ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Install ownCloud 8.x on CentOS 7

    Scheduled Pinned Locked Moved IT Discussion
    how toowncloudcentos 7real instructionsowncloud 8.2
    44 Posts 8 Posters 19.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by JaredBusch

      ownCloud instructions leave much to be desired, but at least this is now easier than when I first did it a year ago.

      Their current instructions basically say to run 5 commands. The problem is that is you start with a typical CentOS 7 Minimal install, you cannot even run the third command because wget is not included in a minimal install.

      Once you have your new install up, log in as root for the initial setup. Creating a secure Linux install is not part of this guide in order to keep things simple.

      First things first, you always update to current.
      yum -y update

      Now we need to install a few additional packages. It is required to instal wget in order to complete the install of ownCloud per their instructions. I additionally always install nano because I hate vi but it is not required. Finally you need to install a database because the ownCloud documentation itself clearly tells you not to use the build in SQLite database if you are using a desktop sync client. The default database for CentOS is mariadb.
      yum -y install wget nano mariadb mariadb-server firewalld

      SELinux is something a lot of people like to just permanently set to permissive mode. I disagree with disabling security just because and ownCloud has specific instructions for SELinux that I will validate and update here once tested. For now, set it to permissive. This will not survive a reboot. If you reboot you may have to set this again for now.
      setenforce permissive

      Start the firewall and enable it to start on boot
      systemctl enable firewalld
      systemctl start firewalld

      We need to allow the web traffic through the firewall.
      firewall-cmd --zone=public --add-port=http/tcp --permanent
      firewall-cmd --reload

      Start the database and set it to start on reboot
      systemctl start mariadb
      systemctl enable mariadb

      This step is optional, but I never run a database that anyone can access with out a password. Secure the database install
      mysql_secure_installation

      This will start a wizard to enable typical security measure for the database. The capitalized letter is the default, and is the choice you want to make, so you can simply hit enter through all of these except for setting the new password, obviously.

      	Enter current password for root (enter for none):
      	Set root password? [Y/n]
      	New password: databaserootpassword
      	Re-enter new password: databaserootpassword
      	Remove anonymous users? [Y/n]
      	Disallow root login remotely? [Y/n]
      	Remove test database and access to it? [Y/n]
      	Reload privilege tables now? [Y/n]
      

      Sign in to the database and create the ownCloud instance and user.
      mysql -uroot -p
      You will then be prompted to enter your database root password.

      Now you will run 4 SQL commands, please note the ; at the end of each. It is a required part of the SQL syntax . These are simplified defaults, I would generally recommend you set them to something a little less obvious just to help with security.
      create database ownclouddb;
      create user 'ownclouduser'@'localhost' identified by 'ownclouduserpassword';
      grant all on ownclouddb.* to 'ownclouduser'@'localhost';
      flush privileges;

      Exit mariadb
      quit

      Now, we can finally follow the original ownCloud instructions
      Import the owncloud repository key.
      rpm --import https://download.owncloud.org/download/repositories/8.2/CentOS_7/repodata/repomd.xml.key
      Install the EPEL repository
      yum -y install epel-release

      Download the ownCloud repository into the yum repos folder
      wget http://download.owncloud.org/download/repositories/8.2/CentOS_7/ce:8.2.repo -O /etc/yum.repos.d/ce:8.2.repo
      For expire the yum cache built previously when you updated back at the start.
      yum clean expire-cache
      Finally, we can install ownCloud itself. You also have to install php-mysql now because then ownCloud install does not note it as a dependency since it is technically optional.
      yum -y install owncloud php-mysql

      But wait, there is more. The ownCloud install does not tell the web server to start on reboot. So do that now.
      systemctl enable httpd

      That is it for the command line, your ownCloud system should be up and running.
      Open up a browser to the IP address of your new install. Do not forget to tack on /owncloud or you will see the default apache page.
      http://X.X.X.X/owncloud

      If you did everything correct, you will see this screen, with all the DB config hidden, click the "Storage & database" text to expand it. Create an admin username and password for the GUI and then fill out to the database section match what you used above for the database name, database user, and database user password.

      owncloud

      1 Reply Last reply Reply Quote 3
      • JaredBuschJ
        JaredBusch
        last edited by JaredBusch

        Note: I do not have a trusted SSL certificate available to go on this server so I went with a self signed until letsencrypt.org gets into beta.

