Private Google Docs at Home using SeaFile and LibreOffice Online
Introduction
The following are unfinished notes for a presentation I am giving at Boston Linux and Unix on 15 June 2022.
Unfortunately, I was not able to get Let's Encrypt working in my demo environment and I had to stop and save what I have, so I can present.
Agenda for the live presentation:
- Start with a clean Ubuntu 22.04 VM.
- Setup encrypted storage (unlocked via interactive SSH after reboot)
- Server emails sysadmin after a reboot (“I need to be unlocked”)
- Installing and using Seafile internally (no public hostname, no access from the outside Internet)
- (Can't cover Collabora LibreOffice install; pretty sure it requires a public hostname and a globally-trusted TLS certificate.)
Hopefully I can follow up by the middle of July with a fixed version of my original version of this howto document.
Assumptions
This howto makes the following assumptions. If your environment or preferences are different, adjust accordingly:
- Using Ubuntu 22.04 OS, already installed on your server
- Using any supported CPU architecture for Ubuntu (amd64, arm64, armv7, etc.)
- Server has Internet access
- If your server is behind a NAT at home, you are ready to open a public port from your home modem or router to your new server
- Using
nano
to edit text files
Preparation
Avahi / Zeroconf / Bonjour
For local name resolution, I find it's helpful to install Ubuntu's avahi-daemon package.
sudo apt install avahi-daemon
You'll need an Avahi or Zeroconf or Bonjour daemon installed on each client machine that you'll be using for system administration. On Windows, to get Apple's Bonjour client, I downlaoded an Itunes installer and extracted the bonjour installer from inside it, and ran that.
Alternatively, you can edit your /etc/hosts or C:\Windows\System32\drivers\etc\hosts file on your sysadmin client machine, and enter the server's IP address.
Encrypted Storage
For my servers, I like to have all my stored data encrypted. Ubuntu allows you to setup full disk encryption during installation, but it assumes that you have access to a hardware console to unlock the encryption, every time you reboot the server.
My approach is different. I use Gocryptfs to unlock an encrypted overlay filesystem after the system is partially booted up. After I unlock storage, Systemd resumes startup and launches all normal multiuser.target services.
if you do not want to use disk encryption, skip this whole section and the next one about Send Email After Reboot. Go to MariaDB.
# Install Gocryptfs. sudo apt install gocryptfs # Create Gocryptfs container. sudo mkdir -p /srv/priv.encrypted /srv/priv sudo gocryptfs --init /srv/priv.encrypted
Choose a password for protecting your files. Password: Repeat: Your master key is: 322e4d53-6729ec11-3b5a6c34-f881d697- 3d653e84-e2e1348c-df6c6a33-ccb8a556 If the gocryptfs.conf file becomes corrupted or you ever forget your password, there is only one hope for recovery: The master key. Print it to a piece of paper and store it in a drawer. This message is only printed once. The gocryptfs filesystem has been created successfully. You can now mount it using: gocryptfs /srv/priv.encrypted MOUNTPOINT
Don't ignore the warning about the password. DO NOT LOSE your encryption password; if you lose it, there is no possible way to recover it except by guessing.
# Test mounting the container. sudo gocryptfs /srv/priv.encrypted /srv/priv
Password: Decrypting master key The option "-allow_other" is set. Make sure the file permissions protect your data from unwanted access. Filesystem mounted and ready.
# Add to fstab. sudo nano /etc/fstab
- /etc/fstab
# Add this to the end… # encrypted storage /srv/priv.encrypted /srv/priv fuse./usr/bin/gocryptfs noauto,allow_other 0 0
# Test mounting via fstab. sudo umount /srv/priv sudo mount /srv/priv
You should see “Filesystem mounted and ready” again.
The next few steps setup Systemd only boot up enough to start sshd and then pause and wait for you to unlock encryption before starting everything else.
These steps assume that all of your service daemons (except for SSH) depend on encrypted storage.
All of the daemon launches are deferred until after you login and unlock the encrypted storage.
sudo nano /etc/systemd/system/before-decrypt.target
- /etc/systemd/system/before-decrypt.target
[Unit] Description=System before Decryption Requires=basic.target Conflicts=rescue.service rescue.target After=basic.target rescue.service rescue.target AllowIsolate=yes
# Setup symlinks to before-decrypt required services sudo su mkdir /etc/systemd/system/before-decrypt.target.wants cd /etc/systemd/system/before-decrypt.target.wants for i in /lib/systemd/system/multi-user.target.wants/* ; do ln -s /lib/systemd/system/$(basename $i) . done ln -s /etc/systemd/system/syslog.service . ln -s /lib/systemd/system/ssh.service . exit sudo nano /etc/systemd/system/decrypt.target
- /etc/systemd/system/decrypt.target
[Unit] Description=Decrypted System Requires=before-decrypt.target After=before-decrypt.target Conflicts=systemd-ask-password-console.path systemd-ask-password-console.service systemd-ask-password-plymouth.path systemd-ask-password-plymouth.service Requires=srv-priv.mount start-full-system.service
sudo nano /etc/systemd/system/start-full-system.service
- /etc/systemd/system/start-full-system.service
[Unit] Description=Start full system after decryption After=decrypt.target [Service] Type=oneshot ExecStartPre=/bin/systemctl is-active --quiet decrypt.target ExecStart=/bin/systemctl --no-block start multi-user.target
sudo touch /usr/local/bin/unlock-priv sudo chmod +x /usr/local/bin/unlock-priv sudo nano /usr/local/bin/unlock-priv
- /usr/local/bin/unlock-priv
#!/bin/bash if findmnt /srv/priv >/dev/null; then Already unlocked exit fi echo - echo - Unlocking /srv/priv sudo mount /srv/priv if ! findmnt /srv/priv >/dev/null; then exit fi echo - echo - Binding encrypted folders elsewhere in the filesystem # (To be filled in later when setting up individual services) echo - echo - Resuming system startup sudo systemctl start decrypt.target
To test it, reboot and then login and run unlock-priv
sudo unlock-priv
- - Unlocking /srv/priv Password: Decrypting master key The option "-allow_other" is set. Make sure the file permissions protect your data from unwanted access. Filesystem mounted and ready. - - Binding encrypted folders elsewhere in the filesystem - - Resuming system startup
Later on in this guide we'll create data folders for services and move them to the encrypted volume.
Send Email After Reboot
If you use my encrypted storage setup, you'll want to be notified by email when the server has been rebooted, so that your services that depend on encrypted storage aren't stuck offline.
You will need an email provider that provides SMTP access. Check your email provider's documentation.
# Install msmtp sudo apt install msmtp # Disable Apparmor's profile for msmtp sudo ln -s /etc/apparmor.d/usr.bin.msmtp /etc/apparmor.d/disable/ sudo apparmor_parser -R /etc/apparmor.d/usr.bin.msmtp # (You might get an error saying the profile doesn't exist. Ignore that.) # Configure msmtp sudo mkdir -p /root/.config/msmtp sudo nano /root/.config/msmtp/config
- /root/.config/msmtp/config
defaults port 587 tls on tls_trust_file /etc/ssl/certs/ca-certificates.crt account systemnotices host FIXME from FIXME@example.com auth on user FIXME password FIXME account default : systemnotices
Change the from value to your own email address.
# Create a script to send a one-line email from CLI parameters sudo touch /usr/local/bin/mail-sysadmin-oneline sudo chmod +x /usr/local/bin/mail-sysadmin-oneline sudo nano /usr/local/bin/mail-sysadmin-oneline
- /usr/local/bin/mail-sysadmin-oneline
#!/bin/bash email=FIXME@example.com subject=$1 body=$2 #cat <<ENDSYSADMINMAIL msmtp -- $email <<ENDSYSADMINMAIL To: $email Subject: [tulip] $subject $body ENDSYSADMINMAIL
Change the email value to your own email address and change tulip in the Subject to the name you've given your server.
# Test sending one email sudo mail-sysadmin-oneline "test!" # You should get an email. # Make a systemd service to send mail after reboot sudo nano /etc/systemd/system/mail-on-reboot.service
- /etc/systemd/system/mail-on-reboot.service
[Unit] Description=Email After Reboot DefaultDependencies=no After=network-online.target Wants=network.target network-online.target [Service] Type=oneshot # send message "rebooted" ExecStart=/bin/bash /usr/local/bin/mail-sysadmin-oneline rebooted [Install] WantedBy=default.target
sudo systemctl enable mail-on-reboot.service
Reboot to test it. You should get an email when the system is ready for you to SSH in.
