[How-To] ownCloud using NGINX, PHP-FPM, and MySQL

[jonnn]

no, this guide only show the specific application setup. for external access just perform the standard steps you need for any application. you'd also need to add steps for SSL to make it secure.

I wrote a little information about doing this in the link below. I'll write a complete guide on how to do this eventually.
http://forums.freenas.org/threads/f...-htpc-mylar-ll-gamez.16200/page-12#post-96176

Okay. Yeah, I have no clue how to get SSL certs working or anything like that so some kind of guide would be wonderful. I run dd-wrt.

I tried to setup a VPN on my dd-wrt. It was spotty at best

I also read about a program called .... can't remember the name for the life of me. It' supposed to be an easy way to automatically securly share your server on linux and they even give you a domain name. It's open source and seems to be for BSD and Linux so that looks interesting. I'll post again if I can find it again.


EDIT: Found it!: It's called PageKite.
Here is their install page:
http://pagekite.net/downloads/#s3linux

Of course, I tried the "curl" command they suggested and it's not supported in Freenas. Shows how much I know about this.

 

[aoror]

Hello everyone,

i've been following the forum for quite a while and this is my first post. Thx for the great tutorial, i successfully installed all servers but when I try to use the WEB GUI via jailip/owncloud, Fireforx offers me to download the index.php, whereas IE just shows the code (below)

I also didn't know where to append

Code:

*/15 * * * * /usr/local/bin/php -f /usr/local/www/owncloud/cron.php

The crontab command just shows a long line of "~". Maybe those two issues have sth. to do with it.
Maybe someone can easily spot the mistake?

Code:

<?php
 
/**
* ownCloud
*
* @author Frank Karlitschek
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
*
*/
 
$RUNTIME_NOAPPS = true; //no apps, yet
 
try {
   
    require_once 'lib/base.php';
 
    OC::handleRequest();
 
} catch (Exception $ex) {
    \OCP\Util::logException('index', $ex);
 
    //show the user a detailed error page
    OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
    OC_Template::printExceptionErrorPage($ex);
}
 

 

[Joshua Parker Ruehlig]

Hello everyone,

i've been following the forum for quite a while and this is my first post. Thx for the great tutorial, i successfully installed all servers but when I try to use the WEB GUI via jailip/owncloud, Fireforx offers me to download the index.php, whereas IE just shows the code (below)

I also didn't know where to append

Code:

*/15 * * * * /usr/local/bin/php -f /usr/local/www/owncloud/cron.php

The crontab command just shows a long line of "~". Maybe those two issues have sth. to do with it.
Maybe someone can easily spot the mistake?

Code:

<?php
 
/**
* ownCloud
*
* @author Frank Karlitschek
* @copyright 2010 Frank Karlitschek karlitschek@kde.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
* License as published by the Free Software Foundation; either
* version 3 of the License, or any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
*
*/
 
$RUNTIME_NOAPPS = true; //no apps, yet
 
try {
 
    require_once 'lib/base.php';
 
    OC::handleRequest();
 
} catch (Exception $ex) {
    \OCP\Util::logException('index', $ex);
 
    //show the user a detailed error page
    OC_Response::setStatus(OC_Response::STATUS_INTERNAL_SERVER_ERROR);
    OC_Template::printExceptionErrorPage($ex);
}
 

if you're downloading the index.php that means your nginx config isn't properly passing requests to php-fpm. check your nginx config.

the cron command goes in the crontab for the www user. the crontab command by default brings up a vi editor, just insert the line.

 

[aoror]

Hi,
thanks so much for your reply. I figured it out, it was a simple typo

 

[alobi]

Thanks so much for the write-up, Joshua.

Just a note that I had to disable gzip on nginx because of a missing E-Tag error that kept certain files from syncing.

-A

 

[cyberjock]

I was thinking about this on my way home. I still haven't gotten this working with SSL and such as I want. But, instead of providing a guide for all of the security, someone could do this up with all the security stuff setup(minus the certs themselves), then tar it up and provide the entire jail as a tar.... this could work for many other guides too!

 

[Joshua Parker Ruehlig]

I was thinking about this on my way home. I still haven't gotten this working with SSL and such as I want. But, instead of providing a guide for all of the security, someone could do this up with all the security stuff setup(minus the certs themselves), then tar it up and provide the entire jail as a tar.... this could work for many other guides too!

the problem with that is a lot of the system is must the base that could be ignored. maybe tar /usr/local + /etc
or...

I think I could script everything here. just have an install script you run on a vanilla jail

 

[Joshua Parker Ruehlig]

Thanks so much for the write-up, Joshua.

Just a note that I had to disable gzip on nginx because of a missing E-Tag error that kept certain files from syncing.

-A

thanks, I'll look into it and see if I can mitigate it in my guide.

