DrKK's Definitive Guide to Installing OwnCloud in FreeNAS (or FreeBSD)

[1RoH]

Firstly Doc i thank you for such a brilliant guide! its really informative which i like and i enjoyed every minute of it, im most of the time i like to find things out on my own, but im learning too many things at once and sometimes it driving me nuts. so anyway i got my owncloud setup with SSL quick and easy by following your guide. I also love security, i have a DD-WRT on NETGEAR R7000 with PIA( vpn service set on it), next is to configure a Sophos UTM Home Edition Firewall. I want my family to access my owncloud, So afterwards as you suggested is to get owncloud 6, which i will be working on today, once im done with seting everthing up just disable root/psswd and then disable sshd? Just wanted your opinion (another set of eyes can be great) or maybe you can give me some advise as well, Thank you again, im going to look for more tutorial if you have any :cheers: :D

 

[DrKK]

I have three video tutorials on youtube. (Including the video version of this guide)

https://www.youtube.com/channel/UCzlRtspwsEZ0MbgniLMfG7g/videos

Owncloud is now on version 7 I believe.

 

[1RoH]

Thanks bud! i appriciate that

 

[Deleted member 37853]

I have https configured. If I go to my ip address locally I get a warning that my certificate is not good, but I can continue.
Which port do i have to open on my router to connect to my Owncloud from the outside (WAN)? I have https so I thought of port 443. But if I try to connect with my phone for example (with the owncloud app) I got an error.
I have https://<MY WAN IP> and than I use my username and password to try to connect. But I still get a unknown error in the Owncloud app..

 

[FlyingPersian]

Hi
I'm getting this error since the last update:

Code:

PHP-Modul XMLWriter not installed

I've googled a bit and so far this is my only rather disappointing result. Can I add the module without messing up the entire install?

 

[Deleted member 37853]

After I connect to my NAS, I get the following:
After I add the domain to the trusted I get the following error: This page cannot be displayed.

Can anyone help me? I even can't connect with the Owncloud Android app..

Thx

Ronald

 

[marian78]

Hi, i dont know if this is right place for my problem. I installed owncloud v7.0.3 (and laters) with this guide on Freenas 9.2.1.9 x64 (on more "servers") jail. But have same problem on all client PCs. If i use owncloud client program on windows, some file are not synch because "no-etag". I use google and dont find any solutions. Have you same problem? If yes, how solve this?

 

[sandvaer]

Hi, i dont know if this is right place for my problem. I installed owncloud v7.0.3 (and laters) with this guide on Freenas 9.2.1.9 x64 (on more "servers") jail. But have same problem on all client PCs. If i use owncloud client program on windows, some file are not synch because "no-etag". I use google and dont find any solutions. Have you same problem? If yes, how solve this?

Hi, did you solve this problem? I also got this problem.

 

[marian78]

no i dont solve. I find on internet that it is because is use gzip compression. Try to disable but no work. Now i test another cloud called pydio.

 

[pix]

DrKK. I replied before in thank you for this guide. I actually used it to setup both owncloud and DokuWIKI in two separate jails. I think though that I might try and consolidate all the jails I have running different plugins into on jail using your guide.

 

[Chrisakien]

Hello DrKK,
sometime ago I asked a question in this forum about freenas handling over 20 or 30,000 people.... Man I got kicked out right fast by one the site moderator calling me "crazy"...
Well, I'm a little bit confused here with your solution to install Owncloud in freenas using jail feature. My problem is this:
Can your solution be used in a production environment when Owncloud is well known to be able to scale up to over 35K users (https://forum.owncloud.org/viewtopic.php?f=23&t=11272) versus freenas which is not designed to handle that much users (ref. my post where I was called crazy by moderator) ?
Regards,
Chris.....
Happy New Year to everybody....

 

[Obara]

DrKK,

I really found your guide and the subsequent YouTube video to be an excellent How-To for setting up a jail with FreeNas.

With FreeNas 9.3 there are some changes to the jail templates provided to the user. The standard jail that gets downloaded from the FreeNas site has quite a bit more packages installed than your video. For example, the Apache Portability Library, Perl and Subversion all come pre-installed with the template jail. In your YouTube video you talked about using as few resources as possible so FreeNas could preform it functions better. So I'm wondering if you would take the time to remove all of the packages that come with the new template jails or if it matters? If you would leave the existing packages alone is the lighttpd going to conflict with the pre-installed Apache Library?

Thanks for your time.

 

[randomAdam]

DrKK thanks for the great tutorial; between this and your vid on youtube I have a working instance of OwnCloud. I have applied the fix to lighttpd suggested to get around the security hole. Now I want to access my server from the net.

I thought maybe port forwarding wasn't working but I have setup SSH access; so I can login from work which is great but no matter which ports I forward I can't seem to get access to OwnCloud. I have tried forwarding ports 80; 443 and 8080 to various external ports in the 10000 or 60000 range. No joy; is there something I am missing with lighttpd? looking in the various .conf files it looks like I really only need to forward ports 80 and 443.

Any help would be appreciated.

 

[DrKK]

DrKK thanks for the great tutorial; between this and your vid on youtube I have a working instance of OwnCloud. I have applied the fix to lighttpd suggested to get around the security hole. Now I want to access my server from the net.

I thought maybe port forwarding wasn't working but I have setup SSH access; so I can login from work which is great but no matter which ports I forward I can't seem to get access to OwnCloud. I have tried forwarding ports 80; 443 and 8080 to various external ports in the 10000 or 60000 range. No joy; is there something I am missing with lighttpd? looking in the various .conf files it looks like I really only need to forward ports 80 and 443.

Any help would be appreciated.

SSH connections daemons do not generally come out of the box with port forwarding turned on. Make sure it's on. If you're using the FreeNAS appliance itself, there's a checkbox right in the SERVICES->SSH screen. If you are ssh'ing into the *JAIL* itself, then you'll want to make sure the line:

Code:

AllowTcpForwarding yes

is in your /etc/ssh/sshd_config file. If that's done, you should be fine (I just checked on my own, and it was fine). The procedure is this:
1) Log into your ssh server with the tcp port forwarding available, FROM A CLIENT THAT SUPPORTS SSH TUNNELING, and this is turned on (I recommend Bitvise).
1a) This will open a port (generally 1080) which is intercepted by your ssh client software, and proxies through the ssh tunnel.
2) Verify that it works by setting your web browser to use that proxy (I recommend FoxyProxy if you're in Firefox to make the settings easy to find/set), and going to any web page. It should proxy.
3) Now, if you're actually using the OwnCloud client program on a (say Windows) desktop/laptop, you will want to open the network settings, and set the proxy.

This should work, sir. You must be missing a step.

 

[wr00]

Just wanted to say thanks for the guide. I followed the YouTube video (including the SSL documentation here) and everything went seamlessly on 9.3 nightly.

Coming from a vast background in programming and development, I am just now getting into FreeNAS and networking as a whole. Everything was explained flawlessly.

 

[DrKK]

Just wanted to say thanks for the guide. I followed the YouTube video (including the SSL documentation here) and everything went seamlessly on 9.3 nightly.

Coming from a vast background in programming and development, I am just now getting into FreeNAS and networking as a whole. Everything was explained flawlessly.

Glad to hear it sir; that video and this guide are far more popular than I anticipated they would have been.

 

[wr00]

Glad to hear it sir; that video and this guide are far more popular than I anticipated they would have been.

Just the fact that it is a video makes it great, as people tend to be lazy about reading, however, it is extremely well put-together and offers direction outside of the scope of the basis.

 

[DrKK]

Just the fact that it is a video makes it great, as people tend to be lazy about reading, however, it is extremely well put-together and offers direction outside of the scope of the basis.

That's just my personal philosophy coming through. How-to guides that say click this, type this, click that, do this, do that, without giving any clue as to what the hell is going on? That's the "Rosetta Stone" method. It'll let you ask someone how they're doing, and you might even be able to order a sandwich at the FreeNAS buffet. But you won't be any better off understanding what's going on, and you certainly won't have the ability to be the architect of anything meaningful that you might conceive on your own, no matter how small.

We're using a high-quality FreeBSD appliance here. If you wanted to just click buttons and have a NAS, you would have bought one a Synology or one of Western Digital's monstrous quasi-NAS's. So my thinking, then, is that people are using the product in the first place because they have more engagement with the product itself (and the underlying OS), not just what it does for them.

