Ok, so once the system is up and running without SSL, here's how I added SSL. As a bonus, Owncloud 6.0.2 came out, so I did an upgrade too!
Note: I wrote this, but I don't have any intention of really supporting people that chose to go this route and have problems. Joshua(the OP for this guide) didn't include these steps in his guide either, so please don't go posting in this thread with problems related to getting this to work. If he so desires to support this configuration I'll remove this warning. If people can't behave themselves I'll start deleting the posts and potentially deleting this guide. Thanks. -mgmt
Another note: When you reboot your FreeNAS box, if you have https enabled for the FreeNAS WebGUI as well as SSL for Owncloud the client will sometimes try to connect to the FreeNAS WebGUI on server bootup. There is a period of time where the FreeNAS WebGUI is available(with its own unique SSL cert) and the Owncloud jail isn't quite available yet. During this short time if your Owncloud client attempts to connect to the jail you will instead get the FreeNAS SSL cert. You will get an warning from the Owncloud client that the cert has changed and asks for you to accept or reject the cert. You should reject the cert since it is not the correct cert. As soon as your jail comes back up your client should reconnect to the Owncloud server appropriately and continue operating as expected.
(All commands must be run from within the jail.. so ssh in or use jls/jexec as you see fit).
1. Setup everything so Owncloud works without SSL. This proves you are at a certain point where things can be assumed.
If you aren't working without SSL, you aren't going to be better off after this. So definitely make sure you can go to
http://ip/owncloud and access the webpage!
2. You must compile nginx from ports since the pkg version doesn't appear to include SSL.
Inside the jail and as root again, do the following:
#
service nginx stop
# pkg remove nginx
#
portsnap fetch update
#
make /usr/ports/www/nginx install
When it asks for settings you will need to make sure ALL of the following are checked: (This is what I used.. feel free to change it at your own discretion and or risk!)
IPV6
HTTP
HTTP_CACHE
HTTP_DAV
HTTP_FLV
HTTP_GZIP_STATIC
HTTP_PERL
HTTP_REWRITE
HTTP_SSL
HTTP_STATUS
WWW
Now wait for it to compile...Took me about 30 seconds.
3. Create your encryption key, cert, etc.
Note: I'm not a security wizard, so I used the same steps from
http://www.akadia.com/services/ssh_test_certificate.html. DES3 may or may not be secure. It's up to you to decide what to use or not use since this forum isn't about security certificates and the like.
#
cd /usr/local/etc/nginx/
#
openssl genrsa -des3 -out server.key 1024 (Generates a private key)
#
openssl req -new -key server.key -out server.csr (Generates the Certificate Signing Request. Fill in EVERY field with something or Owncloud's client will not be happy and won't sync. I learned this the hard way)
#
cp server.key server.key.org (backs up your key)
#
openssl rsa -in server.key.org -out server.key (Removes the passphrase from the key)
#
openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt (Generates a self-signed Certificate)
4. Let's stop and verify your stuff is still working!
At this point you should be able to do #
service nginx start and be able to go to your http address and it should still work. If not, this is a good place to stop and troubleshoot. So go ahead and test the service to make sure its still working. After verifying everything is okay then do #
service nginx stop and keep going. The next step is where I expect 99% of the problems to be, so this is a good place to prove you've done everything right up to this point.
5. Go to SSL!
Attached is my nginx.conf(I had to make it a .txt file for the forum software filters). You can either use mine, or read through mine and adapt it for your server. The main lines to eyeball are:
ssl_certificate /usr/local/etc/nginx/server.crt;
ssl_certificate_key /usr/local/etc/nginx/server.key;
listen 443 ssl;
Once you've added those lines, if you did everything properly, then you can type:
#
service nginx start
And you should be able to go to
https://ip/owncloud and have access to your server! It's a self-signed certificate so you'll get the lame security warning. Just accept it in your browser and keep going.
BONUS: Updating Owncloud
Everyone likes bonuses right? Buy-one-get-one-free and the like? So here's how I updated my Owncloud from 6.0.1 to 6.0.2. You'll know if Owncloud is out of date because you'll go to your Owncloud Server's webpage and see a warning at the top that it's not the latest and greatest.
NOTE: I'd verify that SSL above works before doing an update. You don't want to do an SSL and update at the same time in case you have problems. Better to change 1 thing at a time so if something goes wrong you have fewer things that can/could go wrong.
Since I'll be installing 6.0.2 the file location is
http://download.owncloud.org/community/owncloud-6.0.2.tar.bz2 You can either change the file name yourself or go to owncloud.org and find the link yourself. I went to owncloud.org just to make sure that the link was correct.
Inside the jail as root run the following commands:
#
service nginx stop
#
cd /tmp
#
fetch http://download.owncloud.org/community/owncloud-6.0.2.tar.bz2
#
tar jxvf owncloud-*.tar.bz2 -C /usr/local/www
#
rm owncloud-*.tar.bz2
#
chown -R www:www /usr/local/www/owncloud
#
service nginx start
That's it! If you go to http(s)://ip/owncloud there will be a page that says it's updating and to please wait, but within about 10 seconds it refreshed and Owncloud was back online for me.
If you've been reading my posts elsewhere the PBI version sucked because the performance was just horrid with a large number of small files. Throughput was great for large files though. Something like 8000 files totalling 4.6GB took over 16 hours to upload(I stopped counting at 16 hours). With 6.0.2 and using NGINX, PHP-FPM, and MySQL(MariaDB) I was able to sync 8173 files totalling 5.3GB in less than 40 minutes on the same hardware! That's over 18x faster!
Thanks to Joshua for starting this thread with his guide!