[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[Joshua Parker Ruehlig]

I tried to update my OC from 8.0.1 to 8.1.3 by doing the following:
- stopping the services
- renaming the current ownCloud directory
- download the latest version and unarchive it in the right place and setting the correct (www:www) permissions recursively
- copied back the config.php file and also created a new nginx.conf copied from the fist post of this thread
- started back all services and opened the OC via the web browser where a welcome upgrade message has waited for me. Despite it said that all upgrade procedures went just fine the upgrade page continued to show up.
- I tried to manually update via the shell and occ command but still with no luck: it get stuck at this point:

Code:

root@cloud:/usr/local/etc/nginx # su www
$ php /usr/local/www/owncloud/occ upgrade
ownCloud or one of the apps require upgrade - only a limited number of commands are available
Checked database schema update
Checked database schema update for apps
Updated database

.... and just hangs there.

What am I doing wrong? :(

when you copied back your config.php, did you make sure it is still owned by the www user? owncloud need the ability to update this file.

 

[Chakalov]

The config file has the right owner and permissions.

When I put back the old ownCloud directory all works just fine.

Go figure....

 

[Michael Sparks]

@gaszto @ArgaWoW
Actually, maybe php56-curl is actually using php56-openssl's library. Going top revise the steps.

####
set WITH_OPENSSL_PORT=yes in /etc/make.conf

Code:

service php-fpm stop
pkg delete -f php56 php56-curl curl php56-openssl
make install clean -C /usr/ports/security/php56-openssl
make config -C /usr/ports/ftp/curl # disable GSSAPI_BASE, enable GSSAPI_NONE
make install clean -C /usr/ports/ftp/php56-curl
service php-fpm start

####
I might not have the steps perfect but I'm pretty sure we're getting close. When this came up for me I pfixed up my system in a few minutes so this is not impossible.

Also, if you can't get it working there is always the workaround of install apps directly to /usr/local/www/owncloud/apps

Thanks for this!

A side note, for whatever reason I was unable to successfully run:

Code:

make install clean -C /usr/ports/security/php56-openssl

without first running:

Code:

portsnap update
portsnap extract

Everything else worked great, I just had to restart the jail.

 

[Chakalov]

What do I have to delete in order to make a clean install of 8.2? Is keeping the user database possible or it will confront with the new OC version?

I know jumping from one major version to another isn't possible but since I can't even update from 8.0.2 to 8.0.3 I just don't see other options rather than a clean install.

I've spent just a few hours trying almost everything that came to to my mind to achieve a successful update but still nothing. Stuck on "Updated database" message in the occ command and not moving a byte forward. I think I had enough of trying. :-/

 

[Joshua Parker Ruehlig]

What do I have to delete in order to make a clean install of 8.2? Is keeping the user database possible or it will confront with the new OC version?

I know jumping from one major version to another isn't possible but since I can't even update from 8.0.2 to 8.0.3 I just don't see other options rather than a clean install.

I've spent just a few hours trying almost everything that came to to my mind to achieve a successful update but still nothing. Stuck on "Updated database" message in the occ command and not moving a byte forward. I think I had enough of trying. :-/

you would clear /mnt/files, the config.php and drop the databases and recreate them in mysql.

it definitely is possible to upgrade between versions. my production install has gone from 7 to 8 to 8.1.

 

[Chakalov]

Well I definitely have something wrong in my configuration since I can't update to the very next OC version. Perhaps I wasn't completely correct as well saying that jumping from one major version to another isn't possible but that's what the occ command told me (in red) when I tried to update. Later I read in the OC forum that you can jump between versions but with exceptions.

Thanks a lot again for the support! I'm going to erase perhaps everything and start from scratch using 8.2

 

[Chakalov]

Just for the record if anyone falls into my case:

- downloaded the latest version (currently 8.2.0), unarchived it in place and fixed permissions (just in case renamed the old OC dir to something else)
- I've created a new database with new user and granted permissions as instructed in the first page
- restarted all services (no idea if all were necessary but anyhow) and loaded the OC from the web browser
- configured a new admin and pointed the new database and user and most importantly the old data location (/mnt/files)
- after logged in for the first time simply recreated users with their old usernames and even passwords
- reconfigured config.php with the missing details from the old OC
- every user has been able to log in flawlessly again without losing a byte from their data

Don't know if this was the very right scenario that I had to go through but it seems to work fine. At least for me ;)

The only problem I had was that the main setup didn't accepted "localhost:/tmp/mysql.sock" for reasons I'm not able to debug. I had to leave it like "localhost" only.

 

[Joshua Parker Ruehlig]

Just for the record if anyone falls into my case:

- downloaded the latest version (currently 8.2.0), unarchived it in place and fixed permissions (just in case renamed the old OC dir to something else)
- I've created a new database with new user and granted permissions as instructed in the first page
- restarted all services (no idea if all were necessary but anyhow) and loaded the OC from the web browser
- configured a new admin and pointed the new database and user and most importantly the old data location (/mnt/files)
- after logged in for the first time simply recreated users with their old usernames and even passwords
- reconfigured config.php with the missing details from the old OC
- every user has been able to log in flawlessly again without losing a byte from their data

Don't know if this was the very right scenario that I had to go through but it seems to work fine. At least for me ;)

The only problem I had was that the main setup didn't accepted "localhost:/tmp/mysql.sock" for reasons I'm not able to debug. I had to leave it like "localhost" only.

glad you got working. Though doing that in cases of large installations with lots of user probably wouldn't scale.

