Changes

From SME Server
Jump to navigationJump to search
2,361 bytes added ,  22:21, 15 March 2020
no edit summary
Line 1: Line 1: −
{{usefulnote}}
+
{{Warning box|This page relate to the installation of owncloud and nextcloud and most of its information, while still usefull are outdated. You might rather enjoy to follow the instruction on the contribution page  [[Nextcloud]] where a complete install and play solution is available for your needs.}}{{usefulnote}}
 
{{Level|Medium}}
 
{{Level|Medium}}
 +
{{Note box|Please note that OwnCloud has been forked by Nextcloud. It seems that the main developers have left OwnCloud and moved over to Nextcloud as per June 2016. Please see [http://nextcloud.com their website] for more info. Specific Nextcloud instructions will be on the [[Nextcloud]] wiki page.}}
    
==About==
 
==About==
Line 7: Line 8:  
</span>"OwnCloud ( http://owncloud.org ) gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. Installation has minimal server requirements, doesn’t need special permissions and is quick. ownCloud is extendable via a simple but powerful API for applications and plugins."
 
</span>"OwnCloud ( http://owncloud.org ) gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. Installation has minimal server requirements, doesn’t need special permissions and is quick. ownCloud is extendable via a simple but powerful API for applications and plugins."
   −
{{Note box|As of September, 2015, the ownCloud project release schedule is very aggressive. New releases occur frequently, sometimes as often one every 120 days. Each release resolves many issues and adds features, and often requires upgrades of underlying packages, such as PHP.
+
{{Note box|Owncloud requires a higher version of PHP than SME Server 9.x currently provides. Presently, the ownCloud maintainers recommend PHP version 5.5. Please see '''[[PHP Software Collections]]''' on how to install a supported higher version of PHP alongside the default version of PHP on SME Server 9.x}}
 
  −
Owncloud version 7 requires a higher version of PHP than SME Server 9.x currently provides. Presently, the ownCloud maintainers recommend PHP version 5.5. Please see '''[[PHP Software Collections]]''' on how to install a supported higher version of PHP alongside the default version of PHP on SME Server 9.x}}
      
==Forum discussion==
 
==Forum discussion==
Line 20: Line 19:  
  Information bay name - owncloud, Description - owncloud site, Group - Admin, User access - Write = group, Read = everyone,  
 
  Information bay name - owncloud, Description - owncloud site, Group - Admin, User access - Write = group, Read = everyone,  
 
  Public access via web - Entire Internet (no password required), Execution of dynamic content - Enabled
 
  Public access via web - Entire Internet (no password required), Execution of dynamic content - Enabled
* Check that you have the correct PHP version running for the Owncloud version you like to install: [https://doc.owncloud.org/server/8.0/admin_manual/installation/source_installation.html Version 8 doc]. Please see '''[[PHP Software Collections]]''' on how to install a supported higher version of PHP in an Ibay on SME Server 9.x}}
+
* Check that you have the correct PHP version running for the Owncloud version you like to install: [https://doc.owncloud.org/server/8.0/admin_manual/installation/source_installation.html Version 8 doc]. Please see '''[[PHP Software Collections]]'''<nowiki> on how to install a supported higher version of PHP in an Ibay on SME Server 9.x}}</nowiki>
 
* Extract ownCloud into the html directory of the new ibay (in this example called 'owncloud' )
 
* Extract ownCloud into the html directory of the new ibay (in this example called 'owncloud' )
In the following code, change the version number of owncloud to suit the current version downloaded from the owncloud website
+
In the following code, change the version number of owncloud to suit the current version downloaded from the owncloud website. The latest version and changelog can be found [https://owncloud.org/changelog/ '''here''']
 
  cd /home/e-smith/files/ibays/owncloud/html/
 
  cd /home/e-smith/files/ibays/owncloud/html/
  wget http://download.owncloud.org/community/owncloud-8.X.X.tar.bz2
+
  wget http://download.owncloud.org/community/owncloud-9.X.X.tar.bz2
  tar xvf owncloud-8.X.X.tar.bz2  
+
  tar xvf owncloud-9.X.X.tar.bz2  
 
  mv owncloud/* .
 
  mv owncloud/* .
 
  mv owncloud/.htaccess .
 
  mv owncloud/.htaccess .
Line 31: Line 30:  
* Set appropriate ibay settings at the command line prompt:
 
* Set appropriate ibay settings at the command line prompt:
 
