Personal tools
You are here: Home Web Cloud Prussian a CentOS v6.x & Nginx, OwnCloud Instance

Prussian a CentOS v6.x & Nginx, OwnCloud Instance

 [Note: This was written in Jan 2014. As of Feb 2015 php v5.4 is required for owncloud v8. See remi repo]

Prerequisites

  • A CentOS v6.x VM
    • with the time synchronised
    • a large data volume mounted as /mnt/data
  • http reverse proxy with TLS/SSL offload 

 Note: The VM already has the time synchronised.

Install

Install Nginx from the Nginx repository and OwnCloud from the OwnCloud repository.

# rpm -Uvh http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
# yum install nginx

Install the EPEL repository so that OwnCloud dependencies are staisfied:

# rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

The CentOS OwnCloud instructions are:

# cd /etc/yum.repos.d/
# wget http://download.opensuse.org/repositories/isv:ownCloud:community/CentOS_CentOS-6/isv:ownCloud:community.repo
# yum install owncloud

Install php-fpm:

# yum install php-fpm

The OwnCloud documentation only recommends the default database for single user installations. Migrations look to be non-trivial. Install and use MySQL server from the start:

# yum install mysql-server

Configure php-fpm

Use the default '/etc/php-fpm.d/www.conf':

[www]
listen = 127.0.0.1:9000
listen.allowed_clients = 127.0.0.1
user = apache
group = apache
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
slowlog = /var/log/php-fpm/www-slow.log
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session

env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

Start the FPM process:

# chkconfig php-fpm on
# service php-fpm start

Configure Nginx

Move the example and deault configurations out of the way (e.g. '/etc/nginx/conf.d/default.conf'). Create a new OwnCloud Nginx configuration file '/etc/nginx/conf.d/owncloud.conf':

#
# OwnCloud (ssl/tls)
#
server {
  listen        80;

  root          /var/www/html/owncloud;

  index         index.php;
  client_max_body_size 1000M; # set maximum upload size

  # deny direct access
  location      ~ ^/(data|config|\.ht|db_structure\.xml|README) {
    deny         all;
  }

  # default try order
  location / {
    try_files $uri $uri/ @webdav;
  }

  # owncloud WebDAV
  location @webdav {
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_pass            127.0.0.1:9000;
    fastcgi_param           SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param           HTTPS on;
    include                 fastcgi_params;
  }

  # enable php
  location ~ \.php$ {
    try_files               $uri = 404;
    fastcgi_pass            127.0.0.1:9000;
    fastcgi_param           SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param           HTTPS on;
    include                 fastcgi_params;
  }
}

Add the Nginx user to the apache group. The distribution RPM and the php-fpm pache all assume apache (httpd) is used.

# usermod -a -G apache nginx

This configuration assumes:

  1. that the TLS/SSL offload is performed somewhere else
  2. that owncloud is the default web site (i.e. no virtual hosting)

Start the Nginx server:

# service nginx start

Configure MySQL

Change the mysql configuration '/etc/my.cnf' to only listen on the loopback interface. 

[mysqld]
bind-address = localhost

Start mySQL server

# chkconfig mysqld on
# service mysqld start

Lock down the MySQL installation and set the root password:

# mysql_secure_installation

Create the owncloud database

# mysql -u root
mysql> CREATE USER 'owncloud'@'localhost' IDENTIFIED BY 'password';
mysql> CREATE DATABASE IF NOT EXISTS owncloud; 
mysql> GRANT ALL PRIVILEGES ON owncloud.* TO 'owncloud'@'localhost' IDENTIFIED BY 'password';
mysql> FLUSH PRIVILEGES;
mysql> ^D 

 

Configure OwnCloud

Change the ownership of '/mnt/data' to apache so that the php process can access the data. Having a data volume out of the web hierarchy reduces the chance of data loss and allows an arbitrarly sized volume to be put into the VM.

