[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

derekzchu · Jan 17, 2015

Thanks so much for helping us to get owncloud setup. I followed Joshua's original post, along with cyberjocks' SSL post and Rickie's fail2ban post and everything is working really well!

That being said, I just started running into issues the second I tried to open my owncloud to the outside world. I have my router forwarding inbound port 60000 to the IP of my owncloud on private port 443. My freenas has a no-ip host registered which works fine (configured SSH to my freenas host). When I'm within my LAN, I type in

https://my-no-ip.ddns.net:60000/owncloud

but I get "Unable to connect" and the address bar becomes "https://my-no-ip.ddns.net/owncloud/". If i insert ":60000" back in there after the ".net", then i am able to get to my owncloud instance. Outside of my LAN, typing "https://my-no-ip.ddns.net:60000/owncloud" prompts the browser to accept the SSL certificate but after it's accepted, the page just hangs. I'm pretty sure it's something with my nginx setup and was hoping someone could take a look and give me some pointers. Thanks in advance!

Code:

#user  nobody;
worker_processes  3;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid  logs/nginx.pid;


events {
  worker_connections  1024;
}


http {
  include  mime.types;
  default_type  application/octet-stream;

  #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
  #  '$status $body_bytes_sent "$http_referer" '
  #  '"$http_user_agent" "$http_x_forwarded_for"';

  #access_log  logs/access.log  main;

  sendfile  on;
  tcp_nopush  on;

  #keepalive_timeout  0;
  keepalive_timeout  65;
  gzip  off;
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 9;
  gzip_http_version 1.1;
  gzip_types text/plain text/css application/json
application/x-javascript text/xml application/xml application/xml+rss text/java$
  ssl_certificate /usr/local/etc/nginx/server.crt;
  ssl_certificate_key /usr/local/etc/nginx/server.key;

  server {
  listen 80;
  listen 443 ssl;
  root /usr/local/www;
  location = /robots.txt { allow all; access_log off; log_not_found off; }
  location = /favicon.ico { access_log off; log_not_found off; }
  location ^~ /owncloud {
  index index.php;
  try_files $uri $uri/ /owncloud/index.php$is_args$args;
  client_max_body_size 512M;
  location ~^/owncloud/(?:\.|data|config|db_structure\.xml|README) {
  deny all;
  }
  location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_pass unix:/var/run/php-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    include fastcgi_params;
    fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
  }
  location ~* \.(?:jpg|gif|ico|png|css|js|svg)$ {
  expires 30d; add_header Cache-Control public;
  }
  location ^~ /owncloud/data {
  internal;
  alias /mnt/files;
  }
  }
  }
}

Joshua Parker Ruehlig · Jan 17, 2015

derekzchu said:
Thanks so much for helping us to get owncloud setup. I followed Joshua's original post, along with cyberjocks' SSL post and Rickie's fail2ban post and everything is working really well!

That being said, I just started running into issues the second I tried to open my owncloud to the outside world. I have my router forwarding inbound port 60000 to the IP of my owncloud on private port 443. My freenas has a no-ip host registered which works fine (configured SSH to my freenas host). When I'm within my LAN, I type in

https://my-no-ip.ddns.net:60000/owncloud

but I get "Unable to connect" and the address bar becomes "https://my-no-ip.ddns.net/owncloud/". If i insert ":60000" back in there after the ".net", then i am able to get to my owncloud instance. Outside of my LAN, typing "https://my-no-ip.ddns.net:60000/owncloud" prompts the browser to accept the SSL certificate but after it's accepted, the page just hangs. I'm pretty sure it's something with my nginx setup and was hoping someone could take a look and give me some pointers. Thanks in advance!