  <nowiki>db accounts setprop owncloud \
 
  <nowiki>db accounts setprop owncloud \
AllowOverride All \
+
  AllowOverride All \
FollowSymLinks enabled \
+
  FollowSymLinks enabled \
Group www \
+
  Group www \
PHPBaseDir /home/e-smith/files/ibays/owncloud/:/tmp/ \
+
  PHPBaseDir /home/e-smith/files/ibays/owncloud/:/tmp/:/dev/urandom \
PublicAccess global \
+
  PublicAccess global \
UserAccess wr-group-rd-everyone
+
  UserAccess wr-group-rd-everyone
</nowiki>
+
  </nowiki>
    
* Update the ibay
 
* Update the ibay
Line 44: Line 43:  
* you also need to allow the "allow_url_fopen"
 
* you also need to allow the "allow_url_fopen"
 
  <nowiki>
 
  <nowiki>
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
+
    mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
nano -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/99allow_url_fopen
+
    nano -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/99allow_url_fopen
</nowiki>
+
    </nowiki>
    
* and paste the following and save this
 
* and paste the following and save this
    
  <nowiki>
 
  <nowiki>
<Directory /home/e-smith/files/ibays/owncloud/html>
+
    <Directory /home/e-smith/files/ibays/owncloud/html>
php_admin_flag allow_url_fopen on
+
    php_admin_flag allow_url_fopen on
</Directory>
+
    </Directory>
</nowiki>
+
    </nowiki>
    
* then at the command line prompt enter:
 
* then at the command line prompt enter:
    
  <nowiki>
 
  <nowiki>
expand-template /etc/httpd/conf/httpd.conf
+
    expand-template /etc/httpd/conf/httpd.conf
/etc/init.d/httpd-e-smith restart
+
    /etc/init.d/httpd-e-smith restart
</nowiki>
+
    </nowiki>
    
4. Create a new MySQL database (In this example the database name is owncloud. Change '''owncloud''', '''username''' and '''password''' with your own choices as required)
 
4. Create a new MySQL database (In this example the database name is owncloud. Change '''owncloud''', '''username''' and '''password''' with your own choices as required)
Line 67: Line 66:  
Login as root and issue the following command:
 
Login as root and issue the following command:
 
  mysql
 
  mysql
  create database '''databasename''';
+
  create database '''owncloud''';
  grant all privileges on '''databasename'''.* to '''username''' identified by ''''password'''';
+
  grant all privileges on '''owncloud'''.* to '''username@localhost''' identified by '<nowiki/>'''password'''';
 
  flush privileges;
 
  flush privileges;
 
  exit
 
  exit
 +
 +
{{Note box|To be able to run OwnCloud 9.x on a stock Koozali SME Server 9.x, you must enable the InnoDB engine of MySQL _before_ you run the OwnCloud installation wizzard. To enable the InnoDB engine please [[MySQL#Enable_InnoDB_engine|THIS SECTION]]. This is due to the fact that Koozali SME Server comes with a lower version of MySQL than the recommended 5.5.x version which has the InnoDB engine enabled by default.}}
    
5. Browse to http://yourserver/owncloud and follow install script
 
5. Browse to http://yourserver/owncloud and follow install script
Line 125: Line 126:  
  The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds.
 
  The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds.
   −
A resolution for this was presented in forum thread [http://forums.contribs.org/index.php/topic,51916.0.html owncloud 8.1,1, Strict-Transport-Security and SME 9], in which mmccarn suggested a couple of minor changes that handle the task nicely.
+
HTTP Strict Transport Security can be enabled as described at [[HSTS and HPKP]].
 
  −
The first step is to verify that the Apache headers module is loaded. You can look in the file httpd.conf for "LoadModule headers_module modules/mod_headers.so". Also, Xavier.A offered the command,
  −
 
  −
apachectl -t -D DUMP_MODULES 2>&1 | grep header
  −
 
  −
as a way to check for the module. The command returns "headers_module (shared)" if the header module is loaded.
  −
 
  −
Next, create a custom template to add the header directive. The template content shown here adds the directive to all virtual hosts (aka iBays). The custom template is placed in /etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/. Name the template file "04StrictTransportSecurity". This important as the file name also dictates the order of loading. Put the following directive in the file:
  −
 
  −
### added to support ownCloud 8 ###
  −
Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
  −
 
  −
{{Note box|You may test this approach by modifying the httpd.conf file directly, and adding the directive in the ServerAlias section. However, this will be overwritten when the server is updated or reconfigured.}}
  −
 
  −
With the template in place, upgrade and reboot the system.
  −
 
  −
signal-event post-upgrade; signal-event reboot;
  −
 
  −
When the system is up and running again, check the ownCloud admin panel to verify the warning no longer appears.
  −
 
  −
=====Further Reading=====
  −
The French Wikipedia page, [https://fr.wikipedia.org/wiki/HTTP_Strict_Transport_Security HTTP Strict Transport Security] provides a good description. The English page is not as detailed, unfortunately, but there are handy page translation tools availalble on the web.
      
