[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[mcolinp]

I have gone through the nginx.config file with a fine tooth comb, & I cannot find anything wrong; yet I am uncertain of what I would exactly be looking for.

Please let me know if you see anything:

 

[Joshua Parker Ruehlig]

I have gone through the nginx.config file with a fine tooth comb, & I cannot find anything wrong; yet I am uncertain of what I would exactly be looking for.

Please let me know if you see anything:

View attachment 9783

why are you using nginx.config? who ever mentioned that file name?

 

[mcolinp]

Well I gueaa THAT would do it! I guess it was a "config"-ment of my imagination. LOL. I made a text document where I copied and pasted things from your guide and entered in my own edits such as using nano to open the files. Those sections of your guide are not selectable to copy; so I must have misinterpreted that one. The other downside to my approach with this; is that working on this install is always the last thing I get around to before going to bed; so perhaps my cognitive skills were at a bit of a disadvantage . . .

Thanks for pointing it out; I pretty sure this will fix it!

**As you can see in my profile pic: I have a crayon obstruction in my brain . . .** :D

 

[mcolinp]

OK.

I have gone through this very carfully; but I have realized I do not understand what to edit; and what to leave in the nginx.conf file. Please take a look ath the screen shots of before and after; then the failure to start nginx later on . . .

The first three images are before I started replacing the "server" description in the file; followed by two images that show what it looked like before I saved it, then a picture of nginx failing to start with errors.

 

[rsquared]

The error is telling you exactly which line it doesn't like. Compare that line in the file to the OP, and see if you can find the problem.

 

[mcolinp]

The error is telling you exactly which line it doesn't like. Compare that line in the file to the OP, and see if you can find the problem.

I tried to go back through and see if I could figure it out. There were a couple lines that looked suspect; and I changed them to match the guide. The specific one that caught my eye was #24:

• location ~ ^/owncloud/(?:\.|build|tests|config|lib|3rdparty|templates|data|autotest|occ|issue|indie|db_|console) {

• Mine was missing the "/" after "^ /owncloud"

• I noticed it also has some SSL text added after each line from 28-33. I deleted this; but figured it must be something that auto populates.

• I seem to be at an impasse . . .

 

[rsquared]

Take another close look at the error. Do you see a line in the file that closely matches that one?

 

[mcolinp]

Take another close look at the error. Do you see a line in the file that closely matches that one?

I did see that line. I carefully compared it to the guide; and did not see any difference. I have to admit though; I am a visual artist and 3D CAD designer (think automotive exterior styling) . . .

Working with text is a bit foreign to what I do day in and day out. I'm the guy that will tell you a picture is worth a thousand words; and would rather draw you a picture than try to explain something with written words.

I have been driving several hours this evening; and will not get a chance to look at it again until Sunday evening.

It's frustrating; knowing I am so close, yet not successful just yet.

If you think you know which character is missing in the line from my previous she'll pics; point it out, & I'll double check it whe I get home.

 

[rsquared]

It's the first two characters after the first word.

 

[mcolinp]

So I got back home and examined that line once again:

I see nothing wrong when compared to the Guide. Now When I try to put "JAIL-IP/owncloud" in a browser; it redirects me to a Freenas login screen. Something is definitely not happy . . .

 

[mcolinp]

Ok!! After much back and forth and minus some hair . . .

I found your comments to someone else about "un-commenting" specific lines in some of the files that were edited using nano.

This seems to be the root of my problems. owncloud is up and running;

Thank You!

 

[Joshua Parker Ruehlig]

Ok!! After much back and forth and minus some hair . . .

I found your comments to someone else about "un-commenting" specific lines in some of the files that were edited using nano.

This seems to be the root of my problems. owncloud is up and running;

Thank You!

welcome, glad you got it working.

 

[mcolinp]

Ok, so once the system is up and running without SSL, here's how I added SSL. As a bonus, Owncloud 6.0.2 came out, so I did an upgrade too!


