nextcloud

From ArchWiki
Revision as of 08:11, 14 August 2015 by Unhammer (talk | contribs) (whatever)
Jump to: navigation, search

From Wikipedia:

ownCloud is a software suite that provides a location-independent storage area for data (cloud storage).

The ownCloud installation and configuration mainly depends on what web server and database you decide to run. Currently the wiki discusses #Apache configuration and #Nginx + uwsgi php configuration.

Prerequisites

ownCloud needs a web server, PHP and a database. For instance, a classic LAMP stack should work fine and is the recommended configuration.

Installation

Install owncloud from the official repositories. Alternatively see the packages available in the Arch User Repository: [1].

Uncomment the following required extensions in /etc/php/php.ini:

gd.so
iconv.so
posix.so
xmlrpc.so
zip.so

It is also recommended to install php-intl, php-mcrypt and uncomment the following extensions:

bz2.so
curl.so
intl.so
mcrypt.so
openssl.so

Caching

For enhanced performance, it is recommended to implement PHP caching: see PHP#Caching.

Then, depending on your choice, add only one of the following directives to /etc/webapps/owncloud/config/config.php:

  • 'memcache.local' => '\OC\Memcache\APCu',
  • 'memcache.local' => '\OC\Memcache\XCache',
Note:
Template error: are you trying to use the = sign? Visit Help:Template#Escape template-breaking characters for workarounds.

See the official documentation.

/dev/urandom access

ownCloud 8.1.0-1 requires /dev/urandom access. This must be enabled in php.ini.

Attach :/dev/urandom (no slash at the end) to open_basedir in php.ini. Example:

open_basedir = /srv/http/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/dev/urandom

On Nginx + uwsgi_php, the setting above won't take effect , please attach :/dev/urandom in uwsgi_php config file instead.

/etc/uwsgi/owncloud.ini
 php-set = open_basedir=%(owncloud_data_dir):/tmp/:/usr/share/pear/:/usr/share/webapps/owncloud:/etc/webapps/owncloud:/dev/urandom 

Database support

Depending on which database backend you are going to use, uncomment both of the following two extensions in /etc/php/php.ini:

SQLite MySQL PostgreSQL
pdo_sqlite.so
sqlite3.so
pdo_mysql.so
mysql.so
pdo_pgsql.so
pgsql.so
Note: When using MySQL you need mysql.so, even though it is deprecated. As of May 2015 (ownCloud 8.0) mysqli.so is not supported.[2][3]

Do not forget to install the appropriate php-module for the database. In the PostgreSQL case thats php-pgsql or for SQLite php-sqlite.

Exif support

Additionally enable exif support by installing exiv2 from the official repositories and uncommenting the exif.so extension in php.ini.

An all-in-one alternative with Docker

A quicker alternative to installing and configuring your own ownCloud is to use a 3rd party supported Docker image. You can find several images of fully working LAMP stack with pre-installed ownCloud in the Docker repositories. Docker containers are generally safer than a chroot environment and the overhead is very low; ownCloud in Docker works smoothly even on quite old machines. The whole setup including installing Docker and ownCloud image is considerably easier and quicker than a native installation but you must trust the 3rd party whom you've now given complete control to regarding the installation of your ownCloud instance.

Note: Docker images are not officially supported by ownCloud.

Apache configuration

Note: Make sure PHP is enabled, as described in Apache HTTP Server#PHP.

Copy the Apache configuration file to its configuration directory:

# cp /etc/webapps/owncloud/apache.example.conf /etc/httpd/conf/extra/owncloud.conf

And include it at the bottom of /etc/httpd/conf/httpd.conf:

Include conf/extra/owncloud.conf

For security purposes, review and set the prescribed directory permissions from the ownCloud installation manual:

#!/bin/bash
ocpath='/usr/share/webapps/owncloud'
htuser='http'
htgroup='http'
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750
chown -R root:${htuser} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpath}/data/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown root:${htuser} ${ocpath}/.htaccess
chown root:${htuser} ${ocpath}/data/.htaccess
chmod 0644 ${ocpath}/.htaccess
chmod 0644 ${ocpath}/data/.htaccess

Now restart Apache (httpd.service).

Open http://localhost/ in your browser. You should now be able to create a user account and follow the installation wizard.

WebDAV

ownCloud comes with its own WebDAV implementation enabled, which may conflict with the one shipped with Apache. If you have enabled WebDAV (not enabled by default with Apache), disable mod_dav and mod_dav_fs in /etc/httpd/conf/httpd.conf. See https://forum.owncloud.org/viewtopic.php?f=17&t=7240 for details.