        To enable SSL on your ownCloud server is very simple.

        Install the apache module
        yum -y install mod_ssl

        Create a directory for the certificate to reside
        mkdir /etc/httpd/ssl

        Create a self signed certificate
        openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/owncloud.key -out /etc/httpd/ssl/owncloud.crt

        Fill out the certificate information. Make sure the Common Name matches the DNS name you will be using.
        Country Name (2 letter code) [XX]:US
        State or Province Name (full name) []:SomeState
        Locality Name (eg, city) [Default City]:SomeCity
        Organization Name (eg, company) [Default Company Ltd]:SomeCompany
        Organizational Unit Name (eg, section) []:SomeDept
        Common Name (eg, your name or your server's hostname) []:owncloud.domain.com
        Email Address []:someone@domain.com

        Edit the Apache config file for SSL (I like nano)
        nano /etc/httpd/conf.d/ssl.conf

        Find the DocumentRoot line and uncoment it.
        DocumentRoot "/var/www/html"

        Find the SSLCertificateFile and SSLCertificateKeyFile lines and change them to point to the location we created the SSL key and certificate
        SSLCertificateFile /etc/httpd/ssl/owncloud.crt
        SSLCertificateKeyFile /etc/httpd/ssl/owncloud.key

        Save file and exit nano

        Edit the ownCloud config
        nano /var/www/html/owncloud/config/config.php

        Add the DNS name to the trusted domains array
        1 => 'owncloud.domain.com',

        updated the overwrite.cli.url to use the DNS name
        'overwrite.cli.url' => 'https://owncloud.domain.com/owncloud',

        Save the file and exit nano

        Update the firewall to allow https
        firewall-cmd --zone=public --add-port=https/tcp --permanent
        firewall-cmd --reload

        Restart apache
        apachectl restart

        You can now access your ownCloud server via HTTPS. You will receive the typical self signed warning from any modern browser, but the service will work and be encrypted.

        1 Reply Last reply Reply Quote 1
        • JaredBuschJ
          JaredBusch
          last edited by JaredBusch

          Now that everything is working you need to create your DNS entries internally and externally and port forward 443 in your router to point to your ownCloud server.

          The only thing left is to get SELinux to play nice. The instructions on the ownCloud document site do not work. SO make sure to setenforce 0 after a reboot until we work that out.

          1 Reply Last reply Reply Quote 0
          • JaredBuschJ
            JaredBusch
            last edited by

            @jospoortvliet any feedback on the SELinux issues?

            If I set SELinux back to enforcing, I get an error that the config directory cannot be wrote to.

            I ran these commands as listed:

            semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/data'
            restorecon '/var/www/html/owncloud/data'
            semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/config'
            restorecon '/var/www/html/owncloud/config'
            semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/apps'
            restorecon '/var/www/html/owncloud/apps'

            But unless i use setenforce permissive it does not work.

            stacksofplatesS 1 Reply Last reply Reply Quote 0
            • dafyreD
              dafyre
              last edited by

              For free SSL, I've been using StartCom (http://www.startssl.com/?app=32). Works great in Desktop OSes... Still not trusted on mobile devices yet.

              JaredBuschJ coliverC 2 Replies Last reply Reply Quote 1
              • JaredBuschJ
                JaredBusch @dafyre
                last edited by

                @dafyre said:

                For free SSL, I've been using StartCom (http://www.startssl.com/?app=32). Works great in Desktop OSes... Still not trusted on mobile devices yet.

                You cannot do subdomains with them I believe? I looked into them once before and there was a problem with it, but I do not recall what.

                dafyreD 1 Reply Last reply Reply Quote 0
                • coliverC
                  coliver @dafyre
                  last edited by

                  @dafyre said:

                  For free SSL, I've been using StartCom (http://www.startssl.com/?app=32). Works great in Desktop OSes... Still not trusted on mobile devices yet.

                  I use them for my own OwnCloud instance. Works amazing. All of my Android phones recognized them as well.

                  1 Reply Last reply Reply Quote 1
                  • stacksofplatesS
                    stacksofplates @JaredBusch
                    last edited by stacksofplates

                    @JaredBusch said:

                    @jospoortvliet any feedback on the SELinux issues?

                    If I set SELinux back to enforcing, I get an error that the config directory cannot be wrote to.

