Setting up an OwnCloud Server – Part 2

In part 2 of setting up our OwnCloud server we get to the good part. That’s right we are going to actually get the server running!

Firstly we are going to download the image for a manual installation and then we are going to configure a basic running instance. First off lets create a temporary directory to download the OwnCloud files and download them. For me the latest version of OwnCloud was 5.0.12, you can check for the latest version at the OwnCloud link below.

mkdir ~/temp/
cd temp/
wget http://download.owncloud.org/community/owncloud-5.0.12.tar.bz2
tar jxf owncloud-5.0.12.tar.bz2

Next we want to make sure we have all of the dependencies of OwnCloud. Run the following commands to make sure we do. These are the dependencies listed on the OwnCloud site, if like me you plan on MySQL, then you should be able to omit the SQLite packages without any problems.

sudo apt-get install apache2 php5 php5-gd php-xml-parser php5-intl
sudo apt-get install php5-sqlite php5-mysql php5-pgsql smbclient curl libcurl3 php5-curl

Once they have installed correctly we can copy the OwnCloud files to our web server directory, which is /var/www/ First though, we want to remove the simple html file that is in our web server directory. Then we need to change the ownership to of the three following folders in our web server directory: apps/, data/ and config/ directories.

sudo rm /var/www/index.html
sudo cp -r ~/temp/owncloud/* /var/www/ 

Once the files have copied, we can test to see if they have copied correctly. Simple type the IP address of your server, in my case 192.168.2.100, into your web browser. Dont worry if you get errors, we still have some more configuring to do. One problem that I found when following the OwnCloud manual installation instructions was that the OwnCloud installation was unable to create a data/ directory. So I simply created it manually, not wanting to give the www-data user write privileges in the web server folder. Then we need to change the ownership to of the three following folders in our web server directory: apps/, data/ and config/ directories.

sudo mkdir /var/www/data/
sudo chown -R www-data:www-data /var/www/apps/
sudo chown -R www-data:www-data /var/www/data/
sudo chown -R www-data:www-data /var/www/config/

Now when you refresh the OwnCloud page in your browser you should get a login screen with an error about .htaccess. This is the next part of our configuration, which is apache itself. With security in mind, it seems a given that we should be using secure http for all access to our OwnCloud server. The first thing we need to do is generate our keys and then generate a Certificate Signing Request. To keep our file system tidy, lets do all the work in our temp directory. Firstly we need to generate our secure key which will ask for a pass phrase. If you want maximum security you should make it a complex password which you will have to enter every time apache restarts. If you want to leave the pass phrase, you can skip commands 3 – 5. I don’t want to have to enter the pass phrase on start-up however, so I am going to remove it. Once the password has been removed we then generate our CSR. It doesn’t really matter what information you put into the CSR, just remember the challenge password.

cd ~/temp/
openssl genrsa -des3 -out server.key 1024
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key
openssl req -new -key server.key -out server.csr

Now we need to generate our Self Signed Certificate. I wanted my certificate to last for 10 years so I don’t have to worry about it, but you can change it to however long you want. Then it is just a simple matter of copying the certificate and key to the appropriate folders.

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
sudo cp server.crt /etc/ssl/certs
sudo cp server.key /etc/ssl/private

Now we need to enable the SSL module in apache and make a backup of the config file before we update it. While we are working on modifying apache we will also enable the rewrite module. OwnCloud needs this enabled and it will save us an apache restart later down the track.

sudo a2enmod ssl
sudo a2enmod rewrite
sudo cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.backup sudo nano /etc/apache2/sites-available/default-ssl

Now change the following two settings to tell apache what key and certificate to use. These two settings are just below the SSLEngine on setting.

SSLCertificateFile    /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

While we are in the default-ssl file we might as well make the necessary changes to stop the .htaccess error as well. At the top of the file change the first two AllowOverride from None to All. It should end up looking something like this.

<Directory />
                Options FollowSymLinks
                AllowOverride All
</Directory>
<Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
</Directory>

Save and exit the config file and restart apache.

sudo service apache2 restart

You should now be able to go to the https:// version of your site. If you check out the certificate information, you should see the information you entered while creating it.

The next step for me was to change where OwnCloud was storing its user data. I want the data to be stored on a NAS system that I have rather than on the local hard drive. This requires an entry into the fstab file so ubuntu will automount it at start-up. If you are happy with OwnCloud storing the user data on the local hard drive you can skip the next few steps.

sudo nano /etc/fstab

Then I added the following to the bottom of the file. This is for my specific setup, you will need to modify accordingly to suit your needs.

//192.168.2.101/homes /var/www/data cifs credentials=/home/<username>/.smbcredentials,uid=www-data,gid=www-data,file_mode=0770,dir_mode=0770 0 0

Save and exit. We then need to create a file called .smbcredentials which will hold our NAS login details.

sudo nano ~/.smbcredentials

Now enter you NAS login details then save and exit. Now we want to make the file so that only the root user can read it. That way any would be hackers need root access to be able to get your NAS login details.

sudo chmod 400 ~/.smbcredentials

If you were to try to read .smbcredentials now as a standard user, you will get permission denied. The next step is to tell ubuntu to go back through the fstab file and mount them all.

sudo mount -a

The data directory should now be pointing to you NAS. To test it out create a file or folder in the directory you pointed to on your NAS. Then if you list the files in the data directory of your OwnCloud server it should appear.

sudo ls -l /var/www/data/

Don’t worry, we are getting very close to being able to log in to our OwnCloud Server! Now we need to set up a MySQL database. If you are planning on using SQLite then you can skip the following steps. First we need to log into MySQL as the root user. Use the password you entered when you installed MySQL.

mysql -u root -p

Now enter the following commands. Change the username and password to what you want your database login details to be.

CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS owncloud;
GRANT ALL PRIVILEGES ON owncloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';
quit

Now if you go to your browser and navigate to your OwnCloud server we can log on. This first time you are entering the login details of your administrator user. You can choose any username and password combination that you want. You will also need to drop down the advanced section and enter the MySQL details you just made. If all has gone to plan you should be able to click Finish Setup and log in as your administrator.

Congratulations on setting up your very own OwnCloud server. I hope my log of what I did was useful to you. As always if you have any questions or comments hit me up below.

 

By Ryan Sevelj

 

Sources:

owncloud.org

https://help.ubuntu.com/lts/serverguide/certificates-and-security.html

https://help.ubuntu.com/lts/serverguide/httpd.html

Leave a Reply