[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[Chakalov]

Wrong port because of my custom port setup. It brings me back to 80 instead of 8099

 

[Joshua Parker Ruehlig]

Wrong port because of my custom port setup. It brings me back to 80 instead of 8099

so do you always access owncloud from http://mydomain.net:8099/owncloud/ (and never locally on port 80?)

Maybe try this in /usr/local/etc/nginx/fastcgi_params

Code:

fastcgi_param   SERVER_PORT   8099;

 

[Chakalov]

Yes, that's correct, sir.

Unfortunately that fastcgi_param didn't do the trick but actually it's just so tiny glitch that I'm not sure if it's worth tying to fix it. I'm not sure if it's fixable at all since we always will have two situations: when reached locally and when not!?

Thank you all!

 

[Joshua Parker Ruehlig]

Yes, that's correct, sir.

Unfortunately that fastcgi_param didn't do the trick but actually it's just so tiny glitch that I'm not sure if it's worth tying to fix it. I'm not sure if it's fixable at all since we always will have two situations: when reached locally and when not!?

Thank you all!

It is possible to get it working perfectly, but I don't know enough to figure it out.

I always connect to my owncloud with https://www.domain.com/owncloud, even locally, so you could do that. I had to set that parameter to tell nginx/PHP that my hosting is actually on port 443 becuase I'm proxing the SSL with HAProxy before it gets to NGINX.

 

[Chakalov]

I messed up badly with my OC Jail and I had to set it up again from scratch. The thing is that despite I've done everything exactly as I did before the server seems to work really slow. When it comes to discover each directory it takes quite some time before changing to the next one... and I have about 30k files in like 4.5k folders.... I definitely worked faster before, but I have no idea what might have changed. Could anyone help me debug this issue?

 

[Joshua Parker Ruehlig]

I messed up badly with my OC Jail and I had to set it up again from scratch. The thing is that despite I've done everything exactly as I did before the server seems to work really slow. When it comes to discover each directory it takes quite some time before changing to the next one... and I have about 30k files in like 4.5k folders.... I definitely worked faster before, but I have no idea what might have changed. Could anyone help me debug this issue?

I suggest you try to quantify the slowness somehow, I think there may be benchmarking tools somewhere. also you might be better off asking this in the OC forum.

 

[Chakalov]

I was about to come here in 2-3 days after some more testing but I think I can already share some thoughts.

I've done a complete new installation. Deleted the DB dataset and the Jail itself as well. I was thinking that it's all about some database tweaking and so I was constantly digging the web for some info how could I optimise things. I came across some ideas like:
- Owncloud Performance optimieren
- Mysql Database Performance tuning and Optimize Mysql Database response time
- Setting up the Query Cache

At the end I've set some query cache using the my.cnf settings described in the second link above. Cache is always good, right? You just can't go wrong with it ;) Well, I so far it all seems to work like a charm - "discovering" about 32k small files (in about 4.5k folders) takes like 5 minutes instead of 1 hour. Uploading 18gb of those files (via 50Gbit LAN remote connection) took under 2 hours which I think is quite well. It definitely wasn't working that fast before!

I suppose all this is totally unnecessary for people with smaller amount of files but if it's really working like I think it is then it might be a clue for others who are looking for optimization. In the coming week I'll let you know how my OC really performs under real life testing where 5 people are daily syncing with all those files.

 

[Krowvin]

BONUS: Updating Owncloud

Everyone likes bonuses right? Buy-one-get-one-free and the like? So here's how I updated my Owncloud from 6.0.1 to 6.0.2. You'll know if Owncloud is out of date because you'll go to your Owncloud Server's webpage and see a warning at the top that it's not the latest and greatest.

NOTE: I'd verify that SSL above works before doing an update. You don't want to do an SSL and update at the same time in case you have problems. Better to change 1 thing at a time so if something goes wrong you have fewer things that can/could go wrong.

Since I'll be installing 6.0.2 the file location is http://download.owncloud.org/community/owncloud-6.0.2.tar.bz2 You can either change the file name yourself or go to owncloud.org and find the link yourself. I went to owncloud.org just to make sure that the link was correct.

