Install ownCloud 8.x on CentOS 7

JaredBusch

ownCloud is REALLY making it hard to love them. My personal system setup last year has issues, but it was hacked together in CentOS 7 before the EPEL was even out for 7. I expected problems.

But this new install is now up but without disc space because I assumed (wrongly) that ownCloud would put their default data directory in whatever their install kit makes the largest ext3 partition. Nope..
The default location is /var/www/html/owncloud/data. A 50GB partition from a 300 GB vdisk.

[root@owncloud ~]# df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   50G   18G   33G  36% /
devtmpfs                 232M     0  232M   0% /dev
tmpfs                    241M     0  241M   0% /dev/shm
tmpfs                    241M  4.3M  236M   2% /run
tmpfs                    241M     0  241M   0% /sys/fs/cgroup
/dev/sda2                497M  129M  368M  26% /boot
/dev/sda1                200M  9.8M  191M   5% /boot/efi
/dev/mapper/centos-home  249G   33M  249G   1% /home

JaredBusch

I moved everything easily enough, but my point is that a default install should handle this.

To move everything shut down the webserver
systemctl stop httpd

Create the directory structure up to just before the /data folder. IN my case I wanted to simply move it to /home/owncloud/data.
mkdir /home/owncloud

Now move the data folder.
mv /var/www/html/owncloud/data /home/owncloud/data

Change ownership to apache
chown -R apache:apache /home/owncloud/data

Update SELinux
semanage fcontext -a -t httpd_sys_rw_content_t "/home/owncloud/data(/.*)?"

Edit the ownCloud config file to reflect the new location
sed -i -e 's/\/var\/www\/html\/owncloud\/data/\/home\/owncloud\/data/' /var/www/html/owncloud/config/config.php

Restart the webserver
systemctl start httpd

JaredBusch

Now it all looks like this.

[root@owncloud ~]# df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   50G  1.4G   49G   3% /
devtmpfs                 232M     0  232M   0% /dev
tmpfs                    241M     0  241M   0% /dev/shm
tmpfs                    241M  4.3M  236M   2% /run
tmpfs                    241M     0  241M   0% /sys/fs/cgroup
/dev/sda2                497M  129M  368M  26% /boot
/dev/sda1                200M  9.8M  191M   5% /boot/efi
/dev/mapper/centos-home  249G   34G  215G  14% /home

dafyre

@JaredBusch said:

@dafyre said:

For free SSL, I've been using StartCom (http://www.startssl.com/?app=32). Works great in Desktop OSes... Still not trusted on mobile devices yet.

You cannot do subdomains with them I believe? I looked into them once before and there was a problem with it, but I do not recall what.

I've not had any problems with the subdomains. They just make you verify that you own the top level domain.... It works great so far.

JaredBusch

@dafyre said:

@JaredBusch said:

@dafyre said:

For free SSL, I've been using StartCom (http://www.startssl.com/?app=32). Works great in Desktop OSes... Still not trusted on mobile devices yet.

You cannot do subdomains with them I believe? I looked into them once before and there was a problem with it, but I do not recall what.

I've not had any problems with the subdomains. They just make you verify that you own the top level domain.... It works great so far.

I never tried. I stopped when I seen this. See, I apparently was not paying attention to detail and assumed.. My cert is now created, thanks!

JaredBusch

With ownCloud now working, you should secure logins with fail2ban

Install fail2ban
yum -y install fail2ban

create the initial jail file
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

add ownlcoud to the jail.local
nano /etc/fail2ban/jail.local

paste this data in at the bottom

[owncloud]
enabled = true
filter  = owncloud
port    = http,https
# 'This is the data path we set earlier. Change if yours is different.'
logpath = /home/owncloud/data/owncloud.log

Create the owncloud filter file
nano /etc/fail2ban/filter.d/owncloud.conf

Paste in the following ONLY FOR ownCloud 8.2
Other regex patterns can be found in this thread

[Definition]
failregex={"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}

ignoreregex =

Start fail2ban and enable it to start on boot
systemctl start fail2ban
systemctl enable fail2ban

Note: This is only securing ownCloud. Consult the jail.local to enable other protections you may want.

JaredBusch

Note, I am still having issues with getting the SELinux labels right and currently still have it set to permissive.

Alex Sage

@JaredBusch said:

Note, I am still having issues with getting the SELinux labels right and currently still have it set to permissive.

Did you ever get this fixed?

JaredBusch

@anonymous said:

@JaredBusch said:

Note, I am still having issues with getting the SELinux labels right and currently still have it set to permissive.

Did you ever get this fixed?

Maybe? I have installed another server and I am not having the same problems. I have not had time to track it down yet.

JaredBusch

Coming back to this. Everything is running correctly with SELinux on except fail2ban.

I have to disable SELinux in order for fail2ban to have access to the owncloud.log file.

