Your Cloud, Your Data, Your Way! - ownCloud 4.0 On CentOS 6.2 + nginx + PostgreSQL

This document describes how to install and setup ownCloud by "ownCloud community" on a CentOS 6.2 based webserver from tar package on a nginx and php-fpm with postgreSQL database as backend. For other distributions there might be minor changes as to the software prerequisites installation procedures. This guide will not only help install the product, but also understand why certain points are done the way they are done (this is most helpful for users with little or no knowledge who, like me some time ago, have only started using Linux).


What is ownCloud?

It's a group or company file / contact / calendar sharing tool, which, from my point of view, makes best of both Dropbox and GroupOffice (except for email integration so far), and is not as cluttered or heavy as Alfresco or Sharepoint.

Links to several sections of developer:

I do not guarantee it will work for you, since later on there could be changes in software, both prerequisite and main, done in such a way that will break or anyhow else disallow procedures mentioned in this tutorial to complete successfully.
P.S. All added bugs are mine. Use comments or browse to IRC.


Preliminary Note

In this tutorial we use:

  • Centos 6.2 installation media
  • Hostname:
  • IP address:
  • Router address:
  • Netmask:
  • Assume(imagine) that the server is connected to the public internet
  • We use our computer to administer the server remotely via ssh (putty on windows), even if you have the server by your side, or have it as virtual machine ran under your main operating system
  • GNU vim as our primary text editor. But feel free to use any other of your liking



We will need a working clean (minimal) installation of Centos 6.2 (x86 or x86_64 is irrelevant), I personally use x86_64 version and i strongly suggest you do the same.


First Things First

Login to the server console as root. You will be at the [root@owncloud ~]# prompt.

I prefer certain setting, that are completely optional, but you might find them useful later on. I setup my terminal to show output in color with date, time, server name and current folder at the prompt. Also to show history of commands with date/time. I also increase default history-size values.

To do so, execute:

vi ~/.bash_profile

Add mentioned lines after the export PATH directive. In case you don't know, pressing "i" enters insert mode, "ESC" exits it. Vi is vi :)

#History size to hold 50.000 commands and inflate filesize ten times bigger
export HISTSIZE=50000
export HISTFILESIZE=500000
#Show history with date as example: "24.05.2012 - 14:28:56"
export HISTTIMEFORMAT="%d.%m.%Y - %H:%M:%S "
#Autocolor output of "ls" command
export LS_OPTIONS='--color=auto'
eval "`dircolors`"
#Set prompt to display as example: "Thu May 24 2012  14:28:56 of root @ ~]"
#and colorize date, time and location differently. Set all input text to default values.
PS1="\e[1;37m\][\e[1;36m\] \d \D{%Y}  \e[1;31m\]\t \e[1;37m\] \H of \u @ \W] \033[00m\]"

Save and exit file. Again, if you do not know, outside insert mode you either enter ":wq" and press enter to save and exit, or just press "ZZ" to do the same. To re-login to terminal to apply changes, execute:




If you did not set up static IP address during the installation, say you have a DHCP-enabled router, you need to do it now, otherwise proceed to the next step.

vi /etc/sysconfig/network-scripts/ifcfg-eth0

Change or add only mentioned lines.


Save and exit. Then restart the network:

service network restart

Check that network is reconfigured by executing:


Now you should be able to ssh to server on as root. But don't do that just yet, first complete next step.


Securing The Server

Before we proceed any further, since we assumed that the server is, in fact, connected to the internet, we need to secure it. We will do three things.

  • Reconfigure ssh-server so it will not allow root login and change default port 22 to something else, less common, i.e. 60606,
  • Set up iptables to allow incoming connections on new port,
  • Add our firs system user in order to login with him via ssh.
  1. Securing remote login

    If you are not yet logged in from the console to the server (i mean local console, not ssh yet), log in as root, then execute:

    vi /etc/ssh/sshd_config

    On the line thirteen of unaltered default file (in case you wonder again, type ":set number" and press enter outside insert mode to get the line numbers) there is Port 22 directive. Duplicate it, change the port number to 60606 and uncomment.
    Then find (outside insert mode press "/" and type phrase you are looking for) PermitRootLogin yes directive duplicate again and change it's value to no and uncomment it as well, then save the file. Oh, and it's ":noh" to switch highlighting off.
    Restart sshd afterwards:

    service sshd restart
  2. Setting iptables

    First check already existing iptables:

    iptables -L -v --line-numbers

    In default installation at position '4' will be directive to accept new tcp connections on default ssh port, we need to get rid of it, thus execute:

    iptables -D INPUT 4

    Now we need to allow connections to port 60606 instead. Execute:

    iptables -I INPUT 4 -p tcp -d --dport 60606 -j ACCEPT

    Lastly to save current iptables state execute:

    service iptables save 
    service iptables restart
  3. Adding first user

    All is good now, except for one thing, we've banned ourselves from ssh, since root is not permitted and there are no other system users yet. Time to correct:

    useradd -c "ownCloud system user" -m -n cloudadmin

    Set password for this user:

    passwd cloudadmin

    Done. You could set password for user in the first command, but this way password value will be visible during entry in terminal window and also be saved in .bash_history of root user, that is not desirable.
    Now you can log in via ssh executing following command in your terminal window on local computer:

    ssh [email protected] -p60606


Pre Setup Steps

Software installation in most cases is pretty much straightforward and we could have 'checked' most of it upon initial install, but i prefer to do things by hand.
I intentionally divide installation into sections.

