Run your own cloud: Installing OwnCloud 9 on Debian 8

OwnCloud offers you the ability to run a cloud storage service that you administer and control yourself. The latest version, ownCloud 9.0, was released on March 8.

Installing ownCloud

Let's look at the process of installing ownCloud 9.0 on a system running Debian Jessie.

Begin by installing the supporting software packages. OwnCloud uses PHP and recommends MariaDB as its database. As root, install the following packages with apt-get:

apt-get install mariadb-server mariadb-client apache2 libapache2-mod-php5 php5-json php5-gd php5-mysql php5-curl php5-intl php5-mcrypt php5-imagick

2. Download

Next, download the ownCloud 9.0 package. In this step we will also download the SHA256 hash, ownCloud's public PGP signature, and the PGP signature for the softare package. We'll use these in the following steps to verify and authenticate the software before installing it. SHA256 is the recommended verification algorithm, but if you'd prefer to verify using MD5, that hash is also available for download on ownCloud's website.

These commands use wget to download the files, but you could just as easily download them by entering the URLs into your web browser.

wget https://download.owncloud.org/community/owncloud-9.0.0.tar.bz2

wget https://download.owncloud.org/community/owncloud-9.0.0.tar.bz2.sha256

wget https://owncloud.org/owncloud.asc

wget https://download.owncloud.org/community/owncloud-9.0.0.tar.bz2.asc

3. Verify the integrity of the downloaded package

Check that the SHA256 hash of the downloaded software archive matches the sum provided by ownCloud:

sha256sum -c owncloud-9.0.0.tar.bz2.sha256

Successful output:

owncloud-9.0.0.tar.bz2: OK

If the sums do not match, you should not proceed! Make sure that your download is verified before performing the remaining steps.

4. Import ownCloud PGP public key to GnuPG keyring

Next, we'll use GnuPG to verify authenticity of the software package. To do this, first import ownCloud's public PGP key into your GnuPG keyring.

gpg --import owncloud.asc

Successful output:

[...]
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

5. Verify authenticity of package signature

Next, use GnuPG to verify the signature of the software package. It will check the signature against the archive, using the key you imported in the previous step.

gpg --verify owncloud-9.0.0.tar.bz2.asc

Successful output:

[...]
gpg: Good signature from "ownCloud <[email protected]>"
[...]

You will receive a warning that ownCloud's signature is not yet trusted. Trusting the signature is an optional step for you to perform yourself. For more information about trusting public keys, refer to the GNU Privacy Handbook, Chapter 3.

6. Extract software package

After the download is verified and authenticated, extract it.

tar xjvf owncloud-9.0.0.tar.bz2

7. Copy ownCloud directory into Apache2 document root

Next, copy the newly-created owncloud directory and its contents into your web document root. In Debian 8, Apache2 uses /var/www/html as its default document root; you can customize this location if you wish. In this tutorial, we will place owncloud directly into /var/www.

cp -r owncloud /var/www

8. Add owncloud to Apache2 available sites

Now we can begin configuring Apache2. Create a copy of the default site configuration file, /etc/apache2/sites-available/000-default.conf, naming it owncloud.conf.

cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/owncloud.conf

9. Edit ownCoud site configuration

As root, open /etc/apache2/sites-available/owncloud.conf in a text editor. Make the following modifications:

  1. Locate the ServerName line and uncomment it by removing the leading #
  2. Change the ServerName value to match the hostname that will appear in the URL you use to access the server: for instance, www.mypersonaldomain.com or myhostname
  3. Add the following lines to the end of the file, modifying the directory name as necessary to conform to the location where you placed owncloud:
Alias /owncloud "/var/www/owncloud/"

<Directory /var/www/owncloud/>
  Options +FollowSymlinks
  AllowOverride All

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/owncloud
 SetEnv HTTP_HOME /var/www/owncloud

</Directory>

Create a symbolic link to your site configuration in the directory /etc/apache2/sites-enabled:

ln -s /etc/apache2/sites-available/owncloud.conf /etc/apache2/sites-enabled/owncloud.conf