Inside the jail as root run the following commands:

# service nginx stop
# cd /tmp
# fetch http://download.owncloud.org/community/owncloud-6.0.2.tar.bz2
# tar jxvf owncloud-*.tar.bz2 -C /usr/local/www
# rm owncloud-*.tar.bz2
# chown -R www:www /usr/local/www/owncloud
# service nginx start

That's it! If you go to http(s)://ip/owncloud there will be a page that says it's updating and to please wait, but within about 10 seconds it refreshed and Owncloud was back online for me.

If you've been reading my posts elsewhere the PBI version sucked because the performance was just horrid with a large number of small files. Throughput was great for large files though. Something like 8000 files totalling 4.6GB took over 16 hours to upload(I stopped counting at 16 hours). With 6.0.2 and using NGINX, PHP-FPM, and MySQL(MariaDB) I was able to sync 8173 files totalling 5.3GB in less than 40 minutes on the same hardware! That's over 18x faster!

Thanks to Joshua for starting this thread with his guide!

For whatever reason I couldn't get ownCloud to update to 8.0.3 using the updater. I used the manual method @cyberjock had outlined on page 3 of this post, i was hesitant at first because my understanding of SQL/PHP is VERY limited.

I used his commands as listed in order with one expection, I replaced jock's fetch command with:

Code:

 fetch http://download.owncloud.org/community/owncloud-8.0.3.tar.bz2

Thanks again for everyone's effort put in the forums.

 

[Sean Coston]

For whatever reason I couldn't get ownCloud to update to 8.0.3 using the updater. I used the manual method @cyberjock had outlined on page 3 of this post, i was hesitant at first because my understanding of SQL/PHP is VERY limited.

I used his commands as listed in order with one expection, I replaced jock's fetch command with:

Code:

 fetch http://download.owncloud.org/community/owncloud-8.0.3.tar.bz2

Thanks again for everyone's effort put in the forums.

Hi, I thought I would explain my experience. I have 7.0.5 running very nicely, with ssl and a self signed cert. Thanks to all the dedicated members of this forum. My initial install was 6.x, and all upgrades went swimmingly until 8.0. There are several posts in this thread that explain several issues people are having, and a page or two back -- a link to an ownCloud forum that talks about known upgrade issues.

For me, I've tried upgrading with 8.0 and then with every point version to 8.0.3. I've tried going straight to 8.0.3. I've tried creating a brand new jail and following Josh's guide to install 8.0.3. With all attempts, I get the "blank browser screen." Interestingly, the ownCloud sync client on my laptop seemed to work just fine...I just couldn't access the web guide for my server. I decided to revert back to 7.0.5. I had a backup, but didn't need it -- it seems just using cyberjock's upgrade instructions to reinstall the older version over the newer one worked (for me).

It seems that enough has been changed with 8.x, that an easy upgrade may not be possible for some people's setup. Some users have declared that they have successfully migrated to 8, so it is likely a combination of things. I plan to try again sometime, but for now am happy with what seems to be a fully functional 7.0.5. My only fear is that at some point the desktop client won't work with 7.x.

I have a Lenovo TS-140 with i3-4130 dual core, 20 GB ram, FreeNAS 9.3.
I'll post my experience if I ever do get oc 8.0.x running properly in a jail with this guide. The plugin version of ownCloud is unbearably slow...

Sean

 

[Joshua Parker Ruehlig]

Hi, I thought I would explain my experience. I have 7.0.5 running very nicely, with ssl and a self signed cert. Thanks to all the dedicated members of this forum. My initial install was 6.x, and all upgrades went swimmingly until 8.0. There are several posts in this thread that explain several issues people are having, and a page or two back -- a link to an ownCloud forum that talks about known upgrade issues.

For me, I've tried upgrading with 8.0 and then with every point version to 8.0.3. I've tried going straight to 8.0.3. I've tried creating a brand new jail and following Josh's guide to install 8.0.3. With all attempts, I get the "blank browser screen." Interestingly, the ownCloud sync client on my laptop seemed to work just fine...I just couldn't access the web guide for my server. I decided to revert back to 7.0.5. I had a backup, but didn't need it -- it seems just using cyberjock's upgrade instructions to reinstall the older version over the newer one worked (for me).

