https://wiki.archlinux.org/api.php?action=feedcontributions&user=Developej&feedformat=atomArchWiki - User contributions [en]2024-03-29T07:40:22ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Beginners%27_guide&diff=337453Beginners' guide2014-09-26T13:19:07Z<p>Developej: to unmount, we use 'umount' not 'unmount'</p>
<hr />
<div>[[Category:Getting and installing Arch]]<br />
[[ar:Beginners' Guide]]<br />
[[bg:Beginners' Guide]]<br />
[[cs:Beginners' Guide]]<br />
[[da:Beginners' Guide]]<br />
[[de:Anleitung für Einsteiger]]<br />
[[el:Beginners' Guide]]<br />
[[es:Beginners' Guide]]<br />
[[fa:راهنمای تازهکارها]]<br />
[[fr:Installation]]<br />
[[he:Beginners' Guide]]<br />
[[hr:Beginners' Guide]]<br />
[[hu:Beginners' Guide]]<br />
[[id:Beginners' Guide]]<br />
[[it:Beginners' Guide]]<br />
[[ja:Beginners' Guide]]<br />
[[ko:Beginners' Guide]]<br />
[[lt:Beginners' Guide]]<br />
[[nl:Beginners' Guide]]<br />
[[pl:Beginners' Guide]]<br />
[[pt:Beginners' Guide]]<br />
[[ro:Ghidul începătorilor]]<br />
[[ru:Beginners' guide]]<br />
[[sk:Beginners' Guide]]<br />
[[sr:Beginners' Guide]]<br />
[[sv:Nybörjarguiden]]<br />
[[tr:Yeni başlayanlar rehberi]]<br />
[[uk:Beginners' Guide]]<br />
[[zh-CN:Beginners' guide]]<br />
[[zh-TW:Beginners' Guide]]<br />
{{Related articles start}}<br />
{{Related|:Category:Accessibility}}<br />
{{Related|Installation guide}}<br />
{{Related|Diskless system}}<br />
{{Related|Install from SSH}}<br />
{{Related|General recommendations}}<br />
{{Related|General troubleshooting}}<br />
{{Related articles end}}<br />
This document will guide you through the process of installing [[Arch Linux]] using the [https://projects.archlinux.org/arch-install-scripts.git/ Arch Install Scripts]. Before installing, you are advised to skim over the [[FAQ]].<br />
<br />
The community-maintained [[Main page|ArchWiki]] is the primary resource that should be consulted if issues arise. The [[IRC channel]] (irc://irc.freenode.net/#archlinux) and the [https://bbs.archlinux.org/ forums] are also excellent resources if an answer cannot be found elsewhere. In accordance with [[the Arch Way]], you are encouraged to type {{ic|man ''command''}} to read the [[man page]] of any command you are unfamiliar with.<br />
<br />
== Preparation ==<br />
<br />
{{Note|If you wish to install from an existing GNU/Linux distribution, please see [[Install from Existing Linux]]. This can be useful particularly if you plan to install Arch via [[VNC]] or [[SSH]] remotely. Users seeking to perform the Arch Linux installation remotely via an [[SSH]] connection should read [[Install from SSH]] for additional tips.}}<br />
<br />
=== System requirements ===<br />
<br />
Arch Linux should run on any [[Wikipedia:P6 (microarchitecture)|i686]] compatible machine with a minimum of 64 MB RAM. A basic installation with all packages from the {{Grp|base}} group should take less than 800 MB of disk space. If you are working with limited space, this can be trimmed down considerably, but you will have to know what you are doing.<br />
<br />
=== Prepare the latest installation medium ===<br />
<br />
The latest release of the installation media can be obtained from the [https://archlinux.org/download/ Download] page. Note that the single ISO image supports both 32 and 64-bit architectures. It is highly recommended to always use the latest ISO image.<br />
<br />
{{Tip|The [https://downloads.archlinux.de/iso/archboot/latest archboot] ISO images can take several steps explained in this guide [[Archboot#Interactive_setup_features|interactively]]. See [[Archboot]] for details.}}<br />
<br />
* Install images are signed and it is highly recommended to verify their signature before use. Dowload the ''.sig'' file from the download page (or one of the mirrors listed there) to the same directory as the ''.iso'' file. On Arch Linux, use {{ic|pacman-key -v ''iso-file''.sig}} as root; in other environments make use, still as root, of gpg2 directly with {{ic|gpg2 --verify ''iso-file''.sig}}. The file integrity checksums md5 and sha1 are also provided {{Note|The gpg2 verification will fail if you have not downloaded the public key corresponding to the RSA key ID. See http://sparewotw.wordpress.com/2012/10/31/how-to-verify-signature-using-sig-file/ for details}}<br />
* Burn the ISO image on a CD or DVD with your preferred software. On Arch, that is covered in [[Optical disc drive#Burning]] <br> {{Note|The quality of optical drives and the discs themselves varies greatly. Generally, using a slow burn speed is recommended for reliable burns. If you are experiencing unexpected behaviour from the disc, try burning at the lowest speed supported by your burner}}<br />
* Or you can write the ISO image to a USB stick. For detailed instructions, see [[USB flash installation media]]<br />
<br />
==== Installing over the network ====<br />
<br />
Instead of writing the boot media to a disc or USB stick, you may alternatively boot the ISO image over the network. This works well when you already have a server set up. Please see the [[PXE]] article for more information, and then continue to [[#Boot the installation medium]].<br />
<br />
==== Install from an existing Linux system ====<br />
<br />
Alternatively, it is possible to install from an already running Linux system. See [[Install from Existing Linux]].<br />
<br />
==== Installing on a virtual machine ====<br />
<br />
Installing on a [[Wikipedia:Virtual machine|virtual machine]] is a good way to become familiar with Arch Linux and its installation procedure without leaving your current operating system and repartitioning the storage drive. It will also let you keep this Beginners' Guide open in your browser throughout the installation. Some users may find it beneficial to have an independent Arch Linux system on a virtual drive, for testing purposes.<br />
<br />
Examples of virtualization software are [[VirtualBox]], [[VMware]], [[QEMU]], [[Xen]], [[Parallels]].<br />
<br />
The exact procedure for preparing a virtual machine depends on the software, but will generally follow these steps:<br />
<br />
# Create the virtual disk image that will host the operating system.<br />
# Properly configure the virtual machine parameters.<br />
# Boot the downloaded ISO image with a virtual CD drive.<br />
# Continue with [[#Boot the installation medium|Boot the installation medium]].<br />
<br />
The following articles may be helpful:<br />
<br />
* [[VirtualBox#Installation steps for Arch Linux guests|Arch Linux as VirtualBox guest]]<br />
* [[Installing Arch Linux from VirtualBox]]<br />
* [[VirtualBox Arch Linux Guest On Physical Drive|Arch Linux as VirtualBox guest on a physical drive]]<br />
* [[Installing Arch Linux in VMware|Arch Linux as VMware guest]]<br />
* [[Moving an existing install into (or out of) a virtual machine]]<br />
<br />
==== Boot the installation medium ====<br />
<br />
Most modern systems allow you to select the boot device during the [[Wikipedia:Power-on self test|POST]] phase, usually by pressing the {{ic|F12}} key while the BIOS splash screen is visible. Select the device which contains the Arch ISO. Alternatively, you may need to change the boot order in your computer's BIOS. <br />
<br />
To do this, press a key (usually {{ic|Delete}}, {{ic|F1}}, {{ic|F2}}, {{ic|F11}} or {{ic|F12}}) during the [[Wikipedia:Power-on self test|POST]] phase. This will take you into the BIOS settings screen where you can set the order in which the system searches for devices to boot from. Set the device which contains the Arch ISO as the first device from which boot is attempted. Select "Save & Exit" (or your BIOS's equivalent) and the computer should then complete its normal boot process.<br />
<br />
When the Arch menu appears, select "Boot Arch Linux" and press {{ic|Enter}} to enter the live environment where you will run the actual installation (if booting from a UEFI boot disk, the option may look more like "Arch Linux archiso x86_64 UEFI").<br />
<br />
===== Testing if you are booted into UEFI mode =====<br />
<br />
In case you have a [[Unified Extensible Firmware Interface|UEFI]] motherboard and UEFI Boot mode is enabled (and is preferred over BIOS/Legacy mode), the CD/USB will automatically launch Arch Linux via [[Gummiboot]] and you will get the following menu (white letters on black background), with the first item highlighted:<br />
{{bc|<br />
Arch Linux archiso x86_64 UEFI USB<br />
UEFI Shell x86_64 v1<br />
UEFI Shell x86_64 v2<br />
EFI Default Loader}}<br />
<br />
If you do not remember which menu you had at boot time, or if you want to make sure you booted into UEFI mode, run:<br />
<br />
# efivar -l<br />
<br />
If ''efivar'' lists the UEFI variables properly, then you have booted in UEFI mode. If not check whether all the requirements listed in [[Unified Extensible Firmware Interface#Requirements for UEFI Variables support to work properly|Unified Extensible Firmware Interface]] are met.<br />
<br />
==== Troubleshooting boot problems ====<br />
<br />
* If you are using an Intel video chipset and the screen goes blank during the boot process, the problem is likely an issue with [[Kernel mode setting]]. A possible workaround may be achieved by rebooting and pressing {{ic|Tab}} over the entry that you are trying to boot (i686 or x86_64). At the end of the string type {{ic|nomodeset}} and press {{ic|Enter}}. Alternatively, try {{ic|1=video=SVIDEO-1:d}} which, if it works, will not disable kernel mode setting. You can also try {{ic|1=i915.modeset=0}}. See the [[Intel]] article for more information.<br />
* If the screen does ''not'' go blank and the boot process gets stuck while trying to load the kernel, press {{ic|Tab}} while hovering over the menu entry, type {{ic|1=acpi=off}} at the end of the string and press {{ic|Enter}}.<br />
<br />
== Installation ==<br />
<br />
You are now presented with a shell prompt, automatically logged in as root. Your shell is [[Zsh]]; this will provide you advanced Tab completion, and other features as part of the [http://grml.org/zsh/ grml config].<br />
For editing text files, the console editor ''nano'' is suggested. If you are not familiar with it, see [[nano#nano usage]].<br />
If you have (or plan on having) a dual boot setup with Windows, see [[Windows and Arch Dual Boot]].<br />
<br />
=== Change the language ===<br />
<br />
{{Tip|These are optional for the majority of users. Useful only if you plan on writing in your own language in any of the configuration files, if you use diacritical marks in the Wi-Fi password, or if you would like to receive system messages (e.g. possible errors) in your own language. Changes here ''only'' affect the installation process.}}<br />
<br />
By default, the keyboard layout is set to {{ic|us}}. If you have a non-[[Wikipedia:File:KB United States-NoAltGr.svg|US]] keyboard layout, run:<br />
<br />
# loadkeys ''layout''<br />
<br />
...where ''layout'' can be {{ic|fr}}, {{ic|uk}}, {{ic|dvorak}}, {{ic|be-latin1}}, etc. See this [[Wikipedia:ISO 3166-1 alpha-2#Officially assigned code elements|wikipedia article]] for a 2-letter country code list. Use the command {{ic|localectl list-keymaps}} to list all available keymaps.<br />
<br />
If some glyphs of your language's alphabet (e.g. accented and non Latin letters) show up as white squares or as other symbols, you may want to change the console font with one from {{ic|/usr/share/kbd/consolefonts/}}. For example:<br />
<br />
# setfont lat9w-16<br />
<br />
You can run the {{ic|showconsolefont}} command to display the full contents of the loaded font. Note that the font name is case-sensitive, so type it ''exactly'' as you see it. See [[Fonts#Console fonts]] for more information.<br />
<br />
By default, the language is set to English (US). If you would like to change the language for the install process ''(German, in this example)'', remove the {{ic|#}} in front of the [[locale]] you want from {{ic|/etc/locale.gen}}, along with English (US). Please choose the {{ic|UTF-8}} entries:<br />
<br />
{{hc|# nano /etc/locale.gen|<br />
en_US.UTF-8 UTF-8<br />
de_DE.UTF-8 UTF-8<br />
}}<br />
<br />
# locale-gen<br />
# export LANG=de_DE.UTF-8<br />
<br />
=== Establish an internet connection ===<br />
<br />
{{Warning|As of [http://cgit.freedesktop.org/systemd/systemd/tree/NEWS?id&#61;dee4c244254bb49d1ffa8bd7171ae9cce596d2d0 v197], udev no longer assigns network interface names according to the ''wlanX'' and ''ethX'' naming scheme. If you are coming from a different distribution or are reinstalling Arch and not aware of the new interface naming style, please do not assume that your wireless interface is named ''wlan0'', or that your wired interface is named ''eth0''. You can use the command {{ic|ip link}} to discover the names of your interfaces.}}<br />
<br />
{{Note|Since the ISO released on 2014.04 (but maybe even on previous ones) there seems to be a problem in getting an IP address with DHCP if you are using the family of routers "FritzBox!". At this time models 7390[http://unix.stackexchange.com/questions/126526/archlinux-2014-04-64bit-and-connectivity-problem-during-instalation] and 7112[https://unix.stackexchange.com/questions/126694/enabling-wired-internet-connection-with-dhcp-during-arch-linux-installation/126709] seem to have this issue, but other models may be affected. The issue seems to be between the [[dhcpcd]] client and the FritzBox! routers and the way they assign IP addresses. The solution to the problem seems to be as follows: in your FritzBox! settings, manually delete the entry related to the IP address that identifies your machine. Also, disable the option "Assign always the same IP address to this machine". Now restart the DHCP process or simply reboot your computer and you should get an IP address as usual. If it does not work, try also to reboot your FritzBox!. Once your computer gets the IP address, you can re-enable the previously disabled option. }}<br />
<br />
The {{ic|dhcpcd}} network daemon starts automatically during boot and it will attempt to start a wired connection. Try to ping a server to see if a connection was established. For example, Google's webservers:<br />
<br />
{{hc|# ping -c 3 www.google.com|2=<br />
PING www.l.google.com (74.125.132.105) 56(84) bytes of data.<br />
64 bytes from wb-in-f105.1e100.net (74.125.132.105): icmp_req=1 ttl=50 time=17.0 ms<br />
64 bytes from wb-in-f105.1e100.net (74.125.132.105): icmp_req=2 ttl=50 time=18.2 ms<br />
64 bytes from wb-in-f105.1e100.net (74.125.132.105): icmp_req=3 ttl=50 time=16.6 ms<br />
<br />
--- www.l.google.com ping statistics ---<br />
3 packets transmitted, 3 received, 0% packet loss, time 2003ms<br />
rtt min/avg/max/mdev = 16.660/17.320/18.254/0.678 ms<br />
}}<br />
<br />
If you get a {{ic|ping: unknown host}} error, first check if there is an issue with your cable or wireless signal strength. If not, you will need to set up the network manually, as explained below. Once a connection is established move on to [[#Prepare the storage drive]].<br />
<br />
==== Wired ====<br />
<br />
Follow this procedure if you need to set up a wired connection via a static IP address.<br />
<br />
First, disable the dhcpcd service which was started automatically at boot:<br />
<br />
# systemctl stop dhcpcd.service<br />
<br />
Identify the name of your Ethernet interface.<br />
<br />
