[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[neto_hugo]

https://WANIP for owncloud (port 443)
https://WANIP:446 for FreeNAS WebUI (port 446)

Thanks Joshua!!! It was the problem and it solved now!

 

[Joshua Parker Ruehlig]

Thanks Joshua!!! It was the problem and it solved now!

awesome, glad you got it working!

 

[adrianwi]

After a number of failed attempts (think some of this was related to screwed up jail templates that seems to have resolved itself with a 9.3 upgrade) I've got this running OC 7.0.4 with SSL and can access externally. Everything synced up much quicker and I haven't seen any of the errors I was getting with the rebuilt plugin I'd created.

Still have a couple of minor issues though, that I can't seem to find anything for on the owncloud forums so was hoping someone might have some ideas here

1. the system cron job isn't running, even though I think I'd created it as per the instructions. When I enter crontab -u www -l I get the following, which I think is right?

*/15 * * * * /usr/local/bin/php -f /usr/local/www/owncloud/cron.php

2. I couldn't save the mail settings through the OC webUI, so edited the config.php to include the same settings that worked in the pbi version. These now show as saved in the webUI but I still can't send a test e-mail and it just seems to hang with "Sending..."

I did notice a previous post about mail, but that doesn't appear to have fixed anything.

Thanks

 

[Joshua Parker Ruehlig]

After a number of failed attempts (think some of this was related to screwed up jail templates that seems to have resolved itself with a 9.3 upgrade) I've got this running OC 7.0.4 with SSL and can access externally. Everything synced up much quicker and I haven't seen any of the errors I was getting with the rebuilt plugin I'd created.

Still have a couple of minor issues though, that I can't seem to find anything for on the owncloud forums so was hoping someone might have some ideas here

1. the system cron job isn't running, even though I think I'd created it as per the instructions. When I enter crontab -u www -l I get the following, which I think is right?



2. I couldn't save the mail settings through the OC webUI, so edited the config.php to include the same settings that worked in the pbi version. These now show as saved in the webUI but I still can't send a test e-mail and it just seems to hang with "Sending..."

I did notice a previous post about mail, but that doesn't appear to have fixed anything.

Thanks

1) you can check the owncloud log to see if there is an error about cron. I think by default it's in you data-directory somewhere. /mnt/files
2) There was an issue with SMTP and PHP5.6 but it should be resolved by this post https://forums.freenas.org/index.ph...x-php-fpm-and-mysql.17786/page-13#post-163546
If you can't seem to get settings to change maybe your owncloud source directory got the wrong ownership somehow. The below should fix it.

Code:

chown -R www:www /usr/local/www/owncloud

 

[adrianwi]

Can't see any errors about cron, so have added 'cron_log' => true, into my config.php file to see if that shows anything.

I ran that command but still don't get anything where clicking the test e-mail button. Checked sharing a file link via e-mail, and received an e-mail for that so it would appear to be working.

Ran the chown command just to be on the safe side :)

Everything else looks hunky dory, and file syncing is definitely faster and more robust that with the pbi version. Going to try DrKK's config at some point over the holiday to compare between sqlite and mysql outside of the plugin.

Thanks for the how-to-guide and have a great Christmas...

 

[Joshua Parker Ruehlig]

Can't see any errors about cron, so have added 'cron_log' => true, into my config.php file to see if that shows anything.

I ran that command but still don't get anything where clicking the test e-mail button. Checked sharing a file link via e-mail, and received an e-mail for that so it would appear to be working.

Ran the chown command just to be on the safe side :)

Everything else looks hunky dory, and file syncing is definitely faster and more robust that with the pbi version. Going to try DrKK's config at some point over the holiday to compare between sqlite and mysql outside of the plugin.

Thanks for the how-to-guide and have a great Christmas...

you too. glad it's at least mostly working for you

 

[MuneebMufti]

3. Create your encryption key, cert, etc.

Note: I'm not a security wizard, so I used the same steps from http://www.akadia.com/services/ssh_test_certificate.html. DES3 may or may not be secure. It's up to you to decide what to use or not use since this forum isn't about security certificates and the like.

# cd /usr/local/etc/nginx/
# openssl genrsa -des3 -out server.key 1024 (Generates a private key)
# openssl req -new -key server.key -out server.csr (Generates the Certificate Signing Request. Fill in EVERY field with something or Owncloud's client will not be happy and won't sync. I learned this the hard way)
# cp server.key server.key.org (backs up your key)
# openssl rsa -in server.key.org -out server.key (Removes the passphrase from the key)
# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt (Generates a self-signed Certificate)

Anyone creating SSL certificate for their Owncloud Jail using cyberjocks post from page 3 of this thread. if you want to make SHA256 certificate use the following steps instead of the ones he posted.

