seafile/README.md

Seafile Single-Container Image for TrueNAS SCALE Dragonfish

This repository packages Seafile Server Core (seafile-server) and Seahub (Django web UI) into a single container suitable for TrueNAS SCALE Dragonfish Custom App deployment.

Components inside the container:

• Nginx reverse proxy (ports 80/443) → proxies to internal Gunicorn (Seahub) and the Go fileserver
• Gunicorn serving Seahub (Django) on 127.0.0.1:8000
• Seafile core (seaf-server) and fileserver (Go) via seafile.sh
• MariaDB (in-container)
• Redis (in-container)
• Single persistent volume at /data storing configuration, databases, media, and logs

Persistent layout under /data:

• /data/conf → central Seafile/Seahub config (seafile.conf, ccnet.conf, seahub_settings.py, seahub_secret_key.txt)
• /data/seafile-data → Seafile data store
• /data/db → MariaDB datadir
• /data/redis → Redis data
• /data/seahub-media → Seahub uploads/media
• /data/logs → logs (nginx, seahub, seafile, supervisord, mariadb, redis)
• /data/ssl → TLS certs (optional if terminating TLS in-container)

Files

• Dockerfile → Debian Bookworm base image with nginx, supervisor, mariadb, redis, python venv
• docker/entrypoint.sh → Idempotent bootstrap and configuration renderer, then execs supervisord
• docker/supervisord.conf.template → supervisord programs for mariadb, redis, seafile core, seahub, nginx
• docker/nginx.conf.template → reverse proxy and upload limits
• docker/gunicorn.conf.py → Gunicorn settings for Seahub
• docker/seahub_settings.py.template → rendered to /data/conf/seahub_settings.py
• docker/seafile.conf.template → rendered to /data/conf/seafile.conf
• docker/ccnet.conf.template → rendered to /data/conf/ccnet.conf
• docker/init_seahub.sh → one-shot collectstatic, migrations, optional admin creation
• docker/healthcheck.sh → container healthcheck

Environment Variables

Required at first run (recommended):

• SEAFILE_SERVER_HOSTNAME: your public hostname (e.g., files.example.com)
• SEAFILE_SERVER_URL: full base URL (e.g., https://files.example.com)
• DB_ROOT_PASSWORD: MariaDB root password for bootstrap (required on first run)
• DB_PASSWORD: password for application DB user (seafile)

Optional (defaults in Dockerfile):

• DB_USER=seafile
• DB_NAME (generic bootstrap DB used by the plan; typically not required by Seafile)
• DB_NAME_SEAHUB=seahub_db
• DB_NAME_SEAFILE=seafile_db
• DB_NAME_CCNET=ccnet_db
• REDIS_URL=redis://127.0.0.1:6379/0
• TIMEZONE=UTC
• NGINX_MAX_BODY=200m (upload size limit)
• SSL_ENABLE=false (if you want nginx to terminate TLS with /data/ssl/{fullchain.pem,privkey.pem}, adjust nginx template or provide a values override)
• ADMIN_EMAIL and ADMIN_PASSWORD (optional) → auto-create admin user on first run
• SEAFILE_TGZ_URL (optional) → URL to an official Seafile server release tarball. If provided, the entrypoint will download and extract it into /opt/seafile/seafile-server-latest

Notes on Releases

By default, this image expects an official Seafile server release to be present at:

• /opt/seafile/seafile-server-latest

You can satisfy this in one of two ways:

1. Provide SEAFILE_TGZ_URL (preferred): The entrypoint will download and extract on first start.
2. Bake or mount a release: Place the extracted release at /opt/seafile/seafile-server-latest (e.g., by modifying the Dockerfile to ADD/COPY it, or by mounting in TrueNAS using an additional hostPath volume).

