|
|
(11 intermediate revisions by 5 users not shown) |
Line 1: |
Line 1: |
| [http://owncloud.org/ ownCloud] is WedDAV-based solution for storing and sharing on-line your data, files, images, video, music, calendars and contacts. You can have your ownCloud instance up and running in 5 minutes with Alpine!
| | #REDIRECT [[Nextcloud]] |
| | | {{Obsolete|OwnCloud is deprecated in favor of [[Nextcloud|Nextcloud]]}} |
| = Installation =
| |
| {{pkg|ownCloud}} is available from Alpine 2.5 and greater.
| |
| | |
| Before you start installing anything, make sure you have latest packages available. Make sure you are using a 'http' repository in your {{path|/etc/apk/repositories}} and then run:
| |
| {{cmd|apk update}}
| |
| {{tip|Detailed information is found in [[Include:Upgrading_to_latest_release|this]] doc.}}
| |
| | |
| == Database ==
| |
| First you have to decide which database to use. Follow one of the below database alternatives.
| |
| === sqlite ===
| |
| All you need to do is to install the package
| |
| {{cmd|apk add owncloud-sqlite}} | |
| {{warning|{{pkg|sqlite}}+{{pkg|owncould}} is known to have some problem, so do not expect it work. This note should be removed when {{pkg|sqlite}}+{{pkg|owncould}} works. <br>''(Still a problem at 2012-11-15)''<br>''(Seems to work OK 2013-05-27)''}}
| |
| | |
| === postgresql ===
| |
| Install the package
| |
| {{cmd|apk add owncloud-pgsql}}
| |
| | |
| Next thing is to configure and start the database
| |
| {{cmd|/etc/init.d/postgresql setup
| |
| /etc/init.d/postgresql start}}
| |
| | |
| Next you need to create a user, and temporary grant CREATEDB privilege.
| |
| {{cmd|psql -U postgres
| |
| CREATE USER mycloud WITH PASSWORD 'test123';
| |
| ALTER ROLE mycloud CREATEDB;
| |
| \q}}
| |
| {{Note|Replace the above username 'mycloud' and password 'test123' to something secure. Remember these settings, you will need them later when setting up owncloud.}}
| |
| | |
| === mysql ===
| |
| Install the package
| |
| {{cmd|apk add owncloud-mysql mysql-client}}
| |
| | |
| Now configure and start {{pkg|mysql}}
| |
| {{cmd|/etc/init.d/mysql setup
| |
| /etc/init.d/mysql start
| |
| /usr/bin/mysql_secure_installation}}
| |
| Follow the wizard to setup passwords etc.
| |
| {{Note|Remember the usernames/passwords that you set using the wizard, you will need them later.}}
| |
| | |
| Next you need to create a user, database and set permissions.
| |
| {{cmd|mysql -u root -p
| |
| CREATE DATABASE owncloud;
| |
| GRANT ALL ON owncloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123';
| |
| GRANT ALL ON owncloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123';
| |
| FLUSH PRIVILEGES;
| |
| EXIT}}
| |
| {{Note|Replace the above username 'mycloud' and password 'test123' to something secure. Remember these settings, you will need them later when setting up owncloud.}}
| |
| | |
| {{pkg|mysql-client}} is not needed anymore. Let's uninstall it:
| |
| {{cmd|apk del mysql-client}}
| |
| | |
| == Webserver ==
| |
| Next thing is to choose, install and configure a webserver. In this example we will install {{pkg|nginx}} or {{pkg|lighttpd}}. ''Nginx'' is preferred over ''Lighttpd'' since the latter when working with large files will consume a lot of memory (see [http://redmine.lighttpd.net/issues/1283 lighty bug #1283]). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. We're not explaining how to generate an SSL certificate for your webserver.
| |
| | |
| === Nginx ===
| |
| Install the needed packages
| |
| {{cmd|apk add nginx php-fpm}}
| |
| | |
| '''Remove/comment''' any section like this in
| |
| {{cat|/etc/nginx/nginx.conf|
| |
| server {
| |
| listen ...
| |
| }
| |
| }}
| |
| | |
| Include the following directive in
| |
| {{cat|/etc/nginx/nginx.conf|
| |
| http {
| |
| ...
| |
| include /etc/nginx/sites-enabled/*;
| |
| ...
