Self-hosted ownCloud

ownCloud is an open-source file sync, share and content collaboration software that lets teams work on data easily from anywhere, on any device.

You can download and install ownCloud on your own Linux server, try some prefab cloud or virtual machine images, or sign up for hosted ownCloud services.

UPDATE: Latest ownCloud (v10.10) do not support php 8, so it will not work on Ubuntu 22.04 LTS.

1. Install recommended packages, especially running on Ubuntu 20.04 minimal.

sudo apt-get install nano cron wget rsyslog logrotate unzip

2. Install ownCloud's required packages.

sudo apt-get install apache2 libapache2-mod-php mariadb-server openssl redis-server php-imagick php-common php-curl php-gd php-imap php-intl php-json php-mbstring php-gmp php-bcmath php-mysql php-ssh2 php-xml php-zip php-apcu php-redis php-ldap php-phpseclib

3. If you plan to install ownCloud on Oracle Cloud VPS, enable iptables and Oracle Cloud's VCN to allow TCP port 80 and 443.

sudo nano /etc/iptables/rules.v4

-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

4. Reload the iptables rules.

sudo iptables-restore < /etc/iptables/rules.v4

5. Disable apache2 default configuration.

sudo a2dissite 000-default

6. Create ownCloud's virtual host configuration.

sudo nano /etc/apache2/sites-available/owncloud.conf

<VirtualHost *:80>
# uncommment the line below if variable was set
#ServerName your.server.com
DirectoryIndex index.php index.html
DocumentRoot /var/www/owncloud
<Directory /var/www/owncloud>
  Options +FollowSymlinks -Indexes
  AllowOverride All
  Require all granted

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/owncloud
 SetEnv HTTP_HOME /var/www/owncloud
</Directory>
</VirtualHost>

7. Enable Apache2 module and ownCloud virtual host configuration.

sudo a2ensite owncloud
sudo a2enmod dir env headers mime rewrite setenvif
sudo systemctl restart apache2

8. Configure ownCloud MySQL database. Change the database name and credential accordingly.

sudo mysql -u root -e "CREATE DATABASE IF NOT EXISTS owncloud; GRANT ALL PRIVILEGES ON owncloud.* TO owncloud@localhost IDENTIFIED BY 'password123'";

9. Download ownCloud package and unpack to /var/www directory.

wget https://download.owncloud.com/server/stable/owncloud-complete-latest.zip
unzip owncloud-complete-latest.zip
sudo cp -r owncloud /var/www/ && sudo chown -R www-data:www-data /var/www/owncloud

10. Install ownCloud mini setup via occ command or full setup via web setup in browser.

sudo -u www-data php /var/www/owncloud/occ maintenance:install --database "mysql" --database-name "owncloud" --database-user "owncloud" --database-pass "password123" --admin-user "admin" --admin-pass "admin"

11. Configure ownCloud's Trusted Domain with your local network.

myip=$(hostname -I|cut -f1 -d ' ')
sudo -u www-data php /var/www/owncloud/occ config:system:set trusted_domains 1 --value="$myip"

12. If you setup ownCloud on Oracle Cloud, configure Trusted Domain with a valid FQDN.

sudo -u www-data php /var/www/owncloud/occ config:system:set trusted_domains 1 --value="xxx.viewdns.net"

13. Setup ownCloud with self-signed HTTPS certificate connection. Redirect HTTP to HTTPS.

sudo nano /etc/apache2/sites-available/owncloud.conf

<VirtualHost *:80>
# uncommment the line below if variable was set
ServerName your.server.com
DirectoryIndex index.php index.html
DocumentRoot /var/www/owncloud
Redirect permanent / https://your-owncloud-ip/
</VirtualHost>

sudo nano /etc/apache2/sites-available/owncloud-ssl.conf

<VirtualHost *:443>
# uncommment the line below if variable was set
ServerName your.server.com
DirectoryIndex index.php index.html
DocumentRoot /var/www/owncloud

SSLEngine on
SSLCertificateFile      /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<Directory /var/www/owncloud>
  Options +FollowSymlinks -Indexes
  AllowOverride All
  Require all granted

 <IfModule mod_dav.c>
  Dav off
 </IfModule>

 SetEnv HOME /var/www/owncloud
 SetEnv HTTP_HOME /var/www/owncloud
</Directory>
</VirtualHost>

sudo a2enmod ssl && sudo a2ensite owncloud-ssl
sudo systemctl restart apache2

14. Setup ownCloud with Let's Encrypt free SSL cert, for Oracle Cloud setup.

sudo apt-get install certbot python3-certbot-apache
sudo certbot --apache -d your.server.com -m xxx@hotmail.com

15. Enable HTTP Strict Transport Security. Add below entry to either owncloud-ssl.conf or owncloud-le-ssl.conf. Restart apache2 service afterward.

<IfModule mod_headers.c>
  Header always set Strict-Transport-Security "max-age=15552000; includeSubDomains"
</IfModule>

16. Setup ownCloud background cron job.

sudo nano /etc/cron.d/owncloud
#Set the execution of the cron job to every 15 minutes and the cleanup of chunks every night at 2 am
*/15  *  *  *  * www-data /usr/bin/php -f /var/www/owncloud/occ system:cron
0  2  *  *  * www-data /usr/bin/php -f /var/www/owncloud/occ dav:cleanup-chunks

17. Setup correct timezone for owncloud.

sudo -u www-data php /var/www/owncloud/occ config:system:set logtimezone --value 'Asia/Kuala_Lumpur'

18. Configure ownCloud caching and file locking.

sudo -u www-data php /var/www/owncloud/occ config:system:set memcache.local --value '\OC\Memcache\APCu'
sudo -u www-data php /var/www/owncloud/occ config:system:set memcache.locking --value '\OC\Memcache\Redis'
sudo -u www-data php /var/www/owncloud/occ config:system:set redis --value '{"host": "127.0.0.1", "port": "6379"}' --type json

19. Configure logrotate for ownCloud.

sudo nano /etc/logrotate.d/owncloud

/var/www/owncloud/data/owncloud.log {
  size 10M
  rotate 12
  copytruncate
  missingok
  compress
  compresscmd /bin/gzip
}

20. Install fail2ban to prevent brute force attack. Make sure ownCloud is using correct local timezone for log. Remember restart fail2ban service with the ownCloud filter and jail configuration.

sudo apt-get install fail2ban

sudo nano /etc/fail2ban/filter.d/owncloud.conf

[Definition]
failregex={.*Login failed: \'.*\' \(Remote IP: \'<HOST>\'\)"}
ignoreregex =

sudo nano /etc/fail2ban/jail.d/owncloud.conf

[owncloud]
enabled = true
port = 80,443
protocol = tcp
filter = owncloud
maxretry = 3
bantime = 10800
logpath = /var/www/owncloud/data/owncloud.log

sudo systemctlctl restart fail2ban

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04

https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-apache-in-ubuntu-20-04

https://doc.owncloud.com/server/next/admin_manual/installation/quick_guides/ubuntu_20_04.html

https://doc.owncloud.com/server/next/admin_manual/configuration/server/harden_server.html

Land Of Night and Day

Search This Blog

Technitium DNS server zone high-availability

Self-hosted ownCloud

Comments