I updated the steps for 8.2, including an updated nginx.conf. Haven't tested it yet, but will try updating my setup in the following days/weeks.

 

[Chakalov]

(just) One more thing....

Do I have to take care of the DB pointing to localhost instead of localhost:/tmp/mysql.sock or it's not that much of a problem?

 

[Joshua Parker Ruehlig]

(just) One more thing....

Do I have to take care of the DB pointing to localhost instead of localhost:/tmp/mysql.sock or it's not that much of a problem?

as long as it's working that should be fine. in the my.cnf we specify to listen only on the default file socket (at /tmp/mysql.sock) so I assume the owncloud client knows where to look. I'll double check your finding when I get a chance.

 

[Michael Sparks]

So OC wont update through the admin panel to 8.2, or do we just need to wait longer?

 

[Chakalov]

Josh said he updated so far without a problem but in my case it looked more like an isolated case since I had the problem updating to any higher version, so perhaps you guys could also update without a problem.

 

[Joshua Parker Ruehlig]

So OC wont update through the admin panel to 8.2, or do we just need to wait longer?

not sure about a major version. I believe for those ones I had to replace source (www/owncloud) directory because owncloud won't download them for you like minor updates. but even for some minor updates I had to replace my source.

 

[Michael Sparks]

Just updated to 8.2 using the front page, I pretty much started from scratch deleting my entire /mnt/db, of course leaving my /mnt/files intact. I ran into the same issue as Chakalov, just leave localhost as default because trying to set it to "localhost:/tmp/mysql.sock" just produces an error. Everything is working great. Thanks guys!

 

[Joshua Parker Ruehlig]

Just updated to 8.2 using the front page, I pretty much started from scratch deleting my entire /mnt/db, of course leaving my /mnt/files intact. I ran into the same issue as Chakalov, just leave localhost as default because trying to set it to "localhost:/tmp/mysql.sock" just produces an error. Everything is working great. Thanks guys!

did you restart mysql after wiping the db directory? did you recreate your my.cnf?
I'll update the database connection line when I get a chance to test an upgrade.

 

[Michael Sparks]

did you restart mysql after wiping the db directory? did you recreate your my.cnf?
I'll update the database connection line when I get a chance to test an upgrade.

I wiped the db folder contents, then made a new jail and started from scratch (creating everything new). Before when I tried installing I was getting errors Chakalov was with mysql (because it still existed from OC8.1 install).

 

[Joshua Parker Ruehlig]

I wiped the db folder contents, then made a new jail and started from scratch (creating everything new). Before when I tried installing I was getting errors Chakalov was with mysql (because it still existed from OC8.1 install).

ahh, OK. im looking into the connection problem

 

[Maturola]

- added their primary intermediate cert to CAs tab
* haproxy > backend > add new
- in my case varnish (127.0.0.1:80) but for you is likely your owncloud jail
- static round robin (best if you have only one backend server)
- I enabled HSTS by entering "31536000"
- enable cookie protection
* haproxy > frontend > add a new
- have it listen on WAN_IP Port 443
- backend server = what you created earlier
- type = HTTPS(offloading)
- enable forwardfor option
- (default) certificate - choose cert you added earlier, if you're serving multiple domains with SSL you need to add them to 'additional certificates'
- enable ocsp
- advanced ssl options = "ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA no-sslv3"

RESULTS
https://www.ssllabs.com/ssltest/analyze.html?d=jruehlig.com

NOTE
when creating your free cert at startssl.com make sure you request it with SHA256, otherwise it could be consider it less secure. If you do end up with a SHA-1 on accident you can't generate another one from startcom for another year unless you pay.

I'm having some issues getting their intermediate cert into the CA tab..... how do i get it from startcom?

Thanks

 

[Joshua Parker Ruehlig]

I'm having some issues getting their intermediate cert into the CA tab..... how do i get it from startcom?

Thanks

I'm pretty sure this is it https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem

 

[Maturola]

- type = HTTPS(offloading)
- enable forwardfor option
- (default) certificate - choose cert you added earlier, if you're serving multiple domains with SSL you need to add them to 'additional certificates'
- enable ocsp
- advanced ssl options = "ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA no-sslv3"

Thank you sir, I'll try that right now...

I kept going and I'm stuck on the last 3 steps, I don't see where those options are on the 'Frondend" tab....



EDIT +++++++++++++++++++++++++++++++++++++

So there is a "Template" tab, that had the the frontend and bacnend temapltes for Startcom SSL...so I used that and i can see those options, however after selecting the Created CAs, i get the following errors...

Errors found while starting haproxy
[ALERT] 297/205335 (98765) : parsing [/var/etc/haproxy_test/haproxy.cfg:10] : 'bind <public IP>:443' : unable to load SSL private key from PEM file '/var/etc/haproxy_test/HAProxy_stats_ssl_frontend.pem'.
[ALERT] 297/205335 (98765) : Error(s) found in configuration file : /var/etc/haproxy_test/haproxy.cfg
[ALERT] 297/205335 (98765) : Proxy 'HAProxy_stats_ssl_frontend': no SSL certificate specified for bind '<public IP>::443' at [/var/etc/haproxy_test/haproxy.cfg:10] (use 'crt').
[ALERT] 297/205335 (98765) : Fatal errors found in configuration.

Any help, or guide where to start looking would be appreciated