Your Cloud, Your Data, Your Way! - ownCloud 4.0 On CentOS 6.2 + nginx + PostgreSQL
This document describes how to install and setup ownCloud by "ownCloud community" on a CentOS 6.2 based webserver from tar package on a nginx and php-fpm with postgreSQL database as backend. For other distributions there might be minor changes as to the software prerequisites installation procedures. This guide will not only help install the product, but also understand why certain points are done the way they are done (this is most helpful for users with little or no knowledge who, like me some time ago, have only started using Linux).
What is ownCloud?
It's a group or company file / contact / calendar sharing tool, which, from my point of view, makes best of both Dropbox and GroupOffice (except for email integration so far), and is not as cluttered or heavy as Alfresco or Sharepoint.
Links to several sections of developer:
- Product homepage: http://owncloud.org/
- IRC: http://webchat.freenode.net/?channels=owncloud
- Support: http://owncloud.org/support/
I do not guarantee it will work for you, since later on there could be changes in software, both prerequisite and main, done in such a way that will break or anyhow else disallow procedures mentioned in this tutorial to complete successfully.
P.S. All added bugs are mine. Use comments or browse to IRC.
Preliminary Note
In this tutorial we use:
- Centos 6.2 installation media
- Hostname: owncloud.example.com
- IP address: 192.168.1.100
- Router address: 192.168.1.1
- Netmask: 255.255.255.0
- Assume(imagine) that the server is connected to the public internet
- We use our computer to administer the server remotely via ssh (putty on windows), even if you have the server by your side, or have it as virtual machine ran under your main operating system
- GNU vim as our primary text editor. But feel free to use any other of your liking
Requirements
We will need a working clean (minimal) installation of Centos 6.2 (x86 or x86_64 is irrelevant), I personally use x86_64 version and i strongly suggest you do the same.
First Things First
Login to the server console as root. You will be at the [root@owncloud ~]# prompt.
I prefer certain setting, that are completely optional, but you might find them useful later on. I setup my terminal to show output in color with date, time, server name and current folder at the prompt. Also to show history of commands with date/time. I also increase default history-size values.
To do so, execute:
vi ~/.bash_profile
Add mentioned lines after the export PATH directive. In case you don't know, pressing "i" enters insert mode, "ESC" exits it. Vi is vi :)
#History size to hold 50.000 commands and inflate filesize ten times bigger export HISTSIZE=50000 export HISTFILESIZE=500000 #Show history with date as example: "24.05.2012 - 14:28:56" export HISTTIMEFORMAT="%d.%m.%Y - %H:%M:%S " #Autocolor output of "ls" command export LS_OPTIONS='--color=auto' eval "`dircolors`" #Set prompt to display as example: "Thu May 24 2012 14:28:56 owncloud.example.com of root @ ~]" #and colorize date, time and location differently. Set all input text to default values. PS1="\e[1;37m\][\e[1;36m\] \d \D{%Y} \e[1;31m\]\t \e[1;37m\] \H of \u @ \W] \033[00m\]"
Save and exit file. Again, if you do not know, outside insert mode you either enter ":wq" and press enter to save and exit, or just press "ZZ" to do the same. To re-login to terminal to apply changes, execute:
exit
Networking
If you did not set up static IP address during the installation, say you have a DHCP-enabled router, you need to do it now, otherwise proceed to the next step.
vi /etc/sysconfig/network-scripts/ifcfg-eth0
Change or add only mentioned lines.
BOOTPROTO="none" NETWORK="192.168.1.0" NETMASK="255.255.255.0" IPADDR="192.168.1.100" GATEWAY="192.168.1.1"
Save and exit. Then restart the network:
service network restart
Check that network is reconfigured by executing:
ifconfig
Now you should be able to ssh to server on 192.168.1.100 as root. But don't do that just yet, first complete next step.
Securing The Server
Before we proceed any further, since we assumed that the server is, in fact, connected to the internet, we need to secure it. We will do three things.
- Reconfigure ssh-server so it will not allow root login and change default port 22 to something else, less common, i.e. 60606,
- Set up iptables to allow incoming connections on new port,
- Add our firs system user in order to login with him via ssh.
-
Securing remote login
If you are not yet logged in from the console to the server (i mean local console, not ssh yet), log in as root, then execute:
vi /etc/ssh/sshd_config
On the line thirteen of unaltered default file (in case you wonder again, type ":set number" and press enter outside insert mode to get the line numbers) there is Port 22 directive. Duplicate it, change the port number to 60606 and uncomment.
Then find (outside insert mode press "/" and type phrase you are looking for) PermitRootLogin yes directive duplicate again and change it's value to no and uncomment it as well, then save the file. Oh, and it's ":noh" to switch highlighting off.
Restart sshd afterwards:service sshd restart
-
Setting iptables
First check already existing iptables:
iptables -L -v --line-numbers
In default installation at position '4' will be directive to accept new tcp connections on default ssh port, we need to get rid of it, thus execute:
iptables -D INPUT 4
Now we need to allow connections to port 60606 instead. Execute:
iptables -I INPUT 4 -p tcp -d 192.168.1.100 --dport 60606 -j ACCEPT
Lastly to save current iptables state execute:
service iptables save
service iptables restart -
Adding first user
All is good now, except for one thing, we've banned ourselves from ssh, since root is not permitted and there are no other system users yet. Time to correct:
useradd -c "ownCloud system user" -m -n cloudadmin
Set password for this user:
passwd cloudadmin
Done. You could set password for user in the first command, but this way password value will be visible during entry in terminal window and also be saved in .bash_history of root user, that is not desirable.
