Part 1: Introduction
Part 2: Installing Debian 8
Part 3: Installing ownCloud 8
Part 4: Connecting to Active Directory
Part 5: Security
Part 6: Miscellany
Part 7: Server maintenance

In this part we’ll install ownCloud on the VM we installed earlier. We’ll focus on getting it working. I’ll cover security in a later part of this series.

These are the topics:



Installing ownCloud
Although it is possible to download and extract ownCloud from the ownCloud website it is easier to add its repository to your server. The advantages are:
– File permissions are set reasonably
– a basic config file is created
– dependencies are installed

OwnCloud now hosts its own repositories for a number of distributions including Debian 8. From the ownCloud site:

Create the repository file:

sh -c "echo 'deb http://download.owncloud.org/download/repositories/8.2/Debian_8.0/ /' >> /etc/apt/sources.list.d/owncloud.list"

Download and install the key so you trust the repository and won’t get bothered every time you update your sources:

# wget -nv https://download.owncloud.org/download/repositories/8.2/Debian_8.0/Release.key -O Release.key
# apt-key add - < Release.key

Note that for ownCloud 9 (and probably all new releases for Debian 8) you should use

# wget -nv https://download.owncloud.org/download/repositories/stable/Debian_8.0/Release.key -O Release.key
# apt-key add - < Release.key
# sh -c "echo 'deb http://download.owncloud.org/download/repositories/stable/Debian_8.0/ /' >> /etc/apt/sources.list.d/owncloud.list"

Source

I suggest you then delete the key as it’s no longer needed:

# rm Release.key

Update your sources:

# aptitude update

Install ownCloud from the new repository:

# aptitude install owncloud-server

Note that for ownCloud 9 you must use

# aptitude install owncloud-files

Installing more dependencies
# aptitude install mysql-server mysql-client
During installation you’ll need to enter a MySql root password. Remember this password.
You don’t need to install php5-mysql because ownCloud installed php5-mysqlnd. The ‘nd’ stands for native driver. It is a MySql driver tailored to PHP (source).

Creating a database
I’m using an imaginary password “P@ssw0rd” (without the quotes). This may be the same as the root password you entered when installing MySql but it’s better if you choose a different password. The user we’re creating can be named anything but ‘ocuser’ seems like a good name. The same goes for the database. You can name it Santaclaus but naming it ‘owncloud’ makes it easier to troubleshoot if necessary. Replace underneath commands with your own values.

MySql is not case sensitive; the upercase is just convention. Don’t forget the ; at the end of the statements. If you do just type ; at the next prompt.

At the ‘GRANT ALL PRIVILEGES’ command the word ‘owncloud’ is the name of the database you created; not necessarily the server’s host name.

If you get an error verify if you typed the command correctly. If you did paste the error in Google.

# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 43
Server version: 5.5.44-0+deb8u1 (Debian)

Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> CREATE DATABASE owncloud;
Query OK, 1 row affected (0.00 sec)

mysql> CREATE USER ocuser;
Query OK, 0 rows affected (0.00 sec)

mysql> SET PASSWORD FOR ocuser=PASSWORD("P@ssw0rd");
Query OK, 0 rows affected (0.00 sec)

mysql> GRANT ALL PRIVILEGES ON owncloud.* TO ocuser@localhost IDENTIFIED BY 'P@ssw0rd';
Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.00 sec)

mysql> EXIT
Bye

Enable the site in Apache
In /etc/apache2/sites-available/000-default.conf change the following:

ServerAdmin your@email.address
DocumentRoot /var/www/owncloud

Create a data folder and allow Apache to write to it:

# mkdir /var/ownclouddata
# chown www-data:www-data /var/ownclouddata

Or whereever you want to store your ownCloud data. The users’ files will be stored here. Do not use a location in the ownCloud web directory (/var/www/owncloud). ‘/var’ stands for ‘variable’ – it is traditionally the location to store stuff that can vary in size. /var/ownclouddata therefor is a good choice.

Restart Apache:

# service apache2 restart

Normally after changing a site configuration reloading Apache would suffice. Now however we’ve changed more stuff and noone is using the server anyway so we just restart it.
Don’t try and create the /var/www/owncloud/config/config.php file yet. It will be created after you ran the webbased setup.

