How to Setup ownCloud 9.1 on Ubuntu 16.10 with Letsencrypt SSL

December 27, 2016 | By in UBUNTU HOWTO
| Reply More

In today's world, cloud usage has penetrated our lives so much that we need it for everything. To name a few, cloud based nodes, data storage, operating systems etc. Even if one decides to go for cloud computing, do they really feel safe storing all their data over the internet? Has the thought of setting up your own cloud crossed your mind anytime? If yes, then you are on the right page. Owncloud is a free and open source file syncing and sharing software that allows the users to creates their own cloud storage system on their own server or website. Its main advantage is the control and security of users data is back with them.

In this blog, let us understand how to setup ownCloud 9.1 with Nginx (Engine X), MariaDB and PHP7

1) Installing ownCloud Server

Let's first fetch the ownCloud key from its repository and add it to Ubuntu 16.10

wget -nv https://download.owncloud.org/download/repositories/stable/Ubuntu_16.04/Release.key -O Release.key

NOTE: Though I'm using Ubuntu 16.10, I'm downloading the release key for Ubuntu_16.04 as the same was not yet available for 16.10 at the time of writing this and this works fine.

sudo apt-key add - < Release.key

Next, add the official repository by running the below command

sudo sh -c "echo 'deb http://download.owncloud.org/download/repositories/stable/Ubuntu_16.04/ /' >> /etc/apt/sources.list.d/owncloud.list"

Now we need to update the local package index and install owncloud-files

sudo apt-get update

sudo apt-get install owncloud-files

2) Installing Nginx and PHP 7

Nginx is a free and open source web server  having HTTP server capabilities and known for its performance, stability.

We can install the same using the apt-get install command

sudo apt-get install nginx

Install the required PHP 7 extensions

sudo apt install php7.0-common php7.0-fpm php7.0-cli php7.0-json php7.0-mysql php7.0-curl php7.0-intl php7.0-mcrypt php-pear php7.0-gd php7.0-zip php7.0-xml php7.0-mbstring

3) Creating a database and user

You can either use MySQL or Mariadb which is a fork of MySQL. Install one of these databases if not already done.  The example below is showing the installation of Mariadb.

root@ubuntu-linoxide:~# apt-get install mariadb-server-10.0 mariadb-client-10.0
Reading package lists... Done
Building dependency tree
...
Setting up mariadb-client-10.0 (10.0.25-1) ...
Setting up mariadb-server-10.0 (10.0.25-1) ...
...

After this, login to the installed database and create a database for managing owncloud. You will use the same set of commands for MySQL as well.

root@ubuntu-linoxide:~# mysql -u root -p
MariaDB [(none)]> create database owncloud;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create user owncloudtester@localhost identified by 'tester123';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> grant all privileges on owncloud.* to owncloudtester@localhost identified by 'tester123';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges
-> ;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit;
Bye

Enable binary logging in MariaDB

Binary log is a record of all changes done to the database. It is useful in restoring data after a backup. We can enable this by adding the following lines to  /etc/mysql/my.cnf

log-bin                   = /var/log/mysql/mariadb-bin

log-bin-index         = /var/log/mysql/mariadb-bin.index

binlog_format        = mixed

Save this file and reload MariaDB service

service mysql reload

4) Getting a free SSL certificate from Let's Encrypt

SSL (Secure Socket Layer) is a standard security technology for establishing encrypted link between web server and browser. This ensures that the data that is passed between the server and browser remains private. 'Let's Encrypt' is a free, automated and open certificate authority. It gives free digital certificates to those who want to enable HTTPS for their websites.

We will now install 'Let's Encrypt' from Github

sudo apt-get install git

git clone https://github.com/letsencrypt/letsencrypt

Get into the letsencrypt directory and issue the following command to obtain a SSL certificate for your domain name.

./letsencrypt-auto certonly --standalone --email <your-email.com> --agree-tos -d <your-domain-name.com>

Note: Before running the above command, make sure that your server IP is mapped to a domain name in DNS.

If the certificate generation is successful. you will get the output as shown:

SSL-certificate-generation

5) Creating  Nginx config file

All the files related to nginx will be available in /etc/nginx directory. Create the file  /etc/nginx/conf.d/owncloud.conf and put the following content into it.

upstream php-handler {
#server 127.0.0.1:9000;
server unix:/run/php/php7.0-fpm.sock;
}

server {
listen 80;
server_name nodenixbox.com;
# enforce https
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name nodenixbox.com;

ssl_certificate /etc/letsencrypt/live/nodenixbox.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nodenixbox.com/privkey.pem;

# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;

# Path to the root of your installation
root /var/www/owncloud/;
# set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

rewrite ^/.well-known/carddav /remote.php/carddav/ permanent;
rewrite ^/.well-known/caldav /remote.php/caldav/ permanent;

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}

location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}

location / {
rewrite ^/remote/(.*) /remote.php last;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ =404;
}

location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the location ~ \.php(?:$|/) { block
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
# Optional: Don't log access to assets
access_log off;
}

# Optional: Don't log access to other assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
access_log off;
}
}

Note that in the above file, you need to replace the domain name (in coloured text) with your server's domain name. Save this configuration file and exit.

6) Setting up the Web Interface

The final step is to create an administrative account for ownCloud and connect it with the MariaDB that we created earlier. In order to browse the OwnCloud domain, go to your web browser and type "https://<your-domain-name.com".  It is "https://nodenixbox.com" in my case. This opens up a user interface.

web-interface-for-ownCloud

Here, create an administrative account by entering the username and password. In the same form towards the bottom, enter the database user, password and database that you created when you installed MariaDB and press 'Finish Setup' button.

Voila! You have now completed the installation of ownCloud and can start managing your files/folders/photos etc on your own cloud storage.

inside-owncloud

Conclusion

ownCloud is a modern cloud solution to easily sync and share data. Benefits of cloud services are brought to people without having to depend on any cloud service provider. Users can host their own infrastructure and have a control over their data. ownCloud scales well and performs well. Setup your own cloud today and take control of your data.

Filed Under : STORAGE, UBUNTU HOWTO

Tagged With : ,

Free Linux Ebook to Download

Leave a Reply

Commenting Policy:
Promotion of your products ? Comment gets deleted.
All comments are subject to moderation.