[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[Delivereath]

Change the document root of the backend server config to match where your owncloud installation resides.

Thanks for your insights guys. However, now I get the firefox popup to open or save the index.php file instead of properly processing it..

My nginx config file on the jail is the following :

Code:

worker_processes 2;

events {
    worker_connections  1024;
}

http {
    include      mime.types;
    default_type  application/octet-stream;
    sendfile        off;
    keepalive_timeout  65;
    gzip off;

    server {
        root /usr/local/www/owncloud;
        location = /robots.txt { allow all; access_log off; log_not_found off; }
        location = /favicon.ico { access_log off; log_not_found off; }
        location ^~ /owncloud {
            index index.php;
            try_files $uri $uri/ /owncloud/index.php$is_args$args;
            fastcgi_intercept_errors on;
            error_page 403 /owncloud/core/templates/403.php;
            error_page 404 /owncloud/core/templates/404.php;
            client_max_body_size 512M;
            location ~ ^/owncloud/(?:\.|data|config|db_structure\.xml|README) {
                deny all;
            }
            location ~ \.php(?:$|/) {
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_pass unix:/var/run/php-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                include fastcgi_params;
                fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
            }
            location ~* \.(?:jpg|gif|ico|png|css|js|svg)$ {
                expires 30d; add_header Cache-Control public;
            }
            location ^~ /owncloud/data {
                internal;
                alias /mnt/files;
            }
        }
    }
}

 

[Joshua Parker Ruehlig]

Thanks for your insights guys. However, now I get the firefox popup to open or save the index.php file instead of properly processing it..

My nginx config file on the jail is the following :

Code:

worker_processes 2;

events {
    worker_connections  1024;
}

http {
    include      mime.types;
    default_type  application/octet-stream;
    sendfile        off;
    keepalive_timeout  65;
    gzip off;

    server {
        root /usr/local/www/owncloud;
        location = /robots.txt { allow all; access_log off; log_not_found off; }
        location = /favicon.ico { access_log off; log_not_found off; }
        location ^~ /owncloud {
            index index.php;
            try_files $uri $uri/ /owncloud/index.php$is_args$args;
            fastcgi_intercept_errors on;
            error_page 403 /owncloud/core/templates/403.php;
            error_page 404 /owncloud/core/templates/404.php;
            client_max_body_size 512M;
            location ~ ^/owncloud/(?:\.|data|config|db_structure\.xml|README) {
                deny all;
            }
            location ~ \.php(?:$|/) {
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_pass unix:/var/run/php-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                include fastcgi_params;
                fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
            }
            location ~* \.(?:jpg|gif|ico|png|css|js|svg)$ {
                expires 30d; add_header Cache-Control public;
            }
            location ^~ /owncloud/data {
                internal;
                alias /mnt/files;
            }
        }
    }
}

maybe because it's serving it outside of the ^/owncloud block. what URL are you trying to access?

 

[Chakalov]

Hello all,

Could you please advice where could be a glitch hiding so that every time I delete/remove files from the OC this error message occur:

Error PHP filesize(): stat failed for /mnt/ownFiles/ach1/files_trashbin/files/some.jpg.d1443089448 at /usr/local/www/owncloud/lib/private/files/storage/local.php#121

Thanks in advance!

 

[Joshua Parker Ruehlig]

Hello all,

Could you please advice where could be a glitch hiding so that every time I delete/remove files from the OC this error message occur:

Error PHP filesize(): stat failed for /mnt/ownFiles/ach1/files_trashbin/files/some.jpg.d1443089448 at /usr/local/www/owncloud/lib/private/files/storage/local.php#121

Thanks in advance!

how are you deleting files, through the owncloud webui or through an owncloud client?

 

[Jailer]

However, now I get the firefox popup to open or save the index.php file instead of properly processing it

You haven't set a server name or declared an index file(s) in your server block so it's just serving up the first thing it finds.
You should have something like this:

Code:

server {
listen   80;
server_name  www.yourdomain.com, yourdomain.com;
root /usr/local/www/owncloud;
index    index.php index.htm index.html;

 

[Chakalov]

how are you deleting files, through the owncloud webui or through an owncloud client?

Through the OC client only.

 

[fireball]

Hi all

1. Thx Josh for your guide ;)

I have now a problem with PDF thumbnails. They are not generated and I becomae no error on the owncloud.log

line in my config.php regarding preview options :

Code:

'enable_previews' => true,
  'preview_max_x' => 50,
  'preview_max_y' => 50,
  'preview_max_scale_factor' => 10,
  'preview_max_filesize_image' => 50,
  'preview_libreoffice_path' => '/usr/local/bin/libreoffice',
  'preview_office_cl_parameters' =>
        ' --headless --nologo --nofirststartwizard --invisible --norestore '.
        '-convert-to pdf -outdir '
  'enabledPreviewProviders' => array(
        'OC\Preview\PNG',
        'OC\Preview\JPEG',
        'OC\Preview\GIF',
        'OC\Preview\BMP',
        'OC\Preview\XBitmap',
        'OC\Preview\MP3',
        'OC\Preview\TXT',
        'OC\Preview\MarkDown',
        'OC\Preview\Movie',
        'OC\Preview\MSOffice2007',
        'OC\Preview\MSOfficeDoc',
        'OC\Preview\OpenDocument',
        'OC\Preview\PDF'
),
  'logtimezone' => 'Europe/Berlin',

text file, image get their thumbnail but PDF, Opendoc, and wordx not ...

