Seafile WebClient, 12 CE Binary, Ubuntu 24 - permission denied when downloading via Web

tobiit · January 12, 2026, 10:11pm

I just now upgraded a fully functional installation of Seafile 10 on Ubuntu 20 to Seafile 12 on Ubuntu 24 (via Seafile 11 as an interim step).

Uploading works fine in all cases.

Downloading/Syncing etc. works fine when using the Android App or the Windows Client (Seadrive).

When logging onto the Windows interface (https://seafile.basisadresse.de ) the libraries are listed, I can access folders, the file listing is complete.

I can upload new files without problems. When I try to download a file that I just uploaded via the WebInterface the error:
”Permission denied.” is displayed.

I can’t find any log-file entry that makes sense or points me into any direction, that could solve the problem.

I am running nginx with the standard ssl config for nginx (did not touch that before, during or after the Sefile 10 upgrade).

daniel.pan · January 13, 2026, 2:20am

Here are some ways to debug the “Permission denied” error when downloading files via the Seafile Web Interface after upgrading your Seafile installation:

Check Nginx Configuration

The Nginx configuration is a frequent source of web-related issues after Seafile upgrades. Please carefully review your Nginx configuration file for your Seafile instance.

Check Browser Console for Exact Errors

The browser’s developer tools can provide immediate feedback on client-side errors and network request failures.

Open Developer Tools: In your web browser, open the developer tools (usually by pressing F12 or right-clicking on the page and selecting “Inspect Element”).
Navigate to Console and Network: Go to the “Console” tab to check for JavaScript errors and the “Network” tab to monitor HTTP requests.
Attempt Download: Try downloading a file from the Seafile web interface again.
Look for Errors: Observe the “Console” for any error messages (e.g., “Failed to load resource”, “Uncaught ReferenceError”). In the “Network” tab, look for failed requests (indicated by red text or non-200 status codes like 403 Forbidden or 500 Internal Server Error) related to the download attempt. These errors can pinpoint specific URLs or API calls that are failing.

Verify `SEAFILE_SERVER_URL` and `SEAFILE_SERVER_PROTOCOL` in `.env`

Incorrect service URL or protocol settings can lead to misdirected requests or security errors.

Locate .env`` file: Find the .env configuration file in your Seafile installation directory.
Check SEAFILE_SERVER_URL: Ensure that SEAFILE_SERVER_URL is set to the correct public domain name of your Seafile instance, including the protocol (e.g., https://seafile.yourdomain.com).
Check SEAFILE_SERVER_PROTOCOL: Verify that SEAFILE_SERVER_PROTOCOL is set to https if you are indeed using SSL, which is the case with your Nginx setup.

# Example .env entries
SEAFILE_SERVER_URL=https://seafile.basisadresse.de
SEAFILE_SERVER_PROTOCOL=https

Review Seafile Upgrade Notes and Configuration Files

Although you upgraded to Seafile 12, referring to the official upgrade notes is crucial as they detail significant changes and potential breaking points.

Consult Upgrade Documentation: Even if for a slightly newer version (e.g., Upgrade notes for 13.0.x), review the official Seafile upgrade notes relevant to your version path. Look for any changes related to web access, Nginx configuration, or file serving mechanisms.
Verify Dependencies: Confirm that all new system libraries and Python dependencies required for Seafile 12 on Ubuntu 24 were correctly installed and are accessible.
Clean Up Obsolete Configurations: Check seafile.conf and seahub_settings.py for any configurations that might be obsolete or superseded by new settings in Seafile 12, especially those now managed via the .env file. Conflicting settings can lead to unexpected behavior.

tobiit · January 14, 2026, 4:53pm

The Dev-Tools are really not providing much more enlightenment, there is the predictable 403, but no 500:

GET	https://seafile.basisadresse.de/seafhttp/repos/db6ee934-0156-44b5-a950-77d391f98009/files//Fonts/EBGaramond-Bold.ttf/?op=download