Webbased setup
Open your browser and point it to http://192.168.1.3.

oc8ad_054

I recommend creating a dedicated admin account, just as you do on your servers.

oc8ad_055

The account I’m creating:
Username: owncloudadmin
password: P@ssw0rd

Click ‘Storaga & database’. Set the data folder location to /var/ownclouddata or whereever you want to store your data. Click MySQL/MariaDB and enter these database values:
Database user: ocuser
Database password: P@ssw0rd
Database name: owncloud
Fourth database field: localhost

If you can’t get past the setup screen because your database credentials are wrong even though you are sure they’re not, delete (drop) the user and recreate it. Grant the user the privileges, flush the privileges and try again:

mysql> DROP USER ocuser@*;
mysql> FLUSH PRIVILEGES;
mysql> SET PASSWORD FOR ocuser=PASSWORD("P@ssw0rd");
mysql> Query OK, 0 rows affected (0.00 sec)
mysql> GRANT ALL PRIVILEGES ON owncloud.* TO ocuser@localhost IDENTIFIED BY 'P@ssw0rd';
mysql> FLUSH PRIVILEGES;
mysql> EXIT

Click Finish setup.

oc8ad_056

If all goes well you’ll be greeted by the First time wizard. In my case I need to check and double-check my database username and password, try again and then try some more. But eventually it works. Most of the time.

From the user’s menu choose Admin.

oc8ad_058

Note that there are several warnings:

  • HTTP/S: we’ll get to that in the Security chapter.
  • Transactional logging: it’s a performance thing and I haven’t got it working yet. Installing Redis as ownCloud suggests breaks webDAV and apparently Android syncing so let’s do that another day.
  • Memory cache: we can do that one right away.



Enabling the cache
There’s a bunch of options when it comes to caching. Read all about it on the ownCloud website. I chose the one that’s good and simple to setup.

Install php5-apcu

# aptitude install php5-apcu
# service apache2 reload

oc8ad_059

Tell ownCloud which caching mechanism you want to use:
In ownCloud’s configuration file, /var/www/owncloud/config/config.php, add the following line to the second last line, just before “);”.

'memcache.local' => '\OC\Memcache\APCu',

Don’t forget the last comma.

oc8ad_060

Refresh the page and the warning should be gone. We’ll deal with the other warnings later on.

Logging
This part is optional but if you’re going to use Fail2ban later you’ll want to pay attention here. I like to have ownCloud log to /var/log/owncloud.log; I find it easier to troubleshoot. You can read the ownCloud log from the Admin section on the web interface but that’s not always convenient.

OwnCloud runs from the www-data account (the wwwserver user in Debian). By default it can’t write to /var/log so we need to change the permissions.

Create the file so we have something to change the permissions on:

# touch /var/log/owncloud.log

Set ownership and permissions:

# chown www-data:www-data /var/log/owncloud.log
# chmod 640 /var/log/owncloud.log

As there is now nothing left for us in the /var/www/owncloud/data directory let’s just delete it:

# rm -r /var/www/owncloud/data

oc8ad_061

(Don’t mind the double slashes at memcache.local; ownCloud does this and it doesn’t change the caching.)

In /var/www/owncloud/config/config.php add these options:

'logfile' => '/var/log/owncloud.log',
'loglevel' => 1,
'logtimezone' => 'Europe/Amsterdam',

‘logtimezone’ is necessary for Fail2ban to work. It doesn’t hurt to set the correct timezone if you’re not planning on using Fail2ban either so I suggest you add it. If you are unsure about your timezone look it up here: http://php.net/manual/en/timezones.php

The loglevel entry is optional. From the ownCloud documentation: “Loglevel to start logging at. Valid values are: 0 = Debug, 1 = Info, 2 = Warning, 3 = Error. The default value is Warning.” So if you leave this setting out you will find warnings and errors in the logfile. If you’re troubleshooting you may want to decrease this value. Keep in mind that at level 0 everything is logged including all up and downloads so revert to a more sane level afterwards.

Now if you’re troubleshooting ownCloud do

# tail -f /var/log/owncloud.log

Any actions you take in ownCloud that are logged show up in this file.

Next time: connecting ownCloud to Active Directory.