Skip to content

Seahub Settings

Tip

You can also modify most of the config items via web interface. The config items are saved in database table (seahub-db/constance_config). They have a higher priority over the items in config files. If you want to disable settings via web interface, you can add ENABLE_SETTINGS_VIA_WEB = False to seahub_settings.py.

Sending Email Notifications on Seahub

Refer to email sending documentation.

Cache

Seahub caches items(avatars, profiles, etc) on file system by default(/tmp/seahub_cache/). You can replace with Memcached or Redis.

# on Debian/Ubuntu 18.04+
apt-get install memcached libmemcached-dev -y
pip3 install --timeout=3600 pylibmc django-pylibmc

systemctl enable --now memcached

Add the following configuration to seahub_settings.py.

CACHES = {
    'default': {
        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
        'LOCATION': '127.0.0.1:11211',
    },
}

Redis supported is added in Seafile version 11.0

  1. Install Redis with package installers in your OS.

  2. Please refer to Django's documentation about using Redis cache.

Security settings

# For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com'].
# Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.
ALLOWED_HOSTS = ['.myseafile.com']


# Whether to use a secure cookie for the CSRF cookie
# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-secure
CSRF_COOKIE_SECURE = True

# The value of the SameSite flag on the CSRF cookie
# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-cookie-samesite
CSRF_COOKIE_SAMESITE = 'Strict'

# https://docs.djangoproject.com/en/3.2/ref/settings/#csrf-trusted-origins
CSRF_TRUSTED_ORIGINS = ['https://www.myseafile.com']

User management options

The following options affect user registration, password and session.

# Enalbe or disalbe registration on web. Default is `False`.
ENABLE_SIGNUP = False

# Activate or deactivate user when registration complete. Default is `True`.
# If set to `False`, new users need to be activated by admin in admin panel.
ACTIVATE_AFTER_REGISTRATION = False

# Whether to send email when a system admin adding a new member. Default is `True`.
SEND_EMAIL_ON_ADDING_SYSTEM_MEMBER = True

# Whether to send email when a system admin resetting a user's password. Default is `True`.
SEND_EMAIL_ON_RESETTING_USER_PASSWD = True

# Send system admin notify email when user registration is complete. Default is `False`.
NOTIFY_ADMIN_AFTER_REGISTRATION = True

# Remember days for login. Default is 7
LOGIN_REMEMBER_DAYS = 7

# Attempt limit before showing a captcha when login.
LOGIN_ATTEMPT_LIMIT = 3

# deactivate user account when login attempts exceed limit
# Since version 5.1.2 or pro 5.1.3
FREEZE_USER_ON_LOGIN_FAILED = False

# mininum length for user's password
USER_PASSWORD_MIN_LENGTH = 6

# LEVEL based on four types of input:
# num, upper letter, lower letter, other symbols
# '3' means password must have at least 3 types of the above.
USER_PASSWORD_STRENGTH_LEVEL = 3

# default False, only check USER_PASSWORD_MIN_LENGTH
# when True, check password strength level, STRONG(or above) is allowed
USER_STRONG_PASSWORD_REQUIRED = False

# Force user to change password when admin add/reset a user.
# Added in 5.1.1, deafults to True.
FORCE_PASSWORD_CHANGE = True

# Age of cookie, in seconds (default: 2 weeks).
SESSION_COOKIE_AGE = 60 * 60 * 24 * 7 * 2

# Whether a user's session cookie expires when the Web browser is closed.
SESSION_EXPIRE_AT_BROWSER_CLOSE = False

# Whether to save the session data on every request. Default is `False`
SESSION_SAVE_EVERY_REQUEST = False

# Whether enable the feature "published library". Default is `False`
# Since 6.1.0 CE
ENABLE_WIKI = True

# In old version, if you use Single Sign On, the password is not saved in Seafile.
# Users can't use WebDAV because Seafile can't check whether the password is correct.
# Since version 6.3.8, you can enable this option to let user's to specific a password for WebDAV login.
# Users login via SSO can use this password to login in WebDAV.
# Enable the feature. pycryptodome should be installed first.
# sudo pip install pycryptodome==3.12.0
ENABLE_WEBDAV_SECRET = True
WEBDAV_SECRET_MIN_LENGTH = 8

