[KlatchianMist]

> The defaults on the (self-hosted) server are also very insecure..

Could you elaborate on this? Which defaults do you consider insecure? Are there ways to trivially change some values for more security?

Not pushing back on your statement, just curious to know more about it.

[tredre3]

1. When you install Seafile you get two services: Seahub that binds to 127.0.0.1 and Seafile that binds to 0.0.0.0 and this isn't explained why one is public and the other isn't. Evidently they expect you to proxy both services, so why make one public at all? To be fair they briefly mention it as an optional step of the optional nginx section, which I hadn't seen before your comment so shame on me!

2. My other issue is that the installation guide doesn't tell you to create a user for seafile and manually start the service as this user. Most services are installed as root and started as root and I would expect most users to do just that. There is nothing inherently wrong with seafile not setuid()ing itself or its install script not creating a user, but it should mention it in the guide.

(To be fair they're really pushing the docker method now and I expect manual installation to be deprecated.)