Seafile on FreeBSD jail
Written by Kirill Filatov, on 04 March 2025.
Tags:
#freebsd
#bsd
Seafile on FreeBSD jails
This article is brief overview of seafile installation inside freebsd zfs jail.
Installation and initial setup
# ZFS clone jail
zfs clone zroot/jails/templates/14.2-RELEASE@base zroot/jails/containers/seafile
# Jail config
seafile {
# STARTUP/LOGGING
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_console_${name}.log";
# PERMISSIONS
allow.raw_sockets;
exec.clean;
mount.devfs;
# HOSTNAME/PATH
host.hostname = "${name}";
path = "/usr/local/jails/containers/${name}";
# NETWORK
# ip4 = inherit;
ip4.addr = 172.16.0.23;
interface = re0;
}
# Install packages
pkg -j seafile install seahub nginx mysql80-server memcached py311-pylibmc
Seafile-server and mysql80-client will be installed as dependancies.
Mind that you should use mysql80-server because of hardcoded mysql80-client to seafile package. If you need another server version you probably better compile seafile yourself from ports.
Now log into the jail:
jexec seafile /bin/sh
Do not forget to run secure script:
/usr/local/bin/mysql_secure_installation
If you setup seafile from scratch run installation script:
cd /usr/local/www/haiwen/seafile-server
./setup-seafile-mysql.sh
If you want to use existing database (probably from backup) you should do 2 things:
- Create seafile user
Mind that you need to create ‘seafile’@‘%’ user, not ‘seafile@localhost’ (otherwise you will not be able to run seafile setup script).
mysql -p
CREATE USER 'seafile'@'%' IDENTIFIED BY '<pass>'
GRANT ALL ON `ccnet-db`.* TO 'seafile'@'%';
GRANT ALL ON `seafile-db`.* TO 'seafile'@'%';
- DROP seahub database if using existing dump
DROP DATABASE `seahub-db`
Because setup script create all tables anyway and will fail it tables exist in database.
Now you can run setup script.
# Start services
sysrc seafile_enable="YES"
sysrc seahub_enable="YES"
service seafile start
service seahub start
# Nginx conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
server_tokens off;
server {
listen 80;
server_name <domain>;
root /usr/local/www/nginx;
error_page 500 502 503 504 /50x.html;
location = 50x.html {
root /usr/local/www/nginx-dist;
}
location / {
proxy_pass http://172.16.0.23:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_read_timeout 1200s;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
client_max_body_size 0;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://172.16.0.23:8082;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
client_max_body_size 0;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
}
location /seafdav {
proxy_pass http://172.16.0.23:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_http_version 1.1;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
# This option is only available for Nginx >= 1.8.0.
client_max_body_size 0;
proxy_request_buffering off;
}
}
}
Startup nginx and you should see login page in your browser.
If anything went wrong check logs dir at /usr/local/www/haiwen/logs/.
Setup caching
pip install django-pylibmc
All configs live in /usr/local/www/haiwen/conf.
# Seahub-settings.py for caching option
CACHES = {
'default': {
'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
'LOCATION': '172.16.0.23:11211',
},
}
Further configuration
Any futher configuration you can do via web interface with your admin account.
If you prefer config files do not hesitate to add
SERVICE_URL = http://seafile.example.com
in ccnet.conf
and
FILE_SERVER_ROOT = 'http://seafile.example.com/seafhttp'
in seahub_settings.py
# Add jail to jail_list for autostart in your rc.conf at host machine
jail_list=" seafile "
SSL
I use haproxy in front of nginx for SSL termination but its configuration is out of scope of this article.
Links
https://shoeper.gitbooks.io/seafile-docs/