Code:
#user nobody; worker_processes 3; #error_log logs/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; #access_log logs/access.log main; sendfile on; tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; gzip off; gzip_vary on; gzip_proxied any; gzip_comp_level 9; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/java$ ssl_certificate /usr/local/etc/nginx/server.crt; ssl_certificate_key /usr/local/etc/nginx/server.key; server { listen 80; listen 443 ssl; root /usr/local/www; location = /robots.txt { allow all; access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } location ^~ /owncloud { index index.php; try_files $uri $uri/ /owncloud/index.php$is_args$args; client_max_body_size 512M; location ~^/owncloud/(?:\.|data|config|db_structure\.xml|README) { deny all; } location ~ \.php(?:$|/) { fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; include fastcgi_params; fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on; } location ~* \.(?:jpg|gif|ico|png|css|js|svg)$ { expires 30d; add_header Cache-Control public; } location ^~ /owncloud/data { internal; alias /mnt/files; } } } }

I would ask this on the owncloud forums and check your owncloud config. I think owncloud or nginx will sometimes do a redirect to the port it expects.

any reason you want to access it from different ports internally and externally?

derekzchu · Jan 17, 2015

Thanks Joshua. I'll see what the owncloud forums say. regarding why i'm accessing it from different ports internally and externally, i was under the impression that if i have multiple jails that I want reachable from the outside world, this is how to do it. If i have two jails that have SSL, wouldn't they internal and external ports have to be different so that it'll forward the request to the correct jail?

sorry this is all new to me and I'm learning as I go along. Thanks.

Joshua Parker Ruehlig · Jan 17, 2015

derekzchu said:
Thanks Joshua. I'll see what the owncloud forums say. regarding why i'm accessing it from different ports internally and externally, i was under the impression that if i have multiple jails that I want reachable from the outside world, this is how to do it. If i have two jails that have SSL, wouldn't they internal and external ports have to be different so that it'll forward the request to the correct jail?

sorry this is all new to me and I'm learning as I go along. Thanks.

yeah, they would need different ports. but.. what different programs are you running, you could set them at different URL (folders), /owncloud /whatever, ect.. and have nginx proxy to each thing. this is what I do at home so that I have a single domain with ssl, don't need to remember port numbers, just the webroot.

also another option it to run it as 60000 internally as well (in your nginx listen line).

derekzchu · Jan 17, 2015

interesting. does your nginx proxy to different jails? if so, if that jail that contains nginx goes down, does it mean your other jails would be inaccessible?

obviously there's a lot more for me to learn but this seems like an interesting starting point.

Joshua Parker Ruehlig · Jan 17, 2015

derekzchu said:
interesting. does your nginx proxy to different jails? if so, if that jail that contains nginx goes down, does it mean your other jails would be inaccessible?

obviously there's a lot more for me to learn but this seems like an interesting starting point.

yeah it could proxy to anything it can connect to. yes you wouldn't be able to access anything anymore if nginx/the jail crashed. nginx has never crashed (and I've been using it for years, Facebook even uses it for SSL termination). but I have had jails lose their IP address, but only when im changing things.

Mansoor Ahmed · Jan 18, 2015

Hey Josh thanks for this post. I am actually a bit confused in very beginning where you have mentioned for adding storage-

Source = /mnt/tank/files
Destination = /mnt/files

Source = /mnt/tank/db
Destination = /var/db/mysql

so my question here is how many jail do i need to create. As per my understanding the the first one is for owncloud jail but the second one where should i add. Please explain.

Joshua Parker Ruehlig · Jan 18, 2015

Mansoor Ahmed said:
Hey Josh thanks for this post. I am actually a bit confused in very beginning where you have mentioned for adding storage-

Source = /mnt/tank/files

Destination = /mnt/files

Source = /mnt/tank/db

Destination = /var/db/mysql

so my question here is how many jail do i need to create. As per my understanding the the first one is for owncloud jail but the second one where should i add. Please explain.

in this tutorial you only create a single jail. both datasets are mounted to the same jail. one holds the files, the other the database.

