OwnCloud » History » Version 16
Jessie Lee, 04/27/2016 09:26 AM
1 | 1 | Jessie Lee | {{lastupdated_at}} by {{lastupdated_by}} |
---|---|---|---|
2 | |||
3 | {{>toc}} |
||
4 | |||
5 | h1. Owncloud |
||
6 | |||
7 | Owncloud has issues with .DS_Store files. At first I thought it was a Dropbox <-> Owncloud error, but then I turned off my Dropbox and was still getting the error. We need to figure out a way to have Owncloud exclude syncing .DS_Store files, or else it will generate a bunch of them. I don't know why it is doing so, but I have figured out how to delete them all: |
||
8 | |||
9 | Run this in the top of the Owncloud directory. |
||
10 | <pre> |
||
11 | find ./ -type f -name ".DS_Stor*" -exec rm {} \; |
||
12 | </pre> |
||
13 | |||
14 | h1. Owncloud Installation |
||
15 | |||
16 | 16 | Jessie Lee | h2. Owncloud 9.0 on Debian 8 with Apache |
17 | 1 | Jessie Lee | |
18 | 10 | Jessie Lee | * -Wheezy does not have Owncloud 7 or 8 in repository (Jessie has 7.0 but I highly recommend using 8 for webUI improvements and speed- |
19 | 11 | Jessie Lee | * -Add the "Owncloud repository":https://download.owncloud.org/download/repositories/stable/owncloud/ (this is maintained by owncloud devs)- (this is now added by puppet to fileservers and can be added to any other server needed) |
20 | 1 | Jessie Lee | * After adding @sudo apt-get update && sudo apt-get install owncloud@ |
21 | * This should install owncloud to /var/www/owncloud, php, and mySQL |
||
22 | 9 | Jessie Lee | * This will also create a conf file in /etc/apache2/conf-available/owncloud.conf which adds configuration redirects domain.com/owncloud to the owncloud directory. |
23 | 1 | Jessie Lee | * contents of the conf file. <pre>Alias /owncloud "/var/www/owncloud/" |
24 | <Directory "/var/www/owncloud"> |
||
25 | Options +FollowSymLinks |
||
26 | AllowOverride All |
||
27 | Satisfy Any |
||
28 | <IfModule mod_dav.c> |
||
29 | Dav off |
||
30 | </IfModule> |
||
31 | |||
32 | SetEnv HOME /var/www/owncloud |
||
33 | SetEnv HTTP_HOME /var/www/owncloud |
||
34 | </Directory> |
||
35 | |||
36 | <Directory "/var/www/owncloud/data/"> |
||
37 | # just in case if .htaccess gets disabled |
||
38 | Require all denied |
||
39 | </Directory> |
||
40 | </pre> |
||
41 | 8 | Jessie Lee | |
42 | h2. Apache setup |
||
43 | |||
44 | * owncloud.conf is located in /etc/apache2/conf-available/owncloud.conf |
||
45 | * it can be disabled and enabled by a2disconf and a2enconf respectively |
||
46 | * by default it aliases {anyurl}/owncloud to the owncloud directory (default /var/www/owncloud) |
||
47 | * a virtualhost must be enabled for this to work. (ex. a2ensite default-ssl) |
||
48 | |||
49 | 1 | Jessie Lee | |
50 | h2. Database setup (mySQL) |
||
51 | |||
52 | * make sure package php5-mysql is installed on system |
||
53 | * start mysql command line mode @mysql -uroot -p@ |
||
54 | * <pre>CREATE USER 'username'@'localhost' IDENTIFIED BY 'password'; |
||
55 | CREATE DATABASE IF NOT EXISTS owncloud; |
||
56 | GRANT ALL PRIVILEGES ON owncloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';</pre> |
||
57 | * keep track of username and password as the owncloud setup wizard will need that. |
||
58 | 7 | Jessie Lee | |
59 | h2. First Time Wizard |
||
60 | |||
61 | * go to https://domain.com/owncloud to start owncloud setup wizard. |
||
62 | * click on mysql/mariadb and input the mysql user and pw are correct. |
||
63 | * create super admin user and password |
||
64 | * If changes need to be made after first time setup either run again from Apps or edit /var/www/owncloud/config/config.php by hand |
||
65 | 1 | Jessie Lee | |
66 | h2. Enabling Samba external users |
||
67 | |||
68 | * Enable external_user and external_storage apps (lefthand tab menu--->apps---->not enabled. enable them) |
||
69 | * for a local samba installation add the following to config.php <pre> |
||
70 | "user_backends" => array ( |
||
71 | 0 => array ( |
||
72 | "class" => "OC_User_SMB", |
||
73 | "arguments" => array ( |
||
74 | 0 => 'localhost' |
||
75 | ), |
||
76 | ), |
||
77 | ),</pre> |
||
78 | * users logging in with samba user and password should autocreate a user in owncloud. Permissions are not carried over! |
||
79 | |||
80 | h2. Samba External Storage |
||
81 | |||
82 | * go to owncloud admin panel after enabling external_storage |
