Owncloud on Centos with nginx and mysql
In this post I am going to show you how to install the free owncloud server. I will be using Centos , Nginx , mysql and PHP-FPM .
I am not a huge fan of Apache, hence why this guide has nginx! Sadly some our dependencies will pull in Apache web server under Centos. Not to worry just don't enable Apache/httpd.
Lets get stuck into it.
- Firstly Disable selinux Edit the file "/etc/selinux/config" and ensure the selinux is disabled :
SELINUX=disabled
- Next your going to need to add in the ngix repo Create the file "/etc/yum.repos.d/nginx.repo" and enter the following into it :
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
- Now its time to install all the packages you will need to run owncloud.
Install :
yum install mysql mysql-server
yum install nginx
yum install php php-gd php-xml-parser php-intl php-mysql php-mbstring php-xml php-fpm php-pear php-devel pcre-devel
Not the above command will pull in httpd! Yuck! Sadly you have no choice on Centos :
# repoquery --requires php
httpd
httpd-mmn = 20051115
...SNIPED OUTPUT...
That's OK. Just don't enable the silly thing.
Lastly since you're using nginx and not apache you need to fix the default php cache directory permissions. Run the following :
# chown -R root:nginx /var/lib/php/
Ensure to start nginx and set it to start on boot :
# service nginx start
# chkconfig nginx on
- Since nginx has no way to spawn a php process, unlike apache with mod_php you need to have anoter proces that can handle the php requests. This is where php-fpm comes into play.
You need to configure a few settings first.
The first settings are for the main server settings. Edit the file "/etc/php-fpm.conf" set the following :
log_level = notice
emergency_restart_threshold = 10
process_control_timeout = 10s
Next you need to fix up the worker config file : Edit the file" /etc/php-fpm.d/www.conf" and set the following:
user = nginx
group = nginx
You also need to fix the permissions for the php-fpm log directory. Run the following command :
chown nginx:nginx -R /var/log/php-fpm/
Enable services to start on boot :
# service php-fpm start
# chkconfig php-fpm on
- Now its time for Mysql ( You could try MariaDB if your feeling lucky). For now I will stick with Mysql.
First you need to start mysql and while your at it, set it to start on boot :
# service mysqld start
# chkconfig mysqld on
Now run the first time install wizard :
/usr/bin/mysql_secure_installation
Set a root password to something secure. Answer the questions with the following responses :
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
- Since your going to use the tarball install rather then the RPM package your going to need to create your databases and privileges for owncloud.
Log into mysql as the root user :
# mysql -u root -p
Give it the root password you set during the start up script.
Now run the following SQl to create the database and assign privileges:
mysql> create database owncloud;
mysql> GRANT ALL PRIVILEGES ON owncloud.* TO "mycloud"@"localhost" IDENTIFIED BY "password";
mysql> flush privileges;
mysql> quit
DO set a better password. DO NOT use the same password as the root account or any other account. This password will be stored in plain text !
- Now its time to unroll the owncloud files into the server. Install the latest OwnCloud distribution (Select Tar or Zip File) from http://owncloud.org/install/
At the time of this article I used the command :
# wget http://download.owncloud.org/community/owncloud-5.0.3.tar.bz2
Extract the tarball into your web servers www directory ( or where ever you configured it). In my case :
# tar -xvf owncloud-5.0.3.tar.bz2 -C /cloud/www/
I will configure nginx to serve files form this directory later.
You will also need to set the correct permissions :
chown -R nginx:nginx /cloud/www/
- You could skip this section and run everything in plain text but that would be stupid. I will be using NameCheep's Comodo PositiveSSL certificate, as I've used them many times
First up create the ssl working directory for nginx
# mkdir /etc/nginx/ssl
Now change into that directory, its time to create the key and csr request.
# cd /etc/nginx/ssl
# openssl genrsa -des3 -out DOMAIN_NAME.COM.key 2048
Enter a password when prompted by the above command, the password is not important we will remove it soon. Replace DOMAIN_NAME.COM with your fully qualified server domain name.
Now generate the CSR :
# openssl req -new -key DOMAIN_NAME.COM.key -out DOMAIN_NAME.COM.csr
Answer the questions and make sure the server common name matches your fully qualified domain name. You don't need to enter the "extra" attributes. The contents of the .csr file is what I will give to my certificate issuer.