# cd /usr/local/etc/nginx/
# openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout server.key -out server.crt (Fill all the fields it asks for)

Using the above steps will create a 10 year self signed SHA256 RSA with Encryption Certificate. Please note that you will have to follow all of his steps mentioned in his post. The command I am posting is only replacing the following commands...

Code:

# openssl genrsa -des3 -out server.key 1024 (Generates a private key)
# openssl req -new -key server.key -out server.csr (Generates the Certificate Signing Request. Fill in EVERY field with something or Owncloud's client will not be happy and won't sync. I learned this the hard way)
# cp server.key server.key.org (backs up your key)
# openssl rsa -in server.key.org -out server.key (Removes the passphrase from the key)
# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt (Generates a self-signed Certificate)

Finally if you want Chrome to show Green Padlock icon to your self signed certificate on your personal machine, follow these steps.

1. Navigate to your owncloud website page URL.
2. Warning Page will come up with Red padlock and a cross over it.
3. Tap on the padlock icon and click certificate information hyperlink.
4. When that opens, go to the details tab and Press the button copy to file and copy the certificate to a location convenient to you.
5. Now go to the place where you saved the certificate and double click on it. on its first open tab you will see the button Install certificate , Press that button
6. Choose your store location according to your needs be it local machine or current user.
7. On next page titled Certificate Store Select the option, Place the certificate in the following store, Click browse and then select Trusted Root Certification Authorities.
8. Now Move to next page click next then finish. afterwards if you get a popup box asking you to confirm placement of certificate in trusted root certification authorities click yes and your DONE.
9. Restart chrome and now navigate to same page and You will see Green padlock and will no longer see warnings about unsafe page.

 

[Seuss]

Hey guys, just wondering if anyone had ever run into this compile error when running "make install clean -C /usr/ports/devel/pecl-APCu". I've been trying to hunt down the issue, but haven't had any success yet. Running FreeNAS 9.2.1.8, error log below:

Code:

/bin/sh /usr/ports/devel/pecl-APCu/work/apcu-4.0.2/libtool --mode=compile cc  -I. -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -DPHP_ATOM_INC -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/include -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/main -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib  -DHAVE_CONFIG_H  -O2 -pipe -I/usr/local/include -fno-strict-aliasing   -c /usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_cache.c -o apc_cache.lo
/bin/sh /usr/ports/devel/pecl-APCu/work/apcu-4.0.2/libtool --mode=compile cc  -I. -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -DPHP_ATOM_INC -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/include -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/main -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib  -DHAVE_CONFIG_H  -O2 -pipe -I/usr/local/include -fno-strict-aliasing   -c /usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_stack.c -o apc_stack.lo
cc -I. -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -DPHP_ATOM_INC -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/include -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/main -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -O2 -pipe -I/usr/local/include -fno-strict-aliasing -c /usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_cache.c  -fPIC -DPIC -o .libs/apc_cache.o
cc -I. -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -DPHP_ATOM_INC -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/include -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/main -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -O2 -pipe -I/usr/local/include -fno-strict-aliasing -c /usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_stack.c  -fPIC -DPIC -o .libs/apc_stack.o
/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_cache.c: In function 'apc_cache_update':
/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_cache.c:1113: error: 'IS_CONSTANT_INDEX' undeclared (first use in this function)
/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_cache.c:1113: error: (Each undeclared identifier is reported only once
/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_cache.c:1113: error: for each function it appears in.)
/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_cache.c:1115: error: 'IS_CONSTANT_ARRAY' undeclared (first use in this function)
/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_cache.c: In function 'my_serialize_object':
/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_cache.c:1236: error: 'IS_CONSTANT_INDEX' undeclared (first use in this function)
/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_cache.c: In function 'my_copy_zval':
/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_cache.c:1469: error: 'IS_CONSTANT_ARRAY' undeclared (first use in this function)
/bin/sh /usr/ports/devel/pecl-APCu/work/apcu-4.0.2/libtool --mode=compile cc  -I. -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -DPHP_ATOM_INC -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/include -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/main -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib  -DHAVE_CONFIG_H  -O2 -pipe -I/usr/local/include -fno-strict-aliasing   -c /usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_rfc1867.c -o apc_rfc1867.lo
*** [apc_cache.lo] Error code 1
cc -I. -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -DPHP_ATOM_INC -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/include -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2/main -I/usr/ports/devel/pecl-APCu/work/apcu-4.0.2 -I/usr/local/include/php -I/usr/local/include/php/main -I/usr/local/include/php/TSRM -I/usr/local/include/php/Zend -I/usr/local/include/php/ext -I/usr/local/include/php/ext/date/lib -DHAVE_CONFIG_H -O2 -pipe -I/usr/local/include -fno-strict-aliasing -c /usr/ports/devel/pecl-APCu/work/apcu-4.0.2/apc_rfc1867.c  -fPIC -DPIC -o .libs/apc_rfc1867.o
1 error
===> Compilation failed unexpectedly.
Try to set MAKE_JOBS_UNSAFE=yes and rebuild before reporting the failure to
the maintainer.
*** [do-build] Error code 1

Stop in /usr/ports/devel/pecl-APCu.