11. Enable Apache2 modules

OwnCloud requires mod_rewrite. Enable it:

a2enmod rewrite

The headers module is recommended. Enable it:

a2enmod headers

The env, dir, and mime modules are also recommended. These are usually enabled by default, but you can manually enable them to be safe:

a2enmod env

a2enmod dir

a2enmod mime

12. Enable the ownCloud site configuration and restart Apache2

Enable your site configuration:

a2ensite owncloud

Restart the Apache2 service so your changes take effect:

service apache2 restart

13. Set permissions for ownCloud files

Before you can begin configuring ownCloud, you'll need to make sure the HTTP user/group have permission to make changes to ownCloud's files. In Debian, this user and group are named www-data. Make them the owner of the owncloud directory and all its contents.

chown -R www-data:www-data /var/www/owncloud/

Next, refine these permissions. The exact permissions for the owncloud installation are:

  • All files should be read-write for the file owner, read-only for the group owner, and not accessible to others
  • All directories should be executable, read-write for the directory owner, and read-only for the group owner
  • The apps/ directory should be owned by [HTTP user]:[HTTP group]
  • The config/ directory should be owned by [HTTP user]:[HTTP group]
  • The themes/ directory should be owned by [HTTP user]:[HTTP group]
  • The assets/ directory should be owned by [HTTP user]:[HTTP group]
  • The data/ directory should be owned by [HTTP user]:[HTTP group]
  • The [ocpath]/.htaccess file should be owned by root:[HTTP group]
  • The data/.htaccess file should be owned by root:[HTTP group]
  • Both .htaccess files should be read-write for the file owner, read-only for the group owner, and not accessible to others

To conform to this permissions structure, copy and paste the following script into a new file. In this example, the script filename will be /root/oc-perms.sh. Modify the ocpath value if you are using a custom location.

#!/bin/bash
ocpath='/var/www/owncloud'
htuser='www-data'
htgroup='www-data'
rootuser='root'

printf "Creating possible missing Directories\n"
mkdir -p $ocpath/data
mkdir -p $ocpath/assets

printf "chmod Files and Directories\n"
find ${ocpath}/ -type f -print0 | xargs -0 chmod 0640
find ${ocpath}/ -type d -print0 | xargs -0 chmod 0750

printf "chown Directories\n"
chown -R ${rootuser}:${htgroup} ${ocpath}/
chown -R ${htuser}:${htgroup} ${ocpath}/apps/
chown -R ${htuser}:${htgroup} ${ocpath}/config/
chown -R ${htuser}:${htgroup} ${ocpath}/data/
chown -R ${htuser}:${htgroup} ${ocpath}/themes/
chown -R ${htuser}:${htgroup} ${ocpath}/assets/

chmod +x ${ocpath}/occ

printf "chmod/chown .htaccess\n"
if [ -f ${ocpath}/.htaccess ]
 then
  chmod 0644 ${ocpath}/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/.htaccess
fi
if [ -f ${ocpath}/data/.htaccess ]
 then
  chmod 0644 ${ocpath}/data/.htaccess
  chown ${rootuser}:${htgroup} ${ocpath}/data/.htaccess
fi

Make the script executable:

chmod u+x /root/oc-perms.sh

Execute it:

/root/oc-perms.sh

14. Create ownCloud database and database user

Next, prepare a database for ownCloud to use. Log in to the MariaDB client as the database root user:

mysql -u root -p

You will be prompted for the database root user's password. If you installed MariaDB for the first time in step 1, you were prompted to create this password. Enter it now. You will be placed at the MariaDB client prompt.

Choose a name for your owncloud database (ocdbname), the owncloud database user (ocuser), and the password for that user (ocuserpw). Then run the following two commands at the MariaDB prompt, replacing the bracketed values with your own:

CREATE DATABASE [ocdbname];

GRANT ALL ON [ocdbname].* TO [ocuser]@localhost IDENTIFIED BY '[ocuserpw]';

Exit the database client:

quit

15. Configure ownCloud client

Navigate a web browser to your ownCloud installation, e.g. http://myhostname/owncloud. You will be presented with fields where you can create an ownCloud administrator account, and enter the database configuration values.

OwnCloud settings.

Username and Password are values for the user who will administer the installation; set these to whatever you like.

Database user, Database password, and Database name should conform to the [ocuser], [ocuserpw], and [ocdbname] values you created in the previous step.

Click Finish setup.

Congratulations! You're ready to start using ownCloud.