{{hc|# ip link|<br />
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT<br />
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br />
2: enp2s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT qlen 1000<br />
link/ether 00:11:25:31:69:20 brd ff:ff:ff:ff:ff:ff<br />
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT qlen 1000<br />
link/ether 01:02:03:04:05:06 brd ff:ff:ff:ff:ff:ff<br />
}}<br />
<br />
In this example, the Ethernet interface is {{ic|enp2s0f0}}. If you are unsure, your Ethernet interface is likely to start with the letter "e", and unlikely to be "lo" or start with the letter "w".<br />
<br />
You also need to know these settings:<br />
<br />
* Static IP address.<br />
* Subnet mask.<br />
* Gateway's IP address.<br />
* Name servers' (DNS) IP addresses.<br />
* Domain name (unless you are on a local LAN, in which case you can make it up).<br />
<br />
Activate the connected Ethernet interface (e.g. {{ic|enp2s0f0}}):<br />
<br />
# ip link set enp2s0f0 up<br />
<br />
Add the address:<br />
<br />
# ip addr add ''ip_address''/''mask_bits'' dev ''interface_name''<br />
<br />
For example:<br />
<br />
# ip addr add 192.168.1.2/24 dev enp2s0f0<br />
<br />
For more options, run {{ic|man ip}}.<br />
<br />
Add your gateway like this, substituting your own gateway's IP address:<br />
<br />
# ip route add default via ''ip_address''<br />
<br />
For example:<br />
<br />
# ip route add default via 192.168.1.1<br />
<br />
Edit {{ic|resolv.conf}}, substituting your name servers' IP addresses and your local domain name:<br />
<br />
{{hc|# nano /etc/resolv.conf|<br />
nameserver 61.23.173.5<br />
nameserver 61.95.849.8<br />
search example.com<br />
}}<br />
<br />
{{Note|Currently, you may include a maximum of three {{ic|nameserver}} lines. In order to overcome this limitation, you can use a locally caching nameserver like [[dnsmasq]].}}<br />
<br />
You should now have a working network connection. If you do not, check the detailed [[Network configuration]] page.<br />
<br />
==== Wireless ====<br />
<br />
Follow this procedure if you need wireless connectivity (Wi-Fi) during the installation process.<br />
<br />
First, identify the name of your wireless interface:<br />
<br />
{{hc|# iw dev|2=<br />
phy#0<br />
Interface wlp3s0<br />
ifindex 3<br />
wdev 0x1<br />
addr 00:11:22:33:44:55<br />
type managed<br />
}}<br />
<br />
In this example, {{ic|wlp3s0}} is the available wireless interface. If you are unsure, your wireless interface is likely to start with the letter "w", and unlikely to be "lo" or start with the letter "e". <br />
<br />
{{Note|If you do not see output similar to this, then your wireless driver has not been loaded. If this is the case, you must load the driver yourself. Please see [[Wireless network configuration]] for more detailed information.}}<br />
<br />
Now use [[netctl]]'s {{ic|wifi-menu}} to connect to a network:<br />
<br />
# wifi-menu wlp3s0<br />
<br />
You should now have a working network connection. If you do not, try [[#Without wifi-menu]] or check the detailed [[Wireless network configuration]] page.<br />
<br />
===== Without wifi-menu =====<br />
<br />
Bring the interface up with:<br />
<br />
# ip link set wlp3s0 up<br />
<br />
To verify that the interface is up, inspect the output of the following command:<br />
<br />
{{hc|# ip link show wlp3s0|<br />
3: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state DOWN mode DORMANT group default qlen 1000<br />
link/ether 00:11:22:33:44:55 brd ff:ff:ff:ff:ff:ff<br />
}}<br />
<br />
The {{ic|UP}} in {{ic|<BROADCAST,MULTICAST,UP,LOWER_UP>}} is what indicates the interface is up, not the later {{ic|state DOWN}}.<br />
<br />
Most wireless chipsets require firmware in addition to a corresponding driver. The kernel tries to identify and load both automatically. If you get output like {{ic|SIOCSIFFLAGS: No such file or directory}}, this means you will need to manually load the firmware. If unsure, invoke {{ic|dmesg}} to query the kernel log for a firmware request from the wireless chipset. For example, if you have an Intel chipset which requires and has requested firmware from the kernel at boot:<br />
<br />
{{hc|<nowiki># dmesg | grep firmware</nowiki>|<br />
firmware: requesting iwlwifi-5000-1.ucode<br />
}}<br />
<br />
If there is no output, it may be concluded that the system's wireless chipset does not require firmware.<br />
<br />
{{Warning|Wireless chipset firmware packages (for cards which require them) are pre-installed under {{ic|/usr/lib/firmware}} in the live environment (on CD/USB stick) '''but must be explicitly installed to your actual system to provide wireless functionality after you reboot into it!''' Package installation is covered later in this guide. Ensure installation of both your wireless module and firmware before rebooting! See [[Wireless network configuration]] if you are unsure about the requirement of corresponding firmware installation for your particular chipset.}}<br />
<br />
Next, scan for available networks using {{ic|iw dev wlp3s0 scan <nowiki>|</nowiki> grep SSID}}, then connect to a network with:<br />
<br />
# wpa_supplicant -B -i wlp3s0 -c <(wpa_passphrase "''ssid''" "''psk''")<br />
<br />
You need to replace ''ssid'' with the name of your network (e.g. "Linksys etc...") and ''psk'' with your wireless password, '''leaving the quotes around the network name and password'''.<br />
<br />
Finally, you have to give your interface an IP address. This can be set manually or using dhcp:<br />
<br />
# dhcpcd wlp3s0<br />
<br />
If that does not work, issue the following commands:<br />
<br />
# echo 'ctrl_interface=DIR=/run/wpa_supplicant' > /etc/wpa_supplicant.conf<br />
# wpa_passphrase ''ssid'' ''passphrase'' >> /etc/wpa_supplicant.conf<br />
# ip link set ''interface'' up<br />
# wpa_supplicant -B -D nl80211 -c /etc/wpa_supplicant.conf -i ''interface''<br />
# dhcpcd -A ''interface''<br />
<br />
Setting the interface up at step 3 may not be needed, but does no harm in any case.<br />
<br />
If ''wpa_supplicant'' complains about an unsupported driver at step 4, just leave out the {{ic|-D nl80211}} parameter:<br />
<br />
# wpa_supplicant -B -c /etc/wpa_supplicant.conf -i ''interface''<br />
<br />
==== Analog modem, ISDN, or PPPoE DSL ====<br />
<br />
For xDSL, dial-up, and ISDN connections, see [[Direct Modem Connection]].<br />
<br />
==== Behind a proxy server ====<br />
<br />
If you are behind a proxy server, you will need to export the {{ic|http_proxy}} and {{ic|ftp_proxy}} environment variables. See [[Proxy settings]] for more information.<br />
<br />
=== Prepare the storage drive ===<br />
<br />
{{Warning|Partitioning can destroy data. You are '''strongly''' cautioned and advised to backup any critical data before proceeding.}}<br />
{{Note|If you are installing to a USB flash key, see [[Installing Arch Linux on a USB key]].}}<br />
{{Tip|If you want to create any stacked block devices for [[LVM]], [[disk encryption]] or [[RAID]], do it now.}}<br />
<br />
==== Choose a partition table type ====<br />
<br />
{{Note|If Arch and Windows are dual-booting from same disk, then Arch '''should''' follow the same firmware boot mode and partitioning combination used by the installed Windows in the disk. Otherwise Windows will fail to boot. See [[Windows and Arch Dual Boot#Important information]] for details.}}<br />
<br />
You have to choose between [[GUID Partition Table]] (GPT) and [[Master Boot Record]] (MBR), see also [[Partitioning#Choosing between GPT and MBR]].<br />
<br />
* It is recommended to always use GPT for UEFI boot, as some UEFI firmwares do not allow UEFI-MBR boot.<br />
* Some BIOS systems may have issues with GPT. See http://mjg59.dreamwidth.org/8035.html and http://rodsbooks.com/gdisk/bios.html for more info and possible workarounds.<br />
<br />
==== Partitioning tool ====<br />
<br />
Absolute beginners are encouraged to use a graphical partitioning tool. [[GParted]] is a good example, and is [http://gparted.sourceforge.net/livecd.php provided as a live CD]. A drive should first be [[partitioning|partitioned]] and afterwards the partitions should be formatted with a [[File systems|file system]].<br />
<br />
While ''gparted'' may be easier to use, if you just want to create a few partitions on a new disk you can get the job done quickly by just using one of the [[Partitioning#Partitioning tools|fdisk variants]] which are included on the install medium. In the next section short usage instructions for both [[Partitioning#Gdisk usage summary|gdisk]] and [[Partitioning#Fdisk usage summary|fdisk]] follow.<br />
<br />
==== Erase partition table ====<br />
<br />
If you want to start from scratch, and do not intend to keep existing partitions, erase the partition table with the following command. This simplifies creating new partitions and avoids problems with converting disks from MBR to GPT and vice versa.<br />
<br />
# sgdisk --zap-all /dev/sda<br />
<br />
==== Partition scheme ====<br />
<br />
You can decide into how many partitions the disk should be split, and for which directory each partition should be used in the system. The mapping from partitions to directories (frequently called 'mount points') is the [[Partitioning#Partition scheme|Partition scheme]]. The simplest, and not a bad choice, is to make just one huge {{ic|/}} partition. Another popular choice is to have a {{ic|/}} and a {{ic|/home}} partition.<br />
<br />
'''Additional required partitions:'''<br />
* If you have a [[Unified Extensible Firmware Interface|UEFI]] motherboard, you will need to create an extra [[Unified Extensible Firmware Interface#EFI System Partition|EFI System Partition]].<br />
* If you have a BIOS motherboard (or plan on booting in BIOS compatibility mode) and you want to setup GRUB on a GPT-partitioned drive, you will need to create an extra [[GRUB#GUID Partition Table (GPT) specific instructions|BIOS Boot Partition]] of size 1 or 2 MiB and {{ic|EF02}} type code. Syslinux does not need one.<br />
* If you have a requirement for a [[Disk encryption]] of the system itself, this must be reflected in your partition scheme. It is unproblematic to add encrypted folders, containers or home directories after the system is installed.<br />
<br />
See [[Swap]] for details if you wish to set up a swap partition or swap file. A swap file is easier to resize than a partition and can be created at any point after installation, but cannot be used with a Btrfs filesystem.<br />
<br />
If you have already created your partitions, proceed to [[#Create filesystems]]. Otherwise, see the following example.<br />
<br />
==== Example ====<br />
<br />
The Arch Linux install media includes the following partitioning tools: {{ic|fdisk}}, {{ic|gdisk}}, {{ic|cfdisk}}, {{ic|cgdisk}} and {{ic|parted}}.<br />
<br />
{{Tip|Use the {{ic|lsblk}} command to list the hard disks attached to your system, along with the sizes of their existing partitions. This will help you to be confident you are partitioning the right disk. {{ic|lsblk -f}} will show additional information about Labels, UUIDs and filesystem types.}}<br />
<br />
The example system will contain a 15 GB root partition, and a [[Partitioning#/home|home]] partition for the remaining space. Choose either MBR or GPT, as described above. Do not choose both!<br />
<br />
It should be emphasized that partitioning is a personal choice and that this example is only for illustrative purposes. See [[Partitioning]].<br />
<br />
===== Using cgdisk to create GPT partitions =====<br />
<br />
Launch ''cgdisk'' with:<br />
<br />
# cgdisk /dev/sda<br />
<br />
{{Tip|If cgdisk cannot change your disk to GPT, {{pkg|parted}} can.}}<br />
<br />
'''Root:'''<br />
* Choose ''New'' (or press {{ic|N}}) – {{ic|Enter}} for the first sector (2048) – type in {{ic|15G}} – {{ic|Enter}} for the default hex code (8300) – {{ic|Enter}} for a blank partition name.<br />
<br />
'''Home:'''<br />
* Press the down arrow a couple of times to move to the larger free space area.<br />
* Choose ''New'' (or press {{ic|N}}) – {{ic|Enter}} for the first sector – {{ic|Enter}} to use the rest of the drive (or you could type in the desired size; for example {{ic|30G}}) – {{ic|Enter}} for the default hex code (8300) – {{ic|Enter}} for a blank partition name.<br />
<br />
Here is what it should look like:<br />
<br />
Part. # Size Partition Type Partition Name<br />
----------------------------------------------------------------<br />
1007.0 KiB free space<br />
1 15.0 GiB Linux filesystem<br />
2 123.45 GiB Linux filesystem<br />
<br />
Double check and make sure that you are happy with the partition sizes as well as the partition table layout before continuing.<br />
<br />
If you would like to start over, you can simply select ''Quit'' (or press {{ic|Q}}) to exit without saving changes and then restart ''cgdisk''.<br />
<br />
If you are satisfied, choose ''Write'' (or press {{ic|Shift+W}}) to finalize and to write the partition table to the drive. Type {{ic|yes}} and choose ''Quit'' (or press {{ic|Q}}) to exit without making any more changes.<br />
<br />
===== Using fdisk to create MBR partitions =====<br />
<br />
{{Note|There is also ''cfdisk'', which is similar in UI to ''cgdisk'', but it currently does not automatically align the first partition properly. That is why the classic ''fdisk'' tool is used here.}}<br />
<br />
Launch ''fdisk'' with:<br />
<br />
# fdisk /dev/sda<br />
<br />
Create the partition table:<br />
<br />
* {{ic|Command (m for help):}} type {{ic|o}} and press {{ic|Enter}}<br />
<br />
Then create the first partition:<br />
<br />
# {{ic|Command (m for help):}} type {{ic|n}} and press {{ic|Enter}}<br />
# Partition type: {{ic|Select (default p):}} press {{ic|Enter}}<br />
# {{ic|Partition number (1-4, default 1):}} press {{ic|Enter}}<br />
# {{ic|First sector (2048-209715199, default 2048):}} press {{ic|Enter}}<br />
# {{ic|Last sector, +sectors or +size{K,M,G,T,P} (2048-209715199....., default 209715199):}} type {{ic|+15G}} and press {{ic|Enter}}<br />
<br />
Then create a second partition:<br />
<br />
# {{ic|Command (m for help):}} type {{ic|n}} and press {{ic|Enter}}<br />
# Partition type: {{ic|Select (default p):}} press {{ic|Enter}}<br />
# {{ic|Partition number (1-4, default 2):}} press {{ic|Enter}}<br />
# {{ic|First sector (31459328-209715199, default 31459328):}} press {{ic|Enter}}<br />
# {{ic|Last sector, +sectors or +size{K,M,G,T,P} (31459328-209715199....., default 209715199):}} press {{ic|Enter}}<br />
<br />
Now preview the new partition table:<br />
<br />
* {{ic|Command (m for help):}} type {{ic|p}} and press {{ic|Enter}}<br />
<br />
{{bc|<br />
Disk /dev/sda: 107.4 GB, 107374182400 bytes, 209715200 sectors<br />
Units &#61; sectors of 1 * 512 &#61; 512 bytes<br />
Sector size (logical/physical): 512 bytes / 512 bytes<br />
I/O size (minimum/optimal): 512 bytes / 512 bytes<br />
Disk identifier: 0x5698d902<br />
<br />
Device Boot Start End Blocks Id System<br />
/dev/sda1 2048 31459327 15728640 83 Linux<br />
/dev/sda2 31459328 209715199 89127936 83 Linux<br />
}}<br />
<br />
Then write the changes to disk:<br />
<br />
* {{ic|Command (m for help):}} type {{ic|w}} and press {{ic|Enter}}<br />
<br />
If everything went well fdisk will now quit with the following message:<br />
<br />
{{bc|<br />
The partition table has been altered!<br />
