OwnCloud: Difference between revisions

From Alpine Linux
Line 49: Line 49:
FLUSH PRIVILEGES;
FLUSH PRIVILEGES;
EXIT}}
EXIT}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings> You'll need them later.}}
{{Note|Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You'll need them later.}}


{{pkg|mysql-client}} is no longer needed. To uninstall it, run:
{{pkg|mysql-client}} is no longer needed. To uninstall it, run:

Revision as of 14:58, 8 August 2021

This material is obsolete ...

OwnCloud is deprecated in favor of Nextcloud (Discuss)

ownCloud is WedDAV-based solution for storing and on-line sharing of your data, files, images, video, music, calendars and contacts. With Alpine, you can have your ownCloud instance up and running in 5 minutes!

Installation

ownCloud is available from Alpine v2.5 and later.

Before you start installing anything, make sure you have the latest packages available. Make sure you are using an 'http' repository in your /etc/apk/repositories, then run:

apk update

Tip: Detailed information can be found in this doc.

Database

First you have to decide which database to use. Follow one of the database alternatives shown below:

sqlite

All you need to do is to install the package

apk add owncloud-sqlite

postgresql

Install the package

apk add owncloud-pgsql

Configure and start the database

/etc/init.d/postgresql setup /etc/init.d/postgresql start

Create a user and temporarily grant the CREATEDB privilege.

psql -U postgres CREATE USER mycloud WITH PASSWORD 'test123'; ALTER ROLE mycloud CREATEDB; \q

Note: Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You'll need them later.

mysql

Install the package

apk add owncloud-mysql mysql-client

Configure and start mysql

/etc/init.d/mysql setup /etc/init.d/mysql start /usr/bin/mysql_secure_installation

Follow the wizard to set up passwords etc.

Note: Remember the usernames/passwords that you set with the wizard. You'll need them later.

Create a user, database and set permissions.

mysql -u root -p CREATE DATABASE owncloud; GRANT ALL ON owncloud.* TO 'mycloud'@'localhost' IDENTIFIED BY 'test123'; GRANT ALL ON owncloud.* TO 'mycloud'@'localhost.localdomain' IDENTIFIED BY 'test123'; FLUSH PRIVILEGES; EXIT

Note: Replace the above username 'mycloud' and password 'test123' with something secure. Remember these settings. You'll need them later.

mysql-client is no longer needed. To uninstall it, run:

apk del mysql-client

Webserver

Choose, install and configure a webserver. In this example we will install nginx or lighttpd. Nginx is preferred over Lighttpd since the latter will consume a lot of memory when working with large files (see lighty bug #1283). You are free to install any other webserver of your choice as long as it supports PHP and FastCGI. We won't be covering how to generate an SSL certificate for your webserver.

Nginx

Install the required packages

apk add nginx php-fpm

Remove/comment any section like this in

Contents of /etc/nginx/nginx.conf

server { listen ... }

Include the following directive in

Contents of /etc/nginx/nginx.conf

http { ... include /etc/nginx/sites-enabled/*; ...

Create a directory for your website

mkdir /etc/nginx/sites-available

Create a configuration file for your site in /etc/nginx/sites-available/mysite.mydomain.com

server {
        #listen       [::]:80; #uncomment for IPv6 support
        listen       80;
	return 301 https://$host$request_uri;
	server_name mysite.mydomain.com;
}

server {
        #listen       [::]:443 ssl; #uncomment for IPv6 support
        listen       443 ssl;
        server_name  mysite.mydomain.com;

	root /var/www/vhosts/mysite.mydomain.com/www;
        index  index.php index.html index.htm;
	disable_symlinks off;

        ssl_certificate      /etc/ssl/cert.pem;
        ssl_certificate_key  /etc/ssl/key.pem;

        ssl_session_cache    shared:SSL:1m;
        ssl_session_timeout  5m;

        #Enable Perfect Forward Secrecy and ciphers without known vulnerabilities
        #Beware! It breaks compatibility with older OS and browsers (e.g. Windows XP, Android 2.x, etc.)
	#ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA;
        #ssl_prefer_server_ciphers  on;


        location / {
            try_files $uri $uri/ /index.html;
        }

        # pass the PHP scripts to the FastCGI server listening on 127.0.0.1:9000
        location ~ [^/]\.php(/|$) {
                fastcgi_split_path_info ^(.+?\.php)(/.*)$;
                if (!-f $document_root$fastcgi_script_name) {
                        return 404;
                }
                fastcgi_pass 127.0.0.1:9000;
		#fastcgi_pass unix:/var/run/php-fpm/socket;
                fastcgi_index index.php;
                include fastcgi.conf;
	}
}

If you are running from RAM, and you're dealing with large files you might need to move the FastCGI temp file from /tmp to /var/tmp or to a directory that is mounted on a hard disk.

fastcgi_temp_path /var/tmp/nginx/fastcgi 1 2;

Large file upload takes some time to be processed by php-fpm. So you need to bump the Nginx default read timeout:

fastcgi_read_timeout 300s;

Set user and group for php-fpm in /etc/php/php-fpm.conf

...
user = nginx
group = www-data
...
Note: If you are serving multiple users, make sure to tune the *children settings in /etc/php/php-fpm.conf

Make nginx user a member of the www-data group

addgroup nginx www-data

Enable your website

ln -s ../sites-available/mysite.mydomain.com /etc/nginx/sites-enabled/mysite.mydomain.com

Start services

rc-service php-fpm start rc-service nginx start

Lighttpd

Install the package

apk add lighttpd php-cgi

Make sure you have FastCGI enabled in lighttpd:

Contents of /etc/lighttpd/lighttpd.conf

... include "mod_fastcgi.conf" ...

Start the webserver

/etc/init.d/lighttpd start

Tip: You might want to follow the Lighttpd_Https_access doc in order to configure lighttpd to use https (securing your connections to your owncloud server).

Link owncloud installation to web server directory:

ln -s /usr/share/webapps/owncloud /var/www/localhost/htdocs

Other settings

Hardening

Consider updating the variable url.access-deny in /etc/lighttpd/lighttpd.conf for additional security. Add "config.php" to the variable (that's where the database is stored) so it looks something like this:

Contents of /etc/lighttpd/lighttpd.conf

... url.access-deny = ("~", ".inc", "config.php") ...

Restart lighttpd to activate the changes

/etc/init.d/lighttpd restart

Additional packages

Some large apps, such as text editors, documents and video viewer are in separate packages:

apk add owncloud-texteditor owncloud-documents owncloud-videoviewer

Configure and use ownCloud

Configure

Point your browser at https://mysite.mydomain.com and follow the on-screen instructions to complete the installation, supplying the database user and password created before.

Hardening postgresql

If you have chosen PGSQL backend, revoke CREATEDB privilege from 'mycloud' user:

psql -U postgres ALTER ROLE mycloud NOCREATEDB; \q

Increase upload size

Default configuration for php is limited to 2Mb file size. You might want to increase that size by editing the /etc/php/php.ini and change the following values to something that suits you:

upload_max_filesize = 2M
post_max_size = 8M

Clients

There are clients available for many platforms, Android included: