InQuize
Explorer
- Joined
- May 9, 2015
- Messages
- 81
I noticed this too, some kind of magic. I know very little about bsd to make guesses here(..
+Security -Compatibility
Nice if you can afford it.
-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum has become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
[How-To] ownCloud using NGINX, PHP-FPM, and MySQL
- Thread starter Joshua Parker Ruehlig
- Start date
Nice if you can afford it.
Actually, you got me thinking about FreeNAS itself. I've logged onto FreeNAS and it too uses nginx. Weird part is openssl shows OpenSSL 0.9.8zd-freebsd 8 Jan 2015. Obviously I am not going to do anything on FreeNAS itself since it's working the way it is.
Least it's something to go on.
InQuize
Explorer
- Joined
- May 9, 2015
- Messages
- 81
Yeah, without devs it would be hours on source code digging to get how things work, since freenas is a modified freebsd.
Ok, this is more of a FreeNAS question so I will post it on the general forums and see if I get an answer.
blahhumbug
Dabbler
- Joined
- Apr 25, 2015
- Messages
- 22
The quickassist linux drivers were only ported to FreeBSD recently. I have not yet confirmed if the changes were submitted/accepted for FreeBSD 10.2, but I believe that is the case. The pfsense folks have a blog post about the porting of the linux drivers, so they're tracking supporting quickassist.
Steven Sedory
Explorer
- Joined
- Apr 7, 2014
- Messages
- 96
Yo, I've implemented the OC setup as described on the first page. I can confirm that it sync at least 20x faster than the default plugin setup! And that 20x is the limit of my uploading client, so it may be much faster. Many thanks again to Joshua for pointing me here from another post.
I also setup SSL as described on page 2.
I have two things I'd like to resolve:
-have https://OCjailip/ take me directly to the login page, as I have to put /owncloud now
-fix the rediculously slow loading of the https://publicIP:specialport/owncloud on the outside
The redirect question is pretty clear based on the bullet point above.
The slow loading is this: Internally (behind my Cisco ASA firewall), https://interalIP/owncloud loads immediately. Well, to make things slightly more secure, I have a NAT rule on my fw that takes a non standard port (port 44784) and maps that to the internal IP/port of my owncloud jail (which is https standard port 443).
Well, when I first put in https://publicIP:44784/owncloud, it takes about 20 seconds, and then says the connection has timed out. It also bumps out the :44784 port in the address bar. If I simply put the :44784 back in the address bar so it looks like https://publicIP:44784/owncloud again, then it loads immediately.
I'm assuming this can be fixed by changing a few things in nginx.conf and OC's config.php.
Any help is much appreciated.
I also setup SSL as described on page 2.
I have two things I'd like to resolve:
-have https://OCjailip/ take me directly to the login page, as I have to put /owncloud now
-fix the rediculously slow loading of the https://publicIP:specialport/owncloud on the outside
The redirect question is pretty clear based on the bullet point above.
The slow loading is this: Internally (behind my Cisco ASA firewall), https://interalIP/owncloud loads immediately. Well, to make things slightly more secure, I have a NAT rule on my fw that takes a non standard port (port 44784) and maps that to the internal IP/port of my owncloud jail (which is https standard port 443).
Well, when I first put in https://publicIP:44784/owncloud, it takes about 20 seconds, and then says the connection has timed out. It also bumps out the :44784 port in the address bar. If I simply put the :44784 back in the address bar so it looks like https://publicIP:44784/owncloud again, then it loads immediately.
I'm assuming this can be fixed by changing a few things in nginx.conf and OC's config.php.
Any help is much appreciated.
Joshua Parker Ruehlig
Hall of Famer
- Joined
- Dec 5, 2011
- Messages
- 5,949
Hey Steven, try this nginx.conf. I'll also link the config on the 'opening post' for a config without the "/owncloud" webroot.
Code:
worker_processes 2;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile off;
keepalive_timeout 65;
gzip off;
server {
root /usr/local/www/owncloud;
location = /robots.txt { allow all; access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }
location ^~ / {
index index.php;
try_files $uri $uri/ /index.php$is_args$args;
fastcgi_intercept_errors on;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
client_max_body_size 512M;
location ~ ^/(?:\.|data|config|db_structure\.xml|README) {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
include fastcgi_params;
fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
}
location ~* \.(?:jpg|gif|ico|png|css|js|svg)$ {
expires 30d; add_header Cache-Control public;
}
location ^~ /data {
internal;
alias /mnt/files;
}
}
}
}
Joshua Parker Ruehlig
Hall of Famer
- Joined
- Dec 5, 2011
- Messages
- 5,949
@Steven Sedory
As for your second issue, I see 2 different solutions to this.
1) Change the HTTPS port nginx serves on so it uses your alternate 44784 even internally
2) Changing the SERVER_PORT that is passed to PHP, which defaults to nginx's $server_port in /usr/local/etc/nginx/fastcgi_params
For example, in my setup, where NGINX isn't doing the SSL part of the connection and is always serving on port 80, I set an alternate variable $host_port based on the $http_x_forwarded_proto header that I set from my SSL terminator, HAProxy.
Then, I use this variable in /usr/local/etc/nginx/fastcgi_params
Your setup probably doesn't need that logic though if you always plan on using the external address : port.
As for your second issue, I see 2 different solutions to this.
