DrKK's Definitive Guide to Installing OwnCloud in FreeNAS (or FreeBSD)

[diedrichg]

Could someone please direct me to the users' directories within the owncloud jail so that I can set up dataset storage. I've searched through the entire jail directory structure and I can't seem to find owncloud username's directory. Thanks in advance!

Edit: With some Google sleuthing and puzzle piecing I found it -

Code:

/usr/local/www/owncloud/data/username/files

FWIW, a standalone installation has them in /var/www/html/owncloud/data/username or /var/www/owncloud/username/ depending on what Google search result you are looking at.

 

[pix]

@DrKK
for the last four days i have been unsuccessful in installing dokuwiki in a pluginjail. Apache just kept spitting out forbidden error messages.

i used your guide for owncloud substituting dokuwiki of course, and i got dokuwiki up and running on the first shot. absolutely perfect guide.

thank you from a FreeBSD / FreeNAS noob.

 

[DrKK]

That's great news.

This is why I like to make an overly verbose guide, explaining the thought process...I figure maybe it'll help with a general case. I'm glad it was helpful sir.

 

[diedrichg]

Which would the the preferred / secure method to allow dataset storage write access to a dataset called "files" in your zpool?

Option A: Give rwx permissions to the www group on "files" dataset in the zpool
Option B: Within the ownCloud jail, add the user www to your group that has rwx permissions on the "files" dataset in the zpool?

Source example for Option B: http://forums.freenas.org/index.php?threads/btsync-plugin-permission-issue.18215/#post-99427​

 

[Nayeem]

first of all - excellent guide. It’s gotten me (a *noob*) through most of the installation without error. Along the way I’ve learned a few things too - thanks for that as well! Here’s my issue. I got the forbidden page in step 8. I made the changes to the modules.conf in step 9.1. Then when I edit the fastcgi.conf file I’m a bit confused. Sorry but here’s a noob question: Am I suppose to copy the code and paste that entire code into the fastcgi.conf file or am I suppose to Uncomment out those lines that match up to the code you provided? I’ve tried both and went through the installation process a few times already without any success. I’ve also completed step 10. Then I run the top command from step 11, but didn't see lighttpd running or any php processes either. I’m guessing this is all related to the fastcgi.conf file I didn’t get right yet.

Heres what it says when I run the restart:

Code:

root@owncloud:/ # service lighttpd onerestart
Performing sanity check on lighttpd configuration:
Syntax OK
lighttpd not running? (check /var/run/lighttpd.pid).
Starting lighttpd.
root@owncloud:/ # 

any help would be great!!!

 

[Nayeem]

also here’s the top command:

Code:

last pid: 83171;  load averages:  0.02,  0.05,  0.07                                                                          up 0+03:54:53  10:36:24
10 processes:  1 running, 6 sleeping, 3 stopped
CPU:  0.4% user,  0.0% nice,  0.4% system,  0.0% interrupt, 99.2% idle
Mem: 506M Active, 523M Inact, 12G Wired, 120M Buf, 2355M Free
ARC: 11G Total, 3639M MFU, 7737M MRU, 400K Anon, 59M Header, 100M Other
Swap: 12G Total, 12G Free
 
  PID USERNAME    THR PRI NICE  SIZE    RES STATE  C  TIME  WCPU COMMAND
43448 root          1  40  10 18636K  3268K wait    1  0:03  0.00% sh
72552 root          1  20    0 17568K  3180K pause  0  0:00  0.00% csh
43422 root          1  20    0 12080K  1880K select  0  0:00  0.00% syslogd
43513 root          1  20    0 14180K  1876K nanslp  1  0:00  0.00% cron
72779 root          1  20    0 16600K  2368K STOP    1  0:00  0.00% top
72675 root          1  20    0 16600K  2364K STOP    0  0:00  0.00% top
82626 root          1  21    0 16600K  2372K STOP    0  0:00  0.00% top
83170 root          1  20    0 16600K  2372K CPU1    1  0:00  0.00% top
58657 root          1  52    0 46888K  5280K select  1  0:00  0.00% sshd
83004 root          1  40  10  3816K  1496K nanslp  0  0:00  0.00% sleep

 

[DrKK]

first of all - excellent guide. It’s gotten me (a *noob*) through most of the installation without error. Along the way I’ve learned a few things too - thanks for that as well! Here’s my issue. I got the forbidden page in step 8. I made the changes to the modules.conf in step 9.1. Then when I edit the fastcgi.conf file I’m a bit confused. Sorry but here’s a noob question: Am I suppose to copy the code and paste that entire code into the fastcgi.conf file or am I suppose to Uncomment out those lines that match up to the code you provided? I’ve tried both and went through the installation process a few times already without any success. I’ve also completed step 10. Then I run the top command from step 11, but didn't see lighttpd running or any php processes either. I’m guessing this is all related to the fastcgi.conf file I didn’t get right yet.

Heres what it says when I run the restart:

Code:

root@owncloud:/ # service lighttpd onerestart
Performing sanity check on lighttpd configuration:
Syntax OK
lighttpd not running? (check /var/run/lighttpd.pid).
Starting lighttpd.
root@owncloud:/ # 

any help would be great!!!