Don't understand why ...

 

[trumee]

I am trying to install 8.1.3 version in a new jail. I have compiled curl with openssl. When i try to enable Contacts i get the following error in nginx log

Code:

2015/10/05 18:14:14 [error] 8597#0: *27 upstream prematurely closed connection while reading response header from upstream, client: 192.168.1.20, server: , request: "POST /owncloud/index.php/settings/ajax/enableapp.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/p
hp-fpm.sock:", host: "192.168.1.11", referrer: "http://192.168.1.11/owncloud/index.php/settings/apps

Any idea how to overcome this?

 

[Joshua Parker Ruehlig]

Through the OC client only.

Not sure what the issue would be then =/ you might double check on the owncloud forum/github that the error your seeing isn't normal/expected. They might know the reason

 

[Joshua Parker Ruehlig]

I am trying to install 8.1.3 version in a new jail. I have compiled curl with openssl. When i try to enable Contacts i get the following error in nginx log

Code:

2015/10/05 18:14:14 [error] 8597#0: *27 upstream prematurely closed connection while reading response header from upstream, client: 192.168.1.20, server: , request: "POST /owncloud/index.php/settings/ajax/enableapp.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/p
hp-fpm.sock:", host: "192.168.1.11", referrer: "http://192.168.1.11/owncloud/index.php/settings/apps

Any idea how to overcome this?

Are you sure php-fpm is listening?
can you check the output of "sockstat"

EDIT
ahh, I see you can already get to those pages.
I think we realized earlier it is not about compiling curl with the latest openssl, but recompiling php-openssl

 

[Joshua Parker Ruehlig]

Hi all

1. Thx Josh for your guide ;)

I have now a problem with PDF thumbnails. They are not generated and I becomae no error on the owncloud.log

line in my config.php regarding preview options :

Code:

'enable_previews' => true,
  'preview_max_x' => 50,
  'preview_max_y' => 50,
  'preview_max_scale_factor' => 10,
  'preview_max_filesize_image' => 50,
  'preview_libreoffice_path' => '/usr/local/bin/libreoffice',
  'preview_office_cl_parameters' =>
        ' --headless --nologo --nofirststartwizard --invisible --norestore '.
        '-convert-to pdf -outdir '
  'enabledPreviewProviders' => array(
        'OC\Preview\PNG',
        'OC\Preview\JPEG',
        'OC\Preview\GIF',
        'OC\Preview\BMP',
        'OC\Preview\XBitmap',
        'OC\Preview\MP3',
        'OC\Preview\TXT',
        'OC\Preview\MarkDown',
        'OC\Preview\Movie',
        'OC\Preview\MSOffice2007',
        'OC\Preview\MSOfficeDoc',
        'OC\Preview\OpenDocument',
        'OC\Preview\PDF'
),
  'logtimezone' => 'Europe/Berlin',

text file, image get their thumbnail but PDF, Opendoc, and wordx not ...

Don't understand why ...

I believe all you need to do is enable those providers (as you did) and install "pecl-imagick libreoffice". Previews for those file types are working for me so if you configure it a certain way it will work.

 

[fireball]

Ok thx

but unfortunatly for PDF the pecl-imagick libreoffice must not be installed.

I really don't understand why the PDF thumbnail are not created.

Could it be a problem with the syntax of my config.php ? can you share your ?

 

[Joshua Parker Ruehlig]

Ok thx

but unfortunatly for PDF the pecl-imagick libreoffice must not be installed.

I really don't understand why the PDF thumbnail are not created.

Could it be a problem with the syntax of my config.php ? can you share your ?

I'm sorry, but I don't exactly understand what you are saying.
please try installing pecl-imagick, I'm pretty sure this is required for PDF previews.

Here's the only preview related settings I have and everything works.

Code:

  'enable_previews' => true,
  'enabledPreviewProviders' =>
  array (
  0 => 'OC\\Preview\\PNG',
  1 => 'OC\\Preview\\JPEG',
  2 => 'OC\\Preview\\GIF',
  3 => 'OC\\Preview\\BMP',
  4 => 'OC\\Preview\\XBitmap',
  5 => 'OC\\Preview\\Markdown',
  6 => 'OC\\Preview\\MP3',
  7 => 'OC\\Preview\\TXT',
  8 => 'OC\\Preview\\Illustrator',
  9 => 'OC\\Preview\\Movie',
  10 => 'OC\\Preview\\MSOffice2003',
  11 => 'OC\\Preview\\MSOffice2007',
  12 => 'OC\\Preview\\MSOfficeDoc',
  13 => 'OC\\Preview\\OpenDocument',
  14 => 'OC\\Preview\\PDF',
  15 => 'OC\\Preview\\Photoshop',
  16 => 'OC\\Preview\\Postscript',
  17 => 'OC\\Preview\\StarOffice',
  18 => 'OC\\Preview\\SVG',
  19 => 'OC\\Preview\\TIFF',
  20 => 'OC\\Preview\\Font',
  ),

 

[fireball]

Sorry for my english ...

