[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[PAE]

I followed your method. But while connecting to owncloud using https://myip/owncloud, first it shows up the certificate validation screen and once I make the exception, it throws up 404 Not Found screen.

I am attaching herewith txt file with config.php, nginx.conf details and the sockstat also.

Your suggestions / help would be appreciated.

Your ssl server block in nginx.conf is missing "/owncloud" location. That's why you get 404 page.
I would recommend to change main server block to SSL by adding "listen 443 ssl;" line and couple additional ssl lines recommended by guys at Mozilla
and make port 80 just a redirect to port 443, so given config would look like so:

Code:

 worker_processes 2;                                                       
                                                                              
    events {                                                                  
        worker_connections 1024;                                              
    }                                                                         
                                                                              
    http {                                                                    
        include mime.types;                                                   
        default_type application/octet-stream;                                
        sendfile off;                                                         
        keepalive_timeout 65;                                                 
        gzip off;                                                             
      

server
{
        listen 80;
        server_name example.com;
        return 301  https://$server_name$request_uri;
}
                                                                      
        server {                                                              
        listen 443 ssl;
        server_name example.com;
        ssl_certificate /usr/local/etc/nginx/server.crt;
        ssl_certificate_key /usr/local/etc/nginx/server.key;
        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_session_tickets off;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
        ssl_prefer_server_ciphers on;

        root /usr/local/www;                                              
            location = /robots.txt { allow all; access_log off;               
log_not_found off; } 
   location = /favicon.ico { access_log off; log_not_found off;      
}                                                                             
                                                                              
            location ^~ /owncloud {                                           
                index index.php;                                              
                try_files $uri $uri/ /owncloud/index.php$is_args$args;        
                error_page 403 /owncloud/core/templates/403.php;              
                error_page 404 /owncloud/core/templates/404.php;              
                client_max_body_size 512M;                                    
                location                                                      
~ ^/owncloud/(?:\.|build|tests|config|lib|3rdparty|templates|data|autotest|occ|$
{      
deny all;                                                 
                }                                                             
                location ~ \.php(?:$|/) {                                     
                    fastcgi_split_path_info ^(.+\.php)(/.*)$;                 
                    fastcgi_pass unix:/var/run/php-fpm.sock;                  
                    fastcgi_param SCRIPT_FILENAME                             
$document_root$fastcgi_script_name;                                           
                    fastcgi_param PATH_INFO $fastcgi_path_info;               
                    fastcgi_intercept_errors on;                              
                    include fastcgi_params;
                  }                                                             
                location ~ \.(?:jpg|gif|ico|png|css|js|svg)$ {                
                    expires 30d; add_header Cache-Control public;             
                }                                                             
            }                                                                 
        }                                                                     
                                                                                                                                                   
    }

Just change 2 entries of 'example.com' to your domain and you should be good to go.

 

[mcolinp]

Code:

chown -R www:www /mnt/files

you can check if that UID corresponds to a user in your FreeNAS, since it shows a number in the jail it doesn't correspond to a jail user.
I'm guessing you or someone changed the owner on the FreeNAS Storage tab.

you may want to double check your db dataset didnt get changed from it's user 'mysql' (UID 88).
ls -l /var/mysql

Hello Joshua. It's been a while.

I have found myself once again starting from scratch with this method of install for ownCloud.

It's been a while, and I have some points that are not so fresh in my mind as when I first did this.

For one; I kinda remember having two separate jails. One connected to the db dataset for mysql; and the other connected to ownCloud with a linked dataset on freenas for storage.

Is this correct? Or should there be one jail with two separate storage links?

Also I am questioning what the correct permissions are for this.

I know www is necessary for ownCloud, yet I am not certain about the MySQL database.

Thanks in advance.

 

[Joshua Parker Ruehlig]

Hello Joshua. It's been a while.

I have found myself once again starting from scratch with this method of install for ownCloud.

It's been a while, and I have some points that are not so fresh in my mind as when I first did this.

For one; I kinda remember having two separate jails. One connected to the db dataset for mysql; and the other connected to ownCloud with a linked dataset on freenas for storage.

