Ever since I had my home NAS I tried to setup a solution to sync my files. First I tried owncloud which back then had none really working sync client. The next candidate was BitTorrent Sync. It had the big advantage of automatically finding local clients for faster transfer but it is closed source and that was not good for my paranoia...
So I settled for an open source solution, that has proofed for decades: unison. It worked really good but I had to sync it manually or to use a cron job but not with autosync when a file changes.
So I searched for another solution and found clearskies, which is an open source clone of BitTorrent Sync, but it was a very young project, about 1 month old, and was merely a work in progress. It still looks very promising and maybe I'll give it a try again later.
Finally I came to seafile. It uses git for the metadata and changelog and keeps the data outside of the git. I first was a bit sceptic because the software is from China. This is pretty irrational: american software is trusted, chinese is associated with spyware. Since the NSA it is actual a plus, and furthermore because it's open, others and I could read the code. Additionally it has built-in client side encryption, so I can store only encrypted data on my untrusted server at the hosting company.
First install dependencies and add the user to run seafile under.
sudo aptitude install python2.7 python-setuptools python-simplejson python-imaging sqlite3 sudo adduser seafile sudo su seafile
Next we run the following commands under the user seafile.
cd wget https://bitbucket.org/haiwen/seafile/downloads/seafile-server_2.1.4_x86-64.tar.gz tar -xvf seafile-server_2.0.2_x86-64.tar.gz rm seafile-server_2.0.2_x86-64.tar.gz cd seafile-server-2.0.2/ ./setup-seafile.sh ./seafile.sh start ./seahub.sh start 8000 <Ctrl-D>
Of course you have to adjust the version number if it differs from the one used in this example. If you're paranoid you can also compile it from the sources.
Set your firewall to let through port 12001 (or whatever ccnet listens to).
sudo ufw allow 12001/tcp
Make your port 8000 reachable from the outside by either opening the port in your firewall oder setting up a reverse proxy like nginx for a nice URL. With nginx you can also terminate SSL there and let seafile handle just HTTP. If you may want to download files via the web interface you have to open port 8082, too.
- For updates I recommend following the documentation in the official wiki.
- Install seafile. You can either download the client from http://seafile.com/en/download/ or using your favourite package manager. It is contained in most distributions repositories.
- Start it and start to enter your account information. In the server field you enter https://servername:8000 or your appropriate url if you proxy it, E-Mail and Password are the same as you set in the setup process of the server.
- Now add libraries, as you like. Most of it is really self explanatory and easy to set up. The only thing I stumbled apon is the setting of the path. If you are creating a library you select the whole path to the folder you want to sync, e.g. /home/user/Documents. If the library already exists you have to omit the last part, e.g. only /home/user/.
This machine mirrors all the data unencrypted. Can be used to have a replication of the data on a machine you absolutely trust.
Also first get dependencies and seafile package manually or via package manager.
sudo apt-get install python-argparse python-simplejson wget http://seafile.googlecode.com/files/seafile-cli_2.0.6_x86-64.tar.gz tar xzf seafile-cli_2.0.6_x86-64.tar.gz mkdir -p /etc/seafile/ cd seafile-cli-2.0.6/ (sudo) ./seaf-cli init -d ~/.seafile
Now it's time to add all the libaries you want to sync
seaf-cli sync -l <lib-id> -s <server> -d <local-dir> -u <username>
Explanation: You can find the lib-id by going to the overview in the webinterface and taking the last part of the links to the libraries. For example something like aabbccdd-eeff-1234-5678-abcdef1234. The server is the same adress as you set in the GUI-client. The username should be self explanatory, whereas the local-dir is a bit tricky: In contrast to the gui client you have to omit the name of the library at the end of the path. The client then asks you for the password of your user and the password of the library.
To check the status of the sync you can use
Now your setup is ready and syncs everything you throw into the directories. And when I say everything, I mean everything including swap file from your editor, temporary files and so on. Therefor I recommend you add a seafile-ignore.txt. If you're familiar to git you'll recognize the format: You insert a regex per line and everything that matches at least one line is ignored. Please note that if the file is already synced and then ignored it doesn't get deleted.
Out of the box seafile doesn't support a global seafile-ignore but you can just
insert a file called ignore.txt into the Seafile directory (e.g. ~/Seafile) and
can then symlink to it using
ln -s. The downside is that all other clients just
get the content of the ignore files and don't know of the link and if you change
the content of a seafile-ignore.txt on an other client the link disappears.
Good exlusion rules can be copied from gitignore examples. A basic ignorefile could look like this:
For my part I have restricted the whole syncing to only work inside my tinc ( these two tutorials) network and made only one folder publicly available on my mirroring server as attempt to increase the security.