 

[Sean Coston]

Anyone creating SSL certificate for their Owncloud Jail using cyberjocks post from page 3 of this thread. if you want to make SHA256 certificate use the following steps instead of the ones he posted.

# cd /usr/local/etc/nginx/
# openssl req -x509 -nodes -sha256 -days 3650 -newkey rsa:2048 -keyout server.key -out server.crt (Fill all the fields it asks for)

Using the above steps will create a 10 year self signed SHA256 RSA with Encryption Certificate. Please note that you will have to follow all of his steps mentioned in his post. The command I am posting is only replacing the following commands

Code:

# openssl genrsa -des3 -out server.key 1024 (Generates a private key)
# openssl req -new -key server.key -out server.csr (Generates the Certificate Signing Request. Fill in EVERY field with something or Owncloud's client will not be happy and won't sync. I learned this the hard way)
# cp server.key server.key.org (backs up your key)
# openssl rsa -in server.key.org -out server.key (Removes the passphrase from the key)
# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt (Generates a self-signed Certificate)

I had recently tried using an owncloud freeNAS install using lighttpd and DrKK's guide from the Jails How-to section of the forums. This installed OK, but it took 4 hr to upload 5.3 GB of files over my local network using the Windows 7 owncloud client, and there were a ton of file upload errors - mostly "end chunk" errors. The client entered into this endless loop of trying to re-sync 2.5 GB of the files, and was never successful.

Thankfully, DrKK had included a link to this guide, so I figured I'd try this out. Holy Crap. After completing the installation per Joshua's guide and making the SSL changes per cyberjocks and MuneebMufti, I now have owncloud running on a jail protected by SSL and accessible from the WAN or LAN, and it took 22 minutes to upload the same set of data using the client and there were NO upload errors. The client now just sits idle in my taskbox with a beautiful little checkmark over the cloud icon indicating good sync status.

My thanks to Joshua, cyberjocks, and MuneebMufti

Sean

 

[Joshua Parker Ruehlig]

@Seuss I see there is a newer version of APCu available, maybe try "portsnap fetch update". and try making that extension again.

 

[Joshua Parker Ruehlig]

@Sean Coston
Glad it's working for you! I love my ownCloud setup as well. I just setup calendar syncing using CalDav-Sync to my Android phone and it's good knowing I have one less service relying on Google.

 

[MuneebMufti]

I had recently tried using an owncloud freeNAS install using lighttpd and DrKK's guide from the Jails How-to section of the forums. This installed OK, but it took 4 hr to upload 5.3 GB of files over my local network using the Windows 7 owncloud client, and there were a ton of file upload errors - mostly "end chunk" errors. The client entered into this endless loop of trying to re-sync 2.5 GB of the files, and was never successful.

Thankfully, DrKK had included a link to this guide, so I figured I'd try this out. Holy Crap. After completing the installation per Joshua's guide and making the SSL changes per cyberjocks and MuneebMufti, I now have owncloud running on a jail protected by SSL and accessible from the WAN or LAN, and it took 22 minutes to upload the same set of data using the client and there were NO upload errors. The client now just sits idle in my taskbox with a beautiful little checkmark over the cloud icon indicating good sync status.

My thanks to Joshua, cyberjocks, and MuneebMufti

Sean

Your most welcome ....even though my contribution is very tiny compared to the enormous effort put by both Joshua and Cyberjocks. Also I added some additional steps incase you want the warnings about unsafe page and Red Padlock on chrome browser gone.

 

[MuneebMufti]

@Joushua whenever you have spare time..... can you do a small guide on Fail2ban setup for Owncloud. There was a guide written by Rickle made specifically for an owncloud instance created using your guide but its outdated and the steps no longer work with freeNAS 9.3 and Owncloud 7.0.4.

It would be a great help to all of us who have owncloud open to WAN / Internet and need some sort of security against brute force attacks. Thank you

 

[neto_hugo]

Joshua. I was seeing the JAIL 9.3 only has the VirtualBox, Pluginjail and Standard templates. The Virtual in under 9.2 version only.

Would if I install owncloud as Standard rather than Portjail I would have problems?

