From Fedora Project Wiki

Revision as of 20:52, 21 July 2014 by Germano (talk | contribs) (Brand new edition of Owncloud installation guide, with all main security features enabled)

ownCloud is a AGPLv3 private file server


Owncloud is a software for creating a personal cloud system. Here, an installation guide for the server side.

Features

  • Online file storage
  • Android compatibility
  • Contacts(CarDAV) and calendar (CalDAV) synchronization
  • Music streaming
  • Many more

Installation

# yum install owncloud

SSL certificate configuration

In order to have secure communications between host and server, you need to generate a key and a certificate

# yum install crypto-utils

# genkey hostname

Answer "no" to the question "Would you like to send a Certificate Request (CSR) to a Certificate Authority (CA)?"

To allow httpd service to use SSL, you need to install proper dependencies

# yum install mod_ssl openssl

and apply the following editings to

/etc/httpd/conf.d/ssl.conf

putting at the bottom

SSLCertificateFile /etc/pki/tls/certs/hostname.crt
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key

To force SSL usage in Owncloud server:

# nano /etc/owncloud/config.php

e modify entry

'forcessl' => false

as the following one

'forcessl' => true,


To create admin user, insert into the browser (ignoring warning about unsigned certificate)

localhost/owncloud

Grant remote access to the server

Firewall configuration

You need to find out the active firewall zone

# firewall-cmd --list-all-zones | grep active

in our case:

public (default, active)

then we will use the following commands to allow access to http and https services

# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=https
# systemctl restart firewalld

Configuring Apache permissions

In order to allow access to remote hosts, you need to configure Apache's

/etc/httpd/conf.d/owncloud.conf

as the following example:

<IfModule mod_authz_core.c>
# Apache 2.4
#Require local
Require all granted
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
#Deny from all
#Allow from 127.0.0.1
#Allow from ::1
Allow from all
</IfModule>

Configuration of exposed IP addresses

Finally you need to set into configuration file

/etc/owncloud/config.php

at entry

array (
   0 => 'localhost',
)

the IP addresses with which the server will be exposed outside (both LAN and WAN). An example of configuration with IP addresses for both LAN and WAN is:

array (
   0 => 'localhost',
   1 => '192.168.1.100',
   2 => '200.100.1.100',
)

Troubleshooting

Dynamic IP adress

If you have a dynamic IP address you can configure a dynamic DNS client, for example inadyn-mt to update your ip for your DNS server account


Resources