How To Install OwnCloud on CentOS

All the configurations that you must perform to install Owncloud in CentOS.

OwnCloud is an open platform that offers higher productivity and security in the digital collaboration of organizations.

OwnCloud facilitates the secure exchange of business files, which are stored on the company's servers, thus promoting the integration of the IT infrastructure that we administer.

Step 1: Install Nginx & PHP7-FPM

Before installing Nginx and PHP7-FPM, it is necessary to add the EPEL repository which contains additional software that is not available in the CentOS base repository. To install it, we will execute the following command:

yum -y install epel-release

Now, we can install NGINX by running the following command:

yum -y install nginx

Now it will be necessary to add another repository for PHP7-FPM. And for this we will install the webtatic repository as follows:

rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Now, we are going to install PHP7-FPM with some additional packages in the following way:

yum -y install php70w-fpm php70w-cli php70w-gd php70w-mcrypt php70w-mysql php70w-pear php70w-xml php70w-mbstring php70w-pdo php70w-json

Once this process is finished, we will verify the PHP version with the following command:

php -v

Step 2: Configure PHP7-FPM

Now, we are going to configure PHP7-FPM to be executed with NGINX, PHP7-FPM will run under the nginx user and will listen on port 9000.

We must edit the PHP7-FPM default configuration with our desired editor like this:

nano /etc/php-fpm.d/www.conf

Once we enter this file we will make the following changes:

In lines 8 and 10 we establish the following:

user = nginx
group = nginx

On line 22 we verify this:

listen = 127.0.0.1:9000

On lines 366 to 370, we must uncomment the following lines:

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

Once this is done, save the file using the Ctrl + O keys and exit it using Ctrl + X.

Now, we will create a new directory for the login in the /var/lib/directory and modify the owner to the user nginx executing the following:

mkdir -p /var/lib/php/session
chown nginx:nginx -R /var/lib/php/session/

Likewise, we will initiate the services of PHP and NGINX, together with their activation at startup, with the following commands:

sudo systemctl start php-fpm
sudo systemctl start nginx
sudo systemctl enable php-fpm
sudo systemctl enable nginx

Step 3: Install & Configure MariaDB

The OwnCloud utility supports the PostgreSQL and MySQL databases; we will use MariaDB for the OwnCloud database.

This database can be installed with the mariadb-server package from the CentOS repository as follows:

yum -y install mariadb mariadb-server

Once the process of installing MariaDB is finished, we will start the service with the following command:

systemctl start mariadb

Then, we secure the installation by executing the following:

mysql_secure_installation

There we will answer the following questions like this:

Set root password? [Y/n] YNew password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

With this, we have established the root password of MariaDB, and now it will be possible to log in to the MySQL shell to create a new database and user for OwnCloud.

We are going to create a new database called owncloud_db, with the user owncloud user and with the password ownclouduser@ but naturally, we can define the desired names.

For this, we will execute the following command and enter the assigned password of MariaDB:

mysql -u root -p

Once we access the Shell, we will run each of these lines in their order:

create database owncloud_db;
create user ownclouduser@localhost identified by 'ownclouduser@';
grant all privileges on owncloud_db.* to ownclouduser@localhost identified by 'ownclouduser@';
flush privileges;

Step 4: Create Linux Self-signed SSL Certificate

It is possible to use a free SSL certificate to encrypt the connection and thus ensure a higher level of access security.

First, we will create a new directory for the SSL file:

mkdir -p /etc/nginx/cert/

Next, we generate the certificate using the OpenSSL command like this:

openssl req -new -x509 -days 365 -nodes -out /etc/nginx/cert/owncloud.crt -keyout /etc/nginx/cert/owncloud.key

As we see, there will be necessary to enter a series of values:

We proceed to modify the permissions of the said directory:

chmod 600 /etc/nginx/cert/*

Step 5: Download OwnCloud

We are going to download OwnCloud using the wget command, so first, it will be necessary to install the wget package in the following way:

yum -y install wget unzip

Now, we will go to the /tmp directory and download the latest version of OwnCloud by executing the following:

cd /tmp
wget https://download.owncloud.org/community/owncloud-9.1.2.zip

We will extract the downloaded content and move it to the /usr/share/nginx/html/ directory:

unzip owncloud-9.1.2.zip
mv owncloud/ /usr/share/nginx/html/

The next step is to go to the nginx web root directory and create a new data directory for OwnCloud:

cd /usr/share/nginx/html/
mkdir -p owncloud/data/

Next, we will change the owner of the owncloud directory to the nginx user and group:

chown nginx:nginx -R owncloud/

Step 6: OwnCloud Virtual Host Configuration in NGINX

For the optimal functioning of OwnCloud, we will create a new virtual host configuration file called owncloud.conf in the conf.d directory, execute the following:

cd /etc/nginx/conf.d/
vim owncloud.conf

There we will stick the following:

