissions

                  chmod 644 /etc/systemd/system/docker-compose.service\n

                3. Load autostart configuration

                  systemctl daemon-reload\nsystemctl enable docker-compose.service\n
                "},{"location":"setup/seafile_docker_autostart/#modify-docker-files","title":"Modify Docker files","text":"

                Add configuration restart: unless-stopped for each container in components of Seafile docker. Take seafile-server.yml for example

                services:\ndb:\n    image: mariadb:10.11\n    container_name: seafile-mysql-1\n    restart: unless-stopped\n\nmemcached:\n    image: memcached:1.6.18\n    container_name: seafile-memcached\n    restart: unless-stopped\n\nelasticsearch:\n    image: elasticsearch:8.6.2\n    container_name: seafile-elasticsearch\n    restart: unless-stopped\n\nseafile:\n    image: docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest\n    container_name: seafile\n    restart: unless-stopped\n

                Tip

                Add restart: unless-stopped, and the Seafile container will automatically start when Docker starts. If the Seafile container does not exist (execute docker compose down), the container will not start automatically.

                "},{"location":"setup/setup_ce_by_docker/","title":"Installation of Seafile Server Community Edition with Docker","text":""},{"location":"setup/setup_ce_by_docker/#requirements","title":"Requirements","text":"

                Seafile Community Edition requires a minimum of 2 cores and 2GB RAM.

                "},{"location":"setup/setup_ce_by_docker/#getting-started","title":"Getting started","text":"

                The following assumptions and conventions are used in the rest of this document:

                • /opt/seafile is the directory for store Seafile docker compose files. If you decide to put Seafile in a different directory \u2014 which you can \u2014 adjust all paths accordingly.
                • Seafile uses two Docker volumes for persisting data generated in its database and Seafile Docker container. The volumes' host paths are /opt/seafile-mysql and /opt/seafile-data, respectively. It is not recommended to change these paths. If you do, account for it when following these instructions.
                • All configuration and log files for Seafile and the webserver Nginx are stored in the volume of the Seafile container.
                "},{"location":"setup/setup_ce_by_docker/#install-docker","title":"Install docker","text":"

                Use the official installation guide for your OS to install Docker.

                "},{"location":"setup/setup_ce_by_docker/#download-and-modify-env","title":"Download and modify .env","text":"

                From Seafile Docker 12.0, we use .env, seafile-server.yml and caddy.yml files for configuration

                mkdir /opt/seafile\ncd /opt/seafile\n\n# Seafile CE 12.0\nwget -O .env https://manual.seafile.com/12.0/docker/ce/env\nwget https://manual.seafile.com/12.0/docker/ce/seafile-server.yml\nwget https://manual.seafile.com/12.0/docker/ce/caddy.yml\n\nnano .env\n

                The following fields merit particular attention:

                Variable Description Default Value SEAFILE_VOLUME The volume directory of Seafile data /opt/seafile-data SEAFILE_MYSQL_VOLUME The volume directory of MySQL data /opt/seafile-mysql/db SEAFILE_CADDY_VOLUME The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's /opt/seafile-caddy INIT_SEAFILE_MYSQL_ROOT_PASSWORD The root password of MySQL (required) SEAFILE_MYSQL_DB_USER The user of MySQL (database - user can be found in conf/seafile.conf) seafile SEAFILE_MYSQL_DB_PASSWORD The user seafile password of MySQL (required) JWT JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using pwgen -s 40 1 (required) SEAFILE_SERVER_HOSTNAME Seafile server hostname or domain (required) SEAFILE_SERVER_PROTOCOL Seafile server protocol (http or https) http TIME_ZONE Time zone UTC INIT_SEAFILE_ADMIN_EMAIL Admin username me@example.com (Recommend modifications) INIT_SEAFILE_ADMIN_PASSWORD Admin password asecret (Recommend modifications)"},{"location":"setup/setup_ce_by_docker/#start-seafile-server","title":"Start Seafile server","text":"

                Start Seafile server with the following command

                docker compose up -d\n

                Note

                You must run the above command in the directory with the .env. If .env file is elsewhere, please run

                docker compose -f /path/to/.env up -d\n

                Wait for a few minutes for the first time initialization, then visit http://seafile.example.com to open Seafile Web UI.

                "},{"location":"setup/setup_ce_by_docker/#seafile-directory-structure","title":"Seafile directory structure","text":""},{"location":"setup/setup_ce_by_docker/#path-optseafile-data","title":"Path /opt/seafile-data","text":"

                Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various log files and upload directory outside. This allows you to rebuild containers easily without losing important information.

                • /opt/seafile-data/seafile: This is the directory for seafile server configuration and data.
                  • /opt/seafile-data/seafile/logs: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in /opt/seafile-data/seafile/logs/seafile.log.
                • /opt/seafile-data/logs: This is the directory for operating system.
                  • /opt/seafile-data/logs/var-log: This is the directory that would be mounted as /var/log inside the container.

                Tip

                From Seafile Docker 12.0, the Nginx's log is not accessable, as we use the Caddy to do web service proxy. If you would like to access the logs of Caddy, you can use following command:

                docker logs seafile-caddy --follow\n
                "},{"location":"setup/setup_ce_by_docker/#find-logs","title":"Find logs","text":"

                To monitor container logs (from outside of the container), please use the following commands:

                # if the `.env` file is in current directory:\ndocker compose logs --follow\n# if the `.env` file is elsewhere:\ndocker compose -f /path/to/.env logs --follow\n\n# you can also specify container name:\ndocker compose logs seafile --follow\n# or, if the `.env` file is elsewhere:\ndocker compose -f /path/to/.env logs seafile --follow\n

                The Seafile logs are under /shared/logs/seafile in the docker, or /opt/seafile-data/logs/seafile in the server that run the docker.

                The system logs are under /shared/logs/var-log, or /opt/seafile-data/logs/var-log in the server that run the docker.

                To monitor all Seafile logs simultaneously (from outside of the container), run

                sudo tail -f $(find /opt/seafile-data/ -type f -name *.log 2>/dev/null)\n
                "},{"location":"setup/setup_ce_by_docker/#more-configuration-options","title":"More configuration options","text":"

                The config files are under /opt/seafile-data/seafile/conf. You can modify the configurations according to configuration section

                "},{"location":"setup/setup_ce_by_docker/#add-a-new-admin","title":"Add a new admin","text":"

                Ensure the container is running, then enter this command:

                docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh\n

                Enter the username and password according to the prompts. You now have a new admin account.

                "},{"location":"setup/setup_ce_by_docker/#backup-and-recovery","title":"Backup and recovery","text":"

                Follow the instructions in Backup and restore for Seafile Docker

                "},{"location":"setup/setup_ce_by_docker/#garbage-collection","title":"Garbage collection","text":"

                When files are deleted, the blocks comprising those files are not immediately removed as there may be other files that reference those blocks (due to the magic of deduplication). To remove them, Seafile requires a 'garbage collection' process to be run, which detects which blocks no longer used and purges them.

                The required scripts can be found in the /scripts folder of the docker container. To perform garbage collection, simply run docker exec seafile /scripts/gc.sh.

                "},{"location":"setup/setup_ce_by_docker/#faq","title":"FAQ","text":"

                Q: If I want enter into the Docker container, which command I can use?

                A: You can enter into the docker container using the command:

                docker exec -it seafile /bin/bash\n

                Q: I forgot the Seafile admin email address/password, how do I create a new admin account?

                A: You can create a new admin account by running

                docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh\n

                The Seafile service must be up when running the superuser command.

                Q: If, for whatever reason, the installation fails, how do I to start from a clean slate again?

                A: Remove the directories /opt/seafile, /opt/seafile-data and /opt/seafile-mysql and start again.

                Q: Something goes wrong during the start of the containers. How can I find out more?

                A: You can view the docker logs using this command: docker compose logs -f.

                "},{"location":"setup/setup_pro_by_docker/","title":"Installation of Seafile Server Professional Edition with Docker","text":"

                This manual explains how to deploy and run Seafile Server Professional Edition (Seafile PE) on a Linux server using Docker and Docker Compose. The deployment has been tested for Debian/Ubuntu and CentOS, but Seafile PE should also work on other Linux distributions.

                "},{"location":"setup/setup_pro_by_docker/#requirements","title":"Requirements","text":"

                Seafile PE requires a minimum of 2 cores and 2GB RAM.

                Other requirements for Seafile PE

                If Elasticsearch is installed on the same server, the minimum requirements are 4 cores and 4 GB RAM, and make sure the mmapfs counts do not cause excptions like out of memory, which can be increased by following command (see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html for futher details):

                sysctl -w vm.max_map_count=262144 #run as root\n

                or modify /etc/sysctl.conf and reboot to set this value permanently:

                nano /etc/sysctl.conf\n\n# modify vm.max_map_count\nvm.max_map_count=262144\n

                About license

                Seafile PE can be used without a paid license with up to three users. Licenses for more user can be purchased in the Seafile Customer Center or contact Seafile Sales at sales@seafile.com. For futher details, please refer the license page of Seafile PE.

                "},{"location":"setup/setup_pro_by_docker/#setup","title":"Setup","text":"

                The following assumptions and conventions are used in the rest of this document:

                • /opt/seafile is the directory of Seafile for storing Seafile docker files. If you decide to put Seafile in a different directory, adjust all paths accordingly.
                • Seafile uses two Docker volumes for persisting data generated in its database and Seafile Docker container. The volumes' host paths are /opt/seafile-mysql and /opt/seafile-data, respectively. It is not recommended to change these paths. If you do, account for it when following these instructions.
                • All configuration and log files for Seafile and the webserver Nginx are stored in the volume of the Seafile container.
                "},{"location":"setup/setup_pro_by_docker/#installing-docker","title":"Installing Docker","text":"

                Use the official installation guide for your OS to install Docker.

                "},{"location":"setup/setup_pro_by_docker/#downloading-the-seafile-image","title":"Downloading the Seafile Image","text":"

                Log into Seafile's private repository and pull the Seafile image:

                docker login docker.seadrive.org\ndocker pull docker.seadrive.org/seafileltd/seafile-pro-mc:12.0-latest\n

                When prompted, enter the username and password of the private repository. They are available on the download page in the Customer Center.

                Note

                Older Seafile PE versions are also available in the repository (back to Seafile 7.0). To pull an older version, replace '12.0-latest' tag by the desired version.

                "},{"location":"setup/setup_pro_by_docker/#downloading-and-modifying-env","title":"Downloading and Modifying .env","text":"

                From Seafile Docker 12.0, we use .env, seafile-server.yml and caddy.yml files for configuration.

                mkdir /opt/seafile\ncd /opt/seafile\n\n# Seafile PE 12.0\nwget -O .env https://manual.seafile.com/12.0/docker/pro/env\nwget https://manual.seafile.com/12.0/docker/pro/seafile-server.yml\nwget https://manual.seafile.com/12.0/docker/pro/caddy.yml\n\nnano .env\n

                The following fields merit particular attention:

                Variable Description Default Value SEAFILE_VOLUME The volume directory of Seafile data /opt/seafile-data SEAFILE_MYSQL_VOLUME The volume directory of MySQL data /opt/seafile-mysql/db SEAFILE_CADDY_VOLUME The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's /opt/seafile-caddy SEAFILE_ELASTICSEARCH_VOLUME (Only valid for Seafile PE) The volume directory of Elasticsearch data /opt/seafile-elasticsearch/data INIT_SEAFILE_MYSQL_ROOT_PASSWORD The root password of MySQL (required) SEAFILE_MYSQL_DB_USER The user of MySQL (database - user can be found in conf/seafile.conf) seafile SEAFILE_MYSQL_DB_PASSWORD The user seafile password of MySQL (required) JWT JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using pwgen -s 40 1 (required) SEAFILE_SERVER_HOSTNAME Seafile server hostname or domain (required) SEAFILE_SERVER_PROTOCOL Seafile server protocol (http or https) http TIME_ZONE Time zone UTC INIT_SEAFILE_ADMIN_EMAIL Admin username me@example.com INIT_SEAFILE_ADMIN_PASSWORD Admin password asecret

                To conclude, set the directory permissions of the Elasticsearch volumne:

                mkdir -p /opt/seafile-elasticsearch/data\nchmod 777 -R /opt/seafile-elasticsearch/data\n
                "},{"location":"setup/setup_pro_by_docker/#starting-the-docker-containers","title":"Starting the Docker Containers","text":"

                Run docker compose in detached mode:

                docker compose up -d\n

                Note

                You must run the above command in the directory with the .env. If .env file is elsewhere, please run

                docker compose -f /path/to/.env up -d\n

                Wait a few moment for the database to initialize. You can now access Seafile at the host name specified in the Compose file.

                A 502 Bad Gateway error means that the system has not yet completed the initialization

                "},{"location":"setup/setup_pro_by_docker/#find-logs","title":"Find logs","text":"

                To view Seafile docker logs, please use the following command

                docker compose logs -f\n

                The Seafile logs are under /shared/logs/seafile in the docker, or /opt/seafile-data/logs/seafile in the server that run the docker.

                The system logs are under /shared/logs/var-log, or /opt/seafile-data/logs/var-log in the server that run the docker.

                "},{"location":"setup/setup_pro_by_docker/#activating-the-seafile-license","title":"Activating the Seafile License","text":"

                If you have a seafile-license.txt license file, simply put it in the volume of the Seafile container. The volumne's default path in the Compose file is /opt/seafile-data. If you have modified the path, save the license file under your custom path.

                Then restart Seafile:

                docker compose down\n\ndocker compose up -d\n
                "},{"location":"setup/setup_pro_by_docker/#seafile-directory-structure","title":"Seafile directory structure","text":""},{"location":"setup/setup_pro_by_docker/#path-optseafile-data","title":"Path /opt/seafile-data","text":"

                Placeholder spot for shared volumes. You may elect to store certain persistent information outside of a container, in our case we keep various log files and upload directory outside. This allows you to rebuild containers easily without losing important information.

                • /opt/seafile-data/seafile: This is the directory for seafile server configuration \u3001logs and data.
                • /opt/seafile-data/seafile/logs: This is the directory that would contain the log files of seafile server processes. For example, you can find seaf-server logs in /opt/seafile-data/seafile/logs/seafile.log.
                • /opt/seafile-data/logs: This is the directory for operating system and Nginx logs.
                • /opt/seafile-data/logs/var-log: This is the directory that would be mounted as /var/log inside the container. For example, you can find the nginx logs in /opt/seafile-data/logs/var-log/nginx/.
                "},{"location":"setup/setup_pro_by_docker/#reviewing-the-deployment","title":"Reviewing the Deployment","text":"

                The command docker container list should list the containers specified in the .env.

                The directory layout of the Seafile container's volume should look as follows:

                $ tree /opt/seafile-data -L 2\n/opt/seafile-data\n\u251c\u2500\u2500 logs\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 var-log\n\u251c\u2500\u2500 nginx\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 conf\n\u2514\u2500\u2500 seafile\n \u00a0\u00a0 \u251c\u2500\u2500 ccnet\n \u00a0\u00a0 \u251c\u2500\u2500 conf\n \u00a0\u00a0 \u251c\u2500\u2500 logs\n \u00a0\u00a0 \u251c\u2500\u2500 pro-data\n \u00a0\u00a0 \u251c\u2500\u2500 seafile-data\n \u00a0\u00a0 \u2514\u2500\u2500 seahub-data\n

                All Seafile config files are stored in /opt/seafile-data/seafile/conf. The nginx config file is in /opt/seafile-data/nginx/conf.

                Any modification of a configuration file requires a restart of Seafile to take effect:

                docker compose restart\n

                All Seafile log files are stored in /opt/seafile-data/seafile/logs whereas all other log files are in /opt/seafile-data/logs/var-log.

                "},{"location":"setup/setup_pro_by_docker/#backup-and-recovery","title":"Backup and Recovery","text":"

                Follow the instructions in Backup and restore for Seafile Docker

                "},{"location":"setup/setup_pro_by_docker/#garbage-collection","title":"Garbage Collection","text":"

                When files are deleted, the blocks comprising those files are not immediately removed as there may be other files that reference those blocks (due to the magic of deduplication). To remove them, Seafile requires a 'garbage collection' process to be run, which detects which blocks no longer used and purges them.

                The required scripts can be found in the /scripts folder of the docker container. To perform garbage collection, simply run docker exec seafile /scripts/gc.sh.

                "},{"location":"setup/setup_pro_by_docker/#faq","title":"FAQ","text":"

                Q: If I want enter into the Docker container, which command I can use?

                A: You can enter into the docker container using the command:

                docker exec -it seafile /bin/bash\n

                Q: I forgot the Seafile admin email address/password, how do I create a new admin account?

                A: You can create a new admin account by running

                docker exec -it seafile /opt/seafile/seafile-server-latest/reset-admin.sh\n

                The Seafile service must be up when running the superuser command.

                Q: If, for whatever reason, the installation fails, how do I to start from a clean slate again?

                A: Remove the directories /opt/seafile, /opt/seafile-data, /opt/seafile-elasticsearch, and /opt/seafile-mysql and start again.

                Q: Something goes wrong during the start of the containers. How can I find out more?

                A: You can view the docker logs using this command: docker compose logs -f.

                "},{"location":"setup/setup_with_amazon_s3/","title":"Setup With S3 Storage","text":""},{"location":"setup/setup_with_amazon_s3/#prepare","title":"Prepare","text":"

                To setup Seafile Professional Server with Amazon S3:

                • Setup the basic Seafile Professional Server following the guide on Download and setup Seafile Professional Server
                • Install the python boto library. It's needed to access S3 service.
                Seafile 10.0 or earlierSeafile 11.0 
                sudo pip install boto\n
                sudo pip install boto3\n
                • Install and configure memcached or Redis. For best performance, Seafile requires enable memory cache for objects. We recommend to at least allocate 128MB memory for memcached or Redis.

                The configuration options differ for different S3 storage. We'll describe the configurations in separate sections.

                You also need to add memory cache configurations

                "},{"location":"setup/setup_with_amazon_s3/#aws-s3","title":"AWS S3","text":"

                AWS S3 is the original S3 storage provider.

                Edit seafile.conf, add the following lines:

                [commit_object_backend]\nname = s3\nbucket = my-commit-objects\nkey_id = your-key-id\nkey = your-secret-key\nuse_v4_signature = true\naws_region = eu-central-1\n\n[fs_object_backend]\nname = s3\nbucket = my-fs-objects\nkey_id = your-key-id\nkey = your-secret-key\nuse_v4_signature = true\naws_region = eu-central-1\n\n[block_backend]\nname = s3\nbucket = my-block-objects\nkey_id = your-key-id\nkey = your-secret-key\nuse_v4_signature = true\naws_region = eu-central-1\n

                We'll explain the configurations below:

                Variable Description bucket It's required to create separate buckets for commit, fs, and block objects. When creating your buckets on S3, please first read S3 bucket naming rules. Note especially not to use UPPERCASE letters in bucket names (don't use camel style names, such as MyCommitObjects). key_id The key_id is required to authenticate you to S3. You can find the key_id in the \"security credentials\" section on your AWS account page. key The key is required to authenticate you to S3. You can find the key in the \"security credentials\" section on your AWS account page. use_v4_signature There are two versions of authentication protocols that can be used with S3 storage: Version 2 (older, may still be supported by some regions) and Version 4 (current, used by most regions). If you don't set this option, Seafile will use the v2 protocol. It's suggested to use the v4 protocol. aws_region If you use the v4 protocol, set this option to the region you chose when you create the buckets. If it's not set and you're using the v4 protocol, Seafile will use us-east-1 as the default. This option will be ignored if you use the v2 protocol.

                Tip

                For file search and webdav to work with the v4 signature mechanism, you need to add following lines to ~/.boto

                [s3]\nuse-sigv4 = True\n
                "},{"location":"setup/setup_with_amazon_s3/#use-server-side-encryption-with-customer-provided-keys-sse-c","title":"Use server-side encryption with customer-provided keys (SSE-C)","text":"

                Since Pro 11.0, you can use SSE-C to S3. Add the following options to seafile.conf:

                [commit_object_backend]\nname = s3\n......\nuse_v4_signature = true\nuse_https = true\nsse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P\n\n[fs_object_backend]\nname = s3\n......\nuse_v4_signature = true\nuse_https = true\nsse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P\n\n[block_backend]\nname = s3\n......\nuse_v4_signature = true\nuse_https = true\nsse_c_key = XiqMSf3x5ja4LRibBbV0sVntVpdHXl3P\n

                ssk_c_key is a 32-byte random string.

                "},{"location":"setup/setup_with_amazon_s3/#other-public-hosted-s3-storage","title":"Other Public Hosted S3 Storage","text":"

                There are other S3-compatible cloud storage providers in the market, such as Blackblaze and Wasabi. Configuration for those providers are just a bit different from AWS. We don't assure the following configuration works for all providers. If you have problems please contact our support

                [commit_object_backend]\nname = s3\nbucket = my-commit-objects\nhost = <access endpoint for storage provider>\nkey_id = your-key-id\nkey = your-secret-key\n# v2 authentication protocol will be used if not set\nuse_v4_signature = true\n# required for v4 protocol. ignored for v2 protocol.\naws_region = <region name for storage provider>\n\n[fs_object_backend]\nname = s3\nbucket = my-fs-objects\nhost = <access endpoint for storage provider>\nkey_id = your-key-id\nkey = your-secret-key\nuse_v4_signature = true\naws_region = <region name for storage provider>\n\n[block_backend]\nname = s3\nbucket = my-block-objects\nhost = <access endpoint for storage provider>\nkey_id = your-key-id\nkey = your-secret-key\nuse_v4_signature = true\naws_region = <region name for storage provider>\n
                variable description host The endpoint by which you access the storage service. Usually it starts with the region name. It's required to provide the host address, otherwise Seafile will use AWS's address. bucket It's required to create separate buckets for commit, fs, and block objects. key_id The key_id is required to authenticate you to S3 storage. key The key is required to authenticate you to S3 storage. (Note: key_id and key are typically used together for authentication.) use_v4_signature There are two versions of authentication protocols that can be used with S3 storage. Version 2 is the older one, which may still be supported by some cloud providers; version 4 is the current one used by Amazon S3 and is supported by most providers. If you don't set this option, Seafile will use v2 protocol. It's suggested to use v4 protocol. aws_region If you use v4 protocol, set this option to the region you chose when you create the buckets. If it's not set and you're using v4 protocol, Seafile will use us-east-1 as the default. This option will be ignored if you use v2 protocol.

                Tip

                For file search and webdav to work with the v4 signature mechanism, you need to add following lines to ~/.boto

                [s3]\nuse-sigv4 = True\n
                "},{"location":"setup/setup_with_amazon_s3/#self-hosted-s3-storage","title":"Self-hosted S3 Storage","text":"

                Many self-hosted object storage systems are now compatible with the S3 API, such as OpenStack Swift and Ceph's RADOS Gateway. You can use these S3-compatible storage systems as backend for Seafile. Here is an example config:

                [commit_object_backend]\nname = s3\nbucket = my-commit-objects\nkey_id = your-key-id\nkey = your-secret-key\nhost = 192.168.1.123:8080\npath_style_request = true\n\n[fs_object_backend]\nname = s3\nbucket = my-fs-objects\nkey_id = your-key-id\nkey = your-secret-key\nhost = 192.168.1.123:8080\npath_style_request = true\n\n[block_backend]\nname = s3\nbucket = my-block-objects\nkey_id = your-key-id\nkey = your-secret-key\nhost = 192.168.1.123:8080\npath_style_request = true\n
                variable description host It is the address and port of the S3-compatible service. You cannot prepend \"http\" or \"https\" to the host option. By default it'll use http connections. If you want to use https connection, please set use_https = true option. bucket It's required to create separate buckets for commit, fs, and block objects. key_id The key_id is required to authenticate you to S3 storage. key The key is required to authenticate you to S3 storage. (Note: key_id and key are typically used together for authentication.) path_style_request This option asks Seafile to use URLs like https://192.168.1.123:8080/bucketname/object to access objects. In Amazon S3, the default URL format is in virtual host style, such as https://bucketname.s3.amazonaws.com/object. But this style relies on advanced DNS server setup. So most self-hosted storage systems only implement the path style format. So we recommend to set this option to true.

                Below are a few options that are not shown in the example configuration above:

                variable description use_v4_signature There are two versions of authentication protocols that can be used with S3 storage. Version 2 is the protocol supported by most self-hosted storage; version 4 is the current protocol used by AWS S3, but may not be supported by some self-hosted storage. If you don't set this option, Seafile will use the v2 protocol by default. We recommend trying V2 first and switching to V4 if V2 doesn't work. aws_region If you use the v4 protocol, set this option to the region you chose when you created the buckets. If it's not set and you're using the v4 protocol, Seafile will use us-east-1 as the default. This option will be ignored if you use the v2 protocol."},{"location":"setup/setup_with_amazon_s3/#use-https-connections-to-s3","title":"Use HTTPS connections to S3","text":"

                To use HTTPS connections to S3, add the following options to seafile.conf:

                [commit_object_backend]\nname = s3\n......\nuse_https = true\n\n[fs_object_backend]\nname = s3\n......\nuse_https = true\n\n[block_backend]\nname = s3\n......\nuse_https = true\n

                Because the server package is built on CentOS 6, if you're using Debian/Ubuntu, you have to copy the system CA bundle to CentOS's CA bundle path. Otherwise Seafile can't find the CA bundle so that the SSL connection will fail.

                sudo mkdir -p /etc/pki/tls/certs\nsudo cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt\nsudo ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/cert.pem\n

                Warning

                You must not use '.' in your bucket names. Otherwise the wildcard certificate for AWS S3 cannot be resolved. This is a limitation on AWS.

                "},{"location":"setup/setup_with_amazon_s3/#run-and-test","title":"Run and Test","text":"

                Now you can start Seafile and test

                "},{"location":"setup/setup_with_an_existing_mysql_server/","title":"Deploy with an existing MySQL server","text":"

                If you want to use an existing MySQL server, you can modify the .env as follows

                SEAFILE_MYSQL_DB_HOST=192.168.0.2\nSEAFILE_MYSQL_DB_PORT=3306\nINIT_SEAFILE_MYSQL_ROOT_PASSWORD=ROOT_PASSWORD\nSEAFILE_MYSQL_DB_PASSWORD=PASSWORD\n

                Tip

                INIT_SEAFILE_MYSQL_ROOT_PASSWORD is needed during installation (i.e., the deployment in the first time). After Seafile is installed, the user seafile will be used to connect to the MySQL server (SEAFILE_MYSQL_DB_PASSWORD), then you can remove the INIT_SEAFILE_MYSQL_ROOT_PASSWORD.

                "},{"location":"setup/setup_with_ceph/","title":"Setup With Ceph","text":"

                Ceph is a scalable distributed storage system. It's recommended to use Ceph's S3 Gateway (RGW) to integarte with Seafile. Seafile can also use Ceph's RADOS object storage layer for storage backend. But using RADOS requires to link with librados library, which may introduce library incompatibility issues during deployment. Furthermore the S3 Gateway provides easier to manage HTTP based interface. If you want to integrate with S3 gateway, please refer to \"Use S3-compatible Object Storage\" section in this documentation. The documentation below is for integrating with RADOS.

                "},{"location":"setup/setup_with_ceph/#copy-ceph-conf-file-and-client-keyring","title":"Copy ceph conf file and client keyring","text":"

                Seafile acts as a client to Ceph/RADOS, so it needs to access ceph cluster's conf file and keyring. You have to copy these files from a ceph admin node's /etc/ceph directory to the seafile machine.

                seafile-machine# sudo scp user@ceph-admin-node:/etc/ceph/ /etc\n
                "},{"location":"setup/setup_with_ceph/#install-and-enable-memcached","title":"Install and enable memcached","text":"

                For best performance, Seafile requires install memcached or redis and enable cache for objects.

                We recommend to allocate at least 128MB memory for object cache.

