How To Install OwnCloud on CentOS
All the configurations that you must perform to install Owncloud in CentOS.
OwnCloud is an open platform that offers higher productivity and security in the digital collaboration of organizations.
OwnCloud facilitates the secure exchange of business files, which are stored on the company's servers, thus promoting the integration of the IT infrastructure that we administer.
Step 1: Install Nginx & PHP7-FPM
Before installing Nginx and PHP7-FPM, it is necessary to add the EPEL repository which contains additional software that is not available in the CentOS base repository. To install it, we will execute the following command:
yum -y install epel-release
Now, we can install NGINX by running the following command:
yum -y install nginx
Now it will be necessary to add another repository for PHP7-FPM. And for this we will install the webtatic repository as follows:
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
Now, we are going to install PHP7-FPM with some additional packages in the following way:
yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json
Once this process is finished, we will verify the PHP version with the following command:
php -v
Step 2: Configure PHP7-FPM
Now, we are going to configure PHP7-FPM to be executed with NGINX, PHP7-FPM will run under the nginx user and will listen on port 9000.
We must edit the PHP7-FPM default configuration with our desired editor like this:
nano /etc/php-fpm.d/www.conf
Once we enter this file we will make the following changes:
In lines 8 and 10 we establish the following:
user = nginx group = nginx
On line 22 we verify this:
listen = 127.0.0.1:9000
On lines 366 to 370, we must uncomment the following lines:
env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/bin:/usr/bin:/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp
Once this is done, save the file using the Ctrl + O keys and exit it using Ctrl + X.
Now, we will create a new directory for the login in the /var/lib/directory and modify the owner to the user nginx executing the following:
mkdir -p /var/lib/php/session chown nginx:nginx -R /var/lib/php/session/
Likewise, we will initiate the services of PHP and NGINX, together with their activation at startup, with the following commands:
sudo systemctl start php-fpm sudo systemctl start nginx sudo systemctl enable php-fpm sudo systemctl enable nginx
Step 3: Install & Configure MariaDB
The OwnCloud utility supports the PostgreSQL and MySQL databases; we will use MariaDB for the OwnCloud database.
This database can be installed with the mariadb-server package from the CentOS repository as follows:
yum -y install mariadb mariadb-server
Once the process of installing MariaDB is finished, we will start the service with the following command:
systemctl start mariadb
Then, we secure the installation by executing the following:
mysql_secure_installation
There we will answer the following questions like this:
Set root password? [Y/n] YNew password: Re-enter new password: Remove anonymous users? [Y/n] Y Disallow root login remotely? [Y/n] Y Remove test database and access to it? [Y/n] Y Reload privilege tables now? [Y/n] Y
With this, we have established the root password of MariaDB, and now it will be possible to log in to the MySQL shell to create a new database and user for OwnCloud.
We are going to create a new database called owncloud_db, with the user owncloud user and with the password ownclouduser@ but naturally, we can define the desired names.
For this, we will execute the following command and enter the assigned password of MariaDB:
mysql -u root -p
Once we access the Shell, we will run each of these lines in their order:
create database owncloud_db; create user ownclouduser@localhost identified by 'ownclouduser@'; grant all privileges on owncloud_db.* to ownclouduser@localhost identified by 'ownclouduser@'; flush privileges;
Step 4: Create Linux Self-signed SSL Certificate
It is possible to use a free SSL certificate to encrypt the connection and thus ensure a higher level of access security.
