[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[Joshua Parker Ruehlig]

Segmented using different interfaces or vlans?

Yeah, I respect FreeBSD as host system, it has impressive feature set, and it seems reasonable to use it in such case, but it's just me starting small.. Because of the amount of docs and tips, and mans on Ubuntu, and on the other hand I wanted to use OpenVZ instead of KVM, and it's limited to linux on Proxmox (I still need Win VM for some automation tasks). Maybe I'll change my mind later. Probably.

Actually I already had found your channel during my research, nice demos. Gave me ideas too.
Basically, I feel ok to configure the rest of my infrastructure on my own from this point, it's just a security stand point that bugs me because I have such a little experience with it.

My pfsense is one of the C2558 motherboards with 4 NICs. Each has a subnet and I have a rule blocking traffic between them. My connection (for NFS / backup) from my Webserver to FreeNAS is actually a direct connection as each server has extra ports.

I started with Ubuntu Server too (got comfortable with ubuntu from my desktop). Built a dedicated FreeNAS a few years back when I heard of the benefits of ZFS. Since I did so much with it I became way more comfortable with FreeBSD. So I just switched my webserver, and gameserver (which is actually at my cousins apartment) over when they needed to be updated.

 

[InQuize]

C2558

Oh, yeah, those boards are like too good to be true. I would buy a couple by Supermicro, but our hucksters import server stuff either wholesale for integrators or in a tiny amounts to sell at unreasonably high prices. That's why I'm stuck with Asus board for my FreeNAS, which already drives me crazy..
I'm asking because now I have single LAN interface on my pfSense (cheepo J1900) extended with metal switch, and when I transfer data between local clients switch actually make all the throughput work, and I kinda like it (less fight with overheads). Clearly, it would be harder to maintain such approach separating subnets.

 

[Joshua Parker Ruehlig]

Oh, yeah, those boards are like too good to be true. I would buy a couple by Supermicro, but our hucksters import server stuff either wholesale for integrators or in a tiny amounts to sell at unreasonably high prices. That's why I'm stuck with Asus board for my FreeNAS, which already drives me crazy..
I'm asking because now I have single LAN interface on my pfSense (cheepo J1900) extended with metal switch, and when I transfer data between local clients switch actually make all the throughput work, and I kinda like it (less fight with overheads). Clearly, it would be harder to maintain such approach separating subnets.

I think you could separate the subnets on the switch, VLAN tagging? I don't know anything about fancy switches. I just do all my routing / rules on my pfsense.

 

[InQuize]

Probably, I have only a general idea about VLANs: they are pain (all hardware should support it to work properly - you should have cisco)

 

[Darkk]

I use pfSense 2.2.3 on Asrock motherboard DC power in with AMD Athlon(tm) 5350 APU quad processor with 8 gigs of ram. Overkill for a firewall but I do alot of stuff on it. Also running an Intel Server gigabit 4 port NIC (rebadged by HP) for around $60 off of e-bay. I use the Netgear 8 port smart switch that I got on sale from Newegg for around $60. It's currently priced at $72.

There are wiki info on how to configure VLANs with the above setup on the PfSense website. I haven't tried it since from security standpoint you do not want to VLAN tag the WAN port, ever. It should be on it's own dedicated port into the firewall. LANs, OPT and other ports are ok.

Just noticed OwnCloud released 8.1 yesterday. Anyone tried it yet?

 

[Joshua Parker Ruehlig]

I use pfSense 2.2.3 on Asrock motherboard DC power in with AMD Athlon(tm) 5350 APU quad processor with 8 gigs of ram. Overkill for a firewall but I do alot of stuff on it. Also running an Intel Server gigabit 4 port NIC (rebadged by HP) for around $60 off of e-bay. I use the Netgear 8 port smart switch that I got on sale from Newegg for around $60. It's currently priced at $72.

There are wiki info on how to configure VLANs with the above setup on the PfSense website. I haven't tried it since from security standpoint you do not want to VLAN tag the WAN port, ever. It should be on it's own dedicated port into the firewall. LANs, OPT and other ports are ok.

Just noticed OwnCloud released 8.1 yesterday. Anyone tried it yet?