Remove the password from the key with the following commands :
# mv DOMAIN_NAME.COM.key DOMAIN_NAME.COM.org
# openssl rsa -in DOMAIN_NAME.COM.org -out DOMAIN_NAME.COM.key
Enter the password for the last time, now the .key file will have no password.
Now upload the contents of the .csr file to NameCheep, select server type of "Other". Then wait for the approval email from NameCheep.
Once you have zip file that contains the certificate, root certificate and intermediate certificate. You need to bundle them into a .pem file for nginx. Unzip the bundle anywhere we will copy pem file to the correct location later. Create the .pem bundle with the following commands :
# cat DOMAINNAME.COM.crt > DOMAINNAME.COM.pem
# cat PositiveSSLCA2.crt > DOMAIN_NAME.COM.pem
# cat AddTrustExternalCARoot.crt > DOMAIN_NAME.COM.pem
Now copy the DOMAIN_NAME.COM.pem file into /etc/nginx/ssl directory.
- Finally its time to configure nginx it self. The first file your going to set up will be the main server config file. You can find it at "/etc/nginx/nginx.conf" Open it and replace all the contents with the below :
## Server Config
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
multi_accept on;
use epoll;
}
## Server Config END
http {
## Types mapping
include /etc/nginx/mime.types;
default_type application/octet-stream;
## Types mapping END
## Main Server log settings
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
## Main Server log settings END
## MISC server settings
sendfile on;
server_names_hash_bucket_size 64;
## MISC server settings END
## GZIP Settings
gzip on;
gzip_static on;
gzip_vary on;
## GZIP Settings END
## Security Settings
# Turn off srv version
server_tokens off;
# Set client requst body buffer
client_body_buffer_size 1K;
# set client header buffer
client_header_buffer_size 1k;
# Max size of client body request
client_max_body_size 1k;
# Max large size of header/buffer to read from client
large_client_header_buffers 2 1k;
# Read timeout for client body
client_body_timeout 10;
# Timeout to read client header
client_header_timeout 10;
# timeout for keepalive andheader keep alive
keepalive_timeout 5 5;
# Timeout for client responce
send_timeout 10;
## Security Settings END
## Include Server Blocks
include /etc/nginx/conf.d/*.conf;
## Include Server Blocks END
}
The next file defines the server blocks and there settings. Create a file "/etc/nginx/conf.d/" Give it a name like DOMAIN_NAME.COM.conf. The following was mostly taken from the owncloud install guide . With a few modifications for my needs.
server {
listen [::]80;
listen 80;
server_name DOMAIN_NAME.COM;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen [::]:443;
listen 443;
server_name DOMAIN_NAME.COM;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
root /cloud/www/owncloud;
ssl on;
ssl_certificate /etc/nginx/ssl/DOMAIN_NAME.COM.pem;
ssl_certificate_key /etc/nginx/ssl/DOMAIN_NAME.COM.key;
client_max_body_size 10G;
fastcgi_buffers 64 4K;
rewrite ^/caldav((/|$).*)$ /remote.php/caldav$1 last;
rewrite ^/carddav((/|$).*)$ /remote.php/carddav$1 last;
rewrite ^/webdav((/|$).*)$ /remote.php/webdav$1 last;
index index.php;
error_page 403 = /core/templates/403.php;
error_page 404 = /core/templates/404.php;
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
location / {
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
}
location = /favicon.ico {
return 204;
access_log off;
log_not_found off;
}
location ~ ^(.+?\.php)(/.*)?$ {
try_files $1 = 404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /cloud/www/owncloud$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_pass 127.0.0.1:9000;
}
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
Ensure you change all the "DOMAIN_NAME.COM" to your real servers fully qualified domain name.
Restart nginx after changing the above to config files.
- To be able to upload any files bigger then 1MB you need to edit the php.ini file.
Open the file "/etc/php.ini" and set the following :
upload_max_filesize = 8G
post_max_size = 10G
This will allow you to upload an 8GB file, Set the vales to something that makes sense to you.
- So very close now. Browse to your servers DNS name. Enter a username and password for the owncloud admin account. Try make this different too. Next select the "advance install" drop down item. Select "mysql" and enter the DB user,pass and DB name. The above details are what you set up in step 4.
After that, create some users and have fun!.
There are obviously more things that can/could be done. Server Harding, mysql tuning better data structure placement etc but I will leave that up to you. The above guide will get you a functional owncloud install with Nginx m Mysql and php-fpm. Enjoy!