                    I ran these commands as listed:

                    semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/data'
                    restorecon '/var/www/html/owncloud/data'
                    semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/config'
                    restorecon '/var/www/html/owncloud/config'
                    semanage fcontext -a -t httpd_sys_rw_content_t '/var/www/html/owncloud/apps'
                    restorecon '/var/www/html/owncloud/apps'

                    But unless i use setenforce permissive it does not work.

                    What if you just do

                    chcon -R -t httpd_sys_rw_content_t /var/www/html/owncloud/config
                    

                    You can also find another folder with the same label type and try it.

                    chcon -R --reference=<known good folder> /var/www/html/owncloud/config
                    
                    JaredBuschJ 1 Reply Last reply Reply Quote 1
                    • JaredBuschJ
                      JaredBusch @stacksofplates
                      last edited by

                      @johnhooks said:

                      What if you just do

                      chcon -R -t httpd_sys_rw_content_t /var/www/html/owncloud/config
                      

                      That worked. So now to understand why, because I admit to not knowing a lot about SELinux.

                      Did not the semanage command set the security context as expected? Would this imply that potentially, the other commands also did not do what was expected fo rthe /data and /apps folders?

                      stacksofplatesS 1 Reply Last reply Reply Quote 0
                      • stacksofplatesS
                        stacksofplates
                        last edited by stacksofplates

                        This post is deleted!
                        1 Reply Last reply Reply Quote 0
                        • stacksofplatesS
                          stacksofplates @JaredBusch
                          last edited by

                          @JaredBusch said:

                          @johnhooks said:

                          What if you just do

                          chcon -R -t httpd_sys_rw_content_t /var/www/html/owncloud/config
                          

                          That worked. So now to understand why, because I admit to not knowing a lot about SELinux.

                          Did not the semanage command set the security context as expected? Would this imply that potentially, the other commands also did not do what was expected fo rthe /data and /apps folders?

                          Was there data in the folder before the context change? If so they didn't add the -R for the restorecon command. Chcon doesn't create a permanent change, so you should be able to type:

                          restorecon -R  -v /var/www/html/owncloud/config
                          

                          And it will put everything back the way it was. Then if you type

                          ls -lZ /var/www/html/owncloud/config
                          

                          it will list the context for all of the files in the config folder. If they are back to the original context but the parent folder isn't, that's what happened. If not something else happened.

                          1 Reply Last reply Reply Quote 1
                          • stacksofplatesS
                            stacksofplates
                            last edited by stacksofplates

                            And after a little more looking around, even if you use the -R on restorecon it still wouldn't work. That's because the semanage command they have listed doesn't change the files inside. It should look like this:

                            semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/owncloud/config(/.*)?"
                            

                            Then it will include everything inside the folder.

                            So it would seem you would have to run that for each folder again.

                            If you pass -v with restorecon it will show you all the files it changed so you can make sure it did it correctly.

                            JaredBuschJ 1 Reply Last reply Reply Quote 0
                            • JaredBuschJ
                              JaredBusch @stacksofplates
                              last edited by

                              @johnhooks said:

                              And after a little more looking around, even if you use the -R on restorecon it still wouldn't work. That's because the semanage command they have listed doesn't change the files inside. It should look like this:

                              semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/owncloud/config(/.*)?"
                              

                              Then it will include everything inside the folder.

                              So it would seem you would have to run that for each folder again.

                              If you pass -v with restorecon it will show you all the files it changed so you can make sure it did it correctly.

                              I have not had time to circle back to this, but I will. thanks.

                              1 Reply Last reply Reply Quote 1
                              • JaredBuschJ
                                JaredBusch
                                last edited by JaredBusch

                                More stupid issues with ownCloud. The system I setup while creating these instructions is wokring normally for the users. But here is more evidence that ownCloud just does not quite get things right...

                                This is what greats me when logged in to the settings tab as an administrator.

                                dmMHYbN.jpg

                                1 Reply Last reply Reply Quote 0
                                • stacksofplatesS
                                  stacksofplates
                                  last edited by

                                  I set up an ownCloud system one time, but I did find that Seafile seems to sync much faster. They've also come a long way with their web interface.

