Line 1: |
Line 1: |
− | {{usefulnote}} | + | {{Warning box|This page relate to the installation of owncloud and nextcloud and most of its information, while still usefull are outdated. You might rather enjoy to follow the instruction on the contribution page [[Nextcloud]] where a complete install and play solution is available for your needs.}}{{usefulnote}} |
| {{Level|Medium}} | | {{Level|Medium}} |
| + | {{Note box|Please note that OwnCloud has been forked by Nextcloud. It seems that the main developers have left OwnCloud and moved over to Nextcloud as per June 2016. Please see [http://nextcloud.com their website] for more info. Specific Nextcloud instructions will be on the [[Nextcloud]] wiki page.}} |
| | | |
| ==About== | | ==About== |
Line 7: |
Line 8: |
| </span>"OwnCloud ( http://owncloud.org ) gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. Installation has minimal server requirements, doesn’t need special permissions and is quick. ownCloud is extendable via a simple but powerful API for applications and plugins." | | </span>"OwnCloud ( http://owncloud.org ) gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing right on the web. Installation has minimal server requirements, doesn’t need special permissions and is quick. ownCloud is extendable via a simple but powerful API for applications and plugins." |
| | | |
− | {{Note box|As of September, 2015, the ownCloud project release schedule is very aggressive. New releases occur frequently, sometimes as often one every 120 days. Each release resolves many issues and adds features, and often requires upgrades of underlying packages, such as PHP. | + | {{Note box|Owncloud requires a higher version of PHP than SME Server 9.x currently provides. Presently, the ownCloud maintainers recommend PHP version 5.5. Please see '''[[PHP Software Collections]]''' on how to install a supported higher version of PHP alongside the default version of PHP on SME Server 9.x}} |
− | | |
− | Owncloud version 7 requires a higher version of PHP than SME Server 9.x currently provides. Presently, the ownCloud maintainers recommend PHP version 5.5. Please see '''[[PHP Software Collections]]''' on how to install a supported higher version of PHP alongside the default version of PHP on SME Server 9.x}} | |
| | | |
| ==Forum discussion== | | ==Forum discussion== |
Line 20: |
Line 19: |
| Information bay name - owncloud, Description - owncloud site, Group - Admin, User access - Write = group, Read = everyone, | | Information bay name - owncloud, Description - owncloud site, Group - Admin, User access - Write = group, Read = everyone, |
| Public access via web - Entire Internet (no password required), Execution of dynamic content - Enabled | | Public access via web - Entire Internet (no password required), Execution of dynamic content - Enabled |
− | * Check that you have the correct PHP version running for the Owncloud version you like to install: [https://doc.owncloud.org/server/8.0/admin_manual/installation/source_installation.html Version 8 doc]. Please see '''[[PHP Software Collections]]''' on how to install a supported higher version of PHP in an Ibay on SME Server 9.x}} | + | * Check that you have the correct PHP version running for the Owncloud version you like to install: [https://doc.owncloud.org/server/8.0/admin_manual/installation/source_installation.html Version 8 doc]. Please see '''[[PHP Software Collections]]'''<nowiki> on how to install a supported higher version of PHP in an Ibay on SME Server 9.x}}</nowiki> |
| * Extract ownCloud into the html directory of the new ibay (in this example called 'owncloud' ) | | * Extract ownCloud into the html directory of the new ibay (in this example called 'owncloud' ) |
− | In the following code, change the version number of owncloud to suit the current version downloaded from the owncloud website | + | In the following code, change the version number of owncloud to suit the current version downloaded from the owncloud website. The latest version and changelog can be found [https://owncloud.org/changelog/ '''here'''] |
| cd /home/e-smith/files/ibays/owncloud/html/ | | cd /home/e-smith/files/ibays/owncloud/html/ |