 

[DJABE]

Nice article!
Kudos for application environment, nginx and PHP-FPM kicks ass.
Thou' I still believe NAS should be NAS - just like NAS4Free community talks.

 

[gaszto]

Joshua:

I've installed Owncloud 6 according to your post. I've also added News application to the Owncloud, and I have a problem. If I put an RSS feed to the news, PHP-Curl started to download the feed but always with IPV6. Therefore the PHP-fpm hangs with 100% CPU load. Do you have any idea where can I disable IPV6 and using IPV4 only?

Thanks

 

[Hi-Liter]

For everyone who also had issues with "pkg install": https://wiki.freebsd.org/pkgng

 

[Joshua Parker Ruehlig]

Joshua:

I've installed Owncloud 6 according to your post. I've also added News application to the Owncloud, and I have a problem. If I put an RSS feed to the news, PHP-Curl started to download the feed but always with IPV6. Therefore the PHP-fpm hangs with 100% CPU load. Do you have any idea where can I disable IPV6 and using IPV4 only?

Thanks

hmm, not sure. this sounds like something that should be solved at the network/OS level. I don't have OC in production on freenas currently but have used the news app successfully in the past.

 

[cyberjock]

Well, deleted my old jail from a few weeks ago(it was incomplete and never used it) and started redoing the setup. Noteworthy things I found:

1. I didn't have to enable FPM as it was already enabled. (surprisingly...)
2. I had to disable dtrace or it would crash and error out while compiling. (surprisingly...) Hopefully this still works with owncloud. From what i've read it will run fine.
3. I still had to find the Mariadb entry like before. The title was the same as before... mariadb-server-5.5.31. I still couldn't install using the pkg install mariadb55-server.
3. I got SSL stuff setup from (http://www.akadia.com/services/ssh_test_certificate.html) but I have no clue how to actually install the certificate or key. I've been following something like http://www.akadia.com/services/ssh_test_certificate.html but I'm not sure if that is complete or not. It doesn't work in the way that I'm trying it. So either that's not complete or user error is involved. I'm expecting user error to be involved regardless. I'm almost clueless with the nginx.conf file. I was going to take a look at the owncloud PBI conf file, but it doesn't use nginx.

Other than that, looks like it'll work. I've been able to log into the server and synced a few files via a test machine! Now to spend a few hours with google on SSL stuff. ;)

 

[raidflex]

Well, deleted my old jail from a few weeks ago(it was incomplete and never used it) and started redoing the setup. Noteworthy things I found:

1. I didn't have to enable FPM as it was already enabled. (surprisingly...)
2. I had to disable dtrace or it would crash and error out while compiling. (surprisingly...) Hopefully this still works with owncloud. From what i've read it will run fine.
3. I still had to find the Mariadb entry like before. The title was the same as before... mariadb-server-5.5.31. I still couldn't install using the pkg install mariadb55-server.
3. I got SSL stuff setup from (http://www.akadia.com/services/ssh_test_certificate.html) but I have no clue how to actually install the certificate or key. I've been following something like http://www.akadia.com/services/ssh_test_certificate.html but I'm not sure if that is complete or not. It doesn't work in the way that I'm trying it. So either that's not complete or user error is involved. I'm expecting user error to be involved regardless. I'm almost clueless with the nginx.conf file. I was going to take a look at the owncloud PBI conf file, but it doesn't use nginx.

Other than that, looks like it'll work. I've been able to log into the server and synced a few files via a test machine! Now to spend a few hours with google on SSL stuff. ;)

If you do get SSL working please post how it was possible. I currently have Owncloud setup but would like to use SSL for access outside my network. Thanks.

 

[Joshua Parker Ruehlig]

Okay. Yeah, I have no clue how to get SSL certs working or anything like that so some kind of guide would be wonderful. I run dd-wrt.

I tried to setup a VPN on my dd-wrt. It was spotty at best

I also read about a program called .... can't remember the name for the life of me. It' supposed to be an easy way to automatically securly share your server on linux and they even give you a domain name. It's open source and seems to be for BSD and Linux so that looks interesting. I'll post again if I can find it again.


EDIT: Found it!: It's called PageKite.
Here is their install page:
http://pagekite.net/downloads/#s3linux

Of course, I tried the "curl" command they suggested and it's not supported in Freenas. Shows how much I know about this.

Yeah, this looks like what most services that allow you to run a server do, their server facilitates the connection. It's like Hamachi, people download minecraftserver, run hamachi and tell their friends their hamachi username. I don't understand why it's so hard to figure out Dynamic DNS + Port Forwarding?

and curl isn't part of the base freebsd system. just use 'fetch'

 

[opowoj]

INTRODUCTION
This guide's purpose is to show how I install ownCloud in a jail on FreeNAS. This method will have superior performance over the PBI method because this stack uses NGINX, PHP-FPM, and MySQL instead of Apache, Mod-PHP, and SQLite.

