Seafile server 6.2.0 beta is ready for testing!

Two factor authentication is moved to the community edition. The login page is redesigned, adding a background image.

Other changes includes:

  • Clean the list of languages
  • Add the ability of tagging a snapshot of a library (Use ENABLE_REPO_SNAPSHOT_LABEL = True to turn the feature on)
  • [Admin] Add an option to enable users to share a library to any groups in the system.
  • Use WSGI as the default mode for deploying Seahub.
  • Add a field Reference ID to support changing users primary ID in Shibboleth or LDAP
  • Improve performance of loading library list
  • Support adding a custom user search function (https://github.com/haiwen/seafile-docs/commit/115f5d85cdab7dc272da81bcc8e8c9b91d85506e)
  • Other small UI improvements

Enjoy the new version!

To use the WSGI mode, two steps are needed:

  1. Change the config file of Nginx/Apache.
  2. Restart Seahub with ./seahub.sh start instead of ./seahub.sh start-fastcgi

The configuration of Nginx is as following:

location / {
         proxy_pass         http://127.0.0.1:8000;
         proxy_set_header   Host $host;
         proxy_set_header   X-Real-IP $remote_addr;
         proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header   X-Forwarded-Host $server_name;
         proxy_read_timeout  1200s;

         # used for view/edit office file via Office Online Server
         client_max_body_size 0;

         access_log      /var/log/nginx/seahub.access.log;
         error_log       /var/log/nginx/seahub.error.log;
    }

The configuration of Apache is as following:

    # seahub
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
    ProxyPass / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000/

The auto-start script for your Linux system need also be changed.

Actually for version 6.1 or below, you can also use the WSGI mode by the above two steps. The WSGI mode is more stable in heavy load than FastCGI mode.

11 Likes

incredible, nice, thank you!

THANKS for the new version!

Please add an option to define the listening address for WSGI mode. Currentently is hardcoded on 0.0.0.0 at startup script seahub.sh.

1 Like

Switched Seahub to WSGI mode today on pro 6.1.8 for having a flawless transition to 6.2.x! Had no problem with FastCGI either but I prefer to stay with Seafile’s default. Thanks!
Everything runs smooth with WSGI, too :slight_smile:

What about Webdav? Also without fastcgi?
Please provide the config example. :slight_smile:

1 Like

Good question, I’ve never thought about that, because I’m using Apache and with Apache FastCGI has never been used for Webdav.
I would assume that Webdav still uses FastCGI with Nginx. See no reasons why it should have changed. But clarification welcome!

1 Like

You don’t have to change configuration for webdav. It’ll still use fastcgi mode.

Can we use it without fastcgi? There is an option in the seadav.config for that.

1 Like

I have upgraded my Seafile 6.1.2 → 6.2.0, everything was fine:

Updating seafile/seahub database …
[INFO] You are using SQLite3
Done
migrating avatars …
Done
updating /opt/seafile/seafile-server-latest symbolic link to /opt/seafile/seafile-server-6.2.0 …
Upgraded your seafile server successfully.

but when I have started seafile again I get this:

…/common/ccnet-db.c(142): Error exec query CREATE UNIQUE INDEX IF NOT EXISTS reference_id_index on EmailUser (reference_id): sqlite3_exec failed: table EmailUser has no column named reference_id.
failed to run “ccnet-server -t”

It looks like I am missing something… Can you help, please?

Same problem here! The upgrade_6.1_6.2.sh script ran successfully, but ccnet will not start afterwards.

Setup a quick testserver today and all works perfectly! Exept the Video Thumbnail creation.
While being in the Gallery the ffmpeg processes keep running but only if i reload the page a new thumb creation will be triggered(and on the reloaded page i will then see the thumb that it created before)
That means in general the creation works.
Could that be a problem in regards to the keep-alive or any other kind of timeout?
-Debian 9 Stretch

Nginx conf is below:

server{
listen 192.168.178.44:80;
server_name deb.fritz.box;
server_tokens off;

return 301 https://$host$request_uri;

}

HTTPS server

server{
listen 192.168.178.44:443 ssl http2;
server_name deb.fritz.box;
server_tokens off;

ssl_certificate	/etc/nginx/Certs/cert-calippo-cert;
ssl_certificate_key	/etc/nginx/Certs/cert-calippo-priv;
ssl_dhparam /etc/nginx/dhparam.pem;

ssl_session_timeout 5m;
ssl_session_cache shared:SSL:5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;

proxy_set_header X-Forwarded-For $remote_addr;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

location / {
	proxy_pass         http://127.0.0.1:8000;
	proxy_set_header   Host $host;
	proxy_set_header   X-Real-IP $remote_addr;
	proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header   X-Forwarded-Host $server_name;
	proxy_set_header   X-Forwarded-Proto https;

	access_log      /var/log/nginx/seahub.access.log;
	error_log       /var/log/nginx/seahub.error.log;

	proxy_read_timeout  1200s;

	client_max_body_size 0;
}
location /seafhttp {
	rewrite ^/seafhttp(.*)$ $1 break;
	proxy_pass http://127.0.0.1:8082;
	client_max_body_size 0;
	proxy_connect_timeout  36000s;
	proxy_read_timeout  36000s;
	proxy_send_timeout  36000s;
	send_timeout  36000s;
}
location /media {
	root /cloud/seafile-server-latest/seahub;
}

}

Nevermind!