Status 403 Forbidden

Version HTTP/1.1

Transferred 167 B (19 B Größe)

Referrer Policy strict-origin-when-cross-origin

Priority Highest

You can check the behaviour via a public share link of some musical notes - LADIES-MASHUP-CELLO.pdf - Seafile Server Tobias Cloud this shows that the UI loads, the content not and clicking download give you the permission denied (although publicly shared).

nginx Logs are not really providing more insight, entry in seahub.error.log:
2026/01/14 16:11:02 [error] 102895#102895: *7729 connect() failed (111: Connection refused) while connecting to upstream, client: 163.123.181.182, server: seafile.basisadresse.de, request: “GET /api2/repos/ HTTP/1.1”, upstream: “http://127.0.0.1:8000/api2/repos/”, host: “seafile.basisadresse.de”

similar entry in seafhttp.error.log:
2026/01/14 16:10:43 [error] 102893#102893: *7952 connect() failed (111: Connection refused) while connecting to upstream, client: 95.90.195.242, server: seafile.basisadresse.de, request: “GET /seafhttp/accessible-repos/?repo_id=194dae69-a6dc-4d5c-bc82-b73fc88b8ed7 HTTP/1.1”, upstream: “http://127.0.0.1:8082/accessible-repos/?repo_id=194dae69-a6dc-4d5c-bc82-b73fc88b8ed7”, host: “seafile.basisadresse.de”

Tried all kinds of entries in the “ALLOWED HOST” config, but to no avail.

If I add the “SEAFILE_SERVICE_*” Parameters to the environment, seafile is no longer starting. I have SEAFILE_SERVER_URL and SEAFILE_SERVER_PROTOCOL

The seahub log in /opt/seafile/logs has the following entries:
[2026-01-14 17:26:02] [ERROR] seahub.thumbnail.utils:239 create_pdf_thumbnails Image size (268491886 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack.
[2026-01-14 17:26:02] [ERROR] django.request:241 log_response Internal Server Error: /thumbnail/db6ee934-0156-44b5-a950-77d391f98009/create/
[2026-01-14 17:26:21] [WARNING] django.request:241 log_response Forbidden: /thumbnail/db6ee934-0156-44b5-a950-77d391f98009/create/
[2026-01-14 17:39:17] [WARNING] django.request:241 log_response Forbidden: /api/v2.1/internal/repos/db6ee934-0156-44b5-a950-77d391f98009/check-access/
[2026-01-14 18:08:23] [WARNING] django.request:241 log_response Forbidden: /api/v2.1/internal/check-share-link-access/

I checked the nginx config. Looks identical.

I checked the documentation, unfortunately there is no list of dependencies for seafile 12 anywhere. There is also no indication what parameters / configurations would be obsolete or superseded. I tried to remove some that appeared to have moved to .env but that lead to seafile not starting any more.

So, still stuck with “permission denied” and no clear idea, how to generate more logging to see what is really going on.

daniel.pan · January 15, 2026, 2:06am

You can check the log of seafile.log or fileserver.log.

Since version 12.0, when you download a file, the workflow is as following:

browser -> seaf-server component -> check permision by calling seahub using local address

The 403 permission error is caused by the second step when seaf-server component calling seahub.

Note, the URL used at this step is http://127.0.0.1:8000/api/v2.1/internal/repos/{repo_id}/check-access/ . Maybe your firewall block it.

daniel.pan · January 15, 2026, 2:25am

The issue may help you: [BUG] No permission to access file · Issue #2854 · haiwen/seafile · GitHub

tobiit · January 16, 2026, 9:04am

My installation is really screwed up now. Still get the permission error and log’s are not really helpful. Tried the ALLOWED-HOSTS with all kinds of permutations.
After restarting seafile with service seafile-server start (restart fails now) the web-frontend now shows this error:

RuntimeError

   at /

NumPy was built with baseline optimizations: 
(X86_V2) but your machine doesn't support:
(X86_V2).

Request Method:	GET
Request URL:	https://seafile.basisadresse.de/
undefined	----
Django Version:	4.2.21
undefined	----
Exception Type:	RuntimeError
undefined	----
Exception Value:
undefined	----

NumPy was built with baseline optimizations: 
(X86_V2) but your machine doesn't support:
(X86_V2).

Exception Location:	/opt/seafile/python-venv/lib/python3.12/site-packages/numpy/_core/multiarray.py, line 11, in
Raised during:	seahub.views.react_fake_view
undefined	----
Python Executable:	/opt/seafile/python-venv/bin/python3
undefined	----
Python Version:	3.12.3
undefined	----
Python Path:
undefined	----

['/opt/seafile/seafile-server-12.0.14/seahub',
 '/opt/seafile/seafile-server-latest',
 '/opt/seafile/seafile-server-12.0.14/seahub/thirdpart/bin',
 '/opt/seafile/seafile-server-12.0.14/seafile/lib/python3/site-packages',
 '/opt/seafile/seafile-server-12.0.14/seafile/lib64/python3/site-packages',
 '/opt/seafile/seafile-server-12.0.14/seahub',
 '/opt/seafile/seafile-server-12.0.14/seahub/thirdpart',
 '/opt/seafile/seafile-server-12.0.14',
 '/opt/seafile/seafile-server-12.0.14/pro/python',
 '/usr/lib/python312.zip',
 '/usr/lib/python3.12',
 '/usr/lib/python3.12/lib-dynload',
 '/opt/seafile/python-venv/lib/python3.12/site-packages',
 '/opt/seafile/seafile-server-12.0.14/seahub/seahub/auth/../../../../conf',
 '/opt/seafile/seafile-server-12.0.14/seahub/seahub/api2/endpoints/../../../../../conf',
 '/opt/seafile/seafile-server-12.0.14/seahub/seahub/api2/endpoints/../../../../../conf',
 '/opt/seafile/seafile-server-12.0.14/seahub/seahub/oauth/../../../../conf']

Server time:	Fri, 16 Jan 2026 10:00:45 +0100

BUT: this error goes away if the page is reloaded. After reloading, the web frontend is displayed, but the library listing shows an error ==> red message: error, this goes away after reloading as well, the directories and files can be listed.

The previously perfectly working windows and android client are now behaving unpredictably. File download / access works sometimes, directory listing causes windows explorer to hang.

Is moving to docker SF 13 an possibility without losing data, files, access rights and users?

tobiit · January 16, 2026, 10:04pm

SEAFHTTP is having a problem:
For some reason, the seafhttp appears not to run or not to answer:

# lsof -i :8082

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
seaf-serv 12816 seafile 10u IPv4 102884 0t0 TCP localhost:8082 (LISTEN)

# curl -I http://127.0.0.1:8082

HTTP/1.1 404 Not Found
Content-Length: 0

accessing https://seafile.basisadresse.de/seafhttp gives

500 Internal Server Error

nginx

daniel.pan · January 17, 2026, 1:41am

The numpy issue is another kind of issue that not related to your original issue. You can check

Error on Seafile docker upgrade 13.0.15: core dump because of Numpy “Error on Seafile docker upgrade 13.0.15: core dump because of Numpy”

tobiit · January 17, 2026, 6:19pm

The numpy error is fixed now. Anyway - the permission denied and 500 internal server error persists.
I am quite sure that the seafile service not responding on port 8082 might be (part of) the root cause. How can I check this? How can I validate that the seafhttp piece is running correctly?
I checked the nginx config 1 Mio times now

tobiit · January 18, 2026, 11:13am

I have not the palest idea what happened tonight. But by today in the morning, a miracle happened and my installation including the web frontend is working again. I feel like an End user calling into support: “I didn’t do anything” - and I think I did not do anything. The serverfarm did not even reboot during the night … anyway: I am happy that everything is working again.

Thank you very much for all the support. Next stop: migration to Docker