# LEVEL for the password, based on four types of input:
# num, upper letter, lower letter, other symbols
# '3' means password must have at least 3 types of the above.
WEBDAV_SECRET_STRENGTH_LEVEL = 1


# Since version 7.0.9, you can force a full user to log in with a two factor authentication.
# The prerequisite is that the administrator should 'enable two factor authentication' in the 'System Admin -> Settings' page.
# Then you can add the following configuration information to the configuration file.
ENABLE_FORCE_2FA_TO_ALL_USERS = True

Library snapshot label feature

# Turn on this option to let users to add a label to a library snapshot. Default is `False`
ENABLE_REPO_SNAPSHOT_LABEL = False

Library options

Options for libraries:

# if enable create encrypted library
ENABLE_ENCRYPTED_LIBRARY = True

# version for encrypted library
# should only be `2` or `4`.
# version 3 is insecure (using AES128 encryption) so it's not recommended any more.
ENCRYPTED_LIBRARY_VERSION = 2

# Since version 12, you can choose password hash algorithm for new encrypted libraries.
# The password is used to encrypt the encryption key. So using a secure password hash algorithm to
# prevent brute-force password guessing is important.
# Before version 12, a fixed algorithm (PBKDF2-SHA256 with 1000 iterations) is used.
#
# Currently two hash algorithms are supported.
#  - PBKDF2: The only available parameter is the number of iterations. You need to increase the
#    the number of iterations over time, as GPUs are more and more used for such calculation.
#    The default number of iterations is 1000. As of 2023, the recommended iterations is 600,000.
#  - Argon2id: Secure hash algorithm that has high cost even for GPUs. There are 3 parameters that
#    can be set: time cost, memory cost, and parallelism degree. The parameters are seperated by commas,
#    e.g. "2,102400,8", which the default parameters used in Seafile. Learn more about this algorithm
#    on https://github.com/P-H-C/phc-winner-argon2 .
#
# Note that only sync client >= 9.0.9 and SeaDrive >= 3.0.12 supports syncing libraries created with these algorithms.
ENCRYPTED_LIBRARY_PWD_HASH_ALGO = "argon2id"
ENCRYPTED_LIBRARY_PWD_HASH_PARAMS = "2,102400,8"
# ENCRYPTED_LIBRARY_PWD_HASH_ALGO = "pbkdf2_sha256"
# ENCRYPTED_LIBRARY_PWD_HASH_PARAMS = "600000"

# mininum length for password of encrypted library
REPO_PASSWORD_MIN_LENGTH = 8

# force use password when generate a share/upload link (since version 8.0.9)
SHARE_LINK_FORCE_USE_PASSWORD = False

# mininum length for password for share link (since version 4.4)
SHARE_LINK_PASSWORD_MIN_LENGTH = 8

# LEVEL for the password of a share/upload link
# based on four types of input:
# num, upper letter, lower letter, other symbols
# '3' means password must have at least 3 types of the above. (since version 8.0.9)
SHARE_LINK_PASSWORD_STRENGTH_LEVEL = 3

# Default expire days for share link (since version 6.3.8)
# Once this value is configured, the user can no longer generate an share link with no expiration time.
# If the expiration value is not set when the share link is generated, the value configured here will be used.
SHARE_LINK_EXPIRE_DAYS_DEFAULT = 5

# minimum expire days for share link (since version 6.3.6)
# SHARE_LINK_EXPIRE_DAYS_MIN should be less than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
SHARE_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.

# maximum expire days for share link (since version 6.3.6)
# SHARE_LINK_EXPIRE_DAYS_MIN should be greater than SHARE_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
SHARE_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.