Is this correct? Or should there be one jail with two separate storage links?

Also I am questioning what the correct permissions are for this.

I know www is necessary for ownCloud, yet I am not certain about the MySQL database.

Thanks in advance.

The way I recommend is a single jail for nginx+php+mysql
But two datasets mounted into the jail, the database (db) and owncloud data-directory (files). This way you can restore your owncloud install even if the jail gets deleted.

The 'files' dataset should be owned by www (UID=80) and 'db' owned by mysql (UID=88)

 

[mcolinp]

The way I recommend is a single jail for nginx+php+mysql
But two datasets mounted into the jail, the database (db) and owncloud data-directory (files). This way you can restore your owncloud install even if the jail gets deleted.

The 'files' dataset should be owned by www (UID=80) and 'db' owned by mysql (UID=88)

So this go-around; I am confounded that my system seems completely void of any evidence of my sql. Meaning both in the root of Freenas; or in a newly created Jail. There is no mysql user or group.

Has something changed recently? I though these resources were already in-place in a newly created jail. I also ran "portsnap fetch update" as well as "portsnap extract"; but non of the mysql resources are there. Do I need to pkg install them even before attaching storage?

 

[Joshua Parker Ruehlig]

So this go-around; I am confounded that my system seems completely void of any evidence of my sql. Meaning both in the root of Freenas; or in a newly created Jail. There is no mysql user or group.

Has something changed recently? I though these resources were already in-place in a newly created jail. I also ran "portsnap fetch update" as well as "portsnap extract"; but non of the mysql resources are there. Do I need to pkg install them even before attaching storage?

You don't need the mysql user on the FreeNAS host. Just follow the directions step by step and it will work.
Nothing has changed, the mysql user/group is only created in the jail when mysql is installed.

If you really want you can run this in the jail to make sure mysql has the permissions it needs.

Code:

chown -R 88:88 /var/db/mysql

 

[mcolinp]

You don't need the mysql user on the FreeNAS host. Just follow the directions step by step and it will work.
Nothing has changed, the mysql user/group is only created in the jail when mysql is installed.

If you really want you can run this in the jail to make sure mysql has the permissions it needs.

Code:

chown -R 88:88 /var/db/mysql

So if I run that in a newly created jail; it returns this:

"chown: /var/db/mysql: No such file or director"

is it ok to to allow this directory to be created when linking storage in the initial step?

 

[Joshua Parker Ruehlig]

So if I run that in a newly created jail; it returns this:

"chown: /var/db/mysql: No such file or director"

is it ok to to allow this directory to be created when linking storage in the initial step?

the directory will be created after you install mysql (mariadb100-server)
EDIT - Actually, before that. When you mount the 'db' dataset to the folder.

Is there a reason you are asking these questions instead of just following the steps and asking if something doesn't work?

 

[mcolinp]

Sorry, it just seems counter intuitive to me to link to something that doesn't yet exist. It makes me think I am doing something wrong out of the gate.

I will give it a go and get back if there are problems. Thanks for your help.

 

[Joshua Parker Ruehlig]

Sorry, it just seems counter intuitive to me to link to something that doesn't yet exist. It makes me think I am doing something wrong out of the gate.

I will give it a go and get back if there are problems. Thanks for your help.

no prob. By default the directory is created during the "link" process, so that's why I don't mention it.

 

[mcolinp]

I have tried a couple times; and I always end up getting a "404" error form nginx when I try to open the ip address of the Owncloud (Jail ip)

I am curious if there are specific approaches to choosing a good IP address. I think that is my problem. Is there a reason I would want an ip address like this:

192.168.1.10

or this:

192.168.1.125

Would one or the other be more ideal for local access verses http access?

I actually was letting the Jail auto assign an ip address to the Jail; which I am thinking may be the problem. It had 192.168.1.2 - the router is (192.168.1.1)

-EDIT- I googled this a bit; and found info on how to ping an ip address. If anyone has any further general wisdom; I am all ears, but this should steer me in the right direction . . .