Hi Nayeem:

Thanks for the kind words.

In answer to your first question, you don't uncomment anything, just cut and paste my (already-uncommented) code block, and put it near the similar code (still commented) code blocks. Leave the other commented code blocks right in there for reference.

And for what the lighttpd onerestart says, yes, that is correct. lighttpd is actually NOT running for you at that point, so when you "restarted" it, it was just letting you know that you were actually STARTing not REstarting it.

So everything's great sir. Proceed.

 

[DrKK]

By the way, in case anyone is wondering, I'm using owncloud actively on my system, and I found a niche for it. Here's what it is:

I store a TrueCrypt virtual folder with my Thunderbird profile, and another TrueCrypt virtual folder with my Firefox profile, in my Owncloud. Therefore, wherever I am, my profile loads from my own cloud (lol!!? guess that's why they chose the name), and it doesn't matter if it's my laptop, or desktop 1, 2, 3, or 4, or linux from remote, or whatever. I am not using anyone else's service, so I never have to trust them, nor pay them. Works nicely for me.

So that's it, it just hosts a couple of smallish (128MB and 256MB respectively) TrueCrypt folders, that essentially self-cloudify my Thunderbird and Firefox profiles. And it's also a way to back that up, as a side effect. Sort of.

 

[jgreco]

Just curious (not trying to be a brat):

Are any of you guys paying attention to actually getting real certificates and implementing the finer points such as Perfect Forward Secrecy ( https://www.eff.org/deeplinks/2013/...ward-secrecy-important-web-privacy-protection ) on top of SSL?

We took the Heartbleed issue as an opportunity to mass-rejigger a variety of web services up to Apache 2.4 and the latest OpenSSL, and I decreed as part of the process that we'd be PFS from here on forward as well. I don't have the correct lighttpd recipe for that handy but Apache isn't too rough. Qualys SSL Labs has a great tester (but you need to make your stuff accessible on port 443 to let it test).

The most compatible cipherlist I was able to find is at https://wiki.mozilla.org/Security/Server_Side_TLS

There are a variety of ways to acquire cheap or free SSL certificates as well.

 

[DrKK]

Well, like I said, I'm mostly serving myself TrueCrypt folders. I don't have a PFS threat in any way I can think of.

So I guess my answer to you question is: Meh. But I can imagine someone else would like to know how to handle it. So if anyone else knows how to set up lighttpd to pimp it out for best practice PFS, then by all means, post it :) Maybe someone already posted something in the lighttpd forum.

 

[Nayeem]

DrKK,

Thanks for the reply. So here’s where I’m stuck. I followed your suggestion and placed the code inside the file near other similar code from section 9.3 of your instructions. I checked, re-checked then triple checked steps 6-11. However I just can’t seem to get the system to start lighttpd (or keep it running?) in step 11 nor can I view the system using the ip address in the browser. Running the top command doesn’t produce any processes or php files being run by www as stated in your instructions.

I added an SSL in steps 12 & 13 and also made it permanent in step 15. I’ve finished all the steps except the one that stops the ssh service (figured that I’d need it). I finished the rest of the configuration with the hope that it might right it self along the way, however no such luck.

When I visit these urls in my browser I don’t see the log in screen for owncloud.

Code:

http://192.168.1.205
http://192.168.1.205/owncloud/
https://192.168.1.205
https://192.168.1.205/owncloud/

Here’s a jls of the jails running in my FreeNAS and it shows own cloud under that IP:

Code:

Welcome to FreeNAS
[root@NAS-Server] ~# jls
  JID  IP Address      Hostname                      Path
    1  -              couchpotato_1                /mnt/media121/jails/couchpotato_1
    2  192.168.1.204  crashplan_1                  /mnt/media121/jails/crashplan_1
    3  192.168.1.205  owncloud                      /mnt/media121/jails/owncloud
    4  -              plex                          /mnt/media121/jails/plex
    5  -              sickbeard_1                  /mnt/media121/jails/sickbeard_1
    6  -              transmission_1                /mnt/media121/jails/transmission_1
[root@NAS-Server] ~#

Along the way I also stopped and restarted the standard jail for owncloud and even restarted FreeNAS.
Quite frankly I’m really stuck and don’t have the slightest clue as to what to do other than to delete the jail (for the 3rd time!) and start this process all over.

Before I do this, I wanted to reach out and see if there might be some advice or additional step(s) you might be able to suggest that might help my situation.

Thanks in advance!

 

[DrKK]

We can troubleshoot this. The odds that this is very simple are quite high. I don't want to pollute the thread with it though. Can we talk on the IRC channel, or in private messages on here?

 

[jgreco]

Well, like I said, I'm mostly serving myself TrueCrypt folders. I don't have a PFS threat in any way I can think of.

Honestly, we call it belt and suspenders. We don't really know who wrote TrueCrypt or if there aren't backdoors in it. There's no telling for sure how much data is being collected by TLA's; there are claims that the NSA feels that it is authorized to collect and store any encrypted data it encounters regardless of whether it appears to be from a US citizen. We do know that there's a possibility that the NSA knows how to crack TrueCrypt or even PFS SSL, but the difficulty multiplier is greatly enhanced if you use both.