# Default expire days for upload link (since version 7.1.6)
# Once this value is configured, the user can no longer generate an upload link with no expiration time.
# If the expiration value is not set when the upload link is generated, the value configured here will be used.
UPLOAD_LINK_EXPIRE_DAYS_DEFAULT = 5

# minimum expire days for upload link (since version 7.1.6)
# UPLOAD_LINK_EXPIRE_DAYS_MIN should be less than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
UPLOAD_LINK_EXPIRE_DAYS_MIN = 3 # default is 0, no limit.

# maximum expire days for upload link (since version 7.1.6)
# UPLOAD_LINK_EXPIRE_DAYS_MAX should be greater than UPLOAD_LINK_EXPIRE_DAYS_DEFAULT (If the latter is set).
UPLOAD_LINK_EXPIRE_DAYS_MAX = 8 # default is 0, no limit.

# force user login when view file/folder share link (since version 6.3.6)
SHARE_LINK_LOGIN_REQUIRED = True

# enable water mark when view(not edit) file in web browser (since version 6.3.6)
ENABLE_WATERMARK = True

# Disable sync with any folder. Default is `False`
# NOTE: since version 4.2.4
DISABLE_SYNC_WITH_ANY_FOLDER = True

# Enable or disable library history setting
ENABLE_REPO_HISTORY_SETTING = True

# Enable or disable user share library to any group
# Since version 6.2.0
ENABLE_SHARE_TO_ALL_GROUPS = True

# Enable or disable user to clean trash (default is True)
# Since version 6.3.6
ENABLE_USER_CLEAN_TRASH = True

# Add a report abuse button on download links. (since version 7.1.0)
# Users can report abuse on the share link page, fill in the report type, contact information, and description.
# Default is false.
ENABLE_SHARE_LINK_REPORT_ABUSE = True

Options for online file preview:

# Online preview maximum file size, defaults to 30M.
FILE_PREVIEW_MAX_SIZE = 30 * 1024 * 1024

# Extensions of previewed text files.
# NOTE: since version 6.1.1
TEXT_PREVIEW_EXT = """ac, am, bat, c, cc, cmake, cpp, cs, css, diff, el, h, html,
htm, java, js, json, less, make, org, php, pl, properties, py, rb,
scala, script, sh, sql, txt, text, tex, vi, vim, xhtml, xml, log, csv,
groovy, rst, patch, go"""


# Seafile only generates thumbnails for images smaller than the following size.
# Since version 6.3.8 pro, suport the psd online preview.
THUMBNAIL_IMAGE_SIZE_LIMIT = 30 # MB

# Enable or disable thumbnail for video. ffmpeg and moviepy should be installed first.
# For details, please refer to https://manual.seafile.com/deploy/video_thumbnails.html
# NOTE: this option is deprecated in version 7.1
ENABLE_VIDEO_THUMBNAIL = False

# Use the frame at 5 second as thumbnail
# NOTE: this option is deprecated in version 7.1
THUMBNAIL_VIDEO_FRAME_TIME = 5

# Absolute filesystem path to the directory that will hold thumbnail files.
THUMBNAIL_ROOT = '/haiwen/seahub-data/thumbnail/thumb/'

# Default size for picture preview. Enlarge this size can improve the preview quality.
# NOTE: since version 6.1.1
THUMBNAIL_SIZE_FOR_ORIGINAL = 1024

Cloud Mode

You should enable cloud mode if you use Seafile with an unknown user base. It disables the organization tab in Seahub's website to ensure that users can't access the user list. Cloud mode provides some nice features like sharing content with unregistered users and sending invitations to them. Therefore you also want to enable user registration. Through the global address book (since version 4.2.3) you can do a search for every user account. So you probably want to disable it.

