Project

General

Profile

OwnCloud » History » Version 4

Jessie Lee, 10/04/2015 09:49 AM

1 1 Jessie Lee
{{lastupdated_at}} by {{lastupdated_by}}
2
3
{{>toc}}
4
5
h1. Owncloud
6
7
Owncloud has issues with .DS_Store files. At first I thought it was a Dropbox <-> Owncloud error, but then I turned off my Dropbox and was still getting the error.  We need to figure out a way to have Owncloud exclude syncing .DS_Store files, or else it will generate a bunch of them. I don't know why it is doing so, but I have figured out how to delete them all:
8
9
Run this in the top of the Owncloud directory.
10
<pre>
11
find ./ -type f -name ".DS_Stor*" -exec rm {} \;
12
</pre>
13
14
h1. Owncloud Installation
15
16
h2. Owncloud 8.1 on Debian 7 with Apache
17
18
* Wheezy does not have Owncloud 7 or 8 in repository (Jessie has 7.0 but I highly recommend using 8 for webUI improvements and speed)
19
* Add the "OpenSuse owncloud repository":https://software.opensuse.org/download.html?project=isv:ownCloud:community&package=owncloud (this is maintained by owncloud devs) 
20
* After adding @sudo apt-get update && sudo apt-get install owncloud@
21
* This should install owncloud to /var/www/owncloud, php, and mySQL
22
* This will also create a conf file in /etc/apache2/conf.d/owncloud.conf which adds configuration redirects domain.com/owncloud to the owncloud directory. 
23
* contents of the conf file. <pre>Alias /owncloud "/var/www/owncloud/"
24
<Directory "/var/www/owncloud">
25
    Options +FollowSymLinks
26
    AllowOverride All
27
    Satisfy Any
28
    <IfModule mod_dav.c>
29
      Dav off
30
    </IfModule>
31
32
    SetEnv HOME /var/www/owncloud
33
    SetEnv HTTP_HOME /var/www/owncloud
34
</Directory>
35
36
<Directory "/var/www/owncloud/data/">
37
  # just in case if .htaccess gets disabled
38
  Require all denied
39
</Directory>
40
</pre>
41
* Set up Apache for owncloud access: For simple setups, edit the default-ssl config to point to ssl certs and enable with a2enmod default-ssl.
42
* restart apache 
43
* go to https://domain.com/owncloud to start owncloud setup wizard. 
44
* If changes need to be made after first time setup either run again from Apps or edit /var/www/owncloud/config/config.php by hand 
45
46
h2. Database setup (mySQL)
47
48
* make sure package php5-mysql is installed on system
49
* start mysql command line mode @mysql -uroot -p@
50
* <pre>CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
51
CREATE DATABASE IF NOT EXISTS owncloud;
52
GRANT ALL PRIVILEGES ON owncloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';</pre>
53
* keep track of username and password as the owncloud setup wizard will need that. 
54
55
h2. Enabling Samba external users
56
57
* Enable external_user and external_storage apps (lefthand tab menu--->apps---->not enabled. enable them)
58
* for a local samba installation add the following to config.php <pre>
59
"user_backends" => array (
60
    0 => array (
61
            "class"     => "OC_User_SMB",
62
            "arguments" => array (
63
                              0 => 'localhost'
64
                              ),
65
    ),
66
),</pre>
67
* users logging in with samba user and password should autocreate a user in owncloud. Permissions are not carried over!
68
69
h2.  Samba External Storage
70
71
* go to owncloud admin panel after enabling external_storage
72
* add share via interface. 
73
74
h2. owncloud + nginx
75
76
* Install php5-fpm and nginx with @apt-get install php5-fpm nginx@
77
* Uncomment "env[PATH] = /usr/local/bin:/usr/bin:/bin" in the file "/etc/php5/fpm/pool.d/www.conf"
78
* owncloud "provides":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html a fairly good base nginx site file to use for simple setups. copied below.
79
<pre>upstream php-handler {
80
  #server 127.0.0.1:9000;
81
  server unix:/var/run/php5-fpm.sock;
82
  }
83
84
server {
85
  listen 80;
86
  server_name cloud.example.com;
87
  # enforce https
88
  return 301 https://$server_name$request_uri;
89
  }
90
91
server {
92
  listen 443 ssl;
93
  server_name cloud.example.com;
94
95
  ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
96
  ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
97
98
  # Path to the root of your installation
99
