Yes, it works on my install.
Did you..
Code:
pkg install libreoffice
- install owncloud's "Documents" app
- enable MS Word support in owncloud's admin menu (optional)
- enable previews for chosen file types
Got it.
I've been testing and researching things now for a while and as a result
I would like to point out the fact that one should only run such a setup if security of data, stored & transferred by that OwnCloud instance, has no meaning for owner. Or in case it is not exposed to the Internet and the chances of unauthorised access are minimal (pretty much LAN or OpenVPN...).
Because reasons:
1) Current built of FreeNAS 9.3 has OpenSSL 0.9.8, which is year old and doesn't support TLS 1.2 (the only cryptographic protocol that is not yet deprecated, the one you would want to use in a modern browser via https connection in a normal situation). And the only way to update the lib is compiling from ports.. maybe.. sort of.. I had no success, nor desire, and, on the other hand, even FreeBSD man pages say no guarantee it would be rock solid.
Anyway, pain in the butt is guaranteed. Correct me if I'm wrong.
There happens a lot during a year period in encryption sphere and hosting cloud storage service you would really want to be on a cutting edge. So, that leads to my next point:
2) Jail system itself in a current state is not so suitable for real world applications. And it would be hard to maintain such environment.
There is no mechanism for updating Jails in FreeNAS. It's just a tarball that gets extracted when the jail type is first created, and then it's also used as a template for all additional jails of the same type. You should not expose your jails to the internet, to say nothing of the FreeNAS box itself, without additional firewall controls in place. SSL and Certificates won't save you from the types of attacks people mount against Unix systems of all types - they look for services listening on open ports and then try to compromise those services by fuzzing their inputs and otherwise causing them to behave in ways unintended by the designers and then exploit that unexpected behavior, if possible.
Why is there no mechanism for updating jails? Because Jails were designed in a very simplistic fashion and "lifecycle management" was never part of the original design. Jails are not comprised of packages, so garbage-collecting old things won't work and you're also not able to upgrade in a controlled fashion, which is very important. Just splatting a new tarball on top of the old one wouldn't work: It would cause things to just accumulate, possibly in highly unpredictable and security-compromising ways, since nothing could ever be deleted. No migration or upgrade scripts could be run, either, since extracting a tarball won't cause that to happen, so things could be broken as a consequence.
That is all part of Package Management, which is how jails should be created in the future (as a collection of packages, just as FreeNAS is). That's a lot of work and a complete redesign of the current system, however, so it's not going to happen for 9.3. It's one of the goals for FreeNAS 10, along with the ability to run full-fledged VMs (using bhyve) instead of jails. For now, the best thing you can do is leave your jails alone once created, since if you don't know what you're doing at the CLI, you're only likely to break them (just like doing surgery on a person without any actual surgical or medical training). If you *have* the equivalent of medical training, of course, then Go For It since you know how to update individual components selectively and to audit the process carefully.
Here is a good resource on a security side of data transfers, which has SSL test to give an idea about your state:
https://www.ssllabs.com/ssltest
And security grade in that test for such setup is capped to 'C'.. For a comparison, DropBox has A+, as it should.
Slightly better would be to delegate SSL function, eg. to pfSense as Joshua actually did (right now it has openssl 1.0.1l, plus since it's already updated to FreeBSD 10.1, maybe HAProxy has it's own version built in and overall it's a freaking firewall meant to deal with such things). But still OwnCloud in a jail just asks for trouble.
I personally decided it's better to support industry practice to separate file and web servers even in a home environment. So I went crazy with a separate Proxmox machine with Ubuntu 14.04 in OpenVZ container as an OS for a similar setup. Ubuntu at least for now, while I still get used to linux/unix. So far I was amazed how stable it is connected via NFS to FreeNAS (even constantly rebooting NAS after another 'update train', system has no problem watsoever to hook up back when it's live again).
Btw, a question to Josh about recommendations on NFS shares' permissions for ownCloud. Right now I'm restricting them to a Proxmox box IP and use 'Mapall User/Group' feature set to nobody/nobody on files dataset and mysql/mysql on database (ID 110/106 according to Ubuntu's). Generally I would be very happy to read about any details on your actual setup.
Repeating the test I managed to get things right this time (not 100% due to my compatibility requirements):
Although my room now seems like a tiny data center having 4 platforms, overall I'm glad I went this way..
Also, here is a good
trick for those who want both OpenVPN and a web server on port 443 to access it from behind the strict NAT is to use OpenVPN ability to decipher traffic and act as proxy for TCP applications:
Code:
port-share <internal IP> 443
It seems to slow down the communication a bit (at least on Celeron), but still sufficient enough for a 'cloud'.
Right now, I'm in a process of making some documentation on my setup just in case; experimenting with
Markdown language for it, so here, if someone would find it helpful, complete version of original how-to (which is great anyway, really helped me to get into) stylized with it:
https://gist.github.com/ (note "Raw" button)
End of damn tin foil hat rant.