# Enable cloude mode and hide `Organization` tab.
CLOUD_MODE = True

# Disable global address book
ENABLE_GLOBAL_ADDRESSBOOK = False

Single Sign On

# Enable authentication with ADFS
# Default is False
# Since 6.0.9
ENABLE_ADFS_LOGIN = True

# Force user login through ADFS instead of email and password
# Default is False
# Since 11.0.7
DISABLE_ADFS_USER_PWD_LOGIN = True

# Enable authentication wit Kerberos
# Default is False
ENABLE_KRB5_LOGIN = True

# Enable authentication with Shibboleth
# Default is False
ENABLE_SHIBBOLETH_LOGIN = True

# Enable client to open an external browser for single sign on
# When it is false, the old buitin browser is opened for single sign on
# When it is true, the default browser of the operation system is opened
# The benefit of using system browser is that it can support hardware 2FA
# Since 11.0.0, and sync client 9.0.5, drive client 3.0.8
CLIENT_SSO_VIA_LOCAL_BROWSER = True   # default is False
CLIENT_SSO_UUID_EXPIRATION = 5 * 60   # in seconds

Other options

# This is outside URL for Seahub(Seafile Web). 
# The domain part (i.e., www.example.com) will be used in generating share links and download/upload file via web.
# Note: SERVICE_URL is moved to seahub_settings.py since 9.0.0
# Note: SERVICE_URL is no longer used since version 12.0
# SERVICE_URL = 'https://seafile.example.com:'

# Disable settings via Web interface in system admin->settings
# Default is True
# Since 5.1.3
ENABLE_SETTINGS_VIA_WEB = False

# Choices can be found here:
# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name
# although not all choices may be available on all operating systems.
# If running in a Windows environment this must be set to the same as your
# system time zone.
TIME_ZONE = 'UTC'

# Language code for this installation. All choices can be found here:
# http://www.i18nguy.com/unicode/language-identifiers.html
# Default language for sending emails.
LANGUAGE_CODE = 'en'

# Custom language code choice.
LANGUAGES = (
    ('en', 'English'),
    ('zh-cn', '简体中文'),
    ('zh-tw', '繁體中文'),
)

# Set this to your website/company's name. This is contained in email notifications and welcome message when user login for the first time.
SITE_NAME = 'Seafile'

# Browser tab's title
SITE_TITLE = 'Private Seafile'

# If you don't want to run seahub website on your site's root path, set this option to your preferred path.
# e.g. setting it to '/seahub/' would run seahub on http://example.com/seahub/.
SITE_ROOT = '/'

# Max number of files when user upload file/folder.
# Since version 6.0.4
MAX_NUMBER_OF_FILES_FOR_FILEUPLOAD = 500

# Control the language that send email. Default to user's current language.
# Since version 6.1.1
SHARE_LINK_EMAIL_LANGUAGE = ''

# Interval for browser requests unread notifications
# Since PRO 6.1.4 or CE 6.1.2
UNREAD_NOTIFICATIONS_REQUEST_INTERVAL = 3 * 60 # seconds

# Whether to allow user to delete account, change login password or update basic user
# info on profile page.
# Since PRO 6.3.10
ENABLE_DELETE_ACCOUNT = False
ENABLE_UPDATE_USER_INFO = False
ENABLE_CHANGE_PASSWORD = False

# Get web api auth token on profile page.
ENABLE_GET_AUTH_TOKEN_BY_SESSION = True

# Since 8.0.6 CE/PRO version.
# Url redirected to after user logout Seafile.
# Usually configured as Single Logout url.
LOGOUT_REDIRECT_URL = 'http{s}://www.example-url.com'


# Enable system admin add T&C, all users need to accept terms before using. Defaults to `False`.
# Since version 6.0
ENABLE_TERMS_AND_CONDITIONS = True

# Enable two factor authentication for accounts. Defaults to `False`.
# Since version 6.0
ENABLE_TWO_FACTOR_AUTH = True

# Enable user select a template when he/she creates library.
# When user select a template, Seafile will create folders releated to the pattern automaticly.
# Since version 6.0
LIBRARY_TEMPLATES = {
    'Technology': ['/Develop/Python', '/Test'],
    'Finance': ['/Current assets', '/Fixed assets/Computer']
}

# Enable a user to change password in 'settings' page. Default to `True`
# Since version 6.2.11
ENABLE_CHANGE_PASSWORD = True