 

upstream php-handler {
server 127.0.0.1:9000;
#server unix:/var/run/php5-fpm.sock;
}

server {
listen 80;
server_name “Nombre Server”;
# enforce https
return 301 https://$server_name$request_uri;
}

server {

listen 443 ssl;
server_name “Server Name”;

ssl_certificate /etc/nginx/cert/owncloud.crt;
ssl_certificate_key /etc/nginx/cert/owncloud.key;

# Add headers to serve security related headers

# Before enabling Strict-Transport-Security headers please read into this topic first.
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;

# Path to the root of your installation
root /usr/share/nginx/html/owncloud/;

location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}

# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

location = /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}

location /.well-known/acme-challenge { }

# set max upload size
client_max_body_size 512M;
fastcgi_buffers 64 4K;

# Disable gzip to avoid the removal of the ETag header
gzip off;

# Uncomment if your server is build with the ngx_pagespeed module
# This module is currently not supported.
#pagespeed off;

error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;

location / {
rewrite ^ /index.php$uri;
}

location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
return 404;
}
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
return 404;
}

location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}

location ~ ^/(?:updater|ocs-provider)(?:$|/) {
try_files $uri $uri/ =404;
index index.php;
}

# Adding the cache control header for js and css files
# Make sure it is BELOW the PHP block
location ~* \.(?:css|js)$ {
try_files $uri /index.php$uri$is_args$args;
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers (It is intended to have those duplicated to the ones above)
# Before enabling Strict-Transport-Security headers please read into this topic first.
#add_header Strict-Transport-Security "max-age=15552000; includeSubDomains";
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
}

location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
try_files $uri /index.php$uri$is_args$args;
# Optional: Don't log access to other assets
access_log off;
}
}

 

Note: In “Server Name” we must add the name or IP address of the server where OwnCloud is located.

Save the changes using the Ctrl + O keys and exit the editor using Ctrl + X.

Now, we confirm that the Nginx configuration is correct with the following command:

nginx -t

Restart Nginx:

systemctl restart nginx

Step 6: Configure SELinux & FirewallD

For this case, we will leave SELinux in application mode, for which we require the SELinux administration tools package to configure it.

For the installation of the SELinux administration tools we will use the following command:

yum -y install policycoreutils-python

Once installed, we will execute the following commands as root to allow OwnCloud to run in SELinux:

semanage fcontext -a -t httpd_sys_rw_content_t
'/usr/share/nginx/html/owncloud/data(/.*)?'

semanage fcontext -a -t httpd_sys_rw_content_t
'/usr/share/nginx/html/owncloud/config(/.*)?'

semanage fcontext -a -t httpd_sys_rw_content_t
'/usr/share/nginx/html/owncloud/apps(/.*)?'

semanage fcontext -a -t httpd_sys_rw_content_t
'/usr/share/nginx/html/owncloud/assets(/.*)?'

semanage fcontext -a -t httpd_sys_rw_content_t
'/usr/share/nginx/html/owncloud/.htaccess'

semanage fcontext -a -t httpd_sys_rw_content_t
'/usr/share/nginx/html/owncloud/.user.ini'

restorecon -Rv '/usr/share/nginx/html/owncloud/'

Now, let's enable the firewalld service and open the HTTP and HTTPS port for OwnCloud:

systemctl start firewalld
systemctl enable firewalld
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

Step 7: How To Use OwnCloud Setup Wizard

The time has come to access OwnCloud, to do this, we will go to the web browser and enter the IP address of the OwnCloud machine in the address bar, and once we give Enter, we will see a warning about un-trusted connection.

Here we click on the field I understand the risks or something related and add the exception

Once we confirm it, we will be in the initial OwnCloud window

There we will enter the username and password indicated in the MariaDB database and press Enter; now we will see that the OwnCloud console has been accessed:

Here we can just upload the elements to share, and create the users who will have access and thus start an online collaboration with significant advantages.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *