Project

General

Profile

OwnCloud » History » Version 16

Jessie Lee, 04/27/2016 09:26 AM

1 1 Jessie Lee
{{lastupdated_at}} by {{lastupdated_by}}
2
3
{{>toc}}
4
5
h1. Owncloud
6
7
Owncloud has issues with .DS_Store files. At first I thought it was a Dropbox <-> Owncloud error, but then I turned off my Dropbox and was still getting the error.  We need to figure out a way to have Owncloud exclude syncing .DS_Store files, or else it will generate a bunch of them. I don't know why it is doing so, but I have figured out how to delete them all:
8
9
Run this in the top of the Owncloud directory.
10
<pre>
11
find ./ -type f -name ".DS_Stor*" -exec rm {} \;
12
</pre>
13
14
h1. Owncloud Installation
15
16 16 Jessie Lee
h2. Owncloud 9.0 on Debian 8 with Apache
17 1 Jessie Lee
18 10 Jessie Lee
* -Wheezy does not have Owncloud 7 or 8 in repository (Jessie has 7.0 but I highly recommend using 8 for webUI improvements and speed- 
19 11 Jessie Lee
* -Add the "Owncloud repository":https://download.owncloud.org/download/repositories/stable/owncloud/ (this is maintained by owncloud devs)- (this is now added by puppet to fileservers and can be added to any other server needed)
20 1 Jessie Lee
* After adding @sudo apt-get update && sudo apt-get install owncloud@
21
* This should install owncloud to /var/www/owncloud, php, and mySQL
22 9 Jessie Lee
* This will also create a conf file in /etc/apache2/conf-available/owncloud.conf which adds configuration redirects domain.com/owncloud to the owncloud directory. 
23 1 Jessie Lee
* contents of the conf file. <pre>Alias /owncloud "/var/www/owncloud/"
24
<Directory "/var/www/owncloud">
25
    Options +FollowSymLinks
26
    AllowOverride All
27
    Satisfy Any
28
    <IfModule mod_dav.c>
29
      Dav off
30
    </IfModule>
31
32
    SetEnv HOME /var/www/owncloud
33
    SetEnv HTTP_HOME /var/www/owncloud
34
</Directory>
35
36
<Directory "/var/www/owncloud/data/">
37
  # just in case if .htaccess gets disabled
38
  Require all denied
39
</Directory>
40
</pre>
41 8 Jessie Lee
42
h2. Apache setup
43
44
* owncloud.conf is located in /etc/apache2/conf-available/owncloud.conf
45
* it can be disabled and enabled by a2disconf and a2enconf respectively
46
* by default it aliases {anyurl}/owncloud to the owncloud directory (default /var/www/owncloud)
47
* a virtualhost must be enabled for this to work. (ex. a2ensite default-ssl)
48
49 1 Jessie Lee
50
h2. Database setup (mySQL)
51
52
* make sure package php5-mysql is installed on system
53
* start mysql command line mode @mysql -uroot -p@
54
* <pre>CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
55
CREATE DATABASE IF NOT EXISTS owncloud;
56
GRANT ALL PRIVILEGES ON owncloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';</pre>
57
* keep track of username and password as the owncloud setup wizard will need that. 
58 7 Jessie Lee
59
h2. First Time Wizard
60
61
* go to https://domain.com/owncloud to start owncloud setup wizard. 
62
* click on mysql/mariadb and input the mysql user and pw are correct. 
63
* create super admin user and password
64
* If changes need to be made after first time setup either run again from Apps or edit /var/www/owncloud/config/config.php by hand 
65 1 Jessie Lee
66
h2. Enabling Samba external users
67
68
* Enable external_user and external_storage apps (lefthand tab menu--->apps---->not enabled. enable them)
69
* for a local samba installation add the following to config.php <pre>
70
"user_backends" => array (
71
    0 => array (
72
            "class"     => "OC_User_SMB",
73
            "arguments" => array (
74
                              0 => 'localhost'
75
                              ),
76
    ),
77
),</pre>
78
* users logging in with samba user and password should autocreate a user in owncloud. Permissions are not carried over!
79
80
h2.  Samba External Storage
81
82
* go to owncloud admin panel after enabling external_storage
83
* add share via interface. 
84
85
h2. owncloud + nginx
86
87
* Install php5-fpm and nginx with @apt-get install php5-fpm nginx@
88
* Uncomment "env[PATH] = /usr/local/bin:/usr/bin:/bin" in the file "/etc/php5/fpm/pool.d/www.conf"
89
* owncloud "provides":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html a fairly good base nginx site file to use for simple setups. copied below.
90
<pre>upstream php-handler {
91
  #server 127.0.0.1:9000;
92
  server unix:/var/run/php5-fpm.sock;
93
  }
94
95
server {
96
  listen 80;
97
  server_name cloud.example.com;
98
  # enforce https
99
  return 301 https://$server_name$request_uri;
100
  }
101
102
server {
103
  listen 443 ssl;
104
  server_name cloud.example.com;
105
106
  ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
107
  ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
108
109
  # Path to the root of your installation
110
  root /var/www/owncloud/;
111
  # set max upload size
112
  client_max_body_size 10G;
113
  fastcgi_buffers 64 4K;
114
115
  # Disable gzip to avoid the removal of the ETag header
116
  gzip off;
117
118
  # Uncomment if your server is build with the ngx_pagespeed module
119
  # This module is currently not supported.
120
  #pagespeed off;
121
122
  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
123
  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
124
  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
125
126
  index index.php;
127
  error_page 403 /core/templates/403.php;
128
  error_page 404 /core/templates/404.php;
129
130
  location = /robots.txt {
131
    allow all;
132
    log_not_found off;
133
    access_log off;
134
    }
135
136
  location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
137
    deny all;
138
    }
139
140
  location / {
141
   # The following 2 rules are only needed with webfinger
142
   rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
143
   rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
144
145
   rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
146
   rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
147
148
   rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
149
150
   try_files $uri $uri/ /index.php;
151
   }
152
153
   location ~ \.php(?:$|/) {
154
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
155
   include fastcgi_params;
156
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
157
   fastcgi_param PATH_INFO $fastcgi_path_info;
158
   fastcgi_param HTTPS on;
159
   fastcgi_pass php-handler;
160
   }
161
162
   # Optional: set long EXPIRES header on static assets
163
   location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
164
       expires 30d;
165
       # Optional: Don't log access to assets
166
         access_log off;
167
   }
168
169
  }</pre>
170
* In the main server block add @add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";@ to enable strict transport security
171
172 2 Jessie Lee
173 1 Jessie Lee
h2. Performance tweaks
174
175 4 Jessie Lee
* enable system cron: by default owncloud runs scheduled jobs via ajax every page load which isn't great for actually getting things done at regular intervals. add: <pre># crontab -u www-data -e
176
*/15  *  *  *  * php -f /var/www/owncloud/cron.php > /dev/null 2>&1</pre> 
177 12 Jessie Lee
* enable apc (or apcu for php 5.5 and above) -for wheezy @apt-get install php-apc@ and add @'memcache.local' => '\OC\Memcache\APC',@ to config.php-
178 4 Jessie Lee
* for php 5.5 and above @apt- get install php-apcu@ and add @'memcache.local' => '\OC\Memcache\APCu',@
179
* you may have to add apc.enable_cli=1 to /etc/php5/cli/php.ini 
180 13 Jessie Lee
* redis can be used for caching and file locking on higher load deployments but is usually unnecessary. 
181 14 Jessie Lee
182 2 Jessie Lee
h2. Security and Hardening
183
184
* enable mod_headers (a2enmod headers) and add @Header always add Strict-Transport-Security "max-age=15768000"@ to virtual host file.
185
* move data directory outside /var/www/owncloud folder
186
* turn on server side encryption of data. (Admin settings --> turn on) 
187
* redirect all traffic to ssl: <pre><VirtualHost *:80>
188
   ServerName cloud.owncloud.com
189
   Redirect permanent / https://cloud.owncloud.com/
190
</VirtualHost></pre>
191 3 Jessie Lee
* verify that strict transport security and other headers are being sent by the server using curl. @curl -I https://owncloud.site/owncloud/COPYING-AGPL@ or calling another static resource. 
192
** headers should include @X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Robots-Tag: none X-Frame-Options: SAMEORIGIN@
193
194 5 Jessie Lee
h2. For Office File servers
195
196
Owncloud does not autoscan files that are not controlled by owncloud regularly. For office file servers this could mean files added via different methods may not show up in owncloud. 
197
* add the following cronjob to crontab -u www-data <pre>30      6,15     *       *       *  php /var/www/owncloud/occ file:scan --all >/dev/null 2>&1
198
</pre>
199 1 Jessie Lee
200 6 Jessie Lee
Owncloud may also need the web user (debian www-data) to be part of the staff group. @usermod -a -G www-data user@ 
201
202 15 Jamila Khan
To add users /home folders:
203
204
* add the www-data user to the group for the user in question
205
* restart apache
206
* add the user's home folder as an external share
207 1 Jessie Lee
* *in that order*
208 16 Jessie Lee
209
h2. Fixing Permissions
210
211
* If the permissions of the owncloud directory become an issue the below script should fix them. 
212
* The one line that may need changing other than the $ocpath variable is the location of the data directory 
213
<pre>#!/bin/bash
214
ocpath='/var/www/owncloud'
215
htuser='www-data'
216
htgroup='www-data'
217
rootuser='root'
218
219
printf "Creating possible missing Directories\n"
220
mkdir -p $ocpath/data
221
mkdir -p $ocpath/assets
222
mkdir -p $ocpath/updater
223
224
printf "chmod Files and Directories\n"
225
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
226
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
227
228
printf "chown Directories\n"
229
chown -R ${rootuser}:${htgroup} ${ocpath}/
230
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
231
chown -R ${htuser}:${htgroup} ${ocpath}/assets/
232
chown -R ${htuser}:${htgroup} ${ocpath}/config/
233
chown -R ${htuser}:${htgroup} ${ocpath}/data/  #this may need changing. 
234
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
235
chown -R ${htuser}:${htgroup} ${ocpath}/updater/
236
237
chmod +x ${ocpath}/occ
238
239
printf "chmod/chown .htaccess\n"
240
if [ -f ${ocpath}/.htaccess ]
241
 then
242
  chmod 0644 ${ocpath}/.htaccess
243
  chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
244
fi
245
if [ -f ${ocpath}/data/.htaccess ]
246
 then
247
  chmod 0644 ${ocpath}/data/.htaccess
248
  chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
249
fi</pre>
250 15 Jamila Khan
251 1 Jessie Lee
h2. resource links
252
253
* "owncloud config.php parameters":https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/config_sample_php_parameters.html
254
* "owncloud nginx configuration":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html
255
* "owncloud database configuration":https://doc.owncloud.org/server/7.0/admin_manual/configuration/database_configuration.html
256
* "owncloud external auth":https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ftp_smb_imap.html
257
* "owncloud external storage, direct config.php editing":https://doc.owncloud.org/server/7.0/admin_manual/configuration/external_storage_configuration.html
Go to top