                "},{"location":"setup/setup_with_ceph/#install-python-ceph-library","title":"Install Python Ceph Library","text":"

                File search and WebDAV functions rely on Python Ceph library installed in the system.

                sudo apt-get install python3-rados\n
                "},{"location":"setup/setup_with_ceph/#edit-seafile-configuration","title":"Edit seafile configuration","text":"

                Edit seafile.conf, add the following lines:

                [block_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\npool = seafile-blocks\n\n[commit_object_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\npool = seafile-commits\n\n[fs_object_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\npool = seafile-fs\n

                You also need to add memory cache configurations

                It's required to create separate pools for commit, fs, and block objects.

                ceph-admin-node# rados mkpool seafile-blocks\nceph-admin-node# rados mkpool seafile-commits\nceph-admin-node# rados mkpool seafile-fs\n

                Troubleshooting librados incompatibility issues

                Since 8.0 version, Seafile bundles librados from Ceph 16. On some systems you may find Seafile fail to connect to your Ceph cluster. In such case, you can usually solve it by removing the bundled librados libraries and use the one installed in the OS.

                To do this, you have to remove a few bundled libraries:

                cd seafile-server-latest/seafile/lib\nrm librados.so.2 libstdc++.so.6 libnspr4.so\n
                "},{"location":"setup/setup_with_ceph/#use-arbitary-ceph-user","title":"Use arbitary Ceph user","text":"

                The above configuration will use the default (client.admin) user to connect to Ceph. You may want to use some other Ceph user to connect. This is supported in Seafile. To specify the Ceph user, you have to add a ceph_client_id option to seafile.conf, as the following:

                [block_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\n# Sepcify Ceph user for Seafile here\nceph_client_id = seafile\npool = seafile-blocks\n\n[commit_object_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\n# Sepcify Ceph user for Seafile here\nceph_client_id = seafile\npool = seafile-commits\n\n[fs_object_backend]\nname = ceph\nceph_config = /etc/ceph/ceph.conf\n# Sepcify Ceph user for Seafile here\nceph_client_id = seafile\npool = seafile-fs\n\n# Memcached or Reids configs\n......\n

                You can create a ceph user for seafile on your ceph cluster like this:

                ceph auth add client.seafile \\\n  mds 'allow' \\\n  mon 'allow r' \\\n  osd 'allow rwx pool=seafile-blocks, allow rwx pool=seafile-commits, allow rwx pool=seafile-fs'\n

                You also have to add this user's keyring path to /etc/ceph/ceph.conf:

                [client.seafile]\nkeyring = <path to user's keyring file>\n
                "},{"location":"setup/setup_with_multiple_storage_backends/","title":"Multiple Storage Backend","text":"

                There are some use cases that supporting multiple storage backends in Seafile server is needed. Such as:

                1. Store different types of files into different storage backends. For example, normal files can be stored in primary storage (disks, SSD); Archived files can be stored in cold storage (tapes or other backup systems).
                2. Combine multiple storage backends to extend storage scalability. For example, a single NFS volume may be limited by size; a single S3 bucket of Ceph RGW may suffer performance decrease when the number of objects become very large.

                The library data in Seafile server are spreaded into multiple storage backends in the unit of libraries. All the data in a library will be located in the same storage backend. The mapping from library to its storage backend is stored in a database table. Different mapping policies can be chosen based on the use case.

                To use this feature, you need to:

                1. Define storage classes in seafile.conf.
                2. Enable multiple backend feature in seahub and choose a mapping policy.
                "},{"location":"setup/setup_with_multiple_storage_backends/#outline","title":"Outline","text":"

                In Seafile server, a storage backend is represented by the concept of \"storage class\". A storage class is defined by specifying the following information:

                • storage_id: an internal string ID to identify the storage class. It's not visible to users. For example \"primary storage\".
                • name: A user visible name for the storage class.
                • is_default: whether this storage class is the default. This option are effective in two cases:
                • If the chosen mapping policy allows users to choose storage class for a library, this would be the default if the user doesn't choose one.
                • For other mapping policies, this option only takes effect when you have some existing libraries before enabling multiple storage backend feature. For existing libraries, the system will automatically map them to the default storage backend. So in this case you have to set the existing storage backend as the default one.
                • commits\uff1athe storage for storing the commit objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3.
                • fs\uff1athe storage for storing the fs objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3.
                • blocks\uff1athe storage for storing the block objects for this class. It can be any storage that Seafile supports, like file system, ceph, s3.

                commit, fs, and blocks can be stored in different storages. This provides the most flexible way to define storage classes.

                "},{"location":"setup/setup_with_multiple_storage_backends/#seafile-configuration","title":"Seafile Configuration","text":"

                As Seafile server before 6.3 version doesn't support multiple storage classes, you have to explicitly enable this new feature and define storage classes with a different syntax than how we define storage backend before.

                First, you have to enable this feature in seafile.conf.

                [storage]\nenable_storage_classes = true\nstorage_classes_file = /opt/seafile_storage_classes.json\n
                • enable_storage_classes \uff1aIf this is set to true, the storage class feature is enabled. You must define the storage classes in a JSON file provided in the next configuration option.
                • storage_classes_file\uff1aSpecifies the path for the JSON file that contains the storage class definition.

                You also need to add memory cache configurations to seafile.conf

                "},{"location":"setup/setup_with_multiple_storage_backends/#notes-for-docker-installs","title":"Notes for Docker Installs","text":"

                If installing Seafile as Docker containers, place the seafile_storage_classes.json file on your local disk in a sub-directory of the location that is mounted to the seafile container, and set the storage_classes_file configuration above to a path relative to the /shared/ directory mounted on the seafile container.

                For example, if the configuration of the seafile container in your docker-compose.yml file is similar to the following: 

                // docker-compose.yml\nservices:\n  seafile:\n    container_name: seafile\n    volumes:\n      - /opt/seafile-data:/shared\n

                Then place the JSON file within any sub-directory of /opt/seafile-data (such as /opt/seafile-data/conf/) and then configure seafile.conf like so:

                [storage]\nenable_storage_classes = true\nstorage_classes_file = /shared/conf/seafile_storage_classes.json\n

                You also need to add memory cache configurations to seafile.conf

                "},{"location":"setup/setup_with_multiple_storage_backends/#defining-storage-backends","title":"Defining Storage Backends","text":"

                The JSON file is an array of objects. Each object defines a storage class. The fields in the definition corresponds to the information we need to specify for a storage class. Below is an example:

                [\n  {\n    \"storage_id\": \"hot_storage\",\n    \"name\": \"Hot Storage\",\n    \"is_default\": true,\n    \"commits\": {\n      \"backend\": \"s3\",\n      \"bucket\": \"seafile-commits\",\n      \"key\": \"ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09\",\n      \"key_id\": \"AKIAIOT3GCU5VGCCL44A\"\n    },\n    \"fs\": {\n      \"backend\": \"s3\",\n      \"bucket\": \"seafile-fs\",\n      \"key\": \"ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09\",\n      \"key_id\": \"AKIAIOT3GCU5VGCCL44A\"\n    },\n    \"blocks\": {\n      \"backend\": \"s3\",\n      \"bucket\": \"seafile-blocks\",\n      \"key\": \"ZjoJ8RPNDqP1vcdD60U4wAHwUQf2oJYqxN27oR09\",\n      \"key_id\": \"AKIAIOT3GCU5VGCCL44A\"\n    }\n  },\n  {\n    \"storage_id\": \"cold_storage\",\n    \"name\": \"Cold Storage\",\n    \"is_default\": false,\n    \"fs\": {\n      \"backend\": \"fs\",\n      \"dir\": \"/storage/seafile/seafile-data\"\n    },\n    \"commits\": {\n      \"backend\": \"fs\",\n      \"dir\": \"/storage/seafile/seafile-data\"\n    },\n    \"blocks\": {\n      \"backend\": \"fs\",\n      \"dir\": \"/storage/seafile/seaflle-data\"\n    }\n  },\n  {\n    \"storage_id\": \"swift_storage\",\n    \"name\": \"Swift Storage\",\n    \"fs\": {\n      \"backend\": \"swift\",\n      \"tenant\": \"adminTenant\",\n      \"user_name\": \"admin\",\n      \"password\": \"openstack\",\n      \"container\": \"seafile-commits\",\n      \"auth_host\": \"192.168.56.31:5000\",\n      \"auth_ver\": \"v2.0\"\n    },\n    \"commits\": {\n      \"backend\": \"swift\",\n      \"tenant\": \"adminTenant\",\n      \"user_name\": \"admin\",\n      \"password\": \"openstack\",\n      \"container\": \"seafile-fs\",\n      \"auth_host\": \"192.168.56.31:5000\",\n      \"auth_ver\": \"v2.0\"\n    },\n    \"blocks\": {\n      \"backend\": \"swift\",\n      \"tenant\": \"adminTenant\",\n      \"user_name\": \"admin\",\n      \"password\": \"openstack\",\n      \"container\": \"seafile-blocks\",\n      \"auth_host\": \"192.168.56.31:5000\",\n      \"auth_ver\": \"v2.0\",\n      \"region\": \"RegionTwo\"\n    }\n  },\n  {\n    \"storage_id\": \"ceph_storage\",\n    \"name\": \"ceph Storage\",\n    \"fs\": {\n      \"backend\": \"ceph\",\n      \"ceph_config\": \"/etc/ceph/ceph.conf\",\n      \"pool\": \"seafile-fs\"\n    },\n    \"commits\": {\n      \"backend\": \"ceph\",\n      \"ceph_config\": \"/etc/ceph/ceph.conf\",\n      \"pool\": \"seafile-commits\"\n    },\n    \"blocks\": {\n      \"backend\": \"ceph\",\n      \"ceph_config\": \"/etc/ceph/ceph.conf\",\n      \"pool\": \"seafile-blocks\"\n    }\n  }\n]\n

                As you may have seen, the commits, fs and blocks information syntax is similar to what is used in [commit_object_backend], [fs_object_backend] and [block_backend] section of seafile.conf. Refer to the detailed syntax in the documentation for the storage you use. For exampe, if you use S3 storage, refer to S3 Storage.

                If you use file system as storage for fs, commits or blocks, you must explicitly provide the path for the seafile-data directory. The objects will be stored in storage/commits, storage/fs, storage/blocks under this path.

                Currently file system, S3 and Swift backends are supported. Ceph/RADOS is also supported since version 7.0.14

                "},{"location":"setup/setup_with_multiple_storage_backends/#library-mapping-policies","title":"Library Mapping Policies","text":"

                Library mapping policies decide the storage class a library uses. Currently we provide 3 policies for 3 different use cases. The storage class of a library is decided on creation and stored in a database table. The storage class of a library won't change if the mapping policy is changed later.

                Before choosing your mapping policy, you need to enable the storage classes feature in seahub_settings.py:

                ENABLE_STORAGE_CLASSES = True\n
                "},{"location":"setup/setup_with_multiple_storage_backends/#user-chosen","title":"User Chosen","text":"

                This policy lets the users choose which storage class to use when creating a new library. The users can select any storage class that's been defined in the JSON file.

                To use this policy, add following options in seahub_settings.py:

                STORAGE_CLASS_MAPPING_POLICY = 'USER_SELECT'\n

                If you enable storage class support but don't explicitly set STORAGE_CLASS_MAPPING_POLIICY in seahub_settings.py, this policy is used by default.

                "},{"location":"setup/setup_with_multiple_storage_backends/#role-based-mapping","title":"Role-based Mapping","text":"

                Due to storage cost or management considerations, sometimes a system admin wants to make different type of users use different storage backends (or classes). You can configure a user's storage classes based on their roles.

                A new option storage_ids is added to the role configuration in seahub_settings.py to assign storage classes to each role. If only one storage class is assigned to a role, the users with this role cannot choose storage class for libraries; otherwise, the users can choose a storage class if more than one class are assigned. If no storage class is assigned to a role, the default class specified in the JSON file will be used.

                Here are the sample options in seahub_settings.py to use this policy:

                ENABLE_STORAGE_CLASSES = True\nSTORAGE_CLASS_MAPPING_POLICY = 'ROLE_BASED'\n\nENABLED_ROLE_PERMISSIONS = {\n    'default': {\n        'can_add_repo': True,\n        'can_add_group': True,\n        'can_view_org': True,\n        'can_use_global_address_book': True,\n        'can_generate_share_link': True,\n        'can_generate_upload_link': True,\n        'can_invite_guest': True,\n        'can_connect_with_android_clients': True,\n        'can_connect_with_ios_clients': True,\n        'can_connect_with_desktop_clients': True,\n        'storage_ids': ['old_version_id', 'hot_storage', 'cold_storage', 'a_storage'],\n    },\n    'guest': {\n        'can_add_repo': True,\n        'can_add_group': False,\n        'can_view_org': False,\n        'can_use_global_address_book': False,\n        'can_generate_share_link': False,\n        'can_generate_upload_link': False,\n        'can_invite_guest': False,\n        'can_connect_with_android_clients': False,\n        'can_connect_with_ios_clients': False,\n        'can_connect_with_desktop_clients': False,\n        'storage_ids': ['hot_storage', 'cold_storage'],\n    },\n}\n
                "},{"location":"setup/setup_with_multiple_storage_backends/#library-id-based-mapping","title":"Library ID Based Mapping","text":"

                This policy maps libraries to storage classes based on its library ID. The ID of a library is an UUID. In this way, the data in the system can be evenly distributed among the storage classes.

                Note

                This policy is not a designed to be a complete distributed storage solution. It doesn't handle automatic migration of library data between storage classes. If you need to add more storage classes to the configuration, existing libraries will stay in their original storage classes. New libraries can be distributed among the new storage classes (backends). You still have to plan about the total storage capacity of your system at the beginning.

                To use this policy, you first add following options in seahub_settings.py:

                STORAGE_CLASS_MAPPING_POLICY = 'REPO_ID_MAPPING'\n

                Then you can add option for_new_library to the backends which are expected to store new libraries in json file:

                [\n{\n\"storage_id\": \"new_backend\",\n\"name\": \"New store\",\n\"for_new_library\": true,\n\"is_default\": false,\n\"fs\": {\"backend\": \"fs\", \"dir\": \"/storage/seafile/new-data\"},\n\"commits\": {\"backend\": \"fs\", \"dir\": \"/storage/seafile/new-data\"},\n\"blocks\": {\"backend\": \"fs\", \"dir\": \"/storage/seafile/new-data\"}\n}\n]\n
                "},{"location":"setup/setup_with_multiple_storage_backends/#multiple-storage-backend-data-migration","title":"Multiple Storage Backend Data Migration","text":"

                Run the migrate-repo.sh script to migrate library data between different storage backends.

                ./migrate-repo.sh [repo_id] origin_storage_id destination_storage_id\n
                • repo_id: migrated library id
                • origin_storage_id: migrated origin storage id
                • destination_storage_id: migrated destination storage id

                repo_id is optional, if not specified, all libraries will be migrated.

                Before running the migration script, you can set the OBJECT_LIST_FILE_PATH environment variable to specify a path prefix to store the migrated object list.

                For example:

                export OBJECT_LIST_FILE_PATH=/opt/test\n

                This will create three files in the specified path (/opt): test_4c731e5c-f589-4eaa-889f-14c00d4893cb.fs test_4c731e5c-f589-4eaa-889f-14c00d4893cb.commits test_4c731e5c-f589-4eaa-889f-14c00d4893cb.blocks Setting the OBJECT_LIST_FILE_PATH environment variable has two purposes:

                1. If the migrated library is very large, you need to run the migration script multiple times. Setting this environment variable can skip the previously migrated objects.
                2. After the migration is complete, if you need to delete the objects in the origin storage, you must set this environment variable.
                "},{"location":"setup/setup_with_multiple_storage_backends/#delete-all-objects-in-a-library-in-the-specified-storage-backend","title":"Delete All Objects In a Library In The Specified Storage Backend","text":"

                Run the remove-objs.sh script (before migration, you need to set the OBJECT_LIST_FILE_PATH environment variable) to delete all objects in a library in the specified storage backend.

                ./remove-objs.sh repo_id storage_id\n
                "},{"location":"setup/setup_with_oss/","title":"Setup With Alibaba OSS","text":""},{"location":"setup/setup_with_oss/#prepare","title":"Prepare","text":"

                To setup Seafile Professional Server with Alibaba OSS:

                • Setup the basic Seafile Professional Server following the guide on Download and setup Seafile Professional Server
                • Install the python oss2 library: sudo pip install oss2==2.3.0.For more installation help, please refer to this document.
                • Install and configure memcached or Redis. For best performance, Seafile requires enable memory cache for objects. We recommend to allocate at least 128MB memory for Memcached or Redis.
                "},{"location":"setup/setup_with_oss/#modify-seafileconf","title":"Modify Seafile.conf","text":"

                Edit seafile.conf, add the following lines: 

                [commit_object_backend]\nname = oss\nbucket = <your-seafile-commits-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nregion = beijing\n\n[fs_object_backend]\nname = oss\nbucket = <your-seafile-fs-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nregion = beijing\n\n[block_backend]\nname = oss\nbucket = <your-seafile-blocks-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nregion = beijing\n

                You also need to add memory cache configurations

                It's required to create separate buckets for commit, fs, and block objects. For performance and to save network traffic costs, you should create buckets within the region where the seafile server is running.

                The key_id and key are required to authenticate you to OSS. You can find the key_id and key in the \"security credentials\" section on your OSS management page.

                The region is the region where the bucket you created is located, such as beijing, hangzhou, shenzhen, etc.

                "},{"location":"setup/setup_with_oss/#use-oss-in-vpc","title":"Use OSS in VPC","text":"

                Before version 6.0.9, Seafile only supports using OSS services in the classic network environment. The OSS service address in the VPC (Virtual Private Network) environment is different from the classic network, so you need to specify the OSS access address in the configuration environment. After version 6.0.9, it supports the configuration of OSS access addresses, thus adding the support for VPC OSS services.

                Use the following configuration:

                [commit_object_backend]\nname = oss\nbucket = <your-seafile-commits-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nendpoint = vpc100-oss-cn-beijing.aliyuncs.com\n\n[fs_object_backend]\nname = oss\nbucket = <your-seafile-fs-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nendpoint = vpc100-oss-cn-beijing.aliyuncs.com\n\n[block_backend]\nname = oss\nbucket = <your-seafile-blocks-bucket>\nkey_id = <your-key-id>\nkey = <your-key>\nendpoint = vpc100-oss-cn-beijing.aliyuncs.com\n

                Compared with the configuration under the classic network, the above configuration uses the endpoint option to replace the region option. The corresponding endpoint address can be found at https://www.alibabacloud.com/help/en/object-storage-service/latest/regions-and-endpoints.

                endpoint is a general option, you can also set it to the OSS access address under the classic network, and it will work as well.

                You also need to add memory cache configurations

                "},{"location":"setup/setup_with_oss/#use-https-connections-to-oss","title":"Use HTTPS connections to OSS","text":"

                To use HTTPS connections to OSS, add the following options to seafile.conf:

                [commit_object_backend]\nname = oss\n......\nuse_https = true\n\n[fs_object_backend]\nname = oss\n......\nuse_https = true\n\n[block_backend]\nname = oss\n......\nuse_https = true\n
                "},{"location":"setup/setup_with_swift/","title":"Setup With OpenStack Swift","text":"

                This backend uses the native Swift API. Previously users can only use the S3-compatibility layer of Swift. That way is obsolete now.

                Since version 6.3, OpenStack Swift v3.0 API is supported.

                "},{"location":"setup/setup_with_swift/#prepare","title":"Prepare","text":"

                To setup Seafile Professional Server with Swift:

                • Setup the basic Seafile Professional Server
                • Install and configure memcached or Redis. For best performance, Seafile requires enable memory cache for objects. We recommend to at least allocate 128MB memory for memcached.
                "},{"location":"setup/setup_with_swift/#modify-seafileconf","title":"Modify Seafile.conf","text":"

                Edit seafile.conf, add the following lines:

                [block_backend]\nname = swift\ntenant = yourTenant\nuser_name = user\npassword = secret\ncontainer = seafile-blocks\nauth_host = 192.168.56.31:5000\nauth_ver = v3.0\nregion = yourRegion\n\n[commit_object_backend]\nname = swift\ntenant = yourTenant\nuser_name = user\npassword = secret\ncontainer = seafile-commits\nauth_host = 192.168.56.31:5000\nauth_ver = v3.0\nregion = yourRegion\n\n[fs_object_backend]\nname = swift\ntenant = yourTenant\nuser_name = user\npassword = secret\ncontainer = seafile-fs\nauth_host = 192.168.56.31:5000\nauth_ver = v3.0\nregion = yourRegion\n

                You also need to add memory cache configurations

                The above config is just an example. You should replace the options according to your own environment.

                Seafile supports Swift with Keystone as authentication mechanism. The auth_host option is the address and port of Keystone service.The region option is used to select publicURL,if you don't configure it, use the first publicURL in returning authenticated information.

                Seafile also supports Tempauth and Swauth since professional edition 6.2.1. The auth_ver option should be set to v1.0, tenant and region are no longer needed.

                It's required to create separate containers for commit, fs, and block objects.

                "},{"location":"setup/setup_with_swift/#use-https-connections-to-swift","title":"Use HTTPS connections to Swift","text":"

                Since Pro 5.0.4, you can use HTTPS connections to Swift. Add the following options to seafile.conf:

                [commit_object_backend]\nname = swift\n......\nuse_https = true\n\n[fs_object_backend]\nname = swift\n......\nuse_https = true\n\n[block_backend]\nname = swift\n......\nuse_https = true\n

                Because the server package is built on CentOS 6, if you're using Debian/Ubuntu, you have to copy the system CA bundle to CentOS's CA bundle path. Otherwise Seafile can't find the CA bundle so that the SSL connection will fail.

                sudo mkdir -p /etc/pki/tls/certs\nsudo cp /etc/ssl/certs/ca-certificates.crt /etc/pki/tls/certs/ca-bundle.crt\nsudo ln -s /etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/cert.pem\n
                "},{"location":"setup/setup_with_swift/#run-and-test","title":"Run and Test","text":"

                Now you can start Seafile by ./seafile.sh start and ./seahub.sh start and visit the website.

                "},{"location":"setup_binary/deploy_in_a_cluster/","title":"Deploy in a cluster","text":"

                Tip

                Since Seafile Pro server 6.0.0, cluster deployment requires \"sticky session\" settings in the load balancer. Otherwise sometimes folder download on the web UI can't work properly. Read the \"Load Balancer Setting\" section below for details

                "},{"location":"setup_binary/deploy_in_a_cluster/#architecture","title":"Architecture","text":"

                The Seafile cluster solution employs a 3-tier architecture:

                • Load balancer tier: Distribute incoming traffic to Seafile servers. HA can be achieved by deploying multiple load balancer instances.
                • Seafile server cluster: a cluster of Seafile server instances. If one instance fails, the load balancer will stop handing traffic to it. So HA is achieved.
                • Backend storage: Distributed storage cluster, e.g. S3, Openstack Swift or Ceph.

                This architecture scales horizontally. That means, you can handle more traffic by adding more machines. The architecture is visualized in the following picture.

                There are two main components on the Seafile server node: web server (Nginx/Apache) and Seafile app server. The web server passes requests from the clients to Seafile app server. The Seafile app servers work independently. They don't know about each other's state. That means each app server can fail independently without affecting other app server instances. The load balancer is responsible for detecting failure and re-routing requests.

                Even though Seafile app servers work independently, they still have to share some session information. All shared session information is stored in memory cache. Thus, all Seafile app servers have to connect to the same memory cache server (cluster). Since Pro Edition 11.0, both memcached and Redis can be used as memory cache. Before 11.0, only memcached is supported. More details about memory cache configuration is available later.

                The background server is the workhorse for various background tasks, including full-text indexing, office file preview, virus scanning, LDAP syncing. It should usually be run on a dedicated server for better performance. Currently only one background task server can be running in the entire cluster. If more than one background servers are running, they may conflict with each others when doing some tasks. If you need HA for background task server, you can consider using Keepalived to build a hot backup for it. More details can be found in background server setup.

                All Seafile app servers access the same set of user data. The user data has two parts: One in the MySQL database and the other one in the backend storage cluster (S3, Ceph etc.). All app servers serve the data equally to the clients.

                All app servers have to connect to the same database or database cluster. We recommend to use MariaDB Galera Cluster if you need a database cluster.

                There are a few steps to deploy a Seafile cluster:

                1. Prepare hardware, operating systems, memory cache and database
                2. Setup a single Seafile server node
                3. Copy the deployment to other Seafile nodes
                4. Setup Nginx/Apache and firewall rules
                5. Setup load balancer
                6. Setup backgroup task node
                "},{"location":"setup_binary/deploy_in_a_cluster/#preparation","title":"Preparation","text":""},{"location":"setup_binary/deploy_in_a_cluster/#hardware-database-memory-cache","title":"Hardware, Database, Memory Cache","text":"

                At least 3 Linux server with at least 4 cores, 8GB RAM. Two servers work as frontend servers, while one server works as background task server. Virtual machines are sufficient for most cases.

                In small cluster, you can re-use the 3 Seafile servers to run memcached cluster and MariaDB cluster. For larger clusters, you can have 3 more dedicated server to run memcached cluster and MariaDB cluster. Because the load on these two clusters are not high, they can share the hardware to save cost. Documentation about how to setup memcached cluster and MariaDB cluster can be found here.

                Since version 11.0, Redis can also be used as memory cache server. But currently only single-node Redis is supported.

                "},{"location":"setup_binary/deploy_in_a_cluster/#install-python-libraries","title":"Install Python libraries","text":"

                On each mode, you need to install some python libraries.

                First make sure your have installed Python 2.7, then:

                sudo easy_install pip\nsudo pip install boto\n

                If you receive an error stating \"Wheel installs require setuptools >= ...\", run this between the pip and boto lines above

                sudo pip install setuptools --no-use-wheel --upgrade\n
                "},{"location":"setup_binary/deploy_in_a_cluster/#configure-a-single-node","title":"Configure a Single Node","text":"

                You should make sure the config files on every Seafile server are consistent.

                "},{"location":"setup_binary/deploy_in_a_cluster/#get-the-license","title":"Get the license","text":"

                Put the license you get under the top level diretory. In our wiki, we use the diretory /data/haiwen/ as the top level directory.

                "},{"location":"setup_binary/deploy_in_a_cluster/#downloaduncompress-seafile-professional-server","title":"Download/Uncompress Seafile Professional Server","text":"
                tar xf seafile-pro-server_8.0.0_x86-64.tar.gz\n

                Now you have:

                haiwen\n\u251c\u2500\u2500 seafile-license.txt\n\u2514\u2500\u2500 seafile-pro-server-8.0.0/\n
                "},{"location":"setup_binary/deploy_in_a_cluster/#setup-seafile","title":"Setup Seafile","text":"

                Please follow Download and Setup Seafile Professional Server With MySQL to setup a single Seafile server node.

                Use the load balancer's address or domain name for the server address. Don't use the local IP address of each Seafile server machine. This assures the user will always access your service via the load balancers

                After the setup process is done, you still have to do a few manual changes to the config files.

                "},{"location":"setup_binary/deploy_in_a_cluster/#seafileconf","title":"seafile.conf","text":"

                If you use a single memcached server, you have to add the following configuration to seafile.conf

                [cluster]\nenabled = true\n\n[memcached]\nmemcached_options = --SERVER=192.168.1.134 --POOL-MIN=10 --POOL-MAX=100\n

                If you use memcached cluster, the recommended way to setup memcached clusters can be found here.

                You'll setup two memcached server, in active/standby mode. A floating IP address will be assigned to the current active memcached node. So you have to configure the address in seafile.conf accordingly.

                [cluster]\nenabled = true\n\n[memcached]\nmemcached_options = --SERVER=<floating IP address> --POOL-MIN=10 --POOL-MAX=100\n

                If you are using Redis as cache, add following configurations:

                [cluster]\nenabled = true\n\n[redis]\n# your redis server address\nredis_server = 127.0.0.1\n# your redis server port\nredis_port = 6379\n# size of connection pool to redis, default is 100\nmax_connections = 100\n

                Currently only single-node Redis is supported. Redis Sentinel or Cluster is not supported yet.