While we're at it, I have three videos on there as of today. In addition to the owncloud, there's a Murmur/Mumble video, and a DNS video. The DNS video, in particular, is extremely extremely instructive about something that most people find sort of interesting. You might give it a shot. Search for "DrKK DNS".

 

[calgarychris]

First off DrKK, as so many have said, thank you very much for the guide and video. I really appreciate the instructional nature of the video (and the words "stream of consciousness"!). Very easy to follow, and I've watched the video twice now

I was wondering if I might ask a couple of quick questions:

1. In the very initial stages you untick VIMAGE - I am relatively inexperienced, but I found this prevented me from getting fail2ban working. The instructions I read on that seemed to require it...have you had similar experiences? Not sure what the impact is. I found I could ban IP addresses on the LAN side, but was unable to access OC from the WAN side at all

2. Any thoughts on PHP cache (php-apc)? I previously installed OC on a Raspberry Pi and it certainly helps, but to your point on system resources...Anyone out there used it and does it take a lot of resources?

3. I had an unexpected result - when I specified www as a hostname in my A record, I lost access to my email. Taking that out seems to have resolved the issue and now I can access OC at domainname.com and emails at chris@domainname.com - I'm really lost when it comes to specifying this stuff, I've tried googling, but to no avail.

4. I've made your suggestion on page 1 of the tutorial to use the mod_access module, I've installed and tested fail2ban, and have set SSL only are there any other suggestions as to common loopholes to plug in terms of security before opening this up to the interwebs? My goal is very light file sync usage and calendar and contacts, so I'm not super worried, but always a little concerned....

5. I used the Virtual Host below in Apache playing around on my RasPi (thank you to Sam Hobbs), in order to block people from entering the ip address directly, as it is unlikely that someone goes to your site via the ip address vs. the domain name, is something similar possible with Lighttpd?

Code:

<VirtualHost *:80>
        ServerName default.only
        <Location />
                Order allow,deny
                Deny from all
        </Location>

        ErrorLog ${APACHE_LOG_DIR}/spam/error.log
        LogLevel warn
        CustomLog ${APACHE_LOG_DIR}/spam/access.log combined

</VirtualHost>

Edit: Just discovering your video on dns - maybe this will answer question #3!

Thanks again for a great guide!

Cheers
Chris

 

[DrKK]

1. In the very initial stages you untick VIMAGE - I am relatively inexperienced, but I found this prevented me from getting fail2ban working. The instructions I read on that seemed to require it...have you had similar experiences? Not sure what the impact is. I found I could ban IP addresses on the LAN side, but was unable to access OC from the WAN side at all

First of all, I *deliberately* avoided discussing security issues, for a number of reasons. I'm not going to start discussing them in depth now. Security is something you have to do your own research on. But I will give brief answers to most of what you ask:

When you click VIMAGE, you get a whole, separate, virtualized network stack for the jail. This is normally not necessary. But if you're going to do things like fail2ban or fancy DHCP things, you'll need VIMAGE.

2. Any thoughts on PHP cache (php-apc)? I previously installed OC on a Raspberry Pi and it certainly helps, but to your point on system resources...Anyone out there used it and does it take a lot of resources?


No thoughts. Put it in, see how many resources it takes, and report back.

3. I had an unexpected result - when I specified www as a hostname in my A record, I lost access to my email. Taking that out seems to have resolved the issue and now I can access OC at domainname.com and emails at chris@domainname.com - I'm really lost when it comes to specifying this stuff, I've tried googling, but to no avail.

I feel like if I understood your question, I could answer it. But I don't understand what you're trying to say.

4. I've made your suggestion on page 1 of the tutorial to use the mod_access module, I've installed and tested fail2ban, and have set SSL only are there any other suggestions as to common loopholes to plug in terms of security before opening this up to the interwebs? My goal is very light file sync usage and calendar and contacts, so I'm not super worried, but always a little concerned....


Look, your strategy appears to be to "expose your OwnCloud interface to the internet". Then you want to make that as safe as possible. In some sense, that's like having unprotected sex with a prostitute, and asking which position is least likely to result in the transfer of veneral disease. That's not the strategy I recommend. I recommend setting up some kind of tunnel/virtual network, which is designed to be secure, and then using that to access OwnCloud.


Edit: Just discovering your video on dns - maybe this will answer question #3!

I actually think that's my best video; but it is the least popular.