ownCloud
From Wikipedia:
- ownCloud is a software suite that provides a location-independent storage area for data (cloud storage).
The ownCloud installation and configuration mainly depends on what web server and database you decide to run. Currently the wiki discusses #Apache configuration and #Nginx + uwsgi_php configuration.
Contents
- 1 Prerequisites
- 2 Installation
- 3 Apache configuration
- 4 Nginx + uwsgi_php configuration
- 5 Synchronization
- 6 Important notes
-
7 Troubleshooting
- 7.1 Self-signed certificate not accepted
- 7.2 Self-signed certificate for Android devices
- 7.3 Can't write into config directory!
- 7.4 Can't create data directory (/path/to/dir)
- 7.5 CSync failed to find a specific file.
- 7.6 Seeing white page after login
- 7.7 GUI sync client fails to connect
- 7.8 "Can't write into apps directory"
- 8 See also
Prerequisites
ownCloud needs a web server, PHP and a database. For instance, a classic LAMP stack should work fine and is the recommended configuration.
Installation
Install owncloud from the official repositories. Alternatively see the packages available in the Arch User Repository: [1].
Uncomment the following required extensions in /etc/php/php.ini
:
gd.so iconv.so xmlrpc.so zip.so
It is also recommended to install php-intl, php-mcrypt and uncomment the following extensions:
bz2.so curl.so intl.so mcrypt.so openssl.so
For enhanced performance, you may install either:
- php-apcu: only provides user data caching. Enable it by removing the comment in
/etc/php/conf.d/apcu.ini
. Then for opcode caching use the opcache extension: uncommentzend_extension=opcache.so
in/etc/php/php.ini
. - php-xcache: development version which provides both an opcode and user data cache. Uncomment it in
/etc/php/conf.d/xcache.ini
after installation.
Database support
Depending on which database backend you are going to use, uncomment both of the following two extensions in /etc/php/php.ini
:
SQLite | MySQL | PostgreSQL |
---|---|---|
pdo_sqlite.so sqlite3.so |
pdo_mysql.so mysql.so |
pdo_pgsql.so pgsql.so |
Don't forget to install the appropriate php-module for the database. In the PostgreSQL case thats php-pgsql or for SQLite php-sqlite.
Exif support
Additionally enable exif support by installing exiv2 from the official repositories and uncommenting the exif.so
extension in php.ini
.
An all-in-one alternative with Docker
A quick and safe alternative to installing and configuring ownCloud on your own is to use Docker. You can find several images of fully working LAMP stack with pre-installed ownCloud in the Docker repositories. Docker containers are generally safer than a chroot environment and the overhead is very low,; ownCloud in Docker works smoothly even on quite old machines. The whole setup including installing Docker and ownCloud image is considerably easier and quicker than a native installation.
Apache configuration
Copy the Apache configuration file to its configuration directory:
# cp /etc/webapps/owncloud/apache.example.conf /etc/httpd/conf/extra/owncloud.conf
And include it at the bottom of /etc/httpd/conf/httpd.conf
:
Include conf/extra/owncloud.conf
OwnCloud comes with its own WebDAV implementation enabled, which might conflict with the one shipped with Apache. OwnCloud recommends to disable mod_dav
and mod_dav_fs
in /etc/httpd/conf/httpd.conf
.
Make sure the web server can write to the ownCloud directory:
# chown -R http:http /usr/share/webapps/owncloud/
Now restart Apache (httpd.service
).
Open http://localhost/ in your browser. You should now be able to create a user account and follow the installation wizard.
Running ownCloud in a subdirectory
By including the default owncloud.conf
in httpd.conf
, ownCloud will take control of port 80 and your localhost domain.
If you would like to have ownCloud run in a subdirectory, then edit the /etc/httpd/conf/extra/owncloud.conf
you included and comment out the <VirtualHost *:80> ... </VirtualHost>
part of the include file.
Nginx + uwsgi_php configuration
You can avoid the use of Apache, and run ownCloud in it's own process by using the uwsgi-plugin-php application server. uWSGI itself has a wealth of features to limit the resource use, and to harden the security of the application, and by being a separate process it can run under its own user.