                (Optional) The Seafile server also opens a port for the load balancers to run health checks. Seafile by default uses port 11001. You can change this by adding the following config option to seafile.conf

                [cluster]\nhealth_check_port = 12345\n
                "},{"location":"setup_binary/deploy_in_a_cluster/#seahub_settingspy","title":"seahub_settings.py","text":"

                You must setup and use memory cache when deploying Seafile cluster. Refer to \"memory cache\" to configure memory cache in Seahub.

                Also add following options to seahub_setting.py. These settings tell Seahub to store avatar in database and cache avatar in memcached, and store css CACHE to local memory.

                AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage'\n
                "},{"location":"setup_binary/deploy_in_a_cluster/#seafeventsconf","title":"seafevents.conf","text":"

                Here is an example [INDEX FILES] section:

                [INDEX FILES]\nenabled = true\ninterval = 10m\nhighlight = fvh     # This configuration is only available for Seafile 6.3.0 pro and above.\nindex_office_pdf = true\nes_host = background.seafile.com\nes_port = 9200\n

                Tip

                enable = true should be left unchanged. It means the file search feature is enabled.

                "},{"location":"setup_binary/deploy_in_a_cluster/#update-seahub-database","title":"Update Seahub Database","text":"

                In cluster environment, we have to store avatars in the database instead of in a local disk.

                CREATE TABLE `avatar_uploaded` (`filename` TEXT NOT NULL, `filename_md5` CHAR(32) NOT NULL PRIMARY KEY, `data` MEDIUMTEXT NOT NULL, `size` INTEGER NOT NULL, `mtime` datetime NOT NULL);\n
                "},{"location":"setup_binary/deploy_in_a_cluster/#backend-storage-settings","title":"Backend Storage Settings","text":"

                You also need to add the settings for backend cloud storage systems to the config files.

                • For NFS: Setup Seafile cluster with NFS
                • For S3: Setup With Amazon S3
                • For OpenStack Swift: Setup With OpenStackSwift
                "},{"location":"setup_binary/deploy_in_a_cluster/#setup-nginxapache-and-http","title":"Setup Nginx/Apache and HTTP","text":"

                Nginx/Apache with HTTP need to set it up on each machine running Seafile server. This is make sure only port 80 need to be exposed to load balancer. (HTTPS should be setup at the load balancer)

                Please check the following documents on how to setup HTTP with Nginx/Apache. (HTTPS is not needed)

                • Nginx
                • Apache
                "},{"location":"setup_binary/deploy_in_a_cluster/#run-and-test-the-single-node","title":"Run and Test the Single Node","text":"

                Once you have finished configuring this single node, start it to test if it runs properly:

                cd /data/haiwen/seafile-server-latest\n./seafile.sh start\n./seahub.sh start\n

                Success

                The first time you start seahub, the script would prompt you to create an admin account for your Seafile server.

                Open your browser, visit http://ip-address-of-this-node:80 and login with the admin account.

                "},{"location":"setup_binary/deploy_in_a_cluster/#configure-other-nodes","title":"Configure other nodes","text":"

                Now you have one node working fine, let's continue to configure more nodes.

                "},{"location":"setup_binary/deploy_in_a_cluster/#copy-the-config-to-all-seafile-servers","title":"Copy the config to all Seafile servers","text":"

                Supposed your Seafile installation directory is /data/haiwen, compress this whole directory into a tarball and copy the tarball to all other Seafile server machines. You can simply uncompress the tarball and use it.

                On each node, run ./seafile.sh and ./seahub.sh to start Seafile server.

                "},{"location":"setup_binary/deploy_in_a_cluster/#backend-node","title":"backend node","text":"

                In the backend node, you need to execute the following command to start Seafile server. CLUSTER_MODE=backend means this node is seafile backend server.

                export CLUSTER_MODE=backend\n./seafile.sh start\n./seafile-background-tasks.sh start\n
                "},{"location":"setup_binary/deploy_in_a_cluster/#start-seafile-service-on-boot","title":"Start Seafile Service on boot","text":"

                It would be convenient to setup Seafile service to start on system boot. Follow this documentation to set it up on all nodes.

                "},{"location":"setup_binary/deploy_in_a_cluster/#firewall-settings","title":"Firewall Settings","text":"

                There are 2 firewall rule changes for Seafile cluster:

                • On each Seafile server machine, you should open the health check port (default 11001);
                • On the memcached server, you should open the port 11211. For security resons only the Seafile servers should be allowed to access this port.
                "},{"location":"setup_binary/deploy_in_a_cluster/#load-balancer-setting","title":"Load Balancer Setting","text":"

                Now that your cluster is already running, fire up the load balancer and welcome your users. Since version 6.0.0, Seafile Pro requires \"sticky session\" settings in the load balancer. You should refer to the manual of your load balancer for how to set up sticky sessions.

                "},{"location":"setup_binary/deploy_in_a_cluster/#aws-elastic-load-balancer-elb","title":"AWS Elastic Load Balancer (ELB)","text":"

                In the AWS ELB management console, after you've added the Seafile server instances to the instance list, you should do two more configurations.

                First you should setup HTTP(S) listeners. Ports 443 and 80 of ELB should be forwarded to the ports 80 or 443 of the Seafile servers.

                Then you setup health check

                Refer to AWS documentation about how to setup sticky sessions.

                "},{"location":"setup_binary/deploy_in_a_cluster/#haproxy","title":"HAProxy","text":"

                This is a sample /etc/haproxy/haproxy.cfg:

                (Assume your health check port is 11001)

                global\n    log 127.0.0.1 local1 notice\n    maxconn 4096\n    user haproxy\n    group haproxy\n\ndefaults\n    log global\n    mode http\n    retries 3\n    maxconn 2000\n    timeout connect 10000\n    timeout client 300000\n    timeout server 300000\n\nlisten seafile 0.0.0.0:80\n    mode http\n    option httplog\n    option dontlognull\n    option forwardfor\n    cookie SERVERID insert indirect nocache\n    server seafileserver01 192.168.1.165:80 check port 11001 cookie seafileserver01\n    server seafileserver02 192.168.1.200:80 check port 11001 cookie seafileserver02\n
                "},{"location":"setup_binary/deploy_in_a_cluster/#see-how-it-runs","title":"See how it runs","text":"

                Now you should be able to test your cluster. Open https://seafile.example.com in your browser and enjoy. You can also synchronize files with Seafile clients.

                If the above works, the next step would be Enable search and background tasks in a cluster.

                "},{"location":"setup_binary/deploy_in_a_cluster/#the-final-configuration-of-the-front-end-nodes","title":"The final configuration of the front-end nodes","text":"

                Here is the summary of configurations at the front-end node that related to cluster setup. (for version 7.1+)

                For seafile.conf:

                [cluster]\nenabled = true\nmemcached_options = --SERVER=<IP of memcached node> --POOL-MIN=10 --POOL-MAX=100\n

                The enabled option will prevent the start of background tasks by ./seafile.sh start in the front-end node. The tasks should be explicitly started by ./seafile-background-tasks.sh start at the back-end node.

                For seahub_settings.py:

                AVATAR_FILE_STORAGE = 'seahub.base.database_storage.DatabaseStorage'\n

                For seafevents.conf:

                [INDEX FILES]\nenabled = true\ninterval = 10m\nhighlight = fvh     # This configuration is for improving searching speed\nes_host = <IP of background node>\nes_port = 9200\n

                The [INDEX FILES] section is needed to let the front-end node know the file search feature is enabled.

                "},{"location":"setup_binary/enable_search_and_background_tasks_in_a_cluster/","title":"Enable search and background tasks in a cluster","text":"

                In the seafile cluster, only one server should run the background tasks, including:

                • indexing files for search
                • email notification
                • office documents converts service (Start from 9.0 version, office converts service is moved to a separate docker component)
                • LDAP sync
                • virus scan

                Let's assume you have three nodes in your cluster: A, B, and C.

                • Node A is backend node that run background tasks.
                • Node B and C are frontend nodes that serving requests from clients.

                "},{"location":"setup_binary/enable_search_and_background_tasks_in_a_cluster/#configuring-node-a-the-backend-node","title":"Configuring Node A (the backend node)","text":"

                If you following the steps on settings up a cluster, node B and node C should have already be configed as frontend node. You can copy the configuration of node B as a base for node A. Then do the following steps:

                Since 9.0, ElasticSearch program is not part of Seafile package. You should deploy ElasticSearch service seperately. Then edit seafevents.conf, add the following lines:

                [INDEX FILES]\nenabled = true\nes_host = <ip of elastic search service>\nes_port = 9200\ninterval = 10m\nhighlight = fvh  # this is for improving the search speed\n

                Edit seafile.conf to enable virus scan according to virus scan document

                "},{"location":"setup_binary/enable_search_and_background_tasks_in_a_cluster/#configure-other-nodes","title":"Configure Other Nodes","text":"

                On nodes B and C, you need to:

                Edit seafevents.conf, add the following lines:

                [INDEX FILES]\nenabled = true\nes_host = <ip of elastic search service>\nes_port = 9200\n
                "},{"location":"setup_binary/enable_search_and_background_tasks_in_a_cluster/#start-the-background-node","title":"Start the background node","text":"

                Type the following commands to start the background node (Note, one additional command seafile-background-tasks.sh is needed)

                export CLUSTER_MODE=backend\n./seafile.sh start\n./seafile-background-tasks.sh start\n

                To stop the background node, type:

                ./seafile-background-tasks.sh stop\n./seafile.sh stop\n

                You should also configure Seafile background tasks to start on system bootup. For systemd based OS, you can add /etc/systemd/system/seafile-background-tasks.service:

                [Unit]\nDescription=Seafile Background Tasks Server\nAfter=network.target seafile.service\n\n[Service]\nType=forking\nExecStart=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh start\nExecStop=/opt/seafile/seafile-server-latest/seafile-background-tasks.sh stop\nUser=root\nGroup=root\n\n[Install]\nWantedBy=multi-user.target\n

                Then enable this task in systemd:

                systemctl enable seafile-background-tasks.service\n
                "},{"location":"setup_binary/enable_search_and_background_tasks_in_a_cluster/#the-final-configuration-of-the-background-node","title":"The final configuration of the background node","text":"

                Here is the summary of configurations at the background node that related to clustering setup.

                For seafile.conf:

                [cluster]\nenabled = true\n\n[memcached]\nmemcached_options = --SERVER=<you memcached server host> --POOL-MIN=10 --POOL-MAX=100\n

                For seafevents.conf:

                [INDEX FILES]\nenabled = true\nes_host = <ip of elastic search service>\nes_port = 9200\ninterval = 10m\nhighlight = fvh  # this is for improving the search speed\n
                "},{"location":"setup_binary/fail2ban/","title":"seafile-authentication-fail2ban","text":""},{"location":"setup_binary/fail2ban/#what-is-fail2ban","title":"What is fail2ban ?","text":"

                Fail2ban is an intrusion prevention software framework which protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

                (Definition from wikipedia - https://en.wikipedia.org/wiki/Fail2ban)

                "},{"location":"setup_binary/fail2ban/#why-do-i-need-to-install-this-fail2bans-filter","title":"Why do I need to install this fail2ban's filter ?","text":"

                To protect your seafile website against brute force attemps. Each time a user/computer tries to connect and fails 3 times, a new line will be write in your seafile logs (seahub.log).

                Fail2ban will check this log file and will ban all failed authentications with a new rule in your firewall.

                "},{"location":"setup_binary/fail2ban/#installation","title":"Installation","text":""},{"location":"setup_binary/fail2ban/#change-to-right-time-zone-in-seahub_settingspy","title":"Change to right Time Zone in seahub_settings.py","text":"

                Without this your Fail2Ban filter will not work

                You need to add the following settings to seahub_settings.py but change it to your own time zone. 

                 # TimeZone\n TIME_ZONE = 'Europe/Stockholm'\n

                "},{"location":"setup_binary/fail2ban/#copy-and-edit-jaillocal-file","title":"Copy and edit jail.local file","text":"

                this file may override some parameters from your jail.conf file

                Edit jail.local with : * ports used by your seafile website (e.g. http,https) ; * logpath (e.g. /home/yourusername/logs/seahub.log) ; * maxretry (default to 3 is equivalent to 9 real attemps in seafile, because one line is written every 3 failed authentications into seafile logs).

                "},{"location":"setup_binary/fail2ban/#create-the-file-jaillocal-in-etcfail2ban-with-the-following-content","title":"Create the file jail.local in /etc/fail2ban with the following content:","text":"
                # All standard jails are in the file configuration located\n# /etc/fail2ban/jail.conf\n\n# Warning you may override any other parameter (e.g. banaction,\n# action, port, logpath, etc) in that section within jail.local\n\n# Change logpath with your file log used by seafile (e.g. seahub.log)\n# Also you can change the max retry var (3 attemps = 1 line written in the\n# seafile log)\n# So with this maxrety to 1, the user can try 3 times before his IP is banned\n\n[seafile]\n\nenabled  = true\nport     = http,https\nfilter   = seafile-auth\nlogpath  = /home/yourusername/logs/seahub.log\nmaxretry = 3\n
                "},{"location":"setup_binary/fail2ban/#create-the-fail2ban-filter-file-seafile-authconf-in-etcfail2banfilterd-with-the-following-content","title":"Create the fail2ban filter file seafile-auth.conf in /etc/fail2ban/filter.d with the following content:","text":"
                # Fail2Ban filter for seafile\n#\n\n[INCLUDES]\n\n# Read common prefixes. If any customizations available -- read them from\n# common.local\nbefore = common.conf\n\n[Definition]\n\n_daemon = seaf-server\n\nfailregex = Login attempt limit reached.*, ip: <HOST>\n\nignoreregex = \n\n# DEV Notes:\n#\n# pattern :     2015-10-20 15:20:32,402 [WARNING] seahub.auth.views:155 login Login attempt limit reached, username: <user>, ip: 1.2.3.4, attemps: 3\n#       2015-10-20 17:04:32,235 [WARNING] seahub.auth.views:163 login Login attempt limit reached, ip: 1.2.3.4, attempts: 3\n
                "},{"location":"setup_binary/fail2ban/#restart-fail2ban","title":"Restart fail2ban","text":"

                Finally, just restart fail2ban and check your firewall (iptables for me) :

                sudo fail2ban-client reload\nsudo iptables -S\n

                Fail2ban will create a new chain for this jail. So you should see these new lines :

                ...\n-N fail2ban-seafile\n...\n-A fail2ban-seafile -j RETURN\n
                "},{"location":"setup_binary/fail2ban/#tests","title":"Tests","text":"

                To do a simple test (but you have to be an administrator on your seafile server) go to your seafile webserver URL and try 3 authentications with a wrong password.

                Actually, when you have done that, you are banned from http and https ports in iptables, thanks to fail2ban.

                To check that :

                on fail2ban

                denis@myserver:~$ sudo fail2ban-client status seafile\nStatus for the jail: seafile\n|- filter\n|  |- File list:    /home/<youruser>/logs/seahub.log\n|  |- Currently failed: 0\n|  `- Total failed: 1\n`- action\n   |- Currently banned: 1\n   |  `- IP list:   1.2.3.4\n   `- Total banned: 1\n

                on iptables :

                sudo iptables -S\n\n...\n-A fail2ban-seafile -s 1.2.3.4/32 -j REJECT --reject-with icmp-port-unreachable\n...\n

                To unban your IP address, just execute this command :

                sudo fail2ban-client set seafile unbanip 1.2.3.4\n

                Tip

                As three (3) failed attempts to login will result in one line added in seahub.log a Fail2Ban jail with the settings maxretry = 3 is the same as nine (9) failed attempts to login.

                "},{"location":"setup_binary/https_with_apache/","title":"Enabling HTTPS with Apache","text":"

                After completing the installation of Seafile Server Community Edition and Seafile Server Professional Edition, communication between the Seafile server and clients runs over (unencrypted) HTTP. While HTTP is ok for testing purposes, switching to HTTPS is imperative for production use.

                HTTPS requires a SSL certificate from a Certificate Authority (CA). Unless you already have a SSL certificate, we recommend that you get your SSL certificate from Let\u2019s Encrypt using Certbot. If you have a SSL certificate from another CA, skip the section \"Getting a Let's Encrypt certificate\".

                A second requirement is a reverse proxy supporting SSL. Apache, a popular web server and reverse proxy, is a good option. The full documentation of Apache is available at https://httpd.apache.org/docs/.

                The recommended reverse proxy is Nginx. You find instructions for enabling HTTPS with Nginx here.

                "},{"location":"setup_binary/https_with_apache/#setup","title":"Setup","text":"

                The setup of Seafile using Apache as a reverse proxy with HTTPS is demonstrated using the sample host name seafile.example.com.

                This manual assumes the following requirements:

                • Seafile Server Community Edition/Professional Edition was set up according to the instructions in this manual
                • A host name points at the IP address of the server and the server is available on port 80 and 443

                If your setup differs from thes requirements, adjust the following instructions accordingly.

                The setup proceeds in two steps: First, Apache is installed. Second, a SSL certificate is integrated in the Apache configuration.

                "},{"location":"setup_binary/https_with_apache/#installing-apache","title":"Installing Apache","text":"

                Install and enable apache modules:

                # Ubuntu\n$ sudo a2enmod rewrite\n$ sudo a2enmod proxy_http\n

                Important: Due to the security advisory published by Django team, we recommend to disable GZip compression to mitigate BREACH attack. No version earlier than Apache 2.4 should be used.

                "},{"location":"setup_binary/https_with_apache/#configuring-apache","title":"Configuring Apache","text":"

                Modify Apache config file. For CentOS, this is vhost.conf. For Debian/Ubuntu, this is sites-enabled/000-default. 

                <VirtualHost *:80>\n    ServerName seafile.example.com\n    # Use \"DocumentRoot /var/www/html\" for CentOS\n    # Use \"DocumentRoot /var/www\" for Debian/Ubuntu\n    DocumentRoot /var/www\n    Alias /media  /opt/seafile/seafile-server-latest/seahub/media\n\n    AllowEncodedSlashes On\n\n    RewriteEngine On\n\n    <Location /media>\n        Require all granted\n    </Location>\n\n    #\n    # seafile fileserver\n    #\n    ProxyPass /seafhttp http://127.0.0.1:8082\n    ProxyPassReverse /seafhttp http://127.0.0.1:8082\n    RewriteRule ^/seafhttp - [QSA,L]\n\n    #\n    # seahub\n    #\n    SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n    ProxyPreserveHost On\n    ProxyPass / http://127.0.0.1:8000/\n    ProxyPassReverse / http://127.0.0.1:8000/\n</VirtualHost>\n
                "},{"location":"setup_binary/https_with_apache/#getting-a-lets-encrypt-certificate","title":"Getting a Let's Encrypt certificate","text":"

                Getting a Let's Encrypt certificate is straightforward thanks to Certbot. Certbot is a free, open source software tool for requesting, receiving, and renewing Let's Encrypt certificates.

                First, go to the Certbot website and choose your web server and OS.

                Second, follow the detailed instructions then shown.

                We recommend that you get just a certificate and that you modify the Apache configuration yourself:

                sudo certbot --apache certonly\n

                Follow the instructions on the screen.

                Upon successful verification, Certbot saves the certificate files in a directory named after the host name in /etc/letsencrypt/live. For the host name seafile.example.com, the files are stored in /etc/letsencrypt/live/seafile.example.com.

                "},{"location":"setup_binary/https_with_apache/#adjusting-apache-configuration","title":"Adjusting Apache configuration","text":"

                To use HTTPS, you need to enable mod_ssl:

                $ sudo a2enmod ssl\n

                Then modify your Apache configuration file. Here is a sample:

                <VirtualHost *:443>\n  ServerName seafile.example.com\n  DocumentRoot /var/www\n\n  SSLEngine On\n  SSLCertificateFile /etc/letsencrypt/live/seafile.example.com/fullchain.pem;    # Path to your fullchain.pem\n  SSLCertificateKeyFile /etc/letsencrypt/live/seafile.example.com/privkey.pem;  # Path to your privkey.pem\n\n  Alias /media  /opt/seafile/seafile-server-latest/seahub/media\n\n  <Location /media>\n    Require all granted\n  </Location>\n\n  RewriteEngine On\n\n  #\n  # seafile fileserver\n  #\n  ProxyPass /seafhttp http://127.0.0.1:8082\n  ProxyPassReverse /seafhttp http://127.0.0.1:8082\n  RewriteRule ^/seafhttp - [QSA,L]\n\n  #\n  # seahub\n  #\n  SetEnvIf Authorization \"(.*)\" HTTP_AUTHORIZATION=$1\n  ProxyPreserveHost On\n  ProxyPass / http://127.0.0.1:8000/\n  ProxyPassReverse / http://127.0.0.1:8000/\n</VirtualHost>\n

                Finally, make sure the virtual host file does not contain syntax errors and restart Apache for the configuration changes to take effect:

                sudo service apache2 restart\n
                "},{"location":"setup_binary/https_with_apache/#modifying-seahub_settingspy","title":"Modifying seahub_settings.py","text":"

                The SERVICE_URL in seahub_settings.py informs Seafile about the chosen domain, protocol and port. Change the SERVICE_URLso as to account for the switch from HTTP to HTTPS and to correspond to your host name (the http://must not be removed):

                SERVICE_URL = 'https://seafile.example.com'\n

                The FILE_SERVER_ROOT in seahub_settings.py informs Seafile about the location of and the protocol used by the file server. Change the FILE_SERVER_ROOTso as to account for the switch from HTTP to HTTPS and to correspond to your host name (the trailing /seafhttp must not be removed):

                FILE_SERVER_ROOT = 'https://seafile.example.com/seafhttp'\n

                Note: The SERVICE_URL and FILE_SERVER_ROOT can also be modified in Seahub via System Admininstration > Settings. If they are configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence.

                "},{"location":"setup_binary/https_with_apache/#modifying-seafileconf-optional","title":"Modifying seafile.conf (optional)","text":"

                To improve security, the file server should only be accessible via Apache.

                Add the following line in the [fileserver] block on seafile.conf in /opt/seafile/conf:

                host = 127.0.0.1  ## default port 0.0.0.0\n

                After his change, the file server only accepts requests from Apache.

                "},{"location":"setup_binary/https_with_apache/#starting-seafile-and-seahub","title":"Starting Seafile and Seahub","text":"

                Restart the seaf-server and Seahub for the config changes to take effect:

                $ su seafile\n$ cd /opt/seafile/seafile-server-latest\n$ ./seafile.sh restart\n$ ./seahub.sh restart\n
                "},{"location":"setup_binary/https_with_apache/#troubleshooting","title":"Troubleshooting","text":"

                If there are problems with paths or files containing spaces, make sure to have at least Apache 2.4.12.

                References

                • https://github.com/haiwen/seafile/issues/1258#issuecomment-188866740
                • https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1284641
                • https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1284641/comments/5
                • https://svn.apache.org/viewvc/httpd/httpd/tags/2.4.12/CHANGES?view=markup#l45
                "},{"location":"setup_binary/https_with_nginx/","title":"Enabling HTTPS with Nginx","text":"

                After completing the installation of Seafile Server Community Edition and Seafile Server Professional Edition, communication between the Seafile server and clients runs over (unencrypted) HTTP. While HTTP is ok for testing purposes, switching to HTTPS is imperative for production use.

                HTTPS requires a SSL certificate from a Certificate Authority (CA). Unless you already have a SSL certificate, we recommend that you get your SSL certificate from Let\u2019s Encrypt using Certbot. If you have a SSL certificate from another CA, skip the section \"Getting a Let's Encrypt certificate\".

                A second requirement is a reverse proxy supporting SSL. Nginx, a popular and resource-friendly web server and reverse proxy, is a good option. Nginx's documentation is available at http://nginx.org/en/docs/.

                If you prefer Apache, you find instructions for enabling HTTPS with Apache here.

                "},{"location":"setup_binary/https_with_nginx/#setup","title":"Setup","text":"

                The setup of Seafile using Nginx as a reverse proxy with HTTPS is demonstrated using the sample host name seafile.example.com.

                This manual assumes the following requirements:

                • Seafile Server Community Edition/Professional Edition was set up according to the instructions in this manual
                • A host name points at the IP address of the server and the server is available on port 80 and 443

                If your setup differs from thes requirements, adjust the following instructions accordingly.

                The setup proceeds in two steps: First, Nginx is installed. Second, a SSL certificate is integrated in the Nginx configuration.

                "},{"location":"setup_binary/https_with_nginx/#installing-nginx","title":"Installing Nginx","text":"

                Install Nginx using the package repositories:

                CentOSDebian 
                $ sudo yum install nginx -y\n
                $ sudo apt install nginx -y\n

                After the installation, start the server and enable it so that Nginx starts at system boot:

                $ sudo systemctl start nginx\n$ sudo systemctl enable nginx\n
                "},{"location":"setup_binary/https_with_nginx/#preparing-nginx","title":"Preparing Nginx","text":"

                The configuration of a proxy server in Nginx differs slightly between CentOS and Debian/Ubuntu. Additionally, the restrictive default settings of SELinux's configuration on CentOS require a modification.

                "},{"location":"setup_binary/https_with_nginx/#preparing-nginx-on-centos","title":"Preparing Nginx on CentOS","text":"

                Switch SELinux into permissive mode and perpetuate the setting:

                $ sudo setenforce permissive\n$ sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config\n

                Create a configuration file for seafile in /etc/nginx/conf.d:

                $ touch /etc/nginx/conf.d/seafile.conf\n
                "},{"location":"setup_binary/https_with_nginx/#preparing-nginx-on-debianubuntu","title":"Preparing Nginx on Debian/Ubuntu","text":"

                Create a configuration file for seafile in /etc/nginx/sites-available/:

                $ touch /etc/nginx/sites-available/seafile.conf\n

                Delete the default files in /etc/nginx/sites-enabled/ and /etc/nginx/sites-available: 

                $ rm /etc/nginx/sites-enabled/default\n$ rm /etc/nginx/sites-available/default\n

                Create a symbolic link: 

                $ ln -s /etc/nginx/sites-available/seafile.conf /etc/nginx/sites-enabled/seafile.conf\n
                "},{"location":"setup_binary/https_with_nginx/#configuring-nginx","title":"Configuring Nginx","text":"

                Copy the following sample Nginx config file into the just created seafile.conf and modify the content to fit your needs:

                log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" $upstream_response_time';\n\nserver {\n    listen 80;\n    server_name seafile.example.com;\n\n    proxy_set_header X-Forwarded-For $remote_addr;\n\n    location / {\n         proxy_pass         http://127.0.0.1:8000;\n         proxy_set_header   Host $http_host;\n         proxy_set_header   X-Real-IP $remote_addr;\n         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n         proxy_set_header   X-Forwarded-Host $server_name;\n         proxy_read_timeout  1200s;\n\n         # used for view/edit office file via Office Online Server\n         client_max_body_size 0;\n\n         access_log      /var/log/nginx/seahub.access.log seafileformat;\n         error_log       /var/log/nginx/seahub.error.log;\n    }\n\n    location /seafhttp {\n        rewrite ^/seafhttp(.*)$ $1 break;\n        proxy_pass http://127.0.0.1:8082;\n        client_max_body_size 0;\n        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n\n        proxy_connect_timeout  36000s;\n        proxy_read_timeout  36000s;\n        proxy_send_timeout  36000s;\n\n        send_timeout  36000s;\n\n        access_log      /var/log/nginx/seafhttp.access.log seafileformat;\n        error_log       /var/log/nginx/seafhttp.error.log;\n    }\n    location /media {\n        root /opt/seafile/seafile-server-latest/seahub;\n    }\n}\n

                The following options must be modified in the CONF file:

                • Server name (server_name)

                Optional customizable options in the seafile.conf are:

                • Server listening port (listen) - if Seafile server should be available on a non-standard port
                • Proxy pass for location / - if Seahub is configured to start on a different port than 8000
                • Proxy pass for location /seafhttp - if seaf-server is configured to start on a different port than 8082
                • Maximum allowed size of the client request body (client_max_body_size)

                The default value for client_max_body_size is 1M. Uploading larger files will result in an error message HTTP error code 413 (\"Request Entity Too Large\"). It is recommended to syncronize the value of client_max_body_size with the parameter max_upload_size in section [fileserver] of seafile.conf. Optionally, the value can also be set to 0 to disable this feature. Client uploads are only partly effected by this limit. With a limit of 100 MiB they can safely upload files of any size.

                Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect:

                $ nginx -t\n$ nginx -s reload\n
                "},{"location":"setup_binary/https_with_nginx/#getting-a-lets-encrypt-certificate","title":"Getting a Let's Encrypt certificate","text":"

                Getting a Let's Encrypt certificate is straightforward thanks to Certbot. Certbot is a free, open source software tool for requesting, receiving, and renewing Let's Encrypt certificates.

                First, go to the Certbot website and choose your webserver and OS.

                Second, follow the detailed instructions then shown.

                We recommend that you get just a certificate and that you modify the Nginx configuration yourself:

                $ sudo certbot certonly --nginx\n

                Follow the instructions on the screen.

                Upon successful verification, Certbot saves the certificate files in a directory named after the host name in /etc/letsencrypt/live. For the host name seafile.example.com, the files are stored in /etc/letsencrypt/live/seafile.example.com.

                "},{"location":"setup_binary/https_with_nginx/#modifying-nginx-configuration-file","title":"Modifying Nginx configuration file","text":"

                Add an server block for port 443 and a http-to-https redirect to the seafile.conf configuration file in /etc/nginx.

                This is a (shortened) sample configuration for the host name seafile.example.com:

                log_format seafileformat '$http_x_forwarded_for $remote_addr [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" $upstream_response_time';\n\nserver {\n    listen       80;\n    server_name  seafile.example.com;\n    rewrite ^ https://$http_host$request_uri? permanent;    # Forced redirect from HTTP to HTTPS\n\n    server_tokens off;      # Prevents the Nginx version from being displayed in the HTTP response header\n}\n\nserver {\n    listen 443 ssl;\n    ssl_certificate /etc/letsencrypt/live/seafile.example.com/fullchain.pem;    # Path to your fullchain.pem\n    ssl_certificate_key /etc/letsencrypt/live/seafile.example.com/privkey.pem;  # Path to your privkey.pem\n    server_name seafile.example.com;\n    server_tokens off;\n\n    location / {\n        proxy_pass         http://127.0.0.1:8000;\n        proxy_set_header   Host $http_host;\n        proxy_set_header   X-Real-IP $remote_addr;\n        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header   X-Forwarded-Host $server_name;\n        proxy_read_timeout 1200s;\n\n        proxy_set_header   X-Forwarded-Proto https;\n\n... # No changes beyond this point compared to the Nginx configuration without HTTPS\n

                Finally, make sure your seafile.conf does not contain syntax errors and restart Nginx for the configuration changes to take effect:

                nginx -t\nnginx -s reload\n
                "},{"location":"setup_binary/https_with_nginx/#large-file-uploads","title":"Large file uploads","text":"

                Tip for uploading very large files (> 4GB): By default Nginx will buffer large request body in temp file. After the body is completely received, Nginx will send the body to the upstream server (seaf-server in our case). But it seems when file size is very large, the buffering mechanism dosen't work well. It may stop proxying the body in the middle. So if you want to support file upload larger for 4GB, we suggest you install Nginx version >= 1.8.0 and add the following options to Nginx config file:

                    location /seafhttp {\n        ... ...\n        proxy_request_buffering off;\n    }\n

                If you have WebDAV enabled it is recommended to add the same:

                    location /seafdav {\n        ... ...\n        proxy_request_buffering off;\n    }\n
                "},{"location":"setup_binary/https_with_nginx/#modifying-seahub_settingspy","title":"Modifying seahub_settings.py","text":"

                The SERVICE_URL in seahub_settings.py informs Seafile about the chosen domain, protocol and port. Change the SERVICE_URLso as to account for the switch from HTTP to HTTPS and to correspond to your host name (the http:// must not be removed):

                SERVICE_URL = 'https://seafile.example.com'\n

                The FILE_SERVER_ROOT in seahub_settings.py informs Seafile about the location of and the protocol used by the file server. Change the FILE_SERVER_ROOT so as to account for the switch from HTTP to HTTPS and to correspond to your host name (the trailing /seafhttp must not be removed):

                FILE_SERVER_ROOT = 'https://seafile.example.com/seafhttp'\n

                Note: The SERVICE_URL and FILE_SERVER_ROOT can also be modified in Seahub via System Admininstration > Settings. If they are configured via System Admin and in seahub_settings.py, the value in System Admin will take precedence.

                "},{"location":"setup_binary/https_with_nginx/#modifying-seafileconf-optional","title":"Modifying seafile.conf (optional)","text":"

                To improve security, the file server should only be accessible via Nginx.

                Add the following line in the [fileserver] block on seafile.conf in /opt/seafile/conf:

                host = 127.0.0.1  ## default port 0.0.0.0\n

                After his change, the file server only accepts requests from Nginx.

                "},{"location":"setup_binary/https_with_nginx/#starting-seafile-and-seahub","title":"Starting Seafile and Seahub","text":"

                Restart the seaf-server and Seahub for the config changes to take effect:

                $ su seafile\n$ cd /opt/seafile/seafile-server-latest\n$ ./seafile.sh restart\n$ ./seahub.sh restart # or \"./seahub.sh start-fastcgi\" if you're using fastcgi\n
                "},{"location":"setup_binary/https_with_nginx/#additional-modern-settings-for-nginx-optional","title":"Additional modern settings for Nginx (optional)","text":""},{"location":"setup_binary/https_with_nginx/#activating-ipv6","title":"Activating IPv6","text":"

                Require IPv6 on server otherwise the server will not start! Also the AAAA dns record is required for IPv6 usage.

                listen 443;\nlisten [::]:443;\n
                "},{"location":"setup_binary/https_with_nginx/#activating-http2","title":"Activating HTTP2","text":"

                Activate HTTP2 for more performance. Only available for SSL and nginx version>=1.9.5. Simply add http2. 

                listen 443 http2;\nlisten [::]:443 http2;\n

                "},{"location":"setup_binary/https_with_nginx/#advanced-tls-configuration-for-nginx-optional","title":"Advanced TLS configuration for Nginx (optional)","text":"

                The TLS configuration in the sample Nginx configuration file above receives a B overall rating on SSL Labs. By modifying the TLS configuration in seafile.conf, this rating can be significantly improved.

                The following sample Nginx configuration file for the host name seafile.example.com contains additional security-related directives. (Note that this sample file uses a generic path for the SSL certificate files.) Some of the directives require further steps as explained below.

                    server {\n        listen       80;\n        server_name  seafile.example.com;\n        rewrite ^ https://$http_host$request_uri? permanent;    # Forced redirect from HTTP to HTTPS\n        server_tokens off;\n    }\n    server {\n        listen 443 ssl;\n        ssl_certificate /etc/ssl/cacert.pem;        # Path to your cacert.pem\n        ssl_certificate_key /etc/ssl/privkey.pem;   # Path to your privkey.pem\n        server_name seafile.example.com;\n        server_tokens off;\n\n        # HSTS for protection against man-in-the-middle-attacks\n        add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\";\n\n        # DH parameters for Diffie-Hellman key exchange\n        ssl_dhparam /etc/nginx/dhparam.pem;\n\n        # Supported protocols and ciphers for general purpose server with good security and compatability with most clients\n        ssl_protocols TLSv1.2 TLSv1.3;\n        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;\n        ssl_prefer_server_ciphers off;\n\n        # Supported protocols and ciphers for server when clients > 5years (i.e., Windows Explorer) must be supported\n        #ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;\n        #ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;\n        #ssl_prefer_server_ciphers on;\n\n        ssl_session_timeout 5m;\n        ssl_session_cache shared:SSL:5m;\n\n        location / {\n            proxy_pass         http://127.0.0.1:8000;\n            proxy_set_header   Host $http_host;\n            proxy_set_header   X-Real-IP $remote_addr;\n            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n            proxy_set_header   X-Forwarded-Host $server_name;\n            proxy_set_header   X-Forwarded-Proto https;\n\n            access_log      /var/log/nginx/seahub.access.log;\n            error_log       /var/log/nginx/seahub.error.log;\n\n            proxy_read_timeout  1200s;\n\n            client_max_body_size 0;\n        }\n\n        location /seafhttp {\n            rewrite ^/seafhttp(.*)$ $1 break;\n            proxy_pass http://127.0.0.1:8082;\n            client_max_body_size 0;\n            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n            proxy_connect_timeout  36000s;\n            proxy_read_timeout  36000s;\n            proxy_send_timeout  36000s;\n            send_timeout  36000s;\n        }\n\n        location /media {\n            root /home/user/haiwen/seafile-server-latest/seahub;\n        }\n    }\n
                "},{"location":"setup_binary/https_with_nginx/#enabling-http-strict-transport-security","title":"Enabling HTTP Strict Transport Security","text":"

                Enable HTTP Strict Transport Security (HSTS) to prevent man-in-the-middle-attacks by adding this directive:

                add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains\" always;\n

                HSTS instructs web browsers to automatically use HTTPS. That means, after the first visit of the HTTPS version of Seahub, the browser will only use https to access the site.

                "},{"location":"setup_binary/https_with_nginx/#using-perfect-forward-secrecy","title":"Using Perfect Forward Secrecy","text":"

                Enable Diffie-Hellman (DH) key-exchange. Generate DH parameters and write them in a .pem file using the following command:

                $ openssl dhparam 2048 > /etc/nginx/dhparam.pem  # Generates DH parameter of length 2048 bits\n

                The generation of the the DH parameters may take some time depending on the server's processing power.

                Add the following directive in the HTTPS server block:

                ssl_dhparam /etc/nginx/dhparam.pem;\n
                "},{"location":"setup_binary/https_with_nginx/#restricting-tls-protocols-and-ciphers","title":"Restricting TLS protocols and ciphers","text":"

                Disallow the use of old TLS protocols and cipher. Mozilla provides a configuration generator for optimizing the conflicting objectives of security and compabitility. Visit https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx for more Information.

                "},{"location":"setup_binary/installation_ce/","title":"Installation of Seafile Server Community Edition with MySQL/MariaDB","text":"

                This manual explains how to deploy and run Seafile Server Community Edition (Seafile CE) on a Linux server from a pre-built package using MySQL/MariaDB as database. The deployment has been tested for Debian/Ubuntu.

                "},{"location":"setup_binary/installation_ce/#requirements","title":"Requirements","text":"

                Seafile CE for x86 architecture requires a minimum of 2 cores and 2GB RAM.

                "},{"location":"setup_binary/installation_ce/#setup","title":"Setup","text":""},{"location":"setup_binary/installation_ce/#installing-and-preparing-the-sql-database","title":"Installing and preparing the SQL database","text":"

                Seafile supports MySQL and MariaDB. We recommend that you use the preferred SQL database management engine included in the package repositories of your distribution.

                You can find step-by-step how-tos for installing MySQL and MariaDB in the tutorials on the Digital Ocean website.

                Seafile uses the mysql_native_password plugin for authentication. The versions of MySQL and MariaDB installed on CentOS 8, Debian 10, and Ubuntu 20.04 use a different authentication plugin by default. It is therefore required to change to authentication plugin to mysql_native_password for the root user prior to the installation of Seafile. The above mentioned tutorials explain how to do it.

                "},{"location":"setup_binary/installation_ce/#installing-prerequisites","title":"Installing prerequisites","text":"Seafile 10.0.xSeafile 11.0.x Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10 
                sudo apt-get update\nsudo apt-get install -y python3 python3-setuptools python3-pip libmysqlclient-dev\nsudo apt-get install -y memcached libmemcached-dev\n\nsudo pip3 install --timeout=3600 django==3.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==1.4.44 \\\n    psd-tools django-pylibmc django_simple_captcha==0.5.20 djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml\n
                Debian 11/Ubuntu 22.04Debian 12Ubuntu 24.04 with virtual env 
                # Ubuntu 22.04 (almost the same for Ubuntu 20.04 and Debian 11, Debian 10)\nsudo apt-get update\nsudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev\nsudo apt-get install -y memcached libmemcached-dev\n\nsudo pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \\\n    psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3\n

                Note

                Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with source python-venv/bin/activate.

                # Debian 12\nsudo apt-get update\nsudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv\nsudo apt-get install -y memcached libmemcached-dev\n\nmkdir /opt/seafile\ncd /opt/seafile\n\n# create the vitual environment in the python-venv directory\npython3 -m venv python-venv\n\n# activate the venv\nsource python-venv/bin/activate\n# Notice that this will usually change your prompt so you know the venv is active\n\n# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).\npip3 install --timeout=3600  django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3\n

                Note

                Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with source python-venv/bin/activate.

                # Ubuntu 24.04\nsudo apt-get update\nsudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev python3.12-venv\nsudo apt-get install -y memcached libmemcached-dev\n\nmkdir /opt/seafile\ncd /opt/seafile\n\n# create the vitual environment in the python-venv directory\npython3 -m venv python-venv\n\n# activate the venv\nsource python-venv/bin/activate\n# Notice that this will usually change your prompt so you know the venv is active\n\n# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).\npip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \\\n    psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.16.0 lxml python-ldap==3.4.3\n
                "},{"location":"setup_binary/installation_ce/#creating-the-program-directory","title":"Creating the program directory","text":"

                The standard directory for Seafile's program files is /opt/seafile. Create this directory and change into it:

                sudo mkdir /opt/seafile\ncd /opt/seafile\n

                Tip

                The program directory can be changed. The standard directory /opt/seafile is assumed for the rest of this manual. If you decide to put Seafile in another directory, modify the commands accordingly.

                "},{"location":"setup_binary/installation_ce/#creating-user-seafile","title":"Creating user seafile","text":"

                It is good practice not to run applications as root.

                Create a new user and follow the instructions on the screen:

                sudo adduser seafile\n

                Change ownership of the created directory to the new user:

                sudo chown -R seafile: /opt/seafile\n

                All the following steps are done as user seafile.

                Change to user seafile:

                su seafile\n
                "},{"location":"setup_binary/installation_ce/#downloading-the-install-package","title":"Downloading the install package","text":"

                Download the install package from the download page on Seafile's website using wget.

                We use Seafile CE version 8.0.4 as an example in the rest of this manual.

                "},{"location":"setup_binary/installation_ce/#uncompressing-the-package","title":"Uncompressing the package","text":"

                The install package is downloaded as a compressed tarball which needs to be uncompressed.

                Uncompress the package using tar:

                tar xf seafile-server_8.0.4_x86-64.tar.gz\n

                Now you have:

                $ tree -L 2\n.\n\u251c\u2500\u2500 seafile-server-8.0.4\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 check_init_admin.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 reset-admin.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 runtime\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fsck.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fuse.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-gc.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 upgrade\n\u2514\u2500\u2500 seafile-server_8.0.4_x86-64.tar.gz\n
                "},{"location":"setup_binary/installation_ce/#setting-up-seafile-ce","title":"Setting up Seafile CE","text":"

                The install package comes with a script that sets Seafile up for you. Specifically, the script creates the required directories and extracts all files in the right place. It can also create a MySQL user and the three databases that Seafile's components require:

                • ccnet server
                • seafile server
                • seahub

                While ccnet server was merged into the seafile-server in Seafile 8.0, the corresponding database is still required for the time being

                Run the script as user seafile:

                # For installations using python virtual environment, activate it if it isn't already active\nsource python-venv/bin/activate\n\ncd seafile-server-8.0.4\n./setup-seafile-mysql.sh\n

                Configure your Seafile Server by specifying the following three parameters:

                Option Description Note server name Name of the Seafile Server 3-15 characters, only English letters, digits and underscore ('_') are allowed server's ip or domain IP address or domain name used by the Seafile Server Seafile client program will access the server using this address fileserver port TCP port used by the Seafile fileserver Default port is 8082, it is recommended to use this port and to only change it if is used by other service

                In the next step, choose whether to create new databases for Seafile or to use existing databases. The creation of new databases requires the root password for the SQL server.

                When choosing \"[1] Create new ccnet/seafile/seahub databases\", the script creates these databases and a MySQL user that Seafile Server will use to access them. To this effect, you need to answer these questions:

                Question Description Note mysql server host Host address of the MySQL server Default is localhost mysql server port TCP port used by the MySQL server Default port is 3306; almost every MySQL server uses this port mysql root password Password of the MySQL root account The root password is required to create new databases and a MySQL user mysql user for Seafile MySQL user created by the script, used by Seafile's components to access the databases Default is seafile; the user is created unless it exists mysql password for Seafile user Password for the user above, written in Seafile's config files Percent sign ('%') is not allowed database name Name of the database used by ccnet Default is \"ccnet_db\", the database is created if it does not exist seafile database name Name of the database used by Seafile Default is \"seafile_db\", the database is created if it does not exist seahub database name Name of the database used by seahub Default is \"seahub_db\", the database is created if it does not exist

                When choosing \"[2] Use existing ccnet/seafile/seahub databases\", this are the prompts you need to answer:

                Question Description Note mysql server host Host address of the MySQL server Default is localhost mysql server port TCP port used by MySQL server Default port is 3306; almost every MySQL server uses this port mysql user for Seafile User used by Seafile's components to access the databases The user must exists mysql password for Seafile user Password for the user above ccnet database name Name of the database used by ccnet, default is \"ccnet_db\" The database must exist seafile database name Name of the database used by Seafile, default is \"seafile_db\" The database must exist seahub dabase name Name of the database used by Seahub, default is \"seahub_db\" The database must exist

                If the setup is successful, you see the following output:

                The directory layout then looks as follows:

                $ tree /opt/seafile -L 2\nseafile\n\u251c\u2500\u2500 ccnet\n\u251c\u2500\u2500 conf\n\u2502   \u2514\u2500\u2500 ccnet.conf\n\u2502   \u2514\u2500\u2500 gunicorn.conf.py\n\u2502   \u2514\u2500\u2500 seafdav.conf\n\u2502   \u2514\u2500\u2500 seafile.conf\n\u2502   \u2514\u2500\u2500 seahub_settings.py\n\u251c\u2500\u2500 seafile-data\n\u2502   \u2514\u2500\u2500 library-template\n\u251c\u2500\u2500 seafile-server-8.0.4\n\u2502   \u2514\u2500\u2500 check_init_admin.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 reset-admin.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 runtime\n\u2502   \u2514\u2500\u2500 seaf-fsck.sh\n\u2502   \u2514\u2500\u2500 seaf-gc.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub.sh\n\u2502   \u2514\u2500\u2500 setup-seafile-mysql.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.sh\n\u2502   \u2514\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 upgrade\n\u251c\u2500\u2500 seafile-server-latest -> seafile-server-8.0.6\n\u251c\u2500\u2500 seahub-data\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 avatars\n

                The folder seafile-server-latest is a symbolic link to the current Seafile Server folder. When later you upgrade to a new version, the upgrade scripts update this link to point to the latest Seafile Server folder.

                Note

                If you don't have the root password, you need someone who has the privileges, e.g., the database admin, to create the three databases required by Seafile, as well as a MySQL user who can access the databases. For example, to create three databases ccnet_db / seafile_db / seahub_db for ccnet/seafile/seahub respectively, and a MySQL user \"seafile\" to access these databases run the following SQL queries:

                create database `ccnet_db` character set = 'utf8';\ncreate database `seafile_db` character set = 'utf8';\ncreate database `seahub_db` character set = 'utf8';\n\ncreate user 'seafile'@'localhost' identified by 'seafile';\n\nGRANT ALL PRIVILEGES ON `ccnet_db`.* to `seafile`@localhost;\nGRANT ALL PRIVILEGES ON `seafile_db`.* to `seafile`@localhost;\nGRANT ALL PRIVILEGES ON `seahub_db`.* to `seafile`@localhost;\n
                "},{"location":"setup_binary/installation_ce/#setup-memory-cache","title":"Setup Memory Cache","text":"

                Seahub caches items(avatars, profiles, etc) on file system by default(/tmp/seahub_cache/). You can replace with Memcached or Redis.

                MemcachedRedis

                Use the following commands to install memcached and corresponding libraies on your system:

                # on Debian/Ubuntu 18.04+\napt-get install memcached libmemcached-dev -y\npip3 install --timeout=3600 pylibmc django-pylibmc\n\nsystemctl enable --now memcached\n

                Add the following configuration to seahub_settings.py.

                CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '127.0.0.1:11211',\n    },\n}\n

                Redis is supported since version 11.0

                1. Install Redis with package installers in your OS.

                2. refer to Django's documentation about using Redis cache to add Redis configurations to seahub_settings.py.

                "},{"location":"setup_binary/installation_ce/#tweaking-conf-files","title":"Tweaking conf files","text":"

                Seafile's config files as created by the setup script are prepared for Seafile running behind a reverse proxy.

                To access Seafile's web interface and to create working sharing links without a reverse proxy, you need to modify two configuration files in /opt/seafile/conf:

                • seahub_settings.py (if you use 9.0.x): Add port 8000 to the SERVICE_URL (i.e., SERVICE_URL = 'http://1.2.3.4:8000/').
                • ccnet.conf (if you use 8.0.x or 7.1.x): Add port 8000 to the SERVICE_URL (i.e., SERVICE_URL = http://1.2.3.4:8000/).
                • gunicorn.conf.py: Change the bind to \"0.0.0.0:8000\" (i.e., bind = \"0.0.0.0:8000\")
                "},{"location":"setup_binary/installation_ce/#starting-seafile-server","title":"Starting Seafile Server","text":"

                Run the following commands in /opt/seafile/seafile-server-latest:

                # For installations using python virtual environment, activate it if it isn't already active\nsource python-venv/bin/activate\n\n./seafile.sh start # starts seaf-server\n./seahub.sh start  # starts seahub\n

                Success

                The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password.

                Now you can access Seafile via the web interface at the host address and port 8000 (e.g., http://1.2.3.4:8000)

                Warning

                On CentOS, the firewall blocks traffic on port 8000 by default.

                "},{"location":"setup_binary/installation_ce/#troubleshooting","title":"Troubleshooting","text":"

                If seafile.sh and/or seahub.sh fail to run successfully, use pgrep to check if seafile/seahub processes are still running:

                pgrep -f seafile-controller # checks seafile processes\npgrep -f \"seahub\" # checks seahub process\n

                Use pkill to kill the processes:

                pkill -f seafile-controller\npkill -f \"seahub\"\n
                "},{"location":"setup_binary/installation_ce/#stopping-and-restarting-seafile-and-seahub","title":"Stopping and Restarting Seafile and Seahub","text":""},{"location":"setup_binary/installation_ce/#stopping","title":"Stopping","text":"
                ./seahub.sh stop    # stops seahub\n./seafile.sh stop   # stops seaf-server\n
                "},{"location":"setup_binary/installation_ce/#restarting","title":"Restarting","text":"
                # For installations using python virtual environment, activate it if it isn't already active\nsource python-venv/bin/activate\n\n./seafile.sh restart\n./seahub.sh restart\n
                "},{"location":"setup_binary/installation_ce/#enabling-https","title":"Enabling HTTPS","text":"

                It is strongly recommended to switch from unencrypted HTTP (via port 8000) to encrypted HTTPS (via port 443).

                This manual provides instructions for enabling HTTPS for the two most popular web servers and reverse proxies:

                • Nginx
                • Apache
                "},{"location":"setup_binary/installation_pro/","title":"Installation of Seafile Server Professional Edition","text":"

                This manual explains how to deploy and run Seafile Server Professional Edition (Seafile PE) on a Linux server from a pre-built package using MySQL/MariaDB as database. The deployment has been tested for Debian/Ubuntu.

                "},{"location":"setup_binary/installation_pro/#requirements","title":"Requirements","text":"

                Seafile PE requires a minimum of 2 cores and 2GB RAM. If elasticsearch is installed on the same server, the minimum requirements are 4 cores and 4 GB RAM.

                Seafile PE can be used without a paid license with up to three users. Licenses for more user can be purchased in the Seafile Customer Center or contact Seafile Sales at sales@seafile.com or one of our partners.

                "},{"location":"setup_binary/installation_pro/#setup","title":"Setup","text":""},{"location":"setup_binary/installation_pro/#installing-and-preparing-the-sql-database","title":"Installing and preparing the SQL database","text":"

                These instructions assume that MySQL/MariaDB server and client are installed and a MySQL/MariaDB root user can authenticate using the mysql_native_password plugin.

                "},{"location":"setup_binary/installation_pro/#installing-prerequisites","title":"Installing prerequisites","text":"Seafile 9.0.xSeafile 10.0.xSeafile 11.0.x Ubuntu 20.04/Debian 10/Ubuntu 18.04Centos 8 
                apt-get update\napt-get install -y python3 python3-setuptools python3-pip python3-ldap libmysqlclient-dev\napt-get install -y memcached libmemcached-dev\napt-get install -y poppler-utils\n\npip3 install --timeout=3600 django==3.2.* future mysqlclient pymysql Pillow pylibmc \\ \ncaptcha jinja2 sqlalchemy==1.4.3 psd-tools django-pylibmc django-simple-captcha pycryptodome==3.12.0 cffi==1.14.0 lxml\n
                sudo yum install python3 python3-setuptools python3-pip python3-devel mysql-devel gcc -y\nsudo yum install poppler-utils -y\n\nsudo pip3 install --timeout=3600 django==3.2.* Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.4.3 \\\n    django-pylibmc django-simple-captcha python3-ldap mysqlclient pycryptodome==3.12.0 cffi==1.14.0 lxml\n
                Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10 
                apt-get update\napt-get install -y python3 python3-setuptools python3-pip python3-ldap libmysqlclient-dev\napt-get install -y memcached libmemcached-dev\napt-get install -y poppler-utils\n\nsudo pip3 install --timeout=3600 django==3.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==1.4.44 \\\n    psd-tools django-pylibmc django_simple_captcha==0.5.20 djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml\n
                Ubuntu 22.04/Ubuntu 20.04/Debian 11/Debian 10Debian 12Ubuntu 24.04 with virtual env 
                # on  (on , it is almost the same)\napt-get update\napt-get install -y python3 python3-dev python3-setuptools python3-pip python3-ldap libmysqlclient-dev ldap-utils libldap2-dev dnsutils\napt-get install -y memcached libmemcached-dev\napt-get install -y poppler-utils\n\nsudo pip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \\\n    psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 python-ldap==3.4.3 lxml\n

                Note

                Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with source python-venv/bin/activate.

                sudo apt-get update\nsudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmariadb-dev-compat ldap-utils libldap2-dev libsasl2-dev python3.11-venv\nsudo apt-get install -y memcached libmemcached-dev\n\nmkdir /opt/seafile\ncd /opt/seafile\n\n# create the vitual environment in the python-venv directory\npython3 -m venv python-venv\n\n# activate the venv\nsource python-venv/bin/activate\n# Notice that this will usually change your prompt so you know the venv is active\n\n# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).\npip3 install --timeout=3600  django==4.2.* future==0.18.* mysqlclient==2.1.* pymysql pillow==10.0.* pylibmc captcha==0.4 markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 psd-tools django-pylibmc django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 lxml python-ldap==3.4.3\n

                Note

                Debian 12 and Ubuntu 24.04 are now discouraging system-wide installation of python modules with pip. It is preferred now to install modules into a virtual environment which keeps them separate from the files installed by the system package manager, and enables different versions to be installed for different applications. With these python virtual environments (venv for short) to work, you have to activate the venv to make the packages installed in it available to the programs you run. That is done here with source python-venv/bin/activate.