− | wget http://download.owncloud.org/community/owncloud-8.X.X.tar.bz2 | + | wget http://download.owncloud.org/community/owncloud-9.X.X.tar.bz2 |
− | tar xvf owncloud-8.X.X.tar.bz2 | + | tar xvf owncloud-9.X.X.tar.bz2 |
| mv owncloud/* . | | mv owncloud/* . |
| mv owncloud/.htaccess . | | mv owncloud/.htaccess . |
Line 31: |
Line 30: |
| * Set appropriate ibay settings at the command line prompt: | | * Set appropriate ibay settings at the command line prompt: |
| <nowiki>db accounts setprop owncloud \ | | <nowiki>db accounts setprop owncloud \ |
− | AllowOverride All \ | + | AllowOverride All \ |
− | FollowSymLinks enabled \ | + | FollowSymLinks enabled \ |
− | Group www \ | + | Group www \ |
− | PHPBaseDir /home/e-smith/files/ibays/owncloud/:/tmp/ \ | + | PHPBaseDir /home/e-smith/files/ibays/owncloud/:/tmp/:/dev/urandom \ |
− | PublicAccess global \ | + | PublicAccess global \ |
− | UserAccess wr-group-rd-everyone | + | UserAccess wr-group-rd-everyone |
− | </nowiki> | + | </nowiki> |
| | | |
| * Update the ibay | | * Update the ibay |
Line 44: |
Line 43: |
| * you also need to allow the "allow_url_fopen" | | * you also need to allow the "allow_url_fopen" |
| <nowiki> | | <nowiki> |
− | mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf
| + | mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf |
− | nano -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/99allow_url_fopen
| + | nano -w /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/99allow_url_fopen |
− | </nowiki>
| + | </nowiki> |
| | | |
| * and paste the following and save this | | * and paste the following and save this |
| | | |
| <nowiki> | | <nowiki> |
− | <Directory /home/e-smith/files/ibays/owncloud/html>
| + | <Directory /home/e-smith/files/ibays/owncloud/html> |
− | php_admin_flag allow_url_fopen on
| + | php_admin_flag allow_url_fopen on |
− | </Directory>
| + | </Directory> |
− | </nowiki>
| + | </nowiki> |
| | | |
| * then at the command line prompt enter: | | * then at the command line prompt enter: |
| | | |
| <nowiki> | | <nowiki> |
− | expand-template /etc/httpd/conf/httpd.conf
| + | expand-template /etc/httpd/conf/httpd.conf |
− | /etc/init.d/httpd-e-smith restart
| + | /etc/init.d/httpd-e-smith restart |
− | </nowiki>
| + | </nowiki> |
| | | |
| 4. Create a new MySQL database (In this example the database name is owncloud. Change '''owncloud''', '''username''' and '''password''' with your own choices as required) | | 4. Create a new MySQL database (In this example the database name is owncloud. Change '''owncloud''', '''username''' and '''password''' with your own choices as required) |
Line 67: |
Line 66: |
| Login as root and issue the following command: | | Login as root and issue the following command: |
| mysql | | mysql |
− | create database '''databasename'''; | + | create database '''owncloud'''; |
− | grant all privileges on '''databasename'''.* to '''username''' identified by ''''password''''; | + | grant all privileges on '''owncloud'''.* to '''username@localhost''' identified by '<nowiki/>'''password''''; |
| flush privileges; | | flush privileges; |
| exit | | exit |
| + | |
| + | {{Note box|To be able to run OwnCloud 9.x on a stock Koozali SME Server 9.x, you must enable the InnoDB engine of MySQL _before_ you run the OwnCloud installation wizzard. To enable the InnoDB engine please [[MySQL#Enable_InnoDB_engine|THIS SECTION]]. This is due to the fact that Koozali SME Server comes with a lower version of MySQL than the recommended 5.5.x version which has the InnoDB engine enabled by default.}} |
| | | |
| 5. Browse to http://yourserver/owncloud and follow install script | | 5. Browse to http://yourserver/owncloud and follow install script |
Line 125: |
Line 126: |
| The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. | | The "Strict-Transport-Security" HTTP header is not configured to least "15768000" seconds. |
| | | |
− | A resolution for this was presented in forum thread [http://forums.contribs.org/index.php/topic,51916.0.html owncloud 8.1,1, Strict-Transport-Security and SME 9], in which mmccarn suggested a couple of minor changes that handle the task nicely.