Running ownCloud in a subdirectory

By including the default owncloud.conf in httpd.conf, ownCloud will take control of port 80 and your localhost domain.

If you would like to have ownCloud run in a subdirectory, then edit the /etc/httpd/conf/extra/owncloud.conf you included and comment out the <VirtualHost *:80> ... </VirtualHost> part of the include file.

Nginx + uwsgi_php configuration

You can avoid the use of Apache, and run ownCloud in its own process by using the uwsgi-plugin-php application server. uWSGI itself has a wealth of features to limit the resource use, and to harden the security of the application, and by being a separate process it can run under its own user. (See specific owncloud version configuration. Adjust the owncloud version number in the linked URL.)

Configuration

  • First of all you should set up your Nginx server. See the Nginx page for further information.
  • Set a server with the following lines in the http section of your /etc/nginx/nginx.conf file:
#this is to avoid Request Entity Too Large error
client_max_body_size 1000M;
# deny access to some special files
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
    deny all;
}
# pass all .php or .php/path urls to uWSGI
location ~ ^(.+\.php)(.*)$ {
    include uwsgi_params;
    uwsgi_modifier1 14;
    #Uncomment line below if you get connection refused error. Remember to comment out line with "uwsgi_pass 127.0.0.1:3001;" below
    #uwsgi_pass unix:/run/uwsgi/owncloud.sock;
    uwsgi_pass 127.0.0.1:3001;
}
# everything else goes to the filesystem,
# but / will be mapped to index.php and run through uwsgi
location / {
    root /usr/share/webapps/owncloud;
    index index.php;
    rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
    rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
}
  • Then create a uWSGI config file. /etc/uwsgi/owncloud.ini could be a good choice:
[uwsgi]
master = true
socket = 127.0.0.1:3001

# Change this to where you want ownlcoud data to be stored (maybe /home/owncloud)
owncloud_data_dir = /usr/share/webapps/owncloud/data/
chdir             = %(owncloud_data_dir)

plugins = php
php-docroot     = /usr/share/webapps/owncloud
php-index       = index.php

# only allow these php files, I do not want to inadvertently run something else
php-allowed-ext = /index.php
php-allowed-ext = /public.php
php-allowed-ext = /remote.php
php-allowed-ext = /cron.php
php-allowed-ext = /status.php
php-allowed-ext = /settings/apps.php
php-allowed-ext = /core/ajax/update.php
php-allowed-ext = /core/ajax/share.php
php-allowed-ext = /core/ajax/requesttoken.php
php-allowed-ext = /core/ajax/translations.php
php-allowed-ext = /search/ajax/search.php
php-allowed-ext = /search/templates/part.results.php
php-allowed-ext = /settings/admin.php
php-allowed-ext = /settings/users.php
php-allowed-ext = /settings/personal.php
php-allowed-ext = /settings/help.php
php-allowed-ext = /settings/ajax/getlog.php
php-allowed-ext = /settings/ajax/setlanguage.php
php-allowed-ext = /settings/ajax/setquota.php
php-allowed-ext = /settings/ajax/userlist.php
php-allowed-ext = /settings/ajax/createuser.php
php-allowed-ext = /settings/ajax/removeuser.php
php-allowed-ext = /settings/ajax/enableapp.php
php-allowed-ext = /core/ajax/appconfig.php
php-allowed-ext = /settings/ajax/setloglevel.php
php-allowed-ext = /ocs/v1.php

# set php configuration for this instance of php, no need to edit global php.ini
php-set = date.timezone=Etc/UTC
php-set = open_basedir=%(owncloud_data_dir):/tmp/:/usr/share/pear/:/usr/share/webapps/owncloud:/etc/webapps/owncloud
php-set = session.save_path=/tmp
php-set = post_max_size=1000M
php-set = upload_max_filesize=1000M
php-set = always_populate_raw_post_data=-1

# load all extensions only in this instance of php, no need to edit global php.ini
php-set = extension=bz2.so
php-set = extension=curl.so
php-set = extension=intl.so
php-set = extension=openssl.so
php-set = extension=pdo_sqlite.so
php-set = extension=exif.so
php-set = extension=gd.so
php-set = extension=imagick.so
php-set = extension=gmp.so
php-set = extension=iconv.so
php-set = extension=mcrypt.so
php-set = extension=sockets.so
php-set = extension=sqlite3.so
php-set = extension=xmlrpc.so
php-set = extension=xsl.so
php-set = extension=zip.so

processes = 10
cheaper = 2
cron = -3 -1 -1 -1 -1 /usr/bin/php -f /usr/share/webapps/owncloud/cron.php 1>/dev/null

#Uncomment line below and replace http with a specific group name which you want uwsgi to run with.
#gid = http

Activation

uWSGI provides a template unit that allows to start and enable application using their configuration file name as instance identifier. For example:

# systemctl start uwsgi@owncloud.socket

would start it on demand referencing the configuration file /etc/uwsgi/owncloud.ini.