Note: I wrote this, but I don't have any intention of really supporting people that chose to go this route and have problems. Joshua(the OP for this guide) didn't include these steps in his guide either, so please don't go posting in this thread with problems related to getting this to work. If he so desires to support this configuration I'll remove this warning. If people can't behave themselves I'll start deleting the posts and potentially deleting this guide. Thanks. -mgmt

Another note: When you reboot your FreeNAS box, if you have https enabled for the FreeNAS WebGUI as well as SSL for Owncloud the client will sometimes try to connect to the FreeNAS WebGUI on server bootup. There is a period of time where the FreeNAS WebGUI is available(with its own unique SSL cert) and the Owncloud jail isn't quite available yet. During this short time if your Owncloud client attempts to connect to the jail you will instead get the FreeNAS SSL cert. You will get an warning from the Owncloud client that the cert has changed and asks for you to accept or reject the cert. You should reject the cert since it is not the correct cert. As soon as your jail comes back up your client should reconnect to the Owncloud server appropriately and continue operating as expected.

(All commands must be run from within the jail.. so ssh in or use jls/jexec as you see fit).

1. Setup everything so Owncloud works without SSL. This proves you are at a certain point where things can be assumed.

If you aren't working without SSL, you aren't going to be better off after this. So definitely make sure you can go to http://ip/owncloud and access the webpage!


2. You must compile nginx from ports since the pkg version doesn't appear to include SSL.

Inside the jail and as root again, do the following:

# service nginx stop
# pkg remove nginx
# portsnap fetch update
# make /usr/ports/www/nginx install

When it asks for settings you will need to make sure ALL of the following are checked: (This is what I used.. feel free to change it at your own discretion and or risk!)

IPV6
HTTP
HTTP_CACHE
HTTP_DAV
HTTP_FLV
HTTP_GZIP_STATIC
HTTP_PERL
HTTP_REWRITE
HTTP_SSL
HTTP_STATUS
WWW

Now wait for it to compile...Took me about 30 seconds.

3. Create your encryption key, cert, etc.

Note: I'm not a security wizard, so I used the same steps from http://www.akadia.com/services/ssh_test_certificate.html. DES3 may or may not be secure. It's up to you to decide what to use or not use since this forum isn't about security certificates and the like.

# cd /usr/local/etc/nginx/
# openssl genrsa -des3 -out server.key 1024 (Generates a private key)
# openssl req -new -key server.key -out server.csr (Generates the Certificate Signing Request. Fill in EVERY field with something or Owncloud's client will not be happy and won't sync. I learned this the hard way)
# cp server.key server.key.org (backs up your key)
# openssl rsa -in server.key.org -out server.key (Removes the passphrase from the key)
# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt (Generates a self-signed Certificate)

4. Let's stop and verify your stuff is still working!

At this point you should be able to do # service nginx start and be able to go to your http address and it should still work. If not, this is a good place to stop and troubleshoot. So go ahead and test the service to make sure its still working. After verifying everything is okay then do # service nginx stop and keep going. The next step is where I expect 99% of the problems to be, so this is a good place to prove you've done everything right up to this point.

5. Go to SSL!

Attached is my nginx.conf(I had to make it a .txt file for the forum software filters). You can either use mine, or read through mine and adapt it for your server. The main lines to eyeball are:

ssl_certificate /usr/local/etc/nginx/server.crt;
ssl_certificate_key /usr/local/etc/nginx/server.key;
listen 443 ssl;

Once you've added those lines, if you did everything properly, then you can type:

# service nginx start

And you should be able to go to https://ip/owncloud and have access to your server! It's a self-signed certificate so you'll get the lame security warning. Just accept it in your browser and keep going.

BONUS: Updating Owncloud

Everyone likes bonuses right? Buy-one-get-one-free and the like? So here's how I updated my Owncloud from 6.0.1 to 6.0.2. You'll know if Owncloud is out of date because you'll go to your Owncloud Server's webpage and see a warning at the top that it's not the latest and greatest.

