From Fedora Project Wiki

(Brand new edition of Owncloud installation guide, with all main security features enabled)
Line 1: Line 1:
ownCloud is a AGPLv3 private file server
ownCloud is a AGPLv3 private file server
Owncloud is a software for creating a personal cloud system. Here, an installation guide for the server side.


== Features ==
== Features ==
Line 9: Line 12:
* Many more
* Many more


== Installation ==
==Installation==


=== Requirements ===
<code># yum install owncloud</code>
===SSL certificate configuration===
In order to have secure communications between host and server, you need to generate a key and a certificate


The following software must be installed and configured
<code># yum install crypto-utils</code>


<ol><li>A database management system
<code># genkey ''hostname''</code>
* [[MariaDB]]</li>


<li>A web server
Answer "no" to the question "Would you like to send a Certificate Request (CSR) to a Certificate Authority (CA)?"
* [[Apache HTTP Server]]</li></ol>


=== Install owncloud ===
To allow httpd service to use SSL, you need to install proper dependencies


<pre>$ su root
<code># yum install mod_ssl openssl</code>
$ yum install owncloud owncloud-mysql owncloud-httpd</pre>


A configuration file named <code>/etc/httpd/conf.d/owncloud.conf</code> should have been created
and apply the following editings to


Start [[MariaDB]] and [[Apache HTTP Server]] if they weren't already
<code>/etc/httpd/conf.d/ssl.conf</code>
<pre>$ systemctl start httpd
$ systemctl start mariadb</pre>


If Apache was already running restart it
putting at the bottom
<pre>$ systemctl restart httpd</pre>
<pre>
SSLCertificateFile /etc/pki/tls/certs/hostname.crt
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key
</pre>


=== Create a database ===
To force SSL usage in Owncloud server:


Log in as root to MariaDB
<code># nano /etc/owncloud/config.php</code>
<pre>$ mysql -u root -p</pre>


Create a new databse
e modify entry
<pre>CREATE DATABASE IF NOT EXISTS owncloud;</pre>


Create a new user and grant him privileges
<code>'forcessl' => false</code>
<pre>CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON owncloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';</pre>


Reload privileges and quit
as the following one
<pre>FLUSH PRIVILEGES;
quit</pre>


=== Setup owncloud ===
<code>'forcessl' => true,</code>


Open <code>localhost/owncloud</code> in your browser and create the admin account. Also configure owncloud database parameters set previously.


Then your owncloud server should be available under your <code>localhost/owncloud</code>. Unless configured otherwise it won't be available from outside.
To create admin user, insert into the browser (ignoring warning about unsigned certificate)


{{admon/warning | This exposes your installation to the Internet and potential attackers. Secure your installation properly before exposing your server to the Internet.}}
<code>localhost/owncloud</code>


Once owncloud is properly configured you can make it available from outside. Open Apache ports and edit <code>/etc/httpd/conf.d/owncloud.conf</code> such that
==Grant remote access to the server==
<pre>   <IfModule mod_authz_core.c>
===Firewall configuration===
    # Apache 2.4
You need to find out the active firewall zone
    #Require local
 
    Require all granted
<code># firewall-cmd --list-all-zones | grep active</code>
    </IfModule>
 
    <IfModule !mod_authz_core.c>
in our case:
    # Apache 2.2
 
    Order Deny,Allow
<code>public (default, active)</code>
    #Deny from all
 
    #Allow from 127.0.0.1
then we will use the following commands to allow access to http and https services
    #Allow from ::1
<pre># firewall-cmd --permanent --zone=public --add-service=http
    Allow from all
# firewall-cmd --permanent --zone=public --add-service=https
    </IfModule>
# systemctl restart firewalld</pre>
</pre>
 
===Configuring Apache permissions===
In order to allow access to remote hosts, you need to configure Apache's
 
<code>/etc/httpd/conf.d/owncloud.conf</code>


This however enables owncloud for all your virtual hosts under <code>hostname/owncloud</code>. If this is not what you want, comment out this line
as the following example:
<pre># Alias /owncloud /usr/share/owncloud</pre>


And for example, let's say that you want to create a virtual host for owncloud using the domain <code>owncloud.hostname</code> with SSL support. If /etc/httpd/conf.d/hostname.conf doesn't exist, create it, and paste this
<pre>
<pre>
<VirtualHost *:80>
<IfModule mod_authz_core.c>
    ServerName hostname
# Apache 2.4
    DocumentRoot /usr/share/owncloud
#Require local
</VirtualHost>
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
#Deny from all
#Allow from 127.0.0.1
#Allow from ::1
Allow from all
</IfModule>
</pre>
 