<br />
Calling ioctl() to re-read partition table.<br />
Syncing disks. <br />
}}<br />
<br />
In case this does not work because ''fdisk'' encountered an error, you can use the {{ic|q}} command to exit.<br />
<br />
==== Create filesystems ====<br />
<br />
Simply partitioning is not enough; the partitions also need a [[File systems|filesystem]]. To format the partitions with an ext4 filesystem:<br />
<br />
{{Warning|Double check and triple check that it is actually {{ic|/dev/sda1}} and {{ic|/dev/sda2}} that you want to format. You can use {{ic|lsblk}} to help with this.}}<br />
<br />
# mkfs.ext4 /dev/sda1<br />
# mkfs.ext4 /dev/sda2<br />
<br />
If you have made a partition dedicated to swap (code 82), do not forget to format and activate it with:<br />
<br />
# mkswap /dev/sda''X''<br />
# swapon /dev/sda''X''<br />
<br />
For UEFI, you should format the EFI System Partition (for example /dev/sd''XY'') with:<br />
<br />
# mkfs.fat -F32 /dev/sd''XY''<br />
<br />
{{Note|If you plan to use [[GRUB]] on a BIOS system using a [[GUID Partition Table]], please note that the [[GRUB#GUID Partition Table (GPT) specific instructions|BIOS Boot Partition]] has nothing to do with the {{ic|/boot}} mountpoint. It will be used by GRUB directly. Do not create a filesystem on it, and do not mount it anywhere in the next step.}}<br />
<br />
=== Mount the partitions ===<br />
<br />
Each partition is identified with a number suffix. For example, {{ic|sda1}} specifies the first partition of the first drive, while {{ic|sda}} designates the entire drive.<br />
<br />
To display the current partition layout:<br />
<br />
# lsblk -f<br />
<br />
{{Note|Do not mount more than one partition to the same directory. And pay attention, because the mounting order is important.}}<br />
<br />
First, mount the root partition on {{ic|/mnt}}. Following the example above (yours may be different), it would be:<br />
<br />
# mount /dev/sda1 /mnt<br />
<br />
Then mount the home partition and any other separate partition ({{ic|/boot}}, {{ic|/var}}, etc), if you have any:<br />
<br />
# mkdir /mnt/home<br />
# mount /dev/sda2 /mnt/home<br />
<br />
In case you have a UEFI motherboard, mount the EFI System Partition to {{ic|/boot}}. Whilst other mountpoints are viable, using {{ic|/boot}} is recommended as explained in the [[EFISTUB]] article.<br />
<br />
# mkdir /mnt/boot<br />
# mount /dev/sd''XY'' /mnt/boot<br />
<br />
=== Select a mirror ===<br />
<br />
You may want to edit the {{ic|mirrorlist}} file and place your preferred mirror first. A copy of this file will be installed on your new system by {{ic|pacstrap}} as well, so it is worth getting it right.<br />
<br />
{{hc|# nano /etc/pacman.d/mirrorlist|<br />
##<br />
## Arch Linux repository mirrorlist<br />
## Sorted by mirror score from mirror status page<br />
## Generated on 2012-MM-DD<br />
##<br />
<br />
<nowiki>Server = http://mirror.example.xyz/archlinux/$repo/os/$arch</nowiki><br />
...}}<br />
<br />
If you want, you can make it the ''only'' mirror available by deleting all other lines, but it is usually a good idea to have a few more, in case the first one goes offline.<br />
<br />
{{Tip|<br />
* Use the [https://www.archlinux.org/mirrorlist/ Mirrorlist Generator] to get an updated list for your country. HTTP mirrors are faster than FTP, because of something called [[Wikipedia:Keepalive|keepalive]]. With FTP, ''pacman'' has to send out a signal each time it downloads a package, resulting in a brief pause. For other ways to generate a mirror list, see [[Mirrors#Sorting mirrors|Sorting mirrors]] and [[Reflector]].<br />
* [https://archlinux.org/mirrors/status/ Arch Linux MirrorStatus] reports various aspects about the mirrors such as network problems with mirrors, data collection problems, the last time mirrors have been synced, etc.<br />
}}<br />
<br />
{{Note|<br />
* Whenever in the future you change your mirrorlist, refresh all package lists with {{ic|pacman -Syy}}, to ensure that the package lists are updated consistently. See [[Mirrors]] for more information.<br />
* If you are using an older installation medium, your mirrorlist might be outdated, which might lead to problems when updating Arch Linux (see {{Bug|22510}}). Therefore it is advised to obtain the latest mirror information as described above.<br />
* Some issues have been reported in the [https://bbs.archlinux.org/ Arch Linux forums] regarding network problems that prevent ''pacman'' from updating/synchronizing repositories (see [https://bbs.archlinux.org/viewtopic.php?id&#61;68944] and [https://bbs.archlinux.org/viewtopic.php?id&#61;65728]). When installing Arch Linux natively, these issues have been resolved by replacing the default ''pacman'' file downloader with an alternative (see [[Improve pacman performance]] for more details). When installing Arch Linux as a guest OS in [[VirtualBox]], this issue has also been addressed by using "Host interface" instead of "NAT" in the machine properties.<br />
}}<br />
<br />
=== Install the base system ===<br />
<br />
The base system is installed using the ''pacstrap'' script. The {{ic|-i}} switch can be omitted if you wish to install every package from the {{Grp|base}} group without prompting. You may also want to include {{Grp|base-devel}}, as you will need these packages should you want to build packages from the [[AUR]] or using the [[ABS]]:<br />
<br />
# pacstrap -i /mnt base base-devel<br />
<br />
{{Note|<br />
* If ''pacstrap'' hangs with {{ic|error: failed retrieving file 'core.db' from mirror... : Connection time-out}}, yet your mirrors are configured correctly, try setting a different [[Resolv.conf|name server]].<br />
* If in the middle of the installation of base packages you get a request to import a PGP key, agree to download the key to proceed. This is likely to happen if the Arch ISO you are using is out of date.<br />
* If ''pacman'' fails to verify your packages, stop the process with {{ic|Ctrl+C}} and check the system time with {{ic|cal}}. If the system date is invalid (e.g. it shows the year 2010), signing keys will be considered expired (or invalid), signature checks on packages will fail and installation will be interrupted. Make sure to correct the system time, using the command {{ic|ntpd -qg}}, and retry running the ''pacstrap'' command. Refer to [[Time]] page for more information on correcting system time.<br />
* If ''pacman'' complains that {{ic|error: failed to commit transaction (invalid or corrupted package)}}, run the following command:<br />
# pacman-key --init && pacman-key --populate archlinux<br />
}}<br />
<br />
This will give you a basic Arch system. Other packages can be installed later using [[pacman]].<br />
<br />
=== Generate an fstab ===<br />
<br />
Generate an [[fstab]] file with the following command. UUIDs will be used because they have certain advantages (see [[fstab#Identifying filesystems]]). If you would prefer to use labels instead, replace the {{ic|-U}} option with {{ic|-L}}:<br />
<br />
# genfstab -U -p /mnt >> /mnt/etc/fstab<br />
# nano /mnt/etc/fstab<br />
<br />
{{Warning|The {{ic|fstab}} file should always be checked after generating it. If you encounter errors running ''genfstab'' or later in the install process, do '''not''' run ''genfstab'' again; just edit the {{ic|fstab}} file.}}<br />
<br />
A few considerations:<br />
<br />
* The last field determines the order in which partitions are checked at start up: use {{ic|1}} for the (non-Btrfs) root partition, which should be checked first; {{ic|2}} for all other partitions you want checked at start up; and {{ic|0}} means 'do not check' (see [[fstab#Field definitions]]).<br />
* All [[Btrfs]] partitions should have {{ic|0}} for this field. Normally, you will also want your ''swap'' partition to have {{ic|0}}.<br />
<br />
=== Chroot and configure the base system ===<br />
<br />
Next, [[Change Root|chroot]] into your newly installed system:<br />
<br />
# arch-chroot /mnt /bin/bash<br />
<br />
{{Note|Leave out {{ic|/bin/bash}} to chroot into the sh shell.}}<br />
<br />
At this stage of the installation, you will configure the primary configuration files of your Arch Linux base system. These can either be created if they do not exist, or edited if you wish to change the defaults.<br />
<br />
Closely following and understanding these steps is of key importance to ensure a properly configured system.<br />
<br />
==== Locale ====<br />
<br />
Locales are used by {{Pkg|glibc}} and other locale-aware programs or libraries for rendering text, correctly displaying regional monetary values, time and date formats, alphabetic idiosyncrasies, and other locale-specific standards. These values are defined in {{ic|locale.gen}} and {{ic|locale.conf}}.<br />
<br />
The {{ic|locale.gen}} file has everything commented out by default. To uncomment a line remove the {{ic|#}} in front. {{ic|UTF-8}} is highly recommended over {{ic|ISO-8859}}. <br />
<br />
Uncomment {{ic|en_US.UTF-8 UTF-8}} as well as other localisations users might need:<br />
<br />
{{hc|# nano /etc/locale.gen|<br />
...<br />
#en_SG ISO-8859-1<br />
en_US.UTF-8 UTF-8<br />
#en_US ISO-8859-1<br />
...<br />
}}<br />
<br />
Generate the locale(s) specified in {{ic|/etc/locale.gen}}:<br />
<br />
# locale-gen<br />
<br />
{{Note|This command also runs with every update of {{Pkg|glibc}}.}}<br />
<br />
Create the {{ic|/etc/locale.conf}} file substituting your chosen locale:<br />
<br />
{{Tip|Setting {{ic|en_US.UTF-8}} as the system-wide locale allows to keep system logs in English for easier troubleshooting. Users can override this setting for their environment as required; see [[Locale#Per user]] for details.}}<br />
<br />
# echo LANG=en_US.UTF-8 > /etc/locale.conf<br />
<br />
{{Note|<br />
* The locale specified in the {{ic|LANG}} variable must be uncommented in {{ic|/etc/locale.gen}}.<br />
* The {{ic|locale.conf}} file does not exist by default. Setting only {{ic|LANG}} should be enough as it will act as the default value for all other variables.<br />
}}<br />
<br />
Export substituting your chosen locale:<br />
<br />
# export LANG=en_US.UTF-8<br />
<br />
{{Tip|To use other locales for other {{ic|LC_*}} variables, run {{ic|locale}} to see the available options and add them to {{ic|locale.conf}}. It is not recommended to set the {{ic|LC_ALL}} variable. See [[Locale]] for details.}}<br />
<br />
==== Console font and keymap ====<br />
<br />
If you changed the default console keymap and font in [[#Change the language]], you will have to edit {{ic|/etc/vconsole.conf}} ''accordingly'' (create it if it does not exist) to make those changes persist in the installed system, for example:<br />
<br />
{{hc|# nano /etc/vconsole.conf|2=<br />
KEYMAP=de-latin1<br />
FONT=lat9w-16<br />
}}<br />
<br />
{{Warning|If you set {{ic|KEYMAP}} to a different value than the one you initially set with ''loadkeys'', and then you [[#Set the root password]], you may have problems logging into the new system after rebooting, because some keys may be mapped differently between the two layouts.}}<br />
<br />
Note that these settings are only valid for your virtual consoles, not in [[Xorg]]. See [[Fonts#Console fonts]] for more information.<br />
<br />
==== Time zone ====<br />
<br />
Available time zones and subzones can be found in the {{ic|/usr/share/zoneinfo/''Zone''/''SubZone''}} directories.<br />
<br />
To view the available zones, check the directory {{ic|/usr/share/zoneinfo/}}:<br />
<br />
# ls /usr/share/zoneinfo/<br />
<br />
Similarly, you can check the contents of directories belonging to a subzone:<br />
<br />
# ls /usr/share/zoneinfo/Europe<br />
<br />
Create a symbolic link {{ic|/etc/localtime}} to your subzone file {{ic|/usr/share/zoneinfo/''Zone''/''SubZone''}} using this command:<br />
<br />
# ln -s /usr/share/zoneinfo/''Zone''/''SubZone'' /etc/localtime<br />
<br />
'''Example:'''<br />
<br />
# ln -s /usr/share/zoneinfo/Europe/Minsk /etc/localtime<br />
<br />
{{Note|If you get {{ic|ln: failed to create symbolic link '/etc/localtime': File exists}}, check the existing file with {{ic|ls -l /etc/localtime}} and add the {{ic|-f}} option to the ''ln'' command to overwrite it.}}<br />
<br />
==== Hardware clock ====<br />
<br />
Set the hardware clock mode uniformly between your operating systems. Otherwise, they may overwrite the hardware clock and cause time shifts.<br />
<br />
You can generate {{ic|/etc/adjtime}} automatically by using one of the following commands:<br />
<br />
* '''UTC''' (recommended): {{Note|Using [[Wikipedia:Coordinated Universal Time|UTC]] for the hardware clock does not mean that software will display time in UTC.}} {{bc|# hwclock --systohc --utc}}<br />
* '''localtime''' (discouraged; used by default in Windows): {{Warning|Using ''localtime'' may lead to several known and unfixable bugs. However, there are no plans to drop support for ''localtime''.}} {{bc|# hwclock --systohc --localtime}}<br />
<br />
==== Kernel modules ====<br />
<br />
{{Tip|This is just an example, you do not need to set it. All needed modules are automatically loaded by udev, so you will rarely need to add something here. Only add modules that you know are missing.}}<br />
<br />
For kernel modules to load during boot, place a {{ic|*.conf}} file in {{ic|/etc/modules-load.d/}}, with a name based on the program that uses them:<br />
<br />
{{hc|# nano /etc/modules-load.d/virtio-net.conf|<br />
# Load 'virtio-net.ko' at boot.<br />
<br />
virtio-net<br />
}}<br />
<br />
If there are more modules to load per {{ic|*.conf}}, the module names can be separated by newlines. A good example are the [[VirtualBox#Installation steps for Arch Linux guests|VirtualBox Guest Additions]].<br />
<br />
Empty lines and lines starting with {{ic|#}} or {{ic|;}} are ignored.<br />
<br />
==== Hostname ====<br />
<br />
Set the [[Wikipedia:Hostname|hostname]] to your liking (e.g. ''arch''):<br />
<br />
# echo ''myhostname'' > /etc/hostname<br />
<br />
Add the same hostname to {{ic|/etc/hosts}}:<br />
<br />
{{hc|# nano /etc/hosts|<br />
#<br />
# /etc/hosts: static lookup table for host names<br />
#<br />
<br />
#<ip-address> <hostname.domain.org> <hostname><br />
127.0.0.1 localhost.localdomain localhost ''myhostname''<br />
::1 localhost.localdomain localhost<br />
<br />
# End of file<br />
}}<br />
<br />
=== Configure the network ===<br />
<br />
You need to configure the network again, but this time for your newly installed environment. The procedure and prerequisites are very similar to the one described [[#Establish an internet connection|above]], except we are going to make it persistent and automatically run at boot.<br />
<br />
As a first step, identify the network interface name you want to configure the connection for with {{ic|ip link}}. <br />
<br />
{{Note|<br />
* For more in-depth information on network configration, visit [[Network configuration]] and [[Wireless network configuration]].<br />
* If you would like to use the old interface naming scheme (ie. eth* and wlan*) you can accomplish this by creating an empty file at {{ic|/etc/udev/rules.d/80-net-setup-link.rules}} which will mask the file of the same name located under {{ic|/usr/lib/udev/rules.d}}.<br />
}}<br />
<br />
==== Wired ====<br />
<br />
===== Dynamic IP =====<br />
<br />
; Using dhcpcd<br />
<br />
