ownCloud
From Wikipedia:
- ownCloud is a software suite that provides a location-independent storage area for data (cloud storage).
The ownCloud installation and configuration mainly depends on what web server and database you decide to run. Currently the wiki discusses #Apache configuration and #Nginx + uwsgi php configuration.
Contents
- 1 Prerequisites
- 2 Installation
- 3 Apache configuration
- 4 Nginx + uwsgi_php configuration
- 5 Synchronization
- 6 Important notes
-
7 Troubleshooting
- 7.1 Self-signed certificate not accepted
- 7.2 Self-signed certificate for Android devices
- 7.3 Cannot write into config directory!
- 7.4 Cannot create data directory (/path/to/dir)
- 7.5 CSync failed to find a specific file.
- 7.6 Seeing white page after login
- 7.7 GUI sync client fails to connect
- 7.8 "Cannot write into apps directory"
- 8 Upload and Share from File Manager
- 9 See also
Prerequisites
ownCloud needs a web server, PHP and a database. For instance, a classic LAMP stack should work fine and is the recommended configuration.
Installation
Install owncloud from the official repositories. Alternatively see the packages available in the Arch User Repository: [1].
Uncomment the following required extensions in /etc/php/php.ini
:
gd.so iconv.so posix.so xmlrpc.so zip.so
It is also recommended to install php-intl, php-mcrypt and uncomment the following extensions:
bz2.so curl.so intl.so mcrypt.so openssl.so
Caching
For enhanced performance, it is recommended to implement PHP caching: see PHP#Caching.
Then, depending on your choice, add only one of the following directives to /etc/webapps/owncloud/config/config.php
:
-
'memcache.local' => '\OC\Memcache\APCu',
-
'memcache.local' => '\OC\Memcache\XCache',
See the official documentation.
/dev/urandom access
ownCloud 8.1.0-1 requires /dev/urandom
access. This must be enabled in php.ini
.
Attach :/dev/urandom
(no slash at the end) to open_basedir
in php.ini
. Example:
open_basedir = /srv/http/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/dev/urandom
On Nginx + uwsgi_php, the setting above won't take effect , please attach :/dev/urandom
in uwsgi_php config file instead.
/etc/uwsgi/owncloud.ini
php-set = open_basedir=%(owncloud_data_dir):/tmp/:/usr/share/pear/:/usr/share/webapps/owncloud:/etc/webapps/owncloud:/dev/urandom
Database support
Depending on which database backend you are going to use, uncomment both of the following two extensions in /etc/php/php.ini
:
SQLite | MySQL | PostgreSQL |
---|---|---|
pdo_sqlite.so sqlite3.so |
pdo_mysql.so mysql.so |
pdo_pgsql.so pgsql.so |
Do not forget to install the appropriate php-module for the database. In the PostgreSQL case thats php-pgsql or for SQLite php-sqlite.
Exif support
Additionally enable exif support by installing exiv2 from the official repositories and uncommenting the exif.so
extension in php.ini
.
An all-in-one alternative with Docker
A quicker alternative to installing and configuring your own ownCloud is to use a 3rd party supported Docker image. You can find several images of fully working LAMP stack with pre-installed ownCloud in the Docker repositories. Docker containers are generally safer than a chroot environment and the overhead is very low; ownCloud in Docker works smoothly even on quite old machines. The whole setup including installing Docker and ownCloud image is considerably easier and quicker than a native installation but you must trust the 3rd party whom you've now given complete control to regarding the installation of your ownCloud instance.
Apache configuration
Copy the Apache configuration file to its configuration directory:
# cp /etc/webapps/owncloud/apache.example.conf /etc/httpd/conf/extra/owncloud.conf
And include it at the bottom of /etc/httpd/conf/httpd.conf
:
Include conf/extra/owncloud.conf
For security purposes, review and set the prescribed directory permissions from the ownCloud installation manual:
#!/bin/bash ocpath='/usr/share/webapps/owncloud' htuser='http' htgroup='http' find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640 find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750 chown -R root:${htuser} ${ocpath}/ chown -R ${htuser}:${htgroup} ${ocpath}/apps/ chown -R ${htuser}:${htgroup} ${ocpath}/config/ chown -R ${htuser}:${htgroup} ${ocpath}/data/ chown -R ${htuser}:${htgroup} ${ocpath}/themes/ chown root:${htuser} ${ocpath}/.htaccess chown root:${htuser} ${ocpath}/data/.htaccess chmod 0644 ${ocpath}/.htaccess chmod 0644 ${ocpath}/data/.htaccess
Now restart Apache (httpd.service
).