INSTALLATION

FreeNAS WebUI
Storage > Create ZFS Dataset

Dataset Name = files
Compression level = lz4
Enable atime = Off

Jails > Add Jails

type = portjail

Hello, I started the proposed jobs along the guide and

1. after clicking on the OK button after the Adding Jails job , I get the following error message:
   http://cdn.freenas.org/9.2.0/RELEASE/x64/jails/freenas-portjail-9.2-RELEASE.tgz: No address record ERROR: Failed extracting: http://cdn.freenas.org/9.2.0/RELEASE/x64/jails/freenas-portjail-9.2-RELEASE.tgz cannot open 'Volume_1/files/.warden-template-portjail': dataset does not exist ERROR: Failed to create ZFS base dataset
   
   
2. continuing in the FreeNAS WebUI ==> Add Storage (Source and Destination): There is no point in the Storage Menu called "Add Storage"
   
   
3. I downloaded the following programs: nginx 1.4.6.tar, php-5.2.10-fpm-0.5.13.tar and mysql-5.6.16-freebsd9.0-x86_64.tar

​

How do I continue? Thanks in advance/Joachim

 

[Joshua Parker Ruehlig]

Hello, I started the proposed jobs along the guide and

1. after clicking on the OK button after the Adding Jails job , I get the following error message:
   http://cdn.freenas.org/9.2.0/RELEASE/x64/jails/freenas-portjail-9.2-RELEASE.tgz: No address record ERROR: Failed extracting: http://cdn.freenas.org/9.2.0/RELEASE/x64/jails/freenas-portjail-9.2-RELEASE.tgz cannot open 'Volume_1/files/.warden-template-portjail': dataset does not exist ERROR: Failed to create ZFS base dataset
   
2. continuing in the FreeNAS WebUI ==> Add Storage (Source and Destination): There is no point in the Storage Menu called "Add Storage"
   
3. I downloaded the following programs: nginx 1.4.6.tar, php-5.2.10-fpm-0.5.13.tar and mysql-5.6.16-freebsd9.0-x86_64.tar

​

How do I continue? Thanks in advance/Joachim

1. do you have a ZFS dataset? can you install plugins or jails.

2. you won't have this menu until you setup a jail.

3. why are you downloading stuff directly from their site? it's clearly explained how to install nginx,php-fpm, and mariadb in the guide. use 'pkg install'

 

[cyberjock]

Ok, so once the system is up and running without SSL, here's how I added SSL. As a bonus, Owncloud 6.0.2 came out, so I did an upgrade too!


Note: I wrote this, but I don't have any intention of really supporting people that chose to go this route and have problems. Joshua(the OP for this guide) didn't include these steps in his guide either, so please don't go posting in this thread with problems related to getting this to work. If he so desires to support this configuration I'll remove this warning. If people can't behave themselves I'll start deleting the posts and potentially deleting this guide. Thanks. -mgmt

Another note: When you reboot your FreeNAS box, if you have https enabled for the FreeNAS WebGUI as well as SSL for Owncloud the client will sometimes try to connect to the FreeNAS WebGUI on server bootup. There is a period of time where the FreeNAS WebGUI is available(with its own unique SSL cert) and the Owncloud jail isn't quite available yet. During this short time if your Owncloud client attempts to connect to the jail you will instead get the FreeNAS SSL cert. You will get an warning from the Owncloud client that the cert has changed and asks for you to accept or reject the cert. You should reject the cert since it is not the correct cert. As soon as your jail comes back up your client should reconnect to the Owncloud server appropriately and continue operating as expected.

(All commands must be run from within the jail.. so ssh in or use jls/jexec as you see fit).

1. Setup everything so Owncloud works without SSL. This proves you are at a certain point where things can be assumed.

If you aren't working without SSL, you aren't going to be better off after this. So definitely make sure you can go to http://ip/owncloud and access the webpage!


2. You must compile nginx from ports since the pkg version doesn't appear to include SSL.

Inside the jail and as root again, do the following:

# service nginx stop
# pkg remove nginx
# portsnap fetch update
# make /usr/ports/www/nginx install

When it asks for settings you will need to make sure ALL of the following are checked: (This is what I used.. feel free to change it at your own discretion and or risk!)

IPV6
HTTP
HTTP_CACHE
HTTP_DAV
HTTP_FLV
HTTP_GZIP_STATIC
HTTP_PERL
HTTP_REWRITE
HTTP_SSL
HTTP_STATUS
WWW

Now wait for it to compile...Took me about 30 seconds.

3. Create your encryption key, cert, etc.

Note: I'm not a security wizard, so I used the same steps from http://www.akadia.com/services/ssh_test_certificate.html. DES3 may or may not be secure. It's up to you to decide what to use or not use since this forum isn't about security certificates and the like.