# If show contact email when search user.
ENABLE_SHOW_CONTACT_EMAIL_WHEN_SEARCH_USER = True

Pro edition only options

# Whether to show the used traffic in user's profile popup dialog. Default is True
SHOW_TRAFFIC = True

# Allow administrator to view user's file in UNENCRYPTED libraries
# through Libraries page in System Admin. Default is False.
ENABLE_SYS_ADMIN_VIEW_REPO = True

# For un-login users, providing an email before downloading or uploading on shared link page.
# Since version 5.1.4
ENABLE_SHARE_LINK_AUDIT = True

# Check virus after upload files to shared upload links. Defaults to `False`.
# Since version 6.0
ENABLE_UPLOAD_LINK_VIRUS_CHECK = True

# Send email to these email addresses when a virus is detected.
# This list can be any valid email address, not necessarily the emails of Seafile user.
# Since version 6.0.8
VIRUS_SCAN_NOTIFY_LIST = ['user_a@seafile.com', 'user_b@seafile.com']

RESTful API

# API throttling related settings. Enlarger the rates if you got 429 response code during API calls.
REST_FRAMEWORK = {
    'DEFAULT_THROTTLE_RATES': {
        'ping': '600/minute',
        'anon': '5/minute',
        'user': '300/minute',
    },
    'UNICODE_JSON': False,
}

# Throtting whitelist used to disable throttle for certain IPs.
# e.g. REST_FRAMEWORK_THROTTING_WHITELIST = ['127.0.0.1', '192.168.1.1']
# Please make sure `REMOTE_ADDR` header is configured in Nginx conf according to https://manual.seafile.com/12.0/setup_binary/ce/deploy_with_nginx.html.
REST_FRAMEWORK_THROTTING_WHITELIST = []

Seahub Custom Functions

Since version 6.2, you can define a custom function to modify the result of user search function.

For example, if you want to limit user only search users in the same institution, you can define custom_search_user function in {seafile install path}/conf/seahub_custom_functions/__init__.py

Code example:

import os
import sys

current_path = os.path.dirname(os.path.abspath(__file__))
seahub_dir = os.path.join(current_path, \
        '../../seafile-server-latest/seahub/seahub')
sys.path.append(seahub_dir)

from seahub.profile.models import Profile
def custom_search_user(request, emails):

    institution_name = ''

    username = request.user.username
    profile = Profile.objects.get_profile_by_user(username)
    if profile:
        institution_name = profile.institution

    inst_users = [p.user for p in
            Profile.objects.filter(institution=institution_name)]

    filtered_emails = []
    for email in emails:
        if email in inst_users:
            filtered_emails.append(email)

    return filtered_emails

You should NOT change the name of custom_search_user and seahub_custom_functions/__init__.py

Since version 6.2.5 pro, if you enable the ENABLE_SHARE_TO_ALL_GROUPS feather on sysadmin settings page, you can also define a custom function to return the groups a user can share library to.

For example, if you want to let a user to share library to both its groups and the groups of user test@test.com, you can define a custom_get_groups function in {seafile install path}/conf/seahub_custom_functions/__init__.py

Code example:

import os
import sys

current_path = os.path.dirname(os.path.abspath(__file__))
seaserv_dir = os.path.join(current_path, \
        '../../seafile-server-latest/seafile/lib64/python2.7/site-packages')
sys.path.append(seaserv_dir)

def custom_get_groups(request):

    from seaserv import ccnet_api

    groups = []
    username = request.user.username

    # for current user
    groups += ccnet_api.get_groups(username)

    # for 'test@test.com' user
    groups += ccnet_api.get_groups('test@test.com')

    return groups

You should NOT change the name of custom_get_groups and seahub_custom_functions/__init__.py

Tip

  • You need to restart seahub so that your changes take effect.
docker compose restart
cd /opt/seafile/seafile-server-latest
./seahub.sh restart
  • If your changes don't take effect, You may need to delete 'seahub_setting.pyc'. (A cache file)