If you only use a single fixed wired network connection, you do not need a network management service and can simply enable the {{ic|dhcpcd}} service for the interface:<br />
<br />
# systemctl enable dhcpcd@''interface_name''.service<br />
<br />
; Using netctl<br />
<br />
Copy a sample profile from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}}:<br />
<br />
# cd /etc/netctl<br />
# cp examples/ethernet-dhcp my_network<br />
<br />
Edit the profile as needed (update {{ic|Interface}} from {{ic|eth0}} to the interface name of the system. <br />
# nano my_network<br />
<br />
Enable the {{ic|my_network}} profile:<br />
<br />
# netctl enable my_network<br />
<br />
{{Note|You will get the message "Running in chroot, ignoring request.". This can be ignored for now.}}<br />
<br />
; Using netctl-ifplugd<br />
<br />
{{Warning|You cannot use this method in conjunction with explicitly enabling profiles, such as {{ic|netctl enable ''profile''}}.}}<br />
<br />
Alternatively, you can use {{ic|netctl-ifplugd}}, which gracefully handles dynamic connections to new networks.<br />
<br />
Install {{Pkg|ifplugd}}, which is required for {{ic|netctl-ifplugd}}:<br />
<br />
# pacman -S ifplugd<br />
<br />
Then enable for interface that you want:<br />
<br />
# systemctl enable netctl-ifplugd@''interface''.service<br />
<br />
{{Tip|[[netctl]] also provides {{ic|netctl-auto}}, which can be used to handle wired profiles in conjunction with {{ic|netctl-ifplugd}}.}}<br />
<br />
===== Static IP =====<br />
<br />
; Using netctl<br />
<br />
Copy a sample profile from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}}:<br />
<br />
# cd /etc/netctl<br />
# cp examples/ethernet-static my_network<br />
<br />
Edit the profile as needed (modify {{ic|Interface}}, {{ic|Address}}, {{ic|Gateway}} and {{ic|DNS}}):<br />
<br />
# nano my_network<br />
<br />
Notice the {{ic|/24}} in {{ic|Address}} which is the [[wikipedia:Classless Inter-Domain Routing#CIDR notation|CIDR notation]] of a {{ic|255.255.255.0}} netmask.<br />
<br />
Enable above created profile to start it at every boot:<br />
<br />
# netctl enable my_network<br />
<br />
; Using systemd-networkd<br />
<br />
See [[systemd-networkd]].<br />
<br />
==== Wireless ====<br />
<br />
{{Note|If your wireless adapter requires a firmware (as described in the above [[#Wireless|Establish an internet connection]] section and also in the article [[Wireless network configuration#Device driver]]), install the package containing your firmware. Most of the time, the {{Pkg|linux-firmware}} package will contain the needed firmware. Though for some devices, the required firmware might be in its own package. For example:<br />
{{bc|# pacman -S zd1211-firmware}}<br />
See [[Wireless network configuration#Installing driver/firmware]] for more info.}}<br />
<br />
Install {{Pkg|iw}} and {{Pkg|wpa_supplicant}} which you will need to connect to a network:<br />
<br />
# pacman -S iw wpa_supplicant<br />
<br />
===== Adding wireless networks =====<br />
<br />
; Using wifi-menu<br />
<br />
Install {{Pkg|dialog}}, which is required for {{ic|wifi-menu}}:<br />
<br />
# pacman -S dialog<br />
<br />
After finishing the rest of this installation and rebooting, you can connect to the network with {{ic|wifi-menu ''interface_name''}} (where {{ic|''interface_name''}} is the interface of your wireless chipset).<br />
<br />
# wifi-menu ''interface_name''<br />
<br />
{{Warning|This must be done '''after''' your reboot when you are no longer chrooted. The process spawned by this command will conflict with the one you have running outside of the chroot. Alternatively, you could just configure a network profile manually using the following templates so that you do not have to worry about using {{ic|wifi-menu}} at all.}}<br />
<br />
; Using manual netctl profiles<br />
<br />
Copy a network profile from {{ic|/etc/netctl/examples}} to {{ic|/etc/netctl}}:<br />
<br />
# cd /etc/netctl<br />
# cp examples/wireless-wpa my-network<br />
<br />
Edit the profile as needed (modify {{ic|Interface}}, {{ic|ESSID}} and {{ic|Key}}):<br />
<br />
# nano my-network<br />
<br />
Enable above created profile to start it at every boot:<br />
<br />
# netctl enable my-network<br />
<br />
===== Connect automatically to known networks =====<br />
<br />
{{Warning|You cannot use this method in conjunction with explicitly enabling profiles, such as {{ic|netctl enable ''profile''}}.}}<br />
<br />
Install {{Pkg|wpa_actiond}}, which is required for {{ic|netctl-auto}}:<br />
<br />
# pacman -S wpa_actiond<br />
<br />
Enable the {{ic|netctl-auto}} service, which will connect to known networks and gracefully handle roaming and disconnects:<br />
<br />
# systemctl enable netctl-auto@''interface_name''.service<br />
<br />
{{Tip|[[netctl]] also provides {{ic|netctl-ifplugd}}, which can be used to handle wired profiles in conjunction with {{ic|netctl-auto}}.}}<br />
<br />
==== Analog modem, ISDN or PPPoE DSL ====<br />
<br />
For xDSL, dial-up and ISDN connections, see [[Direct Modem Connection]].<br />
<br />
=== Create an initial ramdisk environment ===<br />
<br />
{{Tip|Most users can skip this step and use the defaults provided in {{ic|mkinitcpio.conf}}. The initramfs image (from the {{ic|/boot}} folder) has already been generated based on this file when the {{Pkg|linux}} package (the Linux kernel) was installed earlier with ''pacstrap''.}}<br />
<br />
Here you need to set the right [[Mkinitcpio#HOOKS|hooks]] if the root is on a USB drive, if you use RAID, LVM, if using a multi-device Btrfs volumes as root, or if {{ic|/usr}} is on a separate partition.<br />
<br />
Edit {{ic|/etc/mkinitcpio.conf}} as needed and re-generate the initramfs image with:<br />
<br />
# mkinitcpio -p linux<br />
<br />
{{Note|Arch VPS installations on QEMU (e.g. when using {{ic|virt-manager}}) may need {{ic|virtio}} modules in {{ic|mkinitcpio.conf}} to be able to boot.<br />
{{hc|# nano /etc/mkinitcpio.conf|2=<br />
MODULES="virtio virtio_blk virtio_pci virtio_net"<br />
}}<br />
}}<br />
<br />
=== Set the root password ===<br />
<br />
Set the root password with:<br />
<br />
# passwd<br />
<br />
=== Install and configure a bootloader ===<br />
<br />
==== For BIOS motherboards ====<br />
<br />
For BIOS systems, several boot loaders are available, see [[Boot loaders]] for a complete list. Choose one as per your convenience. Here, two of the possibilities are given as examples:<br />
<br />
* [[Syslinux]] is (currently) limited to loading only files from the partition where it was installed. Its configuration file is considered to be easier to understand. An example configuration can be found in the [[Syslinux#Examples|syslinux]] article.<br />
* [[GRUB]] is more feature-rich and supports more complex scenarios. Its configuration file(s) is more similar to 'sh' scripting language, which may be difficult for beginners to manually write. It is recommended that they automatically generate one.<br />
<br />
===== Syslinux =====<br />
<br />
If you opted for a GUID partition table (GPT) for your hard drive earlier, you need to install the {{Pkg|gptfdisk}} package now for the installation of ''syslinux'' to work:<br />
<br />
# pacman -S gptfdisk<br />
<br />
Install the {{Pkg|syslinux}} package and then use the {{ic|syslinux-install_update}} script to automatically ''install'' the bootloader ({{ic|-i}}), mark the partition ''active'' by setting the boot flag ({{ic|-a}}), and install the ''MBR'' boot code ({{ic|-m}}):<br />
<br />
# pacman -S syslinux<br />
# syslinux-install_update -iam<br />
<br />
After installing Syslinux, configure {{ic|syslinux.cfg}} to point to the right root partition. This step is vital. If it points to the wrong partition, Arch Linux will not boot. Change {{ic|/dev/sda3}} to reflect your root partition (if you partitioned your drive as in [[#Prepare the storage drive|the example]], your root partition is {{ic|/dev/sda1}}).<br />
<br />
{{hc|# nano /boot/syslinux/syslinux.cfg|2=<br />
...<br />
LABEL arch<br />
...<br />
APPEND root='''/dev/sda3''' rw<br />
...<br />
LABEL archfallback<br />
...<br />
APPEND root='''/dev/sda3''' rw<br />
...<br />
}}<br />
<br />
If adding [[UUID]] rather than partition number the syntax is {{ic|1=APPEND root=UUID=''partition_uuid'' rw}}.<br />
<br />
For more information on configuring and using Syslinux, see [[Syslinux]].<br />
<br />
===== GRUB =====<br />
<br />
Install the {{Pkg|grub}} package and then run {{ic|grub-install}} to install the bootloader:<br />
<br />
# pacman -S grub<br />
# grub-install --target=i386-pc --recheck '''/dev/sda'''<br />
<br />
{{Note|<br />
* Change {{ic|/dev/sda}} to reflect the drive you installed Arch on. Do not append a partition number (do not use {{ic|sda''X''}}).<br />
* For GPT-partitioned drives on BIOS motherboards, you also need a "BIOS Boot Partition". See [[GRUB#GUID Partition Table (GPT) specific instructions|GPT-specific instructions]] in the GRUB page.<br />
* A sample {{ic|/boot/grub/grub.cfg}} gets installed as part of the {{Pkg|grub}} package, and subsequent {{ic|grub-*}} commands may not over-write it. Ensure that your intended changes are in {{ic|grub.cfg}}, rather than in {{ic|grub.cfg.new}} or some such file.<br />
}}<br />
<br />
While using a manually created {{ic|grub.cfg}} is absolutely fine, it is recommended that beginners automatically generate one:<br />
<br />
{{Tip|To automatically search for other operating systems on your computer, install {{Pkg|os-prober}} ({{ic|pacman -S os-prober}}) before running the next command.}}<br />
<br />
# grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
{{Note|It is possible that multiple redundant menu entries will be generated. See [[GRUB#Redundant_menu_entries]].}}<br />
<br />
For more information on configuring and using GRUB, see [[GRUB]].<br />
<br />
==== For UEFI motherboards ====<br />
<br />
For UEFI systems, several boot loaders are available, see [[Boot loaders]] for a complete list. Choose one as per your convenience. Here, two of the possibilities are given as examples:<br />
<br />
* [[gummiboot]] is a minimal UEFI Boot Manager which provides a menu for [[EFISTUB]] kernels and other UEFI applications.<br />
* [[GRUB]] is a more complete bootloader, useful if you run into problems with Gummiboot.<br />
<br />
No matter which one you choose, first install the {{Pkg|dosfstools}} package, so you can manipulate your EFI System Partition after installation:<br />
<br />
# pacman -S dosfstools<br />
<br />
{{Note|For UEFI boot, the drive needs to be GPT-partitioned and an [[Unified Extensible Firmware Interface#EFI System Partition|EFI System Partition]] (512 MiB or larger, gdisk type {{ic|EF00}}, formatted with FAT32) must be present. In the following examples, this partition is assumed to be mounted at {{ic|/boot}}. If you have followed this guide from the beginning, you have already done all of these.}}<br />
<br />
===== Gummiboot =====<br />
<br />
Install the {{Pkg|gummiboot}} package and run {{ic|gummiboot install}} to install the bootloader to the EFI System Partition:<br />
<br />
# pacman -S gummiboot<br />
# gummiboot install<br />
<br />
{{Warning|Gummiboot and the Linux Kernel will not automatically update if your EFI System Partition is not mounted at {{ic|/boot}}.}}<br />
<br />
You will need to manually create a configuration file to add an entry for Arch Linux to the gummiboot manager. Create {{ic|/boot/loader/entries/arch.conf}} and add the following contents, replacing {{ic|/dev/sdaX}} with your '''root''' partition, usually {{ic|/dev/sda2}}:<br />
<br />
{{hc|# nano /boot/loader/entries/arch.conf|2=<br />
title Arch Linux<br />
linux /vmlinuz-linux<br />
initrd /initramfs-linux.img<br />
options root='''/dev/sdaX''' rw<br />
}}<br />
<br />
For more information on configuring and using gummiboot, see [[gummiboot]].<br />
<br />
===== GRUB =====<br />
{{warning| Some UEFI firmware requires that the Grub .efi stub be copied from its default location into a new {{ic|boot}} directory after installing and automatically configuring Grub. In such cases, not copying the stub will result in an unbootable installation, with the following error message displayed: "Reboot and Select proper Boot device or Insert Boot Media in selected Boot device and press a key". Review [[Grub#EFI path]] for more information.}}<br />
<br />
Install the {{Pkg|grub}} and {{Pkg|efibootmgr}} packages and run {{ic|grub-install}} to install the bootloader:<br />
<br />
# pacman -S grub efibootmgr<br />
# grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=arch_grub --recheck<br />
<br />
Next, while using a manually created {{ic|grub.cfg}} is absolutely fine, it is recommended that beginners automatically generate one:<br />
<br />
{{Tip|To automatically search for other operating systems on your computer, install {{Pkg|os-prober}} before running the next command. However ''os-prober'' is not known to properly detect UEFI OSes.}}<br />
<br />
# grub-mkconfig -o /boot/grub/grub.cfg<br />
<br />
For more information on configuring and using GRUB in general, see [[GRUB]].<br />
<br />
=== Unmount the partitions and reboot ===<br />
<br />
Exit from the chroot environment:<br />
<br />
# exit<br />
<br />
{{Note|While partitions are unmounted automatically by ''systemd'' on shutdown, you may do so manually with {{ic|umount -R /mnt}} as a safety measure. If the partition is "busy", you can find the cause with [[Wikipedia:fuser_(Unix)|fuser]].}}<br />
<br />
Reboot the computer:<br />
<br />
# reboot<br />
<br />
{{Tip|Be sure to remove the installation media, otherwise you will boot back into it.}}<br />
<br />
== Post-installation ==<br />
<br />
Your new Arch Linux base system is now a functional GNU/Linux environment ready to be built into whatever you wish or require for your purposes. You are now ''strongly'' advised to read [[General recommendations#System administration]] and [[General recommendations#Package management]].<br />
<br />
See the rest of the [[General recommendations]] article for post-installation tutorials like setting up a graphical user interface, sound or a touchpad.<br />
<br />
For a list of applications that may be of interest, see [[List of applications]].</div>Developejhttps://wiki.archlinux.org/index.php?title=Nextcloud&diff=315334Nextcloud2014-05-16T14:03:50Z<p>Developej: Changed command prefixes from $ to #. Doing it with $ gives permission denied.</p>
<hr />
<div>[[Category:Web Server]]<br />
[[fr:Owncloud]]<br />
[[ja:Owncloud]]<br />
{{Related articles start}}<br />
{{Related|LAMP}}<br />
{{Related|Nginx}}<br />
{{Related|OpenSSL}}<br />
{{Related articles end}}<br />
From [[Wikipedia:ownCloud|Wikipedia]]:<br />
: ''ownCloud is a software suite that provides a location-independent storage area for data (cloud storage).''<br />
The ownCloud installation and configuration mainly depends on what web server and database you decide to run. Currently the wiki discusses the [[Owncloud#Apache_configuration|Apache]] and [[Owncloud#Nginx_.2B_uwsgi_php_configuration|Nginx]] configurations.<br />
== First steps ==<br />
<br />
[[pacman|Install]] {{Pkg|owncloud}} from the [[official repositories]]. Alternatively see the packages available in the [[Arch User Repository]]: [https://aur.archlinux.org/packages.php?K=owncloud&O=0].<br />
Uncomment extensions in {{ic|/etc/php/php.ini}}:<br />
