Skip to content

Installing SeaweedFS on Linux

Download the SeaweedFS Binary

Download the latest SeaweedFS binaries (64-bit Linux):

cd /tmp
curl -L -O https://github.com/seaweedfs/seaweedfs/releases/latest/download/linux_amd64.tar.gz

Verify the download:

ls -lh linux_amd64.tar.gz

Extract SeaweedFS to a suitable location:

sudo mkdir -p /opt/seaweedfs
sudo tar -xzf linux_amd64.tar.gz -C /opt/seaweedfs

Check the binaries:

ls /opt/seaweedfs

You should see the weed binary.

Make it globally accessible (optional):

Install SeaweedFS

sudo ln -s /opt/seaweedfs/weed /usr/local/bin/weed

Create a dedicated user (recommended):

sudo useradd --system --no-create-home --shell /usr/sbin/nologin seaweedfs

Create and configure the data storage location:

sudo mkdir -p /var/lib/seaweedfs
sudo chown -R seaweedfs:seaweedfs /var/lib/seaweedfs
sudo chmod 750 /var/lib/seaweedfs

If you plan to use multiple disks, you can later specify multiple directories, separated by commas.

Decide on the TCP/IP ports to use (customizable):

Component Default Port
Master (cluster UI) 9333
Volume 8080
S3 API 8333
Filer UI (optional) 8888

Start SeaweedFS as a Systemd Service

Create the systemd service file (S3 server):

sudo nano /etc/systemd/system/seaweedfs.service

Example systemd unit:

[Unit]
Description=SeaweedFS S3 Server
After=network.target
Wants=network.target

[Service]
Type=simple
User=seaweedfs
Group=seaweedfs

ExecStart=/opt/seaweedfs/weed server \
  -master.port=9333 \
  -volume.port=8080 \
  -dir=/var/lib/seaweedfs \
  -ip=0.0.0.0 \
  -s3 \
  -s3.port=8333

Restart=always
RestartSec=5
LimitNOFILE=1048576

[Install]
WantedBy=multi-user.target

Reload systemd and start the SeaweedFS service:

sudo systemctl daemon-reload
sudo systemctl enable seaweedfs
sudo systemctl start seaweedfs

Check Status of Services

sudo systemctl status seaweedfs

View service logs:

journalctl -u seaweedfs -f

Access the UI and S3 endpoint:

Web UI

Master UI:

http://<host>:9333

Volume UI:

http://<host>:8080/status

S3 Endpoint

Endpoint URL:

http://<host>:8333

Filer UI:

http://<host>:8888

You can now configure S3 access keys using

weed shell

and then

s3.configure

Firewall Considerations

If necessary, open the necessary firewall ports. For Red Hat and SUSE based distros, if firewall is running:

sudo firewall-cmd --add-port=19333/tcp --permanent
sudo firewall-cmd --add-port=18080/tcp --permanent
sudo firewall-cmd --add-port=18333/tcp --permanent
sudo firewall-cmd --reload

For Ubuntu-based distros, if ufw is running:

sudo ufw allow 9333
sudo ufw allow 8080
sudo ufw allow 8333

For other distros, refer to the operating system documentation.

Enabling TLS (optional)

SeaweedFS supports TLS by

  • Providing a certificate + private key
  • Enabling TLS on each component (master, volume, filer, S3)
  • Optionally enforcing mutual TLS (mTLS)

Each service listens on its own port, and TLS is enabled per service.

Option A: Use a Public Certificate (Let’s Encrypt)

Use this if SeaweedFS is accessed externally via a DNS name.

Obtain certificates (example with certbot)

sudo apt install certbot
sudo certbot certonly --standalone -d seaweedfs.example.com

The certificates will be here:

/etc/letsencrypt/live/seaweedfs.example.com/fullchain.pem
/etc/letsencrypt/live/seaweedfs.example.com/privkey.pem

Make certificates readable by SeaweedFS

sudo mkdir -p /etc/seaweedfs/tls
sudo cp /etc/letsencrypt/live/seaweedfs.example.com/fullchain.pem /etc/seaweedfs/tls/tls.crt
sudo cp /etc/letsencrypt/live/seaweedfs.example.com/privkey.pem /etc/seaweedfs/tls/tls.key

sudo chown -R seaweedfs:seaweedfs /etc/seaweedfs
sudo chmod 600 /etc/seaweedfs/tls/tls.key

Option B: Self-Signed Certificates (Internal/Private Use)

Good for internal networks or testing. Create a directory to contain the TLS certificate and related files:

sudo mkdir -p /etc/seaweedfs/tls
cd /etc/seaweedfs/tls

Create an OpenSSL configuration file with SANs:

sudo vi seaweed.cnf

And add content like this, replacing US, State, City, ExampleOrg, SeaweedFS, and seaweedfs.example.com with approximate values. Also replace 192.168.200.2 with the correct IP address:

[ req ]
default_bits       = 4096
prompt             = no
default_md         = sha256
distinguished_name = dn
x509_extensions    = v3_req

[ dn ]
C  = US
ST = State
L  = City
O  = ExampleOrg
OU = SeaweedFS
CN = seaweedfs.example.com

[ v3_req ]
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = seaweedfs.example.com
DNS.2 = localhost
IP.1  = 127.0.0.1
IP.2  = 192.168.200.2

Now create a self-signed certificate:

sudo openssl req -x509 -nodes -days 3650 \
  -newkey rsa:4096 \
  -keyout seaweed.key \
  -out seaweed.crt \
  -config seaweed.cnf

This produces the following:

Certificate: seaweed.crt
Private key: seaweed.key

Verify SANs (important):

openssl x509 -in seaweed.crt -noout -text | grep -A1 "Subject Alternative Name"

You should see something like this:

DNS:seaweedfs.example.com, DNS:localhost, IP Address:127.0.0.1, IP Address:192.168.200.2

Set permissions:

sudo chown -R seaweedfs:seaweedfs /etc/seaweedfs
sudo chmod 600 seaweed.key

Enabling TLS in SeaweedFS

Update your systemd service unit file:

sudo vi /etc/systemd/system/seaweedfs.service

And add the s3.port.https, s3.cert.file, and s3.key.file settings:

[Service]
ExecStart=/opt/seaweedfs/weed server \
  -ip=0.0.0.0 \
  -dir=/var/lib/seaweedfs \
  -master.port=9333 \
  -volume.port=8080 \
  -s3 \
  -s3.port=8333 \
  -s3.port.https=8334 \
  -s3.cert.file=/etc/seaweedfs/tls/seaweed.crt \
  -s3.key.file=/etc/seaweedfs/tls/seaweed.key

Reload and restart systemd:

sudo systemctl daemon-reload
sudo systemctl restart seaweedfs

Verifying TLS

Check with curl:

curl https://localhost:9333

For self-signed certs:

curl -k https://localhost:9333

Browser

  • UI now uses https://
  • Expect warnings for self-signed certs unless trusted