| + | HTTP Strict Transport Security can be enabled as described at [[HSTS and HPKP]]. |
− | | |
− | The first step is to verify that the Apache headers module is loaded. You can look in the file httpd.conf for "LoadModule headers_module modules/mod_headers.so". Also, Xavier.A offered the command,
| |
− | | |
− | apachectl -t -D DUMP_MODULES 2>&1 | grep header
| |
− | | |
− | as a way to check for the module. The command returns "headers_module (shared)" if the header module is loaded. | |
− | | |
− | Next, create a custom template to add the header directive. The template content shown here adds the directive to all virtual hosts (aka iBays). The custom template is placed in /etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/. Name the template file "04StrictTransportSecurity". This important as the file name also dictates the order of loading. Put the following directive in the file:
| |
− | | |
− | ### added to support ownCloud 8 ###
| |
− | Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
| |
− | | |
− | {{Note box|You may test this approach by modifying the httpd.conf file directly, and adding the directive in the ServerAlias section. However, this will be overwritten when the server is updated or reconfigured.}}
| |
− | | |
− | With the template in place, upgrade and reboot the system.
| |
− | | |
− | signal-event post-upgrade; signal-event reboot;
| |
− | | |
− | When the system is up and running again, check the ownCloud admin panel to verify the warning no longer appears.
| |
− | | |
− | =====Further Reading=====
| |
− | The French Wikipedia page, [https://fr.wikipedia.org/wiki/HTTP_Strict_Transport_Security HTTP Strict Transport Security] provides a good description. The English page is not as detailed, unfortunately, but there are handy page translation tools availalble on the web.
| |
| | | |
| ====Fail2Ban==== | | ====Fail2Ban==== |
Line 164: |
Line 143: |
| | | |
| Next, create the template fragment: | | Next, create the template fragment: |
− | # mkdir -p /etc/e-smith/templates/custom/etc/fail2ban/jail.conf | + | # mkdir -p /etc/e-smith/templates-custom/etc/fail2ban/jail.conf |
| # nano -w /etc/e-smith/templates-custom/etc/fail2ban/jail.conf/30Service55owncloud | | # nano -w /etc/e-smith/templates-custom/etc/fail2ban/jail.conf/30Service55owncloud |
| | | |
Line 192: |
Line 171: |
| * go to admin, ldap section and use below settings | | * go to admin, ldap section and use below settings |
| | | |
− | <nowiki>Host: localhost | + | '''Server tab:''' |
− | Base DN: dc=[yourdomain],dc=[com] (as seen in the 'domains' section in SME server manager) | + | Host: localhost |
− | User DN: uid=admin,ou=Users,dc=[yourdomain],dc=[com]
| + | Port: 389 |
− | Password: [SME admin password]
| + | Base DN: dc=[yourdomain],dc=[com] (as seen in the 'domains' section in SME server manager) |
− | User Login Filter: uid=%uid
| + | |
− | User List Filter: objectClass=person</nowiki>
| + | '''Users tab:''' |
| + | Select username and email address |
| + | |
| + | Only these object classes: sambaSamAccount |
| + | |
| + | '''Groups''' |
| + | Only these object classes: sambaGroupMapping |
| + | |
| + | '''Advanced tab:''' |
| + | Special attributes -> email field: mail |
| | | |
| For the variables between brackets [], use your specific settings. Test creating a specific user and use that username password opposed to using the admin's credentials. | | For the variables between brackets [], use your specific settings. Test creating a specific user and use that username password opposed to using the admin's credentials. |