gd.so<br />
intl.so<br />
openssl.so<br />
xmlrpc.so<br />
zip.so<br />
iconv.so<br />
<br />
==== Database support ====<br />
Depending on which database backend you are going to use uncomment either one of the following extensions in {{ic|/etc/php/php.ini}}:<br />
{| class="wikitable"<br />
!SQLite!!MySQL!!PostgreSQL<br />
|-<br />
|<br />
sqlite.so<br />
sqlite3.so<br />
pdo_sqlite.so<br />
|<br />
mysql.so<br />
mysqli.so<br />
pdo_mysql.so<br />
|<br />
pgsql.so<br />
pdo_pgsql.so<br />
|-<br />
|}<br />
Don't forget to install the appropriate php-module for the database. In the PostgreSQL case thats {{Pkg|php-pgsql}} or for SQLite {{Pkg|php-sqlite}}.<br />
<br />
==== Exif support ====<br />
Additionally install exif support with<br />
# pacman -S exiv2<br />
and uncomment the exif.so extension in php.ini<br />
<br />
== Docker ==<br />
<br />
A quick and safe alternative to installing and configuring ownCloud on your own is to use a [[Docker]] linux container. You can find several images of fully working LAMP stack with pre-installed ownCloud in the [https://index.docker.io/search?q=ownCloud Docker repositories]. Docker containers are generally safer then a chroot environment and the overhead is very low, ownCloud in docker works smoothly even on quite old machines. The whole setup including installing Docker and ownCloud image is considerably easier and quicker than a native installation.<br />
<br />
== Apache configuration ==<br />
<br />
=== Installation ===<br />
<br />
Set up the [[LAMP]] stack. <br />
<br />
You will probably need to install the MDB2 pear package as well. Install {{pkg|php-pear}}, then:<br />
# pear install MDB2<br />
<br />
# Copy {{ic|/etc/webapps/owncloud/apache.example.conf}} to {{ic|/etc/httpd/conf/extra/owncloud.conf}} (version 6+)<br />
# Add the following lines into {{ic|/etc/httpd/conf/httpd.conf}} (the php5 line should have already been added during the LAMP stack setup):<br />
Include /etc/httpd/conf/extra/owncloud.conf<br />
LoadModule php5_module modules/libphp5.so<br />
Include conf/extra/php5_module.conf<br />
<br />
Since apache 2.4 you might need to adjust owncloud.conf and replace<br />
Order allow,deny<br />
Allow from all<br />
with <br />
Require all granted<br />
<br />
==== Disable Webdav ====<br />
Owncloud comes with its own Webdav enabled which conflict. Owncloud [http://forum.owncloud.org/viewtopic.php?f=17&t=7240 recommends] to disable mod_dav and mod_dav_fs. This should be done in {{ic|/etc/httpd/conf/httpd.conf}}<br />
<br />
Now [[Daemons#Restarting|restart]] httpd (Apache)<br />
# systemctl restart httpd<br />
Open [http://localhost http://localhost] in your browser. You should now be able to create a user account and follow the installation wizard.<br />
<br />
=== Custom configurations ===<br />
<br />
==== Filesize limitations ====<br />
<br />
With the default configuration ownCloud only allows the upload of filesizes less than 2MB.<br />
This can be changed by changing the following line in {{ic|/etc/php/php.ini}} to your liking.<br />
<br />
{{Warning|As of version 4.0 this is no longer necessary! The maximum upload size is now set via the ownCloud gui}}<br />
upload_max_filesize = 2M<br />
<br />
As of version 4.5, upload limits are set in {{ic|/usr/share/webapps/owncloud/.htaccess}}. This won't work if [[LAMP#Using_php5_with_apache2-mpm-worker_and_mod_fcgid|PHP is set up to run as CGI]], so you need to change the limits in {{ic|/etc/php/php.ini}}. You also need to change open_basedir.<br />
{{bc|<nowiki><br />
upload_max_filesize = 512M<br />
post_max_size = 512M<br />
memory_limit = 512M<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/<br />
</nowiki>}}<br />
<br />
==== Running ownCloud in a subdirectory ====<br />
<br />
By including the default '''owncloud.conf''' in '''httpd.conf''', owncloud will take control of port 80 and your localhost domain. If you would like to have owncloud run in a subdirectory, then skip the 'Include /etc/httpd/conf/extra/owncloud.conf' line altogether and just use a symbolic link like so: <br />
# ln -s /usr/share/webapps/owncloud/ /srv/http/<br />
<br />
In that case, you'll also have to ensure /usr/share/webapps is in the open_basedir line of php.ini, and that per-directory .htaccess files are read by apache. <br />
<br />
Alternatively, you could follow the standard procedure, but comment out the VirtualHost part of the include file, and skip the symlink/basedir/htaccess part.<br />
<br />
=== Filling ownCloud with data ===<br />
<br />
==== Small files ====<br />
<br />
===== WebDav =====<br />
<br />
Always use [[WebDAV]] or the web interface to add new files to your ownCloud. Otherwise they will not show up correctly, as they do not get indexed right.<br />
No further configuration is necessary to enable [[WebDAV]] uploads in ownCloud. <br />
<br />
Consider installing and enabling [[php-apc]] to speed up WebDAV.<br />
<br />
===== SABnzbd =====<br />
<br />
When using [[SABnzbd]], you might want to set<br />
folder_rename 0<br />
in your sabnzbd.ini file, because ownCloud will scan the files as soon as they get uploaded, preventing SABnzbd from removing UNPACKING prefixes etc.<br />
<br />
==== Big files ====<br />
<br />
WebDAV isn't suitable for big files, because it fills up all the RAM and CPU.<br />
<br />
With the current version, it looks like, there is no good way of copying huge amounts of data to your ownCloud.<br />
<br />
Here's a Workaround:<br />
<br />
Copy the files directly to your ownCloud and do a full re-scan of your database (you could use the [http://apps.owncloud.com/content/show.php?content=151948&forumpage=0&PHPSESSID=37b915160effcc0f37cc761ad2ab88be Re-scan filesystem] add-on for example).<br />
<br />
But beware that this will not work as easily in the future, when end-to-end encryption gets added to ownCloud (this is a planned feature).<br />
<br />
=== Important notes ===<br />
<br />
* When using a subdomain (like cloud.example.net), make sure it is covered by your certificate. Otherwise, connection via the owncloud client or webdav might fail.<br />
<br />
* If you are planning on using OwnCloud's [http://owncloud.org/sync-clients/ sync-clients], make sure to have [[NTP]] installed and running on your OwnCloud server, otherwise the sync-clients will fail.<br />
<br />
* Add some [[LAMP#SSL|SSL encryption]] to your connection!<br />
(If adding SSL encryption as above, be sure to edit /etc/httpd/conf/extra/httpd-ssl.conf and change DocumentRoot "/srv/http" to DocumentRoot "/usr/share/webapps/owncloud" )<br />
<br />
* More Apps for ownCloud can be found [http://apps.owncloud.com/ here]<br />
<br />
* To install an new application, download the zip from the apps store, extract it into /srv/http/owncloud/apps/.<br />
Afterwards restart httpd:<br />
<br />
systemctl restart httpd<br />
<br />
log into your server go to the app sections you should see the new apps in there,<br />
<br />
* If you are protecting access to your owncloud location with HTTP basic auth, the file "status.php" must be excluded from auth and be publicly accessible. [https://github.com/owncloud/mirall/issues/734]<br />
<br />
== Nginx + uwsgi_php configuration ==<br />
<br />
You can avoid the use of Apache, and run owncloud in it's own process by using the {{pkg|uwsgi-plugin-php}} application server. uWSGI itself has a wealth of features to limit the resource use, and to harden the security of the application, and by being a separate process it can run under its own user.<br />
*First of all you should set up your Nginx server. See the [[Nginx]] page for further information.<br />
*Set a server with the following lines in the http section of your {{ic|/etc/nginx/nginx.conf}} file:<br />
{{bc|<nowiki><br />
#this is to avoid Request Entity Too Large error<br />
client_max_body_size 1000M;<br />
# deny access to some special files<br />
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {<br />
deny all;<br />
}<br />
# pass all .php or .php/path urls to uWSGI<br />
location ~ ^(.+\.php)(.*)$ {<br />
include uwsgi_params;<br />
uwsgi_modifier1 14;<br />
uwsgi_pass 127.0.0.1:3001;<br />
}<br />
# everything else goes to the filesystem,<br />
# but / will be mapped to index.php and run through uwsgi<br />
location / {<br />
root /usr/share/webapps/owncloud;<br />
index index.php;<br />
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;<br />
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;<br />
}<br />
</nowiki>}}<br />
*Then create a [[Uwsgi|uWSGI]] config file. {{ic|/etc/uwsgi/owncloud.ini}} could be a good choice:<br />
{{bc|<nowiki><br />
[uwsgi]<br />
master = true<br />
socket = 127.0.0.1:3001<br />
<br />
# Change this to where you want ownlcoud data to be stored (maybe /home/owncloud)<br />
owncloud_data_dir = /srv/http/owncloud <br />
chdir = %(owncloud_data_dir)<br />
<br />
plugins = php<br />
php-docroot = /usr/share/webapps/owncloud<br />
php-index = index.php<br />
<br />
# only allow these php files, I don't want to inadvertently run something else<br />
php-allowed-ext = /index.php<br />
php-allowed-ext = /public.php<br />
php-allowed-ext = /remote.php<br />
php-allowed-ext = /cron.php<br />
php-allowed-ext = /status.php<br />
php-allowed-ext = /settings/apps.php<br />
php-allowed-ext = /core/ajax/update.php<br />
php-allowed-ext = /core/ajax/share.php<br />
php-allowed-ext = /core/ajax/requesttoken.php<br />
php-allowed-ext = /core/ajax/translations.php<br />
php-allowed-ext = /search/ajax/search.php<br />
php-allowed-ext = /search/templates/part.results.php<br />
php-allowed-ext = /settings/admin.php<br />
php-allowed-ext = /settings/users.php<br />
php-allowed-ext = /settings/personal.php<br />
php-allowed-ext = /settings/help.php<br />
php-allowed-ext = /settings/ajax/getlog.php<br />
php-allowed-ext = /settings/ajax/setlanguage.php<br />
php-allowed-ext = /settings/ajax/setquota.php<br />
php-allowed-ext = /settings/ajax/userlist.php<br />
php-allowed-ext = /settings/ajax/createuser.php<br />
php-allowed-ext = /settings/ajax/removeuser.php<br />
php-allowed-ext = /settings/ajax/enableapp.php<br />
php-allowed-ext = /core/ajax/appconfig.php<br />
php-allowed-ext = /settings/ajax/setloglevel.php<br />
<br />
# set php configuration for this instance of php, no need to edit global php.ini<br />
php-set = date.timezone=Etc/UTC<br />
php-set = open_basedir=%(owncloud_data_dir):/tmp/:/usr/share/pear/:/usr/share/webapps/owncloud:/etc/webapps/owncloud<br />
php-set = session.save_path=/tmp/php_sess<br />
php-set = post_max_size=1000M<br />
php-set = upload_max_filesize=1000M<br />
<br />
# load all extensions only in this instance of php, no need to edit global php.ini<br />
php-set = extension=pdo_sqlite.so<br />
php-set = extension=exif.so<br />
php-set = extension=gd.so<br />
php-set = extension=imagick.so<br />
php-set = extension=gmp.so<br />
php-set = extension=iconv.so<br />
php-set = extension=mcrypt.so<br />
php-set = extension=sockets.so<br />
php-set = extension=sqlite3.so<br />
php-set = extension=xmlrpc.so<br />
php-set = extension=xsl.so<br />
php-set = extension=zip.so<br />
<br />
processes = 10<br />
cheaper = 2<br />
cron = -3 -1 -1 -1 -1 /usr/bin/php -f /usr/share/webapps/owncloud/cron.php 1>/dev/null<br />
<br />
</nowiki>}}<br />
*You can run it with:<br />
# uwsgi_php --ini /etc/uwsgi/owncloud.ini<br />
*Otherwise, a simple systemd unit file to start the uwsgi instance can be (this is without using the emperor):<br />
{{bc|<nowiki><br />
[Unit]<br />
Description=OwnCloud service via uWSGI-PHP<br />
<br />
[Service]<br />
User=http<br />
ExecStart=/usr/bin/uwsgi_php --ini /etc/uwsgi/owncloud.ini<br />
ExecReload=/bin/kill -HUP $MAINPID<br />
KillSignal=SIGQUIT<br />
Restart=always<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== Sync Clients ==<br />
<br />
The official clients can be found in this page : [http://owncloud.org/install/ Sync Clients]<br />
Also take notice that while the official ownCloud android app is a paid app on the play store, it is not a paid app on [https://f-droid.org/ F-Droid].<br />
<br />
== Troubleshooting ==<br />
<br />
=== Self-signed certificate not accepted ===<br />
<br />
OwnCloud uses [[Wikipedia:cURL]] and [[Wikipedia:SabreDAV]] to check if [[WebDAV]] is enabled. If you use a SSL/TLS with a self-signed certificate, e.g. as shown in [[LAMP]] and access ownClouds admin panel, you will see the following error message:<br />
<br />
Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.<br />
<br />
Assuming that you followed the [[LAMP]]-tutorial, execute the following steps:<br />
<br />
Create local directory for non-distribution certificates and copy [[LAMP]]s certificate there. This will prevent {{Ic|ca-certificates}}-updates to overwrite it.<br />
<br />
# cp /etc/httpd/conf/server.crt /usr/share/ca-certificates/''WWW.EXAMPLE.COM.crt''<br />
<br />
Add ''WWW.EXAMPLE.COM.crt'' to {{ic|/etc/ca-certificates.conf}}:<br />
<br />
''WWW.EXAMPLE.COM.crt''<br />
<br />
Now, regenerate your certificate store:<br />
<br />
# update-ca-certificates<br />
<br />
Restart the httpd service to activate your certificate.<br />
<br />
<br />
Should this not work consider disabling mod_curl in /etc/php/php.ini.<br />
<br />
=== Can't create data directory (/path/to/dir) ===<br />
<br />
Check your httpd conf file (like owncloud.conf). Add your data dir to <br />
php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/path/to/dir/"<br />
<br />
You should also modify php.ini in the same way. Restart the httpd service to activate the change.<br />
<br />
=== CSync failed to find a specific file. ===<br />
<br />
Most probably a certificate issue, recreate it, and don't leave the common name empty or you will see the error again.<br />
<br />
openssl genrsa -out server.key 2048<br />
openssl req -new -key server.key -x509 -days 365 -out server.crt<br />
<br />
=== Seeing white page after login ===<br />
<br />
The cause is probably a new app that you installed, to fix that you can either use phpMyAdmin by editing the oc_appconfig table(in the case you got lucky and the table has edit option) or do it by hand with mysql:<br />
<br />
mysql -u root -p owncloud<br />
MariaDB [owncloud]> '''delete from''' oc_appconfig '''where''' appid='<nameOfExtension>' '''and''' configkey='enabled' '''and''' configvalue='yes'<br />
MariaDB [owncloud]> '''insert into''' oc_appconfig (appid,configkey,configvalue) '''values''' ('<nameOfExtension>','enabled','no');<br />
<br />
This should delete the relevant configuration from the table and add it again.<br />
<br />
=== GUI sync client fails to connect ===<br />
<br />
If using HTTP basic auth, make sure to exclude "status.php", which must be publicly accessible [https://github.com/owncloud/mirall/issues/734]<br />
<br />
=== "Can't write into apps directory" ===<br />
As mentioned in the [http://doc.owncloud.org/server/6.0/admin_manual/configuration/configuration_apps.html official admin manual] either you need an apps directory that is writable by the http user, or you need to set "appstoreenabled" to false. <br />
<br />
''Also'', not mentioned there, the directory needs to be in the open_basedir line in {{ic|/etc/php/php.ini}}<br />
<br />