Configuration
- First of all you should set up your Nginx server. See the Nginx page for further information.
- Set a server with the following lines in the http section of your
/etc/nginx/nginx.conf
file:
#this is to avoid Request Entity Too Large error client_max_body_size 1000M; # deny access to some special files location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; } # pass all .php or .php/path urls to uWSGI location ~ ^(.+\.php)(.*)$ { include uwsgi_params; uwsgi_modifier1 14; #Uncomment line below if you get connection refused error. Remember to commet out line with "uwsgi_pass 127.0.0.1:3001;" below #uwsgi_pass unix:/run/uwsgi/owncloud.sock; uwsgi_pass 127.0.0.1:3001; } # everything else goes to the filesystem, # but / will be mapped to index.php and run through uwsgi location / { root /usr/share/webapps/owncloud; index index.php; rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; }
- Then create a uWSGI config file.
/etc/uwsgi/owncloud.ini
could be a good choice:
[uwsgi] master = true socket = 127.0.0.1:3001 # Change this to where you want ownlcoud data to be stored (maybe /home/owncloud) owncloud_data_dir = /usr/share/webapps/owncloud/data/ chdir = %(owncloud_data_dir) plugins = php php-docroot = /usr/share/webapps/owncloud php-index = index.php # only allow these php files, I don't want to inadvertently run something else php-allowed-ext = /index.php php-allowed-ext = /public.php php-allowed-ext = /remote.php php-allowed-ext = /cron.php php-allowed-ext = /status.php php-allowed-ext = /settings/apps.php php-allowed-ext = /core/ajax/update.php php-allowed-ext = /core/ajax/share.php php-allowed-ext = /core/ajax/requesttoken.php php-allowed-ext = /core/ajax/translations.php php-allowed-ext = /search/ajax/search.php php-allowed-ext = /search/templates/part.results.php php-allowed-ext = /settings/admin.php php-allowed-ext = /settings/users.php php-allowed-ext = /settings/personal.php php-allowed-ext = /settings/help.php php-allowed-ext = /settings/ajax/getlog.php php-allowed-ext = /settings/ajax/setlanguage.php php-allowed-ext = /settings/ajax/setquota.php php-allowed-ext = /settings/ajax/userlist.php php-allowed-ext = /settings/ajax/createuser.php php-allowed-ext = /settings/ajax/removeuser.php php-allowed-ext = /settings/ajax/enableapp.php php-allowed-ext = /core/ajax/appconfig.php php-allowed-ext = /settings/ajax/setloglevel.php php-allowed-ext = /ocs/v1.php # set php configuration for this instance of php, no need to edit global php.ini php-set = date.timezone=Etc/UTC php-set = open_basedir=%(owncloud_data_dir):/tmp/:/usr/share/pear/:/usr/share/webapps/owncloud:/etc/webapps/owncloud php-set = session.save_path=/tmp php-set = post_max_size=1000M php-set = upload_max_filesize=1000M php-set = always_populate_raw_post_data=-1 # load all extensions only in this instance of php, no need to edit global php.ini php-set = extension=bz2.so php-set = extension=curl.so php-set = extension=intl.so php-set = extension=openssl.so php-set = extension=pdo_sqlite.so php-set = extension=exif.so php-set = extension=gd.so php-set = extension=imagick.so php-set = extension=gmp.so php-set = extension=iconv.so php-set = extension=mcrypt.so php-set = extension=sockets.so php-set = extension=sqlite3.so php-set = extension=xmlrpc.so php-set = extension=xsl.so php-set = extension=zip.so processes = 10 cheaper = 2 cron = -3 -1 -1 -1 -1 /usr/bin/php -f /usr/share/webapps/owncloud/cron.php 1>/dev/null
Activation
uWSGI provides a template unit that allows to start and enable application using their configuration file name as instance identifier. For example:
# systemctl start uwsgi@owncloud.socket
would start it on demand referencing the configuration file /etc/uwsgi/owncloud.ini
.