Mansoor Ahmed · Jan 19, 2015

Joshua Parker Ruehlig said:
in this tutorial you only create a single jail. both datasets are mounted to the same jail. one holds the files, the other the database.

Hi..
Thank. I will apply and then will let you know but could you please just give me brief details about the setup like how much it is different from just installing the pluging from freenas plugin section and using it.

Joshua Parker Ruehlig · Jan 19, 2015

Mansoor Ahmed said:
Hi..
Thank. I will apply and then will let you know but could you please just give me brief details about the setup like how much it is different from just installing the pluging from freenas plugin section and using it.

it should be noticeably faster, especially when uploading many small files. upgrading is also easier because it works through the owncloud interface. other than that they are the same application, everything works the same.

ZDrt · Jan 19, 2015

Hi guys, Im new in FreeNAS and also Im not used to use a unix systems but Id like to set up owncloud using this guide...Firts try I made step by step as described on first page and I receive eroor instaling pecl-APCu. I continue further, and finaly mysql service didnt start. I starter to repair it but finaly I start from the begining. Again I recieve an error instaling pecl, so I use portsnap fetch and portsnap extract and pecl_APCu was installed properly. Then I continue WITHOUT changing config files just to see if services will start properly and all services (nginx, php.fpm, mysql-server) starts. But I was not able to acces http://jailip/owncloud. I just could acces http://jailip where I can see nginx welcome page. Then I go back and change all config files as described on the firts page. Now Im not able to start nginx. I recive this error:

root@cloudJail:/ # service nginx start
Performing sanity check on nginx configuration:
nginx: [emerg] location "^/owncloud/(?:\.|data|config|db_structure\.xml|README)"
is outside location "/owncloud" in /usr/local/etc/nginx/nginx.conf:22
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
Starting nginx.
nginx: [emerg] location "^/owncloud/(?:\.|data|config|db_structure\.xml|README)"
is outside location "/owncloud" in /usr/local/etc/nginx/nginx.conf:22
/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx

Can anybody help me? Thanks a lot in advance
(Im running FreeNAS 9.3)

Joshua Parker Ruehlig · Jan 19, 2015

ZDrt said:
Hi guys, Im new in FreeNAS and also Im not used to use a unix systems but Id like to set up owncloud using this guide...Firts try I made step by step as described on first page and I receive eroor instaling pecl-APCu. I continue further, and finaly mysql service didnt start. I starter to repair it but finaly I start from the begining. Again I recieve an error instaling pecl, so I use portsnap fetch and portsnap extract and pecl_APCu was installed properly. Then I continue WITHOUT changing config files just to see if services will start properly and all services (nginx, php.fpm, mysql-server) starts. But I was not able to acces http://jailip/owncloud. I just could acces http://jailip where I can see nginx welcome page. Then I go back and change all config files as described on the firts page. Now Im not able to start nginx. I recive this error:

root@cloudJail:/ # service nginx start
Performing sanity check on nginx configuration:
nginx: [emerg] location "^/owncloud/(?:\.|data|config|db_structure\.xml|README)"
is outside location "/owncloud" in /usr/local/etc/nginx/nginx.conf:22
nginx: configuration file /usr/local/etc/nginx/nginx.conf test failed
Starting nginx.
nginx: [emerg] location "^/owncloud/(?:\.|data|config|db_structure\.xml|README)"
is outside location "/owncloud" in /usr/local/etc/nginx/nginx.conf:22
/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx

Can anybody help me? Thanks a lot in advance
(Im running FreeNAS 9.3)

Looks like you didn't put the nginx.conf file in exactly. I would try deleting the contents of it and replacing it with what I have posted again.

ZDrt · Jan 19, 2015

Thanks for your replay Joshua. I used ctrl c/v so it is written exactly as you posted. Anyway I detele the content and paste it again, 'cos I could made a mistake...unfortunately the result is the same :(

Joshua Parker Ruehlig · Jan 20, 2015

ZDrt said:
Thanks for your replay Joshua. I used ctrl c/v so it is written exactly as you posted. Anyway I detele the content and paste it again, 'cos I could made a mistake...unfortunately the result is the same :(

if you posted it exactly then itd work as expected. what editor are you using?