1) Change the HTTPS port nginx serves on so it uses your alternate 44784 even internally
2) Changing the SERVER_PORT that is passed to PHP, which defaults to nginx's $server_port in /usr/local/etc/nginx/fastcgi_params
For example, in my setup, where NGINX isn't doing the SSL part of the connection and is always serving on port 80, I set an alternate variable $host_port based on the $http_x_forwarded_proto header that I set from my SSL terminator, HAProxy.
Code:
map $http_x_forwarded_proto $host_port {
default 80;
https 443;
}Then, I use this variable in /usr/local/etc/nginx/fastcgi_params
Code:
fastcgi_param SERVER_PORT $host_port;
Your setup probably doesn't need that logic though if you always plan on using the external address : port.
Steven Sedory
Explorer
- Joined
- Apr 7, 2014
- Messages
- 96
Thanks again Joshua. I used the nginx.conf you gave and it worked like a charm. Only difference is mine also has the following in the server block:
I also just ditched the special port thing and am now NATing 443. I plan on buying a cert soon so I think it will work better this way.
Last issue is, when I'm hitting the site from the outside, I notice certain images are missing. For example, when you click "Files" in the top left of the web GUI, the file, activity, and pictures, icons are not there. When hitting the site from the inside, they are. I assume this is because they're being passed via http and not https like the majority of the site.
Any idea?
Code:
ssl_certificate /usr/local/etc/nginx/server.crt; ssl_certificate_key /usr/local/etc/nginx/server.key; listen 443 ssl;
I also just ditched the special port thing and am now NATing 443. I plan on buying a cert soon so I think it will work better this way.
Last issue is, when I'm hitting the site from the outside, I notice certain images are missing. For example, when you click "Files" in the top left of the web GUI, the file, activity, and pictures, icons are not there. When hitting the site from the inside, they are. I assume this is because they're being passed via http and not https like the majority of the site.
Any idea?
Joshua Parker Ruehlig
Hall of Famer
- Joined
- Dec 5, 2011
- Messages
- 5,949
if you have a domain name you can get a free SSL cert from StartSSL, but you probably can get more features from a paid cert.
I doubt owncloud is serving content using different protocols. maybe you should try from a new browser to check it's not a caching issue. you could also try browsing an image url directly and see if there's a problem with that.
InQuize
Explorer
- Joined
- May 9, 2015
- Messages
- 81
That nginx conf only contains minimal parameters needed for this setup. You should really check out http://nginx.org/en/docs/ and configure rest for yourself.
Haven't tried myself, but WoSign - free 39 month certs. Pretty well-known in my locality.
Protocol has nothing to do with the issue. Check everything else - browsers, client OSes, internet connections, etc..
Steven Sedory
Explorer
- Joined
- Apr 7, 2014
- Messages
- 96
So I see that the folder "owncloud" is at the beginning of the image URLs, causing the break. For example, https://domain.com/owncloud/core/img/actions/rename.svg is the URL. We made the root point to my owncloud install, but the images are still referring to that folder. If I just remove the folder, ie https://domain.com/core/img/actions/rename.svg, I can see the images.
Is this something I can change in nginx.conf?
Is this something I can change in nginx.conf?
Joshua Parker Ruehlig
Hall of Famer
- Joined
- Dec 5, 2011
- Messages
- 5,949
hmm, maybe this is a caching issue? can you test from a fresh browser
Steven Sedory
Explorer
- Joined
- Apr 7, 2014
- Messages
- 96
Hi Joshua, I've tried from browsers on computers on different networks, no luck.
Joshua Parker Ruehlig
Hall of Famer
- Joined
- Dec 5, 2011
- Messages
- 5,949
Ok, to confirm, when you browse to http://domain.com/core/img/favicon.png nothing comes up?
But, when you browse to http://domain.com/index.php owncloud loads?
Did you follow the nginx config I posted here?
https://forums.freenas.org/index.ph...x-php-fpm-and-mysql.17786/page-25#post-217063
Try:
1)Download the zip installation and gather the /config/ca-bundle.crt
2)From the downloaded zip, copy the config/ca-bundle.crt into your config directory
Joshua Parker Ruehlig
Hall of Famer
- Joined
- Dec 5, 2011
- Messages
- 5,949
can you verify if your jail can connect out?
fetch "https://www.google.com"
if so, maybe it's related to the new SSL verification in 8.1.
https://github.com/owncloud/core/issues/17446
I had to
* set "WITH_OPENSSL_PORT=yes" in /etc/make.conf
* stop php, force uninstalled php and php-curl, curl
* recompile the above (and had to unset an option in curl the conflict with using the ports SSL)
* start php
adrianwi
Guru
- Joined
- Oct 15, 2013
- Messages
- 1,231
I'm getting that and a few more :D
Everything is working fine though, so just planning on ignoring for the time being!
Joshua Parker Ruehlig
Hall of Famer
- Joined
- Dec 5, 2011
- Messages
- 5,949
the memory cache has been added to the guide. you just need to edit the config.phpI'm getting that and a few more :D
Everything is working fine though, so just planning on ignoring for the time being!
I don't personally use HSTS, probably should though.
Related topics on forums.truenas.com for thread: "[How-To] ownCloud using NGINX, PHP-FPM, and MySQL"
Similar threads
- Locked