Really, don't forget after every reboot now, you need to SSH in and run unlock-priv
Now you're ready to install MariaDB, SeaFile, and Collabora Office Online!
MariaDB
We use MariaDB for Seafile's metadata storage.
# Install MariaDB sudo apt install mariadb-server mariadb-client
If you are using encrypted storage as described above, now you should move your MariaDB data folder to encrypted storage.
sudo systemctl stop mariadb sudo mkdir -p /srv/priv/var/lib sudo mv /var/lib/mysql /srv/priv/var/lib/mysql sudo mkdir /var/lib/mysql sudo chown mysql.mysql /var/lib/mysql sudo nano /etc/fstab # add the following line, and save
/srv/priv/var/lib/mysql /var/lib/mysql none noauto,bind 0 0
sudo nano /usr/local/bin/unlock-priv
- /usr/local/bin/unlock-priv
# Add the following after "echo - Binding encrypted folders…" sudo mount /var/lib/mysql
# And finally, mount the bound folder and restart MariaDB. sudo mount /var/lib/mysql sudo systemctl start mariadb
# Create MariaDB user and two databases for Seafile sudo mysql
CREATE DATABASE seafile; CREATE DATABASE seafile_hub; CREATE DATABASE seafile_ccnet; CREATE USER 'seafile'@'localhost' IDENTIFIED BY 'FIXME'; GRANT ALL privileges ON seafile.* TO 'seafile'@'localhost'; GRANT ALL privileges ON seafile_hub.* TO 'seafile'@'localhost'; GRANT ALL privileges ON seafile_ccnet.* TO 'seafile'@'localhost';
Don't forget to fill in the FIXME
value for the password. You should use a unique password just for Seafile's databases, and make a note of it so you can fill it in in the next steps.
DNS
Seafile and Collabora LibreOffice Online work best if you are using a public Internet hostname and HTTPS protocol to access them, even if you are connecting from inside the same private network.
Afraid.org provides free DNS names to resolve a hostname to your public IP address. The free service plan includes up to 5 hostnames.
- Click the “Sign up Free” link and fill out the form. Make sure you answer follow the instructions in the verification email they send you.
- Go to the “Subdomains” page and click “Add”.
- Choose record Type “A”.
- Fill in your subdomain name (your personal identifier – example “tulip”).
- Pick a domain. (I like to use “ignorelist.com”, but they have dozens to choose from.)
- Fill in the IP address. This field defaults to the public IP address you're connecting from, and you should probably leave that value.
- Fill in the CAPTCHA and click “Save!”
Repeat the steps again – you will need a second hostname for the Collabora LibreOffice Online application. I recommend you use the same subdomain, but with an added “-cool”. Example: “tulip-cool.ignorelist.com”
You may have to wait 5 to 10 minutes after you create the hostname before you can use it. Try pinging your hosname every few minutes, until you find that the name resolves.
ping tulip.ignorelist.com … ping tulip-cool.ignorelist.com
You probably have a dynamic IP address set by your ISP. You might want to install a Dynamic DNS updater on your server or on your home router to update Afraid.org every time your IP address changes. See FAQ Question #2 on Afraid.org's web site for more deatils on this process.
SeaFile
These steps are based on the Install using MySQL instructions from Seafile.
# Install Seafile prerequisite Ubuntu packages sudo apt-get install python3 python3-setuptools python3-pip build-essential python3-dev \ libmemcached-dev libmariadb-dev-compat python3-pymysql # Install Seafile prerequisite PyPI packages sudo pip3 install --timeout=3600 Pillow pylibmc captcha jinja2 sqlalchemy==1.4.3 \ django-pylibmc django-simple-captcha python3-ldap mysqlclient # Create a system user for Seafile sudo adduser seafile # Fill in the new password prompt, and you can leave the rest of the fields blank. # Download and unpack Seafile sudo su - seafile mkdir -p ~/seafile/installed cd ~/seafile/installed # Get the URL for "Server for generic Linux" from https://www.seafile.com/en/download/ # Fill it in here for URL wget URL cd ~/seafile tar zxf ~/seafile/installed/seafile-server_*.tar.gz cd seafile-server-* ./setup-seafile-mysql.sh
Some notes about how to fill out the options in the setup wizard:
- server name
- The short one-word local name of your server.
