Sunday, November 18, 2012

Installing OwnCloud on Ubuntu Server 12.10 with SSL HTTPS

UPDATE: Owncloud v6.0.3 on Ubuntu 14.04 posted here.

Thought I would try out installing OwnCloud on Ubuntu Server 12.10 and after searching couldn't find exactly the install that would work.

So here goes on what I've been able to find out and what's working for me.  Please feel free to add in the comments better security features as I'm definitely not a linux security guy.

1. Install Ubuntu Server with OpenSSH and LAMP.

2. Update the OS.  Change over to admin privleges.  It's just easier with all the commands.  If you chose not to just add sudo before each command that follows.

sudo su

apt-get update

apt-get upgrade

3. I found with some installs there were more programs added but the default 12.10 install wouldn't recognize them so i removed them and things appear to be running fine.

apt-get install php5 php5-common php5-gd php5-sqlite curl php5-curl

4. Download OwnCloud.  At the time of this writing the current version was 4.5.2 so substitute for the latest.

wget http://mirrors.owncloud.org/releases/owncloud-4.5.2.tar.bz2

5. Extract OwnCloud.

tar xvf  owncloud-4.5.2.tar.bz2

6. Move OwnCloud to the /var/www directory. 

mv owncloud/ /var/www/

7. Set permission on the owncloud directory to work with apache2.

chown -R www-data:www-data /var/www/owncloud

8. Log into your OwnCloud.

http://<ip>/owncloud

9. Set your admin login and password.

10. The data directory should have been created now.

11. Move the data directory out of the /var/www/owncloud/data file structure.

mv /var/www/owncloud/data /

12. Edit the /var/www/owncloud/config/config.php to point to the current location of the data directory.

nano /var/www/owncloud/config/config.php

'datadirectory' => '/data',

13. Didn't like the default cloud upload size of 2M or php's default...which ever.

nano /etc/php5/apache2/php.ini

post_max_size = 4G
cgi.fix_pathinfo = 0
upload_max_filesize = 4G
date.timezone = "America/New_York"

14. To make should that apache2 will allow changes during the uploads I think modify the defaults.

nano /etc/apache2/sites-available/default

DocumentRoot /var/www
<Directory />
     Options FollowSymLinks
     AllowOverride All

nano /etc/apache2/sites-available/default-ssl

DocumentRoot /var/www
<Directory />
     Options FollowSymLinks
     AllowOverride All

15. Now to get https ssl working with OwnCloud I created self-signed certs.  End a self signed password that you will remember as it will ask you again.

openssl genrsa -des3 -out /etc/ssl/server.key 4096

openssl req -new -key /etc/ssl/server.key -out /etc/ssl/server.csr

openssl x509 -req -days 3650 -in /etc/ssl/server.csr -signkey /etc/ssl/server.key -out /etc/ssl/server.crt

openssl rsa -in /etc/ssl/server.key -out /etc/ssl/server.key.insecure

mv /etc/ssl/server.key /etc/ssl/server.key.secure

mv /etc/ssl/server.key.insecure /etc/ssl/server.key

mkdir /etc/apache2/ssl

cp /etc/ssl/server.key /etc/apache2/ssl

cp /etc/ssl/server.crt /etc/apache2/ssl

16. Start https port 443


a2enmod ssl

17. Activate the service.


ln -s /etc/apache2/sites-available/default-ssl /etc/apache2/sites-enabled/000-default-ssl

18. This prevents apache2 from complaining.


echo "ServerName localhost" >> /etc/apache2/apache2.conf

19. Restart apache2.


/etc/init.d/apache2 restart

20. You should be able to login to https://<IP>/owncloud now.

21. If you want remote clients to be able to connect you will have to properly link the ssl certs within apache2.  Comment # out the existing and add the ones we created above.

nano /etc/apache2/sites-available/default-ssl

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on
#   A self-signed (snakeoil) certificate can be created by installing

#   the ssl-cert package. See
#   /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
#   If both key and certificate are stored in the same file, only the
#   SSLCertificateFile directive is needed.
SSLCertificateFile      /etc/apache2/ssl/server.crt
SSLCertificateKeyFile   /etc/apache2/ssl/server.key
#   SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
#   SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

22. Also add the following to the top of the file /etc/apache2/sites-available/default-ssl.  Change <your dynmanic server name> to your OwnCloud domain name.

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
        ServerAdmin webmaster@localhost
        ServerName <your dynamic server name>
        DocumentRoot /var/www 


UPDATE 5 Feb 2013

UPDATING YOUR INSTALLATION

Use sudo on commands or switch to root via sudo su

1. Check your version by going to your owncloud via the web interface.  Login via your admin account.  Select settings (bottom left pane).  Select Admin.  Scroll to see the version in the right pane at the bottom.  When updating make sure you stay with that version 4.0.3 --> 4.0.6 or 4.5.2 --> 4.5.6.  Get it?  If you are upgrading to an entirely new version see that documentation.

2. This is assuming you are located under your root user directory. /home/<username>

3. Download the must recent version.

4. sudo wget http://mirrors.owncloud.org/releases/owncloud-4.5.6.tar.bz2

5. Unpack

6. sudo tar -xjvf owncloud-4.5.6.tar.bz2

7. Backup your owncloud directory in case something goes wrong.

8. sudo rsync -a /var/www/owncloud/ owncloud_bkp`date +"%Y%m%d"`/

9. Backup your data directory in case something goes wrong.

10. sudo rsync -a /data/ owncloud_data_bkp`date +"%Y%m%d"`/

11. Save a copy of your config file.  Mark the file with the old version number.

12. sudo cp /var/www/owncloud/config/config.php /var/www/owncloud/config/config-4.5.2.php

13. Sync the new version files with your old.

14. sudo rsync --inplace -rtv owncloud /var/www/

15. Clean up the new version.

16. sudo rm -rf owncloud  

17.  Should be able to restart your server and check the version again to ensure the update took.