                # Ubuntu 24.04\nsudo apt-get update\nsudo apt-get install -y python3 python3-dev python3-setuptools python3-pip libmysqlclient-dev ldap-utils libldap2-dev python3.12-venv\nsudo apt-get install -y memcached libmemcached-dev\n\nmkdir /opt/seafile\ncd /opt/seafile\n\n# create the vitual environment in the python-venv directory\npython3 -m venv python-venv\n\n# activate the venv\nsource python-venv/bin/activate\n# Notice that this will usually change your prompt so you know the venv is active\n\n# install packages into the active venv with pip (sudo isn't needed because this is installing in the venv, not system-wide).\npip3 install --timeout=3600 django==4.2.* future==0.18.* mysqlclient==2.1.* \\\n    pymysql pillow==10.2.* pylibmc captcha==0.5.* markupsafe==2.0.1 jinja2 sqlalchemy==2.0.18 \\\n    psd-tools django-pylibmc django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.16.0 lxml python-ldap==3.4.3\n
                "},{"location":"setup_binary/installation_pro/#installing-java-runtime-environment","title":"Installing Java Runtime Environment","text":"

                Java Runtime Environment (JRE) is no longer needed in Seafile version 12.0.

                "},{"location":"setup_binary/installation_pro/#creating-the-programm-directory","title":"Creating the programm directory","text":"

                The standard directory for Seafile's program files is /opt/seafile. Create this directory and change into it:

                mkdir /opt/seafile\ncd /opt/seafile\n

                The program directory can be changed. The standard directory /opt/seafile is assumed for the rest of this manual. If you decide to put Seafile in another directory, some commands need to be modified accordingly.

                "},{"location":"setup_binary/installation_pro/#creating-user-seafile","title":"Creating user seafile","text":"

                Elasticsearch, the indexing server, cannot be run as root. More generally, it is good practice not to run applications as root.

                Create a new user and follow the instructions on the screen:

                adduser seafile\n

                Change ownership of the created directory to the new user:

                chown -R seafile: /opt/seafile\n

                All the following steps are done as user seafile.

                Change to user seafile:

                su seafile\n
                "},{"location":"setup_binary/installation_pro/#placing-the-seafile-pe-license","title":"Placing the Seafile PE license","text":"

                Save the license file in Seafile's programm directory /opt/seafile. Make sure that the name is seafile-license.txt. (If the file has a different name or cannot be read, Seafile PE will not start.)

                "},{"location":"setup_binary/installation_pro/#downloading-the-install-package","title":"Downloading the install package","text":"

                The install packages for Seafile PE are available for download in the the Seafile Customer Center. To access the Customer Center, a user account is necessary. The registration is free.

                Beginning with Seafile PE 7.0.17, the Seafile Customer Center provides two install packages for every version (using Seafile PE 8.0.4 as an example):

                • seafile-pro-server_8.0.4_x86-64_Ubuntu.tar.gz, compiled in Ubuntu environment

                The former is suitable for installation on Ubuntu/Debian servers, the latter for CentOS servers.

                Download the install package using wget (replace the x.x.x with the version you wish to download):

                # Debian/Ubuntu\nwget -O 'seafile-pro-server_x.x.x_x86-64_Ubuntu.tar.gz' 'VERSION_SPECIFIC_LINK_FROM_SEAFILE_CUSTOMER_CENTER'\n

                We use Seafile version 8.0.4 as an example in the remainder of these instructions.

                "},{"location":"setup_binary/installation_pro/#uncompressing-the-package","title":"Uncompressing the package","text":"

                The install package is downloaded as a compressed tarball which needs to be uncompressed.

                Uncompress the package using tar:

                # Debian/Ubuntu\ntar xf seafile-pro-server_8.0.4_x86-64_Ubuntu.tar.gz\n

                Now you have:

                $ tree -L 2 /opt/seafile\n.\n\u251c\u2500\u2500 seafile-license.txt\n\u2514\u2500\u2500 seafile-pro-server-8.0.4\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 check-db-type.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 check_init_admin.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 create-db\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 index_op.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate-repo.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate-repo.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 pro\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 remove-objs.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 remove-objs.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 reset-admin.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 run_index_master.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 run_index_worker.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 runtime\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-backup-cmd.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-backup-cmd.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-encrypt.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fsck.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fuse.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-gc.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-gen-key.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile-background-tasks.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-import.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub-extra\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 upgrade\n\u2514\u2500\u2500 seafile-pro-server_8.0.4_x86-64.tar.gz\n

                Tip

                The names of the install packages differ for Seafile CE and Seafile PE. Using Seafile CE and Seafile PE 8.0.4 as an example, the names are as follows:

                • Seafile CE: seafile-server_8.0.4_x86-86.tar.gz; uncompressing into folder seafile-server-8.0.4
                • Seafile PE: seafile-pro-server_8.0.4_x86-86.tar.gz; uncompressing into folder seafile-pro-server-8.0.4
                "},{"location":"setup_binary/installation_pro/#run-the-setup-script","title":"Run the setup script","text":"

                The setup process of Seafile PE is the same as the Seafile CE. See Installation of Seafile Server Community Edition with MySQL/MariaDB.

                After the successful completition of the setup script, the directory layout of Seafile PE looks as follows (some folders only get created after the first start, e.g. logs):

                For Seafile 7.1.x and later

                $ tree -L 2 /opt/seafile\n.\n\u251c\u2500\u2500 seafile-license.txt             # license file\n\u251c\u2500\u2500 ccnet               \n\u251c\u2500\u2500 conf                            # configuration files\n\u2502   \u2514\u2500\u2500 ccnet.conf\n\u2502   \u2514\u2500\u2500 gunicorn.conf.py\n\u2502   \u2514\u2500\u2500 __pycache__\n\u2502   \u2514\u2500\u2500 seafdav.conf\n\u2502   \u2514\u2500\u2500 seafevents.conf\n\u2502   \u2514\u2500\u2500 seafile.conf\n\u2502   \u2514\u2500\u2500 seahub_settings.py\n\u251c\u2500\u2500 logs                            # log files\n\u251c\u2500\u2500 pids                            # process id files\n\u251c\u2500\u2500 pro-data                        # data specific for Seafile PE\n\u251c\u2500\u2500 seafile-data                    # object database\n\u251c\u2500\u2500 seafile-pro-server-8.0.4\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 check-db-type.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 check_init_admin.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 create-db\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 index_op.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate-repo.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate-repo.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 migrate.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 pro\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 reset-admin.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 run_index_master.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 run_index_worker.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 runtime\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-backup-cmd.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-backup-cmd.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-encrypt.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fsck.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-fuse.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-gc.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-gen-key.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile-background-tasks.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seaf-import.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub-extra\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 seahub.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.py\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile-mysql.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 setup-seafile.sh\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 upgrade\n\u251c\u2500\u2500 seafile-server-latest -> seafile-pro-server-8.0.4\n\u251c\u2500\u2500 seahub-data\n    \u2514\u2500\u2500 avatars                        # user avatars\n
                "},{"location":"setup_binary/installation_pro/#setup-memory-cache","title":"Setup Memory Cache","text":"

                Memory cache is mandatory for pro edition. You may use Memcached or Reids as cache server.

                MemcachedRedis

                Use the following commands to install memcached and corresponding libraies on your system:

                # on Debian/Ubuntu 18.04+\napt-get install memcached libmemcached-dev -y\npip3 install --timeout=3600 pylibmc django-pylibmc\n\nsystemctl enable --now memcached\n

                Add the following configuration to seahub_settings.py.

                CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '127.0.0.1:11211',\n    },\n}\n

                Redis is supported since version 11.0

                1. Install Redis with package installers in your OS.

                2. refer to Django's documentation about using Redis cache to add Redis configurations to seahub_settings.py.

                "},{"location":"setup_binary/installation_pro/#enabling-httphttps","title":"Enabling HTTP/HTTPS","text":"

                You need at least setup HTTP to make Seafile's web interface work. This manual provides instructions for enabling HTTP/HTTPS for the two most popular web servers and reverse proxies:

                • Nginx
                • Apache
                "},{"location":"setup_binary/installation_pro/#starting-seafile-server","title":"Starting Seafile Server","text":"

                Run the following commands in /opt/seafile/seafile-server-latest:

                # For installations using python virtual environment, activate it if it isn't already active\nsource python-venv/bin/activate\n\n./seafile.sh start # Start Seafile service\n./seahub.sh start  # Start seahub website, port defaults to 127.0.0.1:8000\n

                Success

                The first time you start Seahub, the script prompts you to create an admin account for your Seafile Server. Enter the email address of the admin user followed by the password.

                Now you can access Seafile via the web interface at the host address (e.g., http://1.2.3.4:80).

                "},{"location":"setup_binary/installation_pro/#enabling-full-text-search","title":"Enabling full text search","text":"

                Seafile uses the indexing server ElasticSearch to enable full text search.

                "},{"location":"setup_binary/installation_pro/#deploying-elasticsearch","title":"Deploying ElasticSearch","text":"

                Our recommendation for deploying ElasticSearch is using Docker. Detailed information about installing Docker on various Linux distributions is available at Docker Docs.

                Seafile PE 9.0 only supports ElasticSearch 7.x. Seafile PE 10.0, 11.0, 12.0 only supports ElasticSearch 8.x.

                We use ElasticSearch version 7.16.2 as an example in this section. Version 7.16.2 and newer version have been successfully tested with Seafile.

                Pull the Docker image: 

                sudo docker pull elasticsearch:7.16.2\n

                Create a folder for persistent data created by ElasticSearch and change its permission: 

                sudo mkdir -p /opt/seafile-elasticsearch/data  && chmod -R 777 /opt/seafile-elasticsearch/data/\n

                Now start the ElasticSearch container using the docker run command: 

                sudo docker run -d \\\n--name es \\\n-p 9200:9200 \\\n-e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" \\\n-e \"ES_JAVA_OPTS=-Xms2g -Xmx2g\" -e \"xpack.security.enabled=false\" \\\n--restart=always \\\n-v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data \\\n-d elasticsearch:7.16.2\n

                "},{"location":"setup_binary/installation_pro/#modifying-seafevents","title":"Modifying seafevents","text":"

                Add the following configuration to seafevents.conf:

                [INDEX FILES]\nes_host = your elasticsearch server's IP    # IP address of ElasticSearch host\n                                            # use 127.0.0.1 if deployed on the same server\nes_port = 9200                              # port of ElasticSearch host\ninterval = 10m                              # frequency of index updates in minutes\nhighlight = fvh                             # parameter for improving the search performance\n

                Finally, restart Seafile:

                ./seafile.sh restart  && ./seahub.sh restart \n
                "},{"location":"setup_binary/memcached_mariadb_cluster/","title":"Setup Memcached Cluster and MariaDB Galera Cluster","text":"

                For high availability, it is recommended to set up a memcached cluster and MariaDB Galera cluster for Seafile cluster. This documentation will provide information on how to do this with 3 servers. You can either use 3 dedicated servers or use the 3 Seafile server nodes.

                "},{"location":"setup_binary/memcached_mariadb_cluster/#setup-memcached-cluster","title":"Setup Memcached Cluster","text":"

                Seafile servers share session information within memcached. So when you set up a Seafile cluster, there needs to be a memcached server (cluster) running.

                The simplest way is to use a single-node memcached server. But when this server fails, some functions in the web UI of Seafile cannot work. So for HA, it's usually desirable to have more than one memcached servers.

                We recommend to setup two independent memcached servers, in active/standby mode. A floating IP address (or Virtual IP address in some context) is assigned to the current active node. When the active node goes down, Keepalived will migrate the virtual IP to the standby node. So you actually use a single node memcahced, but use Keepalived (or other alternatives) to provide high availability.

                After installing memcahced on each server, you need to make some modification to the memcached config file.

                # Under Ubuntu\nvi /etc/memcached.conf\n\n# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default\n# Note that the daemon will grow to this size, but does not start out holding this much\n# memory\n# -m 64\n-m 256\n\n# Specify which IP address to listen on. The default is to listen on all IP addresses\n# This parameter is one of the only security measures that memcached has, so make sure\n# it's listening on a firewalled interface.\n-l 0.0.0.0\n\nservice memcached restart\n

                Please configure memcached to start on system startup

                Install and configure Keepalived.

                # For Ubuntu\nsudo apt-get install keepalived -y\n

                Modify keepalived config file /etc/keepalived/keepalived.conf.

                On active node 

                cat /etc/keepalived/keepalived.conf\n\n! Configuration File for keepalived\n\nglobal_defs {\n    notification_email {\n        root@localhost\n    }\n    notification_email_from keepalived@localhost\n    smtp_server 127.0.0.1\n    smtp_connect_timeout 30\n    router_id node1\n    vrrp_mcast_group4 224.0.100.19\n}\nvrrp_script chk_memcached {\n    script \"killall -0 memcached && exit 0 || exit 1\"\n    interval 1\n    weight -5\n}\n\nvrrp_instance VI_1 {\n    state MASTER\n    interface ens33\n    virtual_router_id 51\n    priority 100\n    advert_int 1\n    authentication {\n        auth_type PASS\n        auth_pass hello123\n    }\n    virtual_ipaddress {\n        192.168.1.113/24 dev ens33\n    }\n    track_script {\n    chk_memcached\n    }\n}\n

                On standby node

                cat /etc/keepalived/keepalived.conf\n\n! Configuration File for keepalived\n\nglobal_defs {\n    notification_email {\n        root@localhost\n    }\n    notification_email_from keepalived@localhost\n    smtp_server 127.0.0.1\n    smtp_connect_timeout 30\n    router_id node2\n    vrrp_mcast_group4 224.0.100.19\n}\nvrrp_script chk_memcached {\n    script \"killall -0 memcached && exit 0 || exit 1\"\n    interval 1\n    weight -5\n}\n\nvrrp_instance VI_1 {\n    state BACKUP\n    interface ens33\n    virtual_router_id 51\n    priority 98\n    advert_int 1\n    authentication {\n        auth_type PASS\n        auth_pass hello123\n    }\n    virtual_ipaddress {\n        192.168.1.113/24 dev ens33\n    }\n    track_script {\n        chk_memcached\n    }\n}\n

                Please adjust the network device names accordingly. virtual_ipaddress is the floating IP address in use

                "},{"location":"setup_binary/memcached_mariadb_cluster/#setup-mariadb-cluster","title":"Setup MariaDB Cluster","text":"

                MariaDB cluster helps you to remove single point of failure from the cluster architecture. Every update in the database cluster is synchronously replicated to all instances.

                You can choose between two different setups:

                • For a small cluster with 3 nodes, you can run MariaDB cluster directly on the Seafile server nodes. Each Seafile server access its local instance of MariaDB.
                • For larger clusters, it's preferable to have 3 dedicated MariaDB nodes to form a cluster. You have to set up a HAProxy in front of the MariaDB cluster. Seafile will access database via HAProxy.

                We refer to the documentation from MariaDB team:

                • Setting up MariaDB cluster on CentOS 7
                • Setting up HAProxy for MariaDB Galera Cluster.

                Tip

                Seafile doesn't use read/write isolation techniques. So you don't need to setup read and write pools.

                "},{"location":"setup_binary/migrate_from_sqlite_to_mysql/","title":"Migrate From SQLite to MySQL","text":"

                Note

                The tutorial is only related to Seafile CE edition.

                First make sure the python module for MySQL is installed. On Ubuntu/Debian, use sudo apt-get install python-mysqldb or sudo apt-get install python3-mysqldb to install it.

                Steps to migrate Seafile from SQLite to MySQL:

                Stop Seafile and Seahub.

                Download sqlite2mysql.sh and sqlite2mysql.py to the top directory of your Seafile installation path. For example, /opt/seafile.

                Run sqlite2mysql.sh:

                chmod +x sqlite2mysql.sh\n./sqlite2mysql.sh\n

                This script will produce three files: ccnet-db.sql, seafile-db.sql, seahub-db.sql.

                Then create 3 databases ccnet_db, seafile_db, seahub_db and seafile user.

                mysql> create database ccnet_db character set = 'utf8';\nmysql> create database seafile_db character set = 'utf8';\nmysql> create database seahub_db character set = 'utf8';\n

                Import ccnet data to MySql.

                mysql> use ccnet_db;\nmysql> source ccnet-db.sql;\n

                Import seafile data to MySql.

                mysql> use seafile_db;\nmysql> source seafile-db.sql;\n

                Import seahub data to MySql.

                mysql> use seahub_db;\nmysql> source seahub-db.sql;\n

                Modify configure files\uff1aAppend following lines to ccnet.conf:

                [Database]\nENGINE=mysql\nHOST=127.0.0.1\nPORT = 3306\nUSER=root\nPASSWD=root\nDB=ccnet_db\nCONNECTION_CHARSET=utf8\n

                Use 127.0.0.1, don't use localhost

                Replace the database section in seafile.conf with following lines:

                [database]\ntype=mysql\nhost=127.0.0.1\nport = 3306\nuser=root\npassword=root\ndb_name=seafile_db\nconnection_charset=utf8\n

                Append following lines to seahub_settings.py:

                DATABASES = {\n    'default': {\n        'ENGINE': 'django.db.backends.mysql',\n        'USER' : 'root',\n        'PASSWORD' : 'root',\n        'NAME' : 'seahub_db',\n        'HOST' : '127.0.0.1',\n        'PORT': '3306',\n        # This is only needed for MySQL older than 5.5.5.\n        # For MySQL newer than 5.5.5 INNODB is the default already.\n        'OPTIONS': {\n            \"init_command\": \"SET storage_engine=INNODB\",\n        }\n    }\n}\n

                Restart seafile and seahub

                Note

                User notifications will be cleared during migration due to the slight difference between MySQL and SQLite, if you only see the busy icon when click the notitfications button beside your avatar, please remove user_notitfications table manually by:

                use seahub_db;\ndelete from notifications_usernotification;\n
                "},{"location":"setup_binary/migrate_from_sqlite_to_mysql/#faq","title":"FAQ","text":""},{"location":"setup_binary/migrate_from_sqlite_to_mysql/#encountered-errno-150-foreign-key-constraint-is-incorrectly-formed","title":"Encountered errno: 150 \"Foreign key constraint is incorrectly formed\"","text":"

                This error typically occurs because the current table being created contains a foreign key that references a table whose primary key has not yet been created. Therefore, please check the database table creation order in the SQL file. The correct order is:

                auth_user\nauth_group\nauth_permission\nauth_group_permissions\nauth_user_groups\nauth_user_user_permissions\n
                and 
                post_office_emailtemplate\npost_office_email\npost_office_attachment\npost_office_attachment_emails\n

                "},{"location":"setup_binary/outline_ce/","title":"Deploying Seafile","text":"

                We provide two ways to deploy Seafile services. Docker is the recommended way.

                Warning

                Since version 12.0, binary based deployment for community edition is deprecated and will not be supported in a future release.

                • Using Docker
                • Manually installing Seafile and setting up database, memcached and Nginx/Apache. See the following section.
                "},{"location":"setup_binary/outline_ce/#manually-deployment-options","title":"Manually deployment options","text":"
                • Deploying Seafile with MySQL
                • Enabling Https with Nginx
                • Enabling Https with Apache
                • Start Seafile at System Bootup
                • Logrotate
                "},{"location":"setup_binary/outline_ce/#trouble-shooting","title":"Trouble shooting","text":"
                1. Read Seafile Server Components Overview to understand how Seafile server works. This will save you a lot of time.
                2. Read FAQ
                3. Go to our forum for help.
                "},{"location":"setup_binary/outline_pro/","title":"Deploy Seafile Pro Edition","text":"

                There are two ways to deploy Seafile Pro Edition. Since version 8.0, the recommend way to install Seafile Pro Edition is using Docker.

                • Method 1: Deploy Seafile with Docker
                • Method 2: Download and Setup Seafile Professional Server Step by Step
                "},{"location":"setup_binary/outline_pro/#migration-from-community-edition","title":"Migration from community edition","text":"
                • Migrate from Seafile Community edition
                "},{"location":"setup_binary/outline_pro/#s3-storage-backends","title":"S3 Storage Backends","text":"
                • Setup Seafile Professional Server With S3
                • Setup Seafile Professional Server With OpenStack Swift
                • Data migration between different backends
                • Using multiple storage backends
                "},{"location":"setup_binary/outline_pro/#cluster","title":"Cluster","text":"
                • Deploy seafile servers in a cluster
                • Enable search and background tasks in a cluster
                • Setup Seafile cluster with NFS
                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/","title":"Seafile Professional Edition Software License Agreement","text":"

                Seafile Professional Edition SOFTWARE LICENSE AGREEMENT

                NOTICE: READ THE FOLLOWING TERMS AND CONDITIONS CAREFULLY BEFORE YOU DOWNLOAD, INSTALL OR USE Seafile Ltd.'S PROPRIETARY SOFTWARE. BY INSTALLING OR USING THE SOFTWARE, YOU AGREE TO BE BOUND BY THE FOLLOWING TERMS AND CONDITIONS. IF YOU DO NOT AGREE TO THE FOLLOWING TERMS AND CONDITIONS, DO NOT INSTALL OR USE THE SOFTWARE.

                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#1-definitions","title":"1. DEFINITIONS","text":"

                \"Seafile Ltd.\" means Seafile Ltd.

                \"You and Your\" means the party licensing the Software hereunder.

                \"Software\" means the computer programs provided under the terms of this license by Seafile Ltd. together with any documentation provided therewith.

                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#2-grant-of-rights","title":"2. GRANT OF RIGHTS","text":""},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#21-general","title":"2.1 General","text":"

                The License granted for Software under this Agreement authorizes You on a non-exclusive basis to use the Software. The Software is licensed, not sold to You and Seafile Ltd. reserves all rights not expressly granted to You in this Agreement. The License is personal to You and may not be assigned by You to any third party.

                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#22-license-provisions","title":"2.2 License Provisions","text":"

                Subject to the receipt by Seafile Ltd. of the applicable license fees, You have the right use the Software as follows:

                • You may use and install the Software on an unlimited number of computers that are owned, leased, or controlled by you.
                • Nothing in this Agreement shall permit you, or any third party to disclose or otherwise make available to any third party the licensed Software, source code or any portion thereof.
                • You agree to indemnify, hold harmless and defend Seafile Ltd. from and against any claims or lawsuits, including attorney's fees, that arise as a result from the use of the Software;
                • You do not permit further redistribution of the Software by Your end-user customers
                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#3-no-derivative-works","title":"3. NO DERIVATIVE WORKS","text":"

                The inclusion of source code with the License is explicitly not for your use to customize a solution or re-use in your own projects or products. The benefit of including the source code is for purposes of security auditing. You may modify the code only for emergency bug fixes that impact security or performance and only for use within your enterprise. You may not create or distribute derivative works based on the Software or any part thereof. If you need enhancements to the software features, you should suggest them to Seafile Ltd. for version improvements.

                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#4-ownership","title":"4. OWNERSHIP","text":"

                You acknowledge that all copies of the Software in any form are the sole property of Seafile Ltd.. You have no right, title or interest to any such Software or copies thereof except as provided in this Agreement.

                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#5-confidentiality","title":"5. CONFIDENTIALITY","text":"

                You hereby acknowledge and agreed that the Software constitute and contain valuable proprietary products and trade secrets of Seafile Ltd., embodying substantial creative efforts and confidential information, ideas, and expressions. You agree to treat, and take precautions to ensure that your employees and other third parties treat, the Software as confidential in accordance with the confidentiality requirements herein.

                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#6-disclaimer-of-warranties","title":"6. DISCLAIMER OF WARRANTIES","text":"

                EXCEPT AS OTHERWISE SET FORTH IN THIS AGREEMENT THE SOFTWARE IS PROVIDED TO YOU \"AS IS\", AND Seafile Ltd. MAKES NO EXPRESS OR IMPLIED WARRANTIES WITH RESPECT TO ITS FUNCTIONALITY, CONDITION, PERFORMANCE, OPERABILITY OR USE. WITHOUT LIMITING THE FOREGOING, Seafile Ltd. DISCLAIMS ALL IMPLIED WARRANTIES INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR FREEDOM FROM INFRINGEMENT. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES, SO THE ABOVE EXCLUSIONS MAY NOT APPLY TO YOU. THE LIMITED WARRANTY HEREIN GIVES YOU SPECIFIC LEGAL RIGHTS, AND YOU MAY ALSO HAVE OTHER RIGHTS THAT VARY FROM ONE JURISDICTION TO ANOTHER.

                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#7-limitation-of-liability","title":"7. LIMITATION OF LIABILITY","text":"

                YOU ACKNOWLEDGE AND AGREE THAT THE CONSIDERATION WHICH Seafile Ltd. IS CHARGING HEREUNDER DOES NOT INCLUDE ANY CONSIDERATION FOR ASSUMPTION BY Seafile Ltd. OF THE RISK OF YOUR CONSEQUENTIAL OR INCIDENTAL DAMAGES WHICH MAY ARISE IN CONNECTION WITH YOUR USE OF THE SOFTWARE. ACCORDINGLY, YOU AGREE THAT Seafile Ltd. SHALL NOT BE RESPONSIBLE TO YOU OR ANY THIRD PARTY FOR ANY LOSS-OF-PROFIT, LOST SAVINGS, INDIRECT, INCIDENTAL, SPECIAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF A LICENSING OR USE OF THE SOFTWARE.

                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#8-indemnification","title":"8. INDEMNIFICATION","text":"

                You agree to defend, indemnify and hold Seafile Ltd. and its employees, agents, representatives and assigns harmless from and against any claims, proceedings, damages, injuries, liabilities, costs, attorney's fees relating to or arising out of Your use of the Software or any breach of this Agreement.

                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#9-termination","title":"9. TERMINATION","text":"

                Your license is effective until terminated. You may terminate it at any time by destroying the Software or returning all copies of the Software to Seafile Ltd.. Your license will terminate immediately without notice if You breach any of the terms and conditions of this Agreement, including non or incomplete payment of the license fee. Upon termination of this Agreement for any reason: You will uninstall all copies of the Software; You will immediately cease and desist all use of the Software; and will destroy all copies of the software in your possession.

                "},{"location":"setup_binary/seafile_professional_sdition_software_license_agreement/#10-updates-and-support","title":"10. UPDATES AND SUPPORT","text":"

                Seafile Ltd. has the right, but no obligation, to periodically update the Software, at its complete discretion, without the consent or obligation to You or any licensee or user.

                YOU HEREBY ACKNOWLEDGE THAT YOU HAVE READ THIS AGREEMENT, UNDERSTAND IT AND AGREE TO BE BOUND BY ITS TERMS AND CONDITIONS.

                "},{"location":"setup_binary/setup_seafile_cluster_with_nfs/","title":"Setup Seafile cluster with NFS","text":"

                In a Seafile cluster, one common way to share data among the Seafile server instances is to use NFS. You should only share the files objects (located in seafile-data folder) and user avatars as well as thumbnails (located in seahub-data folder) on NFS. Here we'll provide a tutorial about how and what to share.

                How to setup nfs server and client is beyond the scope of this wiki. Here are few references:

                • Ubuntu: https://help.ubuntu.com/community/SettingUpNFSHowTo
                • CentOS: http://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-nfs.html

                Supposed your seafile server installation directory is /data/haiwen, after you run the setup script there should be a seafile-data and seahub-data directory in it. And supposed you mount the NFS drive on /seafile-nfs, you should follow a few steps:

                • Move the seafile-data and seahub-data folder to /seafile-nfs:
                mv /data/haiwen/seafile-data /seafile-nfs/\nmv /data/haiwen/seahub-data /seafile-nfs/\n
                • On every node in the cluster, make a symbolic link to the shared seafile-data and seahub-data folder 
                cd /data/haiwen\nln -s /seafile-nfs/seafile-data /data/haiwen/seafile-data\nln -s /seafile-nfs/seahub-data /data/haiwen/seahub-data\n

                This way the instances will share the same seafile-data and seahub-data folder. All other config files and log files will remain independent.

                "},{"location":"setup_binary/start_seafile_at_system_bootup/","title":"Start Seafile at System Bootup","text":""},{"location":"setup_binary/start_seafile_at_system_bootup/#for-systems-running-systemd-and-python-virtual-environments","title":"For systems running systemd and python virtual environments","text":"

                For example Debian 12

                Create systemd service files, change ${seafile_dir} to your seafile installation location and seafile to user, who runs seafile (if appropriate). Then you need to reload systemd's daemons: systemctl daemon-reload.