What I meaned was that forme the pecl-imagick was not required for PDF. But I am maybe wrong.

I will test that as soon as I go back to home.

Thank you for your support.

 

[trumee]

Are you sure php-fpm is listening?
can you check the output of "sockstat"

EDIT
ahh, I see you can already get to those pages.
I think we realized earlier it is not about compiling curl with the latest openssl, but recompiling php-openssl

Thanks, installing php56-openssl from ports got me past this error!

 

[ChristianW]

This tutorial worked great for me! Even the ssl implementation in nginx was simple with your help!

In the case someone can not access his/her owncloud thru the alias (403 forbidden), but by local IP, you should look in the config.php an add the owncloud domain to the trusted_domains.

That's it.

Thank you all!

 

[Maturola]

NOTES

• I use a 'Data folder' that is a dataset outside of the ownCloud jail. This separates data from programs for easy backup and snaphots.

• I use a subdirectory '/owncloud' for my ownCloud instance; this is because I have other applications running in other sub-directories. I don't use sub-domains because I want everything on a single domain. I pay for a domain name and get a free SSL Certificate from StartSSL. The free SSL Certificate only works for the domain and a single sub-domain (usually www). You can alternatively choose to host ownCloud at the '/' of your server as seen here.

• I have my SSL terminated by HAProxy running on my pfSense router. If you don't have this option, I recommend setting up SSL in NGINX as seen here.

Joshua,

I am working on my new FreeNAS setup and owncloud and would love to do the same as you as far as using SSL termination using HAProxy on my PFsense box. Can you share some (Maybe private message so we I don't hijack this thread) on how you did it? or maybe point me somewhere I can read some more about how to accomplish this, I am a "little" familiar with HAProxy, used it before a little but not sure how it work with SSL + Owncloud. any feedback would be appreciated.

Thanks
Mat

 

[Joshua Parker Ruehlig]

Joshua,

I am working on my new FreeNAS setup and owncloud and would love to do the same as you as far as using SSL termination using HAProxy on my PFsense box. Can you share some (Maybe private message so we I don't hijack this thread) on how you did it? or maybe point me somewhere I can read some more about how to accomplish this, I am a "little" familiar with HAProxy, used it before a little but not sure how it work with SSL + Owncloud. any feedback would be appreciated.

Thanks
Mat

I'll just post here so other can reference. As far as SSL + owncloud, I don't do anything special for owncloud. My SSL terminator terminated HTTPS for all my applications running on my site.

Here's pretty much all I do.
* add cert to pfsense's certificate manager (in my case the cert is a free one from startcom)
- added cert to 'certificates' tab
- added their primary intermediate cert to CAs tab
* haproxy > backend > add new
- in my case varnish (127.0.0.1:80) but for you is likely your owncloud jail
- static round robin (best if you have only one backend server)
- I enabled HSTS by entering "31536000"
- enable cookie protection
* haproxy > frontend > add a new
- have it listen on WAN_IP Port 443
- backend server = what you created earlier
- type = HTTPS(offloading)
- enable forwardfor option
- (default) certificate - choose cert you added earlier, if you're serving multiple domains with SSL you need to add them to 'additional certificates'
- enable ocsp
- advanced ssl options = "ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA no-sslv3"

RESULTS
https://www.ssllabs.com/ssltest/analyze.html?d=jruehlig.com

NOTE
when creating your free cert at startssl.com make sure you request it with SHA256, otherwise it could be consider it less secure. If you do end up with a SHA-1 on accident you can't generate another one from startcom for another year unless you pay.

 

[Maturola]

I'll just post here so other can reference. As far as SSL + owncloud, I don't do anything special for owncloud. My SSL terminator terminated HTTPS for all my applications running on my site.

thank you sir for a quick response i'll give it a try.

So Owncloud don't need any change at all, it is configure as default as non-ssl. However if accessing it external, we'll hit the pubic IP using "https", the prosy will decrypt the SSL packages and pass non-encrypted to the owncloud jail..is that correct?

 

[Joshua Parker Ruehlig]

thank you sir for a quick response i'll give it a try.

So Owncloud don't need any change at all, it is configure as default as non-ssl. However if accessing it external, we'll hit the pubic IP using "https", the prosy will decrypt the SSL packages and pass non-encrypted to the owncloud jail..is that correct?

that is how reverse-proxys work