Arch Linux / OwnCloud with nginx

This guide is about manually installing OwnCloud (short “OC”) on Arch Linux. I did this on my Banana Pi, but it fits for any Arch Linux installation and on most other distributions in large parts as well.

I assume, following things are done already:

In this guide, I use the domain cloud.example.com for our OC URL.
We are going to do following steps:

  • install nginx, PHP and required modules
  • create a dedicated MySQL user and database for OC
  • create a self-signed wildcard SSl certificate
  • setup a virtual host for OC on nginx
  • setup OC

Install PHP and nginx

We need to install nginx, PHP and the required modules:

sudo pacman -S nginx php php-fpm php-gd php-mcrypt php-intl

Then we enable the modules by editing the /etc/php/php.ini with root privileges. Remove the starting semicolons of the following extensions to uncomment them:

extension=gd.so
extension=iconv.so
extension=xmlrpc.so
extension=zip.so
extension=bz2.so
extension=curl.so
extension=intl.so
extension=mcrypt.so
extension=openssl.so
extension=mysql.so
extension=pdo_mysql.so
extension=mysqli.so
zend_extension=opcache.so

If you want to store your files later in another directory than the OC installation (e.g. on an external HDD drive), you also need to include the target directory in the open_basedir parameter of the php.ini. In the following example, I assume you want to store your files on /mnt/hdd/cloud:

open_basedir = /srv/http/:/home/:/tmp/:/usr/share/pear/:/usr/share/webapps/:/mnt/hdd/cloud

Configure the database

Next step is to configure the database. We use MariaDB here. Of course, you’re free to use any other database.
I will create a database cloud and a user cloud dedicated for our OC setup.
Login to the DBMS to create a new user and database:

mysql -u root -p
# enter your MySQL root password

CREATE DATABASE cloud;
CREATE USER cloud@localhost;
SET PASSWORD FOR cloud@localhost= PASSWORD("password_for_cloud");
GRANT ALL PRIVILEGES ON cloud.* TO cloud@localhost IDENTIFIED BY 'password_for_cloud';
FLUSH PRIVILEGES;
exit

Create a SSL certificate

This step is optionally, but I highly recommend in using SSL encryption for your OC setup. If you already have a certificate, you might want to use it and skip this step. However, I show you how to create a self-signed wildcard certificate.

# become root
sudo -s
cd /etc/ssl
openssl genrsa 2048 > server.key
# enter *.example.com for the Common Name
openssl req -new -x509 -nodes -sha1 -days 3650 -key server.key > server.crt
openssl x509 -noout -fingerprint -text < server.crt > server.info
cat server.crt server.key > server.pem
chmod 400 server.key server.pem

Setup a virtual host for nginx

Now we setup our virtual host for the nginx server. All communication should be done in SSL, therefore we also configure a redirection from http://cloud.example.com to https://cloud.example.com.
Edit with root privileges the file /etc/nginx/nginx.conf and add the two new server configurations within the http section. For reasons of readability, the following part of the configuration is collapsed, to expand just click on the link. Also note the SSL paths and the data path for the files (/mnt/hdd/cloud in this example):

server {
    listen 80;
    server_name cloud.example.com;
    return 301 https://$server_name$request_uri;  # enforce https
}
server {
    listen 443 ssl;
    server_name cloud.example.com;
    ssl_certificate /etc/ssl/server.crt;
    ssl_certificate_key /etc/ssl/server.key;
    root /srv/http/cloud.example.com;

    client_max_body_size 10G; # set max upload size
    fastcgi_buffers 64 4K;

    rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
    rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
    rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

    index index.php;
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
        deny all;
    }

    location / {
        # The following 2 rules are only needed with webfinger
        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

        rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
        rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

        rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

        try_files $uri $uri/ index.php;
    }

    location ~ ^(.+?\.php)(/.*)?$ {
        try_files $1 =404;

        include fastcgi_params;
        fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
        fastcgi_param SCRIPT_FILENAME $document_root$1;
        fastcgi_param PATH_INFO $2;
        fastcgi_param HTTPS on;
        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
    }

    location ~ ^/mnt/hdd/cloud/ {
        internal;
        root /;
    }

    location ~ ^/tmp/oc-noclean/.+$ {
        internal;
        root /;
    }

    # Optional: set long EXPIRES header on static assets
    location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
        expires 30d;
        # Optional: Don't log access to assets
        access_log off;
    }
}

Setup OwnCloud

Finally we can install and setup OC. You might replace owncloud-7.0.2.tar.bz2 with another desired version.

cd /srv/http
wget https://download.owncloud.org/community/owncloud-7.0.2.tar.bz2
tar xvfj owncloud-7.0.2.tar.bz2
rm owncloud-7.0.2.tar.bz2
mv owncloud cloud.example.com
chgrp -R http cloud.example.com
chmod -R 770 cloud.example.com

Next we start the PHP-FPM and nginx server:

sudo systemctl enable php-fpm
sudo systemctl start php-fpm
sudo systemctl enable nginx
sudo systemctl start nginx

Now we are able to finalize the OC setup by accessing the OC URL (https://cloud.example.com in this example). You should see following page in your browser:

Screenshot OwnCloud setup
Screenshot from OwnCloud setup.

Congratulations, you just installed OwnCloud. Now you might want to a install a OwnCloud desktop client to keep your files synchronized.

References

2 comments:

  1. Do you remember if you had any trouble with read/write permissions on your external drive? I’ve tried setting permissions but nothing changes, and I followed your guide exactly. The only thing I did differently was use the latest version of Owncloud.

  2. Do i need to make user running on Raspberry pi2?
    I see in guide “sudo command ” !?

    i run strongswan on pi with arch and i will try owncloud .

Leave a Reply

Your email address will not be published. Required fields are marked *