The solution for this is to add:
proxy_http_version 1.1;

in both http proxy directives.

The error messages for this was:
[error] 3469#3469: *565 connect() failed (111: Connection refused) while connecting to upstream, client:

You should mention this in the manual :slight_smile:

2 Likes

Could someone kindly provide a custom user search function returning all group members for groups you are yourself a member of? I was trying hard but I sadly fail in Python debug skills.

There is a problem in sqlite upgrade, you can find ccnet/PeerMgr/usermgr.db and manually run sqls below:

sqlite3 usermgr.db
alter table LDAPUsers add column reference_id VARCHAR(255);
alter table EmailUser add column reference_id VARCHAR(255);
CREATE UNIQUE INDEX IF NOT EXISTS reference_id_index on EmailUser (reference_id);
CREATE UNIQUE INDEX IF NOT EXISTS ldapusers_reference_id_index on LDAPUsers(reference_id);

@Plague @raimue

Thank you @haikuo. The database fixed, the other problem jumped in:

Starting seahub at port 8000 ...
Traceback (most recent call last):
  File "/opt/seafile/seafile-server-6.2.0/seahub/thirdpart/gunicorn", line 9, in <module>
    load_entry_point('gunicorn==19.4.5', 'console_scripts', 'gunicorn')()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 542, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2569, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2229, in load
    return self.resolve()
  File "/usr/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2235, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/opt/seafile/seafile-server-6.2.0/seahub/thirdpart/gunicorn-19.4.5-py2.7.egg/gunicorn/app/wsgiapp.py", line 10, in <module>
    from gunicorn.app.base import Application
  File "/opt/seafile/seafile-server-6.2.0/seahub/thirdpart/gunicorn-19.4.5-py2.7.egg/gunicorn/app/base.py", line 14, in <module>
    from gunicorn.config import Config, get_default_config_file
  File "/opt/seafile/seafile-server-6.2.0/seahub/thirdpart/gunicorn-19.4.5-py2.7.egg/gunicorn/config.py", line 17, in <module>
    import ssl
  File "/usr/lib/python2.7/ssl.py", line 97, in <module>
    import _ssl             # if we can't import it, let the error propagate
ImportError: /usr/lib/python2.7/lib-dynload/_ssl.x86_64-linux-gnu.so: symbol SSL_CTX_set_alpn_protos, version OPENSSL_1.0.2 not defined in file libssl.so.1.0.0 with link time reference

This happens only when I start Seahub with ./seahub.sh start.
No problem when started with ./seahub.sh start-fastcgi though…
Any idea?

What operation system do you use? Ubuntu 16.04?

Yes. It is 16.04

Thank you, the SQL statements fixed the database problem for me.

Syncing with the Seafile desktop client works now and Seahub started on Debian 9 stretch (still using fcgi, though). However, Seahub fails to serve pages with “Page unavailable” after login. Now I will have to investigate where this is coming from.

Hmm… After fixing db-problem I get:
502 Bad Gateway

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name seafile.mydomain.de;

ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA2$
ssl_prefer_server_ciphers On;

ssl_certificate /etc/letsencrypt/live/seafile.mydomain.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seafile.mydomain.de/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/seafile.mydomain.de/chain.pem;

ssl_session_cache shared:SSL:128m;
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
ssl_stapling on;
ssl_stapling_verify on;

add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "DENY" always;
add_header X-Xss-Protection "1";

add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: https://co.mydomain.de";
add_header Referrer-Policy same-origin;

proxy_set_header X-Forwarded-For $remote_addr;

location / {
    proxy_pass         http://127.0.0.1:8000;
    proxy_set_header   Host $host;
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Host $server_name;
    proxy_read_timeout  1200s;
    proxy_http_version 1.1;

    client_max_body_size 0;

    access_log off;
    error_log /var/log/nginx/seahub.error.log error;
    fastcgi_read_timeout 36000;
}

location /seafhttp {
    rewrite ^/seafhttp(.*)$ $1 break;
    proxy_pass http://127.0.0.1:8082;
    client_max_body_size 0;
    proxy_connect_timeout  36000s;
    proxy_read_timeout  36000s;
    proxy_send_timeout  36000s;
    send_timeout  36000s;
    proxy_request_buffering off;
    proxy_http_version 1.1;
}

location /media {
    #root /blackhole/seafile/seafile-server-latest/seahub;
    root /home/seafile-service/seafile/seafile-server-latest/seahub;
}
}

Anyone could help please?

Fixed my Seahub. I also had to manually apply the DB upgrade for Seahub by running the SQLite3 queries in seafile-server-6.2.0/upgrade/sql/6.2.0/sqlite/seahub.sql against seahub.db.