  1. Logging as superuser

    At this very moment you should be on the console prompt as clouddmin user. To gain root privileges execute:

    su -
  2. Software repositories

    In order to use desired software, two repositories are required.
    First EPEL, execute:

    rpm -Uvh
    And no, i386 is not a mistake, it's same for both 32-bit and 64-bit systems.
    Then Remi, execute:
    rpm --import 
    rpm -Uvh
    Now check both epel and remi repositories and in case it isn't there set enabled=1 by executing:
    vi /etc/yum.repos.d/epel.repo 
    vi /etc/yum.repos.d/remi.repo
    Finally, update your system. Even freshly installed CentOS might require update first. Execute:
    yum update -y
  3. Precision time

    It is good to be in sync with the rest of the world, execute:

    yum install ntp 
    service ntpd start
    chkconfig ntpd on
  4. Some other tools

    To make my life a bit easier, i use vim instead of vi, htop instead of top, elinks to quickly test things from within terminal and mc, as a good and not only dual-pane file manager, wget is required to download stuff and man is essential when you want to read just about anything. Execute:

    yum install vim htop elinks mc wget man -y


ownCloud Setup

  1. Software prerequisites

    A bunch of php stuff, execute:

    yum install php-fpm php-gd php-ldap php-pear php-xml php-xmlrpc php-eaccelerator php-magickwand php-magpierss php-mbstring php-mcrypt php-shout php-snmp php-soap php-tidy php-pgsql

    Edit php.ini, execute:

    vim /etc/php.ini

    There are four directives to change,
    first should be on line 736, directive post_max_size
    second on line 848, directive cgi.fix_pathinfo
    third on line 885, directive upload_max_filesize
    last on line 956, directive date.timezone modify it according to location of your server.

    post_max_size = 64M
    cgi.fix_pathinfo = 0
    upload_max_filesize = 64M
    date.timezone = "Europe/Prague"

    In case you don't know how, you can find your timezone name by executing:

    cat /etc/sysconfig/clock

    Next, configure php-fpm to use unix socket instead of tcp stack, execute:

    vim /etc/php-fpm.d/www.conf

    From the line twelve, make it look like this:

    ;listen =
    listen = /var/run/php-fpm/php-fpm.sock

    Start php-fpm:

    chkconfig php-fpm on 
    service php-fpm start
  2. Backend - PostgreSQL

    To install and set it up, execute:

    yum install postgresql postgresql-libs postgresql-server 
    service postgresql initdb
    service postgresql start
    chkconfig postgresql on

    Login to postgres as postgres system user, create database user, database and grant privileges

    su - -c "psql" postgres 
    CREATE USER clouduser WITH PASSWORD 'userpass';
    CREATE DATABASE clouddb OWNER clouduser ENCODING 'UTF8';

    Alter postgresql config file to allow password logins:

    vim /var/lib/pgsql/data/pg_hba.conf
    • Search for

      # IPv4 local connections: 
      host all all ident
    • And alter it to

      # IPv4 local connections: 
      host all all password

    Now restart the database:

    service postgresql restart
  3. nginx webserver

    Install, set to start on boot and then stop it:

    yum install nginx 
    service nginx start
    chkconfig nginx on
    service nginx stop

    Prepare configuration file for ownclod website:

    vim /etc/nginx/conf.d/owncloud.conf
    # redirect http to https.
    server {
      listen 80;
      rewrite ^ https://$server_name$request_uri? permanent;  # enforce https
    # owncloud (ssl/tls)
    server {
      listen 443 ssl;
      ssl_certificate /etc/nginx/certs/server.crt;
      ssl_certificate_key /etc/nginx/certs/server.key;
      root /var/www/owncloud;
      index index.php;
      client_max_body_size 64M; # set maximum upload size
      # deny direct access
      location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
        deny all;
      # default try order
      location / {
        try_files $uri $uri/ @webdav;
      # owncloud WebDAV
      location @webdav {
        fastcgi_split_path_info ^(.+\.php)(/.*)$;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS on;
        include fastcgi_params;
      # enable php
      location ~ \.php$ {
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTPS on;
        include fastcgi_params;

    Now let's create certificates for the server, answer to questions in prompt according to your settings:

    mkdir -p /etc/nginx/certs/ 
    cd /etc/nginx/certs/
    openssl genrsa -des3 -out server.key 1024
    openssl req -new -key server.key -out server.csr
    cp server.key server.key.orig
    openssl rsa -in server.key.orig -out server.key
    openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

    Reload nginx to enable new configuration:

    service nginx reload
  4. ownCloud files and directories

    ownCloud installation consists of downloading and unpacking archive, with some tweaks on the server side, thus, execute:

    cd /tmp 
    tar xjf owncloud-4.0.0.tar.bz2
    mv owncloud /var/www/
    mkdir -p /var/www/owncloud/data
    chmod 770 /var/www/owncloud/data
    chown -R root:apache /var/www/owncloud

    And yet again, apache as group in the last command is not an error. php-fpm is run by default as user apache

  5. Access the website

    Open port 443 in order to be able to access the website, execute:

    iptables -I INPUT 4 -p tcp -d --dport 443 -j ACCEPT 
    service iptables save
    service iptables restart


Test Run

Browse to the via your browser of choice and finish the installation procedure.

Choose administrator username and password, choose PostgreSQL as database backend and post appropriate values in the Database connection settings.




Log files are located as following:


Share this page:

5 Comment(s)