| |
| }}
| |
| | |
| Create a directory for your websites
| |
| {{cmd|mkdir /etc/nginx/sites-available}}
| |
| | |
| Create a configuration file for your site in /etc/nginx/sites-available/mysite.mydomain.com
| |
| <pre>
| |
| server {
| |
| #listen [::]:80; #uncomment for IPv6 support
| |
| listen 80;
| |
| return 301 https://$host$request_uri;
| |
| server_name mysite.mydomain.com;
| |
| }
| |
| | |
| server {
| |
| #listen [::]:443 ssl; #uncomment for IPv6 support
| |
| listen 443 ssl;
| |
| server_name mysite.mydomain.com;
| |
| | |
| root /var/www/vhosts/mysite.mydomain.com/www;
| |
| index index.php index.html index.htm;
| |
| disable_symlinks off;
| |
| | |
| ssl_certificate /etc/ssl/cert.pem;
| |
| ssl_certificate_key /etc/ssl/key.pem;
| |
| | |
| ssl_session_cache shared:SSL:1m;
| |
| ssl_session_timeout 5m;
| |
| | |
| #Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
| |
| #Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
| |
| #ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
| |
| #ssl_prefer_server_ciphers on;
| |
| | |
| | |
| location / {
| |
| try_files $uri $uri/ /index.html;
| |
| }
| |
| | |
| # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
| |
| location ~ [^/]\.php(/|$) {
| |
| fastcgi_split_path_info ^(.+?\.php)(/.*)$;
| |
| if (!-f $document_root$fastcgi_script_name) {
| |
| return 404;
| |
| }
| |
| fastcgi_pass 127.0.0.1:9000;
| |
| #fastcgi_pass unix:/var/run/php-fpm/socket;
| |
| fastcgi_index index.php;
| |
| include fastcgi.conf;
| |
| }
| |
| }
| |
| </pre>
| |
| | |
| If you are running-from-RAM and you're dealing with large files you might need to move the FastCGI temp file from /tmp to /var/tmp or to a directory that is mounted on hdd
| |
| <pre>
| |
| fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;
| |
| </pre>
| |
| | |
| Set user and group for php-fpm in /etc/php/php-fpm.conf
| |
| <pre>
| |
| ...
| |
| user = nginx
| |
| group = www-data
| |
| ...
| |
| </pre>
| |
| | |
| {{Note|If you are serving serveral users make sure to tune the *''children'' settings in /etc/php/php-fpm.conf}}
| |
| | |
| Make nginx user member of www-data group
| |
| {{cmd|addgroup nginx www-data}}
| |
| | |
| Enable your website
| |
| {{cmd|ln -s ../sites-available/mysite.mydomain.com /etc/nginx/sites-enabled/mysite.mydomain.com}}
| |
| | |
| Start services
| |
| {{cmd|rc-service php-fpm start
| |
| rc-service nginx start}}
| |
| | |
| === Lighttpd ===
| |
| Install the package
| |
| {{cmd|apk add lighttpd php-cgi}}
| |
| | |
| Make sure you have FastCGI enabled in {{pkg|lighttpd}}:
| |
| {{cat|/etc/lighttpd/lighttpd.conf|...
| |
| include "mod_fastcgi.conf"
| |
| ...}}
| |
| | |
| Start up the webserver
| |
| {{cmd|/etc/init.d/lighttpd start}}
| |
| | |
| {{tip|You might want to follow the [http://wiki.alpinelinux.org/wiki/Lighttpd_Https_access Lighttpd_Https_access] doc in order to configure lighttpd to use https ''(securing your connections to your owncloud server)''.}}
| |
| | |
| Link {{pkg|owncloud}} installation to web server directory:
| |
| {{cmd|ln -s /usr/share/webapps/owncloud /var/www/localhost/htdocs}}
| |
| | |
| == Other settings ==
| |
| === Hardening ===
| |
| Consider updating the variable <code>url.access-deny</code> in {{path|/etc/lighttpd/lighttpd.conf}} for additional security. Add <code>"config.php"</code> to the variable ''(that's where the database is stored)'' so it looks something like this:
| |
| {{cat|/etc/lighttpd/lighttpd.conf|...
| |
| url.access-deny {{=}} ("~", ".inc", "config.php")
| |
| ...}}
| |
| Restart {{pkg|lighttpd}} to activate the changes
| |
| {{cmd|/etc/init.d/lighttpd restart}}
| |
| | |
| === Additional packages ===
| |
| Some large apps, such as texteditor, documents and videoviewer are in separate package:
| |
| {{cmd|apk add owncloud-texteditor owncloud-documents owncloud-videoviewer}}
| |
| | |
| = Configure and use ownCloud =
| |
| == Configure ==
| |
| Point your browser at <code><nowiki>https://mysite.mydomain.com</nowiki></code> and follow the on-screen instructions to complete the installation, supplying the database user and password created before.
| |
| | |
| == Hardening postgresql ==
| |
| If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:
| |
| {{cmd|psql -U postgres
| |
| ALTER ROLE mycloud NOCREATEDB;
| |
| \q}}
| |
| | |
| == Increase upload size ==
| |
| Default configuration for php is limited to 2Mb file size. You might want to increase that size by editing the {{path|/etc/php/php.ini}} and change the following values to something that suits you:
| |
| <pre>
| |
| upload_max_filesize = 2M
| |
| post_max_size = 8M
| |
| </pre>
| |
| | |
| == Clients ==
| |
| There are clients available for many platforms, Android included:
| |
| * http://owncloud.org/sync-clients/ ''(ownCloud Sync clients)''
| |
| * http://owncloud.org/support/android/ ''(Android client)''
| |
| | |
| [[Category:Server]]
| |