OwnCloud » History » Revision 3
« Previous |
Revision 3/16
(diff)
| Next »
Jessie Lee, 08/28/2015 01:03 PM
Updated about 9 years ago by Jessie Lee
- Table of contents
- Owncloud
- Owncloud Installation
Owncloud¶
Owncloud has issues with .DS_Store files. At first I thought it was a Dropbox <-> Owncloud error, but then I turned off my Dropbox and was still getting the error. We need to figure out a way to have Owncloud exclude syncing .DS_Store files, or else it will generate a bunch of them. I don't know why it is doing so, but I have figured out how to delete them all:
Run this in the top of the Owncloud directory.
find ./ -type f -name ".DS_Stor*" -exec rm {} \;
Owncloud Installation¶
Owncloud 8.1 on Debian 7 with Apache¶
- Wheezy does not have Owncloud 7 or 8 in repository (Jessie has 7.0 but I highly recommend using 8 for webUI improvements and speed)
- Add the OpenSuse owncloud repository (this is maintained by owncloud devs)
- After adding
sudo apt-get update && sudo apt-get install owncloud
- This should install owncloud to /var/www/owncloud, php, and mySQL
- This will also create a conf file in /etc/apache2/conf.d/owncloud.conf which adds configuration redirects domain.com/owncloud to the owncloud directory.
- contents of the conf file.
Alias /owncloud "/var/www/owncloud/" <Directory "/var/www/owncloud"> Options +FollowSymLinks AllowOverride All Satisfy Any <IfModule mod_dav.c> Dav off </IfModule> SetEnv HOME /var/www/owncloud SetEnv HTTP_HOME /var/www/owncloud </Directory> <Directory "/var/www/owncloud/data/"> # just in case if .htaccess gets disabled Require all denied </Directory>
- Set up Apache for owncloud access: For simple setups, edit the default-ssl config to point to ssl certs and enable with a2enmod default-ssl.
- restart apache
- go to https://domain.com/owncloud to start owncloud setup wizard.
- If changes need to be made after first time setup either run again from Apps or edit /var/www/owncloud/config/config.php by hand
Database setup (mySQL)¶
- make sure package php5-mysql is installed on system
- start mysql command line mode
mysql -uroot -p
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password'; CREATE DATABASE IF NOT EXISTS owncloud; GRANT ALL PRIVILEGES ON owncloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';
- keep track of username and password as the owncloud setup wizard will need that.
Enabling Samba external users¶
- Enable external_user and external_storage apps (lefthand tab menu--->apps---->not enabled. enable them)
- for a local samba installation add the following to config.php
"user_backends" => array ( 0 => array ( "class" => "OC_User_SMB", "arguments" => array ( 0 => 'localhost' ), ), ),
- users logging in with samba user and password should autocreate a user in owncloud. Permissions are not carried over!
Samba External Storage¶
- go to owncloud admin panel after enabling external_storage
- add share via interface.
owncloud + nginx¶
- Install php5-fpm and nginx with
apt-get install php5-fpm nginx
- Uncomment "env[PATH] = /usr/local/bin:/usr/bin:/bin" in the file "/etc/php5/fpm/pool.d/www.conf"
- owncloud provides a fairly good base nginx site file to use for simple setups. copied below.
upstream php-handler { #server 127.0.0.1:9000; server unix:/var/run/php5-fpm.sock; } server { listen 80; server_name cloud.example.com; # enforce https return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name cloud.example.com; ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key; # Path to the root of your installation root /var/www/owncloud/; # set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; index index.php; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ deny all; } location / { # The following 2 rules are only needed with webfinger rewrite ^/.well-known/host-meta /public.php?service=host-meta last; rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; try_files $uri $uri/ /index.php; } location ~ \.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_pass php-handler; } # Optional: set long EXPIRES header on static assets location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { expires 30d; # Optional: Don't log access to assets access_log off; } }
- In the main server block add
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
to enable strict transport security
Performance tweaks¶
*coming soon: enabling apc (or apcu in php5.5 or later), php.ini edits, server edits.
Security and Hardening¶
- enable mod_headers (a2enmod headers) and add
Header always add Strict-Transport-Security "max-age=15768000"
to virtual host file. - move data directory outside /var/www/owncloud folder
- turn on server side encryption of data. (Admin settings --> turn on)
- redirect all traffic to ssl:
<VirtualHost *:80> ServerName cloud.owncloud.com Redirect permanent / https://cloud.owncloud.com/ </VirtualHost>
- verify that strict transport security and other headers are being sent by the server using curl.
curl -I https://owncloud.site/owncloud/COPYING-AGPL
or calling another static resource.- headers should include
X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Robots-Tag: none X-Frame-Options: SAMEORIGIN
- headers should include
resource links¶
Updated by Jessie Lee about 9 years ago · 3 revisions
Also available in: PDF HTML TXT
Go to top