In time, I downloaded PortJail template 9.2 version (http://download.freenas.org/jails/9.2/x64/) and when I type:

Code:

pkg install nginx mariadb55-server php56-extensions  ...

The OS returns a warning that the jail is under a 32-bit version not a 64-bit and will not continue the installation of packages.

Thanks

 

[Joshua Parker Ruehlig]

Joshua. I was seeing the JAIL 9.3 only has the VirtualBox, Pluginjail and Standard templates. The Virtual in under 9.2 version only.

Would if I install owncloud as Standard rather than Portjail I would have problems?

In time, I downloaded PortJail template 9.2 version (http://download.freenas.org/jails/9.2/x64/) and when I type:

Code:

pkg install nginx mariadb55-server php56-extensions  ...

The OS returns a warning that the jail is under a 32-bit version not a 64-bit and will not continue the installation of packages.

Thanks

Use the standard jail, don't add your own template. I still have to update the guide to reflect the changes in freenas9.3

 

[Krowvin]

Confirmed I have this method of Owncloud up and running on FreeNAS-9.3-STABLE. I used Cyberjock's method for SSH and replacing the steps MuneebMufti mentioned. I did end up using Josh's nginx.conf and just placing the lines into the server block. Here's the attached nginx.conf file if it helps anyone, be sure to remove the .txt extension.

P.S. I should note I had a bit of trouble selecting the port options. I can't for the life of me figure out how to check those boxes even after hours of searching. I have a feeling i'm using the wrong key words. Regardless it's working with the default boxes.

 

[hearts12181]

Thanks for this great guide! I got everything to work, including SSL, but would like to host my owncloud at the root of the jail IP rather than https://jailip/owncloud. I've tried removing mentions of "/owncloud" from Joshua's nginx.conf and have also tried playing with Owncloud's config.php file and neither worked. Could anyone help me make this change? Thanks!

 

[Joshua Parker Ruehlig]

Use this for your /usr/local/etc/nginx/nginx.conf. Then run, "service nginx reload"

Code:

worker_processes 2;

events {
    worker_connections  1024;
}

http {
    include      mime.types;
    default_type  application/octet-stream;
    sendfile        off;
    keepalive_timeout  65;
    gzip off;

    server {
        root /usr/local/www/owncloud;
        location = /robots.txt { allow all; access_log off; log_not_found off; }
        location = /favicon.ico { access_log off; log_not_found off; }
            index index.php;
            try_files $uri $uri/ /index.php$is_args$args;
            client_max_body_size 512M;
            location ~ ^/(?:\.|data|config|db_structure\.xml|README) {
                deny all;
            }
            location ~ \.php(?:$|/) {
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                fastcgi_pass unix:/var/run/php-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                include fastcgi_params;
                fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
            }
            location ~* \.(?:jpg|gif|ico|png|css|js|svg)$ {
                expires 30d; add_header Cache-Control public;
            }
            location ^~ /data {
                internal;
                alias /mnt/files;
            }
    }
}

 

[Jailer]

Can't install it. Make it to this line :

Code:

make install clean -C /usr/ports/devel/pecl-APCu

And it fails with this error:

Code:

===>  Patching for gmake-3.82_1
===>  Applying FreeBSD patches for gmake-3.82_1
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to doc/make.texi.rej
=> Patch patch-doc_make.text failed to apply cleanly.
=> Patch(es) patch-ab applied cleanly.
*** [do-patch] Error code 1

Stop in /usr/ports/devel/gmake.
*** [install] Error code 1

Stop in /usr/ports/devel/gmake.
*** [build-depends] Error code 1

Stop in /usr/ports/devel/autoconf.
*** [build-depends] Error code 1

Stop in /usr/ports/devel/pecl-APCu.

 

[Joshua Parker Ruehlig]

Can't install it. Make it to this line :

Code:

make install clean -C /usr/ports/devel/pecl-APCu

And it fails with this error:

Code:

===>  Patching for gmake-3.82_1
===>  Applying FreeBSD patches for gmake-3.82_1
Ignoring previously applied (or reversed) patch.
1 out of 1 hunks ignored--saving rejects to doc/make.texi.rej
=> Patch patch-doc_make.text failed to apply cleanly.
=> Patch(es) patch-ab applied cleanly.
*** [do-patch] Error code 1

Stop in /usr/ports/devel/gmake.
*** [install] Error code 1

Stop in /usr/ports/devel/gmake.
*** [build-depends] Error code 1

Stop in /usr/ports/devel/autoconf.
*** [build-depends] Error code 1

Stop in /usr/ports/devel/pecl-APCu.

try this to get past the issue

Code:

pkg install autoconf