                Firstly, you should create a script to activate the python virtual environment, which goes in the ${seafile_dir} directory. Put another way, it does not go in \"seafile-server-latest\", but the directory above that. Throughout this manual the examples use /opt/seafile for this directory, but you might have chosen to use a different directory.

                sudo vim /opt/seafile/run_with_venv.sh\n

                The content of the file is:

                #!/bin/bash\n# Activate the python virtual environment (venv) before starting one of the seafile scripts\n\ndir_name=\"$(dirname $0)\"\nsource \"${dir_name}/python-venv/bin/activate\"\nscript=\"$1\"\nshift 1\n\necho \"${dir_name}/seafile-server-latest/${script}\" \"$@\"\n\"${dir_name}/seafile-server-latest/${script}\" \"$@\"\n
                make this script executable 
                sudo chmod 755 /opt/seafile/run_with_venv.sh\n

                "},{"location":"setup_binary/start_seafile_at_system_bootup/#seafile-component","title":"Seafile component","text":"
                sudo vim /etc/systemd/system/seafile.service\n

                The content of the file is:

                [Unit]\nDescription=Seafile\n# add mysql.service or postgresql.service depending on your database to the line below\nAfter=network.target\n\n[Service]\nType=forking\nExecStart=bash ${seafile_dir}/run_with_venv.sh seafile.sh start\nExecStop=bash ${seafile_dir}/seafile-server-latest/seafile.sh stop\nLimitNOFILE=infinity\nUser=seafile\nGroup=seafile\n\n[Install]\nWantedBy=multi-user.target\n
                "},{"location":"setup_binary/start_seafile_at_system_bootup/#seahub-component","title":"Seahub component","text":"
                sudo vim /etc/systemd/system/seahub.service\n

                The content of the file is:

                [Unit]\nDescription=Seafile hub\nAfter=network.target seafile.service\n\n[Service]\nType=forking\nExecStart=bash ${seafile_dir}/run_with_venv.sh seahub.sh start\nExecStop=bash ${seafile_dir}/seafile-server-latest/seahub.sh stop\nUser=seafile\nGroup=seafile\n\n[Install]\nWantedBy=multi-user.target\n
                "},{"location":"setup_binary/start_seafile_at_system_bootup/#for-systems-running-systemd-without-python-virtual-environment","title":"For systems running systemd without python virtual environment","text":"

                For example Debian 8 through Debian 11, Linux Ubuntu 15.04 and newer

                Create systemd service files, change ${seafile_dir} to your seafile installation location and seafile to user, who runs seafile (if appropriate). Then you need to reload systemd's daemons: systemctl daemon-reload.

                "},{"location":"setup_binary/start_seafile_at_system_bootup/#seafile-component_1","title":"Seafile component","text":"
                sudo vim /etc/systemd/system/seafile.service\n

                The content of the file is:

                [Unit]\nDescription=Seafile\n# add mysql.service or postgresql.service depending on your database to the line below\nAfter=network.target\n\n[Service]\nType=forking\nExecStart=${seafile_dir}/seafile-server-latest/seafile.sh start\nExecStop=${seafile_dir}/seafile-server-latest/seafile.sh stop\nLimitNOFILE=infinity\nUser=seafile\nGroup=seafile\n\n[Install]\nWantedBy=multi-user.target\n
                "},{"location":"setup_binary/start_seafile_at_system_bootup/#seahub-component_1","title":"Seahub component","text":"

                Create systemd service file /etc/systemd/system/seahub.service

                sudo vim /etc/systemd/system/seahub.service\n

                The content of the file is:

                [Unit]\nDescription=Seafile hub\nAfter=network.target seafile.service\n\n[Service]\nType=forking\nExecStart=${seafile_dir}/seafile-server-latest/seahub.sh start\nExecStop=${seafile_dir}/seafile-server-latest/seahub.sh stop\nUser=seafile\nGroup=seafile\n\n[Install]\nWantedBy=multi-user.target\n
                "},{"location":"setup_binary/start_seafile_at_system_bootup/#seafile-cli-client-optional","title":"Seafile cli client (optional)","text":"

                Create systemd service file /etc/systemd/system/seafile-client.service

                You need to create this service file only if you have seafile console client and you want to run it on system boot.

                sudo vim /etc/systemd/system/seafile-client.service\n

                The content of the file is:

                [Unit]\nDescription=Seafile client\n# Uncomment the next line you are running seafile client on the same computer as server\n# After=seafile.service\n# Or the next one in other case\n# After=network.target\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/seaf-cli start\nExecStop=/usr/bin/seaf-cli stop\nRemainAfterExit=yes\nUser=seafile\nGroup=seafile\n\n[Install]\nWantedBy=multi-user.target\n
                "},{"location":"setup_binary/start_seafile_at_system_bootup/#enable-service-start-on-system-boot","title":"Enable service start on system boot","text":"
                sudo systemctl enable seafile.service\nsudo systemctl enable seahub.service\nsudo systemctl enable seafile-client.service   # optional\n
                "},{"location":"setup_binary/using_logrotate/","title":"Set up logrotate for server","text":""},{"location":"setup_binary/using_logrotate/#how-it-works","title":"How it works","text":"

                seaf-server and seafile-controller support reopenning logfiles by receiving a SIGUR1 signal.

                This feature is very useful when you need cut logfiles while you don't want to shutdown the server. All you need to do now is cutting the logfile on the fly.

                "},{"location":"setup_binary/using_logrotate/#default-logrotate-configuration-directory","title":"Default logrotate configuration directory","text":"

                For Debian, the default directory for logrotate should be /etc/logrotate.d/

                "},{"location":"setup_binary/using_logrotate/#sample-configuration","title":"Sample configuration","text":"

                Assuming your seaf-server's logfile is setup to /opt/seafile/logs/seafile.log and your seaf-server's pidfile is setup to /opt/seafile/pids/seaf-server.pid:

                The configuration for logrotate could be like this:

                /opt/seafile/logs/seafile.log\n/opt/seafile/logs/seahub.log\n/opt/seafile/logs/seafdav.log\n/opt/seafile/logs/fileserver-access.log\n/opt/seafile/logs/fileserver-error.log\n/opt/seafile/logs/fileserver.log\n/opt/seafile/logs/file_updates_sender.log\n/opt/seafile/logs/repo_old_file_auto_del_scan.log\n/opt/seafile/logs/seahub_email_sender.log\n/opt/seafile/logs/index.log\n{\n        daily\n        missingok\n        rotate 7\n        # compress\n        # delaycompress\n        dateext\n        dateformat .%Y-%m-%d\n        notifempty\n        # create 644 root root\n        sharedscripts\n        postrotate\n                if [ -f /opt/seafile/pids/seaf-server.pid ]; then\n                        kill -USR1 `cat /opt/seafile/pids/seaf-server.pid`\n                fi\n\n                if [ -f /opt/seafile/pids/fileserver.pid ]; then\n                        kill -USR1 `cat /opt/seafile/pids/fileserver.pid`\n                fi\n\n                if [ -f /opt/seafile/pids/seahub.pid ]; then\n                        kill -HUP `cat /opt/seafile/pids/seahub.pid`\n                fi\n\n                if [ -f /opt/seafile/pids/seafdav.pid ]; then\n                        kill -HUP `cat /opt/seafile/pids/seafdav.pid`\n                fi\n\n                find /opt/seafile/logs/ -mtime +7 -name \"*.log*\" -exec rm -f {} \\;\n        endscript\n}\n

                You can save this file, in Debian for example, at /etc/logrotate.d/seafile.

                "},{"location":"upgrade/upgrade/","title":"Upgrade manual","text":"

                There are three types of upgrade, i.e., major version upgrade, minor version upgrade and maintenance version upgrade. This page contains general instructions for the three types of upgrade.

                • After upgrading, you may need to clean seahub cache if it doesn't behave as expect.
                • If you are using a Docker based deployment, please read upgrade a Seafile docker instance
                • If you are running a cluster, please read upgrade a Seafile cluster.
                • If you are using a binary package based deployment, please read instructions below.
                "},{"location":"upgrade/upgrade/#special-upgrade-notes","title":"Special upgrade notes","text":"

                Please check the upgrade notes for any special configuration or changes before/while upgrading.

                • Upgrade notes for 7.0.x
                • Upgrade notes for 7.1.x
                • Upgrade notes for 8.0.x
                • Upgrade notes for 9.0.x
                • Upgrade notes for 10.0.x
                • Upgrade notes for 11.0.x
                "},{"location":"upgrade/upgrade/#upgrade-a-binary-package-based-deployment","title":"Upgrade a binary package based deployment","text":""},{"location":"upgrade/upgrade/#major-version-upgrade-eg-from-5xx-to-6yy","title":"Major version upgrade (e.g. from 5.x.x to 6.y.y)","text":"

                Suppose you are using version 5.1.0 and like to upgrade to version 6.1.0. First download and extract the new version. You should have a directory layout similar to this:

                seafile\n   -- seafile-server-5.1.0\n   -- seafile-server-6.1.0\n   -- ccnet\n   -- seafile-data\n

                Now upgrade to version 6.1.0.

                Shutdown Seafile server if it's running

                cd seafile/seafile-server-latest\n./seahub.sh stop\n./seafile.sh stop\n# or via service\n/etc/init.d/seafile-server stop\n

                Check the upgrade scripts in seafile-server-6.1.0 directory.

                cd seafile/seafile-server-6.1.0\nls upgrade/upgrade_*\n

                You will get a list of upgrade files:

                ...\nupgrade_5.0_5.1.sh\nupgrade_5.1_6.0.sh\nupgrade_6.0_6.1.sh\n

                Start from your current version, run the script(s one by one)

                upgrade/upgrade_5.1_6.0.sh\nupgrade/upgrade_6.0_6.1.sh\n

                Start Seafile server

                cd seafile/seafile-server-latest/\n./seafile.sh start\n./seahub.sh start # or \"./seahub.sh start-fastcgi\" if you're using fastcgi\n# or via service\n/etc/init.d/seafile-server start\n

                If the new version works fine, the old version can be removed

                rm -rf seafile-server-5.1.0/\n
                "},{"location":"upgrade/upgrade/#minor-version-upgrade-eg-from-61x-to-62y","title":"Minor version upgrade (e.g. from 6.1.x to 6.2.y)","text":"

                Suppose you are using version 6.1.0 and like to upgrade to version 6.2.0. First download and extract the new version. You should have a directory layout similar to this:

                seafile\n   -- seafile-server-6.1.0\n   -- seafile-server-6.2.0\n   -- ccnet\n   -- seafile-data\n

                Now upgrade to version 6.2.0.

                1. Shutdown Seafile server if it's running
                cd seafile/seafile-server-latest\n./seahub.sh stop\n./seafile.sh stop\n# or via service\n/etc/init.d/seafile-server stop\n

                Check the upgrade scripts in seafile-server-6.2.0 directory.

                cd seafile/seafile-server-6.2.0\nls upgrade/upgrade_*\n

                You will get a list of upgrade files:

                ...\nupgrade/upgrade_5.1_6.0.sh\nupgrade/upgrade_6.0_6.1.sh\nupgrade/upgrade_6.1_6.2.sh\n

                Start from your current version, run the script(s one by one)

                upgrade/upgrade_6.1_6.2.sh\n

                Start Seafile server

                ./seafile.sh start\n./seahub.sh start\n# or via service\n/etc/init.d/seafile-server start\n

                If the new version works, the old version can be removed

                rm -rf seafile-server-6.1.0/\n
                "},{"location":"upgrade/upgrade/#maintenance-version-upgrade-eg-from-622-to-623","title":"Maintenance version upgrade (e.g. from 6.2.2 to 6.2.3)","text":"

                A maintenance upgrade is for example an upgrade from 6.2.2 to 6.2.3.

                1. Shutdown Seafile server if it's running

                2. For this type of upgrade, you only need to update the symbolic links (for avatar and a few other folders). A script to perform a minor upgrade is provided with Seafile server (for history reasons, the script is called minor-upgrade.sh):

                  cd seafile-server-6.2.3/upgrade/ && ./minor-upgrade.sh\n

                3. Start Seafile

                4. If the new version works, the old version can be removed

                  rm -rf seafile-server-6.2.2/\n
                "},{"location":"upgrade/upgrade_a_cluster/","title":"Upgrade a Seafile cluster","text":""},{"location":"upgrade/upgrade_a_cluster/#major-and-minor-version-upgrade","title":"Major and minor version upgrade","text":"

                Seafile adds new features in major and minor versions. It is likely that some database tables need to be modified or the search index need to be updated. In general, upgrading a cluster contains the following steps:

                1. Upgrade the database
                2. Update symbolic link at frontend and backend nodes to point to the newest version
                3. Update configuration files at each node
                4. Update search index in the backend node

                In general, to upgrade a cluster, you need:

                1. Run the upgrade script (for example, ./upgrade/upgrade_4_0_4_1.sh) in one frontend node
                2. Run the minor upgrade script (./upgrade/minor_upgrade.sh) in all other nodes to update symbolic link
                3. Update configuration files at each node according to the documentation for each version
                4. Delete old search index in the backend node if needed
                "},{"location":"upgrade/upgrade_a_cluster/#maintanence-upgrade","title":"Maintanence upgrade","text":"

                Doing maintanence upgrading is simple, you only need to run the script ./upgrade/minor_upgrade.sh at each node to update the symbolic link.

                "},{"location":"upgrade/upgrade_a_cluster/#specific-instructions-for-each-version","title":"Specific instructions for each version","text":""},{"location":"upgrade/upgrade_a_cluster/#from-70-to-71","title":"From 7.0 to 7.1","text":"

                In the background node, Seahub no longer need to be started. Nginx is not needed too.

                The way of how office converter work is changed. The Seahub in front end nodes directly access a service in background node.

                "},{"location":"upgrade/upgrade_a_cluster/#for-front-end-nodes","title":"For front-end nodes","text":"

                seahub_settings.py

                OFFICE_CONVERTOR_ROOT = 'http://<ip of node background>'\n\u2b07\ufe0f\nOFFICE_CONVERTOR_ROOT = 'http://<ip of node background>:6000'\n

                seafevents.conf

                [OFFICE CONVERTER]\nenabled = true\nworkers = 1\nmax-size = 10\n\n\u2b07\ufe0f\n[OFFICE CONVERTER]\nenabled = true\nworkers = 1\nmax-size = 10\nhost = <ip of node background>\nport = 6000\n
                "},{"location":"upgrade/upgrade_a_cluster/#for-backend-node","title":"For backend node","text":"

                seahub_settings.py is not needed. But you can leave it unchanged.

                seafevents.conf

                [OFFICE CONVERTER]\nenabled = true\nworkers = 1\nmax-size = 10\n\n\u2b07\ufe0f\n[OFFICE CONVERTER]\nenabled = true\nworkers = 1\nmax-size = 10\nhost = <ip of node background>\nport = 6000\n
                "},{"location":"upgrade/upgrade_a_cluster/#from-63-to-70","title":"From 6.3 to 7.0","text":"

                No special upgrade operations.

                "},{"location":"upgrade/upgrade_a_cluster/#from-62-to-63","title":"From 6.2 to 6.3","text":"

                In version 6.2.11, the included Django was upgraded. The memcached configuration needed to be upgraded if you were using a cluster. If you upgrade from a version below 6.1.11, don't forget to change your memcache configuration. If the configuration in your seahub_settings.py is:

                CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '<MEMCACHED SERVER IP>:11211',\n    }\n}\n\nCOMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache'\n

                Now you need to change to:

                CACHES = {\n    'default': {\n        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',\n        'LOCATION': '<MEMCACHED SERVER IP>:11211',\n    },\n    'locmem': {\n        'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',\n    },\n}\nCOMPRESS_CACHE_BACKEND = 'locmem'\n
                "},{"location":"upgrade/upgrade_a_cluster/#from-61-to-62","title":"From 6.1 to 6.2","text":"

                No special upgrade operations.

                "},{"location":"upgrade/upgrade_a_cluster/#from-60-to-61","title":"From 6.0 to 6.1","text":"

                In version 6.1, we upgraded the included ElasticSearch server. The old server listen on port 9500, new server listen on port 9200. Please change your firewall settings.

                "},{"location":"upgrade/upgrade_a_cluster/#from-51-to-60","title":"From 5.1 to 6.0","text":"

                In version 6.0, the folder download mechanism has been updated. This requires that, in a cluster deployment, seafile-data/httptemp folder must be in an NFS share. You can make this folder a symlink to the NFS share.

                cd /data/haiwen/\nln -s /nfs-share/seafile-httptemp seafile-data/httptemp\n

                The httptemp folder only contains temp files for downloading/uploading file on web UI. So there is no reliability requirement for the NFS share. You can export it from any node in the cluster.

                "},{"location":"upgrade/upgrade_a_cluster/#from-v50-to-v51","title":"From v5.0 to v5.1","text":"

                Because Django is upgraded to 1.8, the COMPRESS_CACHE_BACKEND should be changed

                   -    COMPRESS_CACHE_BACKEND = 'locmem://'\n   +    COMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache'\n
                "},{"location":"upgrade/upgrade_a_cluster/#from-v44-to-v50","title":"From v4.4 to v5.0","text":"

                v5.0 introduces some database schema change, and all configuration files (ccnet.conf, seafile.conf, seafevents.conf, seahub_settings.py) are moved to a central config directory.

                Perform the following steps to upgrade:

                • Run the upgrade script at one fronend node to upgrade the database.
                ./upgrade/upgrade_4.4_5.0.sh\n
                • Then, on all other frontend nodes and the background node, run the upgrade script with SEAFILE_SKIP_DB_UPGRADE environmental variable turned on:
                SEAFILE_SKIP_DB_UPGRADE=1 ./upgrade/upgrade_4.4_5.0.sh\n

                After the upgrade, you should see the configuration files has been moved to the conf/ folder.

                conf/\n  |__ ccnet.conf\n  |__ seafile.conf\n  |__ seafevent.conf\n  |__ seafdav.conf\n  |__ seahub_settings.conf\n
                "},{"location":"upgrade/upgrade_a_cluster/#from-v43-to-v44","title":"From v4.3 to v4.4","text":"

                There are no database and search index upgrade from v4.3 to v4.4. Perform the following steps to upgrade:

                1. Run the minor upgrade script at frontend and backend nodes
                "},{"location":"upgrade/upgrade_a_cluster/#from-v42-to-v43","title":"From v4.2 to v4.3","text":"

                v4.3 contains no database table change from v4.2. But the old search index will be deleted and regenerated.

                A new option COMPRESS_CACHE_BACKEND = 'django.core.cache.backends.locmem.LocMemCache' should be added to seahub_settings.py

                The secret key in seahub_settings.py need to be regenerated, the old secret key lack enough randomness.

                Perform the following steps to upgrade:

                1. Run the upgrade script at one fronend node to modify the seahub_settings.py
                2. Modify seahub_settings.py at each node, replacing the old secret key with the new one and add option COMPRESS_CACHE_BACKEND
                3. Run the minor upgrade script at frontend and backend nodes
                4. Delete the old search index (the folder pro-data/search) at the backend node
                5. Delete the old office preview output folder (/tmp/seafile-office-output) at the backend node
                "},{"location":"upgrade/upgrade_a_cluster_docker/","title":"Upgrade a Seafile cluster (Docker)","text":""},{"location":"upgrade/upgrade_a_cluster_docker/#major-and-minor-version-upgrade","title":"Major and minor version upgrade","text":"

                Seafile adds new features in major and minor versions. It is likely that some database tables need to be modified or the search index need to be updated. In general, upgrading a cluster contains the following steps:

                1. Update Seafile image
                2. Upgrade the database
                3. Update configuration files at each node
                4. Update search index in the backend node

                In general, to upgrade a cluster, you need:

                1. Download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version. Start with docker compose up.
                2. Run the upgrade script in container (for example, /opt/seafile/seafile-server-latest/upgrade/upgrade_10_0_11_0.sh) in one frontend node
                3. Update configuration files at each node according to the documentation for each version
                4. Delete old search index in the backend node if needed
                "},{"location":"upgrade/upgrade_a_cluster_docker/#maintanence-upgrade","title":"Maintanence upgrade","text":"

                Maintanence upgrade only needs to download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version. Start with docker compose up.

                "},{"location":"upgrade/upgrade_a_cluster_docker/#upgrade-from-100-to-110","title":"Upgrade from 10.0 to 11.0","text":"

                Migrate your configuration for LDAP and OAuth according to here

                "},{"location":"upgrade/upgrade_a_cluster_docker/#upgrade-from-90-to-100","title":"Upgrade from 9.0 to 10.0","text":"

                If you are using with ElasticSearch, SAML SSO and storage backend features, follow the upgrading manual on how to update the configuration for these features.

                If you want to use the new notification server and rate control (pro edition only), please refer to the upgrading manual.

                "},{"location":"upgrade/upgrade_a_cluster_docker/#upgrade-from-80-to-90","title":"Upgrade from 8.0 to 9.0","text":"

                If you are using with ElasticSearch, follow the upgrading manual on how to update the configuration.

                "},{"location":"upgrade/upgrade_docker/","title":"Upgrade Seafile Docker","text":"

                For maintenance upgrade, like from version 10.0.1 to version 10.0.4, just download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version, then start with docker compose up.

                For major version upgrade, like from 10.0 to 11.0, see instructions below.

                Please check the upgrade notes for any special configuration or changes before/while upgrading.

                "},{"location":"upgrade/upgrade_docker/#upgrade-from-110-to-120","title":"Upgrade from 11.0 to 12.0","text":"

                From Seafile Docker 12.0, we recommend that you use .env and seafile-server.yml files for configuration.

                "},{"location":"upgrade/upgrade_docker/#backup-the-original-docker-composeyml-file","title":"Backup the original docker-compose.yml file:","text":"
                mv docker-compose.yml docker-compose.yml.bak\n
                "},{"location":"upgrade/upgrade_docker/#download-seafile-120-docker-files","title":"Download Seafile 12,0 Docker files","text":"

                Download .env, seafile-server.yml and caddy.yml, and modify .env file according to the old configuration in docker-compose.yml.bak

                Seafile community editionSeafile pro edition 

                wget -O .env https://manual.seafile.com/12.0/docker/ce/env\nwget https://manual.seafile.com/12.0/docker/ce/seafile-server.yml\nwget https://manual.seafile.com/12.0/docker/ce/caddy.yml\n
                The following fields merit particular attention:

                Variable Description Default Value SEAFILE_VOLUME The volume directory of Seafile data /opt/seafile-data SEAFILE_MYSQL_VOLUME The volume directory of MySQL data /opt/seafile-mysql/db SEAFILE_CADDY_VOLUME The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's /opt/seafile-caddy INIT_SEAFILE_MYSQL_ROOT_PASSWORD The root password of MySQL (required) SEAFILE_MYSQL_DB_USER The user of MySQL (database - user can be found in conf/seafile.conf) seafile SEAFILE_MYSQL_DB_PASSWORD The user seafile password of MySQL (required) JWT JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using pwgen -s 40 1 (required) SEAFILE_SERVER_HOSTNAME Seafile server hostname or domain (required) SEAFILE_SERVER_PROTOCOL Seafile server protocol (http or https) http TIME_ZONE Time zone UTC INIT_SEAFILE_ADMIN_EMAIL Admin username me@example.com (Recommend modifications) INIT_SEAFILE_ADMIN_PASSWORD Admin password asecret (Recommend modifications) 

                wget -O .env https://manual.seafile.com/12.0/docker/pro/env\nwget https://manual.seafile.com/12.0/docker/pro/seafile-server.yml\nwget https://manual.seafile.com/12.0/docker/pro/caddy.yml\n
                The following fields merit particular attention:

                Variable Description Default Value SEAFILE_VOLUME The volume directory of Seafile data /opt/seafile-data SEAFILE_MYSQL_VOLUME The volume directory of MySQL data /opt/seafile-mysql/db SEAFILE_CADDY_VOLUME The volume directory of Caddy data used to store certificates obtained from Let's Encrypt's /opt/seafile-caddy SEAFILE_ELASTICSEARCH_VOLUME (Only valid for Seafile PE) The volume directory of Elasticsearch data /opt/seafile-elasticsearch/data INIT_SEAFILE_MYSQL_ROOT_PASSWORD The root password of MySQL (required) SEAFILE_MYSQL_DB_USER The user of MySQL (database - user can be found in conf/seafile.conf) seafile SEAFILE_MYSQL_DB_PASSWORD The user seafile password of MySQL (required) JWT JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters is required for Seafile, which can be generated by using pwgen -s 40 1 (required) SEAFILE_SERVER_HOSTNAME Seafile server hostname or domain (required) SEAFILE_SERVER_PROTOCOL Seafile server protocol (http or https) http TIME_ZONE Time zone UTC INIT_SEAFILE_ADMIN_EMAIL Admin username me@example.com INIT_SEAFILE_ADMIN_PASSWORD Admin password asecret

                Tip

                SSL is now handled by the caddy server. If you have used SSL before, you will also need modify the seafile.nginx.conf. Change server listen 443 to 80.

                Backup the original seafile.nginx.conf file:

                cp seafile.nginx.conf seafile.nginx.conf.bak\n

                Remove the server listen 80 section:

                #server {\n#    listen 80;\n#    server_name _ default_server;\n\n    # allow certbot to connect to challenge location via HTTP Port 80\n    # otherwise renewal request will fail\n#    location /.well-known/acme-challenge/ {\n#        alias /var/www/challenges/;\n#        try_files $uri =404;\n#    }\n\n#    location / {\n#        rewrite ^ https://example.seafile.com$request_uri? permanent;\n#    }\n#}\n

                Change server listen 443 to 80:

                server {\n#listen 443 ssl;\nlisten 80;\n\n#    ssl_certificate      /shared/ssl/pkg.seafile.top.crt;\n#    ssl_certificate_key  /shared/ssl/pkg.seafile.top.key;\n\n#    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;\n\n   ...\n

                Start with docker compose up.

                "},{"location":"upgrade/upgrade_docker/#upgrade-seadoc-from-08-to-10-for-seafile-v120","title":"Upgrade SeaDoc from 0.8 to 1.0 for Seafile v12.0","text":"

                If you have deployed SeaDoc v0.8 with Seafile v11.0, you can upgrade it to 1.0 use the following two steps:

                1. Delete sdoc_db.
                2. Remove SeaDoc configs in seafile.nginx.conf file.
                3. Re-deploy SeaDoc server. In other words, delete the old SeaDoc deployment and deploy a new SeaDoc server on a separate machine.

                Warning

                Deploying SeaDoc and Seafile binary package on the same server is no longer supported. If you really want to deploying SeaDoc and Seafile server on the same machine, you should deploy Seafile server with Docker.

                "},{"location":"upgrade/upgrade_docker/#delete-sdoc_db","title":"Delete sdoc_db","text":"

                From version 1.0, SeaDoc is using seahub_db database to store its operation logs and no longer need an extra database sdoc_db. The database tables in seahub_db are created automatically when you upgrade Seafile server from v11.0 to v12.0. You can simply delete sdoc_db.

                "},{"location":"upgrade/upgrade_docker/#remove-seadoc-configs-in-seafilenginxconf-file","title":"Remove SeaDoc configs in seafile.nginx.conf file","text":"

                If you have deployed SeaDoc older version, you should remove /sdoc-server/, /socket.io configs in seafile.nginx.conf file.

                #    location /sdoc-server/ {\n#        add_header Access-Control-Allow-Origin *;\n#        add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;\n#        add_header Access-Control-Allow-Headers \"deviceType,token, authorization, content-type\";\n#        if ($request_method = 'OPTIONS') {\n#            add_header Access-Control-Allow-Origin *;\n#            add_header Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS;\n#            add_header Access-Control-Allow-Headers \"deviceType,token, authorization, content-type\";\n#            return 204;\n#        }\n#        proxy_pass         http://sdoc-server:7070/;\n#        proxy_redirect     off;\n#        proxy_set_header   Host              $host;\n#        proxy_set_header   X-Real-IP         $remote_addr;\n#        proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;\n#        proxy_set_header   X-Forwarded-Host  $server_name;\n#        proxy_set_header   X-Forwarded-Proto $scheme;\n#        client_max_body_size 100m;\n#    }\n#    location /socket.io {\n#        proxy_pass http://sdoc-server:7070;\n#        proxy_http_version 1.1;\n#        proxy_set_header Upgrade $http_upgrade;\n#        proxy_set_header Connection 'upgrade';\n#        proxy_redirect off;\n#        proxy_buffers 8 32k;\n#        proxy_buffer_size 64k;\n#        proxy_set_header X-Real-IP $remote_addr;\n#        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n#        proxy_set_header Host $http_host;\n#        proxy_set_header X-NginX-Proxy true;\n#    }\n
                "},{"location":"upgrade/upgrade_docker/#deploy-a-new-seadoc-server","title":"Deploy a new SeaDoc server","text":"

                Please see the document Setup SeaDoc to install SeaDoc on a separate machine and integrate with your binary packaged based Seafile server v12.0.

