- Advertisement -
Mythemeshop Ad
Mythemeshop Ad
Mythemeshop Ad

Introduction

OwnCloud 9.1.4 is an open source software for file sharing and data synchronization that is very useful in the enterprise sector, with an easy to use front-end web format.

This tutorial is about installing ownCloud on CentOS 7 with Nginx as your web server.

Install Nginx and PHP

First, install Nginx. This web server is available on EPEL repository, so just add it like this:

yum install epel-release

and then:

yum install nginx

Next, install PHP-FPM (FastCGI Process Manager), using webtatic repository, which is added with the following command:

- Advertisement -
WHMCS Ad
WHMCS Ad
WHMCS Ad
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Now it is possible to install PHP with other packages required by ownCloud:

yum install php70w-fpm php70w-cli php70w-json  php70w-mcrypt  php70w-pear php70w-mysql php70w-xml php70w-gd php70w-mbstring php70w-pdo

Configure PHP-FPM for Nginx

PHP-FPM configuration is done by editing the php7-fpm configuration file:

$EDITOR /etc/php-fpm.d/www.conf

Search lines containing “user” and “group” and change with:

user = nginx
group = nginx

Scroll down, looking for line “listen”, and change the content to:

listen = 127.0.0.1:9000

Next, uncomment the following lines about environment variables:

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

Save and exit.

Now, it’s time to create a new folder in /var/lib/, with the following command:

mkdir -p /var/lib/php/session

Change its owner to nginx user:

chown nginx:nginx -R /var/lib/php/session/

Start nginx and PHP-FPM:

sudo systemctl start php-fpm
sudo systemctl start nginx

Add to start at boot time (required for daily usage for the machine as server):

systemctl enable nginx
systemctl enable php-fpm

Install MariaDB

MariaDB is available in the CentOS repository, so install it with:

yum install mariadb mariadb-server

Configure the MariaDB root password:

mysql_secure_installation

During the process, answer the following questions:

Set root password? [Y/n]
New password:
Re-enter new password:

Remove anonymous users? [Y/n]
Disallow root login remotely? [Y/n]
Remove test database and access to it? [Y/n]
Reload privilege tables now? [Y/n]

Login to the MariaDB shell to create a new database and user for ownCloud. In this example, my_owncloud_db is the database name and ocuser is its user. The password is: my_strong_password.

So, execute the command:

mysql -u root -p

and then:

mysql> CREATE DATABASE my_owncloud_db;
mysql> CREATE USER ocuser@localhost IDENTIFIED BY 'my_strong_password';
mysql> GRANT ALL PRIVILEGES ON my_owncloud_db.* to ocuser@localhost IDENTIFIED BY 'my_strong_passowrd';
mysql> FLUSH PRIVILEGES;

Generate a SSL Certificate

If none exists, create a new directory for the SSL file:

mkdir -p /etc/nginx/cert/

Next, generate a new SSL certificate file:

openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/owncloud.crt -keyout /etc/nginx/cert/owncloud.key

Change the permissions with the following command:

chmod 600 /etc/nginx/cert/*

Download ownCloud

Download ownCloud Server:

wget https://download.owncloud.org/community/owncloud-9.1.4.zip

Extract the archive and move it to /usr/share/nginx/html/:

unzip owncloud-9.1.2.zip
mv owncloud/ /usr/share/nginx/html/

Go to the Nginx root directory; there, create a new data directory for ownCloud:

cd /usr/share/nginx/html/
mkdir -p owncloud/data/

Configure a Virtual Host in Nginx

Create a Virtual Host configuration file with the following command:

$EDITOR /etc/nginx/conf.d/owncloud.conf

Paste the following text into the file:

upstream php-handler {
    server 127.0.0.1:9000;
    #server unix:/var/run/php5-fpm.sock;
}
 
server {
    listen 80;
    server_name data.owncloud.co;
    # enforce https
    return 301 https://$server_name$request_uri;
}
 
server {
    listen 443 ssl;
    server_name storage.example.com;
 
    ssl_certificate /etc/nginx/cert/owncloud.crt;
    ssl_certificate_key /etc/nginx/cert/owncloud.key;
 
    # Add headers to serve security related headers
    # Before enabling Strict-Transport-Security headers please read into this topic first.
    add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header X-Download-Options noopen;
    add_header X-Permitted-Cross-Domain-Policies none;
 
    # Path to the root of your installation
    root /usr/share/nginx/html/owncloud/;
 
    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }
 
    # The following 2 rules are only needed for the user_webfinger app.
    # Uncomment it if you're planning to use this app.
    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
 
    location = /.well-known/carddav {
        return 301 $scheme://$host/remote.php/dav;
    }
    location = /.well-known/caldav {
        return 301 $scheme://$host/remote.php/dav;
    }
 
    location /.well-known/acme-challenge { }
 
    # set max upload size
    client_max_body_size 512M;
    fastcgi_buffers 64 4K;
 
    # Disable gzip to avoid the removal of the ETag header
    gzip off;
 
    # Uncomment if your server is build with the ngx_pagespeed module
    # This module is currently not supported.
    #pagespeed off;
 
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;
 
    location / {
        rewrite ^ /index.php$uri;
    }
 
    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
        return 404;
    }
    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        return 404;
    }
 
    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
        fastcgi_param front_controller_active true;
        fastcgi_pass php-handler;
        fastcgi_intercept_errors on;
        fastcgi_request_buffering off;
    }
 
    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
        try_files $uri $uri/ =404;
        index index.php;
    }
 
    # Adding the cache control header for js and css files
    # Make sure it is BELOW the PHP block
    location ~* \.(?:css|js)$ {
        try_files $uri /index.php$uri$is_args$args;
        add_header Cache-Control "public, max-age=7200";
        # Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
        # Before enabling Strict-Transport-Security headers please read into this topic first.
        #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
        add_header X-Content-Type-Options nosniff;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        # Optional: Don't log access to assets
        access_log off;
    }
 
    location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
        try_files $uri /index.php$uri$is_args$args;
        # Optional: Don't log access to other assets
        access_log off;
    }
}

Save and exit. Next, test Nginx:

nginx -t

This should display a “Syntax OK” message.

Restart Nginx:

systemctl restart nginx

Conclusion

The server side configuration is complete. The last thing to do is to go to your ownCloud server URL (storage.example.com in this example) with a web browser and finish the configuration with the graphical front-end. Do this by creating a new admin account, and entering database credentials created in the previous steps. Your cloud storage service is now ready for a daily usage!

Enjoy!

- Advertisement -
Ting.com Ad
Ting.com Ad
Ting.com Ad