| Univention Corporate Server (UCS) | UCS is a debian-based server operating system with an integrated identity and infrastructure management system for the cross-plattform administration of servers, services, clients, desktops and users. UCS is a product of Univention GmbH, based in Bremen, Germany. When this documentation refers to a or the UCS, it refers to a UCS instance. |
| UCS-Host | A UCS-Host is a virtual machine or a physical server running UCS. |
| Univention App Center | The Univention App Center (also App Center) is an app store for UCS. Various producers offer their software solutions for companies and public institutions there. App center apps can be installed with a few clicks and be managed via UCS’ central management system. The App Center is operated by Univention GmbH. |
| Seafile App | The Seafile App is a Docker container, available in the Univention App Center, that installs a Seafile Server Professional Edition on a UCS including requirements and complementary services. Install scripts ensure the Seafile Server’s integration with the UCS identity management and other services as well as other apps from the App Center. The Seafile App is maintained by datamate GmbH & Co. KG, Mainz, Germany. |
| Seafile Server Professional Edition | The Seafile Server Professional Edition (also Seafile) is a file collaboration solution developed by Seafile Ltd., based in Beijing, China. datmate GmbH & Co. KG is the general distributor of Seafile in Europe. |
| Seahub | Seahub is the web interface of Seafile. After the installation of the Seafile App, Seahub is available at http(s)://ucs-host.domain.tld/seafile. |
| System Admin | System Admin is the admin area within Seahub, where Seafile can be administrated and adapted to individual requirements. Only users with administrative privileges for Seafile can access System Admin. |
The Seafile App requires UCS version 4.4-1 errata200 (released Juli 16, 2019) or newer. Additional requirements are outlined in the following subsections.
The required resources depend largely on the number of concurrent connections to Seafile (i.e., users simultaneously up- and downloading files from/to Seafile). The following minimum requirements are recommended:
Besides above requirements, it is generally recommended to install UCS and the database on a solid-state disk (SSD) for better performance. If you integrate the Seafile App with another app (e.g., the document servers from Collabora or ONLYOFFICE), addtional hardware resources are recommended.
Seafile is proprietary Software using a so-called named-based license model. This means the license agreement stipulates the maximum number of users that can be registered in the system.
This said, you can try Seafile without a paid license. The Seafile App can be used without limitations with up to three users. The administrator user created during the installation is one of the three users. In order to use Seafile with more than three users, you must purchase a license.
You can buy a license for up to 9 users in the Seafile Customer Center. If you wish to license more than 9 users, please contact Seafile’s European distributor datamate.
You activate additional users in Seafile with a license file that is upload to the UCS. Connect to your UCS via SSH or (S)FTP/SCP and copy the license file in the directory /var/lib/univention-appcenter/apps/seafile/data/seafile-data/seafile/. Make sure the license file has the name seafile-license.txt. Restart the Seafile App now either using the shell command univention-app restart seafile or by the click of a button in the app settings in the App Center. You can check the license status in the ‘Info’ menu in System Admin.
The upload of the license file via the ‘Info’ menu in System Admin is not recommended. When uploaded there, the license file is saved within the Docker container where it is not update-safe (see Section 3.2.).
The Seafile App can be easily installed via the App Center. Observe the following instructions.
Simply put, the installation of the Seafile App is performed is four steps:
Depending on the circusmstance, the installation can take up to 15 Minutes and longer. After installation, Seafile’s web interface Seahub is available at the URL http(s)://ucs-host.domain.tld/seafile. You can log in with the credentials of the administrator user created at the beginning of the installation process.
Seafile supports several different user authentication options. The Seafile App uses Seafile’s own user database as well as the the identity management system of UCS.
The administrator user, whose access credentials were defined in the first step of the installation process, is created in Seafile’s user database. This user is independent auf UCS’ identity management system. You can use this user to accss System Admin in Seahub.
A Seafile administrator can nominate other administrators via the tab ‘Admins’ in the menu ‘Users’ in System Admin. Users from Seafile’s own user database as well as users from UCS’ user management can be made administrator (see Section 5.).
If you delete/disabled all administrator users or forget their access credentials, you can reset an administrator account or create a new administrator account via the shell.