Open http://localhost/ in your browser. You should now be able to create a user account and follow the installation wizard.
WebDAV
ownCloud comes with its own WebDAV implementation enabled, which may conflict with the one shipped with Apache. If you have enabled WebDAV (not enabled by default with Apache), disable mod_dav
and mod_dav_fs
in /etc/httpd/conf/httpd.conf
. See https://forum.owncloud.org/viewtopic.php?f=17&t=7240 for details.
Running ownCloud in a subdirectory
By including the default owncloud.conf
in httpd.conf
, ownCloud will take control of port 80 and your localhost domain.
If you would like to have ownCloud run in a subdirectory, then edit the /etc/httpd/conf/extra/owncloud.conf
you included and comment out the <VirtualHost *:80> ... </VirtualHost>
part of the include file.
Nginx + uwsgi_php configuration
You can avoid the use of Apache, and run ownCloud in its own process by using the uwsgi-plugin-php application server. uWSGI itself has a wealth of features to limit the resource use, and to harden the security of the application, and by being a separate process it can run under its own user. (See specific owncloud version configuration. Adjust the owncloud version number in the linked URL.)
Configuration
- First of all you should set up your Nginx server. See the Nginx page for further information.
- Set a server with the following lines in the http section of your
/etc/nginx/nginx.conf
file:
#this is to avoid Request Entity Too Large error client_max_body_size 1000M; # deny access to some special files location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; } # pass all .php or .php/path urls to uWSGI location ~ ^(.+\.php)(.*)$ { include uwsgi_params; uwsgi_modifier1 14; #Uncomment line below if you get connection refused error. Remember to comment out line with "uwsgi_pass 127.0.0.1:3001;" below #uwsgi_pass unix:/run/uwsgi/owncloud.sock; uwsgi_pass 127.0.0.1:3001; } # everything else goes to the filesystem, # but / will be mapped to index.php and run through uwsgi location / { root /usr/share/webapps/owncloud; index index.php; rewrite ^/.well-known/carddav /remote.php/carddav/ redirect; rewrite ^/.well-known/caldav /remote.php/caldav/ redirect; }
- Then create a uWSGI config file.
/etc/uwsgi/owncloud.ini
could be a good choice:
[uwsgi] master = true socket = 127.0.0.1:3001 # Change this to where you want ownlcoud data to be stored (maybe /home/owncloud) owncloud_data_dir = /usr/share/webapps/owncloud/data/ chdir = %(owncloud_data_dir) plugins = php php-docroot = /usr/share/webapps/owncloud php-index = index.php # only allow these php files, I do not want to inadvertently run something else php-allowed-ext = /index.php php-allowed-ext = /public.php php-allowed-ext = /remote.php php-allowed-ext = /cron.php php-allowed-ext = /status.php php-allowed-ext = /settings/apps.php php-allowed-ext = /core/ajax/update.php php-allowed-ext = /core/ajax/share.php php-allowed-ext = /core/ajax/requesttoken.php php-allowed-ext = /core/ajax/translations.php php-allowed-ext = /search/ajax/search.php php-allowed-ext = /search/templates/part.results.php php-allowed-ext = /settings/admin.php php-allowed-ext = /settings/users.php php-allowed-ext = /settings/personal.php php-allowed-ext = /settings/help.php php-allowed-ext = /settings/ajax/getlog.php php-allowed-ext = /settings/ajax/setlanguage.php php-allowed-ext = /settings/ajax/setquota.php php-allowed-ext = /settings/ajax/userlist.php php-allowed-ext = /settings/ajax/createuser.php php-allowed-ext = /settings/ajax/removeuser.php php-allowed-ext = /settings/ajax/enableapp.php php-allowed-ext = /core/ajax/appconfig.php php-allowed-ext = /settings/ajax/setloglevel.php php-allowed-ext = /ocs/v1.php # set php configuration for this instance of php, no need to edit global php.ini php-set = date.timezone=Etc/UTC php-set = open_basedir=%(owncloud_data_dir):/tmp/:/usr/share/pear/:/usr/share/webapps/owncloud:/etc/webapps/owncloud php-set = session.save_path=/tmp php-set = post_max_size=1000M php-set = upload_max_filesize=1000M php-set = always_populate_raw_post_data=-1 # load all extensions only in this instance of php, no need to edit global php.ini php-set = extension=bz2.so php-set = extension=curl.so php-set = extension=intl.so php-set = extension=openssl.so php-set = extension=pdo_sqlite.so php-set = extension=exif.so php-set = extension=gd.so php-set = extension=imagick.so php-set = extension=gmp.so php-set = extension=iconv.so php-set = extension=mcrypt.so php-set = extension=sockets.so php-set = extension=sqlite3.so php-set = extension=xmlrpc.so php-set = extension=xsl.so php-set = extension=zip.so processes = 10 cheaper = 2 cron = -3 -1 -1 -1 -1 /usr/bin/php -f /usr/share/webapps/owncloud/cron.php 1>/dev/null #Uncomment line below and replace http with a specific group name which you want uwsgi to run with. #gid = http
Activation
uWSGI provides a template unit that allows to start and enable application using their configuration file name as instance identifier. For example:
# systemctl start uwsgi@owncloud.socket
would start it on demand referencing the configuration file /etc/uwsgi/owncloud.ini
.
