Logo UK Logo MFF

Institute of Formal and Applied Linguistics


Charles University, Czech Republic
Faculty of Mathematics and Physics

ÚFAL
Milan Fučík

SeaFile - UFAL's private data cloud

server: ufalgate.ms.mff.cuni.cz

URL: https://storage.ms.mff.cuni.cz

Accounts: ​

  1. UFAL's Zimbra accounts (login format: UFAL e-mail address)
  2. internal SeaFile's user database for our partners without of Zimbra account (login format: e-mail address)

Admins: it@ufal.mff.cuni.cz

File Syncing and Sharing

Organize files into libraries. Each library can be shared between users and into groups. A library can also be selectively synced into any device.

Team Collaboration

Edit and comment files online. Messaging, group discussion, activity notification and file versions make collaboration easy and reliable.

Mobile Office

Access files from mobile devices. Notifications and messages make it easy to connect with team members.

Details:

  • 500GB of shared capacity (adjustable based on current requirements)
  • default personal quota limit is 10GB
  • 10Gbps connectivity
  • feel free to store any legal (!) content, even private
  • web access or automatic backgroud Sync service in your Linux/Windows/Android/iOS system
  • you can let the system to synchronize your private Cloud Library (Folder) on all your devices, even in multi-platform environment
  • you can let it to synchronize selected Library for your team, everyone will have the same content available as you will update it (or as soon as they will hook up to the network)
  • and more :) ...
  • details at SeaFile website
  • you can create encrypted Library (checkbox on a Library creation + encryption password definition box). Such Library can be used to store or share sensitive data (because of GDPR for example)

Configuration:

 

Details on encrypted libraries:

Creating over web interface

Using

  •  whenever you (or your collaborators) sync the library you will be asked for the password you entered
  • encryption and decryption is done at the client side
  • data are stored as encrypted data blocks at the server side
  • local copy of the Library is not encrypted, if the local filesystem is not encrypted! You should use BitLocker, VeraCrypt or other similar tool to store replica of sensitive data only on encrypted storage! Other option is don't enable synchronization and access the data over the web interface or Seafile client window only. Examples can be found below!
  • The encryption password is not stored on the server. So even the server administrator can't access your file contents.

When you access the encrypted library:

  • If you use web app, you have to input the password to the server. The server will cache the password in encrypted format for 1 hour. It won't store the password on disk.
  • If you use desktop client to sync the library, the password is not sent to the server. The client decrypt and encrypt file contents locally. The plain text password is not stored on the client disk too.
  • iOS client supports client side encryption since version 2.1.6. Android client support it since version 2.1.0.

Note that encrypted library only encrypt the contents of the files, but not the folder and file names.

Local encrypted storage guide

  If you have Windows 7 Ultimate, Windows 8 Pro or higher, you can use BitLocker to encrypt your system completely or at least you can create encrypted partition to store sensitive data and data synced from your encrypted Seafile Libraries. This way you will keep the data safe. There is almost no reason to encrypt data at the server side while they'd be unencrypted localy.

There is plenty of BitLocker tutorials - one can be found at https://www.windowscentral.com/how-use-bitlocker-encryption-windows-10

 If you have older Windows system (or other platform like Linux or MacOS) you can use VeraCrypt solution https://www.veracrypt.fr/en/Home.html

VeraCrypt can help you by encrypting the partition, USB flash drive or to create an encrypted file containing the filesystem. I'll describe the last option is it fits our needs in case of Seafile encrypted Library replica storage. The following example is for Windows system:

  1. Download and Install latest VeraCrypt package: https://www.veracrypt.fr/en/Downloads.html
  2. Start VeraCrypt
  3. Click on "Create Volume"
  4. Select the 1st option - "Create an encrypted file container" and click Next
  5. Select "Standard VeraCrypt volume" and click Next
  6. Click "Select File", navigate to your Documents folder (for example) and fill-in "MySafe" into "File name" field. Select Save and then Next.
  7. The default at the "Encryption Options" are fine, you can click Next.
  8. Define size of your encrypted storage - it should correspond to the planned size of your encrypted Seafile Library. Select 250MB if you have no idea...you can remove this encrypted storage file and create larger one later if needed.
  9. Volume Password - this is important. The password should be of a high quality. Never write it anywhere in a clear form. It can be different then encrypted Library password (which is shared with all users of the Library and serves as a decryption password). Click Next.
  10. Now the system needs to generate encryption keys. To do that it needs some random activity. You should move your mouse pointer until the indicator line is green! Default filesystem options are fine if you don't plan to store and encrypt large files (GBs in size). If you do - select NTFS filesystem. Click Format and OK when finished.
  11. Click Exit (if you don't plan to create more encrypted storages at once).
  12. Now we will mount new encrypted virtual volume - use "Select file", locate the file created before (Documents/MySafe) and click Open.
  13. Select Drive letter you like by mouse click (S: as Safe or V: as VeraCrypt, E: as Encrypted...or any other unused.
  14. Click on Mount button.
  15. Fill-in the encrypted volume password to unlock/decrypt MySafe file and click OK.
  16. After a while the file is mounted and you can find new volume in My Computer / Windows Explorer or other filesystem browser.
  17. We have to change several settings to use this volume with a Seafile sync client comfortably...set it to be mounted automaticaly and change Seafile client settings to block automatic unsync in case of unavailable replication folder.
  18. Click on Favourites and select "Add mounted Volume to Favourites" in the VeraCrypt window.
  19. Mark checkbox by the "Mount selected volume upon logon" and click OK.
  20. Now right-click at the Seafile client icon in the indicator area and select Settings.
  21. Open Advanced tab, tag "Do not automatically unsync a library" and click OK.
  22. You can click Exit to close VeraCrypt configuration window.
  23. Now you can configure Seafile client to sync your encrypted library. Just click on a library (in the Seafile client window), select Sync and use new virtual drive as a local target directory - for example V:
  24. Done. You will be asked for a VeraCrypt volume password while logging to the system. Seafile client will show a warning before you unlock the volume as it can't see the local data ("Error when accesing the local folder").