[root@owncloud log]# systemctl start fail2ban
Job for fail2ban.service failed because the control process exited with error code. See "systemctl status fail2ban.service" and "journalctl -xe" for details.
[root@owncloud log]# setenforce 0
[root@owncloud log]# systemctl start fail2ban
[root@owncloud log]#

-- Unit fail2ban.service has begun starting up.
Feb 24 15:13:26 owncloud fail2ban-client[15984]: ERROR  No file(s) found for glob /home/owncloud/data/owncloud.log
Feb 24 15:13:26 owncloud fail2ban-client[15984]: ERROR  Failed during configuration: Have not found any log file for owncloud ja
Feb 24 15:13:26 owncloud systemd[1]: fail2ban.service: control process exited, code=exited status=255
Feb 24 15:13:26 owncloud systemd[1]: Failed to start Fail2Ban Service.

[root@owncloud log]# ls -l /home/owncloud/data/owncloud.log
-rw-r-----. 1 apache apache 38136 Feb 24 15:09 /home/owncloud/data/owncloud.log
[root@owncloud log]#

Alex Sage

@JaredBusch seems the solution is here:

https://kerrenortlepp.wordpress.com/2015/03/16/setting-up-a-centos-7-server-for-owncloud-from-start-to-finish/

JaredBusch

@aaronstuder he is editing files when there are generally commands to do it. Just been to busy to look it up.

JaredBusch

** NOTE ** This post is asusming that you followed the instruction above to this point and I have not yet posted below that the instructions have been updated.

I need to find a little spare time to update my instructions, but everything is now working with SELinux enforcing.

the config and apps folder in the application directory need httpd read/write context in SELinux.

semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/apps(/.*)?'
restorecon -R /var/www/html/owncloud/apps
semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/config(/.*)?'
restorecon -R /var/www/html/owncloud/config

Then the owncloud.log file needs to be in the /var/log/ folder and have the httpd_log context

systemctl stop httpd
mv /home/owncloud/data/owncloud.log /var/log/owncloud.log
semanage fcontext -a -t httpd_log_t '/var/log/owncloud.log'
restorecon /var/log/owncloud.log

#-- edit the owncloud config to add a non-default log path
 nano /var/www/html/owncloud/config/config.php
#-- insert this next to another config line
'logfile' => '/var/log/owncloud.log',
#-- save and exit nano then start httpd back up
systemctl start httpd

Update the fail2ban jail.local, turn on SELinux and start fail2ban

systemctl stop fail2ban
sed -i -e 's/\/home\/owncloud\/data/\/var\/log/' /etc/fail2ban/jail.local
setenforce 1
systemctl start fail2ban

wirestyle22

So I performed this install specifically because I wanted to go through the upgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?

scottalanmiller

@wirestyle22 said:

So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?

If you use RPM, you should not even need to download something.

wirestyle22

@scottalanmiller said:

@wirestyle22 said:

So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?

If you use RPM, you should not even need to download something.

RPM for owncloud-files? It will automatically download the new version?

wirestyle22

@scottalanmiller said:

@wirestyle22 said:

So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?

If you use RPM, you should not even need to download something.

rpm --import https://download.owncloud.org/download/repositories/9.0/CentOS_7/repodata/repomd.xml.key
wget http://download.owncloud.org/download/repositories/9.0/CentOS_7/ce:9.0.repo -O /etc/yum.repos.d/ce:9.0.repo

^this?

scottalanmiller

@wirestyle22 said:

@scottalanmiller said:

@wirestyle22 said:

So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?

If you use RPM, you should not even need to download something.

rpm --import https://download.owncloud.org/download/repositories/9.0/CentOS_7/repodata/repomd.xml.key
wget http://download.owncloud.org/download/repositories/9.0/CentOS_7/ce:9.0.repo -O /etc/yum.repos.d/ce:9.0.repo

^this?

Ah yes, you need the repo. But nothing beyond that.

wirestyle22

@scottalanmiller said:

@wirestyle22 said:

@scottalanmiller said:

@wirestyle22 said:

So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?

If you use RPM, you should not even need to download something.

rpm --import https://download.owncloud.org/download/repositories/9.0/CentOS_7/repodata/repomd.xml.key
wget http://download.owncloud.org/download/repositories/9.0/CentOS_7/ce:9.0.repo -O /etc/yum.repos.d/ce:9.0.repo

^this?

Ah yes, you need the repo. But nothing beyond that.

so just the bottom line or both parts? (sorry)

scottalanmiller

@wirestyle22 said:

@scottalanmiller said:

@wirestyle22 said:

@scottalanmiller said:

@wirestyle22 said:

So I performed this install specifically because I wanted to go through the uprgrade process to oC 9.0 All I can see is to download the owncloud-files package. Is that really all that is required?

If you use RPM, you should not even need to download something.

rpm --import https://download.owncloud.org/download/repositories/9.0/CentOS_7/repodata/repomd.xml.key
wget http://download.owncloud.org/download/repositories/9.0/CentOS_7/ce:9.0.repo -O /etc/yum.repos.d/ce:9.0.repo

^this?

Ah yes, you need the repo. But nothing beyond that.

so just the bottom line or both parts? (sorry)

You CAN skip the key, but it is good to have it.