# chown apache.apache /mnt/data

Use a web browser to view the owncloud instance, and fill in the setup information:

Owncloud 6.x setup 2014-01-06_203807.png

 

Links

 

Appendices

Nginx install

# yum install nginx
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirror.xnet.co.nz
 * extras: mirror.xnet.co.nz
 * updates: mirror.xnet.co.nz
nginx                                                          | 2.9 kB     00:00
nginx/primary_db                                               |  25 kB     00:00
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nginx.x86_64 0:1.4.4-1.el6.ngx will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================
 Package          Arch              Version                    Repository        Size
======================================================================================
Installing:
 nginx            x86_64            1.4.4-1.el6.ngx            nginx            311 k

Transaction Summary
======================================================================================
Install       1 Package(s)

Total download size: 311 k
Installed size: 770 k
Is this ok [y/N]: y
Downloading Packages:
nginx-1.4.4-1.el6.ngx.x86_64.rpm                               | 311 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : nginx-1.4.4-1.el6.ngx.x86_64                                       1/1
----------------------------------------------------------------------

Thanks for using nginx!

Please find the official documentation for nginx here:
* http://nginx.org/en/docs/

Commercial subscriptions for nginx are available on:
* http://nginx.com/products/

----------------------------------------------------------------------
  Verifying  : nginx-1.4.4-1.el6.ngx.x86_64                                       1/1

 OwnCloud Install

# yum install owncloud

Dependencies Resolved

======================================================================================
 Package                     Arch   Version              Repository              Size
======================================================================================
Installing:
 owncloud                    noarch 6.0.0a-4.1           isv_ownCloud_community  43 M
Installing for dependencies:
 apr                         x86_64 1.3.9-5.el6_2        base                   123 k
 apr-util                    x86_64 1.3.9-3.el6_0.1      base                    87 k
 apr-util-ldap               x86_64 1.3.9-3.el6_0.1      base                    15 k
 freetype                    x86_64 2.3.11-14.el6_3.1    base                   359 k
 httpd                       x86_64 2.2.15-29.el6.centos base                   821 k
 httpd-tools                 x86_64 2.2.15-29.el6.centos base                    73 k
 libX11                      x86_64 1.5.0-4.el6          base                   584 k
 libX11-common               noarch 1.5.0-4.el6          base                   192 k
 libXau                      x86_64 1.0.6-4.el6          base                    24 k
 libXpm                      x86_64 3.5.10-2.el6         base                    51 k
 libjpeg-turbo               x86_64 1.2.1-3.el6_5        updates                174 k
 libpng                      x86_64 2:1.2.49-1.el6_2     base                   182 k
 libxcb                      x86_64 1.8.1-1.el6          base                   110 k
 libxslt                     x86_64 1.1.26-2.el6_3.1     base                   452 k
 mailcap                     noarch 2.1.31-2.el6         base                    27 k
 mysql                       x86_64 5.1.71-1.el6         base                   893 k
 ntp                         x86_64 4.2.6p5-1.el6.centos base                   592 k
 ntpdate                     x86_64 4.2.6p5-1.el6.centos base                    75 k
 owncloud-3rdparty           noarch 6.0.0a-4.1           isv_ownCloud_community 281 k
 php                         x86_64 5.3.3-27.el6_5       updates                1.1 M
 php-cli                     x86_64 5.3.3-27.el6_5       updates                2.2 M
 php-common                  x86_64 5.3.3-27.el6_5       updates                525 k
 php-gd                      x86_64 5.3.3-27.el6_5       updates                107 k
 php-mbstring                x86_64 5.3.3-27.el6_5       updates                455 k
 php-mysql                   x86_64 5.3.3-27.el6_5       updates                 81 k
 php-pdo                     x86_64 5.3.3-27.el6_5       updates                 75 k
 php-pear                    noarch 1:1.9.4-4.el6        base                   393 k
 php-pear-MDB2               noarch 2.5.0-0.9.b5.el6     epel                   127 k
 php-pear-MDB2-Driver-mysqli noarch 1.5.0-0.8.b4.el6     epel                    43 k
 php-pear-Net-Curl           noarch 1.2.5-4.el6          epel                    13 k
 php-process                 x86_64 5.3.3-27.el6_5       updates                 39 k
 php-xml                     x86_64 5.3.3-27.el6_5       updates                103 k

Transaction Summary
======================================================================================
Install      33 Package(s)

Total download size: 53 M
Installed size: 157 M

MySQL config

# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

 Owncloud Console

 

$ sudo -u apache  php /var/www/html/owncloud/occ status
Document Actions