====Fail2Ban====
 
====Fail2Ban====
Line 164: Line 143:     
Next, create the template fragment:
 
Next, create the template fragment:
  # mkdir -p /etc/e-smith/templates/custom/etc/fail2ban/jail.conf
+
  # mkdir -p /etc/e-smith/templates-custom/etc/fail2ban/jail.conf
 
  # nano -w /etc/e-smith/templates-custom/etc/fail2ban/jail.conf/30Service55owncloud  
 
  # nano -w /etc/e-smith/templates-custom/etc/fail2ban/jail.conf/30Service55owncloud  
   Line 192: Line 171:  
* go to admin, ldap section and use below settings
 
* go to admin, ldap section and use below settings
   −
  <nowiki>Host: localhost
+
  '''Server tab:'''
Base DN: dc=[yourdomain],dc=[com] (as seen in the 'domains' section in SME server manager)
+
Host: localhost
User DN: uid=admin,ou=Users,dc=[yourdomain],dc=[com]
+
Port: 389
Password: [SME admin password]
+
Base DN: dc=[yourdomain],dc=[com] (as seen in the 'domains' section in SME server manager)
User Login Filter: uid=%uid
+
User List Filter: objectClass=person</nowiki>
+
'''Users tab:'''
 +
Select username and email address
 +
 +
Only these object classes: sambaSamAccount
 +
 
 +
'''Groups'''
 +
Only these object classes: sambaGroupMapping
 +
 
 +
'''Advanced tab:'''
 +
Special attributes -> email field: mail
    
For the variables between brackets [], use your specific settings. Test creating a specific user and use that username password opposed to using the admin's credentials.
 
For the variables between brackets [], use your specific settings. Test creating a specific user and use that username password opposed to using the admin's credentials.
For more info on using SME OpenLDAP for authentication please see: http://wiki.contribs.org/LDAP_Authentication
+
For more info on using SME OpenLDAP for authentication please see: [[LDAP_Authentication_for_applications|LDAP Authentication for applications]]
      Line 222: Line 210:  
#* Remove "/novalidate-cert" if your chosen mail server uses a signed SSL certificate):
 
#* Remove "/novalidate-cert" if your chosen mail server uses a signed SSL certificate):
 
  <nowiki>  'user_backends' =>  
 
  <nowiki>  'user_backends' =>  
  array (
+
    array (
    0 =>  
+
      0 =>  
    array (
+
      array (
      'class' => 'OC_User_IMAP',
+
        'class' => 'OC_User_IMAP',
      'arguments' =>  
+
        'arguments' =>  
      array (
+
        array (
        0 => '{[mail.yourdomain.com]:993/imap/ssl/novalidate-cert}',
+
          0 => '{[mail.yourdomain.com]:993/imap/ssl/novalidate-cert}',
      ),
+
        ),
    ),
+
      ),
  ),</nowiki>
+
    ),</nowiki>
    
When done, users will be able to login to your owncloud web interface using their mail server username and password.   
 
When done, users will be able to login to your owncloud web interface using their mail server username and password.   
Line 304: Line 292:     
===Memory Caching===
 
===Memory Caching===
For improved performance, use of a memory cache for compiled PHP code and data is recommended.  As of version 8.1, ownCloud will complain on the Admin page if you don't have this configured.  ownCloud supports a number of cache backends, but the easiest to configure is said to be APCu.  To configure this, you'll need to install the PHP extension, and activate it in your config.php file.  To install the extension, run the following command:
+
For improved performance, use of a memory cache for compiled PHP code and data is recommended.  As of version 8.1, ownCloud will complain on the Admin page if you don't have this configured.  Also, as of version 8.2, ownCloud implements transactional file locking, and it's preferred that this be managed with a memory cache as well.  The only suitable memory cache system to support file locking is [http://redis.io/ Redis].
 +
 
 +
====Redis====
 +
You'll need to install Redis, as well as its associated PHP module, configure your system to start Redis on startup, and change some configuration settings for both Redis and ownCloud.
 +
 
 +
To install Redis, you'll need to have both the [[Remi]] and [[Epel]] repositories set up on your server.  Then do
 +
# yum --enablerepo=remi,epel install redis php54-php-pecl-redis php55-php-pecl-redis php56-php-pecl-redis php71-php-pecl-redis php70-php-pecl-redis
 +
# config set redis service status enabled
 +
# cd /etc/rc7.d
 +
# ln -s /etc/rc.d/init.d/e-smith-service S80redis
 +
 
 +
You'll need to adjust two entries in the Redis configuration file:
 +
# nano -w /etc/redis.conf
 +
 
 +
Find the line that mentions "unixsocket", uncomment it and the following line, and edit them to appear as follows:
 +
unixsocket /var/run/redis/redis.sock
 +
unixsocketperm 777
 +
and to add the redis user to the www group:
 +
usermod -a -G redis www
 +
Then start the redis server:
 +
# /etc/rc.d/init.d/redis start
 +
 
 +
You'll now need to edit the ownCloud config file:
 +
# nano -w ~owncloud/../html/config/config.php
 +
 
 +
Add the following lines:
 +
'filelocking.enabled' => 'true',
 +
'memcache.locking' => '\OC\Memcache\Redis',
 +
'memcache.local' => '\OC\Memcache\Redis',
 +
'redis' => array(
 +
    'host' => '/var/run/redis/redis.sock',
 +
    'port' => 0,
 +
    'timeout' => 0.0,
 +
      ),
 +
 
 +
Save the file and exit nano.  You should now be able to log in to your ownCloud installation as the admin user, and not see a warning message about memory cache or file locking.
 +
 
 +
====APCu====
 +
If you don't want to use the memory cache for file locking, ownCloud supports a number of other cache backends, but the easiest to configure is said to be APCu.  To configure this, you'll need to install the PHP extension, and activate it in your config.php file.  To install the extension, run the following command:
 
  # yum --enablerepo=remi install php54-php-pecl-apcu php55-php-pecl-apcu php56-php-pecl-apcu
 
  # yum --enablerepo=remi install php54-php-pecl-apcu php55-php-pecl-apcu php56-php-pecl-apcu
   Line 320: Line 346:     
Further information about caching can be found in the [https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/performance_tuning.html#caching ownCloud documentation].
 
Further information about caching can be found in the [https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/performance_tuning.html#caching ownCloud documentation].
 +
 +
=== PHP opcache ===
 +
Into Nextcloud, logged as admin => Parameters => Basic parameters check that Nextcloud doesn't claim for following parameters concerning PHP opcache:<syntaxhighlight  lang="php" >
 +
opcache.enable=1
 +
opcache.enable_cli=1
 +
opcache.interned_strings_buffer=8
 +
opcache.max_accelerated_files=10000
 +
opcache.memory_consumption=128
 +
opcache.save_comments=1
 +
opcache.revalidate_freq=1
 +
</syntaxhighlight>If it is the case:
 +
 +
==== In short ====
 +
* Edit ''/etc/opt/remi/php70/php.d/10-opcache.ini'' and make sure that the above given parameters are set.
 +
* Restart php:  signal-event php-update
 +
 +
==== With explanations ====
 +
Check the parameters of php for the ibay where Nextcloud is installed into:
 +
* create into .../path/to/ibay-Nextcloud/html a file ''phptest.php'' and enter in it:
 +
<syntaxhighlight lang="php">
 +
<?php
 +
phpinfo();
 +
phpinfo(INFO_MODULES);
 +
?>
 +
</syntaxhighlight>
 +
* from the browser, go to http://server/ibay_nextcloud/phptest.php ans have a look at the parameters and paths concerning opcache
 +
* modify the proper files with the parameters that Nextcloud claims for. The use of templates-custom may be necessary, depending your configuration.
 +
* if necessary expand the templates, remove ''phptest.php''
 +
* restart php
    
===Mozilla Sync===
 
===Mozilla Sync===
Line 333: Line 388:  
Using a zipped tarball:
 
Using a zipped tarball:
 
  <nowiki>cd /home/e-smith/files/ibays/owncloud/files
 
  <nowiki>cd /home/e-smith/files/ibays/owncloud/files
wget https://github.com/owncloud/mozilla_sync/archive/master.zip -O master.zip
+
  wget https://github.com/owncloud/mozilla_sync/archive/master.zip -O master.zip
sudo -u www unzip master.zip
+
  sudo -u www unzip master.zip
mv mozilla_sync-master /home/e-smith/files/ibays/owncloud/html/apps/mozilla_sync</nowiki>
+
  mv mozilla_sync-master /home/e-smith/files/ibays/owncloud/html/apps/mozilla_sync</nowiki>
    
Using Git:
 
Using Git:
 
  <nowiki>cd /home/e-smith/files/ibays/owncloud/html/apps
 
  <nowiki>cd /home/e-smith/files/ibays/owncloud/html/apps
sudo -u www git clone https://github.com/owncloud/mozilla_sync.git
+
  sudo -u www git clone https://github.com/owncloud/mozilla_sync.git
sudo -u www git checkout master</nowiki>
+
  sudo -u www git checkout master</nowiki>
    
====Server settings to enable Mozilla Sync====
 
====Server settings to enable Mozilla Sync====
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,254

edits

Navigation menu