To enable the uwsgi service by default at start-up, run:
# systemctl enable uwsgi@owncloud.service
See also Uwsgi#Starting_service.
Synchronization
Desktop
The official client can be installed with the package owncloud-client from the official repositories. Alternative versions are avaiable in the AUR: owncloud-client-beta, owncloud-client-git and owncloud-client-qt5. Its use is described in this page of the documentation.
Calendar
To access your ownCloud calendars using Mozilla Thunderbird's Lightning calendar you would use the following URL:
https://ADDRESS/remote.php/caldav/calendars/USERNAME/CALENDARNAME
To access your ownCloud calendars using CalDAV-compatible programs like Kontact or Evolution, you would use the following URL:
https://ADDRESS/remote.php/caldav
For details see the official documentation.
Contacts
To sync contacts with Thunderbird you must install the SOGo frontend, Lightning extension and follow those instructions from the official doc.
Mounting files with davfs2
If you want to mount your ownCloud permanently install davfs2 (as described in Davfs) first.
Considering your ownCloud were at https://own.example.com
, your WebDAV URL would be https://own.example.com/remote.php/webdav
(as of ownCloud 6.0).
To mount your ownCloud, use:
# mount -t davfs https://own.example.com/remote.php/webdav /path/to/mount
You can also create an entry for this in /etc/fstab
/etc/fstab
https://own.example.com/remote.php/webdav /path/to/mount rw,user,noauto 0 0
Android
There is an official Android app available for a small fee on the Play Store and for free on F-Droid.
To enable contacts and calendar sync:
- if using Android 4+:
- download DAVdroid (available in F-Droid)
- Enable mod_rewrite.so in httpd.conf
- create a new DAVdroid account in the Account settings, and specify your "short" server address and login/password couple, e.g.
https://cloud.example.com
(there is no need for the/remote.php/{carddav,webdav}
part if you configured your web server with the proper redirections, as illustrated previously in the article; DAVdroid will find itself the right URLs)
- For an older version of the app but with still useful info, see this article.
- if using an Android version below 4.0 and favouring Free/Libre software solutions, give a try to aCal for calendar and contacts sync or CalDAV Sync Adapter (F-Droid) for just calendar sync; if you are willing to use non-libre software, then the recommended solution is to use CardDAV-Sync and CalDAV-Sync.
Important notes
- When using a subdomain (like cloud.example.net), make sure it is covered by your certificate. Otherwise, connection via the ownCloud client or webdav might fail.
- If you are planning on using ownCloud's sync-clients, make sure to have ntpd installed and running on your ownCloud server, otherwise the sync-clients will fail.
- Add some SSL encryption to your connection!
(If adding SSL encryption as above, be sure to edit /etc/httpd/conf/extra/httpd-ssl.conf and change DocumentRoot "/srv/http" to DocumentRoot "/usr/share/webapps/owncloud" )
- More Apps for ownCloud can be found here
- To install an new application, download the zip from the apps store, extract it into /srv/http/owncloud/apps/.
Afterwards restart httpd:
# systemctl restart httpd
log into your server go to the app sections you should see the new apps in there,
- If you are protecting access to your ownCloud location with HTTP basic auth, the file "status.php" must be excluded from auth and be publicly accessible. [4]
SABnzbd
When using SABnzbd, you might want to set
folder_rename 0
in your sabnzbd.ini file, because ownCloud will scan the files as soon as they get uploaded, preventing SABnzbd from removing UNPACKING prefixes etc.
Troubleshooting
Self-signed certificate not accepted
OwnCloud uses Wikipedia:cURL and Wikipedia:SabreDAV to check if WebDAV is enabled. If you use a SSL/TLS with a self-signed certificate, e.g. as shown in LAMP and access ownClouds admin panel, you will see the following error message:
Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.
Assuming that you followed the LAMP-tutorial, execute the following steps:
Create local directory for non-distribution certificates and copy LAMPs certificate there. This will prevent ca-certificates
-updates to overwrite it.