# cd /usr/local/etc/nginx/
# openssl genrsa -des3 -out server.key 1024 (Generates a private key)
# openssl req -new -key server.key -out server.csr (Generates the Certificate Signing Request. Fill in EVERY field with something or Owncloud's client will not be happy and won't sync. I learned this the hard way)
# cp server.key server.key.org (backs up your key)
# openssl rsa -in server.key.org -out server.key (Removes the passphrase from the key)
# openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt (Generates a self-signed Certificate)

4. Let's stop and verify your stuff is still working!

At this point you should be able to do # service nginx start and be able to go to your http address and it should still work. If not, this is a good place to stop and troubleshoot. So go ahead and test the service to make sure its still working. After verifying everything is okay then do # service nginx stop and keep going. The next step is where I expect 99% of the problems to be, so this is a good place to prove you've done everything right up to this point.

5. Go to SSL!

Attached is my nginx.conf(I had to make it a .txt file for the forum software filters). You can either use mine, or read through mine and adapt it for your server. The main lines to eyeball are:

ssl_certificate /usr/local/etc/nginx/server.crt;
ssl_certificate_key /usr/local/etc/nginx/server.key;
listen 443 ssl;

Once you've added those lines, if you did everything properly, then you can type:

# service nginx start

And you should be able to go to https://ip/owncloud and have access to your server! It's a self-signed certificate so you'll get the lame security warning. Just accept it in your browser and keep going.

BONUS: Updating Owncloud

Everyone likes bonuses right? Buy-one-get-one-free and the like? So here's how I updated my Owncloud from 6.0.1 to 6.0.2. You'll know if Owncloud is out of date because you'll go to your Owncloud Server's webpage and see a warning at the top that it's not the latest and greatest.

NOTE: I'd verify that SSL above works before doing an update. You don't want to do an SSL and update at the same time in case you have problems. Better to change 1 thing at a time so if something goes wrong you have fewer things that can/could go wrong.

Since I'll be installing 6.0.2 the file location is http://download.owncloud.org/community/owncloud-6.0.2.tar.bz2 You can either change the file name yourself or go to owncloud.org and find the link yourself. I went to owncloud.org just to make sure that the link was correct.

Inside the jail as root run the following commands:

# service nginx stop
# cd /tmp
# fetch http://download.owncloud.org/community/owncloud-6.0.2.tar.bz2
# tar jxvf owncloud-*.tar.bz2 -C /usr/local/www
# rm owncloud-*.tar.bz2
# chown -R www:www /usr/local/www/owncloud
# service nginx start

That's it! If you go to http(s)://ip/owncloud there will be a page that says it's updating and to please wait, but within about 10 seconds it refreshed and Owncloud was back online for me.

If you've been reading my posts elsewhere the PBI version sucked because the performance was just horrid with a large number of small files. Throughput was great for large files though. Something like 8000 files totalling 4.6GB took over 16 hours to upload(I stopped counting at 16 hours). With 6.0.2 and using NGINX, PHP-FPM, and MySQL(MariaDB) I was able to sync 8173 files totalling 5.3GB in less than 40 minutes on the same hardware! That's over 18x faster!

Thanks to Joshua for starting this thread with his guide!

 

[Joshua Parker Ruehlig]

BONUS: Updating Owncloud

Everyone likes bonuses right? Buy-one-get-one-free and the like? So here's how I updated my Owncloud from 6.0.1 to 6.0.2. You'll know if Owncloud is out of date because you'll go to your Owncloud Server's webpage and see a warning at the top that it's not the latest and greatest.

NOTE: I'd verify that SSL above works before doing an update. You don't want to do an SSL and update at the same time in case you have problems. Better to change 1 thing at a time so if something goes wrong you have fewer things that can/could go wrong.

Since I'll be installing 6.0.2 the file location is http://download.owncloud.org/community/owncloud-6.0.2.tar.bz2 You can either change the file name yourself or go to owncloud.org and find the link yourself. I went to owncloud.org just to make sure that the link was correct.

Inside the jail as root run the following commands:

# service nginx stop
# cd /tmp
# fetch http://download.owncloud.org/community/owncloud-6.0.2.tar.bz2
# tar jxvf owncloud-*.tar.bz2 -C /usr/local/www
# rm owncloud-*.tar.bz2
# chown -R www:www /usr/local/www/owncloud
# service nginx start

That's it! If you go to http(s)://ip/owncloud there will be a page that says it's updating and to please wait, but within about 10 seconds it refreshed and Owncloud was back online for me.

You should be able to update in the owncloud within the program. I think the 'Updater' App is what you want, then ( Admin > Update Center )

 

[cyberjock]

You should be able to update in the owncloud within the program. I think the 'Updater' App is what you want, then ( Admin > Update Center )

Haha. I didn't see that there before. Eh, maybe I'll try that next time. :P