Connect to your UCS-Host and open a bash shell in the Docker container using the command docker exec -it seafile /bin/bash. The command ./seafile-server-latest/reset-admin.sh requires an email address and a password. The command enables a user/resets its password or creates a new administrator user.
In the third step of the installation process, the install script checks whether or not the Collabora Online or the ONLYOFFICE App are installed on the UCS host. If either is found, the installed app is integrated as document server for Seahub. If multiple editors are found, none is automatically configured.
The integration of the online editors can be changed/configured at any point after the installations via Seafile’s configuration files (see Section 6.).
Additional automatic integrations with other apps of the App Center (i.e, groupware, backup, antimalware) are currently not available. Yet, there are plenty possibilities for manual integrations using Seafile’s configuration files. This way, many further integrations of the Seafile App with other App Center apps are possible (see Section 6.).
Following the release of new versions of Seafile, updated Seafile Apps are made available in the App Center in a timely manner. From there, updates can be installed with just one click. Update scripts, that need to be run manually when updating a standalone Seafile system, are executed automatically when updating the Seafile App. Observe the following instructions to prevent complications.
Changes made in the system configuration via System Admin are not affected by an app update. The same goes for all changes in configuration files (see Section 6.). All of Seafile’s configuration files are saved outside the Seafile App’s Docker container.
The situation is different for configuration adjustments of the web server nginx. The configuration files of nginx are stored within the Seafile App’s Docker container which is replaced during an app update. Save the configuration files of the web server before running an update to save manual changes (i.e., when the WebDAV interface was enabled and corresponding manual edits were made in the nginx configuration).
If the license file was uploaded to the UCS host via SSH/(S)FTP/SCP (see Section 1.2.) – as it is recommended – , an app update has no effect on the license file and all licensed users will be available in the updated Seafile App.
The situation is different if the license was uploaded via System Admin. In this case, the license file needs to be uploaded again after the app update. Keep in mind that Seafile will refuse to start if more than three registered users have the status ‘active’ at the time of the app’s start.
The Seafile App’s uninstallation is performed – like the installation – via the App Center. The uninstallation must be confirmed twice for security reasons.
Beginning with version 7.0.10, only the docker containers installed by the Seafile App are deleted during uninstallation. Data base and saved files remain in the folder /var/lib/univention-appcenter/apps/seafile/data and so does the file mysql_passwort.secret in the folder /var/lib/univention-appcenter/backups/appcenter-backup-seafile:TIMESTAMP/conf. If Seafile is to be removed from the UCS host entirely, these two folders must also be deleted.
In version 7.0.7, when uninstalling the app, all data stored in Seafile will be deleted. The data cannot be restored.
Ab der Version 7.0.10 werden bei der Deinstallation nur die durch die Seafile App installierten Docker Container gelöscht. Datenbank und gespeicherte Dateien liegen weiterhin im Ordner /var/lib/univention-appcenter/apps/seafile/data. Im Ordner /var/lib/univention-appcenter/backups/appcenter-backup-seafile:TIMESTAMP/conf liegt die Datei mysql_password.secret. Wenn Seafile vollständig vom UCS-Host entfernt werden soll, dann müssen diese beiden Ordner ebenfalls gelöscht werden.
In der Version 7.0.7 werden bei der Deinstallation der App alle Daten, die in Seafile gespeichert sind, dauerhaft gelöscht. Die Daten lassen sich nicht wiederherstellen.
The Seafile App uses the LDAP-based identity management system of UCS. The following subsections provide some details to be kept in mind.
You grant users access to Seafile via the UCS’ user management. The synchronisation of the user data (surname, name, user name and email) between UCS and the Seafile App takes place every 60 seconds. Once the user data has been synced, the user can log in to Seafile using his/her UCS credentials.
Seafile requires an email address of every user. The field ‘primary email address’ in the UCS’ user management must therefore be filled out.
The role ‘standard’ is assigned by default to every user granted access to Seafile. The permissions of every role can be modified via Seafile’s role definitions. Administrator permissions for Seafile are not assigned via UCS’ user administration. Additional users are made admin in System Admin (siehe Section 2.2.).
The maximum number of active users is determined by the license file uploaded to Seafile (see Section 1.2.). The LDAP synchronisation verifies that the maximum number of users is not exceeded. This means that an unlimited number of users can be granted access to Seafile in UCS’ user administration, but only as many users are created as the license allows.