To enable the uwsgi service by default at start-up, run:
# systemctl enable uwsgi@owncloud.socket
See also Uwsgi#Starting service.
Synchronization
Desktop
The official client can be installed with the package owncloud-client from the official repositories. Alternative versions are avaiable in the AUR: owncloud-client-betaAUR, owncloud-client-gitAUR and owncloud-client-qt5AUR. Its use is described in this page of the documentation.
Calendar
To access your ownCloud calendars using Mozilla Thunderbird's Lightning calendar you would use the following URL:
https://ADDRESS/remote.php/caldav/calendars/USERNAME/CALENDARNAME
To access your ownCloud calendars using CalDAV-compatible programs like Kontact or Evolution, you would use the following URL:
https://ADDRESS/remote.php/caldav
For details see the official documentation.
Contacts
To sync contacts with Thunderbird you must install the SOGo frontend, Lightning extension and follow those instructions from the official doc.
Mounting files with davfs2
If you want to mount your ownCloud permanently install davfs2 (as described in Davfs) first.
Considering your ownCloud were at https://own.example.com
, your WebDAV URL would be https://own.example.com/remote.php/webdav
(as of ownCloud 6.0).
To mount your ownCloud, use:
# mount -t davfs https://own.example.com/remote.php/webdav /path/to/mount
You can also create an entry for this in /etc/fstab
/etc/fstab
https://own.example.com/remote.php/webdav /path/to/mount davfs rw,user,noauto 0 0
Android
There is an official Android app available for a small fee on the Play Store and for free on F-Droid.
To enable contacts and calendar sync:
- if using Android 4+:
- download DAVdroid (available in F-Droid)
- Enable mod_rewrite.so in httpd.conf
- create a new DAVdroid account in the Account settings, and specify your "short" server address and login/password couple, e.g.
https://cloud.example.com
(there is no need for the/remote.php/{carddav,webdav}
part if you configured your web server with the proper redirections, as illustrated previously in the article; DAVdroid will find itself the right URLs)
- For an older version of the app but with still useful info, see this article.
- if using an Android version below 4.0 and favouring Free/Libre software solutions, give a try to aCal for calendar and contacts sync or CalDAV Sync Adapter (F-Droid) for just calendar sync; if you are willing to use non-libre software, then the recommended solution is to use CardDAV-Sync and CalDAV-Sync.
Important notes
- When using a subdomain (like cloud.example.net), make sure it is covered by your certificate. Otherwise, connection via the ownCloud client or webdav might fail.
- If you are planning on using ownCloud's sync-clients, make sure to have ntpd installed and running on your ownCloud server, otherwise the sync-clients will fail.
- Add some SSL encryption to your connection!
(If adding SSL encryption as above, be sure to edit /etc/httpd/conf/extra/httpd-ssl.conf and change DocumentRoot "/srv/http" to DocumentRoot "/usr/share/webapps/owncloud" )
- More Apps for ownCloud can be found here
- To install an new application, download the zip from the apps store, extract it into /srv/http/owncloud/apps/.
Afterwards restart httpd:
# systemctl restart httpd
log into your server go to the app sections you should see the new apps in there,
- If you are protecting access to your ownCloud location with HTTP basic auth, the file "status.php" must be excluded from auth and be publicly accessible. [4]
SABnzbd
When using SABnzbd, you might want to set
folder_rename 0
in your sabnzbd.ini file, because ownCloud will scan the files as soon as they get uploaded, preventing SABnzbd from removing UNPACKING prefixes etc.
Troubleshooting
Self-signed certificate not accepted
ownCloud uses Wikipedia:cURL and Wikipedia:SabreDAV to check if WebDAV is enabled. If you use SSL/TLS with a self-signed certificate, e.g. as shown in LAMP, and access ownCloud's admin panel, you will see the following error message:
Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.
