diff --git a/roles/onlyoffice_document_server/defaults/main.yml b/roles/onlyoffice_document_server/defaults/main.yml
index 5f1ad22..639a344 100644
--- a/roles/onlyoffice_document_server/defaults/main.yml
+++ b/roles/onlyoffice_document_server/defaults/main.yml
@@ -19,3 +19,6 @@ oo_ds_vhost: onlyoffice-ds.{{ ansible_domain }}
 # Is auto-saving of file enabled
 # If true, files will be saved every 5 minutes
 oo_auto_save: True
+
+# Secret used to protect cached files. A random one will be generated if not set
+# oo_link_secret: XXXXXXX
diff --git a/roles/onlyoffice_document_server/tasks/conf.yml b/roles/onlyoffice_document_server/tasks/conf.yml
index d19464a..012ad90 100644
--- a/roles/onlyoffice_document_server/tasks/conf.yml
+++ b/roles/onlyoffice_document_server/tasks/conf.yml
@@ -8,6 +8,6 @@
   tags: oo
 
 - name: Deploy nginx configuration
-  template: src=nginx_vhost.conf.j2 dest=/etc/nginx/ansible_conf.d/32-oods.conf
+  template: src=nginx_vhost.conf.j2 dest=/etc/nginx/ansible_conf.d/32-oods.conf mode=640
   notify: reload nginx
   tags: oo
diff --git a/roles/onlyoffice_document_server/tasks/facts.yml b/roles/onlyoffice_document_server/tasks/facts.yml
index 21e307c..2643b99 100644
--- a/roles/onlyoffice_document_server/tasks/facts.yml
+++ b/roles/onlyoffice_document_server/tasks/facts.yml
@@ -15,6 +15,16 @@
     - set_fact: oo_db_pass={{ rand_pass }}
   tags: oo
 
+- when: oo_link_secret is not defined
+  block:
+    - import_tasks: ../includes/get_rand_pass.yml
+      vars:
+        - pass_file: /etc/onlyoffice/meta/ansible_link_secret
+        - complex: False
+        - pass_size: 30
+    - set_fact: oo_link_secret={{ rand_pass }}
+  tags: oo
+
 - name: Detect installed version
   shell: rpm -q --qf "%{version}-%{release}" onlyoffice-documentserver || echo 0
   args:
diff --git a/roles/onlyoffice_document_server/templates/nginx_vhost.conf.j2 b/roles/onlyoffice_document_server/templates/nginx_vhost.conf.j2
index e0dfe15..0daa924 100644
--- a/roles/onlyoffice_document_server/templates/nginx_vhost.conf.j2
+++ b/roles/onlyoffice_document_server/templates/nginx_vhost.conf.j2
@@ -8,5 +8,6 @@ server {
     expires 365d;
     alias /var/www/onlyoffice/documentserver/fonts$2;
   }
+  set $secure_link_secret {{ oo_link_secret }};
   include /etc/onlyoffice/documentserver/nginx/includes/ds-docservice.conf;
 }
diff --git a/roles/onlyoffice_document_server/templates/oods.json.j2 b/roles/onlyoffice_document_server/templates/oods.json.j2
index ecb5b71..527cb16 100644
--- a/roles/onlyoffice_document_server/templates/oods.json.j2
+++ b/roles/onlyoffice_document_server/templates/oods.json.j2
@@ -4,7 +4,8 @@
   },
   "storage": {
     "fs": {
-      "folderPath": "/var/lib/onlyoffice/documentserver/App_Data/cache/files"
+      "folderPath": "/var/lib/onlyoffice/documentserver/App_Data/cache/files",
+      "secretString": "{{ oo_link_secret }}"
     }
   },
   "services": {
diff --git a/roles/seafile/defaults/main.yml b/roles/seafile/defaults/main.yml
index 774ba0d..d2dbe36 100644
--- a/roles/seafile/defaults/main.yml
+++ b/roles/seafile/defaults/main.yml
@@ -11,7 +11,7 @@
 #   MaxUsers = "9"
 #   Mode = "subscription"
 #   etc...
-seafile_version: "{{ seafile_license is defined | ternary('9.0.8','9.0.9') }}"
+seafile_version: "{{ seafile_license is defined | ternary('9.0.9','9.0.9') }}"
 
 # Archive URL and sha256 are only used for the community version
 seafile_archive_url: https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_{{ seafile_version }}_x86-64.tar.gz
diff --git a/roles/seafile/files/seafile-pro-server_9.0.8_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_9.0.8_x86-64_CentOS.tar.gz
deleted file mode 100644
index d8f9bb9..0000000
--- a/roles/seafile/files/seafile-pro-server_9.0.8_x86-64_CentOS.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7bc555a48a4f0ad47daf6b53a742b1e1e57b591f2bd3d97a602fb521bb920283
-size 97113976
diff --git a/roles/seafile/files/seafile-pro-server_9.0.9_x86-64_CentOS.tar.gz b/roles/seafile/files/seafile-pro-server_9.0.9_x86-64_CentOS.tar.gz
new file mode 100644
index 0000000..0e6d977
--- /dev/null
+++ b/roles/seafile/files/seafile-pro-server_9.0.9_x86-64_CentOS.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0b7120daf190a663add8aa846ace771e92d7a85198ba1ede689437ece0138365
+size 97112439