As a US based Internet engineer, I am dismayed by the Snowden revelations, and the implication that the NSA is engaged in espionage against US citizens. I see one of my obligations as being the encryption of as much relatively useless traffic as possible, with the long-term goal of encrypting all Internet communications.

This isn't even an act of civil disobedience; it is merely helping the NSA focus on their lawful foreign signals intelligence mission by making any illegal monitoring of your activities much more difficult.

I will note that I do not have an inherent problem with the interception of communications by duly authorized law enforcement. However, I see the resistance of law enforcement to even the minimal rubber-stamp requirement of a warrant to be inexcusable.

 

[diedrichg]

Along the way I also stopped and restarted the standard jail for owncloud and even restarted FreeNAS.
Quite frankly I’m really stuck and don’t have the slightest clue as to what to do other than to delete the jail (for the 3rd time!) and start this process all over.

I've had issues with leftover jail settings fubaring future jails. If you don't have any other jails that require saving, I suggest deleting the entire jails dataset. This will clear out any latent/residual settings that could be messing with you. Sometimes deleting the jails dataset from the gui doesn't "take" and you may need to remove it manually through the shell. I know it's a pain in the ass but since you've done this process three times now I'm betting you can do it a third in 15 minutes or less.

 

[DrKK]

Honestly, we call it belt and suspenders. We don't really know who wrote TrueCrypt or if there aren't backdoors in it. There's no telling for sure how much data is being collected by TLA's; there are claims that the NSA feels that it is authorized to collect and store any encrypted data it encounters regardless of whether it appears to be from a US citizen. We do know that there's a possibility that the NSA knows how to crack TrueCrypt or even PFS SSL, but the difficulty multiplier is greatly enhanced if you use both.

As a US based Internet engineer, I am dismayed by the Snowden revelations, and the implication that the NSA is engaged in espionage against US citizens. I see one of my obligations as being the encryption of as much relatively useless traffic as possible, with the long-term goal of encrypting all Internet communications.

This isn't even an act of civil disobedience; it is merely helping the NSA focus on their lawful foreign signals intelligence mission by making any illegal monitoring of your activities much more difficult.

I will note that I do not have an inherent problem with the interception of communications by duly authorized law enforcement. However, I see the resistance of law enforcement to even the minimal rubber-stamp requirement of a warrant to be inexcusable.

Seems like we've successfully gotten pretty off-topic. :) But OK. I'm personally comfortable with TrueCrypt, and have no bee in my bonnet for PFS. But I'll gladly add it to my OwnCloud/lighttpd if someone has a way to do that with minimal effort.

 

[jgreco]

I have no idea how you think PFS and SSL would be off-topic. The whole idea of FreeNAS is to maintain the security and integrity of your data. I may happen to have lighttpd bits sitting around somewhere for it but I'm not coming up with it right now.

 

[Nayeem]

diedrichg,

Are you suggesting that I delete just the jail own cloud or the entire jail folder including all the plugins that I currently have? That would absolutely become a pain especially since, it took me almost 2 days to figure out how to make transmission, couch potato, sick beard and plex all work together!

Do you have another solution you think might work?

 

[diedrichg]

yeahhh, don't do that. I figured you had other jails configured. That's okay. One thing that I found that poses a problem - if you are using the GUI shell window to issue your commands then you could have some paste issues. I found that the paste function does not copy the ~ character.

Ex: ~FreeNAS
pastes: reeNAS

It's annoying! There is a portion of this guide that has those in there and it can screw the whole thing up!

 

[diedrichg]

Config tip to set user session timeout:

Code:

cd /usr/local/www/owncloud/config
nano config.php

add this at the bottom

Code:

'session_lifetime' => 60 * 60 * 24,

ownCloud will automatically logout a user after a period of inactivity. The default is 1 day. This parameter can be used to modify that time. Configuration is in seconds.

When I connect to my ownCloud GUI when away from home I get the login screen as normal but then during the login I keep getting redirected to my ownCloud jail IP 192.168.1.50 and I have to reload my ownCloud server address to get in to the ownCloud user screen. It's annoying. So while in the config.php file I noticed

Code:

array (                                                               
    0 => '192.168.1.50',

I'm not sure if I should have changed this to my server IP: port but it worked. I no longer get redirected to the jail port when logging in. I changed it to:

Code:

array (                                                               
    0 => 'serverIP:port',

 

[Nayeem]

So I’ve been having some trouble installing owncloud as you can see from my earlier posts. I think I may have figured out why I can’t access owncloud on the ip address it’s set on. I checked my router and it looks like my FreeNAS server and the jail for owncloud are using the SAME MAC address.

I’ve tested this theory by removing the jail and reinstalling it back under a variety of ip address and each jail uses showing the same MAC address. So I guess I have to figure out a way to get the standard jail to use a different MAC address than that of the NAS-Server.

Any suggestions on how can I accomplish this or perhaps you have another suggestion??