To enable the uwsgi service by default at start-up, run:

# systemctl enable uwsgi@owncloud.socket
Note: Here we make use of systemd socket activation to prevent unnecessary resources consumption when no connections are made to the instance. If you'd rather have it constantly active, simply remove the .socket part to start and enable the service instead.

See also Uwsgi#Starting service.

Synchronization

Desktop

The official client can be installed with the package owncloud-client from the official repositories. Alternative versions are avaiable in the AUR: owncloud-client-betaAUR, owncloud-client-gitAUR and owncloud-client-qt5AUR. Its use is described in this page of the documentation.

Calendar

To access your ownCloud calendars using Mozilla Thunderbird's Lightning calendar you would use the following URL:

https://ADDRESS/remote.php/caldav/calendars/USERNAME/CALENDARNAME

To access your ownCloud calendars using CalDAV-compatible programs like Kontact or Evolution, you would use the following URL:

https://ADDRESS/remote.php/caldav

For details see the official documentation.

Contacts

To sync contacts with Thunderbird you must install the SOGo frontend, Lightning extension and follow those instructions from the official doc.

Mounting files with davfs2

If you want to mount your ownCloud permanently install davfs2 (as described in Davfs) first.

Considering your ownCloud were at https://own.example.com, your WebDAV URL would be https://own.example.com/remote.php/webdav (as of ownCloud 6.0).

To mount your ownCloud, use:

# mount -t davfs https://own.example.com/remote.php/webdav /path/to/mount

You can also create an entry for this in /etc/fstab

/etc/fstab
https://own.example.com/remote.php/webdav /path/to/mount davfs rw,user,noauto 0 0
Tip: In order to allow automount you can also store your username (and password if you like) in a file as described in Davfs#Mounting as regular user.
Note: If creating/copying files is not possible, while the same operations work on directories, see Davfs#Creating.2Fcopying files not possible.

Android

There is an official Android app available for a small fee on the Play Store and for free on F-Droid.

To enable contacts and calendar sync:

  • if using Android 4+:
    1. download DAVdroid (available in F-Droid)
    2. Enable mod_rewrite.so in httpd.conf
    3. create a new DAVdroid account in the Account settings, and specify your "short" server address and login/password couple, e.g. https://cloud.example.com (there is no need for the /remote.php/{carddav,webdav} part if you configured your web server with the proper redirections, as illustrated previously in the article; DAVdroid will find itself the right URLs)
For an older version of the app but with still useful info, see this article.
  • if using an Android version below 4.0 and favouring Free/Libre software solutions, give a try to aCal for calendar and contacts sync or CalDAV Sync Adapter (F-Droid) for just calendar sync; if you are willing to use non-libre software, then the recommended solution is to use CardDAV-Sync and CalDAV-Sync.

Important notes

  • When using a subdomain (like cloud.example.net), make sure it is covered by your certificate. Otherwise, connection via the ownCloud client or webdav might fail.
  • If you are planning on using ownCloud's sync-clients, make sure to have ntpd installed and running on your ownCloud server, otherwise the sync-clients will fail.

(If adding SSL encryption as above, be sure to edit /etc/httpd/conf/extra/httpd-ssl.conf and change DocumentRoot "/srv/http" to DocumentRoot "/usr/share/webapps/owncloud" )

  • More Apps for ownCloud can be found here
  • To install an new application, download the zip from the apps store, extract it into /srv/http/owncloud/apps/.

Afterwards restart httpd:

# systemctl restart httpd

log into your server go to the app sections you should see the new apps in there,

  • If you are protecting access to your ownCloud location with HTTP basic auth, the file "status.php" must be excluded from auth and be publicly accessible. [4]

SABnzbd

When using SABnzbd, you might want to set

folder_rename 0

in your sabnzbd.ini file, because ownCloud will scan the files as soon as they get uploaded, preventing SABnzbd from removing UNPACKING prefixes etc.

Troubleshooting

Self-signed certificate not accepted

ownCloud uses Wikipedia:cURL and Wikipedia:SabreDAV to check if WebDAV is enabled. If you use SSL/TLS with a self-signed certificate, e.g. as shown in LAMP, and access ownCloud's admin panel, you will see the following error message:

Your web server is not yet properly setup to allow files synchronization because the WebDAV interface seems to be broken.