||
83 | * add share via interface. |
||
84 | |||
85 | h2. owncloud + nginx |
||
86 | |||
87 | * Install php5-fpm and nginx with @apt-get install php5-fpm nginx@ |
||
88 | * Uncomment "env[PATH] = /usr/local/bin:/usr/bin:/bin" in the file "/etc/php5/fpm/pool.d/www.conf" |
||
89 | * owncloud "provides":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html a fairly good base nginx site file to use for simple setups. copied below. |
||
90 | <pre>upstream php-handler { |
||
91 | #server 127.0.0.1:9000; |
||
92 | server unix:/var/run/php5-fpm.sock; |
||
93 | } |
||
94 | |||
95 | server { |
||
96 | listen 80; |
||
97 | server_name cloud.example.com; |
||
98 | # enforce https |
||
99 | return 301 https://$server_name$request_uri; |
||
100 | } |
||
101 | |||
102 | server { |
||
103 | listen 443 ssl; |
||
104 | server_name cloud.example.com; |
||
105 | |||
106 | ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; |
||
107 | ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key; |
||
108 | |||
109 | # Path to the root of your installation |
||
110 | root /var/www/owncloud/; |
||
111 | # set max upload size |
||
112 | client_max_body_size 10G; |
||
113 | fastcgi_buffers 64 4K; |
||
114 | |||
115 | # Disable gzip to avoid the removal of the ETag header |
||
116 | gzip off; |
||
117 | |||
118 | # Uncomment if your server is build with the ngx_pagespeed module |
||
119 | # This module is currently not supported. |
||
120 | #pagespeed off; |
||
121 | |||
122 | rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; |
||
123 | rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; |
||
124 | rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; |
||
125 | |||
126 | index index.php; |
||
127 | error_page 403 /core/templates/403.php; |
||
128 | error_page 404 /core/templates/404.php; |
||
129 | |||
130 | location = /robots.txt { |
||
131 | allow all; |
||
132 | log_not_found off; |
||
133 | access_log off; |
||
134 | } |
||
135 | |||
136 | location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ |
||
137 | deny all; |
||
138 | } |
||
139 | |||
140 | location / { |
||
141 | # The following 2 rules are only needed with webfinger |
||
142 | rewrite ^/.well-known/host-meta /public.php?service=host-meta last; |
||
143 | rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; |
||
144 | |||
145 | rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; |
||
146 | rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; |
||
147 | |||
148 | rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; |
||
149 | |||
150 | try_files $uri $uri/ /index.php; |
||
151 | } |
||
152 | |||
153 | location ~ \.php(?:$|/) { |
||
154 | fastcgi_split_path_info ^(.+\.php)(/.+)$; |
||
155 | include fastcgi_params; |
||
156 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
||
157 | fastcgi_param PATH_INFO $fastcgi_path_info; |
||
158 | fastcgi_param HTTPS on; |
||
159 | fastcgi_pass php-handler; |
||
160 | } |
||
161 | |||
162 | # Optional: set long EXPIRES header on static assets |
||
163 | location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { |
||
164 | expires 30d; |
||
165 | # Optional: Don't log access to assets |
||
166 | access_log off; |
||
167 | } |
||
168 | |||
169 | }</pre> |
||
170 | * In the main server block add @add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";@ to enable strict transport security |
||
171 | |||
172 | 2 | Jessie Lee | |
173 | 1 | Jessie Lee | h2. Performance tweaks |
174 | |||
175 | 4 | Jessie Lee | * enable system cron: by default owncloud runs scheduled jobs via ajax every page load which isn't great for actually getting things done at regular intervals. add: <pre># crontab -u www-data -e |
176 | */15 * * * * php -f /var/www/owncloud/cron.php > /dev/null 2>&1</pre> |
||
177 | 12 | Jessie Lee | * enable apc (or apcu for php 5.5 and above) -for wheezy @apt-get install php-apc@ and add @'memcache.local' => '\OC\Memcache\APC',@ to config.php- |
178 | 4 | Jessie Lee | * for php 5.5 and above @apt- get install php-apcu@ and add @'memcache.local' => '\OC\Memcache\APCu',@ |
179 | * you may have to add apc.enable_cli=1 to /etc/php5/cli/php.ini |
||
180 | 13 | Jessie Lee | * redis can be used for caching and file locking on higher load deployments but is usually unnecessary. |
