volumes inside local directory

Document initial setup steps and provide detailed instructions for fixing CSRF verification errors in Seafile v11+ when running behind Traefik reverse proxy.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

.env.example

@@ -3,10 +3,6 @@ MYSQL_ROOT_PASSWORD=changeme_secure_password
 MYSQL_LOG_CONSOLE=true
 MARIADB_AUTO_UPGRADE=1
 
-# Database Configuration for Seafile
-DB_HOST=db
-DB_ROOT_PASSWD=changeme_secure_password
-
 # Time Zone Configuration
 TIME_ZONE=Etc/UTC
 
@@ -14,9 +10,4 @@ TIME_ZONE=Etc/UTC
 SEAFILE_ADMIN_EMAIL=admin@example.com
 SEAFILE_ADMIN_PASSWORD=changeme_admin_password
 
-# HTTPS/SSL Configuration
-SEAFILE_SERVER_LETSENCRYPT=false
 SEAFILE_SERVER_HOSTNAME=seafile.example.com
-
-# Memcached Configuration
-MEMCACHED_MEMORY=256

.gitignore

@@ -1 +1,3 @@
 .env
+db/
+data/

README.md

@@ -0,0 +1,71 @@
+# Seafile Deployment
+
+Configuration Docker pour déployer Seafile avec Traefik comme reverse proxy.
+
+## Configuration initiale
+
+1. Copiez `.env.example` vers `.env` et configurez les variables :
+   ```bash
+   cp .env.example .env
+   ```
+
+2. Modifiez les variables dans `.env` :
+   - `SEAFILE_SERVER_HOSTNAME` : votre nom de domaine
+   - `SEAFILE_ADMIN_EMAIL` : email administrateur
+   - `SEAFILE_ADMIN_PASSWORD` : mot de passe administrateur
+   - Les mots de passe de base de données
+
+3. Démarrez les services :
+   ```bash
+   docker-compose up -d
+   ```
+
+## Fix CSRF (Seafile v11+)
+
+Après la mise à jour vers Seafile v11, Django a renforcé les vérifications CSRF. Si vous obtenez l'erreur :
+```
+Interdit (403)
+La vérification CSRF a échoué. La requête a été interrompue.
+```
+
+Vous devez ajouter votre domaine aux origines de confiance CSRF :
+
+1. Accédez au conteneur Seafile :
+   ```bash
+   docker exec -it seafile bash
+   ```
+
+2. Éditez le fichier de configuration :
+   ```bash
+   nano /opt/seafile/conf/seahub_settings.py
+   ```
+
+3. Ajoutez à la fin du fichier (remplacez par votre domaine réel) :
+   ```python
+   CSRF_TRUSTED_ORIGINS = ["https://votre-domaine.com"]
+   ```
+
+4. Sauvegardez (Ctrl+O, Entrée, Ctrl+X) et sortez du conteneur :
+   ```bash
+   exit
+   ```
+
+5. Redémarrez Seafile :
+   ```bash
+   docker-compose restart seafile
+   ```
+
+**Note :** Cette configuration est persistante car le fichier `seahub_settings.py` est stocké dans le volume `/opt/seafile-data` qui est monté sur l'hôte.
+
+## Structure
+
+- `docker-compose.yml` : Configuration des services (Seafile, MariaDB, Memcached)
+- `.env` : Variables d'environnement (non versionné)
+- `.env.example` : Exemple de configuration
+
+## Services
+
+- **seafile** : Serveur Seafile (port 80 interne, exposé via Traefik)
+- **db** : Base de données MariaDB
+- **memcached** : Cache en mémoire
+- **traefik** : Reverse proxy (réseau externe)

docker-compose.yml

@@ -3,18 +3,18 @@ services:
     image: mariadb:10.11
     container_name: seafile-mysql
     environment:
-      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD}  # Required, set the root's password of MySQL service.
+      - MYSQL_ROOT_PASSWORD=${MYSQL_ROOT_PASSWORD} # Required, set the root's password of MySQL service.
       - MYSQL_LOG_CONSOLE=${MYSQL_LOG_CONSOLE}
       - MARIADB_AUTO_UPGRADE=${MARIADB_AUTO_UPGRADE}
     volumes:
-      - /opt/seafile-mysql/db:/var/lib/mysql  # Required, specifies the path to MySQL data persistent store.
+      - ./db:/var/lib/mysql # Required, specifies the path to MySQL data persistent store.
     networks:
       - seafile-net
 
   memcached:
     image: memcached:1.6.18
     container_name: seafile-memcached
-    entrypoint: memcached -m ${MEMCACHED_MEMORY}
+    entrypoint: memcached -m 256
     networks:
       - seafile-net
 
@@ -22,19 +22,19 @@ services:
     image: seafileltd/seafile-mc:11.0-latest
     container_name: seafile
     volumes:
-      - /opt/seafile-data:/shared   # Required, specifies the path to Seafile data persistent store.
+      - ./data:/shared # Required, specifies the path to Seafile data persistent store.
     environment:
-      - DB_HOST=${DB_HOST}
+      - DB_HOST=db
-      - DB_ROOT_PASSWD=${DB_ROOT_PASSWD}  # Required, the value should be root's password of MySQL service.
+      - DB_ROOT_PASSWD=${MYSQL_ROOT_PASSWD} # Required, the value should be root's password of MySQL service.
-      - TIME_ZONE=${TIME_ZONE}  # Optional, default is UTC. Should be uncomment and set to your local time zone.
+      - TIME_ZONE=Europe/Paris
       - SEAFILE_ADMIN_EMAIL=${SEAFILE_ADMIN_EMAIL} # Specifies Seafile admin user, default is 'me@example.com'.
-      - SEAFILE_ADMIN_PASSWORD=${SEAFILE_ADMIN_PASSWORD}     # Specifies Seafile admin password, default is 'asecret'.
+      - SEAFILE_ADMIN_PASSWORD=${SEAFILE_ADMIN_PASSWORD} # Specifies Seafile admin password, default is 'asecret'.
-      - SEAFILE_SERVER_LETSENCRYPT=${SEAFILE_SERVER_LETSENCRYPT}   # Whether to use https or not.
+      - SEAFILE_SERVER_LETSENCRYPT=false
       - SEAFILE_SERVER_HOSTNAME=${SEAFILE_SERVER_HOSTNAME} # Specifies your host name if https is enabled.
-      - SEAFILE_SERVER_PROTOCOL=https  # Protocol used to access Seafile (http or https)
+      - SEAFILE_SERVER_PROTOCOL=https # Protocol used to access Seafile (http or https)
-      - SERVICE_URL=https://${SEAFILE_SERVER_HOSTNAME}  # Full URL to access Seafile
+      - SERVICE_URL=https://${SEAFILE_SERVER_HOSTNAME} # Full URL to access Seafile
-      - FILE_SERVER_ROOT=https://${SEAFILE_SERVER_HOSTNAME}/seafhttp  # URL for file server
+      - FILE_SERVER_ROOT=https://${SEAFILE_SERVER_HOSTNAME}/seafhttp # URL for file server
-      - FORCE_HTTPS_IN_CONF=true  # Force HTTPS in all Seafile configuration files
+      - FORCE_HTTPS_IN_CONF=true # Force HTTPS in all Seafile configuration files
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.seafile.rule=Host(`${SEAFILE_SERVER_HOSTNAME}`)"