A fully containerized deployment of Seafile for Docker, Docker Swarm and Kubernetes.
- Complete redesign of the official Docker deployment with containerization best-practices in mind.
- Runs seahub (frontend) and seafile server (backend) in separate containers, which commuicate with each other over TCP.
- Cluster without pro edition.
- Separate Caddy container as reverse proxy
- Increased Security:
- The caddy reverse proxy serves as a single entry point to the stack. Everything else runs in an isolated network.
- Using Alpine Linux based images for the frontend, which is designed with security in mind and comes with proactive security features.
- Official Seafile Docker deployment uses entirely outdated base images and dependencies. Here base images and dependencies are updated regularly.
- Reworked Dockerfiles featuring multi-stage builds, allowing for smaller images and faster builds.
- Schedule offline garbage collection with cron job.
- Runs upgrade scripts automatically when a new image version is deployed.
- All features of Seafile Community Edition are included.
Services:
- seafile-server
- contains the backend component called seafile-server
- handles storage, some direct client access and seafdav
- seahub
- dynamic frontend component called seahub
- serves the web-ui
- communicates with seafile-server
- seahub-media
- serves static website content as well as avatars and custom logos
- db
- the database used by seafile-server and seahub
- memcached
- database cache for seahub
- seafile-caddy
- reverse proxy that forwards paths to the correct endpoints: seafile-server, seahub or seahub-media
- is the single external entry point to the deployment
Volumes:
- seafile-data
- shared data volume of seafile-server and seahub
- also contains configuration and log files
- seafile-mariadb
- volume of the db service
- stores the database
- seahub-custom
- contains custom logos
- stored by seahub and served by seahub-media
- seahub-avatars
- contains user avatars
- stored by seahub and served by seahub-media
Note: In the official docker deployment custom and avatars are served by nginx. Seahub alone cannot serve them for some reason, hence the separate volumes.
Networks:
- seafile-net
- isolated local network used by the services to communicate with each other
-
Prerequisites
Requires Docker and docker-compose to be installed.
For deployment on Kubernetes see Wiki / Kubernetes.
For additional considerations when using Docker in Swarm Mode see Wiki / Docker Swarm.
-
Get the compose file
Use this compose file as a starting point.
wget https://raw.githubusercontent.com/ggogel/seafile-containerized/master/compose/docker-compose.yml
-
Set environment variables
Important: The environment variables are only relevant for the first deployment. The existing configuration in the volumes is not overwritten.
On a first deployment, you need to carefully set those values. Changing them later can be tricky. Please take a look at the Seafile documentation on how to change configuration values.
The name of the mariadb service, which is automatically the docker-internal hostname.
- DB_HOST=db
Password of the mariadb root user. This must equal MYSQL_ROOT_PASSWORD.
- DB_ROOT_PASSWD=db_dev
Time zone used by Seafile.
- TIME_ZONE=Europe/Berlin
This will be used for the SERVICE_URL and FILE_SERVER_ROOT. Important: Changing those values in the config files later won't have any effect because they are written to the database. Those values have priority over the config files. To change them enter the "System Admin" section on the web-ui. If you encounter issues with file upload, those are likely misconfigured.
- SEAFILE_URL=seafile.mydomain.com
If you plan to use a reverse proxy with https, set this to true. This will replace http with https in the SERVICE_URL and FILE_SERVER_ROOT.
- HTTPS=false
Username / E-Mail of the first admin user.
- SEAFILE_ADMIN_EMAIL=me@example.com
Password of the first admin user.
- SEAFILE_ADMIN_PASSWORD=asecret
Password of the mariadb root user. Must match DB_ROOT_PASSWD.
- MYSQL_ROOT_PASSWORD=db_dev
Enable logging console.
- MYSQL_LOG_CONSOLE=true
-
(Optional) Reverse Proxy
The caddy reverse proxy integrated with the deployment exposes port 80. Point your existing reverse proxy to that port.
This deployment does by design not include a reverse proxy capable of HTTPS and Let's Encrypt, unlike the official deployment, because usually Docker users already have some docker-based reverse proxy solution deployed, which does exactly that.
-
Deployment
After you followed the above steps and have configured everything correctly run:
docker-compose -p seafile up -d
After you followed the above steps and have configured everything correctly run:
docker stack deploy -c docker-compose.yml seafile
-
Seafile can't connect to LDAP, OAuth, SMTP, or other external services using the Docker Compose deployment.
All services are connected to
seafile-net
, which is defined asinternal
network by default, blocking all connectivity with endpoints outside of this network. See this Wiki article for a solution.
For advanced configuration and troubleshooting see the Wiki. If you encounter a bug or have a feature request, please feel free to open an issue.
This project supports only Compose Specification-compatible tools such as docker compose
, podman compose
, and nerdctl compose
, as well as Kubernetes. Deployment methods that do not fully comply with these standards, such as podman quadlet
or podman play
, are not supported. Currently, these tools run all containers in the same pod, which creates an entirely different networking structure. Please avoid opening issues related to them.