− | For more info on using SME OpenLDAP for authentication please see: http://wiki.contribs.org/LDAP_Authentication | + | For more info on using SME OpenLDAP for authentication please see: [[LDAP_Authentication_for_applications|LDAP Authentication for applications]] |
| | | |
| | | |
Line 222: |
Line 210: |
| #* Remove "/novalidate-cert" if your chosen mail server uses a signed SSL certificate): | | #* Remove "/novalidate-cert" if your chosen mail server uses a signed SSL certificate): |
| <nowiki> 'user_backends' => | | <nowiki> 'user_backends' => |
− | array (
| + | array ( |
− | 0 =>
| + | 0 => |
− | array (
| + | array ( |
− | 'class' => 'OC_User_IMAP',
| + | 'class' => 'OC_User_IMAP', |
− | 'arguments' =>
| + | 'arguments' => |
− | array (
| + | array ( |
− | 0 => '{[mail.yourdomain.com]:993/imap/ssl/novalidate-cert}',
| + | 0 => '{[mail.yourdomain.com]:993/imap/ssl/novalidate-cert}', |
− | ),
| + | ), |
− | ),
| + | ), |
− | ),</nowiki>
| + | ),</nowiki> |
| | | |
| When done, users will be able to login to your owncloud web interface using their mail server username and password. | | When done, users will be able to login to your owncloud web interface using their mail server username and password. |
Line 304: |
Line 292: |
| | | |
| ===Memory Caching=== | | ===Memory Caching=== |
− | For improved performance, use of a memory cache for compiled PHP code and data is recommended. As of version 8.1, ownCloud will complain on the Admin page if you don't have this configured. ownCloud supports a number of cache backends, but the easiest to configure is said to be APCu. To configure this, you'll need to install the PHP extension, and activate it in your config.php file. To install the extension, run the following command: | + | For improved performance, use of a memory cache for compiled PHP code and data is recommended. As of version 8.1, ownCloud will complain on the Admin page if you don't have this configured. Also, as of version 8.2, ownCloud implements transactional file locking, and it's preferred that this be managed with a memory cache as well. The only suitable memory cache system to support file locking is [http://redis.io/ Redis]. |
| + | |
| + | ====Redis==== |
| + | You'll need to install Redis, as well as its associated PHP module, configure your system to start Redis on startup, and change some configuration settings for both Redis and ownCloud. |
| + | |
| + | To install Redis, you'll need to have both the [[Remi]] and [[Epel]] repositories set up on your server. Then do |
| + | # yum --enablerepo=remi,epel install redis php54-php-pecl-redis php55-php-pecl-redis php56-php-pecl-redis php71-php-pecl-redis php70-php-pecl-redis |
| + | # config set redis service status enabled |
| + | # cd /etc/rc7.d |
| + | # ln -s /etc/rc.d/init.d/e-smith-service S80redis |
| + | |
| + | You'll need to adjust two entries in the Redis configuration file: |
| + | # nano -w /etc/redis.conf |
| + | |
| + | Find the line that mentions "unixsocket", uncomment it and the following line, and edit them to appear as follows: |
| + | unixsocket /var/run/redis/redis.sock |
| + | unixsocketperm 777 |
| + | and to add the redis user to the www group: |
| + | usermod -a -G redis www |
| + | Then start the redis server: |
| + | # /etc/rc.d/init.d/redis start |
| + | |
| + | You'll now need to edit the ownCloud config file: |
| + | # nano -w ~owncloud/../html/config/config.php |
| + | |
| + | Add the following lines: |
| + | 'filelocking.enabled' => 'true', |
| + | 'memcache.locking' => '\OC\Memcache\Redis', |
| + | 'memcache.local' => '\OC\Memcache\Redis', |
| + | 'redis' => array( |
| + | 'host' => '/var/run/redis/redis.sock', |
| + | 'port' => 0, |
| + | 'timeout' => 0.0, |
| + | ), |
| + | |