===Configuration of exposed IP addresses===
Finally you need to set into configuration file


<VirtualHost *:443>
<code>/etc/owncloud/config.php</code>
    ServerName hostname
    DocumentRoot /usr/share/owncloud
    SSLEngine On
    SSLCertificateFile /etc/pki/tls/certs/hostname.crt
    SSLCertificateKeyFile /etc/pki/tls/private/hostname.key
</VirtualHost>
</pre>


ownCloud onfiguration file is <code>/etc/owncloud/config.php</code>
at entry


<pre>array (
  0 => 'localhost',
)</pre>
the IP addresses with which the server will be exposed outside (both LAN and WAN). An example of configuration with IP addresses for both LAN and WAN is:
<pre>
array (
  0 => 'localhost',
  1 => '192.168.1.100',
  2 => '200.100.1.100',
)
</pre>
 
== Troubleshooting ==
== Troubleshooting ==


Line 102: Line 118:
If you have a dynamic IP address you can configure a dynamic DNS client, for example [[inadyn-mt]] to update your ip for your DNS server account
If you have a dynamic IP address you can configure a dynamic DNS client, for example [[inadyn-mt]] to update your ip for your DNS server account


== Links ==
 
==Resources==
*[http://docs.fedoraproject.org/en-US/Fedora/15/html/Deployment_Guide/ch-Web_Servers.html#s2-apache-mod_ssl Fedora Deployment_Guide: Setting Up an SSL Server]
*[http://docs.fedoraproject.org/en-US/Fedora/14/html/Deployment_Guide/s1-apache-mod_ssl.html Fedora Deployment_Guide: Setting Up an SSL Server]
* [http://doc.owncloud.org/server/6.0/admin_manual/contents.html ownCloud Administrators Manual]
* [http://doc.owncloud.org/server/6.0/admin_manual/contents.html ownCloud Administrators Manual]

Revision as of 20:52, 21 July 2014

ownCloud is a AGPLv3 private file server


Owncloud is a software for creating a personal cloud system. Here, an installation guide for the server side.

Features

  • Online file storage
  • Android compatibility
  • Contacts(CarDAV) and calendar (CalDAV) synchronization
  • Music streaming
  • Many more

Installation

# yum install owncloud

SSL certificate configuration

In order to have secure communications between host and server, you need to generate a key and a certificate

# yum install crypto-utils

# genkey hostname

Answer "no" to the question "Would you like to send a Certificate Request (CSR) to a Certificate Authority (CA)?"

To allow httpd service to use SSL, you need to install proper dependencies

# yum install mod_ssl openssl

and apply the following editings to

/etc/httpd/conf.d/ssl.conf

putting at the bottom

SSLCertificateFile /etc/pki/tls/certs/hostname.crt
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key

To force SSL usage in Owncloud server:

# nano /etc/owncloud/config.php

e modify entry

'forcessl' => false

as the following one

'forcessl' => true,


To create admin user, insert into the browser (ignoring warning about unsigned certificate)

localhost/owncloud

Grant remote access to the server

Firewall configuration

You need to find out the active firewall zone

# firewall-cmd --list-all-zones | grep active

in our case:

public (default, active)

then we will use the following commands to allow access to http and https services

# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# systemctl restart firewalld

Configuring Apache permissions

In order to allow access to remote hosts, you need to configure Apache's

/etc/httpd/conf.d/owncloud.conf

as the following example:

<IfModule mod_authz_core.c>
# Apache 2.4
#Require local
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
#Deny from all
#Allow from 127.0.0.1
#Allow from ::1
Allow from all
</IfModule>

Configuration of exposed IP addresses

Finally you need to set into configuration file

/etc/owncloud/config.php

at entry

array (
   0 => 'localhost',
)

the IP addresses with which the server will be exposed outside (both LAN and WAN). An example of configuration with IP addresses for both LAN and WAN is:

array (
   0 => 'localhost',
   1 => '192.168.1.100',
   2 => '200.100.1.100',
)

Troubleshooting

Dynamic IP adress

If you have a dynamic IP address you can configure a dynamic DNS client, for example inadyn-mt to update your ip for your DNS server account


Resources