- This server's ip or domain
- The public full DNS name you setup at afraid.org (ex: “tulip.ignorelist.com”)
- port for the seafile fileserver
- Default is 8082, but if you choose something else, I explain how to set it up correctly in a later step.
- way to initialize seafile databases
- Choose 2 – Use existing databases.
- database name for ccnet
- seafile_ccnet
- database name for seafile
- seafile
- database name for seahub
- seafile_hub
“seafile file server” is the back-end API server. “seahub” is the main HTTP server that serves web pages for the app.
After the setup wizard is done, it tells you the ports for “seafile file server” and “seahub”. It didn't ask you for the port number for “seahub”; it just assumed port 8000.
If you want to change either of the ports, find them here:
- seafile file server (back-end API server)
- ~/seafile/conf/seafile.conf → port
- seahub (front-end server)
- ~/seafile/conf/gunicorn.conf.py → bind (change the port number after “:”)
My Seafile instance doesn't work right unless I hard-code my public URL into ~/seafile/conf/ccnet.conf and ~/seafile/conf/seahub_settings.py.
- ~/seafile/conf/ccnet.conf
# Add the following two lines at the top: [General] SERVICE_URL = https://tulip.ignorelist.com/
- ~/seafile/conf/seahub_settings.py
# Add the following before the "DATABASES" value: SERVICE_URL = 'https://tulip.ignorelist.com' # fill in your DNS name FILE_SERVER_ROOT = 'https://tulip.ignorelist.com/seafhttp' # fill in your DNS name
Next, create Systemd services for Seafile:
If you are logged into a shell as seafile, you can't run admin commands. Use the exit to get back to the shell of your admin user.
sudo nano /etc/systemd/system/seafile.service
- /etc/systemd/system/seafile.service
[Unit] Description=Seafile # add mysql.service or postgresql.service depending on your database to the line below After=network.target mariadb.service [Service] Type=forking ExecStart=/home/seafile/seafile/seafile-server-latest/seafile.sh start ExecStop=/home/seafile/seafile/seafile-server-latest/seafile.sh stop LimitNOFILE=infinity User=seafile Group=seafile [Install] WantedBy=multi-user.target
sudo nano /etc/systemd/system/seahub.service
- /etc/systemd/system/seahub.service
[Unit] Description=Seafile hub After=network.target seafile.service [Service] Type=forking # change start to start-fastcgi if you want to run fastcgi # change the port in the next line if you are using a different port for seahub ExecStart=/home/seafile/seafile/seafile-server-latest/seahub.sh start 8000 ExecStop=/home/seafile/seafile/seafile-server-latest/seahub.sh stop User=seafile Group=seafile [Install] WantedBy=multi-user.target
sudo systemctl enable seafile seahub sudo systemctl start seafile seahub
If you are using encrypted storage as described above, now you should move your Seafile data folder to encrypted storage.
sudo systemctl stop seafile seahub sudo mkdir -p /srv/priv/home sudo mv /home/seafile /srv/priv/home/seafile sudo mkdir /home/seafile sudo chown seafile.seafile /home/seafile sudo nano /etc/fstab # add the following line, and save
/srv/priv/home/seafile /home/seafile none noauto,bind 0 0
sudo nano /usr/local/bin/unlock-priv
- /usr/local/bin/unlock-priv
# Add the following after "echo - Binding encrypted folders…" sudo mount /home/seafile
# And finally, mount the bound folder and restart MariaDB. sudo mount /home/seafile sudo systemctl start seafile seahub
And finally, create your admin user:
sudo su - seafile ~/seafile/seafile-server-latest/reset-admin.sh # fill in email address and password
Seafile is almost ready to use, but you have to configure Apache web server in front of it next.
Configure Your Modem or Router
You will need to setup a forwarded port from your home modem or router to the internal IP address of your server. Look in your router's documentation.
In my Verizon FIOS router, under Advanced settings, there is a Security & Firewall → Port Forwarding page. Here you see that I mapped ports 80 and 443 to my home file server.