I usually wait till it's available via the owncloud upgrade mechanism before deploying it on my production setup. hoping its available from there soon

 

[Darkk]

I usually wait till it's available via the owncloud upgrade mechanism before deploying it on my production setup. hoping its available from there soon

Cool. For me it's going to be fresh install. Last time OwnCloud made some changes in version 8 caused some issues with nginx which was fixed in later versions. New features been added and several fixes so looking forward to trying it out.

 

[Joshua Parker Ruehlig]

Cool. For me it's going to be fresh install. Last time OwnCloud made some changes in version 8 caused some issues with nginx which was fixed in later versions. New features been added and several fixes so looking forward to trying it out.

if you're talking about those changes to nginx+xsendfile that caused me a week+ of frustration =\ glad it's fixed now

I'm looking forward to encryption 2.0, not sure the difference but I welcome performance improvements. my system has about 200GB of encrypted files, so the upgrade might take me a while.

 

[InQuize]

Just noticed OwnCloud released 8.1 yesterday. Anyone tried it yet?

Tried briefly. Very buggy. The amount of fatals and errors in log is frightening. Docs don't load.
Don't know if all that would be the case during fresh install, but I wouldn't upgrade for now in production.

 

[Darkk]

Tried briefly. Very buggy. The amount of fatals and errors in log is frightening. Docs don't load.
Don't know if all that would be the case during fresh install, but I wouldn't upgrade for now in production.

Thanks for heads up. I would imagine because so many changes seems make more sense to do fresh install. Won't know till folks try doing that.

During the upgrade did it go through sanity check before doing it?

 

[InQuize]

During the upgrade did it go through sanity check before doing it?

I don't think there was any. As was mentioned, update wasn't yet available through owncloud itself by the time I did, so it was just a simple

Code:

apt-get update && apt-get upgrade

which just rewrites working dir with new version and initial scripts to update database, etc..

I wonder if OwnCloud instances even survive big updates like that without tons of debugging? Any experience from early version till nowadays?

 

[Joshua Parker Ruehlig]

Thanks for heads up. I would imagine because so many changes seems make more sense to do fresh install. Won't know till folks try doing that.

During the upgrade did it go through sanity check before doing it?

you shouldn't have to do a fresh install. I know that's not an option for me, lol

 

[Joshua Parker Ruehlig]

I don't think there was any. As was mentioned, update wasn't yet available through owncloud itself by the time I did, so it was just a simple

Code:

apt-get update && apt-get upgrade

which just rewrites working dir with new version and initial scripts to update database, etc..

I wonder if OwnCloud instances even survive big updates like that without tons of debugging? Any experience from early version till nowadays?

uhh, apt-what? lol, that's irrelevant to anyone who followed this guide.

I have read of some instances that have been upgrading version to version. personally, I started my production install with v7.

 

[Darkk]

you shouldn't have to do a fresh install. I know that's not an option for me, lol

lol. I trashed OC8 when I upgraded it from OC7. I got frustrated with the problems I just deleted it. Figured I'll wait awhile before trying again.

 

[Joshua Parker Ruehlig]

lol. I trashed OC8 when I upgraded it from OC7. I got frustrated with the problems I just deleted it. Figured I'll wait awhile before trying again.

crap, hoping I don't get bit. gonna snapshot right right before cause I can't afford my OC to be down.

 

[InQuize]

uhh, apt-what? lol, that's irrelevant to anyone who followed this guide

Well the question was about new version. New build should really work same on all supported platforms.

 

[Darkk]

Looks like upgrading to 8.1 yield some issues:

https://forum.owncloud.org/viewtopic.php?f=31&t=29102

 

[Darkk]

Ok, I got the OwnCloud jail rebuilt and configured. Got the 8.1 tarball downloaded and ready to extract. Looking around how to create a snapshot of my jail. lol. I'll find it.

EDIT: Found it. lol. Going to make a snapshot first in case the install should bomb. Least the configuration will be preserved for the next version since looks like I got everything set up correctly the first time around. Including nginx.conf which surprised me as I always get the brackets screwed up.

Will keep you posted.

 

[Darkk]

403 Forbidden
nginx/1.8.0

Permissions and path are set correctly. Still researching...

 

[Joshua Parker Ruehlig]

403 Forbidden
nginx/1.8.0

Permissions and path are set correctly. Still researching...

I tested 8.1 today using a fresh run through of this tutorial and it worked as expected. are you accessing http://jail_IP/owncloud?