Install and configure ownCloud 9.1.4 on openSUSE Leap 42.2

ownCloud 9.1.4

Introduction

ownCloud is an open source file syncing and sharing software, just like Dropbox. Just placing files in a local shared directory, those files will be immediately synchronized to the server and to other devices using the ownCloud Desktop Sync Client, Android app, or iOS app.

This tutorial explains how to install and configure the server side of ownCloud on openSUSE 42.2.

Getting started

First of all, install SuSEfirewall2. This is a script that generates iptables rules from configurations stored in

/etc/sysconfig/SuSEfirewall2

. Install it with zypper:

# zypper in SuSEfirewall2

There is also a YaST configuration module, but it doesn’t permit you to configure all firewall settings, so it’s necessary to manually edit the configuration file:

# $EDITOR /etc/sysconfig/SuSEfirewall2

In there, search for

FW_SERVICES_EXT_TCP

line and change as follow:

FW_SERVICES_EXT_TCP="22 80 443"

These are: ssh, http, and https ports.
Save and exit.

Next, start it and enable it to start at boot time:

# systemctl start SuSEfirewall2
# systemctl enable SuSEfirewall2

Restart

sshd

:

# systemctl restart sshd

Install NGINX

NGINX is also available on openSUSE repositories, so:

# zypper in nginx

Start and enable it:

# systemct start nginx
# systemctl enable nginx

Installing MariaDB

As for NGINX, MariaDB is also available as openSUSE package, so:

# zypper in mariadb mariadb-client

Next:

# systemctl start mysqld
# systemctl enable mysqld

Configure its root account:

# mysql_secure_installation
Enter current password for root (enter for none):
Set root password? [Y/n]
New password:
Re-enter new password:
Remove anonymous users? [Y/n]
Disallow root login remotely? [Y/n]
Reload privilege tables now? [Y/n]

Now it’s possible to log in to the MariaDB shell and create a new database and user that will be used for ownCloud:

# mysql -u root -p

In the database system shell:

mysql> CREATE DATABASE myownclouddb;
mysql> CREATE USER 'ocuser'@'localhost' IDENTIFIED BY 'user_strong_password';
mysql> GRANT ALL PRIVILEGES ON 'myownclouddb.*' TO 'ocuser'@'localhost' IDENTIFIED BY 'user_strong_password';
mysql> FLUSH PRIVILEGES;
mysql> EXIT;

Now MariaDB is correctly configured for ownCloud.

Install PHP-FPM

ownCloud requires PHP 5.4+. Install PHP-FPM, which is a FastCGI alternative useful when handling sites with a lot of visitors. In this guide we’ll be using PHP7.
Through zypper:

# zypper in php7-fpm php7-gd php7-mysql php7-mcrypt php7-curl php7-pear php7-zip php7-json php7-ldap

Next, copy the default php-fpm configuration file, executing the following commands:

# cd /etc/php7/fpm
# cp php-fpm.conf.default php-fpm.conf

Open that file with a text editor:

# $EDITOR php-fpm.conf

There, look for (and modify as follows) the following lines:

error_log = log/php-fpm.log
user = nginx
group = nginx
listen = /var/run/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660

Save and exit.
Now, modify

php.ini

:

# $EDITOR /etc/php7/cli/php.ini

Uncomment line 761 and change its value:

cgi.fix_pathinfo=0

Save, exit and copy this file to

conf.d

:

# cp php.ini /etc/php7/conf.d/

The PHP7 session directory is

/var/lib/php7

. Change its owner to nginx user:

# chown -R nginx:nginx /var/lib/php7/
Configure NGINX to work with PHP-FPM

Create a new NGINX configuration file, making a backup of the old one:

# cd /etc/nginx
# cp nginx.conf nginx.conf.bk
# $EDITOR nginx.conf

On line 65, add the following configuration:

 location ~ \.php$ {
                root /srv/www/htdocs;
                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass unix:/var/run/php-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       }

Save, exit and test nginx:

# nginx -t

You should read the following lines:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

At the end:

# systemctl start php-fpm
# systemctl enable php-fpm
# systemctl restart nginx

Install ownCloud

Go to the web root directory, which is

/srv/www

, and there download ownCloud:

# wget https://download.owncloud.org/community/owncloud-9.1.4.tar.bz2

Extract the archive:

# tar xf owncloud-9.1.4.tar.bz2

In the

owncloud

extracted folder, create a new data directory, and change its owner to nginx user:

# mkdir owncloud/data
# chown -R nginx:nginx owncloud/
Configure a Virtual Host for ownCloud

Next step is to configure a Virtual Host in NGINX for ownCloud.

# mkdir /etc/nginx/vhosts.d && cd /etc/nginx/vhosts.d

There, create a new file:

# $EDITOR owncloud.conf

Paste the following content in that file:

upstream php-handler {
  #server 127.0.0.1:9000;
  server unix:/var/run/php-fpm.sock;
}

server {
  listen 80; # If you have a SSL certificate (Recommended), change this line with "listen 443 ssl;" and add certificate lines;
  server_name storage.mydomain.com;

  # Path to the root of your installation
  root /srv/www/owncloud/;
  # set max upload size
  client_max_body_size 10G;
  fastcgi_buffers 64 4K;

  # Disable gzip to avoid the removal of the ETag header
  gzip off;

  # Uncomment if your server is build with the ngx_pagespeed module
  # This module is currently not supported.
  #pagespeed off;

  rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
  rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
  rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

  index index.php;
  error_page 403 /core/templates/403.php;
  error_page 404 /core/templates/404.php;

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
    deny all;
  }

  location / {
    # The following 2 rules are only needed with webfinger
    rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
    rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

    rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
    rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

    rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

    try_files $uri $uri/ =404;
  }

  location ~ \.php(?:$|/) {
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_pass php-handler;
    fastcgi_intercept_errors on;
  }

  # Adding the cache control header for js and css files
  # Make sure it is BELOW the location ~ \.php(?:$|/) { block
  location ~* \.(?:css|js)$ {
    add_header Cache-Control "public, max-age=7200";
    # Add headers to serve security related headers
    add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    # Optional: Don't log access to assets
    access_log off;
  }

  # Optional: Don't log access to other assets
  location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
    access_log off;
  }
}

Save, exit and restart services:

# systemctl restart nginx
# systemctl restart php-fpm
# systemctl restart mysql

Conclusions

The server side is now well configured. The last step is to go with a web browser to: http://storage.mydomain.com and finish a graphical configuration. At the end of this process your ownCloud Dashboard will be fully available!