Now you can log in via ssh executing following command in your terminal window on local computer:ssh [email protected] -p60606
Pre Setup Steps
Software installation in most cases is pretty much straightforward and we could have 'checked' most of it upon initial install, but i prefer to do things by hand.
I intentionally divide installation into sections.
-
Logging as superuser
At this very moment you should be on the console prompt as clouddmin user. To gain root privileges execute:
su -
-
Software repositories
In order to use desired software, two repositories are required.
First EPEL, execute:rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-6.noarch.rpm
And no, i386 is not a mistake, it's same for both 32-bit and 64-bit systems.
Then Remi, execute:rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
Now check both epel and remi repositories and in case it isn't there set enabled=1 by executing:
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpmvi /etc/yum.repos.d/epel.repo
Finally, update your system. Even freshly installed CentOS might require update first. Execute:
vi /etc/yum.repos.d/remi.repoyum update -y
-
Precision time
It is good to be in sync with the rest of the world, execute:
yum install ntp
service ntpd start
chkconfig ntpd on
ntpd -
Some other tools
To make my life a bit easier, i use vim instead of vi, htop instead of top, elinks to quickly test things from within terminal and mc, as a good and not only dual-pane file manager, wget is required to download stuff and man is essential when you want to read just about anything. Execute:
yum install vim htop elinks mc wget man -y
ownCloud Setup
-
Software prerequisites
A bunch of php stuff, execute:
yum install php-fpm php-gd php-ldap php-pear php-xml php-xmlrpc php-eaccelerator php-magickwand php-magpierss php-mbstring php-mcrypt php-shout php-snmp php-soap php-tidy php-pgsql
Edit php.ini, execute:
vim /etc/php.ini
There are four directives to change,
first should be on line 736, directive post_max_size
second on line 848, directive cgi.fix_pathinfo
third on line 885, directive upload_max_filesize
last on line 956, directive date.timezone modify it according to location of your server.[...] post_max_size = 64M [...] cgi.fix_pathinfo = 0 [...] upload_max_filesize = 64M [...] date.timezone = "Europe/Prague" [...]
In case you don't know how, you can find your timezone name by executing:
cat /etc/sysconfig/clock
Next, configure php-fpm to use unix socket instead of tcp stack, execute:
vim /etc/php-fpm.d/www.conf
From the line twelve, make it look like this:
;listen = 127.0.0.1:9000 listen = /var/run/php-fpm/php-fpm.sock
Start php-fpm:
chkconfig php-fpm on
service php-fpm start -
Backend - PostgreSQL
To install and set it up, execute:
yum install postgresql postgresql-libs postgresql-server
service postgresql initdb
service postgresql start
chkconfig postgresql onLogin to postgres as postgres system user, create database user, database and grant privileges
su - -c "psql" postgres
CREATE USER clouduser WITH PASSWORD 'userpass';
CREATE DATABASE clouddb OWNER clouduser ENCODING 'UTF8';
GRANT ALL PRIVILEGES ON DATABASE clouddb TO clouduser;
\qAlter postgresql config file to allow password logins:
vim /var/lib/pgsql/data/pg_hba.conf
-
Search for
# IPv4 local connections:
host all all 127.0.0.1/32 ident -
And alter it to
# IPv4 local connections:
host all all 127.0.0.1/32 password
Now restart the database:
service postgresql restart
-
-
nginx webserver
Install, set to start on boot and then stop it:
yum install nginx
service nginx start
chkconfig nginx on
service nginx stopPrepare configuration file for ownclod website:
vim /etc/nginx/conf.d/owncloud.conf
# redirect http to https. server { listen 80; server_name owncloud.example.com; rewrite ^ https://$server_name$request_uri? permanent; # enforce https } # owncloud (ssl/tls) server { listen 443 ssl; ssl_certificate /etc/nginx/certs/server.crt; ssl_certificate_key /etc/nginx/certs/server.key; server_name owncloud.example.com; root /var/www/owncloud; index index.php; client_max_body_size 64M; # set maximum upload size # deny direct access location ~ ^/(data|config|\.ht|db_structure\.xml|README) { deny all; } # default try order location / { try_files $uri $uri/ @webdav; } # owncloud WebDAV location @webdav { fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS on; include fastcgi_params; } # enable php location ~ \.php$ { fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS on; include fastcgi_params; } }
Now let's create certificates for the server, answer to questions in prompt according to your settings:
mkdir -p /etc/nginx/certs/
cd /etc/nginx/certs/
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crtReload nginx to enable new configuration:
service nginx reload
-
ownCloud files and directories
ownCloud installation consists of downloading and unpacking archive, with some tweaks on the server side, thus, execute:
cd /tmp
wget http://download2.owncloud.org/releases/owncloud-4.0.0.tar.bz2
tar xjf owncloud-4.0.0.tar.bz2
mv owncloud /var/www/
mkdir -p /var/www/owncloud/data
chmod 770 /var/www/owncloud/data
chown -R root:apache /var/www/owncloudAnd yet again, apache as group in the last command is not an error. php-fpm is run by default as user apache
-
Access the website
Open port 443 in order to be able to access the website, execute:
iptables -I INPUT 4 -p tcp -d 192.168.1.100 --dport 443 -j ACCEPT
service iptables save
service iptables restart
Test Run
Browse to the https://owncloud.example.com via your browser of choice and finish the installation procedure.
Choose administrator username and password, choose PostgreSQL as database backend and post appropriate values in the Database connection settings.
Enjoy.
Troubleshooting
Log files are located as following:
/var/www/owncloud/data/owncloud.log
/var/log/php-fpm/www-error.log
/var/log/nginx/access.log
/var/log/nginx/error.log