The goal today: replacing DropBox with ownCloud. This assumes no web server was previously installed.
- Files accessible from the internet
- Ability to synchronize a folder on multiple computers / devices with the main server
- Transferring data in a secure way, hopefully more secure than Dropbox
We’ll do it from the command line via SSH.
Install the dependencies
The ownCloud website proposes to run
apt-get install apache2 php5 php5-json php-xml php-mbstring php5-zip php5-gd
but that returns several error messages:
Note, selecting 'php5-common' instead of 'php5-json' E: Unable to locate package php-xml E: Unable to locate package php-mbstring E: Unable to locate package php5-zip
I then tried:
apt-get update apt-get upgrade apt-get install apache2 php5 php5-json php5-gd php5-sqlite curl libcurl3 libcurl3-dev php5-curl php5-common php-xml-parser apt-get install sqlite
And it worked much better. I also ran
afterwards to clean installed packages, but that is not required.
Download and install ownCloud
Download the latest version from ownCloud website:
cd Downloads/ wget http://owncloud.org/releases/owncloud-4.0.6.tar.bz2 tar -xjf owncloud-4.0.6.tar.bz2 mv -r owncloud /var/www rm owncloud-4.0.6.tar.bz2 chown -R www-data:www-data /var/www
note: www-data is the default group / user used by the apache server.
The official website recommends to enable .htaccess and mod_rewrite. The first part is done by editing the 000-default file:
and setting AllowOverride to All
(in vi: select the N of None in “AllowOverride None” and press R (replace), type All, Escape, select the extra e and Delete. Type : x to exit and save.)
The second part is done with the following commands:
a2enmod rewrite a2enmod headers service apache2 restart
Securing the server
At the end of the previous step, we have a working ownCloud server. But connections are not encrypted (file content and user/password information), which is a no go.
Creating a Certificate Authority (CA)
That’s a required step to be able to issue the certificate that will be used by the web server.
First edit /etc/ssl/openssl.cnf file, especially:
dir = /root/sslCA default_days = 3650 # 10 years default_bits = 2048 # recommended by NSA until 2030 countryName_default = UK 0.organizationName_default = organization name
We will now create the CA in the root directory with permission 700:
cd ~root/ mkdir sslCA chmod 700 sslCA cd sslCA mkdir certs private newcerts echo 1000 > serial touch index.txt openssl req -new -x509 -days 3650 -extensions v3_ca \ -keyout private/cakey.pem -out cacert.pem \ -config /etc/ssl/openssl.cnf Country Name (2 letter code) [UK]: State or Province Name (full name) [Some-State]:. Locality Name (eg, city) :London Organization Name (eg, company) [company]: Organizational Unit Name (eg, section) : Common Name (eg, YOUR name) :web.server.ip.address OR url Email Address :firstname.lastname@example.org Please enter the following 'extra' attributes to be sent with your certificate request A challenge password : An optional company name :
You can enter . to enter a blank information or press [enter] to keep the default value. The Country, State, Organization Name and Common Name fields seem mandatory.
Generating a Certificate for apache
Create the SSL request:
> openssl req -new -nodes \ -out apache-req.pem \ -keyout private/apache-key.pem \ -config /etc/ssl/openssl.cnf
Generate the certificate and copy the files to the ssl directory:
> openssl ca \ -config /etc/ssl/openssl.cnf \ -out apache-cert.pem \ -infiles apache-req.pem mkdir /etc/ssl/crt mkdir /etc/ssl/key cp apache-cert.pem /etc/ssl/crt cp private/apache-key.pem /etc/ssl/key
Enable HTTPS on the apache server
> a2enmod ssl mkdir /var/www/logs cd /etc/apache2/conf.d vi httpd-ssl.conf <VirtualHost *:443> ServerName web.server.ip.address SSLEngine on SSLCertificateFile /etc/ssl/crt/apache-cert.pem SSLCertificateKeyFile /etc/ssl/key/apache-key.pem DocumentRoot /var/www/owncloud CustomLog /var/www/logs/ssl-access_log combined ErrorLog /var/www/logs/ssl-error_log </VirtualHost> service apache2 restart
You can now type https://web.server.ip.address in a browser and the ownCloud login page should appear.
Note: I got various emails reporting an error in PHP:
PHP Warning: PHP Startup: Unable to load dynamic library ‘/usr/lib/php5/20090626+lfs/sqlite.so’ – /usr/lib/php5/20090626+lfs/sqlite.so: cannot open shared object file: No such file or directory in Unknown on line 0
This warning was cleared by commenting out the second line in /etc/php5/conf.d/sqlite.ini with a ;
Synchronizing with a windows computer and mobile devices
- I installed the Windows Client and… it does not work (can’t connect to the site blablabla)… Hum… Using the default WebClient service on Windows 7 did not work (apparently because of issues with SSL). I tried cyberduck and it seems to work fine to read / write files but the synchronizing process is cumbersome…
- On Android, ES File Explorer was able to access owncloud by setting a new FTP / WEBDAV server – the address is web.server.ip.address/files/webdav.php