                "},{"location":"upgrade/upgrade_docker/#upgrade-from-100-to-110","title":"Upgrade from 10.0 to 11.0","text":"

                Download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version. Taking the community edition as an example, you have to modify

                ...\nservice:\n    ...\n    seafile:\n        image: seafileltd/seafile-mc:10.0-latest\n        ...\n    ...\n

                to

                service:\n    ...\n    seafile:\n        image: seafileltd/seafile-mc:11.0-latest\n        ...\n    ...\n

                It is also recommended that you upgrade mariadb and memcached to newer versions as in the v11.0 docker-compose.yml file. Specifically, in version 11.0, we use the following versions:

                • MariaDB: 10.11
                • Memcached: 1.6.18

                What's more, you have to migrate configuration for LDAP and OAuth according to here

                Start with docker compose up.

                "},{"location":"upgrade/upgrade_docker/#upgrade-from-90-to-100","title":"Upgrade from 9.0 to 10.0","text":"

                Just download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version, then start with docker compose up.

                If you are using pro edition with ElasticSearch, SAML SSO and storage backend features, follow the upgrading manual on how to update the configuration for these features.

                If you want to use the new notification server and rate control (pro edition only), please refer to the upgrading manual.

                "},{"location":"upgrade/upgrade_docker/#upgrade-from-80-to-90","title":"Upgrade from 8.0 to 9.0","text":"

                Just download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version, then start with docker compose up.

                "},{"location":"upgrade/upgrade_docker/#lets-encrypt-ssl-certificate","title":"Let's encrypt SSL certificate","text":"

                Since version 9.0.6, we use Acme V3 (not acme-tiny) to get certificate.

                If there is a certificate generated by an old version, you need to back up and move the old certificate directory and the seafile.nginx.conf before starting.

                mv /opt/seafile/shared/ssl /opt/seafile/shared/ssl-bak\n\nmv /opt/seafile/shared/nginx/conf/seafile.nginx.conf /opt/seafile/shared/nginx/conf/seafile.nginx.conf.bak\n

                Starting the new container will automatically apply a certificate.

                docker compose down\ndocker compose up -d\n

                Please wait a moment for the certificate to be applied, then you can modify the new seafile.nginx.conf as you want. Execute the following command to make the nginx configuration take effect.

                docker exec seafile nginx -s reload\n

                A cron job inside the container will automatically renew the certificate.

                "},{"location":"upgrade/upgrade_docker/#upgrade-from-71-to-80","title":"Upgrade from 7.1 to 8.0","text":"

                Just download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version, then start with docker compose up.

                "},{"location":"upgrade/upgrade_docker/#upgrade-from-70-to-71","title":"Upgrade from 7.0 to 7.1","text":"

                Just download the new image, stop the old docker container, modify the Seafile image version in docker-compose.yml to the new version, then start with docker compose up.

                "},{"location":"upgrade/upgrade_notes_for_10.0.x/","title":"Upgrade notes for 10.0","text":"

                These notes give additional information about changes. Please always follow the main upgrade guide.

                For docker based version, please check upgrade Seafile Docker image

                "},{"location":"upgrade/upgrade_notes_for_10.0.x/#important-release-changes","title":"Important release changes","text":""},{"location":"upgrade/upgrade_notes_for_10.0.x/#enable-notification-server","title":"Enable notification server","text":"

                The notification server enables desktop syncing and drive clients to get notification of library changes immediately using websocket. There are two benefits:

                1. Reduce the time for syncing new changes to local
                2. Reduce the load of the server as periodically pulling is removed. There are significant reduction of load when you have 1000+ clients.

                The notification server works with Seafile syncing client 9.0+ and drive client 3.0+.

                Please follow the document to enable notification server

                "},{"location":"upgrade/upgrade_notes_for_10.0.x/#memcached-section-in-the-seafileconf-pro-edition-only","title":"Memcached section in the seafile.conf (pro edition only)","text":"

                If you use storage backend or cluster, make sure the memcached section is in the seafile.conf.

                Since version 10.0, all memcached options are consolidated to the one below.

                Modify the seafile.conf:

                [memcached]\nmemcached_options = --SERVER=<the IP of Memcached Server> --POOL-MIN=10 --POOL-MAX=100\n
                "},{"location":"upgrade/upgrade_notes_for_10.0.x/#saml-sso-change-pro-edition-only","title":"SAML SSO change (pro edition only)","text":"

                The configuration for SAML SSO in Seafile is greatly simplified. Now only three options are needed:

                ENABLE_ADFS_LOGIN = True\nLOGIN_REDIRECT_URL = '/saml2/complete/'\nSAML_REMOTE_METADATA_URL = 'https://login.microsoftonline.com/xxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxx'\nSAML_ATTRIBUTE_MAPPING = {\n    'name': ('display_name', ),\n    'mail': ('contact_email', ),\n    ...\n}\n

                Please check the new document on SAML SSO

                "},{"location":"upgrade/upgrade_notes_for_10.0.x/#rate-control-in-role-settings-pro-edition-only","title":"Rate control in role settings (pro edition only)","text":"

                Starting from version 10.0, Seafile allows administrators to configure upload and download speed limits for users with different roles through the following two steps:

                1. Configuring rate limiting for different roles in seahub_settings.py.
                ENABLED_ROLE_PERMISSIONS = {\n    'default': {\n    ...\n        'upload_rate_limit': 2000,  # unit: kb/s\n        'download_rate_limit': 4000,\n    ...\n    },\n    'guest': {\n    ...\n        'upload_rate_limit': 100,\n        'download_rate_limit': 200,\n    ...\n    },\n}\n
                1. Run the following command in the seafile-server-latest directory to make the configuration take effect.
                ./seahub.sh python-env python3 seahub/manage.py set_user_role_upload_download_rate_limit\n
                "},{"location":"upgrade/upgrade_notes_for_10.0.x/#elasticsearch-change-pro-edition-only","title":"ElasticSearch change (pro edition only)","text":"

                Elasticsearch is upgraded to version 8.x, fixed and improved some issues of file search function.

                Since elasticsearch 7.x, the default number of shards has changed from 5 to 1, because too many index shards will over-occupy system resources; but when a single shard data is too large, it will also reduce search performance. Starting from version 10.0, Seafile supports customizing the number of shards in the configuration file.

                You can use the following command to query the current size of each shard to determine the best number of shards for you:

                curl 'http{s}://<es IP>:9200/_cat/shards/repofiles?v'\n

                The official recommendation is that the size of each shard should be between 10G-50G: https://www.elastic.co/guide/en/elasticsearch/reference/8.6/size-your-shards.html#shard-size-recommendation.

                Modify the seafevents.conf:

                [INDEX FILES]\n...\nshards = 10     # default is 5\n...\n
                "},{"location":"upgrade/upgrade_notes_for_10.0.x/#new-python-libraries","title":"New Python libraries","text":"

                Note, you should install Python libraries system wide using root user or sudo mode.

                For Ubuntu 20.04/22.04

                sudo pip3 install future==0.18.* mysqlclient==2.1.* pillow==10.2.* captcha==0.5.* django_simple_captcha==0.5.20 djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1\n

                For Debian 11

                su pip3 install future==0.18.* mysqlclient==2.1.* pillow==9.3.* captcha==0.4 django_simple_captcha==0.5.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1\n
                "},{"location":"upgrade/upgrade_notes_for_10.0.x/#upgrade-to-100x","title":"Upgrade to 10.0.x","text":"

                1. Stop Seafile-9.0.x server.

                2. Start from Seafile 10.0.x, run the script:

                  upgrade/upgrade_9.0_10.0.sh\n

                If you are using pro edtion, modify memcached option in seafile.conf and SAML SSO configuration if needed.

                1. Start Seafile-10.0.x server.
                "},{"location":"upgrade/upgrade_notes_for_10.0.x/#update-elasticsearch-pro-edition-only","title":"Update Elasticsearch (pro edition only)","text":"

                You can choose one of the methods to upgrade your index data.

                "},{"location":"upgrade/upgrade_notes_for_10.0.x/#method-one-reindex-the-old-index-data","title":"Method one, reindex the old index data","text":"

                1. Download Elasticsearch image:

                docker pull elasticsearch:7.17.9\n

                Create a new folder to store ES data and give the folder permissions:

                mkdir -p /opt/seafile-elasticsearch/data  && chmod -R 777 /opt/seafile-elasticsearch/data/\n

                Start ES docker image:

                sudo docker run -d --name es-7.17 -p 9200:9200  -e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" -e \"ES_JAVA_OPTS=-Xms1g -Xmx1g\" -e \"xpack.security.enabled=false\" --restart=always -v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data -d elasticsearch:7.17.9\n

                PS: ES_JAVA_OPTS can be adjusted according to your need.

                2. Create an index with 8.x compatible mappings:

                # create repo_head index\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repo_head_8?pretty=true' -d '\n{\n  \"mappings\" : {\n    \"properties\" : {\n      \"commit\" : {\n        \"type\" : \"keyword\",\n        \"index\" : false\n      },\n      \"repo\" : {\n        \"type\" : \"keyword\",\n        \"index\" : false\n      },\n      \"updatingto\" : {\n        \"type\" : \"keyword\",\n        \"index\" : false\n      }\n    }\n  }\n}'\n\n# create repofiles index, number_of_shards is the number of shards, here is set to 5, you can also modify it to the most suitable number of shards\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repofiles_8/?pretty=true' -d '\n{\n  \"settings\" : {\n    \"index\" : {\n      \"number_of_shards\" : \"5\",\n      \"analysis\" : {\n        \"analyzer\" : {\n          \"seafile_file_name_ngram_analyzer\" : {\n            \"filter\" : [\n              \"lowercase\"\n            ],\n            \"type\" : \"custom\",\n            \"tokenizer\" : \"seafile_file_name_ngram_tokenizer\"\n          }\n        },\n        \"tokenizer\" : {\n          \"seafile_file_name_ngram_tokenizer\" : {\n            \"type\" : \"ngram\",\n            \"min_gram\" : \"3\",\n            \"max_gram\" : \"4\"\n          }\n        }\n      }\n    }\n  },\n  \"mappings\" : {\n    \"properties\" : {\n      \"content\" : {\n        \"type\" : \"text\",\n        \"term_vector\" : \"with_positions_offsets\"\n      },\n      \"filename\" : {\n        \"type\" : \"text\",\n        \"fields\" : {\n          \"ngram\" : {\n            \"type\" : \"text\",\n            \"analyzer\" : \"seafile_file_name_ngram_analyzer\"\n          }\n        }\n      },\n      \"is_dir\" : {\n        \"type\" : \"boolean\"\n      },\n      \"mtime\" : {\n        \"type\" : \"date\"\n      },\n      \"path\" : {\n        \"type\" : \"keyword\"\n      },\n      \"repo\" : {\n        \"type\" : \"keyword\"\n      },\n      \"size\" : {\n        \"type\" : \"long\"\n      },\n      \"suffix\" : {\n        \"type\" : \"keyword\"\n      }\n    }\n  }\n}'\n

                3. Set the refresh_interval to -1 and the number_of_replicas to 0 for efficient reindex:

                curl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repo_head_8/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : \"-1\",\n    \"number_of_replicas\" : 0\n  }\n}'\n\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repofiles_8/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : \"-1\",\n    \"number_of_replicas\" : 0\n  }\n}'\n

                4. Use the reindex API to copy documents from the 7.x index into the new index:

                curl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_reindex/?wait_for_completion=false&pretty=true' -d '\n{\n  \"source\": {\n    \"index\": \"repo_head\"\n  },\n  \"dest\": {\n    \"index\": \"repo_head_8\"\n  }\n}'\n\ncurl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_reindex/?wait_for_completion=false&pretty=true' -d '\n{\n  \"source\": {\n    \"index\": \"repofiles\"\n  },\n  \"dest\": {\n    \"index\": \"repofiles_8\"\n  }\n}'\n

                5. Use the following command to check if the reindex task is complete:

                # Get the task_id of the reindex task:\n$ curl 'http{s}://{es server IP}:9200/_tasks?actions=*reindex&pretty'\n# Check to see if the reindex task is complete:\n$ curl 'http{s}://{es server IP}:9200/_tasks/:<task_id>?pretty'\n

                6. Reset the refresh_interval and number_of_replicas to the values used in the old index:

                curl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repo_head_8/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : null,\n    \"number_of_replicas\" : 1\n  }\n}'\n\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/repofiles_8/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : null,\n    \"number_of_replicas\" : 1\n  }\n}'\n

                7. Wait for the elasticsearch status to change to green (or yellow if it is a single node).

                curl 'http{s}://{es server IP}:9200/_cluster/health?pretty'\n

                8. Use the aliases API delete the old index and add an alias with the old index name to the new index:

                curl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_aliases?pretty' -d '\n{\n  \"actions\": [\n    {\"remove_index\": {\"index\": \"repo_head\"}},\n    {\"remove_index\": {\"index\": \"repofiles\"}},\n    {\"add\": {\"index\": \"repo_head_8\", \"alias\": \"repo_head\"}},\n    {\"add\": {\"index\": \"repofiles_8\", \"alias\": \"repofiles\"}}\n  ]\n}'\n

                9. Deactivate the 7.17 container, pull the 8.x image and run:

                $ docker stop es-7.17\n\n$ docker rm es-7.17\n\n$ docker pull elasticsearch:8.6.2\n\n$ sudo docker run -d --name es -p 9200:9200 -e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" -e \"ES_JAVA_OPTS=-Xms1g -Xmx1g\" -e \"xpack.security.enabled=false\" --restart=always -v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data -d elasticsearch:8.6.2\n
                "},{"location":"upgrade/upgrade_notes_for_10.0.x/#method-two-rebuild-the-index-and-discard-the-old-index-data","title":"Method two, rebuild the index and discard the old index data","text":"

                1. Pull Elasticsearch image:

                docker pull elasticsearch:8.5.3\n

                Create a new folder to store ES data and give the folder permissions:

                mkdir -p /opt/seafile-elasticsearch/data  && chmod -R 777 /opt/seafile-elasticsearch/data/\n

                Start ES docker image:

                sudo docker run -d --name es -p 9200:9200 -e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" -e \"ES_JAVA_OPTS=-Xms1g -Xmx1g\" -e \"xpack.security.enabled=false\" --restart=always -v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data -d elasticsearch:8.5.3\n

                2. Modify the seafevents.conf:

                [INDEX FILES]\n...\nexternal_es_server = true\nes_host = http{s}://{es server IP}\nes_port = 9200\nshards = 10   # default is 5.\n...\n

                Restart Seafile server:

                su seafile\ncd seafile-server-latest/\n./seafile.sh stop && ./seahub.stop \n./seafile.sh start && ./seahub.start\n

                3. Delete old index data

                rm -rf /opt/seafile-elasticsearch/data/*\n

                4. Create new index data:

                $ cd /opt/seafile/seafile-server-latest\n$ ./pro/pro.py search --update\n
                "},{"location":"upgrade/upgrade_notes_for_10.0.x/#method-three-if-you-are-in-a-cluster-environment","title":"Method three, if you are in a cluster environment","text":"

                1. Deploy elasticsearch 8.x according to method two. Use Seafile 10.0 version to deploy a new backend node and modify the seafevents.conf file. The background node does not start the Seafile background service, just manually run the command ./pro/pro.py search --update.

                2. Upgrade the other nodes to Seafile 10.0 version and use the new Elasticsearch 8.x server.

                3. Then deactivate the old backend node and the old version of Elasticsearch.

                "},{"location":"upgrade/upgrade_notes_for_11.0.x/","title":"Upgrade notes for 11.0","text":"

                These notes give additional information about changes. Please always follow the main upgrade guide.

                For docker based version, please check upgrade Seafile Docker image

                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#important-release-changes","title":"Important release changes","text":""},{"location":"upgrade/upgrade_notes_for_11.0.x/#change-of-user-identity","title":"Change of user identity","text":"

                Previous Seafile versions directly used a user's email address or SSO identity as their internal user ID.

                Seafile 11.0 introduces virtual user IDs - random, internal identifiers like \"adc023e7232240fcbb83b273e1d73d36@auth.local\". For new users, a virtual ID will be generated instead of directly using their email. A mapping between the email and virtual ID will be stored in the \"profile_profile\" database table. For SSO users,the mapping between SSO ID and virtual ID is stored in the \"social_auth_usersocialauth\" table.

                Overall this brings more flexibility to handle user accounts and identity changes. Existing users will use the same old ID.

                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#reimplementation-of-ldap-integration","title":"Reimplementation of LDAP Integration","text":"

                Previous Seafile versions handled LDAP authentication in the ccnet-server component. In Seafile 11.0, LDAP is reimplemented within the Seahub Python codebase.

                LDAP configuration has been moved from ccnet.conf to seahub_settings.py. The ccnet_db.LDAPImported table is no longer used - LDAP users are now stored in ccnet_db.EmailUsers along with other users.

                Benefits of this new implementation:

                • Improved compatibility across different systems. Python code is more portable than the previous C implementation.
                • Consistent handling of users whether they login via LDAP or other methods like email/password.

                You need to run migrate_ldapusers.py script to merge ccnet_db.LDAPImported table to ccnet_db.EmailUsers table. The setting files need to be changed manually. (See more details below)

                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#oauth-authentication-and-other-sso-methods","title":"OAuth authentication and other SSO methods","text":"

                If you use OAuth authentication, the configuration need to be changed a bit.

                If you use SAML, you don't need to change configuration files. For SAML2, in version 10, the name_id field is returned from SAML server, and is used as the username (the email field in ccnet_dbEmailUser). In version 11, for old users, Seafile will find the old user and create a name_id to name_id mapping in social_auth_usersocialauth. For new users, Seafile will create a new user with random ID and add a name_id to the random ID mapping in social_auth_usersocialauth. In addition, we have added a feature where you can configure to disable login with a username and password for saml users by using the config of DISABLE_ADFS_USER_PWD_LOGIN = True in seahub_settings.py.

                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#dropped-sqlite-database-support","title":"Dropped SQLite Database Support","text":"

                Seafile 11.0 dropped using SQLite as the database. It is better to migrate from SQLite database to MySQL database before upgrading to version 11.0.

                There are several reasons driving this change:

                • Focus on collaborative features - SQLite's limitations make advanced concurrency and locking difficult, which collaborative editing requires. Different Seafile components need simultaneous database access. Especially after adding seafevents component in version 11.0 for the community edition.
                • Docker deployments - Our official Docker images do not support SQLite. MySQL is the preferred option.
                • Migration difficulties - Migrating SQLite databases to MySQL via SQL translation is unreliable.

                To migrate from SQLite database to MySQL database, you can follow the document Migrate from SQLite to MySQL. If you have issues in the migration, just post a thread in our forum. We are glad to help you.

                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#elasticsearch-change-pro-edition-only","title":"ElasticSearch change (pro edition only)","text":"

                Elasticsearch version is not changed in Seafile version 11.0

                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#new-saml-prerequisites-multi_tenancy-only","title":"New SAML prerequisites (MULTI_TENANCY only)","text":"

                For Ubuntu 20.04/22.04

                sudo apt-get update\nsudo apt-get install -y dnsutils\n
                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#django-csrf-protection-issue","title":"Django CSRF protection issue","text":"

                Django 4.* has introduced a new check for the origin http header in CSRF verification. It now compares the values of the origin field in HTTP header and the host field in HTTP header. If they are different, an error is triggered.

                If you deploy Seafile behind a proxy, or if you use a non-standard port, or if you deploy Seafile in cluster, it is likely the origin field in HTTP header received by Django and the host field in HTTP header received by Django are different. Because the host field in HTTP header is likely to be modified by proxy. This mismatch results in a CSRF error.

                You can add CSRF_TRUSTED_ORIGINS to seahub_settings.py to solve the problem:

                CSRF_TRUSTED_ORIGINS = [\"https://<your-domain>\"]\n
                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#new-python-libraries","title":"New Python libraries","text":"

                Note, you should install Python libraries system wide using root user or sudo mode.

                For Ubuntu 20.04/22.04

                sudo apt-get update\nsudo apt-get install -y python3-dev ldap-utils libldap2-dev\n\nsudo pip3 install future==0.18.* mysqlclient==2.1.* pillow==10.2.* sqlalchemy==2.0.18 captcha==0.5.* django_simple_captcha==0.6.* djangosaml2==1.5.* pysaml2==7.2.* pycryptodome==3.16.* cffi==1.15.1 python-ldap==3.4.3\n
                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#upgrade-to-110x","title":"Upgrade to 11.0.x","text":""},{"location":"upgrade/upgrade_notes_for_11.0.x/#1-stop-seafile-100x-server","title":"1) Stop Seafile-10.0.x server.","text":""},{"location":"upgrade/upgrade_notes_for_11.0.x/#2-start-from-seafile-110x-run-the-script","title":"2) Start from Seafile 11.0.x, run the script:","text":"
                upgrade/upgrade_10.0_11.0.sh\n
                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#3modify-configurations-and-migrate-ldap-records","title":"3\uff09Modify configurations and migrate LDAP records","text":""},{"location":"upgrade/upgrade_notes_for_11.0.x/#change-configurations-for-ldap","title":"Change configurations for LDAP","text":"

                The configuration items of LDAP login and LDAP sync tasks are migrated from ccnet.conf to seahub_settings.py. The name of the configuration item is based on the 10.0 version, and the characters 'LDAP_' or 'MULTI_LDAP_1' are added. Examples are as follows:

                # Basic configuration items for LDAP login\nENABLE_LDAP = True\nLDAP_SERVER_URL = 'ldap://192.168.0.125'     # The URL of LDAP server\nLDAP_BASE_DN = 'ou=test,dc=seafile,dc=ren'   # The root node of users who can \n                                             # log in to Seafile in the LDAP server\nLDAP_ADMIN_DN = 'administrator@seafile.ren'  # DN of the administrator used \n                                             # to query the LDAP server for information\nLDAP_ADMIN_PASSWORD = 'Hello@123'            # Password of LDAP_ADMIN_DN\nLDAP_PROVIDER = 'ldap'                       # Identify the source of the user, used in \n                                             # the table social_auth_usersocialauth, defaults to 'ldap'\nLDAP_LOGIN_ATTR = 'userPrincipalName'        # User's attribute used to log in to Seafile, \n                                             # can be mail or userPrincipalName, cannot be changed\nLDAP_FILTER = 'memberOf=CN=testgroup,OU=test,DC=seafile,DC=ren'  # Additional filter conditions,\n                                                                 # users who meet the filter conditions can log in, otherwise they cannot log in\n# For update user info when login\nLDAP_CONTACT_EMAIL_ATTR = ''             # For update user's contact_email\nLDAP_USER_ROLE_ATTR = ''                 # For update user's role\nLDAP_USER_FIRST_NAME_ATTR = 'givenName'  # For update user's first name\nLDAP_USER_LAST_NAME_ATTR = 'sn'          # For update user's last name\nLDAP_USER_NAME_REVERSE = False           # Whether to reverse the user's first and last name\n

                The following configuration items are only for Pro Edition: 

                # Configuration items for LDAP sync tasks.\nLDAP_SYNC_INTERVAL = 60                  # LDAP sync task period, in minutes\n\n# LDAP user sync configuration items.\nENABLE_LDAP_USER_SYNC = True             # Whether to enable user sync\nLDAP_USER_OBJECT_CLASS = 'person'        # This is the name of the class used to search for user objects. \n                                         # In Active Directory, it's usually \"person\". The default value is \"person\".\nLDAP_DEPT_ATTR = ''                      # LDAP user's department info\nLDAP_UID_ATTR = ''                       # LDAP user's login_id attribute\nLDAP_AUTO_REACTIVATE_USERS = True        # Whether to auto activate deactivated user\nLDAP_USE_PAGED_RESULT = False            # Whether to use pagination extension\nIMPORT_NEW_USER = True                   # Whether to import new users when sync user\nACTIVATE_USER_WHEN_IMPORT = True         # Whether to activate the user when importing new user\nENABLE_EXTRA_USER_INFO_SYNC = True       # Whether to enable sync of additional user information,\n                                         # including user's full name, contact_email, department, and Windows login name, etc.\nDEACTIVE_USER_IF_NOTFOUND = False        # Set to \"true\" if you want to deactivate a user \n                                         # when he/she was deleted in AD server.\n\n# LDAP group sync configuration items.\nENABLE_LDAP_GROUP_SYNC = True            # Whether to enable group sync\nLDAP_GROUP_FILTER = ''                   # Group sync filter\nLDAP_SYNC_DEPARTMENT_FROM_OU = True      # Whether to enable sync departments from OU.\nLDAP_GROUP_OBJECT_CLASS = 'group'        # This is the name of the class used to search for group objects.\nLDAP_GROUP_MEMBER_ATTR = 'member'        # The attribute field to use when loading the group's members. \n                                         # For most directory servers, the attributes is \"member\" \n                                         # which is the default value.For \"posixGroup\", it should be set to \"memberUid\".\nLDAP_USER_ATTR_IN_MEMBERUID = 'uid'      # The user attribute set in 'memberUid' option, \n                                         # which is used in \"posixGroup\".The default value is \"uid\".\nLDAP_GROUP_UUID_ATTR = 'objectGUID'      # Used to uniquely identify groups in LDAP\nLDAP_USE_GROUP_MEMBER_RANGE_QUERY = False   # When a group contains too many members, \n                                            # AD will only return part of them. Set this option to TRUE\n                                            # to make LDAP sync work with large groups.\nLDAP_SYNC_GROUP_AS_DEPARTMENT = False    # Whether to sync groups as top-level departments in Seafile\nLDAP_DEPT_NAME_ATTR = ''                 # Used to get the department name.\nLDAP_CREATE_DEPARTMENT_LIBRARY = False   # If you decide to sync the group as a department,\n                                         # you can set this option to \"true\". In this way, when \n                                         # the group is synchronized for the first time, a library\n                                         # is automatically created for the department, and the \n                                         # library's name is the department's name.\nLDAP_DEPT_REPO_PERM = 'rw'               # Set the permissions of the department repo, default permission is 'rw'.\nLDAP_DEFAULT_DEPARTMENT_QUOTA = -2       # You can set a default space quota for each department\n                                         # when you synchronize a group for the first time. The \n                                         # quota is set to unlimited if this option is not set.\n                                         # Unit is MB.\nDEL_GROUP_IF_NOT_FOUND = False           # Set to \"true\", sync process will delete the group if not found it in LDAP server.\nDEL_DEPARTMENT_IF_NOT_FOUND = False      # Set to \"true\", sync process will deleted the department if not found it in LDAP server.\n

                If you sync users from LDAP to Seafile, when the user login via SSO (ADFS or OAuth), you want Seafile to find the existing account for this user instead of creating a new one, you can set SSO_LDAP_USE_SAME_UID = True:

                SSO_LDAP_USE_SAME_UID = True\n

                Note, here the UID means the unique user ID, in LDAP it is the attribute you use for LDAP_LOGIN_ATTR (not LDAP_UID_ATTR), in ADFS it is uid attribute. You need make sure you use the same attribute for the two settings.