OwnCloud has been installed.

Optional: Using SSL

It's advisable to encrypt the network traffic that will pass in and out of ownCloud. Here are a few steps to get HTTPS up and running with your installation.

1. Enable SSL in Apache2

a2enmod ssl

a2ensite default-ssl

2. Add SSL Virtualhost configuration to owncloud.conf

Apache2 comes with a default SSL site configuration, located in /etc/apache2/sites-available/default-ssl.conf. Copy the contents of this file and paste them into the top of owncloud.conf. Within the <VirtualHost _default_:443> section, make the following modifications:

Add a ServerName line with your hostname as the value, e.g.:

 ServerName myhostname

Edit the DocumentRoot line to reflect the parent directory of the owncloud installation, e.g.:

 DocumentRoot /var/www/

3. Generate a new certificate/key pair, if necessary

The <VirtualHost _default_:443> section already contains three important lines for enabling SSL when the site is accessed by HTTPS:

SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

The SSLCertificateFile and SSLCertificateKeyFile values point to files that should already exist on your system, installed as part of the default openssl and ssl-cert packages. However, you may need to regenerate these files under certain circumstances -- if you make changes to the configuration in /etc/hosts, for instance.

If you need to regenerate these files, use the command:

make-ssl-cert generate-default-snakeoil --force-overwrite

For more information, and for troubleshooting certificate errors, refer to the notes in /usr/share/doc/apache2/README.Debian.gz.

4. Reload Apache2 configuration

service apache2 reload

You should now be able to access your ownCloud installation using an https:// URL. Note that you will receive a warning in your web browser because your certificate is self-signed. You will need to manually add your site as an exception before establishing the secure connection.

Share this page:

15 Comment(s)

Add comment

Comments

From: Sansui350A

Question.. you boys didn't do this based on their repo because?  What about the neccesary Redis an APCu configuration for proper operation and performance?  Just my .02 here is all.  Carry on.

From: Olax

Config for nginx?

From: El blog de Luisi

Very complete!!

From: Axel

many thanks! I used it on rasbian 4.1 and it runs quite well!

From: William Van Hefner

Any idea of how this would be modified to work with a Perfect Server configuration using ISPConfig 3.0/Ubuntu/Apache/Mariadb ? This only seems to work for a single domain and user.

From: till

Create a website, upload the owncloud source to the web directory of that site and then open the owncloud installer in your web browser.

From: Filip

This is incorrect: /etc/sites-available/owncloud.conf

 

From: Neil Golden

You're right. In sections 8 and 9, the occurrences of /etc/sites-available should read /etc/apache2/sites-available. This will be fixed shortly, thank you!

From: controlmac

If you get "The requested URL /var/www/owncloud/index.php was not found on this server."

comment out the rule "RewriteRule .* index.php [PT,E=PATH_INFO:$1]" in /var/www/owncloud/.htaccess to "#RewriteRule .* index.php [PT,E=PATH_INFO:$1]"

From: Dan

Thank you for this guide, it was incrediably helpful

From: Martin

Thank you for this tutorial ...

After logging in I get the following error: "This operation is not allowed" When transferring files, i get the following error: "You do not have permission to upload files or create here"

I have run the script to change the permissions . Idea? Thank you very much

From: feas

When I get to step 15 it tries to download the php file instead of opening it. Any suggestions? I have tried severl web browsers witht the same results.

From: Paul N

This version is the only one that I can install without any errors :-)

The only thing what I can't fix is to replace the snakeoil cert. for a real cert.

Does somebody know to replace this.

From: Ram Sambamurthy

Excellent article but I had 2 problems:

1. The tar command didn't work for me until I modified it to the following:

# tar xjvf owncloud-9.0.0.tar.bz2 -C /var/www/owncloud/

2.after installation doing the following threw an error:

http://localhost/owncloud

error: /var/www/owncloud/index.php  was not found.

however, when i typed in http://localhost/owncloud/index.php, it worked fine.

the following fixed it: changing the DocumentRoot in /etc/apache2/sites-available/000-default.conf  from /var/www/html   to /var/wwwthought i'd share this here for others' benefit

From: Henry Tieding

Tried installation, but can never find file /etc/apache2/sites-available/000-default.conf.

It would seem that there is still a problem with sections 8 and 9