Your Cloud, Your Data, Your Way! - ownCloud 4.0 On CentOS 6.2 + nginx + PostgreSQL

Want to support HowtoForge? Become a subscriber!
 
Submitted by deghost (Contact Author) (Forums) on Thu, 2012-05-31 19:33. :: CentOS | nginx | Storage

Your Cloud, Your Data, Your Way! - ownCloud 4.0 On CentOS 6.2 + nginx + PostgreSQL

This document describes how to install and setup ownCloud by "ownCloud community" on a CentOS 6.2 based webserver from tar package on a nginx and php-fpm with postgreSQL database as backend. For other distributions there might be minor changes as to the software prerequisites installation procedures. This guide will not only help install the product, but also understand why certain points are done the way they are done (this is most helpful for users with little or no knowledge who, like me some time ago, have only started using Linux).

 

What is ownCloud?

It's a group or company file / contact / calendar sharing tool, which, from my point of view, makes best of both Dropbox and GroupOffice (except for email integration so far), and is not as cluttered or heavy as Alfresco or Sharepoint.

Links to several sections of developer:

I do not guarantee it will work for you, since later on there could be changes in software, both prerequisite and main, done in such a way that will break or anyhow else disallow procedures mentioned in this tutorial to complete successfully.
P.S. All added bugs are mine. Use comments or browse to IRC.

 

Preliminary Note

In this tutorial we use:

  • Centos 6.2 installation media
  • Hostname: owncloud.example.com
  • IP address: 192.168.1.100
  • Router address: 192.168.1.1
  • Netmask: 255.255.255.0
  • Assume(imagine) that the server is connected to the public internet
  • We use our computer to administer the server remotely via ssh (putty on windows), even if you have the server by your side, or have it as virtual machine ran under your main operating system
  • GNU vim as our primary text editor. But feel free to use any other of your liking

 

Requirements

We will need a working clean (minimal) installation of Centos 6.2 (x86 or x86_64 is irrelevant), I personally use x86_64 version and i strongly suggest you do the same.

 

First Things First

Login to the server console as root. You will be at the [root@owncloud ~]# prompt.

I prefer certain setting, that are completely optional, but you might find them useful later on. I setup my terminal to show output in color with date, time, server name and current folder at the prompt. Also to show history of commands with date/time. I also increase default history-size values.

To do so, execute:

vi ~/.bash_profile

Add mentioned lines after the export PATH directive. In case you don't know, pressing "i" enters insert mode, "ESC" exits it. Vi is vi :)

#History size to hold 50.000 commands and inflate filesize ten times bigger
export HISTSIZE=50000
export HISTFILESIZE=500000
#Show history with date as example: "24.05.2012 - 14:28:56"
export HISTTIMEFORMAT="%d.%m.%Y - %H:%M:%S "
#Autocolor output of "ls" command
export LS_OPTIONS='--color=auto'
eval "`dircolors`"
#Set prompt to display as example: "Thu May 24 2012  14:28:56 owncloud.example.com of root @ ~]"
#and colorize date, time and location differently. Set all input text to default values.
PS1="\e[1;37m\][\e[1;36m\] \d \D{%Y}  \e[1;31m\]\t \e[1;37m\] \H of \u @ \W] \033[00m\]"

Save and exit file. Again, if you do not know, outside insert mode you either enter ":wq" and press enter to save and exit, or just press "ZZ" to do the same. To re-login to terminal to apply changes, execute:

exit

 

Networking

If you did not set up static IP address during the installation, say you have a DHCP-enabled router, you need to do it now, otherwise proceed to the next step.

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Change or add only mentioned lines.

BOOTPROTO="none"
NETWORK="192.168.1.0"
NETMASK="255.255.255.0"
IPADDR="192.168.1.100"
GATEWAY="192.168.1.1"

Save and exit. Then restart the network:

service network restart

Check that network is reconfigured by executing:

ifconfig

Now you should be able to ssh to server on 192.168.1.100 as root. But don't do that just yet, first complete next step.

 

Securing The Server

Before we proceed any further, since we assumed that the server is, in fact, connected to the internet, we need to secure it. We will do three things.

  • Reconfigure ssh-server so it will not allow root login and change default port 22 to something else, less common, i.e. 60606,
  • Set up iptables to allow incoming connections on new port,
  • Add our firs system user in order to login with him via ssh.
  1. Securing remote login