One clean method is to have the package-installed directory at {{ic|/usr/share/webapps/owncloud/apps}} stay owned by root, and have the user-installed apps go into e.g. {{ic|/var/www/owncloud/apps}} which is owned by http. Then you can set "appstoreenabled" to true and package upgrades of apps should work fine as well. Relevant lines from {{ic|/etc/webapps/owncloud/config/config.php}}:<br />
<pre><br />
'apps_paths' => <br />
array (<br />
0 => <br />
array (<br />
'path' => '/usr/share/webapps/owncloud/apps',<br />
'url' => '/apps',<br />
'writable' => false,<br />
),<br />
1 => <br />
array (<br />
'path' => '/var/www/owncloud/apps',<br />
'url' => '/wapps',<br />
'writable' => true,<br />
),<br />
),<br />
</pre><br />
Example open_basedir line from {{ic|/etc/php/php.ini}} (you might have other dirs in there as well):<br />
<pre><br />
open_basedir = /srv/http/:/usr/share/webapps/:/var/www/owncloud/apps/<br />
</pre><br />
<br />
Directory permissions:<br />
<pre><br />
$ ls -ld /usr/share/webapps/owncloud/apps /var/www/owncloud/apps/<br />
drwxr-xr-x 26 root root 4096 des. 14 20:48 /usr/share/webapps/owncloud/apps<br />
drwxr-xr-x 2 http http 48 jan. 20 20:01 /var/www/owncloud/apps/<br />
</pre><br />
<br />
== See also ==<br />
* [http://owncloud.org/ ownCloud official website]<br />
* [http://doc.owncloud.org/server/6.0/admin_manual/ ownCloud 6.0 Admin Documentation]</div>Developejhttps://wiki.archlinux.org/index.php?title=Nextcloud&diff=314895Nextcloud2014-05-12T21:16:23Z<p>Developej: /* CSync faild to find a specific file. */</p>
<hr />
<div>[[Category:Web Server]]<br />
[[fr:Owncloud]]<br />
[[ja:Owncloud]]<br />
{{Related articles start}}<br />
{{Related|LAMP}}<br />
{{Related|Nginx}}<br />
{{Related|OpenSSL}}<br />
{{Related articles end}}<br />
From [[Wikipedia:ownCloud|Wikipedia]]:<br />
: ''ownCloud is a software suite that provides a location-independent storage area for data (cloud storage).''<br />
The ownCloud installation and configuration mainly depends on what web server and database you decide to run. Currently the wiki discusses the [[Owncloud#Apache_configuration|Apache]] and [[Owncloud#Nginx_.2B_uwsgi_php_configuration|Nginx]] configurations.<br />
== First steps ==<br />
<br />
[[pacman|Install]] {{Pkg|owncloud}} from the [[official repositories]]. Alternatively see the packages available in the [[Arch User Repository]]: [https://aur.archlinux.org/packages.php?K=owncloud&O=0].<br />
Uncomment extensions in {{ic|/etc/php/php.ini}}:<br />
gd.so<br />
intl.so<br />
openssl.so<br />
xmlrpc.so<br />
zip.so<br />
iconv.so<br />
<br />
==== Database support ====<br />
Depending on which database backend you are going to use uncomment either one of the following extensions in {{ic|/etc/php/php.ini}}:<br />
{| class="wikitable"<br />
!SQLite!!MySQL!!PostgreSQL<br />
|-<br />
|<br />
sqlite.so<br />
sqlite3.so<br />
pdo_sqlite.so<br />
|<br />
mysql.so<br />
mysqli.so<br />
pdo_mysql.so<br />
|<br />
pgsql.so<br />
pdo_pgsql.so<br />
|-<br />
|}<br />
Don't forget to install the appropriate php-module for the database. In the PostgreSQL case thats {{Pkg|php-pgsql}} or for SQLite {{Pkg|php-sqlite}}.<br />
<br />
==== Exif support ====<br />
Additionally install exif support with<br />
# pacman -S exiv2<br />
and uncomment the exif.so extension in php.ini<br />
<br />
== Docker ==<br />
<br />
A quick and safe alternative to installing and configuring ownCloud on your own is to use a [[Docker]] linux container. You can find several images of fully working LAMP stack with pre-installed ownCloud in the [https://index.docker.io/search?q=ownCloud Docker repositories]. Docker containers are generally safer then a chroot environment and the overhead is very low, ownCloud in docker works smoothly even on quite old machines. The whole setup including installing Docker and ownCloud image is considerably easier and quicker than a native installation.<br />
<br />
== Apache configuration ==<br />
<br />
=== Installation ===<br />
<br />
Set up the [[LAMP]] stack. <br />
<br />
You will probably need to install the MDB2 pear package as well. Install {{pkg|php-pear}}, then:<br />
# pear install MDB2<br />
<br />
# Copy {{ic|/etc/webapps/owncloud/apache.example.conf}} to {{ic|/etc/httpd/conf/extra/owncloud.conf}} (version 6+)<br />
# Add the following lines into {{ic|/etc/httpd/conf/httpd.conf}} (the php5 line should have already been added during the LAMP stack setup):<br />
Include /etc/httpd/conf/extra/owncloud.conf<br />
LoadModule php5_module modules/libphp5.so<br />
Include conf/extra/php5_module.conf<br />
<br />
Since apache 2.4 you might need to adjust owncloud.conf and replace<br />
Order allow,deny<br />
Allow from all<br />
with <br />
Require all granted<br />
<br />
==== Disable Webdav ====<br />
Owncloud comes with its own Webdav enabled which conflict. Owncloud [http://forum.owncloud.org/viewtopic.php?f=17&t=7240 recommends] to disable mod_dav and mod_dav_fs. This should be done in {{ic|/etc/httpd/conf/httpd.conf}}<br />
<br />
Now [[Daemons#Restarting|restart]] httpd (Apache)<br />
# systemctl restart httpd<br />
Open [http://localhost http://localhost] in your browser. You should now be able to create a user account and follow the installation wizard.<br />
<br />
=== Custom configurations ===<br />
<br />
==== Filesize limitations ====<br />
<br />
With the default configuration ownCloud only allows the upload of filesizes less than 2MB.<br />
This can be changed by changing the following line in {{ic|/etc/php/php.ini}} to your liking.<br />
<br />
{{Warning|As of version 4.0 this is no longer necessary! The maximum upload size is now set via the ownCloud gui}}<br />
upload_max_filesize = 2M<br />
<br />
As of version 4.5, upload limits are set in {{ic|/usr/share/webapps/owncloud/.htaccess}}. This won't work if [[LAMP#Using_php5_with_apache2-mpm-worker_and_mod_fcgid|PHP is set up to run as CGI]], so you need to change the limits in {{ic|/etc/php/php.ini}}. You also need to change open_basedir.<br />
{{bc|<nowiki><br />
upload_max_filesize = 512M<br />
post_max_size = 512M<br />
memory_limit = 512M<br />
open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/<br />
</nowiki>}}<br />
<br />
==== Running ownCloud in a subdirectory ====<br />
<br />
By including the default '''owncloud.conf''' in '''httpd.conf''', owncloud will take control of port 80 and your localhost domain. If you would like to have owncloud run in a subdirectory, then skip the 'Include /etc/httpd/conf/extra/owncloud.conf' line altogether and just use a symbolic link like so: <br />
# ln -s /usr/share/webapps/owncloud/ /srv/http/<br />
<br />
In that case, you'll also have to ensure /usr/share/webapps is in the open_basedir line of php.ini, and that per-directory .htaccess files are read by apache. <br />
<br />
Alternatively, you could follow the standard procedure, but comment out the VirtualHost part of the include file, and skip the symlink/basedir/htaccess part.<br />
<br />
=== Filling ownCloud with data ===<br />
<br />
==== Small files ====<br />
<br />
===== WebDav =====<br />
<br />
Always use [[WebDAV]] or the web interface to add new files to your ownCloud. Otherwise they will not show up correctly, as they do not get indexed right.<br />
No further configuration is necessary to enable [[WebDAV]] uploads in ownCloud. <br />
<br />
Consider installing and enabling [[php-apc]] to speed up WebDAV.<br />
<br />
===== SABnzbd =====<br />
<br />
When using [[SABnzbd]], you might want to set<br />
folder_rename 0<br />
in your sabnzbd.ini file, because ownCloud will scan the files as soon as they get uploaded, preventing SABnzbd from removing UNPACKING prefixes etc.<br />
<br />
==== Big files ====<br />
<br />
WebDAV isn't suitable for big files, because it fills up all the RAM and CPU.<br />
<br />
With the current version, it looks like, there is no good way of copying huge amounts of data to your ownCloud.<br />
<br />
Here's a Workaround:<br />
<br />
Copy the files directly to your ownCloud and do a full re-scan of your database (you could use the [http://apps.owncloud.com/content/show.php?content=151948&forumpage=0&PHPSESSID=37b915160effcc0f37cc761ad2ab88be Re-scan filesystem] add-on for example).<br />
<br />
But beware that this will not work as easily in the future, when end-to-end encryption gets added to ownCloud (this is a planned feature).<br />
<br />
=== Important notes ===<br />
<br />
* When using a subdomain (like cloud.example.net), make sure it is covered by your certificate. Otherwise, connection via the owncloud client or webdav might fail.<br />
<br />
* If you are planning on using OwnCloud's [http://owncloud.org/sync-clients/ sync-clients], make sure to have [[NTP]] installed and running on your OwnCloud server, otherwise the sync-clients will fail.<br />
<br />
* Add some [[LAMP#SSL|SSL encryption]] to your connection!<br />
(If adding SSL encryption as above, be sure to edit /etc/httpd/conf/extra/httpd-ssl.conf and change DocumentRoot "/srv/http" to DocumentRoot "/usr/share/webapps/owncloud" )<br />
<br />
* More Apps for ownCloud can be found [http://apps.owncloud.com/ here]<br />
<br />
* To install an new application, download the zip from the apps store, extract it into /srv/http/owncloud/apps/.<br />
Afterwards restart httpd:<br />
<br />
systemctl restart httpd<br />
<br />
log into your server go to the app sections you should see the new apps in there,<br />
<br />
* If you are protecting access to your owncloud location with HTTP basic auth, the file "status.php" must be excluded from auth and be publicly accessible. [https://github.com/owncloud/mirall/issues/734]<br />
<br />
== Nginx + uwsgi_php configuration ==<br />
<br />
You can avoid the use of Apache, and run owncloud in it's own process by using the {{pkg|uwsgi-plugin-php}} application server. uWSGI itself has a wealth of features to limit the resource use, and to harden the security of the application, and by being a separate process it can run under its own user.<br />
*First of all you should set up your Nginx server. See the [[Nginx]] page for further information.<br />
*Set a server with the following lines in the http section of your {{ic|/etc/nginx/nginx.conf}} file:<br />
{{bc|<nowiki><br />
#this is to avoid Request Entity Too Large error<br />
client_max_body_size 1000M;<br />
# deny access to some special files<br />
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {<br />
deny all;<br />
}<br />
# pass all .php or .php/path urls to uWSGI<br />
location ~ ^(.+\.php)(.*)$ {<br />
include uwsgi_params;<br />
uwsgi_modifier1 14;<br />
uwsgi_pass 127.0.0.1:3001;<br />
}<br />
# everything else goes to the filesystem,<br />
# but / will be mapped to index.php and run through uwsgi<br />
location / {<br />
root /usr/share/webapps/owncloud;<br />
index index.php;<br />
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;<br />
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;<br />
}<br />
</nowiki>}}<br />
*Then create a [[Uwsgi|uWSGI]] config file. {{ic|/etc/uwsgi/owncloud.ini}} could be a good choice:<br />
{{bc|<nowiki><br />
[uwsgi]<br />
master = true<br />
socket = 127.0.0.1:3001<br />
<br />
# Change this to where you want ownlcoud data to be stored (maybe /home/owncloud)<br />
owncloud_data_dir = /srv/http/owncloud <br />
chdir = %(owncloud_data_dir)<br />
<br />
plugins = php<br />
php-docroot = /usr/share/webapps/owncloud<br />
php-index = index.php<br />
<br />
# only allow these php files, I don't want to inadvertently run something else<br />
php-allowed-ext = /index.php<br />
php-allowed-ext = /public.php<br />
php-allowed-ext = /remote.php<br />
php-allowed-ext = /cron.php<br />
php-allowed-ext = /status.php<br />
php-allowed-ext = /settings/apps.php<br />
php-allowed-ext = /core/ajax/update.php<br />
php-allowed-ext = /core/ajax/share.php<br />
php-allowed-ext = /core/ajax/requesttoken.php<br />
php-allowed-ext = /core/ajax/translations.php<br />
php-allowed-ext = /search/ajax/search.php<br />
php-allowed-ext = /search/templates/part.results.php<br />
php-allowed-ext = /settings/admin.php<br />
php-allowed-ext = /settings/users.php<br />
php-allowed-ext = /settings/personal.php<br />
php-allowed-ext = /settings/help.php<br />
php-allowed-ext = /settings/ajax/getlog.php<br />
php-allowed-ext = /settings/ajax/setlanguage.php<br />
php-allowed-ext = /settings/ajax/setquota.php<br />
php-allowed-ext = /settings/ajax/userlist.php<br />
php-allowed-ext = /settings/ajax/createuser.php<br />
php-allowed-ext = /settings/ajax/removeuser.php<br />
php-allowed-ext = /settings/ajax/enableapp.php<br />
php-allowed-ext = /core/ajax/appconfig.php<br />
php-allowed-ext = /settings/ajax/setloglevel.php<br />
<br />
# set php configuration for this instance of php, no need to edit global php.ini<br />
php-set = date.timezone=Etc/UTC<br />
php-set = open_basedir=%(owncloud_data_dir):/tmp/:/usr/share/pear/:/usr/share/webapps/owncloud:/etc/webapps/owncloud<br />
php-set = session.save_path=/tmp/php_sess<br />
php-set = post_max_size=1000M<br />
php-set = upload_max_filesize=1000M<br />
<br />
# load all extensions only in this instance of php, no need to edit global php.ini<br />
php-set = extension=pdo_sqlite.so<br />
php-set = extension=exif.so<br />
php-set = extension=gd.so<br />
php-set = extension=imagick.so<br />
php-set = extension=gmp.so<br />
php-set = extension=iconv.so<br />
php-set = extension=mcrypt.so<br />
php-set = extension=sockets.so<br />
php-set = extension=sqlite3.so<br />
php-set = extension=xmlrpc.so<br />
php-set = extension=xsl.so<br />
php-set = extension=zip.so<br />
<br />
processes = 10<br />
cheaper = 2<br />
cron = -3 -1 -1 -1 -1 /usr/bin/php -f /usr/share/webapps/owncloud/cron.php 1>/dev/null<br />
<br />
</nowiki>}}<br />
*You can run it with:<br />
# uwsgi_php --ini /etc/uwsgi/owncloud.ini<br />
*Otherwise, a simple systemd unit file to start the uwsgi instance can be (this is without using the emperor):<br />
{{bc|<nowiki><br />
[Unit]<br />
Description=OwnCloud service via uWSGI-PHP<br />
<br />
[Service]<br />
User=http<br />
ExecStart=/usr/bin/uwsgi_php --ini /etc/uwsgi/owncloud.ini<br />
ExecReload=/bin/kill -HUP $MAINPID<br />
KillSignal=SIGQUIT<br />
Restart=always<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}<br />
<br />
== Sync Clients ==<br />
<br />
The official clients can be found in this page : [http://owncloud.org/install/ Sync Clients]<br />
Also take notice that while the official ownCloud android app is a paid app on the play store, it is not a paid app on [https://f-droid.org/ F-Droid].<br />
<br />
== Troubleshooting ==<br />
<br />
=== Self-signed certificate not accepted ===<br />
<br />
OwnCloud uses [[Wikipedia:cURL]] and [[Wikipedia:SabreDAV]] to check if [[WebDAV]] is enabled. If you use a SSL/TLS with a self-signed certificate, e.g. as shown in [[LAMP]] and access ownClouds admin panel, you will see the following error message:<br />
<br />
Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.<br />
<br />
Assuming that you followed the [[LAMP]]-tutorial, execute the following steps:<br />
<br />
Create local directory for non-distribution certificates and copy [[LAMP]]s certificate there. This will prevent {{Ic|ca-certificates}}-updates to overwrite it.<br />
<br />
$ cp /etc/httpd/conf/server.crt /usr/share/ca-certificates/''WWW.EXAMPLE.COM.crt''<br />
<br />
Add ''WWW.EXAMPLE.COM.crt'' to {{ic|/etc/ca-certificates.conf}}:<br />
<br />
''WWW.EXAMPLE.COM.crt''<br />
<br />
Now, regenerate your certificate store:<br />