 

[mcolinp]

This last time I have found that when I get to the end and try to run: "mysql -u root -p"; it returns an error.

It will not let me proceed. Also; of all the times I have recently tried this; I can never go back to the Freenas Web GUI storage tab and see a user or group that can be assigned to the db dataset called "mysql".

 

[Joshua Parker Ruehlig]

This last time I have found that when I get to the end and try to run: "mysql -u root -p"; it returns an error.

It will not let me proceed. Also; of all the times I have recently tried this; I can never go back to the Freenas Web GUI storage tab and see a user or group that can be assigned to the db dataset called "mysql".

Can you show an output of the error? Did mysql start in the "service mysql-server start" step?

I've said this to you before, you don't need to worry about this. Mysql's init script sets the permission for you.
If you really want to do this, just run this on the command line since the 'mysql' user doesn't exist in the FreeNAS host by default.

Code:

chown -R 88:88 /mnt/tank/db

 

[mcolinp]

Can you show an output of the error? Did mysql start in the "service mysql-server start" step?

I've said this to you before, you don't need to worry about this. Mysql's init script sets the permission for you.
If you really want to do this, just run this on the command line since the 'mysql' user doesn't exist in the FreeNAS host by default.

Code:

chown -R 88:88 /mnt/tank/db

I am waiting for a scrub to finish now . . . I tried to restart everything from scratch; and got myself into a trap I've been in before. I tried to wipe out the db dataset; after deleing all the files using rm. Now it claims that db is busy and that the dataset cannot be destroyed. I figured I had hosed something in regards to permissions with the "db" dataset; which is why I am trying to destroy it and start over fresh.

I likely won't do another attempt tonight; but I'll maybe try tomorrow night.

 

[mcolinp]

Well, I couldn't resist . . .

 

[rsquared]

Unlike Windows, UNIX based operating systems are case sensitive. Your last shell command failed on /mnt/files because, according to your last image, you've added it to the jail as /mnt/Files.

 

[Joshua Parker Ruehlig]

nice catch @rsquared

Well, I couldn't resist . . .

View attachment 9753 View attachment 9754 View attachment 9755 View attachment 9756

was something still not working? I'm not sure what you're trying to show with all these screenshots?

 

[mcolinp]

Aha!, It's typical that I get stumbled by the most insignificant details in relation to the bigger scheme of things. Thank You!

I will give it a shot later tonight.

 

[mcolinp]

nice catch @rsquared

was something still not working? I'm not sure what you're trying to show with all these screenshots?

I simply took multiple screen-shots leading up to where I typically fail to proceed. (So that you could see the lead-up to the potential issue.) I included the jails storage screen-shot as well to establish a complete picture of my setup fro diagnosis.

Thanks for your attention and assistance. It's much appreciated!

 

[mcolinp]

I carefully re-did the last part where it was pointed out that I had an error in file path (Case-Sensitive). This did not fix the whole problem. I carefully went back and double checked all the config files, etc; and no matter what I end up with a 404 nginx error when I try to load the ip address/owncloud in a browser.

One specific area I was wondering about: The first line in the mysql "my.cnf" ( found in: /var/db/mysql);

The first line in the guide shows this:

[server]

I was wondering if this should be changed to something specific to my setup such as an ip address. I tried the Jail IP which did not work either. Any suggestions welcome. If needed I will run any checks to verify any specific concerns.

 

[Joshua Parker Ruehlig]

I carefully re-did the last part where it was pointed out that I had an error in file path (Case-Sensitive). This did not fix the whole problem. I carefully went back and double checked all the config files, etc; and no matter what I end up with a 404 nginx error when I try to load the ip address/owncloud in a browser.

One specific area I was wondering about: The first line in the mysql "my.cnf" ( found in: /var/db/mysql);

The first line in the guide shows this:

[server]

I was wondering if this should be changed to something specific to my setup such as an ip address. I tried the Jail IP which did not work either. Any suggestions welcome. If needed I will run any checks to verify any specific concerns.

no that doesn't need to be changed, the my.cnf is exactly as it should be. if your problem is 404 that is a problem with your nginx.conf