Seafile is an open source file sharing software that allows its users to setup their own cloud storage at home. Think Dropbox, but self-hosted.

This post is about deploying an instance of Seafile using Docker on a non-standard port (i.e. not 80 and 443). The reason to deploy the app on a non-standard port is usually because there is already another webserver running on that port (in my case Apache 2). In such scenarios, it is necessary to set up a reverse proxy so the Seafile port can be exposed by Apache on ports 80/443. Under typical circumstances, deploying Seafile on a standard port would mean that the app would host itself without the need for Apache 2 at all. This post also assumes Ubuntu 16.04 as the operating system, but in theory should apply to other Linux OS’s.

The process can be split into multiple parts:

  1. Setup Docker
  2. Deploy Seafile
  3. Configure Apache 2
  4. Setup systemd
  5. Setup e-mail (optional)
  6. Backing up the image
  7. Troubleshooting

Setup Docker

This guide won’t go into depth on how to setup Docker, but rather the setup guide and more information about what Docker is can be found here: https://docs.docker.com/get-started/

Deploy Seafile

The key page in the Seafile documentation for deploying Seafile within Docker can be found here: https://manual.seafile.com/deploy/deploy_with_docker.html. The command I used is as follows:

docker run -d --name seafile \
  -e SEAFILE_SERVER_HOSTNAME=seafile.example.com \
  -e SEAFILE_ADMIN_EMAIL=me@example.com \
  -e SEAFILE_ADMIN_PASSWORD=a_very_secret_password \
  -v /opt/seafile-data:/shared \
  -p 8000:80 \
  seafileltd/seafile:latest

I recommend setting up Seafile with an actual secret password because it’s not easy to change once it’s set up.

Note that the port argument shows 8000:80. It means that Docker will use the host port 8000 and the container will use port 80 – meaning that using Docker will interpret requests from my host OS on port 8000 as requests on port 80 in the container. 8000 was used on my setup because port 80 was already used.

Once the command is executed, the necessary files will be downloaded and the container will start and will be accessible on port 8000.

There is also an option to setup Seafile with an SSL cert from Let’s Encrypt, but I didn’t do this because I already had a cert that I wanted to reuse.

Once the server is up, navigate to https://seafile.example.com/sys/settings/ and change SERVICE_URL and FILE_SERVER_URL to match your domain name.

Configure Apache 2

Adding a reverse proxy on Apache 2 will allow Apache 2 to route requests to port 8000, which will go to port 80 in the container. The main reference for this section is this: https://manual.seafile.com/deploy/deploy_seahub_at_non-root_domain.html. This is done by adding a new site to Apache 2. The following configuration assumes that a LetsEncrypt SSL certificate is used.

cd /etc/apache2/sites-available
sudo nano seafile.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName seafile.example.com
        ServerAdmin me@example.com

        RewriteEngine On

        # ModSecurity does not process requests.  There is a hard limit of 1 GB
        # with ModSecurity.
        SecRuleEngine Off

        # Whitelist internal IPs for mod_evasive
        DOSWhitelist 192.168.1.*

        <Location /media>
                Require all granted
        </Location>

        # Stuff for seafile server
        ProxyPass /seafhttp http://127.0.0.1:8082
        ProxyPassReverse /seafhttp http://127.0.0.1:8082
        RewriteRule ^/seafhttp - [QSA,L]

        # Stuff for seahub
        SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
        ProxyPreserveHost On
        ProxyPass / http://127.0.0.1:8000/
        ProxyPassReverse / http://127.0.0.1:8000/

        ErrorLog ${APACHE_LOG_DIR}/seafile_error.log
        CustomLog ${APACHE_LOG_DIR}/seafile_access.log combined

        Include /etc/letsencrypt/options-ssl-apache.conf

        SSLCertificateFile /path/to/cert/file.pem
        SSLCertificateKeyFile /path/to/cert/key/file.pem
</VirtualHost>
</IfModule>

I’ve added my local domain to the whitelist so that mod_evasive doesn’t think my local host is a threat.

There are two sets of ProxyPass and ProxyPassReverse lines. The reason for this is that Seafile is split up into Seahub and Seafile, where one uses port 8082 (by default), while the other uses 8000. These two lines are essentially what allows Apache to read requests from port 443 and pass them on to the container.

Once the file is saved, execute the following

sudo a2ensite seafile.conf
sudo service apache2 reload

Navigating to the site at the Apache 2 defined port should now load Seafile without having to go to port 8000.

Setup systemd

systemd allows the Docker container to be started up on boot, and be controlled like this:

sudo service seafile start/stop/restart

The configuration is as follows:

sudo nano /etc/systemd/system/seafile.service
[Unit]
Description=Seafile Server
After=network.target mysql.service

[Service]
Type=oneshot
ExecStart=/usr/bin/docker container start seafile
ExecStop=/usr/bin/docker container stop seafile
ExecReload=/usr/bin/docker container restart seafile
RemainAfterExit=yes
User=root
Group=root

[Install]
WantedBy=multi-user.target

Once the configuration is saved, shut off the existing running instance of Seafile and then let systemd start it up for you.

sudo systemctl daemon-reload
sudo service seafile start

At this point, Seafile should start automatically on boot, with Apache 2 doing a reverse proxy to the true Seafile port.

Setup e-mail (optional)

Optionally, Seafile can be configured to send e-mails. The reference is here: https://manual.seafile.com/config/sending_email.html. The config file should be under:

/opt/seafile-data/seafile/conf/seahub_settings.py

I happen to be using Gmail SMTP, so at the end of the file I’ve added

EMAIL_USE_TLS = True
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_HOST_USER = 'me@example.com'
EMAIL_HOST_PASSWORD = 'password'
EMAIL_PORT = 587
DEFAULT_FROM_EMAIL = EMAIL_HOST_USER
SERVER_EMAIL = EMAIL_HOST_USER

Backing up the image

After setting everything up, you’ll probably want to backup the Docker image. First, print out the list of running containers

sudo docker ps

Then take a snapshot of the current running state:

docker commit -p  

Running this command lists all the images and should show this newly saved image:

sudo docker images

I don’t have a private docker repository, so I saved the image to the disk and backed up the file by doing the below. Just make sure to actually move the image to an actual backup location.

sudo docker save -o /.tar 

The image should be backed up now. To restore the image, it’s a matter of running this:

sudo docker load -i 

Listing the images as above should show that the image was successfully loaded. Running this starts it back up again.

sudo docker run 

Troubleshooting

Seafile logs can be helpful if it doesn’t start up correctly. These can be found at:

/opt/seafile-data/logs/seafile

There may be a need to ssh into the Docker container. The command for that is:

sudo docker exec -it seafile /bin/bash