[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[gaszto]

That's because the symlink in /usr/bin is still pointing to the old version of openssl that is uncluded in FreeBSD 9.3
You have to symlink to the new version after you install it or the OS will continue to use the older version of openssl and so will any other software you compile from ports.

Code:

mv /usr/bin/openssl /usr/bin/openssl.old
cd /usr/bin
ln -s /usr/local/bin/openssl

@Joshua Parker Ruehlig you are much smarter at this stuff than I will probably ever be but I don't see how this will break any other programs running in the jail by symlinking to the newer version of openssl. I've got a couple of jails that I have done this with and they are running fine and report the newer version of openssl when queried with

Code:

openssl version

it returns OpenSSL 1.0.2d 9 Jul 2015

Your thoughts?

Thanks, it worked for me. But I have a new message during I wanted to enable Documents app:
Error while enabling app

Any idea?

 

[ArgaWoW]

I got the same error

 

[Jailer]

Thanks, it worked for me. But I have a new message during I wanted to enable Documents app:
Error while enabling app

Any idea?

I got the same error

I have no idea on the app issue. That's a question that is probably best suited for @Joshua Parker Ruehlig

 

[ArgaWoW]

Thanks, it worked for me. But I have a new message during I wanted to enable Documents app:
Error while enabling app

Any idea?

What exactly have you done?

 

[SmallGuy]

Follow Joshua's recommendations.
-Install OpenSSL from port.
-Add "with_openssl_port=yes" in make.conf
-Recompile other packages using OpenSSL.
https://mebsd.com/freebsd-security-hardening/openssl-upgrade-freebsd.html

Version of the base system remain unchanged but Nginx, php-fpm and Co will use the latest version.
You can check it with the info.php file.

 

[gaszto]

What exactly have you done?

Originally I had this message:
cURL error 60: SSL certificate problem: unable to get local issuer certificate
Then I've followed the instruction, what Joshua wrote, but Openssl not updated. Then

1. mv /usr/bin/openssl /usr/bin/openssl.old
2. cd /usr/bin
3. ln -s /usr/local/bin/openssl

Now the openssl version is correct, but now I have: Error while enabling app

 

[Joshua Parker Ruehlig]

I finally got the memcache error fixed yesterday (i'd got the C and u the wrong way around, doh) but have noticed another error this morning and the cron jobs have stopped running.

Code:

It was not possible to execute the cronjob via CLI.  The following technical errors have appeared:
PHP module GD not installed.  Please ask your server administrator to install the module.

Any ideas?

Check the /usr/local/etc/php.ini in the opening post.
I added "apc.enable_cli=1"

 

[ArgaWoW]

curl
cURL support enabled
cURL Information 7.44.0
Age 3
Features
AsynchDNS Yes
CharConv No
Debug No
GSS-Negotiate No
IDN No
IPv6 Yes
krb4 No
Largefile Yes
libz Yes
NTLM Yes
NTLMWB Yes
SPNEGO No
SSL Yes
SSPI No
TLS-SRP Yes
Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, pop3, pop3s, rtsp, smb, smbs, smtp, smtps, telnet, tftp
Host amd64-portbld-freebsd9.3
SSL Version OpenSSL/0.9.8z
ZLib Version 1.2.8

Thats what i got with the Test.php

 

[Joshua Parker Ruehlig]

Joshua,
I've also tried, without any success :( I have StartSSL certificate on my domain. Owncloud is working well trough https, but I got the same error when I tried to enable Documents app.

Ok, I'll try helping you guys debug this. To clarify setting up HTTPS with nginx is unrelated to this error.
This error has to do with php using the curl library to connect to owncloud's SSL app repo.

 

[Joshua Parker Ruehlig]

That's because the symlink in /usr/bin is still pointing to the old version of openssl that is uncluded in FreeBSD 9.3
You have to symlink to the new version after you install it or the OS will continue to use the older version of openssl and so will any other software you compile from ports.

Code:

mv /usr/bin/openssl /usr/bin/openssl.old
cd /usr/bin
ln -s /usr/local/bin/openssl

@Joshua Parker Ruehlig you are much smarter at this stuff than I will probably ever be but I don't see how this will break any other programs running in the jail by symlinking to the newer version of openssl. I've got a couple of jails that I have done this with and they are running fine and report the newer version of openssl when queried with

Code:

openssl version

it returns OpenSSL 1.0.2d 9 Jul 2015

Your thoughts?

the base system ships with an older version of openssl in /usr/bin/openssl. when you "pkg install openssl" you install the latest version of openssl to /usr/local/bin/openssl
when you run "openssl" you aren't calling an absolute path so you shell (csh, sh, etc.) starts searching in its $PATH for a file that matches. because of the order or $PATH it searches in /usr/bin first and return that one first. here's some commands that may help everyone understand

Code:

/usr/bin/openssl version
/usr/local/bin/openssl version
openssl version
which openssl
echo $PATH

overwriting the system binaries not through 'freebsd update' could break any programs that rely on the specific version. For example an older version of openssl might expect different flags when being called, or output data differently.