<br />
$ update-ca-certificates<br />
<br />
Restart the httpd service to activate your certificate.<br />
<br />
<br />
Should this not work consider disabling mod_curl in /etc/php/php.ini.<br />
<br />
=== Can't create data directory (/path/to/dir) ===<br />
<br />
Check your httpd conf file (like owncloud.conf). Add your data dir to <br />
php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/path/to/dir/"<br />
<br />
You should also modify php.ini in the same way. Restart the httpd service to activate the change.<br />
<br />
=== CSync failed to find a specific file. ===<br />
<br />
Most probably a certificate issue, recreate it, and don't leave the common name empty or you will see the error again.<br />
<br />
openssl genrsa -out server.key 2048<br />
openssl req -new -key server.key -x509 -days 365 -out server.crt<br />
<br />
=== Seeing white page after login ===<br />
<br />
The cause is probably a new app that you installed, to fix that you can either use phpMyAdmin by editing the oc_appconfig table(in the case you got lucky and the table has edit option) or do it by hand with mysql:<br />
<br />
mysql -u root -p owncloud<br />
MariaDB [owncloud]> '''delete from''' oc_appconfig '''where''' appid='<nameOfExtension>' '''and''' configkey='enabled' '''and''' configvalue='yes'<br />
MariaDB [owncloud]> '''insert into''' oc_appconfig (appid,configkey,configvalue) '''values''' ('<nameOfExtension>','enabled','no');<br />
<br />
This should delete the relevant configuration from the table and add it again.<br />
<br />
=== GUI sync client fails to connect ===<br />
<br />
If using HTTP basic auth, make sure to exclude "status.php", which must be publicly accessible [https://github.com/owncloud/mirall/issues/734]<br />
<br />
=== "Can't write into apps directory" ===<br />
As mentioned in the [http://doc.owncloud.org/server/6.0/admin_manual/configuration/configuration_apps.html official admin manual] either you need an apps directory that is writable by the http user, or you need to set "appstoreenabled" to false. <br />
<br />
''Also'', not mentioned there, the directory needs to be in the open_basedir line in {{ic|/etc/php/php.ini}}<br />
<br />
One clean method is to have the package-installed directory at {{ic|/usr/share/webapps/owncloud/apps}} stay owned by root, and have the user-installed apps go into e.g. {{ic|/var/www/owncloud/apps}} which is owned by http. Then you can set "appstoreenabled" to true and package upgrades of apps should work fine as well. Relevant lines from {{ic|/etc/webapps/owncloud/config/config.php}}:<br />
<pre><br />
'apps_paths' => <br />
array (<br />
0 => <br />
array (<br />
'path' => '/usr/share/webapps/owncloud/apps',<br />
'url' => '/apps',<br />
'writable' => false,<br />
),<br />
1 => <br />
array (<br />
'path' => '/var/www/owncloud/apps',<br />
'url' => '/wapps',<br />
'writable' => true,<br />
),<br />
),<br />
</pre><br />
Example open_basedir line from {{ic|/etc/php/php.ini}} (you might have other dirs in there as well):<br />
<pre><br />
open_basedir = /srv/http/:/usr/share/webapps/:/var/www/owncloud/apps/<br />
</pre><br />
<br />
Directory permissions:<br />
<pre><br />
$ ls -ld /usr/share/webapps/owncloud/apps /var/www/owncloud/apps/<br />
drwxr-xr-x 26 root root 4096 des. 14 20:48 /usr/share/webapps/owncloud/apps<br />
drwxr-xr-x 2 http http 48 jan. 20 20:01 /var/www/owncloud/apps/<br />
</pre><br />
<br />
== See also ==<br />
* [http://owncloud.org/ ownCloud official website]<br />
* [http://doc.owncloud.org/server/6.0/admin_manual/ ownCloud 6.0 Admin Documentation]</div>Developejhttps://wiki.archlinux.org/index.php?title=Nagios&diff=313763Nagios2014-05-06T23:43:29Z<p>Developej: /* Nagios Configuration */</p>
<hr />
<div>[[Category:Networking]]<br />
[http://www.nagios.org/ Nagios] is an open source host, service and network monitoring program. It monitors specified hosts and services, alerting you to any developing issues, errors or improvements. This article describes the installation and configuration of Nagios.<br />
<br />
==Features==<br />
Some of Nagios' features [http://nagios.sourceforge.net/docs/3_0/about.html#whatis include]:<br />
*Monitoring of network services (SMTP, POP3, HTTP, NNTP, PING, etc.)<br />
*Monitoring of host resources (processor load, disk usage, etc.)<br />
*Simple plugin design that allows users to easily develop their own service checks<br />
*Parallelized service checks<br />
*Ability to define network host hierarchy using "parent" hosts, allowing detection of and distinction between hosts that are down and those that are unreachable<br />
*Contact notifications when service or host problems occur and get resolved (via email, pager, or user-defined method)<br />
*Ability to define event handlers to be run during service or host events for proactive problem resolution<br />
*Automatic log file rotation<br />
*Support for implementing redundant monitoring hosts<br />
*Optional web interface for viewing current network status, notification and problem history, log file, etc.<br />
<br />
The following installation and configuration were tested using nagios 3.2.0-1, [[Apache]] web server 2.2.14-2, and [[PHP]]5 5.3.1-3 by [https://bbs.archlinux.org/viewtopic.php?id=88461 awayand].<br />
<br />
==Webserver==<br />
According to the [http://nagios.sourceforge.net/docs/3_0/about.html official documentation] a webserver is not required, but if you wish to use any of the CGI features then a webserver (apache preferred), PHP ([[Apache#PHP|php-apache]]) for it and the gd library are required. This is assumed for this installation<br />
<br />
==Installation==<br />
Install {{AUR|nagios}} from the [[AUR]].<br />
<br />
Users may also want to install {{AUR|nagios-plugins}}.<br />
<br />
==Nagios Configuration==<br />
Copy the sample config files as root:<br />
{{bc|<br />
cp /etc/nagios/cgi.cfg.sample /etc/nagios/cgi.cfg<br />
cp /etc/nagios/resource.cfg.sample /etc/nagios/resource.cfg<br />
cp /etc/nagios/nagios.cfg.sample /etc/nagios/nagios.cfg<br />
cp /etc/nagios/objects/commands.cfg.sample /etc/nagios/objects/commands.cfg<br />
cp /etc/nagios/objects/contacts.cfg.sample /etc/nagios/objects/contacts.cfg<br />
cp /etc/nagios/objects/localhost.cfg.sample /etc/nagios/objects/localhost.cfg<br />
cp /etc/nagios/objects/templates.cfg.sample /etc/nagios/objects/templates.cfg<br />
cp /etc/nagios/objects/timeperiods.cfg.sample /etc/nagios/objects/timeperiods.cfg<br />
}}<br />
<br />
Make owner/group for all the files you just copied and belong to root equal to nagios/nagios:<br />
<br />
{{bc|<br />
# chown -R nagios:nagios /etc/nagios<br />
}}<br />
<br />
Create htpasswd.users file with a username and password, eg. nagiosadmin and secretpass<br />
<br />
{{bc|<br />
# htpasswd -c /etc/nagios/htpasswd.users nagiosadmin<br />
}}<br />
<br />
You can also add a different user, but before you can do anything with it in Nagios, you will need to edit {{ic|/etc/nagios/cgi.cfg}}. You can replace 'nagiosadmin' with the desired user, or, you can append it with comma: nagiosadmin,yourusername,yournextusername etc.<br />
<br />
If the owner/group of the nagios-plugins you installed are root:root, the following needs to be done:<br />
<br />
{{bc|<br />
# chown -R nagios:nagios /usr/share/nagios<br />
}}<br />
<br />
Once Nagios is configured, it is time to configure the webserver.<br />
<br />
==Apache Configuration==<br />
Edit /etc/httpd/conf/httpd.conf, add the following to the end of the file:<br />
<br />
{{bc|<br />
LoadModule php5_module modules/libphp5.so<br />
<br />
# Nagios<br />
Include "conf/extra/nagios.conf"<br />
<br />
# PHP<br />
Include "conf/extra/php5_module.conf"<br />
<br />
}}<br />
<br />
Copy configure file:<br />
# cp /etc/webapps/nagios/apache.example.conf /etc/httpd/conf/extra/nagios.conf<br />
<br />
Add the apache user http to the group nagios, otherwise you will get the following error when using nagios: <br />
Could not open command file '/var/nagios/rw/nagios.cmd' for update!: <br />
<br />
# usermod -G nagios -a http<br />
<br />
If you are still getting this error, you might need to change the rights on the file:<br />
# chmod 666 /var/nagios/rw/nagios.cmd<br />
<br />
==Nginx Configuration==<br />
Apart from php and php-fpm, You should have [https://wiki.archlinux.org/index.php/Nginx#CGI_implementation fcgiwrap] installed or else CGI scripts won't run.<br />
<br />
Example configuration:<br />
{{bc|<br />
1=server {<br />
server_name nagios.yourdomain.tld;<br />
root /usr/share/nagios/share;<br />
listen 80;<br />
index index.php index.html index.htm;<br />
access_log nagios.access.log;<br />
error_log nagios.error.log;<br />
<br />
location ~ \.php$ {<br />
try_files $uri = 404;<br />
fastcgi_index index.php;<br />
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;<br />
include fastcgi.conf;<br />
}<br />
<br />
location ~ \.cgi$ {<br />
root /usr/share/nagios/sbin;<br />
rewrite ^/nagios/cgi-bin/(.*)\.cgi /$1.cgi break;<br />
fastcgi_param AUTH_USER $remote_user;<br />
fastcgi_param REMOTE_USER $remote_user;<br />
include fastcgi.conf;<br />
fastcgi_pass unix:/run/fcgiwrap.socket;<br />
}<br />
<br />
}<br />
}}<br />
<br />
==PHP Configuration==<br />
Edit /etc/php/php.ini to include /usr/share/nagios in the open_basedir directive.<br />
<br />
Example configuration:<br />
<br />
{{bc|1=open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps:/etc/webapps:/usr/share/nagios}}<br />
<br />
==Final Steps==<br />
Start/Restart nagios:<br />
<br />
# systemctl restart nagios<br />
<br />
Start/Restart apache:<br />
<br />
# systemctl restart httpd<br />
<br />
Now you should be able to access nagios through your webbrowser using the username and password you have created above using htpasswd:<br />
<br />
http://localhost/nagios<br />
<br />
==Plugin check_rdiff==<br />
A small guide on monitoring rdiff-backups using a plugin called check_rdiff.<br />
<br />
===Download and Install===<br />
<br />
You will need perl installed.<br />
<br />
{{bc|<br />
cd<br />
wget http://www.monitoringexchange.org/attachment/download/Check-Plugins/Software/Backup/check_rdiff/check_rdiff<br />
cp check_rdiff /usr/share/nagios/libexec<br />
chown nagios:nagios /usr/share/nagios/libexec/check_rdiff<br />
chmod 755 /usr/share/nagios/libexec/check_rdiff<br />
}}<br />
<br />
===Enable sudo for user nagios===<br />
Since the perl script check_rdiff needs to run as root, you will have to enable sudo for the nagios user:<br />
<br />
{{bc|<br />
sudoedit /etc/sudoers<br />
}}<br />
<br />
This will open the /etc/sudoers file, then paste the following at the end of the file (you should know how to use the vi editor, if that is the one being used by sudoedit):<br />
<br />
{{bc|1=<br />
nagios ALL=(root)NOPASSWD:/usr/share/nagios/libexec/check_rdiff<br />
}}<br />
<br />
===Integrate check_rdiff plugin into nagios===<br />
<br />
Edit /etc/nagios/objects/commands.cfg to include the following command definition:<br />
<br />
{{bc|<br />
# check rdiff-backup<br />
define command{<br />
command_name check_rdiff<br />
command_line sudo $USER1$/check_rdiff -r $ARG1$ -w $ARG2$ -c $ARG3$ -l $ARG4$ -p $ARG5$ <br />
}<br />
}}<br />
<br />
Edit /etc/nagios/objects/localhost.cfg to include checking of rdiff-backup on localhost, for example:<br />
<br />
{{bc|<br />
define service{<br />
use local-service ; Name of service template to use<br />
host_name localhost<br />
service_description rdiff-backup<br />
check_command check_rdiff!/home/x/rdiffbackup!8!10!500!24<br />
}<br />
}}<br />
<br />
Quote from the check_rdiff script content:<br />
<br />
''The above command checks the repository (-r) which is defined as the destination of the backup, or more specifically, the directory above the rdiff-backup-data directory. It will return warning if the backup hasn't finished by 8am and critical by 10am. It will also return warning if the TotalDestinationSizeChange is greater than 500Mb. It also get the period set to 24hrs (-p). This is important as the plugin will throw a critical if the backup doesn't start in time.''<br />
<br />
Finally, restart nagios:<br />
<br />
# systemctl restart nagios<br />
<br />
You can now see the rdiff-backup status by clicking on Services on the left side of the nagios web interface control panel.<br />
<br />
==Forks==<br />
*[[Icinga]] is a Nagios fork. More details about the fork can be found at [https://www.icinga.org/faq/why-a-fork/ Icinga FAQ: Why a fork?]<br />
<br />
==See also==<br />
*[http://www.nagios.org/ nagios.org] Official website<br />
*[http://www.nagiosplugins.org/ Nagios Plugins] the home of the official plugins <br />
*[[Wikipedia:Nagios|wikipedia.org]] Wikipedia article<br />
*[http://www.nagiosexchange.org NagiosExchange] overview of plugins, addons, mailing lists for Nagios<br />
*[http://www.nagiosforge.org/ NagiosForge] a repository for ad</div>Developejhttps://wiki.archlinux.org/index.php?title=TigerVNC&diff=247799TigerVNC2013-02-18T15:09:35Z<p>Developej: /* Connecting to a VNC Server from Android device over SSH */</p>
<hr />
<div>[[Category:Security]]<br />
[[Category:Virtual Network Computing]]<br />
[[de:VNC]]<br />
{{Article summary start}}<br />
{{Article summary text|Vncserver is a remote display daemon that allows users to run totally ''parallel'' sessions on a machine which can be accessed from anywhere. All applications running under the server continue to run, even when the user disconnects. }}<br />
{{Article summary heading|Related Articles}}<br />
{{Article summary wiki|x11vnc}} - Another flavor of VNC which allows connections to the root (:0) desktop.<br />
{{Article summary end}}<br />
<br />
== Installation ==<br />
Vncserver is provided by {{pkg|tigervnc}} and {{pkg|tightvnc}} both of which can be installed from the [[official repositories]].<br />
<br />
== Running Vncserver ==<br />
===First Time Setup===<br />
==== Create Environment and Password Files ====<br />
Vncserver will create its initial environment file and user password file the first time it is run:<br />
$ vncserver<br />
<br />
You will require a password to access your desktops.<br />
<br />
Password:<br />
Verify:<br />
<br />
New 'mars:1 (facade)' desktop is mars:1<br />
<br />
Creating default startup script /home/facade/.vnc/xstartup<br />
Starting applications specified in /home/facade/.vnc/xstartup<br />
Log file is /home/facade/.vnc/mars:1.log<br />
<br />
The default port on which vncserver runs is :1 which corresponds to the the TCP port on which the server is running (where 5900+n = port number). In this case, it is running on 5900+1=5901. Running vncserver a second time will create a second instance running on the next highest, free port, i.e :2 or 5902.<br />
<br />
{{Note|Linux systems can have as many VNC servers as physical memory allows -- all of which running in parallel to each other.}}<br />
<br />
Shutdown the vncserver by using the -kill switch:<br />
$ vncserver -kill :1<br />
<br />
====Edit the xstartup File====<br />
Vncserver sources {{ic|~/.vnc/xstartup}} which functions like an [[.xinitrc]] file. At a minimum, users should define a DE to start if a graphical environment is desired. For example, starting xfce4:<br />
<br />
#!/bin/sh<br />
export XKL_XMODMAP_DISABLE=1<br />
exec startxfce4<br />
<br />