    If you are not yet logged in from the console to the server (i mean local console, not ssh yet), log in as root, then execute:

    vi /etc/ssh/sshd_config

    On the line thirteen of unaltered default file (in case you wonder again, type ":set number" and press enter outside insert mode to get the line numbers) there is Port 22 directive. Duplicate it, change the port number to 60606 and uncomment.
    Then find (outside insert mode press "/" and type phrase you are looking for) PermitRootLogin yes directive duplicate again and change it's value to no and uncomment it as well, then save the file. Oh, and it's ":noh" to switch highlighting off.
    Restart sshd afterwards:

    service sshd restart

  2. Setting iptables

    First check already existing iptables:

    iptables -L -v --line-numbers

    In default installation at position '4' will be directive to accept new tcp connections on default ssh port, we need to get rid of it, thus execute:

    iptables -D INPUT 4

    Now we need to allow connections to port 60606 instead. Execute:

    iptables -I INPUT 4 -p tcp -d 192.168.1.100 --dport 60606 -j ACCEPT

    Lastly to save current iptables state execute:

    service iptables save
    service iptables restart

  3. Adding first user

    All is good now, except for one thing, we've banned ourselves from ssh, since root is not permitted and there are no other system users yet. Time to correct:

    useradd -c "ownCloud system user" -m -n cloudadmin

    Set password for this user:

    passwd cloudadmin

    Done. You could set password for user in the first command, but this way password value will be visible during entry in terminal window and also be saved in .bash_history of root user, that is not desirable.
    Now you can log in via ssh executing following command in your terminal window on local computer:

    ssh cloudadmin@192.168.1.100 -p60606

 

Pre Setup Steps

Software installation in most cases is pretty much straightforward and we could have 'checked' most of it upon initial install, but i prefer to do things by hand.
I intentionally divide installation into sections.

  1. Logging as superuser

    At this very moment you should be on the console prompt as clouddmin user. To gain root privileges execute:

    su -

  2. Software repositories

    In order to use desired software, two repositories are required.
    First EPEL, execute:

    rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-6.noarch.rpm

    And no, i386 is not a mistake, it's same for both 32-bit and 64-bit systems.
    Then Remi, execute:

    rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
    rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

    Now check both epel and remi repositories and in case it isn't there set enabled=1 by executing:

    vi /etc/yum.repos.d/epel.repo
    vi /etc/yum.repos.d/remi.repo

    Finally, update your system. Even freshly installed CentOS might require update first. Execute:

    yum update -y

  3. Precision time

    It is good to be in sync with the rest of the world, execute:

    yum install ntp
    service ntpd start
    chkconfig ntpd on
    ntpd

  4. Some other tools

    To make my life a bit easier, i use vim instead of vi, htop instead of top, elinks to quickly test things from within terminal and mc, as a good and not only dual-pane file manager, wget is required to download stuff and man is essential when you want to read just about anything. Execute:

    yum install vim htop elinks mc wget man -y

 

ownCloud Setup

  1. Software prerequisites

    A bunch of php stuff, execute:

    yum install php-fpm php-gd php-ldap php-pear php-xml php-xmlrpc php-eaccelerator php-magickwand php-magpierss php-mbstring php-mcrypt php-shout php-snmp php-soap php-tidy php-pgsql

    Edit php.ini, execute:

    vim /etc/php.ini

    There are four directives to change,
    first should be on line 736, directive post_max_size
    second on line 848, directive cgi.fix_pathinfo
    third on line 885, directive upload_max_filesize
    last on line 956, directive date.timezone modify it according to location of your server.

    [...]
    post_max_size = 64M
    [...]
    cgi.fix_pathinfo = 0
    [...]
    upload_max_filesize = 64M
    [...]
    date.timezone = "Europe/Prague"
    [...]

    In case you don't know how, you can find your timezone name by executing:

    cat /etc/sysconfig/clock

    Next, configure php-fpm to use unix socket instead of tcp stack, execute:

    vim /etc/php-fpm.d/www.conf

    From the line twelve, make it look like this:

    ;listen = 127.0.0.1:9000
    listen = /var/run/php-fpm/php-fpm.sock

    Start php-fpm:

    chkconfig php-fpm on
    service php-fpm start

  2. Backend - PostgreSQL

    To install and set it up, execute:

    yum install postgresql postgresql-libs postgresql-server
    service postgresql initdb
    service postgresql start
    chkconfig postgresql on

    Login to postgres as postgres system user, create database user, database and grant privileges

    su - -c "psql" postgres
    CREATE USER clouduser WITH PASSWORD 'userpass';
    CREATE DATABASE clouddb OWNER clouduser ENCODING 'UTF8';
    GRANT ALL PRIVILEGES ON DATABASE clouddb TO clouduser;
    \q

    Alter postgresql config file to allow password logins:

    vim /var/lib/pgsql/data/pg_hba.conf

    • Search for

      # IPv4 local connections:
      host all all 127.0.0.1/32 ident

    • And alter it to

      # IPv4 local connections:
      host all all 127.0.0.1/32 password

    Now restart the database:

    service postgresql restart

  3. nginx webserver

    Install, set to start on boot and then stop it:

    yum install nginx
    service nginx start
    chkconfig nginx on
    service nginx stop