Assuming that you followed the LAMP tutorial, execute the following steps:
Create a local directory for non-distribution certificates and copy LAMPs certificate there. This will prevent ca-certificates
-updates from overwriting it.
# cp /etc/httpd/conf/server.crt /usr/share/ca-certificates/WWW.EXAMPLE.COM.crt
Add WWW.EXAMPLE.COM.crt to /etc/ca-certificates.conf
:
WWW.EXAMPLE.COM.crt
Now, regenerate your certificate store:
# update-ca-certificates
Restart the httpd service to activate your certificate.
Should this not work, consider disabling mod_curl
in /etc/php/php.ini
.
Self-signed certificate for Android devices
Once you have followed the setup for SSL, as on LAMP for example, davdroid will fail to work because the certificate is not accepted. A certificate can be made as follows on your server:
# openssl x509 -req -days 365 -in /etc/httpd/conf/server.csr -signkey /etc/httpd/conf/server.key -extfile android.txt -out CA.crt # openssl x509 -inform PEM -outform DER -in CA.crt -out CA.der.crt
The file android.txt
should contain the following:
basicConstraints=CA:true
Then import CA.der.crt
to your Android device:
Put the CA.der.crt
file onto the sdcard of your Android device (usually to the internal one, e.g. save from a mail attachment). It should be in the root directory. Go to Settings > Security > Credential storage and select Install from device storage.
The .crt
file will be detected and you will be prompted to enter a certificate name. After importing the certificate, you will find it in Settings > Security > Credential storage > Trusted credentials > User.
Thanks to: [5]
Cannot write into config directory!
Check your httpd configuration file (like owncloud.conf
). Add your configuration directory (/etc/webapps
by default) to
php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/path/to/dir/"
Restart the httpd or php-fpm service to activate the change.
Cannot create data directory (/path/to/dir)
Check your httpd configuration file (like owncloud.conf
). Add your data directory to
php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/path/to/dir/"
Restart the httpd or php-fpm service to activate the change.
CSync failed to find a specific file.
This is most likely a certificate issue. Recreate it, and do not leave the common name empty or you will see the error again.
# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt
Seeing white page after login
The cause is probably a new app that you installed. To fix that, you can either use phpMyAdmin to edit the oc_appconfig
table (if you got lucky and the table has an edit option), or do it by hand with mysql:
mysql -u root -p owncloud MariaDB [owncloud]> delete from oc_appconfig where appid='<nameOfExtension>' and configkey='enabled' and configvalue='yes' MariaDB [owncloud]> insert into oc_appconfig (appid,configkey,configvalue) values ('<nameOfExtension>','enabled','no');
This should delete the relevant configuration from the table and add it again.
GUI sync client fails to connect
If using HTTP basic authentication, make sure to exclude "status.php", which must be publicly accessible. [6]
"Cannot write into apps directory"
As mentioned in the official admin manual, either you need an apps directory that is writable by the http user, or you need to set appstoreenabled
to false
.
Also, not mentioned there, the directory needs to be in the open_basedir
line in /etc/php/php.ini
.
One clean method is to have the package-installed directory at /usr/share/webapps/owncloud/apps
stay owned by root, and have the user-installed apps go into e.g. /var/www/owncloud/apps
, which is owned by http. Then you can set appstoreenabled
to true
and package upgrades of apps should work fine as well. Relevant lines from /etc/webapps/owncloud/config/config.php
:
'apps_paths' => array ( 0 => array ( 'path' => '/usr/share/webapps/owncloud/apps', 'url' => '/apps', 'writable' => false, ), 1 => array ( 'path' => '/var/www/owncloud/apps', 'url' => '/wapps', 'writable' => true, ), ),
Example open_basedir
line from /etc/php/php.ini
(you might have other directories in there as well):
open_basedir = /srv/http/:/usr/share/webapps/:/var/www/owncloud/apps/
Directory permissions:
$ ls -ld /usr/share/webapps/owncloud/apps /var/www/owncloud/apps/
drwxr-xr-x 26 root root 4096 des. 14 20:48 /usr/share/webapps/owncloud/apps drwxr-xr-x 2 http http 48 jan. 20 20:01 /var/www/owncloud/apps/
You can use the following script to quickly upload and share files to your ownCloud installation from Thunar (and possibly other filemanagers): https://github.com/schiesbn/shareLinkCreator You need to edit the file with the proper configuration settings. Note: password is stored as plain text.