NOTE: I'd verify that SSL above works before doing an update. You don't want to do an SSL and update at the same time in case you have problems. Better to change 1 thing at a time so if something goes wrong you have fewer things that can/could go wrong.

Since I'll be installing 6.0.2 the file location is http://download.owncloud.org/community/owncloud-6.0.2.tar.bz2 You can either change the file name yourself or go to owncloud.org and find the link yourself. I went to owncloud.org just to make sure that the link was correct.

Inside the jail as root run the following commands:

# service nginx stop
# cd /tmp
# fetch http://download.owncloud.org/community/owncloud-6.0.2.tar.bz2
# tar jxvf owncloud-*.tar.bz2 -C /usr/local/www
# rm owncloud-*.tar.bz2
# chown -R www:www /usr/local/www/owncloud
# service nginx start

That's it! If you go to http(s)://ip/owncloud there will be a page that says it's updating and to please wait, but within about 10 seconds it refreshed and Owncloud was back online for me.

If you've been reading my posts elsewhere the PBI version sucked because the performance was just horrid with a large number of small files. Throughput was great for large files though. Something like 8000 files totalling 4.6GB took over 16 hours to upload(I stopped counting at 16 hours). With 6.0.2 and using NGINX, PHP-FPM, and MySQL(MariaDB) I was able to sync 8173 files totalling 5.3GB in less than 40 minutes on the same hardware! That's over 18x faster!

Thanks to Joshua for starting this thread with his guide!

Cyberjock,

I was looking at your nginx.conf file and had a question:

If I have followed Joshua's guide then used your SSL instructions, would I leave the worker processes set to "3" or "2"? Another words does adding the SSL certificate add another worker process . . .

 

[Joshua Parker Ruehlig]

I was looking at your nginx.conf file and had a question:

If I have followed Joshua's guide then used your SSL instructions, would I leave the worker processes set to "3" or "2"? Another words does adding the SSL certificate add another worker process . . .

no, the settings are in no way related. I've heard recommendations of number or threads, or 1.5x number of threads

 

[mcolinp]

So is that particular entry not all that detrimentally important? I wondered about it even just doing the owncloud install before SSL. I am not sure what qualifies as a "worker process"; to be certain I am setting it correctly.

-EDIT- -BTW Joshua; after getting everything running the way it is supposed to be with your guide: I am very impressed with the speed and performance. The time I set it up a while back; I beleive I still had some things that didn't entirely line up with what you had intended. It did work, but I think it was only in spite of my efforts.

 

[cyberjock]

Yeah, I went with 3 because of my system design. I figured that was the most I'd like to have the Owncloud jail use. ;)

 

[Joshua Parker Ruehlig]

So is that particular entry not all that detrimentally important? I wondered about it even just doing the owncloud install before SSL. I am not sure what qualifies as a "worker process"; to be certain I am setting it correctly.

-EDIT- -BTW Joshua; after getting everything running the way it is supposed to be with your guide: I am very impressed with the speed and performance. The time I set it up a while back; I beleive I still had some things that didn't entirely line up with what you had intended. It did work, but I think it was only in spite of my efforts.

It's how many children nginx spawns I believe, but googling would give you more info then I know about this.

Great, glad it's working.

 

[mcolinp]

Yeah I just did a little research before heading back here: my conclusion is that it is more crtical if you are serving files up to lots and lots of users. (think like 500+ at a time) I don't think that will likely ever be a concern in my case. As my use of ownCloud would be like how most people use dropbox; occasionally sharing folders/files with a very small number of people. (in my case a few clients).

 

[robuyo]

Works like a charm.
Now, I'm gonna install Fail2Ban to keep an eye on the logs, you know :)

 

[Michael Sparks]

Any idea why im only able to download from my owncloud server at 100-150kbps when I have 1+mbps upload speed? plex uses 1+mbps so it must be a setting in owncloud somewhere??