  root /var/www/owncloud/;
100
  # set max upload size
101
  client_max_body_size 10G;
102
  fastcgi_buffers 64 4K;
103
104
  # Disable gzip to avoid the removal of the ETag header
105
  gzip off;
106
107
  # Uncomment if your server is build with the ngx_pagespeed module
108
  # This module is currently not supported.
109
  #pagespeed off;
110
111
  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
112
  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
113
  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
114
115
  index index.php;
116
  error_page 403 /core/templates/403.php;
117
  error_page 404 /core/templates/404.php;
118
119
  location = /robots.txt {
120
    allow all;
121
    log_not_found off;
122
    access_log off;
123
    }
124
125
  location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
126
    deny all;
127
    }
128
129
  location / {
130
   # The following 2 rules are only needed with webfinger
131
   rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
132
   rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
133
134
   rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
135
   rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
136
137
   rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
138
139
   try_files $uri $uri/ /index.php;
140
   }
141
142
   location ~ \.php(?:$|/) {
143
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
144
   include fastcgi_params;
145
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
146
   fastcgi_param PATH_INFO $fastcgi_path_info;
147
   fastcgi_param HTTPS on;
148
   fastcgi_pass php-handler;
149
   }
150
151
   # Optional: set long EXPIRES header on static assets
152
   location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
153
       expires 30d;
154
       # Optional: Don't log access to assets
155
         access_log off;
156
   }
157
158
  }</pre>
159
* In the main server block add @add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";@ to enable strict transport security
160
161 2 Jessie Lee
162 1 Jessie Lee
h2. Performance tweaks
163
164 4 Jessie Lee
* enable system cron: by default owncloud runs scheduled jobs via ajax every page load which isn't great for actually getting things done at regular intervals. add: <pre># crontab -u www-data -e
165
*/15  *  *  *  * php -f /var/www/owncloud/cron.php > /dev/null 2>&1</pre> 
166
* enable apc (or apcu for php 5.5 and above) for wheezy @apt-get install php-apc@ and add @'memcache.local' => '\OC\Memcache\APC',@ to config.php
167
* for php 5.5 and above @apt- get install php-apcu@ and add @'memcache.local' => '\OC\Memcache\APCu',@
168
* you may have to add apc.enable_cli=1 to /etc/php5/cli/php.ini 
169 1 Jessie Lee
170 2 Jessie Lee
h2. Security and Hardening
171
172
* enable mod_headers (a2enmod headers) and add @Header always add Strict-Transport-Security "max-age=15768000"@ to virtual host file.
173
* move data directory outside /var/www/owncloud folder
174
* turn on server side encryption of data. (Admin settings --> turn on) 
175
* redirect all traffic to ssl: <pre><VirtualHost *:80>
176
   ServerName cloud.owncloud.com
177
   Redirect permanent / https://cloud.owncloud.com/
178
</VirtualHost></pre>
179 3 Jessie Lee
* verify that strict transport security and other headers are being sent by the server using curl. @curl -I https://owncloud.site/owncloud/COPYING-AGPL@ or calling another static resource. 
180
** headers should include @X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Robots-Tag: none X-Frame-Options: SAMEORIGIN@
181
182 1 Jessie Lee
183
h2. resource links
184
185
* "owncloud config.php parameters":https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/config_sample_php_parameters.html
186
* "owncloud nginx configuration":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html
187
* "owncloud database configuration":https://doc.owncloud.org/server/7.0/admin_manual/configuration/database_configuration.html
188
* "owncloud external auth":https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ftp_smb_imap.html
189
* "owncloud external storage, direct config.php editing":https://doc.owncloud.org/server/7.0/admin_manual/configuration/external_storage_configuration.html
Go to top