ownCloud - sharing over WAN to family

[Jack Naisbett]

As the subject says, looking for best way to do this - and securely!

Would using OpenVPN with PIA work, if the jail for ownCloud was hooked up and then family fire up a PIA client at their end?

My router doesnt support VPN setup, so not an option to run a VPN server on there.

 

[Mirfster]

Our very own @DrKK wrote a guide called "DrKK's Definitive Guide to Installing OwnCloud in FreeNAS (or FreeBSD)" which may be of interest to you. He even went so far as to make a YouTube video of it. Keep in mind that this is a bit dated and I am unsure of the validity any longer. I never used/tried it in the first place. But, since I tagged DrKK, he may just grace you with an appearance and comment. ;)

 

[adrianwi]

My recommendation would be this guide > https://forums.freenas.org/index.php?threads/how-to-owncloud-using-nginx-php-fpm-and-mysql.17786/

Whilst there is quite a few steps to get it up and running (and a few pages of comments to trawl through!) it's a more robust configuration using mysql rather than sqlite

 

[Jack Naisbett]

I thought the plugin now used mysql?

 

[adrianwi]

No idea. I don't use the plugins for anything as I've found setting things up in a jail manually more reliable and educational.

 

[Jack Naisbett]

Is the manual version any better at handling hidden files? Trying to mount a share into the jail but excluding certain filetypes. Is there a known way of doing this in ownCLoud?

 

[DrKK]

I agree with @AdrianWilliamson 's sentiment. That, too, is why I don't use the plugins myself. You won't learn anything.

There was a rough patch for a while with Owncloud, and it pissed me off so much that I myself stopped using it. It looks like it's been mostly cleared up though. I might give it another go. The reason I don't recommend mysql itself is that memory requirements for a modest little OwnCloud running mysql are pretty bad. Without spending your life tweaking things and researching the complicated SQL systems, you can just flush hundreds of MB of RAM down the toilet, if you're going to run a mysql-based or mariadb-based installation. At least, last I checked this was the case.

If you're going to store a couple dozen files, or whatever, not using sqlite would be dumb, I think. If you're going to store four thousand files on your owncloud, then not using mysql would be dumb. You have to consider the wisest move for your use case.

 

[danb35]

It looks like it's been mostly cleared up though

It looks like there's very recently (i.e., within the last week or so) been a pretty serious split with the owncloud devs. Check out nextcloud.com for some information.

 

[DrKK]

It looks like there's very recently (i.e., within the last week or so) been a pretty serious split with the owncloud devs. Check out nextcloud.com for some information.

That's pretty interesting. I had those complaints myself about their community. Notice how careful they are not to call the Owncloud people out.

 

[Jack Naisbett]

I agree with @AdrianWilliamson 's sentiment. That, too, is why I don't use the plugins myself. You won't learn anything.

There was a rough patch for a while with Owncloud, and it pissed me off so much that I myself stopped using it. It looks like it's been mostly cleared up though. I might give it another go. The reason I don't recommend mysql itself is that memory requirements for a modest little OwnCloud running mysql are pretty bad. Without spending your life tweaking things and researching the complicated SQL systems, you can just flush hundreds of MB of RAM down the toilet, if you're going to run a mysql-based or mariadb-based installation. At least, last I checked this was the case.

If you're going to store a couple dozen files, or whatever, not using sqlite would be dumb, I think. If you're going to store four thousand files on your owncloud, then not using mysql would be dumb. You have to consider the wisest move for your use case.

I'd probably be storing 5000 files upwards, so MySQL would probably make sense for me.

 

[Joshua Parker Ruehlig]

I dont use VPN for owncloud, and host it directly, accessible by all the scary people of the internet =P
My setup has been used by several of my family member for around 2 years, storing about 250GB, mostly pictures, so it is fairly large number of files on my system. I'd definitely recommend mysql.

if you dont use a VPN, make sure you setup https, and keep your php/owncloud up to date with secrurity updates (which is near impossible with the plugin, dependencies of PBIs are tricky)

once the freenas10 plugin system is available I'll try building an update that uses mysql, and docker will be easier to update dependencies =]
but until then, I recommend installing in a jail, not from the plugin

 

[zoomzoom]

As the subject says, looking for best way to do this - and securely!

Would using OpenVPN with PIA work, if the jail for ownCloud was hooked up and then family fire up a PIA client at their end?

My router doesnt support VPN setup, so not an option to run a VPN server on there.

As far as security goes, this is the Nginx config I use

• I formatted that conf specifically for GitHub in order for code alignment to be maintained, however the actual conf can be downloaded here
  • Alignment doesn't really matter; however, I prefer organized code, as it makes one's life so much easier when troubleshooting something or when a change needs to be made

• My config implements:
  • HTTP is not allowed (all requests redirected to HTTPS)
  • TLSv1.1 or TLSv1.2 only (eliminating all SSL versions, as well as TLSv1)
  • SHA256 or SHA384 only
  • AES128 or AES256 only
  • Only ECDHE or DHE ciphers are allowed, with ECDHE given preference due to it's speed
    • This also requires the creation of a dh key, which should be 2048 if exposing to WAN.
  • Numerous security headers, some taken from @Joshua Parker Ruehlig's wiki, others from the ownCloud 9 Admin manual.

• The way I have it configured, ownCloud is in the webroot, not a subdirectory of, and does require typing in the ServerName/owncloud
  • The config can be easily modified to redirect all ServerName requests to ServerName/owncloud by adding either a return or location redirect under the HTTPS server section.

For syntax highlighting:

• Notepad++: Nginx Language xml
  • Import via Language --> Define Your Language... --> Import
• Nano: NanoRC from GitHub
  • Follow the ReadMe for install instructions

I currently have an issue where logging out of ownCloud does not actually log me out. This seems to be an issue that crops up every few years and until I've had the time to read through different solutions, I can't be for certain it's not due to a specific option in my nginx config (I don't believe it is, but I'm not 100% sure)


As far as your router and a VPN goes, have you checked to see if OpenWrt, DD-Wrt, or LEDE is available for it (all listed support OpenVPN server set up).

 

[Joshua Parker Ruehlig]

I fixed several login/logout issues years ago. some were related to OC accepting basic auth (which is needed for the WebDAV client frontend). my solution was to prefer login cookies before basic auth, and if a user using basic auth logged out, add a cookie that said to ignore that basic auth username for 5 minutes. you might want to look in that area of the login code to see if it got changed if you want to try and fix it.

 

[zoomzoom]

@Joshua Parker Ruehlig Thanks! =]

 

[VladTepes]

So has anyone reached a conclusion yet on the OwnCloud vs NextCloud debate for FreeNAS use?

 

[adrianwi]

I have had an oC jail since around v6 and continue to use on a daily basis. I've also created a nC jail, set-up against a copy of the oC database/files dataset (so effectively an exact copy) and have played around with it a little and updated from 9.53 to 10.0.

They are so alike at the minute, it's almost impossible to call, but as I've been with oC for longer I'm sticking with this for the time being. Having a nC jail in the background that I can switch to now at any point seems like a good backup plan.