 

[Joshua Parker Ruehlig]

I've found something. After I pkg upgrade openssl the version of the openssl still:
OpenSSL 0.9.8za-freebsd 5 Jun 2014
built on: date not available
platform: FreeBSD-amd64
options: bn(64,64) md2(int) rc4(ptr,int) des(idx,cisc,16,int) blowfish(idx)
compiler: cc
OPENSSLDIR: "/etc/ssl"


How can I update openssl to 1.0.2?

I tried pkg delete openssl, but after that openssl version -a still the same.
How can I remove the base openssl?

Thanks

Can you please try this https://forums.freenas.org/index.ph...x-php-fpm-and-mysql.17786/page-28#post-230225

 

[gaszto]

Can you please try this https://forums.freenas.org/index.ph...x-php-fpm-and-mysql.17786/page-28#post-230225

Joshua,

I created a new jail, I've installed the Owncloud again. After the install I've added

WITH_OPENSSL_PORT=yes to /etc/make.conf

1. service php-fpm stop
2. pkg delete -f php56 php56-curl curl
3. pkg upgrade openssl
4. make config -C /usr/ports/ftp/curl # disable GSSAPI_BASE, enable GSSAPI_NONE
5. make install clean -C /usr/ports/ftp/php56-curl
6. service php-fpm start

First problem was the 3.
pkg upgrade openssl was'n upgraded anything, the I've run
pkg install security/openssl it was successful, but I had to copy the openssl.cnf.sample to openssl.cnf
the I've followed your list with point 4.
at point 5 make install clean wasn'n successful because of:
===> License GPLv3 accepted by the user
===> Found saved configuration for gmake-4.1_1
===> gmake-4.1_1 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by gmake-4.1_1 for building
===> Extracting for gmake-4.1_1
=> SHA256 Checksum OK for make-4.1.tar.bz2.
===> Patching for gmake-4.1_1
===> Applying FreeBSD patches for gmake-4.1_1
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to doc/make.texi.rej
=> Patch patch-doc_make.text failed to apply cleanly.
=> Patch(es) patch-ab applied cleanly.
*** [do-patch] Error code 1

Stop in /usr/ports/devel/gmake.
*** [install] Error code 1

Stop in /usr/ports/devel/gmake.
*** [build-depends] Error code 1

Stop in /usr/ports/devel/autoconf.
*** [build-depends] Error code 1

Stop in /usr/ports/lang/php56.
*** [install] Error code 1

Stop in /usr/ports/lang/php56.
*** [build-depends] Error code 1

Stop in /usr/ports/ftp/php56-curl.

Then
pkg install autoconf and
make install clean -C /usr/ports/ftp/php56-curl was successful,

the I started php-fpm, and I've tested with test.php :
cURL support enabled
cURL Information 7.44.0
Age 3
Features
AsynchDNS Yes
CharConv No
Debug No
GSS-Negotiate No
IDN No
IPv6 Yes
krb4 No
Largefile Yes
libz Yes
NTLM Yes
NTLMWB Yes
SPNEGO Yes
SSL Yes
SSPI No
TLS-SRP No
Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, pop3, pop3s, rtsp, smb, smbs, smtp, smtps, telnet, tftp
Host amd64-portbld-freebsd9.3
SSL Version OpenSSL/0.9.8z
ZLib Version 1.2.8

Then
root@Owncloud:/usr/local/openssl # /usr/bin/openssl version
OpenSSL 0.9.8za-freebsd 5 Jun 2014
root@Owncloud:/usr/local/openssl # /usr/local/bin/openssl version
OpenSSL 1.0.2d 9 Jul 2015
root@Owncloud:/usr/local/openssl # openssl version
OpenSSL 0.9.8za-freebsd 5 Jun 2014
root@Owncloud:/usr/local/openssl # which openssl
/usr/bin/openssl
root@Owncloud:/usr/local/openssl # echo $PATH
/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin
root@Owncloud:/usr/local/openssl #



Do you have any idea, why the openssl still 0.9.8

 

[Joshua Parker Ruehlig]

Joshua,

I created a new jail, I've installed the Owncloud again. After the install I've added

WITH_OPENSSL_PORT=yes to /etc/make.conf

1. service php-fpm stop
2. pkg delete -f php56 php56-curl curl
3. pkg upgrade openssl
4. make config -C /usr/ports/ftp/curl # disable GSSAPI_BASE, enable GSSAPI_NONE
5. make install clean -C /usr/ports/ftp/php56-curl
6. service php-fpm start

First problem was the 3.
pkg upgrade openssl was'n upgraded anything, the I've run
pkg install security/openssl it was successful, but I had to copy the openssl.cnf.sample to openssl.cnf
the I've followed your list with point 4.
at point 5 make install clean wasn'n successful because of:
===> License GPLv3 accepted by the user
===> Found saved configuration for gmake-4.1_1
===> gmake-4.1_1 depends on file: /usr/local/sbin/pkg - found
===> Fetching all distfiles required by gmake-4.1_1 for building
===> Extracting for gmake-4.1_1
=> SHA256 Checksum OK for make-4.1.tar.bz2.
===> Patching for gmake-4.1_1
===> Applying FreeBSD patches for gmake-4.1_1
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to doc/make.texi.rej
=> Patch patch-doc_make.text failed to apply cleanly.
=> Patch(es) patch-ab applied cleanly.
*** [do-patch] Error code 1