| + | Save the file and exit nano. You should now be able to log in to your ownCloud installation as the admin user, and not see a warning message about memory cache or file locking. |
| + | |
| + | ====APCu==== |
| + | If you don't want to use the memory cache for file locking, ownCloud supports a number of other cache backends, but the easiest to configure is said to be APCu. To configure this, you'll need to install the PHP extension, and activate it in your config.php file. To install the extension, run the following command: |
| # yum --enablerepo=remi install php54-php-pecl-apcu php55-php-pecl-apcu php56-php-pecl-apcu | | # yum --enablerepo=remi install php54-php-pecl-apcu php55-php-pecl-apcu php56-php-pecl-apcu |
| | | |
Line 320: |
Line 346: |
| | | |
| Further information about caching can be found in the [https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/performance_tuning.html#caching ownCloud documentation]. | | Further information about caching can be found in the [https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/performance_tuning.html#caching ownCloud documentation]. |
| + | |
| + | === PHP opcache === |
| + | Into Nextcloud, logged as admin => Parameters => Basic parameters check that Nextcloud doesn't claim for following parameters concerning PHP opcache:<syntaxhighlight lang="php" > |
| + | opcache.enable=1 |
| + | opcache.enable_cli=1 |
| + | opcache.interned_strings_buffer=8 |
| + | opcache.max_accelerated_files=10000 |
| + | opcache.memory_consumption=128 |
| + | opcache.save_comments=1 |
| + | opcache.revalidate_freq=1 |
| + | </syntaxhighlight>If it is the case: |
| + | |
| + | ==== In short ==== |
| + | * Edit ''/etc/opt/remi/php70/php.d/10-opcache.ini'' and make sure that the above given parameters are set. |
| + | * Restart php: signal-event php-update |
| + | |
| + | ==== With explanations ==== |
| + | Check the parameters of php for the ibay where Nextcloud is installed into: |
| + | * create into .../path/to/ibay-Nextcloud/html a file ''phptest.php'' and enter in it: |
| + | <syntaxhighlight lang="php"> |
| + | <?php |
| + | phpinfo(); |
| + | phpinfo(INFO_MODULES); |
| + | ?> |
| + | </syntaxhighlight> |
| + | * from the browser, go to http://server/ibay_nextcloud/phptest.php ans have a look at the parameters and paths concerning opcache |
| + | * modify the proper files with the parameters that Nextcloud claims for. The use of templates-custom may be necessary, depending your configuration. |
| + | * if necessary expand the templates, remove ''phptest.php'' |
| + | * restart php |
| | | |
| ===Mozilla Sync=== | | ===Mozilla Sync=== |
Line 333: |
Line 388: |
| Using a zipped tarball: | | Using a zipped tarball: |
| <nowiki>cd /home/e-smith/files/ibays/owncloud/files | | <nowiki>cd /home/e-smith/files/ibays/owncloud/files |
− | wget https://github.com/owncloud/mozilla_sync/archive/master.zip -O master.zip | + | wget https://github.com/owncloud/mozilla_sync/archive/master.zip -O master.zip |
− | sudo -u www unzip master.zip | + | sudo -u www unzip master.zip |
− | mv mozilla_sync-master /home/e-smith/files/ibays/owncloud/html/apps/mozilla_sync</nowiki> | + | mv mozilla_sync-master /home/e-smith/files/ibays/owncloud/html/apps/mozilla_sync</nowiki> |
| | | |
| Using Git: | | Using Git: |
| <nowiki>cd /home/e-smith/files/ibays/owncloud/html/apps | | <nowiki>cd /home/e-smith/files/ibays/owncloud/html/apps |
− | sudo -u www git clone https://github.com/owncloud/mozilla_sync.git | + | sudo -u www git clone https://github.com/owncloud/mozilla_sync.git |
− | sudo -u www git checkout master</nowiki> | + | sudo -u www git checkout master</nowiki> |
| | | |
| ====Server settings to enable Mozilla Sync==== | | ====Server settings to enable Mozilla Sync==== |