It seems that enough has been changed with 8.x, that an easy upgrade may not be possible for some people's setup. Some users have declared that they have successfully migrated to 8, so it is likely a combination of things. I plan to try again sometime, but for now am happy with what seems to be a fully functional 7.0.5. My only fear is that at some point the desktop client won't work with 7.x.

I have a Lenovo TS-140 with i3-4130 dual core, 20 GB ram, FreeNAS 9.3.
I'll post my experience if I ever do get oc 8.0.x running properly in a jail with this guide. The plugin version of ownCloud is unbearably slow...

Sean

Not much need to be changed. Just make sure to remove this line until owncloud 8.0.4 or 8.1 is released.

Code:

fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;

If you have trouble upgrading from the browser (like I did because my family has 100's of GB of encrypted files) doing it with the occ command line tool may help.

Code:

php /usr/local/www/owncloud/occ upgrade

 

[Sean Coston]

So, I tried upgrading again and finally irreversibly trashed my owncloud jail. That's the bad news. The good news... I was able to install 8.0.2 into a new jail with new database and data folders. Previously, I had been trying to upgrade on top of the old db, and it didn't work. Then I just pulled my backed up data into the new dataset.

Hopefully upgrading to 8.0.3 will go smoother.

SDC

 

[Joshua Parker Ruehlig]

So, I tried upgrading again and finally irreversibly trashed my owncloud jail. That's the bad news. The good news... I was able to install 8.0.2 into a new jail with new database and data folders. Previously, I had been trying to upgrade on top of the old db, and it didn't work. Then I just pulled my backed up data into the new dataset.

Hopefully upgrading to 8.0.3 will go smoother.

SDC

why did you fresh install 8.0.2 instead of 8.0.3?
also you should be able to update through the "Update Center" on the Admin page. that usually works for me.

 

[Sean Coston]

That's s good question.

I'm a glutton for punishment, I guess.

Thank you Joshua, for all your help.

SDC

 

[byron]

Sure, my setup might be a bit different then yours so modify for you own use case. Also you can thank PiBa from the pfsense forums who added a bunch of features to the HAProxy-devel plugin at my request.

NETWORK LAYOUT
HAProxy

• Accepts HTTPS Requests, overwrites client_ip and protocol header
• Offloads SSL (for multiple domains), decides which cert to send using SNI
• Forwards to Varnish

Varnish (Optional, really only useful for the public websites I host)

• Accepts HTTP Requests, if not forwarded from HAProxy overwrites client_ip and protocol header
• Caches static objects
• Forwards to different backends depending on requested URI / host health (I have a dedicated FreeBSD webserver for ownCloud and other PHP programs, a static backup running on my pfSense box for public websites I host, and plugins on my FreeNAS box )

NGINX (On my FreeBSD server, in your case FreeNAS)

• sets real_IP
• sets https variable based on protocol header

NOTES THAT MAY LEAD YOU IN THE RIGHT DIRECTION

• Changed pfSense WebUI to listen on 444
• I have HAProxy listening on port 443 WAN, made a rule to open this port, no NAT needed
• HAProxy Frontend
  • check 'use forwardfor option'
  • 'use httpclost option' = http-server-close
  • check 'use offloading'
  • certificate = default certificate, add this in pfsense Cert Manager, uncheck Add ACL for certificate CommonName
  • Additional certificates = add any others, uncheck Add ACL for certificate CommonName
  • Advanced ssl options = no-sslv3 ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA

• Varnish is listening on port 80, made a rule to open this port, no NAT needed
• Varnish (I recommend you skip this part unless you know what you're doing)
  • set settings in pfSense WebUI as close as possible
  • Advanced startup options = "-f /usr/local/etc/varnish/default.vcl"

Code:

cp /var/etc/default.vcl /usr/local/etc/varnish/default.vcl

/usr/local/etc/varnish/default.vcl

Code:

sub vcl_recv {

if (!client.ip ~ haproxy) {
set req.http.X-Forwarded-For = client.ip;
set req.http.X-Forwarded-Proto = "http";
}

# Custom logic to handle different URIs

}

/usr/local/etc/nginx/nginx.conf

Code:

#sendfile on; #this isn't helpful is serving files from ZFS

set_real_ip_from 192.168.1.1;
real_ip_header X-Forwarded-For;
map $http_x_forwarded_proto $server_https {
default off;
https on;
}
map $http_x_forwarded_proto $host_port {
default 80;
https 443;
}

/usr/local/etc/nginx/fastcgi_params

Code:

fastcgi_index    index.php;
fastcgi_param    HTTPS    $server_https;
fastcgi_param    SERVER_NAME    $host;
fastcgi_param    SERVER_PORT    $host_port;

Sure, my setup might be a bit different then yours so modify for you own use case. Also you can thank PiBa from the pfsense forums who added a bunch of features to the HAProxy-devel plugin at my request.

NETWORK LAYOUT
HAProxy

• Accepts HTTPS Requests, overwrites client_ip and protocol header
• Offloads SSL (for multiple domains), decides which cert to send using SNI
• Forwards to Varnish

Varnish (Optional, really only useful for the public websites I host)

• Accepts HTTP Requests, if not forwarded from HAProxy overwrites client_ip and protocol header
• Caches static objects
• Forwards to different backends depending on requested URI / host health (I have a dedicated FreeBSD webserver for ownCloud and other PHP programs, a static backup running on my pfSense box for public websites I host, and plugins on my FreeNAS box )

NGINX (On my FreeBSD server, in your case FreeNAS)

• sets real_IP
• sets https variable based on protocol header

NOTES THAT MAY LEAD YOU IN THE RIGHT DIRECTION

• Changed pfSense WebUI to listen on 444
• I have HAProxy listening on port 443 WAN, made a rule to open this port, no NAT needed
• HAProxy Frontend
  • check 'use forwardfor option'
  • 'use httpclost option' = http-server-close
  • check 'use offloading'
  • certificate = default certificate, add this in pfsense Cert Manager, uncheck Add ACL for certificate CommonName
  • Additional certificates = add any others, uncheck Add ACL for certificate CommonName
  • Advanced ssl options = no-sslv3 ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA

• Varnish is listening on port 80, made a rule to open this port, no NAT needed
• Varnish (I recommend you skip this part unless you know what you're doing)
  • set settings in pfSense WebUI as close as possible
  • Advanced startup options = "-f /usr/local/etc/varnish/default.vcl"

Code:

cp /var/etc/default.vcl /usr/local/etc/varnish/default.vcl

/usr/local/etc/varnish/default.vcl

Code:

sub vcl_recv {

if (!client.ip ~ haproxy) {
set req.http.X-Forwarded-For = client.ip;
set req.http.X-Forwarded-Proto = "http";
}

# Custom logic to handle different URIs

}

/usr/local/etc/nginx/nginx.conf

Code:

#sendfile on; #this isn't helpful is serving files from ZFS

set_real_ip_from 192.168.1.1;
real_ip_header X-Forwarded-For;
map $http_x_forwarded_proto $server_https {
default off;
https on;
}
map $http_x_forwarded_proto $host_port {
default 80;
https 443;
}

/usr/local/etc/nginx/fastcgi_params

Code:

fastcgi_index    index.php;
fastcgi_param    HTTPS    $server_https;
fastcgi_param    SERVER_NAME    $host;
fastcgi_param    SERVER_PORT    $host_port;

Hi, I've been reading/following this thread as I have been working through this setup. I was able to get owncloud running serving http/https no problem. I also have pfsense and initially configured squid3 as a reverse proxy which worked fine for all other apps https or http I have on my freenas box...but not Owncloud. Is there some special code that must be in the nginx.conf file to allow reverse proxy to work? Or does this lie in the config.php like so many articles on the web discuss? As seen in the attached pict, it appears there are some major problems servicing files through the reverse proxy.

For now I have given up on Squid3 unless you have some insight and i'm trying to get haproxy to work...so far no luck but I have not lost hope. Thanks in advance for any suggestions.

 

[Joshua Parker Ruehlig]

Hi, I've been reading/following this thread as I have been working through this setup. I was able to get owncloud running serving http/https no problem. I also have pfsense and initially configured squid3 as a reverse proxy which worked fine for all other apps https or http I have on my freenas box...but not Owncloud. Is there some special code that must be in the nginx.conf file to allow reverse proxy to work? Or does this lie in the config.php like so many articles on the web discuss? As seen in the attached pict, it appears there are some major problems servicing files through the reverse proxy.