{{Note|The XKL_XMODMAP_DISABLE line is known to correct problems associated with "scrambled" keystrokes when typing in terminals under some virtualized DEs.}}<br />
{{Note|As of 31-Oct-2012, usage of the command "exec ck-launch-session ..." in ~/.vnc/xstartup is depreciated since Arch has dropped consolekit.}}<br />
<br />
==== Permissions ====<br />
It is good practice to secure {{ic|~/.vnc}} just like {{ic|~/.ssh}} although this is not a requirement. Execute the following to do so:<br />
$ chmod 700 ~/.vnc<br />
<br />
== Running vncserver ==<br />
Vncserver offers flexibility via switches. The below example starts vncserver in a specific resolution, allowing multiple users to view/control simultaneously, and sets the dpi on the virtual server to 96:<br />
<br />
$ vncserver -geometry 1440x900 -alwaysshared -dpi 96 :1<br />
{{Note|One need not use a standard monitor resolution for vncserver; 1440x900 can be replaced with something odd like 1429x882 or 1900x200 etc.}}<br />
<br />
For a complete list of options, pass the -badoption switch to vncserver.<br />
<br />
$ vncserver -badoption<br />
<br />
== Connecting to vncserver ==<br />
Any number of clients can connect to a vncserver. A simple example is given below where vncserver is running on 10.1.10.2 on port 5901 (:1) in shorthand notation:<br />
$ vncviewer 10.1.10.2:1<br />
<br />
=== Passwordless Authentication ===<br />
The -passwd switch allows one define the location of the sever's ~/.vnc/passwd file. It is expected that the user has access to this file on the server through ssh or through physical access. In either case, place that file on the client's filesystem in a safe location, i.e. one that has read access ONLY to the expected user.<br />
<br />
$ vncviewer -passwd /path/to/server-passwd-file<br />
<br />
=== Example GUI-based Clients ===<br />
*extra/gtk-vnc<br />
*extra/vinagre<br />
*extra/rdesktop<br />
*community/remmina<br />
*community/vncviewer-jar<br />
<br />
== Securing VNC Server by SSH Tunnels ==<br />
=== On the Server ===<br />
One wishing access to vncserver from outside the protection of a LAN should be concerned about plain text passwords and unencrypted traffic to/from the viewer and server. Vncserver is easily secured by ssh tunneling. Additionally, one need not open up another port to the outside using this method since the traffic is literally tunneled through the SSH port which the user already has open to the WAN. It is highly recommended to use the -localhost switch when running vncserver in this scenario. This switch only allows connections ''from the localhost'' -- and by analogy only by users physically ssh'ed and authenticated on the box!<br />
<br />
$ vncserver -geometry 1440x900 -alwaysshared -dpi 96 -localhost :1<br />
<br />
=== On the Client ===<br />
<br />
With the server now only accepting connection from the localhost, connect to the box via ssh using the -L switch to enable tunnels. For example:<br />
<br />
$ ssh IP_OF_TARGET_MACHINE -L 8900/localhost/5901<br />
<br />
This forwards the server port 5901 to the client box on port 8900. Once connected via SSH, leave that xterm or shell window open; it is acting as a secured tunnel to/from server. To connect via vnc, open a second xterm and connect not to the remote IP address, but to the localhost of the client thus using the secured tunnel:<br />
$ vncviewer localhost:8900<br />
<br />
From the ssh man page:<br />
''-L [bind_address:] port:host:hostport''<br />
<br />
''Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified with an alternative syntax:''<br />
<br />
''[bind_address/] port/host/ hostport or by enclosing the address in square brackets.''<br />
''Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of ``localhost'' indicates that the listening port be bound for local use only, while an empty address or `*' indicates that the port should be available from all interfaces.''<br />
<br />
=== Connecting to a VNC Server from Android device over SSH ===<br />
<br />
To connect to a VNC Server over SSH using your Android device you need:<br />
<br />
{{bc|1. SSH server running on the machine you want to connect to.<br />
2. VNC server running on the machine you want to connect to. (You run server with -localhost flag as mentioned above)<br />
3. SSH client on your Android device (ConnectBot is a popular choice and will be used in this guide as an example).<br />
4. VNC client on your Android device (androidVNC).}}<br />
<br />
Also, if you don't have static IP, you might want to consider some dynamic DNS service.<br />
<br />
In ConnectBot, type in your IP and connect to the desired machine. Tap the options key, select Port Forwards and add a new port:<br />
<br />
{{bc|Nickname: vnc<br />
Type: Local<br />
Source port: 5901<br />
Destination: 127.0.0.1:5901 (it didn't work for me when I typed in 192.168.x.xxx here, I had to use 127.0.0.1)}}<br />
<br />
Save that.<br />
<br />
In androidVNC:<br />
<br />
{{bc|Nickname: nickname<br />
Password: the password you used to set up your VNC server<br />
Address: 127.0.0.1 (we are in local after connecting through SSH)<br />
Port: 5901}}<br />
<br />
Connect.<br />
<br />
== Starting and Stopping VNC Server at Bootup and Shutdown ==<br />
{{hc|/etc/systemd/system/vncserver@:1.service|<br />
<nowiki># The vncserver service unit file<br />
#<br />
# 1. Copy this file to /etc/systemd/system/vncserver@:x.service<br />
# Note that x is the port number on which the vncserver will run. The default is 1 which <br />
# corresponds to port 5901. For a 2nd instance, use x=2 which corresponds to port 5902.<br />
# 2. Edit User=<br />
# ("User=foo")<br />
# 3. Edit and vncserver parameters appropriately<br />
# ("/usr/bin/vncserver %i -arg1 -arg2 -argn")<br />
# 4. Run `systemctl --system daemon-reload`<br />
# 5. Run `systemctl enable vncserver@:<display>.service`<br />
#<br />
# DO NOT RUN THIS SERVICE if your local area network is untrusted! <br />
#<br />
# See the wiki page for more on security<br />
# https://wiki.archlinux.org/index.php/Vncserver<br />
<br />
[Unit]<br />
Description=Remote desktop service (VNC)<br />
After=syslog.target network.target<br />
<br />
[Service]<br />
Type=forking<br />
User=<br />
<br />
# Clean any existing files in /tmp/.X11-unix environment<br />
ExecStartPre=-/usr/bin/vncserver -kill %i<br />
ExecStart=/usr/bin/vncserver %i<br />
ExecStop=/usr/bin/vncserver -kill %i<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}</div>Developejhttps://wiki.archlinux.org/index.php?title=TigerVNC&diff=247794TigerVNC2013-02-18T13:38:18Z<p>Developej: </p>
<hr />
<div>[[Category:Security]]<br />
[[Category:Virtual Network Computing]]<br />
[[de:VNC]]<br />
{{Article summary start}}<br />
{{Article summary text|Vncserver is a remote display daemon that allows users to run totally ''parallel'' sessions on a machine which can be accessed from anywhere. All applications running under the server continue to run, even when the user disconnects. }}<br />
{{Article summary heading|Related Articles}}<br />
{{Article summary wiki|x11vnc}} - Another flavor of VNC which allows connections to the root (:0) desktop.<br />
{{Article summary end}}<br />
<br />
== Installation ==<br />
Vncserver is provided by {{pkg|tigervnc}} and {{pkg|tightvnc}} both of which can be installed from the [[official repositories]].<br />
<br />
== Running Vncserver ==<br />
===First Time Setup===<br />
==== Create Environment and Password Files ====<br />
Vncserver will create its initial environment file and user password file the first time it is run:<br />
$ vncserver<br />
<br />
You will require a password to access your desktops.<br />
<br />
Password:<br />
Verify:<br />
<br />
New 'mars:1 (facade)' desktop is mars:1<br />
<br />
Creating default startup script /home/facade/.vnc/xstartup<br />
Starting applications specified in /home/facade/.vnc/xstartup<br />
Log file is /home/facade/.vnc/mars:1.log<br />
<br />
The default port on which vncserver runs is :1 which corresponds to the the TCP port on which the server is running (where 5900+n = port number). In this case, it is running on 5900+1=5901. Running vncserver a second time will create a second instance running on the next highest, free port, i.e :2 or 5902.<br />
<br />
{{Note|Linux systems can have as many VNC servers as physical memory allows -- all of which running in parallel to each other.}}<br />
<br />
Shutdown the vncserver by using the -kill switch:<br />
$ vncserver -kill :1<br />
<br />
====Edit the xstartup File====<br />
Vncserver sources {{ic|~/.vnc/xstartup}} which functions like an [[.xinitrc]] file. At a minimum, users should define a DE to start if a graphical environment is desired. For example, starting xfce4:<br />
<br />
#!/bin/sh<br />
export XKL_XMODMAP_DISABLE=1<br />
exec startxfce4<br />
<br />
{{Note|The XKL_XMODMAP_DISABLE line is known to correct problems associated with "scrambled" keystrokes when typing in terminals under some virtualized DEs.}}<br />
{{Note|As of 31-Oct-2012, usage of the command "exec ck-launch-session ..." in ~/.vnc/xstartup is depreciated since Arch has dropped consolekit.}}<br />
<br />
==== Permissions ====<br />
It is good practice to secure {{ic|~/.vnc}} just like {{ic|~/.ssh}} although this is not a requirement. Execute the following to do so:<br />
$ chmod 700 ~/.vnc<br />
<br />
== Running vncserver ==<br />
Vncserver offers flexibility via switches. The below example starts vncserver in a specific resolution, allowing multiple users to view/control simultaneously, and sets the dpi on the virtual server to 96:<br />
<br />
$ vncserver -geometry 1440x900 -alwaysshared -dpi 96 :1<br />
{{Note|One need not use a standard monitor resolution for vncserver; 1440x900 can be replaced with something odd like 1429x882 or 1900x200 etc.}}<br />
<br />
For a complete list of options, pass the -badoption switch to vncserver.<br />
<br />
$ vncserver -badoption<br />
<br />
== Connecting to vncserver ==<br />
Any number of clients can connect to a vncserver. A simple example is given below where vncserver is running on 10.1.10.2 on port 5901 (:1) in shorthand notation:<br />
$ vncviewer 10.1.10.2:1<br />
<br />
=== Passwordless Authentication ===<br />
The -passwd switch allows one define the location of the sever's ~/.vnc/passwd file. It is expected that the user has access to this file on the server through ssh or through physical access. In either case, place that file on the client's filesystem in a safe location, i.e. one that has read access ONLY to the expected user.<br />
<br />
$ vncviewer -passwd /path/to/server-passwd-file<br />
<br />
=== Example GUI-based Clients ===<br />
*extra/gtk-vnc<br />
*extra/vinagre<br />
*extra/rdesktop<br />
*community/remmina<br />
*community/vncviewer-jar<br />
<br />
== Securing VNC Server by SSH Tunnels ==<br />
=== On the Server ===<br />
One wishing access to vncserver from outside the protection of a LAN should be concerned about plain text passwords and unencrypted traffic to/from the viewer and server. Vncserver is easily secured by ssh tunneling. Additionally, one need not open up another port to the outside using this method since the traffic is literally tunneled through the SSH port which the user already has open to the WAN. It is highly recommended to use the -localhost switch when running vncserver in this scenario. This switch only allows connections ''from the localhost'' -- and by analogy only by users physically ssh'ed and authenticated on the box!<br />
<br />
$ vncserver -geometry 1440x900 -alwaysshared -dpi 96 -localhost :1<br />
<br />
=== On the Client ===<br />
<br />
With the server now only accepting connection from the localhost, connect to the box via ssh using the -L switch to enable tunnels. For example:<br />
<br />
$ ssh IP_OF_TARGET_MACHINE -L 8900/localhost/5901<br />
<br />
This forwards the server port 5901 to the client box on port 8900. Once connected via SSH, leave that xterm or shell window open; it is acting as a secured tunnel to/from server. To connect via vnc, open a second xterm and connect not to the remote IP address, but to the localhost of the client thus using the secured tunnel:<br />
$ vncviewer localhost:8900<br />
<br />
From the ssh man page:<br />
''-L [bind_address:] port:host:hostport''<br />
<br />
''Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6 addresses can be specified with an alternative syntax:''<br />
<br />
''[bind_address/] port/host/ hostport or by enclosing the address in square brackets.''<br />
''Only the superuser can forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind the connection to a specific address. The bind_address of ``localhost'' indicates that the listening port be bound for local use only, while an empty address or `*' indicates that the port should be available from all interfaces.''<br />
<br />
=== Connecting to a VNC Server from Android device over SSH ===<br />
<br />
To connect to a VNC Server over SSH using your Android device you need:<br />
<br />
{{bc|1. SSH server running on the machine you want to connect to.<br />
2. VNC server running on the machine you want to connect to. (You run server with -localhost flag as mentiond above)<br />
3. SSH client on your Android device (ConnectBot is a popular choice and will be used in this guide as an example).<br />
4. VNC client on your Android device (androidVNC).}}<br />
<br />
Also, if you don't have static IP, you might want to consider some dynamic DNS service.<br />
<br />
In ConnectBot, type in your IP and connect to the desired machine. Tap the options key, select Port Forwards and add a new port:<br />
<br />
{{bc|Nickname: vnc<br />
Type: Local<br />
Source port: 5901<br />
Destination: 127.0.0.1:5901 (it didn't work for me when I typed in 192.168.x.xxx here, I had to use 127.0.0.1)}}<br />
<br />
Save that.<br />
<br />
In androidVNC:<br />
<br />
{{bc|Nickname: nickname<br />
Password: the password you used to set up your VNC server<br />
Address: 127.0.0.1 (we are in local after connecting through SSH)<br />
Port: 5901}}<br />
<br />
Connect.<br />
<br />
== Starting and Stopping VNC Server at Bootup and Shutdown ==<br />
{{hc|/etc/systemd/system/vncserver@:1.service|<br />
<nowiki># The vncserver service unit file<br />
#<br />
# 1. Copy this file to /etc/systemd/system/vncserver@:x.service<br />
# Note that x is the port number on which the vncserver will run. The default is 1 which <br />
# corresponds to port 5901. For a 2nd instance, use x=2 which corresponds to port 5902.<br />
# 2. Edit User=<br />
# ("User=foo")<br />
# 3. Edit and vncserver parameters appropriately<br />
# ("/usr/bin/vncserver %i -arg1 -arg2 -argn")<br />
# 4. Run `systemctl --system daemon-reload`<br />
# 5. Run `systemctl enable vncserver@:<display>.service`<br />
#<br />
# DO NOT RUN THIS SERVICE if your local area network is untrusted! <br />
#<br />
# See the wiki page for more on security<br />
# https://wiki.archlinux.org/index.php/Vncserver<br />
<br />
[Unit]<br />
Description=Remote desktop service (VNC)<br />
After=syslog.target network.target<br />
<br />
[Service]<br />
Type=forking<br />
User=<br />
<br />
# Clean any existing files in /tmp/.X11-unix environment<br />
ExecStartPre=-/usr/bin/vncserver -kill %i<br />
ExecStart=/usr/bin/vncserver %i<br />
ExecStop=/usr/bin/vncserver -kill %i<br />
<br />
[Install]<br />
WantedBy=multi-user.target<br />
</nowiki>}}</div>Developej