Stop in /usr/ports/devel/gmake.
*** [install] Error code 1

Stop in /usr/ports/devel/gmake.
*** [build-depends] Error code 1

Stop in /usr/ports/devel/autoconf.
*** [build-depends] Error code 1

Stop in /usr/ports/lang/php56.
*** [install] Error code 1

Stop in /usr/ports/lang/php56.
*** [build-depends] Error code 1

Stop in /usr/ports/ftp/php56-curl.

Then
pkg install autoconf and
make install clean -C /usr/ports/ftp/php56-curl was successful,

the I started php-fpm, and I've tested with test.php :
cURL support enabled
cURL Information 7.44.0
Age 3
Features
AsynchDNS Yes
CharConv No
Debug No
GSS-Negotiate No
IDN No
IPv6 Yes
krb4 No
Largefile Yes
libz Yes
NTLM Yes
NTLMWB Yes
SPNEGO Yes
SSL Yes
SSPI No
TLS-SRP No
Protocols dict, file, ftp, ftps, gopher, http, https, imap, imaps, pop3, pop3s, rtsp, smb, smbs, smtp, smtps, telnet, tftp
Host amd64-portbld-freebsd9.3
SSL Version OpenSSL/0.9.8z
ZLib Version 1.2.8

Then
root@Owncloud:/usr/local/openssl # /usr/bin/openssl version
OpenSSL 0.9.8za-freebsd 5 Jun 2014
root@Owncloud:/usr/local/openssl # /usr/local/bin/openssl version
OpenSSL 1.0.2d 9 Jul 2015
root@Owncloud:/usr/local/openssl # openssl version
OpenSSL 0.9.8za-freebsd 5 Jun 2014
root@Owncloud:/usr/local/openssl # which openssl
/usr/bin/openssl
root@Owncloud:/usr/local/openssl # echo $PATH
/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin
root@Owncloud:/usr/local/openssl #



Do you have any idea, why the openssl still 0.9.8

when you did step 4

Code:

make config -C /usr/ports/ftp/curl # disable GSSAPI_BASE, enable GSSAPI_NONE

did you actually scroll down and disable GSSAPI_BASE and enable GSSAPI_NONE?

 

[Joshua Parker Ruehlig]

@gaszto @ArgaWoW
Actually, maybe php56-curl is actually using php56-openssl's library. Going top revise the steps.

####
set WITH_OPENSSL_PORT=yes in /etc/make.conf

Code:

service php-fpm stop
pkg delete -f php56 php56-curl curl php56-openssl
make install clean -C /usr/ports/security/php56-openssl
make config -C /usr/ports/ftp/curl # disable GSSAPI_BASE, enable GSSAPI_NONE
make install clean -C /usr/ports/ftp/php56-curl
service php-fpm start

####
I might not have the steps perfect but I'm pretty sure we're getting close. When this came up for me I pfixed up my system in a few minutes so this is not impossible.

Also, if you can't get it working there is always the workaround of install apps directly to /usr/local/www/owncloud/apps

 

[Joshua Parker Ruehlig]

Thanks, it worked for me. But I have a new message during I wanted to enable Documents app:
Error while enabling app

Any idea?

Sorry I missed this part earlier.
The enabling app is unrelated to using curl/openssl to download the app. So you got past the dependency part, and now something is breaking on the owncloud side.
You should check your owncloud.log for anything related.

 

[gaszto]

@gaszto @ArgaWoW
Actually, maybe php56-curl is actually using php56-openssl's library. Going top revise the steps.

####
set WITH_OPENSSL_PORT=yes in /etc/make.conf

Code:

service php-fpm stop
pkg delete -f php56 php56-curl curl php56-openssl
make install clean -C /usr/ports/security/php56-openssl
make config -C /usr/ports/ftp/curl # disable GSSAPI_BASE, enable GSSAPI_NONE
make install clean -C /usr/ports/ftp/php56-curl
service php-fpm start

####
I might not have the steps perfect but I'm pretty sure we're getting close. When this came up for me I pfixed up my system in a few minutes so this is not impossible.

Also, if you can't get it working there is always the workaround of install apps directly to /usr/local/www/owncloud/apps

Thanks, it worked perfectly. That was the missing step.

 

[ArgaWoW]

@gaszto
Can you now activate the apps? I'm at work and can not test it

 

[gaszto]

@gaszto
Can you now activate the apps? I'm at work and can not test it

Yes, I've activated Documents, and Calendar. First time I got the "Error while enabling app" message, but after a logoff login it worked for me. Thanks again Joshua

 

[ArgaWoW]

Very nice. I will try it at evening and tell the results!

 

[Joshua Parker Ruehlig]

Thanks, it worked perfectly. That was the missing step.

great, thanks for checking