TrueNAS SCALE Custom App Configuration

• Image: build and push the built Docker image, then reference it in your custom app
• Ports:
  • TCP 80 → host or ingress (required)
  • TCP 443 → host or ingress (optional if terminating TLS externally)
• Storage:
  • PVC mounted at /data (ReadWriteOnce)
• Environment:
  • SEAFILE_SERVER_HOSTNAME=files.example.com
  • SEAFILE_SERVER_URL=https://files.example.com
  • DB_ROOT_PASSWORD=your-root-password
  • DB_PASSWORD=your-app-password
  • DB_NAME_SEAHUB=seahub_db
  • DB_NAME_SEAFILE=seafile_db
  • DB_NAME_CCNET=ccnet_db
  • ADMIN_EMAIL=admin@example.com (optional)
  • ADMIN_PASSWORD=change-me (optional)
  • NGINX_MAX_BODY=200m (adjust as desired)
  • TIMEZONE=UTC
  • SEAFILE_TGZ_URL=https://example.com/path/to/seafile-server_X.Y.Z_x86-64.tar.gz (optional, recommended)
• Healthcheck:
  • Container includes a HEALTHCHECK that probes Seahub and the fileserver.

First Run Flow

On container start, the entrypoint will:

1. Create /data subdirectories; write /etc/redis/redis.conf
2. Initialize MariaDB at /data/db if empty:
   • Set root password (DB_ROOT_PASSWORD)
   • Create DBs: DB_NAME_SEAHUB, DB_NAME_SEAFILE, DB_NAME_CCNET
   • Create user DB_USER with DB_PASSWORD; grant privileges
3. Optionally download and extract Seafile server release if SEAFILE_TGZ_URL is provided
4. Render configs:
   • /etc/nginx/nginx.conf from template
   • /etc/supervisor/supervisord.conf from template
   • /data/conf/seahub_settings.py from template (uses env and SECRET_KEY)
   • /data/conf/seafile.conf and /data/conf/ccnet.conf from templates
5. Create Python venv and install Seahub requirements from the release
6. Supervisord starts:
   • mariadbd
   • redis-server
   • seafile (seafile.sh start)
   • seahub (runs docker/init_seahub.sh once, then gunicorn)
   • nginx

Nginx Routing

• / → Gunicorn (Seahub) at 127.0.0.1:8000
• /seafhttp → fileserver at 127.0.0.1:8082
• /media → /data/seahub-media

Build & Run (Local)

Build:

• docker build -t seafile-single:local .

Run (example):

• mkdir -p /host/seafile-data
• docker run -it --rm
  -e SEAFILE_SERVER_HOSTNAME=localhost
  -e SEAFILE_SERVER_URL=http://localhost
  -e DB_ROOT_PASSWORD=changeme
  -e DB_PASSWORD=changeme
  -e ADMIN_EMAIL=admin@example.com
  -e ADMIN_PASSWORD=changeme
  -p 80:80
  -v /host/seafile-data:/data
  seafile-single:local

Then open http://localhost and log in with the admin credentials.

From-Source Variant (Optional)

If you need to build from the provided sources instead of using official releases:

• seafile-server (C, autotools) found under ./seafile-server
• fileserver (Go) under ./seafile-server/fileserver
• Seahub (Django) under ./seahub

You will need to:

• Install build dependencies (see seafile-server/configure.ac)
• Build and install seafile core and fileserver into /opt/seafile/seafile-server-latest
• Use seahub/requirements.txt for Python dependencies
• Ensure templates in docker/ still render configs into /data/conf

Testing Checklist

• Healthcheck: container becomes healthy (Seahub login page, fileserver protocol-version endpoint)
• Admin creation: login with ADMIN_EMAIL/ADMIN_PASSWORD
• Upload flow: create library, upload small file; verify in /data/seafile-data
• Persistence: stop/start container; confirm data intact
• Logs: /data/logs/* should not contain critical errors

Known Notes

• The container expects a compatible Seafile server release and Seahub version.
• If terminating TLS at Nginx inside the container, copy certs to /data/ssl and adapt nginx.conf.template accordingly (or add a values override in TrueNAS).