                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#migrate-ldap-records","title":"Migrate LDAP records","text":"

                Run the following script to migrate users in LDAPImported to EmailUsers

                cd <install-path>/seafile-server-latest\npython3 migrate_ldapusers.py\n

                For Seafile docker

                docker exec -it seafile /usr/bin/python3 /opt/seafile/seafile-server-latest/migrate_ldapusers.py\n
                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#change-configuration-for-oauth","title":"Change configuration for OAuth:","text":"

                In the new version, the OAuth login configuration should keep the email attribute unchanged to be compatible with new and old user logins. In version 11.0, a new uid attribute is added to be used as a user's external unique ID. The uid will be stored in social_auth_usersocialauth to map to internal virtual ID. For old users, the original email is used the internal virtual ID. The example is as follows:

                # Version 10.0 or earlier\nOAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, \"email\"),\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),\n}\n\n# Since 11.0 version, added 'uid' attribute.\nOAUTH_ATTRIBUTE_MAP = {\n    \"id\": (True, \"email\"),  # In the new version, the email attribute configuration should be kept unchanged to be compatible with old and new user logins\n    \"uid\": (True, \"uid\"),   # Seafile use 'uid' as the external unique identifier of the user. Different OAuth systems have different attributes, which may be: 'uid' or 'username', etc.\n    \"name\": (False, \"name\"),\n    \"email\": (False, \"contact_email\"),\n}\n

                When a user login, Seafile will first use \"id -> email\" map to find the old user and then create \"uid -> uid\" map for this old user. After all users login once, you can delete the configuration \"id\": (True, \"email\"). You can also manully add records in social_auth_usersocialauth to map extenral uid to old users.

                "},{"location":"upgrade/upgrade_notes_for_11.0.x/#4-start-seafile-110x-server","title":"4) Start Seafile-11.0.x server.","text":""},{"location":"upgrade/upgrade_notes_for_11.0.x/#faq","title":"FAQ","text":"

                We have documented common issues encountered by users when upgrading to version 11.0 in our FAQ https://cloud.seatable.io/dtable/external-links/7b976c85f504491cbe8e/?tid=0000&vid=0000.

                If you encounter any issue, please give it a check.

                "},{"location":"upgrade/upgrade_notes_for_12.0.x/","title":"Upgrade notes for 12.0","text":"

                These notes give additional information about changes. Please always follow the main upgrade guide.

                For docker based version, please check upgrade Seafile Docker image

                "},{"location":"upgrade/upgrade_notes_for_12.0.x/#important-release-changes","title":"Important release changes","text":"

                Seafile version 12.0 has following major changes:

                • A redesigned Web UI
                • SeaDoc is now stable, providing online notes and documents feature
                • A new wiki module (still in beta, disabled by default)
                • A new trash mechanism, that deleted files will be recorded in database for fast listing. In the old version, deleted files are scanned from library history, which is slow.
                • Community edition now also support online GC (because SQLite support is dropped)

                Other changes:

                • A new lightweight and fast search engine, SeaSearch. SeaSearch is optional, you can still use ElasticSearch.

                Breaking changes

                • For security reason, WebDAV no longer support login with LDAP account, the user with LDAP account must generate a WebDAV token at the profile page
                • The password strength level is now calculated by algorithm. The old USER_PASSWORD_MIN_LENGTH, USER_PASSWORD_STRENGTH_LEVEL is removed. Only USER_STRONG_PASSWORD_REQUIRED is still used.
                • ADDITIONAL_APP_BOTTOM_LINKS is removed. Because there is no buttom bar in the navigation side bar now.
                • For binary package based installation, a new .env file is needed to contain some configuration items. These configuration items need to be shared by different components in Seafile. We name it .env to be consistant with docker based installation.
                • [File tags] The current file tags feature is deprecated. We will re-implement a new one in version 13.0 with a new general metadata management module.
                • For ElasticSearch based search, full text search of doc/xls/ppt file types are no longer supported. This enable us to remove Java dependency in Seafile side.

                Deploying SeaDoc and Seafile binary package on the same server is no longer supported. You can:

                • Deploy SeaDoc on a new server and integrate it with Seafile.
                • Migrate Seafile to a docker based deployment method and then deploy SeaDoc in the same server.

                Deploying Seafile with binary package is now deprecated and probably no longer be supported in version 13.0. We recommend you to migrate your existing Seafile deployment to docker based.

                "},{"location":"upgrade/upgrade_notes_for_12.0.x/#elasticsearch-change-pro-edition-only","title":"ElasticSearch change (pro edition only)","text":"

                Elasticsearch version is not changed in Seafile version 12.0

                "},{"location":"upgrade/upgrade_notes_for_12.0.x/#new-python-libraries","title":"New Python libraries","text":"

                Note, you should install Python libraries system wide using root user or sudo mode.

                For Ubuntu 22.04/24.04

                sudo pip3 install future==1.0.* mysqlclient==2.2.* pillow==10.4.* sqlalchemy==2.0.* gevent==24.2.* captcha==0.6.* django_simple_captcha==0.6.* djangosaml2==1.9.* pysaml2==7.3.* pycryptodome==3.20.* cffi==1.17.0 python-ldap==3.4.* PyMuPDF==1.24.* numpy==1.26.*\n
                "},{"location":"upgrade/upgrade_notes_for_12.0.x/#upgrade-to-120-for-binary-installation","title":"Upgrade to 12.0 (for binary installation)","text":"

                The following instruction is for binary package based installation. If you use Docker based installation, please see

                "},{"location":"upgrade/upgrade_notes_for_12.0.x/#1-stop-seafile-110x-server","title":"1) Stop Seafile-11.0.x server","text":""},{"location":"upgrade/upgrade_notes_for_12.0.x/#2-start-from-seafile-120x-run-the-script","title":"2) Start from Seafile 12.0.x, run the script","text":"
                upgrade/upgrade_11.0_12.0.sh\n
                "},{"location":"upgrade/upgrade_notes_for_12.0.x/#3-create-the-env-file-in-conf-directory","title":"3) Create the .env file in conf/ directory","text":"

                conf/.env

                JWT_PRIVATE_KEY=xxx\nSEAFILE_SERVER_PROTOCOL=https\nSEAFILE_SERVER_HOSTNAME=seafile.example.com\n

                Note: JWT_PRIVATE_KEY, A random string with a length of no less than 32 characters, generate example: pwgen -s 40 1

                "},{"location":"upgrade/upgrade_notes_for_12.0.x/#4-start-seafile-120x-server","title":"4) Start Seafile-12.0.x server","text":""},{"location":"upgrade/upgrade_notes_for_12.0.x/#upgrade-seadoc-from-08-to-10","title":"Upgrade SeaDoc from 0.8 to 1.0","text":"

                If you have deployed SeaDoc v0.8 with Seafile v11.0, you can upgrade it to 1.0 use the following two steps:

                1. Delete sdoc_db.
                2. Re-deploy SeaDoc server. In other words, delete the old SeaDoc deployment and deploy a new SeaDoc server on a separate machine.

                Note, deploying SeaDoc and Seafile binary package on the same server is no longer supported. If you really want to deploying SeaDoc and Seafile server on the same machine, you should deploy Seafile server with Docker.

                "},{"location":"upgrade/upgrade_notes_for_12.0.x/#delete-sdoc_db","title":"Delete sdoc_db","text":"

                From version 1.0, SeaDoc is using seahub_db database to store its operation logs and no longer need an extra database sdoc_db. The database tables in seahub_db are created automatically when you upgrade Seafile server from v11.0 to v12.0. You can simply delete sdoc_db.

                "},{"location":"upgrade/upgrade_notes_for_12.0.x/#deploy-a-new-seadoc-server","title":"Deploy a new SeaDoc server","text":"

                Please see the document Setup SeaDoc to install SeaDoc on a separate machine and integrate with your binary packaged based Seafile server v12.0.

                "},{"location":"upgrade/upgrade_notes_for_12.0.x/#faq","title":"FAQ","text":"

                We have documented common issues encountered by users when upgrading to version 12.0 in our FAQ https://cloud.seatable.io/dtable/external-links/7b976c85f504491cbe8e/?tid=0000&vid=0000.

                If you encounter any issue, please give it a check.

                "},{"location":"upgrade/upgrade_notes_for_7.0.x/","title":"Upgrade notes for 7.0.x","text":"

                These notes give additional information about changes. Please always follow the main upgrade guide.

                "},{"location":"upgrade/upgrade_notes_for_7.0.x/#upgrade-notes-for-ce-70x","title":"Upgrade notes for CE-7.0.x","text":"

                If you are currently using the Seafile Community Edition, please refer to Upgrade notes for CE-7.0.x.

                "},{"location":"upgrade/upgrade_notes_for_7.0.x/#upgrade-notes-for-pro-70x","title":"Upgrade notes for Pro-7.0.x","text":"

                If you are currently using Seafile Professional, please refer to Upgrade notes for Pro-7.0.x.

                "},{"location":"upgrade/upgrade_notes_for_7.1.x/","title":"Upgrade notes for 7.1.x","text":"

                These notes give additional information about changes. Please always follow the main upgrade guide.

                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#important-release-changes","title":"Important release changes","text":"

                From 7.1.0 version, Seafile will depend on the Python 3 and is\u00a0not\u00a0compatible\u00a0with\u00a0Python\u00a02.

                Therefore you cannot upgrade directly from Seafile 6.x.x to 7.1.x.

                If your current version of Seafile is not 7.0.x, you must first download the 7.0.x installation package and upgrade to 7.0.x before performing the subsequent operations.

                To support both Python 3.6 and 3.7, we no longer bundle python libraries with Seafile package. You need to install most of the libraries by your own as bellow.

                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#deploy-python3","title":"Deploy Python3","text":"

                Note, you should install Python libraries system wide using root user or sudo mode.

                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#seafile-ce","title":"Seafile-CE","text":"
                • For Ubuntu 16.04/18.04 or Debian 10
                sudo apt-get install python3 python3-setuptools python3-pip memcached libmemcached-dev -y\n\nsudo pip3 install --timeout=3600 Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.3.8 \\\n    django-pylibmc django-simple-captcha python3-ldap\n
                • For CentOS 7/8
                yum install python3 python3-setuptools python3-pip -y\n\nsudo pip3 install --timeout=3600 Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.3.8 \\\n    django-pylibmc django-simple-captcha python3-ldap\n
                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#seafile-pro","title":"Seafile-Pro","text":"
                • For Ubuntu 16.04/18.04 or Debian 10
                apt-get install python3 python3-setuptools python3-pip -y\n\nsudo pip3 install --timeout=3600 Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.3.8 \\\n    django-pylibmc django-simple-captcha python3-ldap\n
                • For CentOS 7/8
                yum install python3 python3-setuptools python3-pip -y\n\nsudo pip3 install --timeout=3600 Pillow==9.4.0 pylibmc captcha jinja2 sqlalchemy==1.3.8 \\\n    django-pylibmc django-simple-captcha python3-ldap\n
                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#upgrade-to-71x","title":"Upgrade to 7.1.x","text":"
                1. Stop Seafile-7.0.x server.
                2. Start from Seafile 7.0.x, run the script:
                upgrade/upgrade_7.0_7.1.sh\n
                1. Clear the Seahub cache:
                rm -rf /tmp/seahub_cache # Clear the Seahub cache files from disk.\n# If you are using the Memcached service, you need to restart the service to clear the Seahub cache.\nsystemctl restart memcached\n
                1. Start Seafile-7.1.x server.
                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#proxy-seafdav","title":"Proxy Seafdav","text":"

                After Seafile 7.1.x, Seafdav does not support Fastcgi, only Wsgi.

                This means that if you are using Seafdav functionality and have deployed Nginx or Apache reverse proxy. You need to change Fastcgi to Wsgi.

                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#for-nginx","title":"For Nginx","text":"

                For Seafdav, the configuration of Nginx is as follows:

                .....\n    location /seafdav {\n        proxy_pass         http://127.0.0.1:8080/seafdav;\n        proxy_set_header   Host $host;\n        proxy_set_header   X-Real-IP $remote_addr;\n        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header   X-Forwarded-Host $server_name;\n        proxy_set_header   X-Forwarded-Proto $scheme;\n        proxy_read_timeout  1200s;\n        client_max_body_size 0;\n\n        access_log      /var/log/nginx/seafdav.access.log seafileformat;\n        error_log       /var/log/nginx/seafdav.error.log;\n    }\n
                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#for-apache","title":"For Apache","text":"

                For Seafdav, the configuration of Apache is as follows:

                ......\n    <Location /seafdav>\n        ProxyPass \"http://127.0.0.1:8080/seafdav\"\n    </Location>\n
                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#builtin-office-file-preview","title":"Builtin office file preview","text":"

                The implementation of builtin office file preview has been changed. You should update your configuration according to:

                https://download.seafile.com/published/seafile-manual/deploy_pro/office_documents_preview.md#user-content-Version%207.1+

                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#if-you-are-using-ceph-backend","title":"If you are using Ceph backend","text":"

                If you are using Ceph storage backend, you need to install new python library.

                On Debian/Ubuntu (Seafile 7.1+):

                sudo apt-get install python3-rados\n
                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#login-page-customization","title":"Login Page Customization","text":"

                If you have customized the login page or other html pages, as we have removed some old javascript libraries, your customized pages may not work anymore. Please try to re-customize based on the newest version.

                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#user-name-encoding-issue-with-shibboleth-login","title":"User name encoding issue with Shibboleth login","text":"

                Note, the following patch is included in version pro-7.1.8 and ce-7.1.5 already.

                We have two customers reported that after upgrading to version 7.1, users login via Shibboleth single sign on have a wrong name if the name contains a special character. We suspect it is a Shibboleth problem as it does not sending the name in UTF-8 encoding to Seafile. (https://issues.shibboleth.net/jira/browse/SSPCPP-2)

                The solution is to modify the code in seahub/thirdpart/shibboleth/middleware.py:

                158         if nickname.strip():  # set nickname when it's not empty\n159             p.nickname = nickname\n\nto \n\n158         if nickname.strip():  # set nickname when it's not empty\n159             p.nickname = nickname.encode(\"iso-8859-1\u201d).decode('utf8')\n

                If you have this problem too, please let us know.

                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#faq","title":"FAQ","text":""},{"location":"upgrade/upgrade_notes_for_7.1.x/#sql-error-during-upgrade","title":"SQL Error during upgrade","text":"

                The upgrade script will try to create a missing table and remove an used index. The following SQL errors are jus warnings and can be ignored:

                [INFO] updating seahub database...\n/opt/seafile/seafile-server-7.1.1/seahub/thirdpart/pymysql/cursors.py:170: Warning: (1050, \"Table 'base_reposecretkey' already exists\")\n  result = self._query(query)\n[WARNING] Failed to execute sql: (1091, \"Can't DROP 'drafts_draft_origin_file_uuid_7c003c98_uniq'; check that column/key exists\")\n
                "},{"location":"upgrade/upgrade_notes_for_7.1.x/#internal-server-error-after-upgrade-to-version-71","title":"Internal server error after upgrade to version 7.1","text":"

                Please check whether the seahub process is running in your server. If it is running, there should be an error log in seahub.log for internal server error.

                If seahub process is not running, you can modify\u00a0conf/gunicorn.conf, change\u00a0daemon = True \u00a0to\u00a0daemon = False \u00a0, then run ./seahub.sh again. If there are missing Python dependencies, the error will be reported in the terminal.

                The most common issue is that you use an old memcache configuration that depends on python-memcache. The new way is

                'BACKEND': 'django_pylibmc.memcached.PyLibMCCache'\n

                The old way is

                'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',\n
                "},{"location":"upgrade/upgrade_notes_for_8.0.x/","title":"Upgrade notes for 8.0","text":"

                These notes give additional information about changes. Please always follow the main upgrade guide.

                "},{"location":"upgrade/upgrade_notes_for_8.0.x/#important-release-changes","title":"Important release changes","text":"

                From 8.0, ccnet-server component is removed. But ccnet.conf is still needed.

                "},{"location":"upgrade/upgrade_notes_for_8.0.x/#install-new-python-libraries","title":"Install new Python libraries","text":"

                Note, you should install Python libraries system wide using root user or sudo mode.

                • For Ubuntu 18.04/20.04
                apt-get install libmysqlclient-dev\n\nsudo pip3 install -U future mysqlclient sqlalchemy==1.4.3\n
                • For Debian 10
                apt-get install  default-libmysqlclient-dev \n\nsudo pip3 install future mysqlclient sqlalchemy==1.4.3\n
                • For CentOS 7
                yum install python3-devel mysql-devel gcc gcc-c++ -y\n\nsudo pip3 install future\nsudo pip3 install mysqlclient==2.0.1 sqlalchemy==1.4.3\n
                • For CentOS 8
                yum install python3-devel mysql-devel gcc gcc-c++ -y\n\nsudo pip3 install future mysqlclient sqlalchemy==1.4.3\n
                "},{"location":"upgrade/upgrade_notes_for_8.0.x/#change-shibboleth-setting","title":"Change Shibboleth Setting","text":"

                If you are using Shibboleth and have configured EXTRA_MIDDLEWARE_CLASSES

                EXTRA_MIDDLEWARE_CLASSES = (\n    'shibboleth.middleware.ShibbolethRemoteUserMiddleware',\n)\n

                please change it to EXTRA_MIDDLEWARE

                EXTRA_MIDDLEWARE = (\n    'shibboleth.middleware.ShibbolethRemoteUserMiddleware',\n)\n

                As support for old-style middleware using settings.MIDDLEWARE_CLASSES is removed since django 2.0.

                "},{"location":"upgrade/upgrade_notes_for_8.0.x/#upgrade-to-80x","title":"Upgrade to 8.0.x","text":"
                1. Stop Seafile-7.1.x server.

                2. Start from Seafile 7.1.x, run the script:

                  upgrade/upgrade_7.1_8.0.sh\n

                3. Start Seafile-8.0.x server.

                "},{"location":"upgrade/upgrade_notes_for_9.0.x/","title":"Upgrade notes for 9.0","text":"

                These notes give additional information about changes. Please always follow the main upgrade guide.

                "},{"location":"upgrade/upgrade_notes_for_9.0.x/#important-release-changes","title":"Important release changes","text":"

                9.0 version includes following major changes:

                1. SERVICE_URL is moved from ccnet.conf to seahub_settings.py. The upgrade script will read it from ccnet.conf and write to seahub_settings.py
                2. (pro edition only) ElasticSearch is upgraded to version 6.8. ElasticSearch needs to be installed and managed individually. (As ElasticSearch changes license since 6.2, it can no longer be included in Seafile package). There are some benefits for ElasticSearch to be managed individually:
                  • Reduce the size of Seafile package
                  • You can change ElasticSearch setttings more easily
                3. (pro edition only) The built-in Office file preview is now implemented by a separate docker image. This makes is more easy to maintain. We also suggest users to use OnlyOffice as an alternative.
                4. Seafile community edition package for CentOS is no longer maintained (pro editions will still be maintaied). We suggest users to migrate to Docker images.
                5. We rewrite HTTP service in seaf-server with golang and move it to a separate component (turn off by default)

                The new file-server written in golang serves HTTP requests to upload/download/sync files. It provides three advantages:

                • The performance is better in a high-concurrency environment and it can handle long requests.
                • Now you can sync libraries with large number of files.
                • Now file zipping and downloading can be done simutaneously. When zip downloading a folder, you don't need to wait until zip is done.
                • Support rate control for file uploading and downloading.

                You can turn golang file-server on by adding following configuration in seafile.conf

                [fileserver]\nuse_go_fileserver = true\n
                "},{"location":"upgrade/upgrade_notes_for_9.0.x/#new-python-libraries","title":"New Python libraries","text":"

                Note, you should install Python libraries system wide using root user or sudo mode.

                • For Ubuntu 18.04/20.04
                sudo pip3 install pycryptodome==3.12.0 cffi==1.14.0\n
                "},{"location":"upgrade/upgrade_notes_for_9.0.x/#upgrade-to-90x","title":"Upgrade to 9.0.x","text":"
                1. Stop Seafile-8.0.x server.

                2. Start from Seafile 9.0.x, run the script:

                  upgrade/upgrade_8.0_9.0.sh\n

                3. Start Seafile-9.0.x server.

                "},{"location":"upgrade/upgrade_notes_for_9.0.x/#update-elasticsearch-pro-edition-only","title":"Update ElasticSearch (pro edition only)","text":""},{"location":"upgrade/upgrade_notes_for_9.0.x/#method-one-rebuild-the-index-and-discard-the-old-index-data","title":"Method one, rebuild the index and discard the old index data","text":"

                If your elasticsearch data is not large, it is recommended to deploy the latest 7.x version of ElasticSearch and then rebuild the new index. Specific steps are as follows

                Download ElasticSearch image

                docker pull elasticsearch:7.16.2\n

                Create a new folder to store ES data and give the folder permissions

                mkdir -p /opt/seafile-elasticsearch/data  && chmod -R 777 /opt/seafile-elasticsearch/data/\n

                Note: You must properly grant permission to access the es data directory, and run the Elasticsearch container as the root user, refer to here.

                Start ES docker image

                sudo docker run -d --name es -p 9200:9200 -e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" -e \"ES_JAVA_OPTS=-Xms2g -Xmx2g\" -e \"xpack.security.enabled=false\" --restart=always -v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data -d elasticsearch:7.16.2\n

                Delete old index data

                rm -rf /opt/seafile/pro-data/search/data/*\n

                Modify seafevents.conf

                [INDEX FILES]\nexternal_es_server = true\nes_host = your server's IP (use 127.0.0.1 if deployed locally)\nes_port = 9200\n

                Restart seafile

                su seafile\ncd seafile-server-latest/\n./seafile.sh stop && ./seahub.stop \n./seafile.sh start && ./seahub.start \n
                "},{"location":"upgrade/upgrade_notes_for_9.0.x/#method-two-reindex-the-existing-data","title":"Method two, reindex the existing data","text":"

                If your data volume is relatively large, it will take a long time to rebuild indexes for all Seafile databases, so you can reindex the existing data. This requires the following steps

                • Download and start Elasticsearch 7.x
                • Use the existing data to execute ElasticSearch Reindex in order to build an index that can be used in 7.x

                The detailed process is as follows

                Download ElasticSearch image:

                docker pull elasticsearch:7.16.2\n

                PS\uff1aFor seafile version 9.0, you need to manually create the elasticsearch mapping path on the host machine and give it 777 permission, otherwise elasticsearch will report path permission problems when starting, the command is as follows 

                mkdir -p /opt/seafile-elasticsearch/data \n

                Move original data to the new folder and give the folder permissions

                mv  /opt/seafile/pro-data/search/data/*  /opt/seafile-elasticsearch/data/\nchmod -R 777 /opt/seafile-elasticsearch/data/\n

                Note: You must properly grant permission to access the es data directory, and run the Elasticsearch container as the root user, refer to here.

                Start ES docker image

                sudo docker run -d --name es -p 9200:9200 -e \"discovery.type=single-node\" -e \"bootstrap.memory_lock=true\" -e \"ES_JAVA_OPTS=-Xms1g -Xmx1g\" -e \"xpack.security.enabled=false\" --restart=always -v /opt/seafile-elasticsearch/data:/usr/share/elasticsearch/data -d elasticsearch:7.16.2\n

                Note:ES_JAVA_OPTS can be adjusted according to your need.

                Create an index with 7.x compatible mappings.

                curl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repo_head?include_type_name=false&pretty=true' -d '\n{\n  \"mappings\" : {\n    \"properties\" : {\n      \"commit\" : {\n        \"type\" : \"text\",\n        \"index\" : false\n      },\n      \"repo\" : {\n        \"type\" : \"text\",\n        \"index\" : false\n      },\n      \"updatingto\" : {\n        \"type\" : \"text\",\n        \"index\" : false\n      }\n    }\n  }\n}'\n\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repofiles/?include_type_name=false&pretty=true' -d '\n{\n  \"settings\" : {\n    \"index\" : {\n      \"number_of_shards\" : 5,\n      \"number_of_replicas\" : 1,\n      \"analysis\" : {\n        \"analyzer\" : {\n          \"seafile_file_name_ngram_analyzer\" : {\n            \"filter\" : [\n              \"lowercase\"\n            ],\n            \"type\" : \"custom\",\n            \"tokenizer\" : \"seafile_file_name_ngram_tokenizer\"\n          }\n        },\n        \"tokenizer\" : {\n          \"seafile_file_name_ngram_tokenizer\" : {\n            \"type\" : \"ngram\",\n            \"min_gram\" : \"3\",\n            \"max_gram\" : \"4\"\n          }\n        }\n      }\n    }\n  },\n  \"mappings\" : {\n    \"properties\" : {\n      \"content\" : {\n        \"type\" : \"text\",\n        \"term_vector\" : \"with_positions_offsets\"\n      },\n      \"filename\" : {\n        \"type\" : \"text\",\n        \"fields\" : {\n          \"ngram\" : {\n            \"type\" : \"text\",\n            \"analyzer\" : \"seafile_file_name_ngram_analyzer\"\n          }\n        }\n      },\n      \"is_dir\" : {\n        \"type\" : \"boolean\"\n      },\n      \"mtime\" : {\n        \"type\" : \"date\"\n      },\n      \"path\" : {\n        \"type\" : \"keyword\"\n      },\n      \"repo\" : {\n        \"type\" : \"keyword\"\n      },\n      \"size\" : {\n        \"type\" : \"long\"\n      },\n      \"suffix\" : {\n        \"type\" : \"keyword\"\n      }\n    }\n  }\n}'\n

                Set the refresh_interval to -1 and the number_of_replicas to 0 for efficient reindexing:

                curl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repo_head/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : \"-1\",\n    \"number_of_replicas\" : 0\n  }\n}'\n\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repofiles/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : \"-1\",\n    \"number_of_replicas\" : 0\n  }\n}'\n

                Use the reindex API to copy documents from the 5.x index into the new index.

                curl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_reindex/?pretty' -d '\n{\n  \"source\": {\n    \"index\": \"repo_head\",\n    \"type\": \"repo_commit\"\n  },\n  \"dest\": {\n    \"index\": \"new_repo_head\",\n    \"type\": \"_doc\"\n  }\n}'\n\ncurl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_reindex/?pretty' -d '\n{\n  \"source\": {\n    \"index\": \"repofiles\",\n    \"type\": \"file\"\n  },\n  \"dest\": {\n    \"index\": \"new_repofiles\",\n    \"type\": \"_doc\"\n  }\n}'\n

                Reset the refresh_interval and number_of_replicas to the values used in the old index.

                curl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repo_head/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : null,\n    \"number_of_replicas\" : 1\n  }\n}'\n\ncurl -X PUT -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/new_repofiles/_settings?pretty' -d '\n{\n  \"index\" : {\n    \"refresh_interval\" : null,\n    \"number_of_replicas\" : 1\n  }\n}'\n

                Wait for the index status to change to green.

                curl http{s}://{es server IP}:9200/_cluster/health?pretty\n

                Use the aliases API delete the old index and add an alias with the old index name to the new index.

                curl -X POST -H 'Content-Type: application/json' 'http{s}://{es server IP}:9200/_aliases?pretty' -d '\n{\n  \"actions\": [\n    {\"remove_index\": {\"index\": \"repo_head\"}},\n    {\"remove_index\": {\"index\": \"repofiles\"}},\n    {\"add\": {\"index\": \"new_repo_head\", \"alias\": \"repo_head\"}},\n    {\"add\": {\"index\": \"new_repofiles\", \"alias\": \"repofiles\"}}\n  ]\n}'\n

                After reindex, modify the configuration in Seafile.

                Modify seafevents.conf

                [INDEX FILES]\nexternal_es_server = true\nes_host = your server's IP\nes_port = 9200\n

                Restart seafile

                su seafile\ncd seafile-server-latest/\n./seafile.sh stop && ./seahub.stop \n./seafile.sh start && ./seahub.start \n
                "},{"location":"upgrade/upgrade_notes_for_9.0.x/#method-three-if-you-are-in-a-cluster-environment","title":"Method three, if you are in a cluster environment","text":"

                Deploy a new ElasticSeach 7.x service, use Seafile 9.0 version to deploy a new backend node, and connect to ElasticSeach 7.x. The background node does not start the Seafile background service, just manually run the command ./pro/pro.py search --update, and then upgrade the other nodes to Seafile 9.0 version and use the new ElasticSeach 7.x after the index is created. Then deactivate the old backend node and the old version of ElasticSeach.

                "}]} \ No newline at end of file