Assuming that you followed the LAMP tutorial, execute the following steps:

Create a local directory for non-distribution certificates and copy LAMPs certificate there. This will prevent ca-certificates-updates from overwriting it.

# cp /etc/httpd/conf/server.crt /usr/share/ca-certificates/WWW.EXAMPLE.COM.crt

Add WWW.EXAMPLE.COM.crt to /etc/ca-certificates.conf:

WWW.EXAMPLE.COM.crt

Now, regenerate your certificate store:

# update-ca-certificates

Restart the httpd service to activate your certificate.

Should this not work, consider disabling mod_curl in /etc/php/php.ini.

Self-signed certificate for Android devices

Once you have followed the setup for SSL, as on LAMP for example, davdroid will fail to work because the certificate is not accepted. A certificate can be made as follows on your server:

 # openssl x509 -req -days 365 -in /etc/httpd/conf/server.csr -signkey /etc/httpd/conf/server.key -extfile android.txt -out CA.crt
 # openssl x509 -inform PEM -outform DER -in CA.crt -out CA.der.crt 

The file android.txt should contain the following:

 basicConstraints=CA:true

Then import CA.der.crt to your Android device:

Put the CA.der.crt file onto the sdcard of your Android device (usually to the internal one, e.g. save from a mail attachment). It should be in the root directory. Go to Settings > Security > Credential storage and select Install from device storage. The .crt file will be detected and you will be prompted to enter a certificate name. After importing the certificate, you will find it in Settings > Security > Credential storage > Trusted credentials > User.

Thanks to: [5]

Cannot write into config directory!

Check your httpd configuration file (like owncloud.conf). Add your configuration directory (/etc/webapps by default) to

php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/path/to/dir/"

Restart the httpd or php-fpm service to activate the change.

Cannot create data directory (/path/to/dir)

Check your httpd configuration file (like owncloud.conf). Add your data directory to

php_admin_value open_basedir "/srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/path/to/dir/"

Restart the httpd or php-fpm service to activate the change.

CSync failed to find a specific file.

This is most likely a certificate issue. Recreate it, and do not leave the common name empty or you will see the error again.

# openssl req -new -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt

Seeing white page after login

The cause is probably a new app that you installed. To fix that, you can either use phpMyAdmin to edit the oc_appconfig table (if you got lucky and the table has an edit option), or do it by hand with mysql:

mysql -u root -p owncloud
MariaDB [owncloud]> delete from oc_appconfig where appid='<nameOfExtension>' and configkey='enabled' and configvalue='yes'
MariaDB [owncloud]> insert into oc_appconfig (appid,configkey,configvalue) values ('<nameOfExtension>','enabled','no');

This should delete the relevant configuration from the table and add it again.

GUI sync client fails to connect

If using HTTP basic authentication, make sure to exclude "status.php", which must be publicly accessible. [6]

"Cannot write into apps directory"

As mentioned in the official admin manual, either you need an apps directory that is writable by the http user, or you need to set appstoreenabled to false.

Also, not mentioned there, the directory needs to be in the open_basedir line in /etc/php/php.ini.

Tango-inaccurate.pngThe factual accuracy of this article or section is disputed.Tango-inaccurate.png

Reason: Does not seem to work with 8.0.2 (Discuss in Talk:Nextcloud#)

One clean method is to have the package-installed directory at /usr/share/webapps/owncloud/apps stay owned by root, and have the user-installed apps go into e.g. /var/www/owncloud/apps, which is owned by http. Then you can set appstoreenabled to true and package upgrades of apps should work fine as well. Relevant lines from /etc/webapps/owncloud/config/config.php:

  'apps_paths' => 
  array (
    0 => 
    array (
      'path' => '/usr/share/webapps/owncloud/apps',
      'url' => '/apps',
      'writable' => false,
    ),
    1 => 
    array (
      'path' => '/var/www/owncloud/apps',
      'url' => '/wapps',
      'writable' => true,
    ),
  ),

Example open_basedir line from /etc/php/php.ini (you might have other directories in there as well):

open_basedir = /srv/http/:/usr/share/webapps/:/var/www/owncloud/apps/

Directory permissions:

$ ls -ld /usr/share/webapps/owncloud/apps /var/www/owncloud/apps/
 drwxr-xr-x 26 root root 4096 des.  14 20:48 /usr/share/webapps/owncloud/apps
 drwxr-xr-x  2 http http   48 jan.  20 20:01 /var/www/owncloud/apps/

Upload and Share from File Manager

You can use the following script to quickly upload and share files to your ownCloud installation from Thunar (and possibly other filemanagers): https://github.com/schiesbn/shareLinkCreator You need to edit the file with the proper configuration settings. Note: password is stored as plain text.

See also