Project

General

Profile

OwnCloud » History » Version 7

Jessie Lee, 04/14/2016 11:35 AM

1 1 Jessie Lee
{{lastupdated_at}} by {{lastupdated_by}}
2
3
{{>toc}}
4
5
h1. Owncloud
6
7
Owncloud has issues with .DS_Store files. At first I thought it was a Dropbox <-> Owncloud error, but then I turned off my Dropbox and was still getting the error.  We need to figure out a way to have Owncloud exclude syncing .DS_Store files, or else it will generate a bunch of them. I don't know why it is doing so, but I have figured out how to delete them all:
8
9
Run this in the top of the Owncloud directory.
10
<pre>
11
find ./ -type f -name ".DS_Stor*" -exec rm {} \;
12
</pre>
13
14
h1. Owncloud Installation
15
16
h2. Owncloud 8.1 on Debian 7 with Apache
17
18
* Wheezy does not have Owncloud 7 or 8 in repository (Jessie has 7.0 but I highly recommend using 8 for webUI improvements and speed)
19
* Add the "OpenSuse owncloud repository":https://software.opensuse.org/download.html?project=isv:ownCloud:community&package=owncloud (this is maintained by owncloud devs) 
20
* After adding @sudo apt-get update && sudo apt-get install owncloud@
21
* This should install owncloud to /var/www/owncloud, php, and mySQL
22
* This will also create a conf file in /etc/apache2/conf.d/owncloud.conf which adds configuration redirects domain.com/owncloud to the owncloud directory. 
23
* contents of the conf file. <pre>Alias /owncloud "/var/www/owncloud/"
24
<Directory "/var/www/owncloud">
25
    Options +FollowSymLinks
26
    AllowOverride All
27
    Satisfy Any
28
    <IfModule mod_dav.c>
29
      Dav off
30
    </IfModule>
31
32
    SetEnv HOME /var/www/owncloud
33
    SetEnv HTTP_HOME /var/www/owncloud
34
</Directory>
35
36
<Directory "/var/www/owncloud/data/">
37
  # just in case if .htaccess gets disabled
38
  Require all denied
39
</Directory>
40
</pre>
41
* Set up Apache for owncloud access: For simple setups, edit the default-ssl config to point to ssl certs and enable with a2enmod default-ssl.
42
* restart apache 
43
44
h2. Database setup (mySQL)
45
46
* make sure package php5-mysql is installed on system
47
* start mysql command line mode @mysql -uroot -p@
48
* <pre>CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
49
CREATE DATABASE IF NOT EXISTS owncloud;
50
GRANT ALL PRIVILEGES ON owncloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';</pre>
51
* keep track of username and password as the owncloud setup wizard will need that. 
52 7 Jessie Lee
53
h2. First Time Wizard
54
55
* go to https://domain.com/owncloud to start owncloud setup wizard. 
56
* click on mysql/mariadb and input the mysql user and pw are correct. 
57
* create super admin user and password
58
* If changes need to be made after first time setup either run again from Apps or edit /var/www/owncloud/config/config.php by hand 
59 1 Jessie Lee
60
h2. Enabling Samba external users
61
62
* Enable external_user and external_storage apps (lefthand tab menu--->apps---->not enabled. enable them)
63
* for a local samba installation add the following to config.php <pre>
64
"user_backends" => array (
65
    0 => array (
66
            "class"     => "OC_User_SMB",
67
            "arguments" => array (
68
                              0 => 'localhost'
69
                              ),
70
    ),
71
),</pre>
72
* users logging in with samba user and password should autocreate a user in owncloud. Permissions are not carried over!
73
74
h2.  Samba External Storage
75
76
* go to owncloud admin panel after enabling external_storage
77
* add share via interface. 
78
79
h2. owncloud + nginx
80
81
* Install php5-fpm and nginx with @apt-get install php5-fpm nginx@
82
* Uncomment "env[PATH] = /usr/local/bin:/usr/bin:/bin" in the file "/etc/php5/fpm/pool.d/www.conf"
83
* owncloud "provides":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html a fairly good base nginx site file to use for simple setups. copied below.
84
<pre>upstream php-handler {
85
  #server 127.0.0.1:9000;
86
  server unix:/var/run/php5-fpm.sock;
87
  }
88
89
server {
90
  listen 80;
91
  server_name cloud.example.com;
92
  # enforce https
93
  return 301 https://$server_name$request_uri;
94
  }
95
96
server {
97
  listen 443 ssl;
98
  server_name cloud.example.com;
99
100
  ssl_certificate /etc/ssl/nginx/cloud.example.com.crt;
101
  ssl_certificate_key /etc/ssl/nginx/cloud.example.com.key;
102
103
  # Path to the root of your installation
104
  root /var/www/owncloud/;
105
  # set max upload size
106
  client_max_body_size 10G;
107
  fastcgi_buffers 64 4K;
108
109
  # Disable gzip to avoid the removal of the ETag header
110
  gzip off;
111
112
  # Uncomment if your server is build with the ngx_pagespeed module
113
  # This module is currently not supported.
114
  #pagespeed off;
115
116
  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
117
  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
118
  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
119
120
  index index.php;
121
  error_page 403 /core/templates/403.php;
122
  error_page 404 /core/templates/404.php;
123
124
  location = /robots.txt {
125
    allow all;
126
    log_not_found off;
127
    access_log off;
128
    }
129
130
  location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
131
    deny all;
132
    }
133
134
  location / {
135
   # The following 2 rules are only needed with webfinger
136
   rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
137
   rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
138
139
   rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
140
   rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
141
142
   rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
143
144
   try_files $uri $uri/ /index.php;
145
   }
146
147
   location ~ \.php(?:$|/) {
148
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
149
   include fastcgi_params;
150
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
151
   fastcgi_param PATH_INFO $fastcgi_path_info;
152
   fastcgi_param HTTPS on;
153
   fastcgi_pass php-handler;
154
   }
155
156
   # Optional: set long EXPIRES header on static assets
157
   location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
158
       expires 30d;
159
       # Optional: Don't log access to assets
160
         access_log off;
161
   }
162
163
  }</pre>
164
* In the main server block add @add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";@ to enable strict transport security
165
166 2 Jessie Lee
167 1 Jessie Lee
h2. Performance tweaks
168
169 4 Jessie Lee
* enable system cron: by default owncloud runs scheduled jobs via ajax every page load which isn't great for actually getting things done at regular intervals. add: <pre># crontab -u www-data -e
170
*/15  *  *  *  * php -f /var/www/owncloud/cron.php > /dev/null 2>&1</pre> 
171
* enable apc (or apcu for php 5.5 and above) for wheezy @apt-get install php-apc@ and add @'memcache.local' => '\OC\Memcache\APC',@ to config.php
172
* for php 5.5 and above @apt- get install php-apcu@ and add @'memcache.local' => '\OC\Memcache\APCu',@
173
* you may have to add apc.enable_cli=1 to /etc/php5/cli/php.ini 
174 1 Jessie Lee
175 2 Jessie Lee
h2. Security and Hardening
176
177
* enable mod_headers (a2enmod headers) and add @Header always add Strict-Transport-Security "max-age=15768000"@ to virtual host file.
178
* move data directory outside /var/www/owncloud folder
179
* turn on server side encryption of data. (Admin settings --> turn on) 
180
* redirect all traffic to ssl: <pre><VirtualHost *:80>
181
   ServerName cloud.owncloud.com
182
   Redirect permanent / https://cloud.owncloud.com/
183
</VirtualHost></pre>
184 3 Jessie Lee
* verify that strict transport security and other headers are being sent by the server using curl. @curl -I https://owncloud.site/owncloud/COPYING-AGPL@ or calling another static resource. 
185
** headers should include @X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Robots-Tag: none X-Frame-Options: SAMEORIGIN@
186
187 5 Jessie Lee
h2. For Office File servers
188
189
Owncloud does not autoscan files that are not controlled by owncloud regularly. For office file servers this could mean files added via different methods may not show up in owncloud. 
190
* add the following cronjob to crontab -u www-data <pre>30      6,15     *       *       *  php /var/www/owncloud/occ file:scan --all >/dev/null 2>&1
191
</pre>
192 1 Jessie Lee
193 6 Jessie Lee
Owncloud may also need the web user (debian www-data) to be part of the staff group. @usermod -a -G www-data user@ 
194
195 1 Jessie Lee
h2. resource links
196
197
* "owncloud config.php parameters":https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/config_sample_php_parameters.html
198
* "owncloud nginx configuration":https://doc.owncloud.org/server/7.0/admin_manual/installation/nginx_configuration.html
199
* "owncloud database configuration":https://doc.owncloud.org/server/7.0/admin_manual/configuration/database_configuration.html
200
* "owncloud external auth":https://doc.owncloud.org/server/8.1/admin_manual/configuration_user/user_auth_ftp_smb_imap.html
201
* "owncloud external storage, direct config.php editing":https://doc.owncloud.org/server/7.0/admin_manual/configuration/external_storage_configuration.html
Go to top