181 | 14 | Jessie Lee | |
182 | 2 | Jessie Lee | h2. Security and Hardening |
183 | |||
184 | * enable mod_headers (a2enmod headers) and add @Header always add Strict-Transport-Security "max-age=15768000"@ to virtual host file. |
||
185 | * move data directory outside /var/www/owncloud folder |
||
186 | * turn on server side encryption of data. (Admin settings --> turn on) |
||
187 | * redirect all traffic to ssl: <pre><VirtualHost *:80> |
||
188 | ServerName cloud.owncloud.com |
||
189 | Redirect permanent / https://cloud.owncloud.com/ |
||
190 | </VirtualHost></pre> |
||
191 | 3 | Jessie Lee | * verify that strict transport security and other headers are being sent by the server using curl. @curl -I https://owncloud.site/owncloud/COPYING-AGPL@ or calling another static resource. |
192 | ** headers should include @X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Robots-Tag: none X-Frame-Options: SAMEORIGIN@ |
||
193 | |||
194 | 5 | Jessie Lee | h2. For Office File servers |
195 | |||
196 | Owncloud does not autoscan files that are not controlled by owncloud regularly. For office file servers this could mean files added via different methods may not show up in owncloud. |
||
197 | * add the following cronjob to crontab -u www-data <pre>30 6,15 * * * php /var/www/owncloud/occ file:scan --all >/dev/null 2>&1 |
||
198 | </pre> |
||
199 | 1 | Jessie Lee | |
200 | 6 | Jessie Lee | Owncloud may also need the web user (debian www-data) to be part of the staff group. @usermod -a -G www-data user@ |
201 | |||
202 | 15 | Jamila Khan | To add users /home folders: |
203 | |||
204 | * add the www-data user to the group for the user in question |
||
205 | * restart apache |
||
206 | * add the user's home folder as an external share |
||
207 | 1 | Jessie Lee | * *in that order* |
208 | 16 | Jessie Lee | |
209 | h2. Fixing Permissions |
||
210 | |||
211 | * If the permissions of the owncloud directory become an issue the below script should fix them. |
||
212 | * The one line that may need changing other than the $ocpath variable is the location of the data directory |
||
213 | <pre>#!/bin/bash |
||
214 | ocpath='/var/www/owncloud' |
||
215 | htuser='www-data' |
||
216 | htgroup='www-data' |
||
217 | rootuser='root' |
||
218 | |||
219 | printf "Creating possible missing Directories\n" |
||
220 | mkdir -p $ocpath/data |
||
221 | mkdir -p $ocpath/assets |
||
222 | mkdir -p $ocpath/updater |
||
223 | |||
224 | printf "chmod Files and Directories\n" |
||
225 | find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640 |
||
226 | find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750 |
||
227 | |||
228 | printf "chown Directories\n" |
||
229 | chown -R ${rootuser}:${htgroup} ${ocpath}/ |
||
230 | chown -R ${htuser}:${htgroup} ${ocpath}/apps/ |
||
231 | chown -R ${htuser}:${htgroup} ${ocpath}/assets/ |
||
232 | chown -R ${htuser}:${htgroup} ${ocpath}/config/ |
||
233 | chown -R ${htuser}:${htgroup} ${ocpath}/data/ #this may need changing. |
||
234 | chown -R ${htuser}:${htgroup} ${ocpath}/themes/ |
||
235 | chown -R ${htuser}:${htgroup} ${ocpath}/updater/ |
||
236 | |||
237 | chmod +x ${ocpath}/occ |
||
238 | |||
239 | printf "chmod/chown .htaccess\n" |
||
240 | if [ -f ${ocpath}/.htaccess ] |
||
241 | then |
||
242 | chmod 0644 ${ocpath}/.htaccess |
||
243 | chown ${rootuser}:${htgroup} ${ocpath}/.htaccess |
||
244 | fi |
||
245 | if [ -f ${ocpath}/data/.htaccess ] |
||
246 | then |
||
247 | chmod 0644 ${ocpath}/data/.htaccess |
||
248 | chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess |
||
249 | fi</pre> |
||
250 | 15 | Jamila Khan | |
251 | 1 | Jessie Lee | h2. resource links |
252 | |||
253 | * "owncloud config.php parameters":https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/config_sample_php_parameters.html |
||
254 | * "owncloud nginx configuration":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html |
||
255 | * "owncloud database configuration":https://doc.owncloud.org/server/7.0/admin_manual/configuration/database_configuration.html |
||
256 | * "owncloud external auth":https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ftp_smb_imap.html |
||
257 | * "owncloud external storage, direct config.php editing":https://doc.owncloud.org/server/7.0/admin_manual/configuration/external_storage_configuration.html |