# cp /etc/httpd/conf/server.crt /usr/share/ca-certificates/WWW.EXAMPLE.COM.crt
Add WWW.EXAMPLE.COM.crt to /etc/ca-certificates.conf
:
WWW.EXAMPLE.COM.crt
Now, regenerate your certificate store:
# update-ca-certificates
Restart the httpd service to activate your certificate.
Should this not work consider disabling mod_curl in /etc/php/php.ini.
Self-signed certificate for Android devices
Once you have followed the setup for SSL as on LAMP for example davdroid will fail to work because the certificate is not accepted. A certificate can be made as follows on your server:
# openssl x509 -req -days 365 -in /etc/httpd/conf/server.csr -signkey /etc/httpd/conf/server.key -extfile android.txt -out CA.crt # openssl x509 -inform PEM -outform DER -in CA.crt -out CA.der.crt
The file android.txt should contain the following:
basicConstraints=CA:true
Then import CA.der.crt to your android device:
Put the CA.der.crt onto the sdcard of your Android device (usually to internal one, eg save from a mail attachement). It should be in root directory. Go to Settings / Security / Credential storage and select “Install from device storage”. The .crt file will be detected and you will be prompted to enter a certificate name. After importing the certificate, you will find it in Settings / Security / Credential storage / Trusted credentials / User.
Thanks to: [5]
Can't write into config directory!
Check your httpd conf file (like owncloud.conf). Add your config dir (/etc/webapps by default) to
php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/path/to/dir/"
Restart the httpd or php-fpm service to activate the change.
Can't create data directory (/path/to/dir)
Check your httpd conf file (like owncloud.conf). Add your data dir to
php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/path/to/dir/"
Restart the httpd or php-fpm service to activate the change.
CSync failed to find a specific file.
Most probably a certificate issue, recreate it, and don't leave the common name empty or you will see the error again.
openssl genrsa -out server.key 2048 openssl req -new -key server.key -x509 -days 365 -out server.crt
Seeing white page after login
The cause is probably a new app that you installed, to fix that you can either use phpMyAdmin by editing the oc_appconfig table(in the case you got lucky and the table has edit option) or do it by hand with mysql:
mysql -u root -p owncloud MariaDB [owncloud]> delete from oc_appconfig where appid='<nameOfExtension>' and configkey='enabled' and configvalue='yes' MariaDB [owncloud]> insert into oc_appconfig (appid,configkey,configvalue) values ('<nameOfExtension>','enabled','no');
This should delete the relevant configuration from the table and add it again.
GUI sync client fails to connect
If using HTTP basic auth, make sure to exclude "status.php", which must be publicly accessible [6]
"Can't write into apps directory"
As mentioned in the official admin manual either you need an apps directory that is writable by the http user, or you need to set "appstoreenabled" to false.
Also, not mentioned there, the directory needs to be in the open_basedir line in /etc/php/php.ini
One clean method is to have the package-installed directory at /usr/share/webapps/owncloud/apps
stay owned by root, and have the user-installed apps go into e.g. /var/www/owncloud/apps
which is owned by http. Then you can set "appstoreenabled" to true and package upgrades of apps should work fine as well. Relevant lines from /etc/webapps/owncloud/config/config.php
:
'apps_paths' => array ( 0 => array ( 'path' => '/usr/share/webapps/owncloud/apps', 'url' => '/apps', 'writable' => false, ), 1 => array ( 'path' => '/var/www/owncloud/apps', 'url' => '/wapps', 'writable' => true, ), ),
Example open_basedir line from /etc/php/php.ini
(you might have other dirs in there as well):
open_basedir = /srv/http/:/usr/share/webapps/:/var/www/owncloud/apps/
Directory permissions:
$ ls -ld /usr/share/webapps/owncloud/apps /var/www/owncloud/apps/ drwxr-xr-x 26 root root 4096 des. 14 20:48 /usr/share/webapps/owncloud/apps drwxr-xr-x 2 http http 48 jan. 20 20:01 /var/www/owncloud/apps/