Apache Web Server
# Install Apache sudo apt install apache2 # Enable mod_proxy_http and mod_rewrite sudo a2enmod proxy_http proxy_wstunnel rewrite sudo systemctl restart apache2 # Setup a self-signed certificate # Change 'tulip.ignorelist.com' to your main hostname from Afraid.org. sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/tulip.ignorelist.com.key -out /etc/ssl/private/tulip.ignorelist.com.crt # Fill in anything for most fields. "Common Name" must be the exact DNS name. # Repeat for your '-cool' hostname: sudo openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/tulip-cool.ignorelist.com.key -out /etc/ssl/private/tulip-cool.ignorelist.com.crt
Now edit your “-le-ssl.conf” file (example tulip-le-ssl.conf) and fill in the Seafile proxy configuration:
# Create a site file listening on a particular hostname sudo nano /etc/apache2/sites-available/tulip.conf # (Use your Seafile service short name here)
- /etc/apache2/sites-available/tulip.conf
<VirtualHost *:80> # Fill in your Seafile DNS name from Afraid.org ServerName tulip.ignorelist.com RewriteEngine on RewriteCond %{SERVER_NAME} =tulip.ignorelist.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> <VirtualHost *:443> # Fill in your Seafile DNS name from Afraid.org ServerName tulip.ignorelist.com SSLEngine on SSLCertificateFile /etc/ssl/private/tulip.ignorelist.com.crt SSLCertificateKeyFile /etc/ssl/private/tulip.ignorelist.com.key Alias /media /home/seafile/seafile/seafile-server-latest/seahub/media <Location /media> Options FollowSymLinks Require all granted </Location> RewriteEngine On # seafile fileserver - fill in "seafile file server" port from Seafile config (default 8082) ProxyPass /seafhttp http://127.0.0.1:8082 ProxyPassReverse /seafhttp http://127.0.0.1:8082 RewriteRule ^/seafhttp - [QSA,L] # seahub server - fill in "seahub" port from SEafile config (default 8000) SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 ProxyPreserveHost On ProxyPass / http://localhost:8000/ ProxyPassReverse / http://localhost:8000/ </VirtualHost>
# Create another one for Collabora LibreOffice Online sudo nano /etc/apache2/sites-available/tulip-cool.conf # (Use your Seafile service short name here)
- /etc/apache2/sites-available/tulip-cool.conf
<VirtualHost *:80> # Fill in your Collabora LibreOffice Online DNS name from Afraid.org ServerName tulip-cool.ignorelist.com RewriteEngine on RewriteCond %{SERVER_NAME} =tulip.ignorelist.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> <VirtualHost *:443> # Fill in your Collabora LibreOffice Online DNS name from Afraid.org ServerName tulip-cool.ignorelist.com SSLEngine on SSLCertificateFile /etc/ssl/private/tulip-cool.ignorelist.com.crt SSLCertificateKeyFile /etc/ssl/private/tulip-cool.ignorelist.com.key AllowEncodedSlashes NoDecode ProxyPreserveHost On # static html, js, images, etc. served from coolwsd # browser is the client part of Collabora Online # !! You can change port 8003 to whatever port you will use for COOL: ProxyPass /browser http://127.0.0.1:8003/browser retry=0 ProxyPassReverse /browser http://127.0.0.1:8003/browser # WOPI discovery URL ProxyPass /hosting/discovery http://127.0.0.1:8003/hosting/discovery retry=0 ProxyPassReverse /hosting/discovery http://127.0.0.1:8003/hosting/discovery # Capabilities ProxyPass /hosting/capabilities http://127.0.0.1:8003/hosting/capabilities retry=0 ProxyPassReverse /hosting/capabilities http://127.0.0.1:8003/hosting/capabilities # Main websocket ProxyPassMatch "/cool/(.*)/ws$" ws://127.0.0.1:8003/cool/$1/ws nocanon # Admin Console websocket ProxyPass /cool/adminws ws://127.0.0.1:8003/cool/adminws # Download as, Fullscreen presentation and Image upload operations ProxyPass /cool http://127.0.0.1:8003/cool ProxyPassReverse /cool http://127.0.0.1:8003/cool # Compatibility with integrations that use the /lool/convert-to endpoint ProxyPass /lool http://127.0.0.1:8003/cool ProxyPassReverse /lool http://127.0.0.1:8003/cool </VirtualHost>
# Enable the sites sudo a2ensite tulip tulip-cool sudo systemctl restart apache2
Now Seafile should be accessible at https://tulip.ignorelist.com on your client machine (where tulip.ignorelist.com is your DNS name from Afraid.org).