    Prepare configuration file for ownclod website:

    vim /etc/nginx/conf.d/owncloud.conf

    # redirect http to https.
    server {
      listen 80;
      server_name owncloud.example.com;
      rewrite ^ https://$server_name$request_uri? permanent;  # enforce https
    }
    # owncloud (ssl/tls)
    server {
      listen 443 ssl;
      ssl_certificate /etc/nginx/certs/server.crt;
      ssl_certificate_key /etc/nginx/certs/server.key;
      server_name owncloud.example.com;
      root /var/www/owncloud;
      index index.php;
      client_max_body_size 64M; # set maximum upload size
      # deny direct access
      location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
        deny all;
      }
      # default try order
      location / {
        try_files $uri $uri/ @webdav;
      }
      # owncloud WebDAV
      location @webdav {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS on;
        include fastcgi_params;
      }
      # enable php
      location ~ \.php$ {
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS on;
        include fastcgi_params;
      }
    }

    Now let's create certificates for the server, answer to questions in prompt according to your settings:

    mkdir -p /etc/nginx/certs/
    cd /etc/nginx/certs/
    openssl genrsa -des3 -out server.key 1024
    openssl req -new -key server.key -out server.csr
    cp server.key server.key.orig
    openssl rsa -in server.key.orig -out server.key
    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

    Reload nginx to enable new configuration:

    service nginx reload

  4. ownCloud files and directories

    ownCloud installation consists of downloading and unpacking archive, with some tweaks on the server side, thus, execute:

    cd /tmp
    wget http://download2.owncloud.org/releases/owncloud-4.0.0.tar.bz2
    tar xjf owncloud-4.0.0.tar.bz2
    mv owncloud /var/www/
    mkdir -p /var/www/owncloud/data
    chmod 770 /var/www/owncloud/data
    chown -R root:apache /var/www/owncloud

    And yet again, apache as group in the last command is not an error. php-fpm is run by default as user apache

  5. Access the website

    Open port 443 in order to be able to access the website, execute:

    iptables -I INPUT 4 -p tcp -d 192.168.1.100 --dport 443 -j ACCEPT
    service iptables save
    service iptables restart

 

Test Run

Browse to the https://owncloud.example.com via your browser of choice and finish the installation procedure.

Choose administrator username and password, choose PostgreSQL as database backend and post appropriate values in the Database connection settings.

Enjoy.

 

Troubleshooting

Log files are located as following:

/var/www/owncloud/data/owncloud.log
/var/log/php-fpm/www-error.log
/var/log/nginx/access.log
/var/log/nginx/error.log


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by Chris B. (not registered) on Sun, 2014-05-04 19:26.

Hi @all,

thanks for the great description. I know this article is based on older versions I want to describe my experience applying the described steps to CentOS 6.5 and OwnCloud 6.0.3.

As I found it as one of the first matches searching for installing ownCloud on CentOS this might still be interesting for others as well.

 These are the parts where my setup deviates from the instructions above:

Pre Setup Steps

II. Software repositories

I did not install the 'remi' repository

ownCloud Setup

I. Software prerequisites

I did not install php-magpierss because of its dependency to httpd

II. nginx webserver 

/etc/nginx/conf.d/owncloud.conf

I used owncloud.conf based on the ownCloud installation instructions

Troubleshooting

login loop

After the initial setup I could not login with the ownCloud admin user. Found these errors in /var/www/owncloud/data/owncloud.log:

"session_start(): open(\/var\/lib\/php\/session\/sess_uhu89bqa6ijcio8ldgpbnb3a61, O_RDWR) failed: No such file or directory
"session_write_close(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct

Solution

cd /var/lib/php
mkdir session
chmod -R 770 session
chown -R root:apache session

Contacts App not loading

Attempt to open the 'contacts' app opened the default app 'files'.
/var/log/nginx/access.log showed http error 307 for attempts to load
https://owncloud.sally.local/index.php/apps/contacts/

Solution: This threaded pointed into the right direction:
https://github.com/owncloud/core/issues/6840
I switched off eAccelerator in /etc/php.d/eaccelerator.ini by setting

eaccelerator.enable = "0"

Once more, thanks Denis for the great tutorial. I learned a lot and you saved me lots of time.

... Chris

Submitted by alexnogard (not registered) on Mon, 2012-12-10 23:06.
I wrotte a tutorial about active directory authentication with owncloud if you want to go further; http://alexnogard.com/owncloud-4-authentication-active-directory-windows-server-2003-2008-2012/
Submitted by Brad (not registered) on Sat, 2012-11-24 23:15.

Thanks for taking time to post this. I know just enough about networking to be dangerous and this really sped things up for me.

 Brad

Submitted by Luke Vidler (not registered) on Fri, 2012-10-12 00:43.

Thanks!

 Really nicely documented. Great work.

Submitted by Jeff H (not registered) on Tue, 2012-06-12 14:41.

I have followed these to letter, although I can add files on the web just fine, I can't remote sync the files at all.  It complains when using owncloud client, that it can't create the folders.  I looked at opening up the "files" subdirectory with 777 permissions but that failed also, so I am at a loss for right now.