Categories


ownCloud, Ubuntu, nginx setup guide

I was doing a bit of searching over the weekend and came across owncloud. Think of it like a local dropbox for your files, complete with SSL encryption and a desktop sync client.

Actual description from ownCloud.org:

ownCloud gives you universal access to your files through a web interface or WebDAV.

So, obviously I decided to set this up and see how it all works. Believe it or not, the setup is super simple, and there are a number of guides out there that will help you. I ended up having to use no less than 3 of them to complete my setup, so I decided to document it for anyone who happens to find this.

Requirements

As with anything, ownCloud has a few requirements. Running this command should get you more or less up and running.

sudo apt-get install nginx php5-fpm php5 php5-json php5-gd curl php5-curl libcurl3-gnutls libapr1 libaprutil1 libcurl3 libaprutil1-ldap libcap2 libltdl-dev libltdl7 libtool m4 php-pear php-xml-parser php5-cli php5-dev shtool ssl-cert php5-ldap smbclient

Note: I already had nginx, php and mysql configured and running, some minor configuration may be needed that I haven’t covered here.

Setup MySQL Database

Lets get the database and user set up – please replace YOURPASSHERE with a password of your choosing (and remember it for later).

mysql -u root -p
CREATE DATABASE owncloud;
GRANT ALL PRIVILEGES ON owncloud.* to 'owncloud'@'localhost' IDENTIFIED BY 'YOURPASSHERE';
quit

Install

Now that we’re all set up – lets get ownCloud up and running. First off, we’re going to grab the source, currently I’m using 5.0.0, but you can obviously change to whichever source file you’d like (provided it supports 12.04 still).

mkdir /var/www/owncloud.yourdomainname.com
cd /var/www/owncloud.yourdomainname.com
wget http://download.owncloud.org/community/owncloud-5.0.0.tar.bz2
tar -xjvf owncloud-5.0.0.tar.bz2
mv owncloud www

Generate an SSL certificate

Next we’re going to generate some SSL certificates – if you already have a SSL certificate, you can skip this section. Lets start by generating a secure key – this will ask you for a passphrase, though we won’t be using this key for the actual cert, its always good to have.

cd ~
openssl genrsa -des3 -out owncloud.key 2048

Next we’re going to generate an insecure key – for use with nginx.

openssl rsa -in owncloud.key -out owncloud.key.insecure
mv owncloud.key owncloud.key.secure
mv owncloud.key.insecure owncloud.key

Now its time to generate a CSR. Fill in all the fields required, and enter the common name for your ownCloud server as you specified previously (owncloud.yourdomainname.com). You’ll likely want to leave out the challenge password, but thats up to you.

openssl req -new -key owncloud.key -out owncloud.csr

Now, you have two choices at this point, you can either create your own self-signed certificate, or you can buy a signed certificate from a registered CA. Personally, I don’t want to waste the money on a CA, so I just created my own.

openssl x509 -req -days 1825 -in owncloud.csr -signkey owncloud.key -out owncloud.crt

Now, lets move the keys into somewhere useable.

sudo mkdir /etc/nginx/certs
sudo mv owncloud.* /etc/nginx/certs/

Configure nginx

Lets move on to configuring nginx. You could also do this with a standard apache setup, but personally I prefer how much more lightweight nginx is (and considering my fileserver at home is already ram starved, I don’t want to be running anything that is memory intensive).

cd /etc/nginx/sites-available
sudo vim owncloud.yourdomainname.com

Insert the following (changing the server_name where appropriate).

# redirect http to https.
server {
  server_name owncloud.yourdomainname.com;
  rewrite ^ https://$server_name$request_uri? permanent;  # enforce https
}

# owncloud (ssl/tls)server {
  # note, if you already have a listen statement for 443 elsewhere, comment out this next line.
  listen [::]:443 ssl;
  server_name owncloud.yourdomainname.com;

  ssl_certificate /etc/nginx/certs/owncloud.crt;
  ssl_certificate_key /etc/nginx/certs/owncloud.key;

  access_log /var/log/nginx/owncloud.yourdomainname.com.access.log;
  error_log /var/log/nginx/owncloud.yourdomainname.com.error.log;

  root /var/www/owncloud.yourdomainname.com/www;

  client_max_body_size 10G; # set max upload size
  fastcgi_buffers 64 4K;

  rewrite ^/caldav((/|$).*)$ /remote.php/caldav$1 last;
  rewrite ^/carddav((/|$).*)$ /remote.php/carddav$1 last;
  rewrite ^/webdav((/|$).*)$ /remote.php/webdav$1 last;

  index index.php;
  error_page 403 = /core/templates/403.php;
  error_page 404 = /core/templates/404.php;

  location ~ ^/(data|config|\.ht|db_structure\.xml|README|AUTHORS|COPYING-AGPL|COPYING-README) {
    deny all;
  }

  location / {
    rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
    rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
    rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
    rewrite ^/apps/calendar/caldav.php /remote.php/caldav/ last;
    rewrite ^/apps/contacts/carddav.php /remote.php/carddav/ last;
    rewrite ^/apps/([^/]*)/(.*\.(css|php))$ /index.php?app=$1&getfile=$2 last;

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

    try_files $uri $uri/ index.php;
  }

  location ~ ^(?<script_name>.+?\.php)(?<path_info>/.*)?$ {
    try_files $script_name = 404;
    include fastcgi_params;
    fastcgi_param PATH_INFO $path_info;
    fastcgi_param HTTPS on;

    # if you're using unix sockets for fastcgi, uncomment the following line
    # fastcgi_pass unix:/var/run/php5-fpm.sock;
    # if you're using unix sockets for fastcgi, comment out the following line
    fastcgi_pass    127.0.0.1:9000;
  }

  location ~* ^.+.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
    expires 30d;
    # Optional: Don't log access to assets
    access_log off;
  }

}

Just a few last things to fix up before we can get going. Note, I’m creating a ownCloud data directory – this is where your files will actually be stored, you’ll likely want this on a RAID array somewhere, and the path is configurable during the ownCloud setup process.

sudo /etc/init.d/nginx restart
sudo mkdir /var/www/owncloud.yourdomainname.com/data
sudo chown -R www-data:www-data /var/www/owncloud.yourdomainname.com

Now, browse to owncloud.yourdomainname.com in your browser of choice. If you chose to sign your own certificate, you’ll be greeted with an untrusted certificate warning, you can accept this after reviewing the details, and you should be greeted with the ownCloud setup screen.

Simply create yourself an admin account, set your data directory, and insert your MySQL credentials and you’re off to the races.

If you grab the desktop sync clients, you now have your own personal dropbox service, with the only limits being the amount of hard drive space you have on your local server.


Note: I originally acquired the nginx config from another website, and have modified it to work with a more generic setup – I unfortunately cannot find the site I got it from again. If you’re the author of said website and would like attribution, please leave me a comment and I’ll make sure that its properly linked to your site.