<WRAP tip> On EVERY CLIENT, before you use either of the sites, you must do the following:
- Go to https://tulip.ignorelist.com in your browser (fill in your main hostname).
- Navigate through the warning about the self-signed certificate, and accept the certificate.
- Go to https://tulip-cool.ignorelist.com (fill in your COOL hostname).
- Accept the certificate in the same way.
Here is a screenshot of the self-signed certificate warning in Firefox-descended browsers:
Collabora LibreOffice Online
We will install the Ubuntu packages for Collabora LibreOffice Online. Following the Collabora Online "Install from packages → Ubuntu 22.04" documentation:
cd /usr/share/keyrings sudo wget https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg sudo tee /etc/apt/sources.list.d/collaboraonline.sources << EOF Types: deb URIs:https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-ubuntu2204 Suites: ./ Signed-By: /usr/share/keyrings/collaboraonline-release-keyring.gpg EOF sudo apt update sudo apt install coolwsd code-brand
Based on the configuration documentation, edit your Collabora LibreOffice Online config file.
sudo nano /etc/coolwsd/coolwsd.xml
- /etc/coolwsd/coolwsd.xml
<!-- in the "net" section… --> <net…> <!-- change "proto" to IPV4 --> <!-- <proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">all</proto> --> <proto type="string" default="all" desc="Protocol to use IPv4, IPv6 or all for both">IPv4</proto> <!-- change "listen" to only on loopback address --> <!-- <listen type="string" default="any" desc="Listen address that coolwsd binds to. Can be 'any' or 'loopback'.">any</liste n> --> <listen type="string" default="any" desc="Listen address that coolwsd binds to. Can be 'any' or 'loopback'.">loopback</liste n> <!-- in the "ssl" section… --> <ssl…> <!-- Disable TLS (on the back-end) --> <!-- <enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for production deployment). If default is false, must first be compiled with SSL support to enable." default="true">true</enable> --> <enable type="bool" desc="Controls whether SSL encryption between coolwsd and the network is enabled (do not disable for p roduction deployment). If default is false, must first be compiled with SSL support to enable." default="true">false</enable> <!-- Enable usage behind proxy server --> <!-- <termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" default="true">false</termination> --> <termination desc="Connection via proxy where coolwsd acts as working via https, but actually uses http." type="bool" defa ult="true">true</termination>
# Install coolwsd service sudo cp /usr/lib/systemd/system/coolwsd.service /etc/systemd/system/coolwsd.service # Add a port number sudo nano /etc/systemd/system/coolwsd.service
- /etc/systemd/system/coolwsd.service
# Edit this line… # Fill in the port you used in the "-cool" Apache config file. ExecStart=/usr/bin/coolwsd --version --o:sys_template_path=/opt/cool/systemplate --o:child_root_path=/opt/cool/child-roots --o:file_server_root_path=/usr/share/coolwsd --port=8003
# Set password and install service sudo coolconfig set-admin-password sudo systemctl stop coolwsd sudo systemctl disable coolwsd sudo systemctl enable coolwsd sudo systemctl start coolwsd sudo su - seafile nano ~/seafile/conf/seahub_settings.py
- ~/seafile/conf/seahub_settings.py
# Add to the end… OFFICE_SERVER_TYPE = 'CollaboraOffice' ENABLE_OFFICE_WEB_APP = True OFFICE_WEB_APP_BASE_URL = 'https://cool.glump.net/hosting/discovery' WOPI_ACCESS_TOKEN_EXPIRATION = 5 * 60 * 60 # seconds OFFICE_WEB_APP_FILE_EXTENSION = ( 'odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx' ) ENABLE_OFFICE_WEB_APP_EDIT = True OFFICE_WEB_APP_EDIT_FILE_EXTENSION = ( 'odp', 'ods', 'odt', 'xls', 'xlsb', 'xlsm', 'xlsx','ppsx', 'ppt', 'pptm', 'pptx', 'doc', 'docm', 'docx' )
exit # logout as Seafile user sudo systemctl restart seahub
Discussion
To comment on this page, please copy and paste the following into an email and send it to me. Useful and informative comments will be published within a day or two.