Skip to content

Installing SeaweedFS on Linux

Download the SeaweedFS Binary

Download the latest SeaweedFS binaries (64-bit Linux)

cd /tmp
curl -L -O https://github.com/seaweedfs/seaweedfs/releases/latest/download/linux_amd64.tar.gz

Verify the download

ls -lh linux_amd64.tar.gz

Extract SeaweedFS to a suitable location

sudo mkdir -p /opt/seaweedfs
sudo tar -xzf linux_amd64.tar.gz -C /opt/seaweedfs

Check the binaries:

ls /opt/seaweedfs

You should see the weed binary.

(Optional) Make it globally accessible:

Install SeaweedFS

sudo ln -s /opt/seaweedfs/weed /usr/local/bin/weed

Create a dedicated user (recommended)

sudo useradd --system --no-create-home --shell /usr/sbin/nologin seaweedfs

Create and configure the data storage location

sudo mkdir -p /var/lib/seaweedfs
sudo chown -R seaweedfs:seaweedfs /var/lib/seaweedfs
sudo chmod 750 /var/lib/seaweedfs

If you plan to use multiple disks, you can later specify multiple directories (comma-separated).

Decide on the TCP/IP ports to use (customizable)

Component Default Port
Master (cluster UI) 9333
Volume 8080
S3 API 8333
Filer UI (optional) 8888

Start SeaweedFS as a Systemd Service

Create the systemd service file (S3 server)

sudo nano /etc/systemd/system/seaweedfs.service

Example systemd unit

[Unit]
Description=SeaweedFS S3 Server
After=network.target
Wants=network.target

[Service]
Type=simple
User=seaweedfs
Group=seaweedfs

ExecStart=/opt/seaweedfs/weed server \
  -master.port=9333 \
  -volume.port=8080 \
  -dir=/var/lib/seaweedfs \
  -ip=0.0.0.0 \
  -s3 \
  -s3.port=8333

Restart=always
RestartSec=5
LimitNOFILE=1048576

[Install]
WantedBy=multi-user.target

Reload systemd and start the SeaweedFS service:

sudo systemctl daemon-reload
sudo systemctl enable seaweedfs
sudo systemctl start seaweedfs

Check Status of Services

sudo systemctl status seaweedfs

View service logs:

journalctl -u seaweedfs -f

Access the UI and S3 endpoint:

Web UI

Master UI:

text http://<host>:9333

Volume UI:

text http://<host>:8080/status

S3 Endpoint

Endpoint URL:

text http://<host>:8333

Filer UI:

text http://<host>:8888

You can now configure S3 access keys using:

weed shell

Then:

s3.configure

Firewall considerations

If necessary, allow open the nexessary firewall ports. For Red Hat and SUSE based distros, if firewalld is running:

sudo firewall-cmd --add-port=19333/tcp --permanent
sudo firewall-cmd --add-port=18080/tcp --permanent
sudo firewall-cmd --add-port=18333/tcp --permanent
sudo firewall-cmd --reload

For Ubuntu-based distros, if ufw is running:

sudo ufw allow 9333
sudo ufw allow 8080
sudo ufw allow 8333

For other distros, refer to the operating system documentation.

Enabling TLS (optional)

SeaweedFS supports TLS by:

  • Providing a certificate + private key
  • Enabling TLS on each component (master, volume, filer, S3)
  • Optionally enforcing mutual TLS (mTLS)

Each service listens on its own port, and TLS is enabled per service.

Option A: Use a Public Certificate (Let’s Encrypt)

Use this if SeaweedFS is accessed externally via a DNS name.

Obtain certificates (example with certbot)

sudo apt install certbot
sudo certbot certonly --standalone -d seaweedfs.example.com

Certificates will be here:

/etc/letsencrypt/live/seaweedfs.example.com/fullchain.pem
/etc/letsencrypt/live/seaweedfs.example.com/privkey.pem

Make certificates readable by SeaweedFS

sudo mkdir -p /etc/seaweedfs/tls
sudo cp /etc/letsencrypt/live/seaweedfs.example.com/fullchain.pem /etc/seaweedfs/tls/tls.crt
sudo cp /etc/letsencrypt/live/seaweedfs.example.com/privkey.pem /etc/seaweedfs/tls/tls.key

sudo chown -R seaweedfs:seaweedfs /etc/seaweedfs
sudo chmod 600 /etc/seaweedfs/tls/tls.key

Option B: Self-Signed Certificates (Internal / Private Use)

Good for internal networks or testing. Create a directory to contain the TLS certificate and related files:

sudo mkdir -p /etc/seaweedfs/tls
cd /etc/seaweedfs/tls

Create an OpenSSL configuration file with SANs:

sudo vi seaweed.cnf

And add content like this, replacing US, State, City, ExampleOrg, SeaweedFS and seaweedfs.example.com with appromriate values. Also replace 192.168.200.2 with the correct IP address:

[ req ]
default_bits       = 4096
prompt             = no
default_md         = sha256
distinguished_name = dn
x509_extensions    = v3_req

[ dn ]
C  = US
ST = State
L  = City
O  = ExampleOrg
OU = SeaweedFS
CN = seaweedfs.example.com

[ v3_req ]
keyUsage = critical, digitalSignature, keyEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = seaweedfs.example.com
DNS.2 = localhost
IP.1  = 127.0.0.1
IP.2  = 192.168.200.2

Now create a self-signed certificate:

sudo openssl req -x509 -nodes -days 3650 \
  -newkey rsa:4096 \
  -keyout seaweed.key \
  -out seaweed.crt \
  -config seaweed.cnf

This produces:

Certificate: seaweed.crt
Private key: seaweed.key

Verify SANs (important):

openssl x509 -in seaweed.crt -noout -text | grep -A1 "Subject Alternative Name"

You should see something like:

DNS:seaweedfs.example.com, DNS:localhost, IP Address:127.0.0.1, IP Address:192.168.200.2

Set permissions:

sudo chown -R seaweedfs:seaweedfs /etc/seaweedfs
sudo chmod 600 seaweed.key

Enabling TLS in SeaweedFS

Update your systemd service unit file:

sudo vi /etc/systemd/system/seaweedfs.service

And add the s3.port.https, s3.cert.file and s3.key.file settings:

[Service]
ExecStart=/opt/seaweedfs/weed server \
  -ip=0.0.0.0 \
  -dir=/var/lib/seaweedfs \
  -master.port=9333 \
  -volume.port=8080 \
  -s3 \
  -s3.port=8333 \
  -s3.port.https=8334 \
  -s3.cert.file=/etc/seaweedfs/tls/seaweed.crt \
  -s3.key.file=/etc/seaweedfs/tls/seaweed.key

Reload and restart systemd:

sudo systemctl daemon-reload
sudo systemctl restart seaweedfs

Verifying TLS

Check with curl:

curl https://localhost:9333

For self-signed certs:

curl -k https://localhost:9333

Browser

  • UI now uses https://
  • Expect warnings for self-signed certs unless trusted