When the user limit is reached, you have two options to create new users: You can purchase a Seafile license with more users or you can revoke users’ access right to Seafile in UCS’s user administration (see Section 5.2.). The next time Seafile synchronizes the user data, the status of the users in question will be set to ‘inactive’. As a consequence, these users do not count against the license’s user limit.
The deactivation of a user is performed – like the activation – via the UCS’ user management. A user, whose access to Seafile has been revoked, has his/her status set to ‘inactive’ in Seafile. An inactive user cannot log in to Seafile – neither via Seafile’s web interface, nor via a client, yet his/her libraries remain accessible as shared libraries to other users and all sharing links also remain intact.
There is a known issue between Seafile and UCS’ user management: When a users’ access right is revoked, the user continues to count against the license’s user limit until a new user is granted access to Seafile.
The user administration in the ‘Users’ menu in System Admin is not recommended. When a user is deleted via the menu ‘Users’ in System Admin, all libraries of the user are moved to trash. But the user does not remain deleted. The LDAP synchronisation will recreate the user after 60 seconds at the latest, the libraries, however, will remain in trash.
Granting Seafile access to a group created in the Univention Management Consule is not possible with the standard settings. By default, the LDAP synchronisation with the Seafile App only takes account of individual users. If you wish to grant access to group members, it needs to be done group member by group member.
You can change this behavior by changing the LDAP configuration of the Seafile App. You can, for example, adjust filters of the LDAP connection and synchronize members of a group with Seafile. You can also synchronize multiple Univention groups with groups in Seafile (see Section 6.).
The Seafile App only offers a few configuration options in the App Center. The Seafile Professional Server, however, which is installed on the UCS by the Seafile App, boasts lots of configuration options through its configuration files. By manual manipulatation, Seafile can be adapted precisely to individual needs and requirements.
In the Seafile App’s settings, you have the following configuration options:
When saving the app settings, the corresponding values are written to Seafile’s config files. Any prior modifications in the configuration files are overwritten in the process.
All of Seafile’s configuration files are located on the UCS host in the path /var/lib/univention-appcenter/apps/seafile/data/seafile-data/seafile/conf/. In order to take effect, you need to restart the Seafile App after changing the configuration. You can do this either by shell command univention-app restart seafile or via the app settings in the App Center. If Seafile does not start after a change of a configuration file, it is probably due to false parameters or an inconsistent indentation in the PY config file.
Seafile’s configuration files and the possibilities to customize Seafile are documented comprehensively in the Seafile Manual. As a consequnce, this documentation of the Seafile App only provides an overview of the various configuration options as well as links to the Seafile Manual.
The seahub_settings.py contains all settings for Seafile’s web interface Seahub. In this configuration file, you can enable/disable particular functions in Seahub, change language settings, and define/alter user roles. You find a list of parameters for seahub_settings.py in the Seafile Manual.
The ccnet.conf contains all settings for LDAP authentication and synchronisation. You find more information about the configuration options in ccnet.conf at these links:
The seafile.conf contains all settings for the Seafile daemon and the fileserver. In this file, you can, for example, set the default quota for all users, modify the rules for emptying trash and define the maximum file size for uploads to Seafile. You find more information about the configuration options in seafile.conf in the Seafile Manual.
The seafevents.conf contains all settings for the indexation of the full text search and the conversion of office to PDF files. You find more information about the configuration options in seafevents.conf in the Seafile Manual.
The seafdav.conf contains all settings for Seafile’s WebDAV interface. In the Seafile App, WebDAV is disabled by default for security reasons. You find more information about the configuration options in seafdav.conf in the Seafile Manual.
The following sources may help you configure and use Seafile:
datamate GmbH & Co. KG, European distribution partner of Seafile and maintainer of the Seafile App in the Univention App Center, also offers individual support as well as support and maintenance contracts.
The various components of Seafile are released under different licenses:
The source code of the components released under an open-source license is available on GitHub.
Generally speaking, a backup solution endorsed by Univention is recommended. For more information on backing up a UCS system, consult the Univention Wiki. If you want to run a simple backup of the Seafile container via the console, then just save the contents of the path /var/lib/univention-appcenter/apps/seafile/.