ownCloud Series – Getting Started

Many of my friends have heard me talk a great deal about ownCloud. I talk about it, because it is a tool that does so much for me and is completely FREE and open source. You can run ownCloud on a server at home or anywhere you can run a Linux server. As of version 8, Windows Server is no longer supported, so you’ll need to install ownCloud on a Linux server. Don’t worry – you don’t have to be a Linux superuser to run it. This guide will give you everything you need to setup your operating system AND ownCloud, with simplicity and security top of mind.

Here is a perfect description of ownCloud:

I pay $9/month for a virtual server that hosts ownCloud, a wordpress blog, and few other things. ownCloud is my central point for my Calendar, Contacts, notes, tasks (reminders), files and folders (read:Dropbox/OneDrive), bookmarks, Email, and more! I would like to contribute to the project, but since I am not a developer, I decided to use what I do know about ownCloud by sharing my experiences to help others get started. I’ll provide some detail on how I use it that may help others get the best out of ownCloud.

There are many guides online in doing this; however, in this series, I will focus on giving you the complete steps to go from a fresh Ubuntu server installation (14.04 in this guide), to https only, https://cloud.your-domain.com. Then we’ll go beyond in future posts about applications (webmail, calendars, contacts, bookmarks, etc), tweaking, etc.

Important notes:
1 – This installation will be in a subdomain, for example: https://cloud.contoso.com, NOT in a subfolder https://www.contoso.com/cloud. I prefer the flexibility of subdomains, but you can tailor this to your choice – just know this is how I’ll detail the installation.

2- I assume that you are either using this in a home testing environment, or that you have purchased a domain and configured DNS to point to your server’s public IP. If you don’t have public DNS you’ll need to edit your hosts file, here is how:
Windows – http://www.howtogeek.com/howto/27350/beginner-geek-how-to-edit-your-hosts-file/
Mac – http://www.imore.com/how-edit-your-macs-hosts-file-and-why-you-would-want
Linux – simply edit the /etc/hosts file

3 – This will be HTTPS only, HTTP will redirect to HTTPS. It will use self-signed certificates. Obviously in production, you’d buy a cert.

4 – If this post helps you in any way or if I can improve this installation guide, drop me a comment.

Follow Linode’s excellent getting started guide:

https://www.linode.com/docs/getting-started#ubuntu-1404–debian-7

Then secure your server:

https://www.linode.com/docs/security/securing-your-server/

Before going any further, I recommend you’ve completed these previous steps. I highly recommend following the entire “Securing Your Server” section above before continuing ! Don’t use the root user, pretty please.

Using SSH key pair for login, disabling root login, configuring a firewall… These steps are always important for ubuntu server setups and shouldn’t be skipped.

I SSH to many servers with key authentication. I highly recommend creating a config file in your ssh directory. Here is how to achieve this:

https://gabrielbeaver.me/2015/07/multi-ssh-key-profile-config-linuxmacos/

Root

Now let’s get to installing ownCloud. Update your OS:

# sudo apt-get update && sudo apt-get upgrade

Enable SSH, if you haven’t already:

# sudo apt-get install openssh-server

Install apache2:

# sudo apt-get install apache2

Install PHP:

# sudo apt-get install php5 php5-mysql && sudo apt-get install php5-curl php5-gd php5-imagick php5-intl php5-json php5-mcrypt

Let’s go ahead and set the apache ServerName. If you don’t you’ll see this message when restarting the service:

“AH00558: apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1. Set the ‘ServerName’ directive globally to suppress this message”

# sudo nano /etc/apache2/conf-available/servername.conf

In the file simply type:

ServerName localhost

(control+X, Y. enter)

# sudo a2enconf servername

Let’s go ahead and enable SSL, the rewrite module, and restart apache for the ServerName and SSL to take effect:

# sudo a2enmod ssl && sudo a2enmod rewrite && sudo service apache2 restart

Now we will configure the post and upload max file size limits. As you’ll be uploading files, we want to ensure the limitation is proper, as opposed to just running a simple CMS site.

# sudo nano /etc/php5/apache2/php.ini
post_max_size = 8M
upload_max_filesize = 2M

I set mine to 2G for 2 Gigabytes.

Install MySQL (Remember to document the root password you choose):

# sudo apt-get install mysql-server

Remove test users, DBs, and root remote access:

# sudo mysql_secure_installation

Create ownCloud Database, and Database User (make sure to change CREATE_PASSWORD to the password you want to use):

# sudo mysql -u root -p
mysql> CREATE USER 'ownclouduser'@'localhost' IDENTIFIED BY 'CREATE_PASSWORD';
mysql> CREATE DATABASE owncloud;
mysql> GRANT ALL ON owncloud.* TO 'ownclouduser'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> exit

Last step before we begin is to create a directory in which to store the owncloud user data. It is HIGHLY recommended you not use /var/www/owncloud/data, and to use a directory outside of this and that the apache user be the owner. More on this in a bit.