For now I have given up on Squid3 unless you have some insight and i'm trying to get haproxy to work...so far no luck but I have not lost hope. Thanks in advance for any suggestions.

I don't have any experience using squid as a reverse proxy. Varnish is much simpler and more performant for that task. Any reason you want to use squid?

 

[byron]

I don't have any experience using squid as a reverse proxy. Varnish is much simpler and more performant for that task. Any reason you want to use squid?

Not anymore. I just got haproxy working, i like it very much so feel free to ignore my question. I had to turn the health checker on HAProxy to none then it started working. Just wanted SOMETHING to work for me. But i'm good now, thanks.

 

[Joshua Parker Ruehlig]

Not anymore. I just got haproxy working, i like it very much so feel free to ignore my question. I had to turn the health checker on HAProxy to none then it started working. Just wanted SOMETHING to work for me. But i'm good now, thanks.

Nice, glad you got it working. I actually use both HAProxy and Varnish in my setup. But, Varnish doesn't do much for owncloud as most everything has a cookie and wouldn't be cached. But forsure, HAProxy is great for SSL.

 

[InQuize]

Code:

root@owncloud:/ # service nginx start && service php-fpm start && service mysql-server start                                      
Performing sanity check on nginx configuration:                                                                                   
nginx: [emerg] location "^/owncloud/(?:\.|data|config|db_structure\.xml|README)" is outside location "/owncloud" in /usr/local/etc/nginx/nginx.conf:22
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed                                                             
Starting nginx.                                                                                                                   
nginx: [emerg] location "^/owncloud/(?:\.|data|config|db_structure\.xml|README)" is outside location "/owncloud" in /usr/local/etc/nginx/nginx.conf:22
/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx                                                                          

I just replaced all the content of nginx.conf with yours, because of luck of experience with regexp and nginx itself, and got lines above. This is 3rd jail so far.. Could you point me the right direction, because the error seems too general for me.
Btw, is it ok to exec all the comands in FreeNAS CLI or should I use any instance of SSH?
Also, following your man, I found no /var/db/mysql/my.cnf existing, so the question is should I worry about any unix permissions creating it?

 

[Joshua Parker Ruehlig]

Code:

root@owncloud:/ # service nginx start && service php-fpm start && service mysql-server start                                      
Performing sanity check on nginx configuration:                                                                                   
nginx: [emerg] location "^/owncloud/(?:\.|data|config|db_structure\.xml|README)" is outside location "/owncloud" in /usr/local/etc/nginx/nginx.conf:22
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed                                                             
Starting nginx.                                                                                                                   
nginx: [emerg] location "^/owncloud/(?:\.|data|config|db_structure\.xml|README)" is outside location "/owncloud" in /usr/local/etc/nginx/nginx.conf:22
/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx                                                                          

I just replaced all the content of nginx.conf with yours, because of luck of experience with regexp and nginx itself, and got lines above. This is 3rd jail so far.. Could you point me the right direction, because the error seems too general for me.
Btw, is it ok to exec all the comands in FreeNAS CLI or should I use any instance of SSH?
Also, following your man, I found no /var/db/mysql/my.cnf existing, so the question is should I worry about any unix permissions creating it?

you aren't supposed to replace the whole nginx.conf, just modify a few lines at the beginning, then replace the whole server block.

it's up to you, I always use ssh.

for that file don't worry about permissions. mysql just reads it, so by default creating it should work.

 

[InQuize]

you aren't supposed to replace the whole nginx.conf, just modify a few lines at the beginning, then replace the whole server block.

I replaced it because most of the content was either similar to yours or commented anyway.
NVM.. Pasting code via CLI messed some characters. Recreating conf carefully using SSH fixed everything, so your code is still up to date. And I got up and running.

You could mount /mnt/tank/files to default owncloud path ( /usr/local/www/owncloud/data ) instead of /mnt/files. Feels like unnecessary step to create /mnt/files middle-point

Now I'm wondering if there is a way to make nginx use SSL certificates created in FreeNAS > System > CAs & Certificates? Avoiding making separate .key and .crt files?