First, we will create a new directory for the SSL file:
mkdir -p /etc/nginx/cert/
Next, we generate the certificate using the OpenSSL command like this:
openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/owncloud.crt -keyout /etc/nginx/cert/owncloud.key
As we see, there will be necessary to enter a series of values:
We proceed to modify the permissions of the said directory:
chmod 600 /etc/nginx/cert/*
Step 5: Download OwnCloud
We are going to download OwnCloud using the wget command, so first, it will be necessary to install the wget package in the following way:
yum -y install wget unzip
Now, we will go to the /tmp directory and download the latest version of OwnCloud by executing the following:
cd /tmp wget https://download.owncloud.org/community/owncloud-9.1.2.zip
We will extract the downloaded content and move it to the /usr/share/nginx/html/ directory:
unzip owncloud-9.1.2.zip mv owncloud/ /usr/share/nginx/html/
The next step is to go to the nginx web root directory and create a new data directory for OwnCloud:
cd /usr/share/nginx/html/ mkdir -p owncloud/data/
Next, we will change the owner of the owncloud directory to the nginx user and group:
chown nginx:nginx -R owncloud/
Step 6: OwnCloud Virtual Host Configuration in NGINX
For the optimal functioning of OwnCloud, we will create a new virtual host configuration file called owncloud.conf in the conf.d directory, execute the following:
cd /etc/nginx/conf.d/ vim owncloud.conf
There we will stick the following:
upstream php-handler { server 127.0.0.1:9000; #server unix:/var/run/php5-fpm.sock; } server { listen 80; server_name “Nombre Server”; # enforce https return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name “Server Name”; ssl_certificate /etc/nginx/cert/owncloud.crt; ssl_certificate_key /etc/nginx/cert/owncloud.key; # Add headers to serve security related headers # Before enabling Strict-Transport-Security headers please read into this topic first. add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Path to the root of your installation root /usr/share/nginx/html/owncloud/; location = /robots.txt { allow all; log_not_found off; access_log off; } # The following 2 rules are only needed for the user_webfinger app. # Uncomment it if you're planning to use this app. #rewrite ^/.well-known/host-meta /public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last; location = /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location = /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } location /.well-known/acme-challenge { } # set max upload size client_max_body_size 512M; fastcgi_buffers 64 4K; # Disable gzip to avoid the removal of the ETag header gzip off; # Uncomment if your server is build with the ngx_pagespeed module # This module is currently not supported. #pagespeed off; error_page 403 /core/templates/403.php; error_page 404 /core/templates/404.php; location / { rewrite ^ /index.php$uri; } location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { return 404; } location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice fastcgi_param front_controller_active true; fastcgi_pass php-handler; fastcgi_intercept_errors on; fastcgi_request_buffering off; } location ~ ^/(?:updater|ocs-provider)(?:$|/) { try_files $uri $uri/ =404; index index.php; } # Adding the cache control header for js and css files # Make sure it is BELOW the PHP block location ~* \.(?:css|js)$ { try_files $uri /index.php$uri$is_args$args; add_header Cache-Control "public, max-age=7200"; # Add headers to serve security related headers (It is intended to have those duplicated to the ones above) # Before enabling Strict-Transport-Security headers please read into this topic first. #add_header Strict-Transport-Security "max-age=15552000; includeSubDomains"; add_header X-Content-Type-Options nosniff; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; # Optional: Don't log access to assets access_log off; } location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { try_files $uri /index.php$uri$is_args$args; # Optional: Don't log access to other assets access_log off; } }
Save the changes using the Ctrl + O keys and exit the editor using Ctrl + X.
Now, we confirm that the Nginx configuration is correct with the following command:
nginx -t
Restart Nginx:
systemctl restart nginx
Step 6: Configure SELinux & FirewallD
For this case, we will leave SELinux in application mode, for which we require the SELinux administration tools package to configure it.
For the installation of the SELinux administration tools we will use the following command:
yum -y install policycoreutils-python
Once installed, we will execute the following commands as root to allow OwnCloud to run in SELinux:
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/owncloud/data(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/owncloud/config(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/owncloud/apps(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/owncloud/assets(/.*)?' semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/owncloud/.htaccess' semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html/owncloud/.user.ini' restorecon -Rv '/usr/share/nginx/html/owncloud/'
Now, let's enable the firewalld service and open the HTTP and HTTPS port for OwnCloud:
systemctl start firewalld systemctl enable firewalld firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https firewall-cmd --reload
Step 7: How To Use OwnCloud Setup Wizard
The time has come to access OwnCloud, to do this, we will go to the web browser and enter the IP address of the OwnCloud machine in the address bar, and once we give Enter, we will see a warning about un-trusted connection.
Here we click on the field I understand the risks or something related and add the exception
Once we confirm it, we will be in the initial OwnCloud window
There we will enter the username and password indicated in the MariaDB database and press Enter; now we will see that the OwnCloud console has been accessed:
Here we can just upload the elements to share, and create the users who will have access and thus start an online collaboration with significant advantages.