ZDrt · Jan 20, 2015

Im accessing the jail console using webgui of freenas and as editor I used vi. But now I found a problem. Dont know why, but there were ~ missing three times. I dont understand it 'cos ~ is five times in the config. Two times written correctly, three times missing. Thanks for your help. Now Im able to acces the front page but Im not in local site, I have to do it remotely (over NAT), so I will be fiddling with owncloud slowly or few days later ;) For example I cant send the initial setting when accesing the front page of owncloud over NAT. Thanks again!

Joshua Parker Ruehlig · Jan 20, 2015

ZDrt said:
Im accessing the jail console using webgui of freenas and as editor I used vi. But now I found a problem. Dont know why, but there were ~ missing three times. I dont understand it 'cos ~ is five times in the config. Two times written correctly, three times missing. Thanks for your help. Now Im able to acces the front page but Im not in local site, I have to do it remotely (over NAT), so I will be fiddling with owncloud slowly or few days later ;) For example I cant send the initial setting when accesing the front page of owncloud over NAT. Thanks again!

I figured it'd be something with vi lol. I swear it wants to interpret things as commands sometimes. glad you got it working

emergant · Jan 22, 2015

Having problems with 502 bad gateway tested with chrome incognito tab

php.fpm log shows:

22-Jan-2015 16:47:21] NOTICE: exiting, bye-bye!
[22-Jan-2015 16:47:22] NOTICE: fpm is running, pid 9120
[22-Jan-2015 16:47:22] NOTICE: ready to handle connections

root@owncloud:/ # sockstat | grep www

www php-fpm 9122 0 tcp4 192.168.1.2:9000 *:*
www php-fpm 9121 0 tcp4 192.168.1.2:9000 *:

service php-fpm status
php_fpm is running as pid 9120.

Any help appreciated

Joshua Parker Ruehlig · Jan 22, 2015

this should show if your socket is available
ls -l /var/run/php-fpm.sock

EDIT
you didn't edit the listen line correctly in php-fpm.conf, your php shouldn't be listening on port 9000

emergant · Jan 22, 2015

Thanks Joshua

My php-fpm.conf includes:

user = www
group = www
listen.owner = www
listen.group = www
listen = /var/run/php-fpm.sock
listen.mode = 0660

A little further down i:

; Note: This value is mandatory.
listen = 127.0.0.1:9000

which I don't think I added

ls-l /var/run/php-fpm.sock

show:

ls: /var/run/php-fpm.sock: No such file or directory

Joshua Parker Ruehlig · Jan 22, 2015

emergant said:
Thanks Joshua

My php-fpm.conf includes:

user = www
group = www
listen.owner = www
listen.group = www
listen = /var/run/php-fpm.sock
listen.mode = 0660

A little further down i:

; Note: This value is mandatory.
listen = 127.0.0.1:9000

which I don't think I added

ls-l /var/run/php-fpm.sock

show:

ls: /var/run/php-fpm.sock: No such file or directory

comment out or delete the listen 127.0.0.1:9000 line.
I specifically say replace relevant lines

Important Announcement for the TrueNAS Community.

[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

Dabbler

Hall of Famer

Dabbler

Hall of Famer

Dabbler

Hall of Famer

Cadet

Hall of Famer

Cadet

Hall of Famer

Cadet

Hall of Famer

Cadet

Hall of Famer

Cadet

Hall of Famer

Cadet

Hall of Famer

Cadet

Hall of Famer

Important Announcement for the TrueNAS Community.

Related topics on forums.truenas.com for thread: "[How-To] ownCloud using NGINX, PHP-FPM, and MySQL"

Similar threads