                                  1 Reply Last reply Reply Quote 0
                                  • JaredBuschJ
                                    JaredBusch
                                    last edited by JaredBusch

                                    ownCloud is REALLY making it hard to love them. My personal system setup last year has issues, but it was hacked together in CentOS 7 before the EPEL was even out for 7. I expected problems.

                                    But this new install is now up but without disc space because I assumed (wrongly) that ownCloud would put their default data directory in whatever their install kit makes the largest ext3 partition. Nope..
                                    The default location is /var/www/html/owncloud/data. A 50GB partition from a 300 GB vdisk.

                                    [root@owncloud ~]# df -h
                                    Filesystem               Size  Used Avail Use% Mounted on
                                    /dev/mapper/centos-root   50G   18G   33G  36% /
                                    devtmpfs                 232M     0  232M   0% /dev
                                    tmpfs                    241M     0  241M   0% /dev/shm
                                    tmpfs                    241M  4.3M  236M   2% /run
                                    tmpfs                    241M     0  241M   0% /sys/fs/cgroup
                                    /dev/sda2                497M  129M  368M  26% /boot
                                    /dev/sda1                200M  9.8M  191M   5% /boot/efi
                                    /dev/mapper/centos-home  249G   33M  249G   1% /home
                                    
                                    1 Reply Last reply Reply Quote 1
                                    • JaredBuschJ
                                      JaredBusch
                                      last edited by JaredBusch

                                      I moved everything easily enough, but my point is that a default install should handle this.

                                      To move everything shut down the webserver
                                      systemctl stop httpd

                                      Create the directory structure up to just before the /data folder. IN my case I wanted to simply move it to /home/owncloud/data.
                                      mkdir /home/owncloud

                                      Now move the data folder.
                                      mv /var/www/html/owncloud/data /home/owncloud/data

                                      Change ownership to apache
                                      chown -R apache:apache /home/owncloud/data

                                      Update SELinux
                                      semanage fcontext -a -t httpd_sys_rw_content_t "/home/owncloud/data(/.*)?"

                                      Edit the ownCloud config file to reflect the new location
                                      sed -i -e 's/\/var\/www\/html\/owncloud\/data/\/home\/owncloud\/data/' /var/www/html/owncloud/config/config.php

                                      Restart the webserver
                                      systemctl start httpd

                                      1 Reply Last reply Reply Quote 2
                                      • JaredBuschJ
                                        JaredBusch
                                        last edited by

                                        Now it all looks like this.

                                        [root@owncloud ~]# df -h
                                        Filesystem               Size  Used Avail Use% Mounted on
                                        /dev/mapper/centos-root   50G  1.4G   49G   3% /
                                        devtmpfs                 232M     0  232M   0% /dev
                                        tmpfs                    241M     0  241M   0% /dev/shm
                                        tmpfs                    241M  4.3M  236M   2% /run
                                        tmpfs                    241M     0  241M   0% /sys/fs/cgroup
                                        /dev/sda2                497M  129M  368M  26% /boot
                                        /dev/sda1                200M  9.8M  191M   5% /boot/efi
                                        /dev/mapper/centos-home  249G   34G  215G  14% /home
                                        
                                        1 Reply Last reply Reply Quote 0
                                        • dafyreD
                                          dafyre @JaredBusch
                                          last edited by

                                          @JaredBusch said:

                                          @dafyre said:

                                          For free SSL, I've been using StartCom (http://www.startssl.com/?app=32). Works great in Desktop OSes... Still not trusted on mobile devices yet.

                                          You cannot do subdomains with them I believe? I looked into them once before and there was a problem with it, but I do not recall what.

                                          I've not had any problems with the subdomains. They just make you verify that you own the top level domain.... It works great so far.

                                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @dafyre
                                            last edited by

                                            @dafyre said:

                                            @JaredBusch said:

                                            @dafyre said:

                                            For free SSL, I've been using StartCom (http://www.startssl.com/?app=32). Works great in Desktop OSes... Still not trusted on mobile devices yet.

                                            You cannot do subdomains with them I believe? I looked into them once before and there was a problem with it, but I do not recall what.

                                            I've not had any problems with the subdomains. They just make you verify that you own the top level domain.... It works great so far.

                                            I never tried. I stopped when I seen this. See, I apparently was not paying attention to detail and assumed.. My cert is now created, thanks!

                                            otsGn8i.jpg

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 3 / 3
                                            • First post
                                              Last post