# sudo mkdir /owncloud && sudo mkdir /owncloud/data
# sudo chown -R www-data:www-data /owncloud/data

Now we will install ownCloud. Find latest release here (copy the tar.bz2 link in step1):

https://owncloud.org/install/#instructions-server

We will grab the compressed file, uncompress it to a specific folder, not just simply to the apache root, delete the source, then configure proper permissions on the owncloud directory (make sure to edit the owncloud-x.x.x.tar.bz2 for your version!):

# wget https://download.owncloud.org/community/owncloud-8.2.1.tar.bz2
# sudo tar -xvf owncloud-8.2.1.tar.bz2 -C /var/www/
# rm owncloud-8.2.1.tar.bz2
# sudo chown www-data:www-data -R /var/www/owncloud/

Next we need to configure the apache site. There are multiple steps to configure this bit.

Configure the HTTP port 80 site.
Generate certificates (Self-signed in this guide)
Configure the HTTPS port 443 site.

First, we’ll configure the HTTP port 80 site, with the knowledge that we will being forwarding traffic to HTTPS.

Example, if you visit http://cloud.your-domain.com, you will be automatically redirected to https://cloud-your-domain.com

# nano /etc/apache2/sites-available/owncloud.conf
<VirtualHost *:80>
     ServerAdmin you@domain.com
     ServerName cloud.your-domain-here.com
       # I add permanent redirect in the next line - choice is up to you #
     Redirect permanent / https://cloud.your-domain-here.com/
     DocumentRoot /var/www/owncloud
 
     <Directory />
                Options FollowSymLinks
                AllowOverride All
    </Directory>
 
 
     ErrorLog ${APACHE_LOG_DIR}/owncloud-HTTP-error.log
     CustomLog ${APACHE_LOG_DIR}/owncloud-HTTP-access.log combined
</VirtualHost>

Next we will configure certificates we’ll use for the HTTPS site. We create a directory to dump SSL certificates, another directory specifically for owncloud. The certificate will be good for 10 years and for it to create server.key and server.crt files should be in the /etc/apache2/ssl/owncloud folder.

When prompted fill in the information, common name should be “cloud.your-domain.com”.

# sudo mkdir /etc/apache2/ssl && sudo mkdir /etc/apache2/ssl/owncloud
# sudo openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/apache2/ssl/owncloud/server.key -out /etc/apache2/ssl/owncloud/server.crt

Now we create the HTTPS site:

# sudo nano /etc/apache2/sites-available/owncloud-ssl.conf

Here is an example, notice the SSLCertificateFile and SSLCertificateKeyFile mapped to what we just created.

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin webmaster@localhost
                ServerName cloud.gabrielbeaver.me
                # I add Header info base on doc.owncloud.org v8.1 admin guide #
                Header always add Strict-Transport-Security "max-age=15768000; preload"
                DocumentRoot /var/www/owncloud
                <Directory />
                        Options FollowSymLinks
                        AllowOverride All
                </Directory>
 
                <Directory /var/www/owncloud>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
                </Directory>
 
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
 
                SSLEngine on
                SSLCertificateFile /etc/apache2/ssl/server.crt
                SSLCertificateKeyFile /etc/apache2/ssl/server.key
 
                #SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
                #SSLCACertificatePath /etc/ssl/certs/
                #SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
                #SSLCARevocationPath /etc/apache2/ssl.crl/
                #SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
                #SSLVerifyClient require
                #SSLVerifyDepth  10
 
                #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>
 
                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                # MSIE 7 and newer should be able to use keepalive
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 
        </VirtualHost>
</IfModule>

Enable the HTTP site first, reload apache:

# sudo a2ensite owncloud.conf && sudo service apache2 reload

If no errors detected, we enable the headers mod, then HTTPS site, reload apache:

# sudo a2enmod headers
# sudo a2ensite owncloud-ssl.conf && sudo service apache2 reload

Navigate to your site https://cloud.your-domain.com

You should get a reminder that the certificate is not trusted, this is okay, as you can verify the data you entered!

2015-07-23_02-19-26

Then you will see the owncloud welcome page, but take your time here and confirm your settings are correct before proceeding!

2015-07-23_02-20-23

 

Specify a username and password for the admin account (document this), change the location of the Data folder to what we made above! Then simply enter in the db user, db user password, the db we created earlier, leave localhost as this refers to the server’s local mysql instance.

2015-07-23_02-28-24
When you hit Finish setup, you should be brought to the login screen!

2015-07-23_02-29-22

 

In my next posts in the series, I will show you how to tweak the server, and show how I have further configured ownCloud, my Ubuntu server, and utilize the applications every day.