Vish/homelab-optimized
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
82b69ea7e3362d30d1dba68eb2054e40d01eabed
homelab-optimized/docs/services/individual/seafile-oauth.md
Gitea Mirror Bot 82b69ea7e3
Some checks failed
Documentation / Build Docusaurus (push) Failing after 17m9s
Details
Documentation / Deploy to GitHub Pages (push) Has been skipped
Details
Sanitized mirror from private repository - 2026-03-21 07:31:47 UTC
2026-03-21 07:31:47 +00:00

94 lines
2.8 KiB
Markdown
Raw Blame History

# Seafile OAuth2 with Authentik
**Host**: Calypso (Synology NAS)
**Domain**: `sf.vish.gg`
**Port**: 8611
**Compose File**: `hosts/synology/calypso/seafile-server.yaml`
**Status**: ✅ Working
## Overview
Seafile uses OAuth2 to integrate with Authentik for SSO. Local login remains fully functional.
## Authentication Methods
1. **Local Login** - Email/password on the login page
2. **OAuth2 SSO** - "Single Sign-On" button
## Authentik Configuration
### Provider Created
- **Name**: Seafile OAuth2
- **Type**: OAuth2/OpenID Provider
- **Client ID**: `oVa51E8UC9PNmgFSIlivYgcGwdBvnc83YW2WkuDS`
- **Redirect URI**: `https://sf.vish.gg/oauth/callback/`
- **Scopes**: openid, email, profile
### Application Created
- **Name**: Seafile
- **Slug**: `seafile`
- **Launch URL**: https://sf.vish.gg
## Seafile Configuration
Seafile requires adding OAuth settings to `seahub_settings.py`. The config file is at:
`/volume1/docker/seafile/data/seafile/conf/seahub_settings.py`
### Configuration to Add
Append the contents of `hosts/synology/calypso/seafile-oauth-config.py` to seahub_settings.py:
```python
ENABLE_OAUTH = True
OAUTH_ENABLE_INSECURE_TRANSPORT = False
OAUTH_CLIENT_ID = "REDACTED_CLIENT_ID"
OAUTH_CLIENT_SECRET = "REDACTED_CLIENT_SECRET"
OAUTH_REDIRECT_URL = "https://sf.vish.gg/oauth/callback/"
OAUTH_PROVIDER_DOMAIN = "sso.vish.gg"
OAUTH_AUTHORIZATION_URL = "https://sso.vish.gg/application/o/authorize/"
OAUTH_TOKEN_URL = "https://sso.vish.gg/application/o/token/"
OAUTH_USER_INFO_URL = "https://sso.vish.gg/application/o/userinfo/"
OAUTH_SCOPE = ["openid", "profile", "email"]
OAUTH_ATTRIBUTE_MAP = {
"email": (True, "email"),
"name": (False, "name"),
}
```
## Activation Steps
1. SSH to Calypso or use Synology DSM
2. Edit the seahub_settings.py file:
```bash
nano /volume1/docker/seafile/data/seafile/conf/seahub_settings.py
```
3. Append the OAuth configuration (see above or copy from `seafile-oauth-config.py`)
4. Restart Seafile:
```bash
docker restart Seafile
```
5. Test by visiting https://sf.vish.gg and clicking "Single Sign-On"
## Troubleshooting
### SSO button not appearing
- Verify `ENABLE_OAUTH = True` is in seahub_settings.py
- Check Seafile logs: `docker logs Seafile`
### "Invalid redirect URI" error
- Ensure redirect URI in Authentik matches exactly: `https://sf.vish.gg/oauth/callback/`
- Note the trailing slash is important!
### User created but can't access files
- OAuth users are created automatically on first login
- Admin needs to grant them access to libraries
## Related Documentation
- [Seafile OAuth Documentation](https://manual.seafile.com/deploy/oauth/)
- [Authentik OAuth2 Setup](https://docs.goauthentik.io/docs/providers/oauth2/)
## Change Log
- **2026-01-31**: Created OAuth2 provider and application in Authentik, created config file
Reference in New Issue View Git Blame Copy Permalink