Project

General

Profile

OwnCloud » History » Revision 3

Revision 2 (Jessie Lee, 08/28/2015 12:47 PM) → Revision 3/16 (Jessie Lee, 08/28/2015 01:03 PM)

{{lastupdated_at}} by {{lastupdated_by}} 

 {{>toc}} 

 h1. Owncloud 

 Owncloud has issues with .DS_Store files. At first I thought it was a Dropbox <-> Owncloud error, but then I turned off my Dropbox and was still getting the error.    We need to figure out a way to have Owncloud exclude syncing .DS_Store files, or else it will generate a bunch of them. I don't know why it is doing so, but I have figured out how to delete them all: 

 Run this in the top of the Owncloud directory. 
 <pre> 
 find ./ -type f -name ".DS_Stor*" -exec rm {} \; 
 </pre> 

 h1. Owncloud Installation 

 h2. Owncloud 8.1 on Debian 7 with Apache 

 * Wheezy does not have Owncloud 7 or 8 in repository (Jessie has 7.0 but I highly recommend using 8 for webUI improvements and speed) 
 * Add the "OpenSuse owncloud repository":https://software.opensuse.org/download.html?project=isv:ownCloud:community&package=owncloud (this is maintained by owncloud devs)  
 * After adding @sudo apt-get update && sudo apt-get install owncloud@ 
 * This should install owncloud to /var/www/owncloud, php, and mySQL 
 * This will also create a conf file in /etc/apache2/conf.d/owncloud.conf which adds configuration redirects domain.com/owncloud to the owncloud directory.  
 * contents of the conf file. <pre>Alias /owncloud "/var/www/owncloud/" 
 <Directory "/var/www/owncloud"> 
     Options +FollowSymLinks 
     AllowOverride All 
     Satisfy Any 
     <IfModule mod_dav.c> 
       Dav off 
     </IfModule> 

     SetEnv HOME /var/www/owncloud 
     SetEnv HTTP_HOME /var/www/owncloud 
 </Directory> 

 <Directory "/var/www/owncloud/data/"> 
   # just in case if .htaccess gets disabled 
   Require all denied 
 </Directory> 
 </pre> 
 * Set up Apache for owncloud access: For simple setups, edit the default-ssl config to point to ssl certs and enable with a2enmod default-ssl. 
 * restart apache  
 * go to https://domain.com/owncloud to start owncloud setup wizard.  
 * If changes need to be made after first time setup either run again from Apps or edit /var/www/owncloud/config/config.php by hand  

 h2. Database setup (mySQL) 

 * make sure package php5-mysql is installed on system 
 * start mysql command line mode @mysql -uroot -p@ 
 * <pre>CREATE USER 'username'@'localhost' IDENTIFIED BY 'password'; 
 CREATE DATABASE IF NOT EXISTS owncloud; 
 GRANT ALL PRIVILEGES ON owncloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';</pre> 
 * keep track of username and password as the owncloud setup wizard will need that.  

 h2. Enabling Samba external users 

 * Enable external_user and external_storage apps (lefthand tab menu--->apps---->not enabled. enable them) 
 * for a local samba installation add the following to config.php <pre> 
 "user_backends" => array ( 
     0 => array ( 
             "class"       => "OC_User_SMB", 
             "arguments" => array ( 
                               0 => 'localhost' 
                               ), 
     ), 
 ),</pre> 
 * users logging in with samba user and password should autocreate a user in owncloud. Permissions are not carried over! 

 h2.    Samba External Storage 

 * go to owncloud admin panel after enabling external_storage 
 * add share via interface.  

 h2. owncloud + nginx 

 * Install php5-fpm and nginx with @apt-get install php5-fpm nginx@ 
 * Uncomment "env[PATH] = /usr/local/bin:/usr/bin:/bin" in the file "/etc/php5/fpm/pool.d/www.conf" 
 * owncloud "provides":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html a fairly good base nginx site file to use for simple setups. copied below. 
 <pre>upstream php-handler { 
   #server 127.0.0.1:9000; 
   server unix:/var/run/php5-fpm.sock; 
   } 

 server { 
   listen 80; 
   server_name cloud.example.com; 
   # enforce https 
   return 301 https://$server_name$request_uri; 
   } 

 server { 
   listen 443 ssl; 
   server_name cloud.example.com; 

   ssl_certificate /etc/ssl/nginx/cloud.example.com.crt; 
   ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key; 

   # Path to the root of your installation 
   root /var/www/owncloud/; 
   # set max upload size 
   client_max_body_size 10G; 
   fastcgi_buffers 64 4K; 

   # Disable gzip to avoid the removal of the ETag header 
   gzip off; 

   # Uncomment if your server is build with the ngx_pagespeed module 
   # This module is currently not supported. 
   #pagespeed off; 

   rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect; 
   rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect; 
   rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect; 

   index index.php; 
   error_page 403 /core/templates/403.php; 
   error_page 404 /core/templates/404.php; 

   location = /robots.txt { 
     allow all; 
     log_not_found off; 
     access_log off; 
     } 

   location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){ 
     deny all; 
     } 

   location / { 
    # The following 2 rules are only needed with webfinger 
    rewrite ^/.well-known/host-meta /public.php?service=host-meta last; 
    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; 

    rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; 
    rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; 

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html; 

    try_files $uri $uri/ /index.php; 
    } 

    location ~ \.php(?:$|/) { 
    fastcgi_split_path_info ^(.+\.php)(/.+)$; 
    include fastcgi_params; 
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
    fastcgi_param PATH_INFO $fastcgi_path_info; 
    fastcgi_param HTTPS on; 
    fastcgi_pass php-handler; 
    } 

    # Optional: set long EXPIRES header on static assets 
    location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ { 
        expires 30d; 
        # Optional: Don't log access to assets 
          access_log off; 
    } 

   }</pre> 
 * In the main server block add @add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";@ to enable strict transport security 


 h2. Performance tweaks 

 *coming soon: enabling apc (or apcu in php5.5 or later), php.ini edits, server edits.  

 h2. Security and Hardening 

 * enable mod_headers (a2enmod headers) and add @Header always add Strict-Transport-Security "max-age=15768000"@ to virtual host file. 
 * move data directory outside /var/www/owncloud folder 
 * turn on server side encryption of data. (Admin settings --> turn on)  
 * redirect all traffic to ssl: <pre><VirtualHost *:80> 
    ServerName cloud.owncloud.com 
    Redirect permanent / https://cloud.owncloud.com/ 
 </VirtualHost></pre> 
 * verify that strict transport security and other headers are being sent by the server using curl. @curl -I https://owncloud.site/owncloud/COPYING-AGPL@ or calling another static resource.  
 ** headers should include @X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Robots-Tag: none X-Frame-Options: SAMEORIGIN@ 


  

 h2. resource links 

 * "owncloud config.php parameters":https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/config_sample_php_parameters.html 
 * "owncloud nginx configuration":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html 
 * "owncloud database configuration":https://doc.owncloud.org/server/7.0/admin_manual/configuration/database_configuration.html 
 * "owncloud external auth":https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ftp_smb_imap.html 
 * "owncloud external storage, direct config.php editing":https://doc.owncloud.org/server/7.0/admin_manual/configuration/external_storage_configuration.html
Go to top