PT Commons

{{lastupdated_at}} by {{lastupdated_by}}

{{>toc}}

h1. Owncloud

Owncloud has issues with .DS_Store files. At first I thought it was a Dropbox <-> Owncloud error, but then I turned off my Dropbox and was still getting the error.  We need to figure out a way to have Owncloud exclude syncing .DS_Store files, or else it will generate a bunch of them. I don't know why it is doing so, but I have figured out how to delete them all:

Run this in the top of the Owncloud directory.

<pre>

find ./ -type f -name ".DS_Stor*" -exec rm {} \;

</pre>

h1. Owncloud Installation

h2. Owncloud 8.1 on Debian 7 with Apache

* Wheezy does not have Owncloud 7 or 8 in repository (Jessie has 7.0 but I highly recommend using 8 for webUI improvements and speed)

* Add the "OpenSuse owncloud repository":https://software.opensuse.org/download.html?project=isv:ownCloud:community&package=owncloud (this is maintained by owncloud devs) 

* After adding @sudo apt-get update && sudo apt-get install owncloud@

* This should install owncloud to /var/www/owncloud, php, and mySQL

* This will also create a conf file in /etc/apache2/conf.d/owncloud.conf which adds configuration redirects domain.com/owncloud to the owncloud directory. 

* contents of the conf file. <pre>Alias /owncloud "/var/www/owncloud/"

<Directory "/var/www/owncloud">

    Options +FollowSymLinks

    AllowOverride All

    Satisfy Any

    <IfModule mod_dav.c>

      Dav off

    </IfModule>

    SetEnv HOME /var/www/owncloud

    SetEnv HTTP_HOME /var/www/owncloud

</Directory>

<Directory "/var/www/owncloud/data/">

  # just in case if .htaccess gets disabled

  Require all denied

</Directory>

</pre>

* Set up Apache for owncloud access: For simple setups, edit the default-ssl config to point to ssl certs and enable with a2enmod default-ssl.

* restart apache 

* go to https://domain.com/owncloud to start owncloud setup wizard. 

* If changes need to be made after first time setup either run again from Apps or edit /var/www/owncloud/config/config.php by hand 

h2. Database setup (mySQL)

* make sure package php5-mysql is installed on system

* start mysql command line mode @mysql -uroot -p@

* <pre>CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';

CREATE DATABASE IF NOT EXISTS owncloud;

GRANT ALL PRIVILEGES ON owncloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';</pre>

* keep track of username and password as the owncloud setup wizard will need that. 

h2. Enabling Samba external users

* Enable external_user and external_storage apps (lefthand tab menu--->apps---->not enabled. enable them)

* for a local samba installation add the following to config.php <pre>

"user_backends" => array (

    0 => array (

            "class"     => "OC_User_SMB",

            "arguments" => array (

                              0 => 'localhost'

                              ),

    ),

),</pre>

* users logging in with samba user and password should autocreate a user in owncloud. Permissions are not carried over!

h2.  Samba External Storage

* go to owncloud admin panel after enabling external_storage

* add share via interface. 

h2. owncloud + nginx

* Install php5-fpm and nginx with @apt-get install php5-fpm nginx@

* Uncomment "env[PATH] = /usr/local/bin:/usr/bin:/bin" in the file "/etc/php5/fpm/pool.d/www.conf"

* owncloud "provides":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html a fairly good base nginx site file to use for simple setups. copied below.

<pre>upstream php-handler {

  #server 127.0.0.1:9000;

  server unix:/var/run/php5-fpm.sock;

  }

server {

  listen 80;

  server_name cloud.example.com;

  # enforce https

  return 301 https://$server_name$request_uri;

  }

server {

  listen 443 ssl;

  server_name cloud.example.com;

  ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;

  ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;

  # Path to the root of your installation

  root /var/www/owncloud/;

  # set max upload size

  client_max_body_size 10G;

  fastcgi_buffers 64 4K;

  # Disable gzip to avoid the removal of the ETag header

  gzip off;

  # Uncomment if your server is build with the ngx_pagespeed module

  # This module is currently not supported.

  #pagespeed off;

  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;

  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;

  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

  index index.php;

  error_page 403 /core/templates/403.php;

  error_page 404 /core/templates/404.php;

  location = /robots.txt {

    allow all;

    log_not_found off;

    access_log off;

    }

  location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){

    deny all;

    }

  location / {

   # The following 2 rules are only needed with webfinger

   rewrite ^/.well-known/host-meta /public.php?service=host-meta last;

   rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

   rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;

   rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

   rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

   try_files $uri $uri/ /index.php;

   }

   location ~ \.php(?:$|/) {

   fastcgi_split_path_info ^(.+\.php)(/.+)$;

   include fastcgi_params;

   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

   fastcgi_param PATH_INFO $fastcgi_path_info;

   fastcgi_param HTTPS on;

   fastcgi_pass php-handler;

   }

   # Optional: set long EXPIRES header on static assets

   location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {

       expires 30d;

       # Optional: Don't log access to assets

         access_log off;

   }

  }</pre>

* In the main server block add @add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";@ to enable strict transport security

h2. Performance tweaks

*coming soon: enabling apc (or apcu in php5.5 or later), php.ini edits, server edits. 

h2. Security and Hardening

* enable mod_headers (a2enmod headers) and add @Header always add Strict-Transport-Security "max-age=15768000"@ to virtual host file.

* move data directory outside /var/www/owncloud folder

* turn on server side encryption of data. (Admin settings --> turn on) 

* redirect all traffic to ssl: <pre><VirtualHost *:80>

   ServerName cloud.owncloud.com

   Redirect permanent / https://cloud.owncloud.com/

</VirtualHost></pre>

* 

h2. resource links

* "owncloud config.php parameters":https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/config_sample_php_parameters.html

* "owncloud nginx configuration":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html

* "owncloud database configuration":https://doc.owncloud.org/server/7.0/admin_manual/configuration/database_configuration.html

* "owncloud external auth":https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ftp_smb_imap.html

* "owncloud external storage, direct config.php editing":https://doc.owncloud.org/server/7.0/admin_manual/configuration/external_storage_configuration.html